summaryrefslogtreecommitdiffstats
path: root/source/n/openldap
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2020-05-15 07:28:15 +0000
committer Eric Hameleers <alien@slackware.com>2020-05-15 17:59:53 +0200
commiteba2e5b781702a60ac9f9613c9b8456c1594215c (patch)
treee413ac11d0b244de7238614f3f0fc5e391ca4998 /source/n/openldap
parent5864796142dd047453e8517d6ff9ce9ad66ebdc4 (diff)
downloadcurrent-eba2e5b781702a60ac9f9613c9b8456c1594215c.tar.gz
current-eba2e5b781702a60ac9f9613c9b8456c1594215c.tar.xz
Fri May 15 07:28:15 UTC 202020200515072815
Hey folks, just a heads-up that PAM is about to be merged into the main tree. We can't have it blocking other upgrades any longer. The config files could be improved (adding support for pam_krb5 and pam_ldap, for example), but they'll do for now. Have a good weekend, and enjoy these updates! :-) a/aaa_elflibs-15.0-x86_64-23.txz: Rebuilt. Upgraded: libcap.so.2.34, libelf-0.179.so, liblzma.so.5.2.5, libglib-2.0.so.0.6400.2, libgmodule-2.0.so.0.6400.2, libgobject-2.0.so.0.6400.2, libgthread-2.0.so.0.6400.2, liblber-2.4.so.2.10.13, libldap-2.4.so.2.10.13, libpcre2-8.so.0.10.0. Added temporarily in preparation for upgrading icu4c: libicudata.so.65.1, libicui18n.so.65.1, libicuio.so.65.1, libicutest.so.65.1, libicutu.so.65.1, libicuuc.so.65.1. a/etc-15.0-x86_64-11.txz: Rebuilt. /etc/passwd: Added ldap (UID 330). /etc/group: Added ldap (GID 330). a/kernel-generic-5.4.41-x86_64-1.txz: Upgraded. a/kernel-huge-5.4.41-x86_64-1.txz: Upgraded. a/kernel-modules-5.4.41-x86_64-1.txz: Upgraded. a/pkgtools-15.0-noarch-33.txz: Rebuilt. setup.services: added support for rc.openldap and rc.openvpn. ap/hplip-3.20.5-x86_64-1.txz: Upgraded. d/kernel-headers-5.4.41-x86-1.txz: Upgraded. d/python-setuptools-46.3.0-x86_64-1.txz: Upgraded. d/python3-3.8.3-x86_64-1.txz: Upgraded. k/kernel-source-5.4.41-noarch-1.txz: Upgraded. n/openldap-2.4.50-x86_64-1.txz: Added. This is a complete OpenLDAP package with both client and server support. Thanks to Giuseppe Di Terlizzi for help with the server parts. n/openldap-client-2.4.50-x86_64-1.txz: Removed. x/mesa-20.0.7-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/PAM/hplip-3.20.5-x86_64-1_pam.txz: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/n/openldap')
-rw-r--r--source/n/openldap/doinst.sh39
-rwxr-xr-xsource/n/openldap/openldap.SlackBuild270
-rw-r--r--source/n/openldap/openldap.url1
-rw-r--r--source/n/openldap/rc.openldap69
-rw-r--r--source/n/openldap/slack-desc19
-rw-r--r--source/n/openldap/slapd16
6 files changed, 414 insertions, 0 deletions
diff --git a/source/n/openldap/doinst.sh b/source/n/openldap/doinst.sh
new file mode 100644
index 000000000..f0ee4e6aa
--- /dev/null
+++ b/source/n/openldap/doinst.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+config() {
+ NEW="$1"
+ OLD="`dirname $NEW`/`basename $NEW .new`"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ if [ -e $OLD ]; then
+ cp -a $OLD ${NEW}.incoming
+ cat $NEW > ${NEW}.incoming
+ mv ${NEW}.incoming $NEW
+ fi
+ config $NEW
+}
+
+if ! grep -q "^ldap:" etc/passwd ; then
+ echo "ldap:x:330:330:OpenLDAP server:/var/lib/openldap:/bin/false" >> etc/passwd
+fi
+if ! grep -q "^ldap:" etc/group ; then
+ echo "ldap:x:330:" >> etc/group
+fi
+if ! grep -q "^ldap:" etc/shadow ; then
+ echo "ldap:*:9797:0:::::" >> etc/shadow
+fi
+
+preserve_perms etc/rc.d/rc.openldap.new
+config etc/default/slapd.new
+config etc/openldap/ldap.conf.new
+config etc/openldap/slapd.conf.new
+config etc/openldap/slapd.ldif.new
diff --git a/source/n/openldap/openldap.SlackBuild b/source/n/openldap/openldap.SlackBuild
new file mode 100755
index 000000000..3b6171c6f
--- /dev/null
+++ b/source/n/openldap/openldap.SlackBuild
@@ -0,0 +1,270 @@
+#!/bin/bash
+
+# Copyright 2008, 2009, 2010, 2018, 2019, 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2015-2017 Giuseppe Di Terlizzi <giuseppe.diterlizzi@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=openldap
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$(uname -m)" in
+ i?86) ARCH=i586 ;;
+ arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) ARCH=$(uname -m) ;;
+ esac
+ export ARCH
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "armv7hl" ]; then
+ SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16"
+ LIBDIRSUFFIX=""
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+# Ensure user:group exists before building:
+if ! grep -q "^ldap:" /etc/passwd ; then
+ echo "ldap:x:330:330:OpenLDAP server:/var/lib/openldap:/bin/false" >> /etc/passwd
+fi
+if ! grep -q "^ldap:" /etc/group ; then
+ echo "ldap:x:330:" >> /etc/group
+fi
+if ! grep -q "^ldap:" /etc/shadow ; then
+ echo "ldap:*:9797:0:::::" >> /etc/shadow
+fi
+
+# Change the location of run directory into /var/run/openldap:
+sed -i -e 's|%LOCALSTATEDIR%/run/|/var/run/openldap/|' \
+ servers/slapd/slapd.*
+
+# Change the location of ldapi socket into /var/run/openldap:
+sed -i -e 's|\(#define LDAPI_SOCK\).*|\1 "/var/run/openldap/ldapi"|' \
+ include/ldap_defaults.h
+
+# Change the default OpenLDAP database directory:
+sed -i -e 's|openldap-data|lib/openldap|' \
+ servers/slapd/slapd.* include/ldap_defaults.h servers/slapd/Makefile.in
+
+# Fix man pages:
+sed -i "s/openldap\\\-data/lib\/openldap/g" doc/man/man5/slapd-config.5 doc/man/man5/slapd-bdb.5 doc/man/man5/slapd-mdb.5 doc/man/man5/slapd.conf.5
+
+# Configure, build, and install:
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --exec-prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/man \
+ --localstatedir=/var \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ \
+ --enable-debug \
+ --enable-dynamic \
+ --enable-syslog \
+ --enable-proctitle \
+ --enable-ipv6 \
+ --enable-local \
+ \
+ --enable-slapd \
+ --enable-dynacl \
+ --enable-aci \
+ --enable-cleartext \
+ --enable-crypt \
+ --enable-lmpasswd \
+ --enable-spasswd \
+ --enable-modules \
+ --enable-rewrite \
+ --enable-rlookups \
+ --enable-slapi \
+ --disable-slp \
+ --enable-wrappers \
+ \
+ --enable-backends=mod \
+ --enable-bdb=yes \
+ --enable-hdb=yes \
+ --enable-mdb=yes \
+ --enable-monitor=yes \
+ --enable-perl=yes \
+ --disable-ndb \
+ \
+ --enable-overlays=mod \
+ \
+ --disable-static \
+ --enable-shared \
+ \
+ --with-cyrus-sasl \
+ --without-fetch \
+ --with-threads \
+ --with-pic \
+ --with-tls \
+ \
+ --build=$ARCH-slackware-linux || exit 1
+make depend
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+# Don't package this directory:
+rmdir $PKG/var/run
+
+# Fix permissions on shared libraries:
+chmod 755 $PKG/usr/lib${LIBDIRSUFFIX}/*.so.*
+
+# Restrict access to database:
+chmod 700 $PKG/var/lib/openldap
+
+# Fix ownership:
+chown -R ldap:ldap $PKG/var/lib/openldap
+chown -R ldap:ldap $PKG/etc/openldap
+
+# Get rid of .default config files:
+rm -f $PKG/etc/openldap/*.default
+
+# Move ldap.conf to ldap.conf.new and add an additional option:
+mv $PKG/etc/openldap/ldap.conf $PKG/etc/openldap/ldap.conf.new
+cat << EOF >> $PKG/etc/openldap/ldap.conf.new
+
+# In order to avoid problems with self-signed certificates using TLS:
+# "TLS certificate verification: Error, self signed certificate"
+# See also 'man ldap.conf' or http://www.openldap.org/doc/admin/tls.html
+TLS_REQCERT allow
+
+EOF
+# Move other config files to .new:
+mv $PKG/etc/openldap/slapd.conf $PKG/etc/openldap/slapd.conf.new
+mv $PKG/etc/openldap/slapd.ldif $PKG/etc/openldap/slapd.ldif.new
+
+# Create a symlink for slapd in /usr/sbin:
+if [ ! -x $PKG/usr/sbin/slapd ]; then
+ ( cd $PKG/usr/sbin ; ln -sf ../libexec/slapd slapd )
+fi
+
+# Create OpenLDAP certificates directory:
+mkdir -p $PKG/etc/openldap/certs
+
+# Copy rc.openldap:
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.openldap > $PKG/etc/rc.d/rc.openldap.new
+
+# Copy slapd default file:
+mkdir -p $PKG/etc/default
+cat $CWD/slapd > $PKG/etc/default/slapd.new
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Compress manual pages:
+find $PKG/usr/man -type f -exec gzip -9 {} \+
+for i in $( find $PKG/usr/man -type l ) ; do
+ ln -s $( readlink $i ).gz $i.gz
+ rm $i
+done
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
+cp -a \
+ ANNOUNCEMENT* CHANGES COPYRIGHT* INSTALL* LICENSE* README* \
+ $PKG/usr/doc/${PKGNAM}-$VERSION
+
+# If there's a CHANGES file, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r CHANGES ]; then
+ DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+ cat CHANGES | head -n 1000 > $DOCSDIR/CHANGES
+ touch -r CHANGES $DOCSDIR/CHANGES
+fi
+
+# Include monitor backend README
+cp -a \
+ servers/slapd/back-monitor/README \
+ $PKG/usr/doc/$PKGNAM-$VERSION/README.back-monitor
+
+# Include Perl backend README
+cp -a \
+ servers/slapd/back-perl/README \
+ $PKG/usr/doc/$PKGNAM-$VERSION/README.back-perl
+
+# Include Perl backend sample file
+cp -a \
+ servers/slapd/back-perl/SampleLDAP.pm \
+ $PKG/usr/doc/$PKGNAM-$VERSION
+
+# Include OpenLDAP documentation
+cp -a \
+ doc/guide/admin/*.png \
+ doc/guide/admin/*.html \
+ $PKG/usr/doc/$PKGNAM-$VERSION
+
+mkdir -p $PKG/install
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
diff --git a/source/n/openldap/openldap.url b/source/n/openldap/openldap.url
new file mode 100644
index 000000000..5ffa99122
--- /dev/null
+++ b/source/n/openldap/openldap.url
@@ -0,0 +1 @@
+ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release
diff --git a/source/n/openldap/rc.openldap b/source/n/openldap/rc.openldap
new file mode 100644
index 000000000..d659d27a7
--- /dev/null
+++ b/source/n/openldap/rc.openldap
@@ -0,0 +1,69 @@
+#!/bin/sh
+# Start/stop/restart the OpenLDAP server (slapd).
+
+# Source default settings:
+if [ -r /etc/default/slapd ]; then
+ . /etc/default/slapd
+fi
+
+# If needed, create run directory:
+if [ ! -d /var/run/openldap ]; then
+ mkdir -p /var/run/openldap
+ chown ldap:ldap /var/run/openldap
+fi
+
+slapd_start() {
+ if [ -e /var/run/openldap/slapd.pid ]; then
+ echo "ERROR: Not starting OpenLDAP server because /var/run/openldap/slapd.pid exists."
+ elif [ -x /usr/sbin/slapd ]; then
+ echo "Starting OpenLDAP server: /usr/sbin/slapd -u ldap -h "$SLAPD_URLS" $SLAPD_OPTIONS"
+ /usr/sbin/slapd -u ldap -h "$SLAPD_URLS" $SLAPD_OPTIONS 1> /dev/null 2> /dev/null
+ fi
+}
+
+slapd_stop() {
+ if [ -e /var/run/openldap/slapd.pid ]; then
+ echo "Stopping OpenLDAP server."
+ kill -INT $(cat /var/run/openldap/slapd.pid)
+ else
+ echo "ERROR: Not stopping OpenLDAP server because /var/run/openldap/slapd.pid does not exist."
+ fi
+ rm -f /var/run/openldap/slapd.pid
+}
+
+slapd_restart() {
+ slapd_stop
+ sleep 1
+ slapd_start
+}
+
+slapd_status() {
+ if [ -e /var/run/openldap/slapd.pid ]; then
+ if ps axc | grep slapd >/dev/null 2>&1; then
+ echo "OpenLDAP is running."
+ return 0
+ fi
+ echo "OpenLDAP PID file exists but the service is down."
+ return 1
+ else
+ echo "OpenLDAP is stopped."
+ return 0
+ fi
+}
+
+case "$1" in
+ 'start')
+ slapd_start
+ ;;
+ 'stop')
+ slapd_stop
+ ;;
+ 'restart')
+ slapd_restart
+ ;;
+ 'status')
+ slapd_status
+ ;;
+ *)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/source/n/openldap/slack-desc b/source/n/openldap/slack-desc
new file mode 100644
index 000000000..65552e5de
--- /dev/null
+++ b/source/n/openldap/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name,
+# and the '|'on the right side marks the last column you can put a
+# character in. You must make exactly 11 lines for the formatting to be
+# correct. It's also customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+openldap: openldap (Lightweight Directory Access Protocol)
+openldap:
+openldap: OpenLDAP is an open source implementation of the Lightweight Directory
+openldap: Access Protocol. LDAP is a alternative to the X.500 Directory Access
+openldap: Protocol (DAP). It uses the TCP/IP stack versus the overly complex OSI
+openldap: stack.
+openldap:
+openldap: LDAP is often used to provide authentication (such as for email).
+openldap:
+openldap: Homepage: https://www.openldap.org/
+openldap:
diff --git a/source/n/openldap/slapd b/source/n/openldap/slapd
new file mode 100644
index 000000000..afbbfb55f
--- /dev/null
+++ b/source/n/openldap/slapd
@@ -0,0 +1,16 @@
+# OpenLDAP server configuration
+# see 'man slapd' for additional information
+
+# Where the server will run (-h option)
+# - ldapi:/// is required for on-the-fly configuration using client tools
+# (use SASL with EXTERNAL mechanism for authentication)
+# - default: ldapi:/// ldap:///
+# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:///
+SLAPD_URLS="ldapi:/// ldap:///"
+
+# Any custom options
+#SLAPD_OPTIONS=""
+
+# Keytab location for GSSAPI Kerberos authentication
+#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"
+