From 543453460eb49508ed8443505d9a073aa6740f33 Mon Sep 17 00:00:00 2001 From: "Sar Ashki, Babak" Date: Thu, 5 Dec 2019 15:48:00 -0800 Subject: [PATCH] openldap-config: new package with stx openldap patches --- .../packagegroups/packagegroup-stx.bb | 1 + .../0001-stx-openldap-config-files.patch | 596 ++++++++++++++++++ .../files/0012-openldap-ldapi-sasl.patch | 21 +- .../files/0015-openldap-man-tls-reqcert.patch | 15 +- recipes-support/openldap/openldap_%.bbappend | 32 +- 5 files changed, 637 insertions(+), 28 deletions(-) create mode 100644 recipes-support/openldap/files/0001-stx-openldap-config-files.patch diff --git a/recipes-core/packagegroups/packagegroup-stx.bb b/recipes-core/packagegroups/packagegroup-stx.bb index ded827b..ea49185 100644 --- a/recipes-core/packagegroups/packagegroup-stx.bb +++ b/recipes-core/packagegroups/packagegroup-stx.bb @@ -68,6 +68,7 @@ RDEPENDS_packagegroup-stx-openldap = " \ openldap-backend-shell \ openldap-bin \ openldap-slapd \ + openldap-config \ " RDEPENDS_packagegroup-stx-kube = "\ diff --git a/recipes-support/openldap/files/0001-stx-openldap-config-files.patch b/recipes-support/openldap/files/0001-stx-openldap-config-files.patch new file mode 100644 index 0000000..2390fac --- /dev/null +++ b/recipes-support/openldap/files/0001-stx-openldap-config-files.patch @@ -0,0 +1,596 @@ +From ceaad5c741c95c78d924cb6b179daa6c6b60bf91 Mon Sep 17 00:00:00 2001 +From: babak sarashki +Date: Wed, 4 Dec 2019 08:07:24 -0800 +Subject: [PATCH] stx openldap config files + +--- + stx-openldap-config/LICENSE | 202 ++++++++++++++++++++++++ + stx-openldap-config/initial_config.ldif | 80 ++++++++++ + stx-openldap-config/initscript | 100 ++++++++++++ + stx-openldap-config/slapd.conf | 117 ++++++++++++++ + stx-openldap-config/slapd.service | 23 +++ + stx-openldap-config/slapd.sysconfig | 15 ++ + 6 files changed, 537 insertions(+) + create mode 100644 stx-openldap-config/LICENSE + create mode 100644 stx-openldap-config/initial_config.ldif + create mode 100755 stx-openldap-config/initscript + create mode 100644 stx-openldap-config/slapd.conf + create mode 100644 stx-openldap-config/slapd.service + create mode 100644 stx-openldap-config/slapd.sysconfig + +diff --git a/stx-openldap-config/LICENSE b/stx-openldap-config/LICENSE +new file mode 100644 +index 000000000..d64569567 +--- /dev/null ++++ b/stx-openldap-config/LICENSE +@@ -0,0 +1,202 @@ ++ ++ Apache License ++ Version 2.0, January 2004 ++ http://www.apache.org/licenses/ ++ ++ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION ++ ++ 1. Definitions. ++ ++ "License" shall mean the terms and conditions for use, reproduction, ++ and distribution as defined by Sections 1 through 9 of this document. ++ ++ "Licensor" shall mean the copyright owner or entity authorized by ++ the copyright owner that is granting the License. ++ ++ "Legal Entity" shall mean the union of the acting entity and all ++ other entities that control, are controlled by, or are under common ++ control with that entity. For the purposes of this definition, ++ "control" means (i) the power, direct or indirect, to cause the ++ direction or management of such entity, whether by contract or ++ otherwise, or (ii) ownership of fifty percent (50%) or more of the ++ outstanding shares, or (iii) beneficial ownership of such entity. ++ ++ "You" (or "Your") shall mean an individual or Legal Entity ++ exercising permissions granted by this License. ++ ++ "Source" form shall mean the preferred form for making modifications, ++ including but not limited to software source code, documentation ++ source, and configuration files. ++ ++ "Object" form shall mean any form resulting from mechanical ++ transformation or translation of a Source form, including but ++ not limited to compiled object code, generated documentation, ++ and conversions to other media types. ++ ++ "Work" shall mean the work of authorship, whether in Source or ++ Object form, made available under the License, as indicated by a ++ copyright notice that is included in or attached to the work ++ (an example is provided in the Appendix below). ++ ++ "Derivative Works" shall mean any work, whether in Source or Object ++ form, that is based on (or derived from) the Work and for which the ++ editorial revisions, annotations, elaborations, or other modifications ++ represent, as a whole, an original work of authorship. For the purposes ++ of this License, Derivative Works shall not include works that remain ++ separable from, or merely link (or bind by name) to the interfaces of, ++ the Work and Derivative Works thereof. ++ ++ "Contribution" shall mean any work of authorship, including ++ the original version of the Work and any modifications or additions ++ to that Work or Derivative Works thereof, that is intentionally ++ submitted to Licensor for inclusion in the Work by the copyright owner ++ or by an individual or Legal Entity authorized to submit on behalf of ++ the copyright owner. For the purposes of this definition, "submitted" ++ means any form of electronic, verbal, or written communication sent ++ to the Licensor or its representatives, including but not limited to ++ communication on electronic mailing lists, source code control systems, ++ and issue tracking systems that are managed by, or on behalf of, the ++ Licensor for the purpose of discussing and improving the Work, but ++ excluding communication that is conspicuously marked or otherwise ++ designated in writing by the copyright owner as "Not a Contribution." ++ ++ "Contributor" shall mean Licensor and any individual or Legal Entity ++ on behalf of whom a Contribution has been received by Licensor and ++ subsequently incorporated within the Work. ++ ++ 2. Grant of Copyright License. Subject to the terms and conditions of ++ this License, each Contributor hereby grants to You a perpetual, ++ worldwide, non-exclusive, no-charge, royalty-free, irrevocable ++ copyright license to reproduce, prepare Derivative Works of, ++ publicly display, publicly perform, sublicense, and distribute the ++ Work and such Derivative Works in Source or Object form. ++ ++ 3. Grant of Patent License. Subject to the terms and conditions of ++ this License, each Contributor hereby grants to You a perpetual, ++ worldwide, non-exclusive, no-charge, royalty-free, irrevocable ++ (except as stated in this section) patent license to make, have made, ++ use, offer to sell, sell, import, and otherwise transfer the Work, ++ where such license applies only to those patent claims licensable ++ by such Contributor that are necessarily infringed by their ++ Contribution(s) alone or by combination of their Contribution(s) ++ with the Work to which such Contribution(s) was submitted. If You ++ institute patent litigation against any entity (including a ++ cross-claim or counterclaim in a lawsuit) alleging that the Work ++ or a Contribution incorporated within the Work constitutes direct ++ or contributory patent infringement, then any patent licenses ++ granted to You under this License for that Work shall terminate ++ as of the date such litigation is filed. ++ ++ 4. Redistribution. You may reproduce and distribute copies of the ++ Work or Derivative Works thereof in any medium, with or without ++ modifications, and in Source or Object form, provided that You ++ meet the following conditions: ++ ++ (a) You must give any other recipients of the Work or ++ Derivative Works a copy of this License; and ++ ++ (b) You must cause any modified files to carry prominent notices ++ stating that You changed the files; and ++ ++ (c) You must retain, in the Source form of any Derivative Works ++ that You distribute, all copyright, patent, trademark, and ++ attribution notices from the Source form of the Work, ++ excluding those notices that do not pertain to any part of ++ the Derivative Works; and ++ ++ (d) If the Work includes a "NOTICE" text file as part of its ++ distribution, then any Derivative Works that You distribute must ++ include a readable copy of the attribution notices contained ++ within such NOTICE file, excluding those notices that do not ++ pertain to any part of the Derivative Works, in at least one ++ of the following places: within a NOTICE text file distributed ++ as part of the Derivative Works; within the Source form or ++ documentation, if provided along with the Derivative Works; or, ++ within a display generated by the Derivative Works, if and ++ wherever such third-party notices normally appear. The contents ++ of the NOTICE file are for informational purposes only and ++ do not modify the License. You may add Your own attribution ++ notices within Derivative Works that You distribute, alongside ++ or as an addendum to the NOTICE text from the Work, provided ++ that such additional attribution notices cannot be construed ++ as modifying the License. ++ ++ You may add Your own copyright statement to Your modifications and ++ may provide additional or different license terms and conditions ++ for use, reproduction, or distribution of Your modifications, or ++ for any such Derivative Works as a whole, provided Your use, ++ reproduction, and distribution of the Work otherwise complies with ++ the conditions stated in this License. ++ ++ 5. Submission of Contributions. Unless You explicitly state otherwise, ++ any Contribution intentionally submitted for inclusion in the Work ++ by You to the Licensor shall be under the terms and conditions of ++ this License, without any additional terms or conditions. ++ Notwithstanding the above, nothing herein shall supersede or modify ++ the terms of any separate license agreement you may have executed ++ with Licensor regarding such Contributions. ++ ++ 6. Trademarks. This License does not grant permission to use the trade ++ names, trademarks, service marks, or product names of the Licensor, ++ except as required for reasonable and customary use in describing the ++ origin of the Work and reproducing the content of the NOTICE file. ++ ++ 7. Disclaimer of Warranty. Unless required by applicable law or ++ agreed to in writing, Licensor provides the Work (and each ++ Contributor provides its Contributions) on an "AS IS" BASIS, ++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or ++ implied, including, without limitation, any warranties or conditions ++ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A ++ PARTICULAR PURPOSE. You are solely responsible for determining the ++ appropriateness of using or redistributing the Work and assume any ++ risks associated with Your exercise of permissions under this License. ++ ++ 8. Limitation of Liability. In no event and under no legal theory, ++ whether in tort (including negligence), contract, or otherwise, ++ unless required by applicable law (such as deliberate and grossly ++ negligent acts) or agreed to in writing, shall any Contributor be ++ liable to You for damages, including any direct, indirect, special, ++ incidental, or consequential damages of any character arising as a ++ result of this License or out of the use or inability to use the ++ Work (including but not limited to damages for loss of goodwill, ++ work stoppage, computer failure or malfunction, or any and all ++ other commercial damages or losses), even if such Contributor ++ has been advised of the possibility of such damages. ++ ++ 9. Accepting Warranty or Additional Liability. While redistributing ++ the Work or Derivative Works thereof, You may choose to offer, ++ and charge a fee for, acceptance of support, warranty, indemnity, ++ or other liability obligations and/or rights consistent with this ++ License. However, in accepting such obligations, You may act only ++ on Your own behalf and on Your sole responsibility, not on behalf ++ of any other Contributor, and only if You agree to indemnify, ++ defend, and hold each Contributor harmless for any liability ++ incurred by, or claims asserted against, such Contributor by reason ++ of your accepting any such warranty or additional liability. ++ ++ END OF TERMS AND CONDITIONS ++ ++ APPENDIX: How to apply the Apache License to your work. ++ ++ To apply the Apache License to your work, attach the following ++ boilerplate notice, with the fields enclosed by brackets "[]" ++ replaced with your own identifying information. (Don't include ++ the brackets!) The text should be enclosed in the appropriate ++ comment syntax for the file format. We also recommend that a ++ file or class name and description of purpose be included on the ++ same "printed page" as the copyright notice for easier ++ identification within third-party archives. ++ ++ Copyright [yyyy] [name of copyright owner] ++ ++ Licensed under the Apache License, Version 2.0 (the "License"); ++ you may not use this file except in compliance with the License. ++ You may obtain a copy of the License at ++ ++ http://www.apache.org/licenses/LICENSE-2.0 ++ ++ Unless required by applicable law or agreed to in writing, software ++ distributed under the License is distributed on an "AS IS" BASIS, ++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ See the License for the specific language governing permissions and ++ limitations under the License. +diff --git a/stx-openldap-config/initial_config.ldif b/stx-openldap-config/initial_config.ldif +new file mode 100644 +index 000000000..672e364b5 +--- /dev/null ++++ b/stx-openldap-config/initial_config.ldif +@@ -0,0 +1,80 @@ ++#ldapadd -D "cn=ldapadmin,dc=cgcs,dc=local" -W -f /etc/openldap/initial_config.ldif ++#ldapsearch -x -b 'dc=cgcs,dc=local' '(objectclass=*)' ++dn: dc=cgcs,dc=local ++dc: cgcs ++objectClass: top ++objectClass: domain ++ ++dn: ou=policies,dc=cgcs,dc=local ++ou: policies ++objectClass: top ++objectClass: organizationalUnit ++ ++dn: ou=People,dc=cgcs,dc=local ++ou: People ++objectClass: top ++objectClass: organizationalUnit ++ ++dn: ou=Group,dc=cgcs,dc=local ++ou: Group ++objectClass: top ++objectClass: organizationalUnit ++ ++dn: ou=SUDOers,dc=cgcs,dc=local ++objectClass: top ++objectClass: organizationalUnit ++ou: SUDOers ++ ++dn: cn=users,ou=Group,dc=cgcs,dc=local ++objectClass: posixGroup ++objectClass: top ++cn: users ++userPassword: {crypt}x ++gidNumber: 100 ++ ++dn: cn=cgcs,ou=Group,dc=cgcs,dc=local ++objectClass: posixGroup ++objectClass: top ++cn: cgcs ++userPassword: {crypt}x ++gidNumber: 1000 ++ ++dn: cn=default,ou=policies,dc=cgcs,dc=local ++objectClass: top ++objectClass: device ++objectClass: pwdPolicy ++objectClass: pwdPolicyChecker ++cn: default ++pwdAttribute: userPassword ++pwdMaxAge: 0 ++pwdExpireWarning: 432000 ++pwdInHistory: 2 ++pwdCheckModule: check_password.so ++pwdCheckQuality: 1 ++pwdMinLength: 7 ++pwdMaxFailure: 5 ++pwdLockout: TRUE ++pwdLockoutDuration: 300 ++pwdFailureCountInterval: 0 ++pwdMustChange: TRUE ++pwdAllowUserChange: TRUE ++pwdSafeModify: FALSE ++pwdGraceAuthNLimit: 0 ++ ++dn: cn=defaults,ou=SUDOers,dc=cgcs,dc=local ++objectClass: top ++objectClass: sudoRole ++cn: defaults ++description: Default sudoOption's go here ++sudoOrder: 1 ++ ++dn: cn=admin,ou=SUDOers,dc=cgcs,dc=local ++objectClass: top ++objectClass: sudoRole ++cn: admin ++sudoUser: admin ++sudoHost: ALL ++sudoRunAsUser: ALL ++sudoCommand: ALL ++sudoOrder: 2 ++sudoOption: secure_path=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin +diff --git a/stx-openldap-config/initscript b/stx-openldap-config/initscript +new file mode 100755 +index 000000000..d3208dd9a +--- /dev/null ++++ b/stx-openldap-config/initscript +@@ -0,0 +1,100 @@ ++#! /bin/sh ++# ++# This is an init script for openembedded ++# Copy it to /etc/init.d/openldap and type ++# > update-rc.d openldap defaults 60 ++# ++. /etc/init.d/functions ++ ++################################################################################ ++# Wait for a process to stop running. ++# ++################################################################################ ++function wait_for_proc_stop() ++{ ++ PROGNAME=$1 ++ TIMEOUT=${2:-"5"} ++ ++ for I in $(seq 1 $TIMEOUT); do ++ PID=$(pidof $PROGNAME 2> /dev/null) ++ if [ $? -ne 0 ]; then ++ ## already dead ++ return 0 ++ fi ++ sleep 1 ++ done ++ ++ return 1 ++} ++ ++slapd=/usr/sbin/slapd ++test -x "$slapd" || exit 0 ++ ++RETVAL=0 ++ ++case "$1" in ++ start) ++ echo -n "Starting SLAPD: " ++ if [ -f /etc/openldap/schema/cn=config.ldif ]; then ++ start-stop-daemon --start --oknodo --quiet --exec $slapd \ ++ -- -F /etc/openldap/schema/ ++ RETVAL=$? ++ else ++ start-stop-daemon --start --oknodo --quiet --exec $slapd ++ RETVAL=$? ++ fi ++ if [ $RETVAL -ne 0 ]; then ++ echo "Failed to start SLAPD." ++ exit $RETVAL ++ fi ++ ++ # we need to start nscd service as part of this openldap ++ # init.d script since SM manages this as a service and both ++ # daemons should be running on a controller host ++ systemctl status nscd.service ++ if [ $? -ne 0 ]; then ++ echo -n "Starting NSCD: " ++ systemctl start nscd.service ++ RETVAL=$? ++ if [ $RETVAL -ne 0 ]; then ++ echo "Failed to start NSCD." ++ exit $RETVAL ++ fi ++ fi ++ ++ echo "." ++ ;; ++ stop) ++ echo -n "Stopping NSCD: " ++ systemctl stop nscd.service ++ rm -f /var/run/nscd/nscd.pid ++ ++ echo -n "Stopping SLAPD: " ++ start-stop-daemon --retry 60 --stop --oknodo --quiet --pidfile /var/run/slapd.pid ++ RETVAL=$? ++ wait_for_proc_stop $slapd 10 ++ WRETVAL=$? ++ while [ $WRETVAL -eq 1 ]; do ++ killproc $slapd ++ wait_for_proc_stop $slapd 10 ++ WRETVAL=$? ++ done ++ rm -f /var/run/slapd.pid ++ echo "." ++ ;; ++ status) ++ status $slapd ++ [ $? -eq 0 ] || exit $? ++ systemctl status nscd.service ++ [ $? -eq 0 ] || exit $? ++ ;; ++ restart) ++ $0 stop ++ $0 start ++ ;; ++ *) ++ echo "Usage: /etc/init.d/openldap {start|stop|status|restart}" ++ exit 1 ++esac ++ ++exit $RETVAL +diff --git a/stx-openldap-config/slapd.conf b/stx-openldap-config/slapd.conf +new file mode 100644 +index 000000000..3b6fcc545 +--- /dev/null ++++ b/stx-openldap-config/slapd.conf +@@ -0,0 +1,117 @@ ++# ++# See slapd.conf(5) for details on configuration options. ++# This file should NOT be world readable. ++# ++include /etc/openldap/schema/core.schema ++include /etc/openldap/schema/cosine.schema ++include /etc/openldap/schema/inetorgperson.schema ++include /etc/openldap/schema/nis.schema ++include /etc/openldap/schema/ppolicy.schema ++include /etc/openldap/schema/sudo.schema ++ ++# Define global ACLs to disable default read access. ++ ++# Do not enable referrals until AFTER you have a working directory ++# service AND an understanding of referrals. ++#referral ldap://root.openldap.org ++ ++pidfile /var/run/slapd.pid ++argsfile /var/run/slapd.args ++ ++# uniquely identifies this server ++serverID 001 ++ ++# Load dynamic backend modules: ++modulepath /usr/libexec/openldap ++moduleload back_mdb.la ++moduleload ppolicy.la ++moduleload syncprov.la ++ ++# Sample security restrictions ++# Require integrity protection (prevent hijacking) ++# Require 112-bit (3DES or better) encryption for updates ++# Require 63-bit encryption for simple bind ++# security ssf=1 update_ssf=112 simple_bind=64 ++ ++# Sample access control policy: ++# Root DSE: allow anyone to read it ++# Subschema (sub)entry DSE: allow anyone to read it ++# Other DSEs: ++# Allow self write access ++# Allow authenticated users read access ++# Allow anonymous users to authenticate ++# Directives needed to implement policy: ++#access to dn.base="" by * read ++#access to dn.base="cn=Subschema" by * read ++#access to * ++# by self write ++# by anonymous auth ++# by * read ++# ++# if no access controls are present, the default policy ++# allows anyone and everyone to read anything but restricts ++# updates to rootdn. (e.g., "access to * by * read") ++# ++# rootdn can always read and write EVERYTHING! ++ ++####################################################################### ++# BDB database definitions ++####################################################################### ++ ++database mdb ++suffix "dc=cgcs,dc=local" ++rootdn "cn=ldapadmin,dc=cgcs,dc=local" ++# Cleartext passwords, especially for the rootdn, should ++# be avoid. See slappasswd(8) and slapd.conf(5) for details. ++# Use of strong authentication encouraged. ++rootpw _LDAPADMIN_PW_ ++# The database directory MUST exist prior to running slapd AND ++# should only be accessible by the slapd and slap tools. ++# Mode 700 recommended. ++directory /var/lib/openldap-data ++# Maximum size ++maxsize 1073741824 ++# Indices to maintain ++index cn eq ++index objectClass eq ++index uid eq,pres,sub ++index uidNumber eq ++index gidNumber eq ++index memberUid eq ++index sudoUser eq,sub ++ ++access to * ++ by self write ++ by * read ++ ++loglevel none ++ ++overlay ppolicy ++ppolicy_default "cn=default,ou=policies,dc=cgcs,dc=local" ++ppolicy_use_lockout ++ ++# NOTE: ++# syncrepl directives for each of the other masters ++syncrepl rid=000 ++ provider=ldap://controller-1 ++ type=refreshAndPersist ++ retry="5 5 300 +" ++ searchbase="dc=cgcs,dc=local" ++ attrs="*,+" ++ bindmethod=simple ++ binddn="cn=ldapadmin,dc=cgcs,dc=local" ++ credentials=_LDAPADMIN_PW_ ++ ++# syncprov specific indexing (add others as required) ++index entryCSN eq ++index entryUUID eq ++# ... ++# # mirror mode essential to allow writes ++# # and must appear after all syncrepl directives ++mirrormode TRUE ++# ++# # define the provider to use the syncprov overlay ++# # (last directives in database section) ++overlay syncprov ++# # contextCSN saved to database every 100 updates or ten minutes ++syncprov-checkpoint 1 1 +diff --git a/stx-openldap-config/slapd.service b/stx-openldap-config/slapd.service +new file mode 100644 +index 000000000..24b39380a +--- /dev/null ++++ b/stx-openldap-config/slapd.service +@@ -0,0 +1,23 @@ ++[Unit] ++Description=OpenLDAP Server Daemon ++Before=rsyncd.service ++After=network.target syslog-ng.target ++Documentation=man:slapd ++Documentation=man:slapd-config ++Documentation=man:slapd-hdb ++Documentation=man:slapd-mdb ++Documentation=file:///usr/share/doc/openldap-servers/guide.html ++ ++[Service] ++Type=forking ++PIDFile=/var/run/slapd.pid ++Environment="SLAPD_URLS=ldap:/// ldapi:///" "SLAPD_OPTIONS=" ++EnvironmentFile=/etc/sysconfig/slapd ++ExecStartPre=/usr/libexec/openldap/check-config.sh ++ExecStart=/etc/init.d/openldap start ++ExecStop=/etc/init.d/openldap stop ++ExecReload=/etc/init.d/openldap restart ++RemainAfterExit=yes ++ ++[Install] ++WantedBy=multi-user.target +diff --git a/stx-openldap-config/slapd.sysconfig b/stx-openldap-config/slapd.sysconfig +new file mode 100644 +index 000000000..573486da4 +--- /dev/null ++++ b/stx-openldap-config/slapd.sysconfig +@@ -0,0 +1,15 @@ ++# OpenLDAP server configuration ++# see 'man slapd' for additional information ++ ++# Where the server will run (-h option) ++# - ldapi:/// is required for on-the-fly configuration using client tools ++# (use SASL with EXTERNAL mechanism for authentication) ++# - default: ldapi:/// ldap:/// ++# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// ++SLAPD_URLS="ldapi:/// ldap:///" ++ ++# Any custom options ++SLAPD_OPTIONS="" ++ ++# Keytab location for GSSAPI Kerberos authentication ++#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab" +-- +2.17.1 + diff --git a/recipes-support/openldap/files/0012-openldap-ldapi-sasl.patch b/recipes-support/openldap/files/0012-openldap-ldapi-sasl.patch index 898e15f..db753aa 100644 --- a/recipes-support/openldap/files/0012-openldap-ldapi-sasl.patch +++ b/recipes-support/openldap/files/0012-openldap-ldapi-sasl.patch @@ -1,28 +1,15 @@ -From 4533a8029bdb309eaa63ebb68d71243fa1f9835a Mon Sep 17 00:00:00 2001 +From b2623b57b79becf707ff1800bfb5153af3f0d1fc Mon Sep 17 00:00:00 2001 From: babak sarashki -Date: Sun, 3 Nov 2019 14:47:27 -0800 -Subject: [PATCH 12/20] openldap ldapi sasl -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit +Date: Wed, 4 Dec 2019 07:58:45 -0800 +Subject: [PATCH 12/12] openldap ldapi sasl From stx 1901: openldap-ldapi-sasl.patch - -From 69709289b083c53ba41d2cef7d65120220f8c59b Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Tue, 7 May 2013 17:02:57 +0200 -Subject: [PATCH] LDAPI SASL fix - -Resolves: #960222 ---- - libraries/libldap/cyrus.c | 19 ++++++++++++++++--- - 1 Datei geändert, 16 Zeilen hinzugefügt(+), 3 Zeilen entfernt(-) --- libraries/libldap/cyrus.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c -index 8a496f9..06a9fdf 100644 +index 8a496f990..06a9fdf41 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -385,6 +385,8 @@ ldap_int_sasl_bind( diff --git a/recipes-support/openldap/files/0015-openldap-man-tls-reqcert.patch b/recipes-support/openldap/files/0015-openldap-man-tls-reqcert.patch index 5b1f543..430cd27 100644 --- a/recipes-support/openldap/files/0015-openldap-man-tls-reqcert.patch +++ b/recipes-support/openldap/files/0015-openldap-man-tls-reqcert.patch @@ -1,19 +1,16 @@ -From 5b8f3344a00d1623d54d1e1de9e7207895067473 Mon Sep 17 00:00:00 2001 +From 26c18423ab3b7e9100ea915b175c40ed7345df74 Mon Sep 17 00:00:00 2001 From: babak sarashki -Date: Sun, 3 Nov 2019 15:13:00 -0800 -Subject: [PATCH 15/20] openldap man tls reqcert +Date: Wed, 4 Dec 2019 08:03:25 -0800 +Subject: [PATCH] openldap man tls reqcert -From Stx 1901: openldap-man-tls-reqcert.patch -From f7027b3118ea90d616d0ddeeb348f15ba91cd08b Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Wed, 13 Nov 2013 13:34:06 +0100 -Subject: [PATCH] Fix client manpage +From stx 1901: openldap-man-tls-reqcert.patch +From f7027b3118ea90d616d0ddeeb348f15ba91cd08b --- doc/man/man5/ldap.conf.5 | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 -index 49f1830..313b9c2 100644 +index 49f1830a0..313b9c275 100644 --- a/doc/man/man5/ldap.conf.5 +++ b/doc/man/man5/ldap.conf.5 @@ -433,8 +433,8 @@ The environment variable RANDFILE can also be used to specify the filename. diff --git a/recipes-support/openldap/openldap_%.bbappend b/recipes-support/openldap/openldap_%.bbappend index 7932903..f4a998d 100644 --- a/recipes-support/openldap/openldap_%.bbappend +++ b/recipes-support/openldap/openldap_%.bbappend @@ -1,5 +1,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:" +PACKAGES += " openldap-config" + ##################################################################################### # Port is NOT complete yet: # See files/centos_patches_notported_yet for patches that have not been ported yet. @@ -31,6 +33,7 @@ SRC_URI += " \ file://0020-openldap-openssl-ITS7596-Add-EC-support-patch-2.patch \ file://0021-openldap-and-stx-source-and-config-files.patch \ file://0022-ltb-project-openldap-ppolicy-check-password-1.1.patch \ + file://0001-stx-openldap-config-files.patch \ " inherit pkgconfig @@ -127,13 +130,38 @@ do_install_append () { install -m 0755 libexec-generate-server-cert.sh ${D}/${libexecdir}/openldap/generate-server-cert.sh install -m 0755 libexec-update-ppolicy-schema.sh ${D}/${libexecdir}/openldap/update-ppolicy-schema.sh - install -m 0644 slapd.service ${D}/${systemd_unitdir}/stx-slapd.service + install -m 0644 slapd.service ${D}/${systemd_system_unitdir}/stx-slapd.service install -m 0755 -d ${D}/${sysconfdir}/sysconfig install -m 0644 slapd.sysconfig ${D}/${sysconfdir}/sysconfig/slapd.sysconfig install -m 0755 -d ${D}/${datadir}/openldap-servers install -m 0644 slapd.ldif ${D}/${datadir}/openldap-servers/slapd.ldif install -m 0750 -d ${D}/${sysconfdir}/openldap/slapd.d rm -rf ${D}/var/run + + # openldap-config + cd ${S}/stx-openldap-config + mkdir -p ${D}/${sysconfdir}/rc.d/init.d + install -m 755 initscript ${D}/${sysconfdir}/rc.d/init.d/openldap + install -d -m 740 ${D}/${sysconfdir}/openldap + install -m 600 slapd.conf ${D}/${sysconfdir}/openldap/slapd.conf + install -m 600 initial_config.ldif ${D}/${sysconfdir}/openldap/initial_config.ldif + + install -d ${D}/${datadir}/starlingx + install -m 644 slapd.service ${D}/${datadir}/starlingx/slapd.service + install -m 644 slapd.sysconfig ${D}/${datadir}/starlingx/slapd.sysconfig +} + +FILES_openldap-config = " \ + ${sysconfdir}/rc.d/init.d/openldap \ + ${sysconfdir}/openldap/initial_config.ldif \ + ${datadir}/starlingx/slapd.service \ + ${datadir}/starlingx/slapd.sysconfig \ + " + +pkg_postinst_ontarget_openldap-config() { + cp ${datadir}/starlingx/slapd.service ${systemd_system_unitdir}/slapd.service + chmod 644 ${systemd_system_unitdir}/slapd.service + cp {datadir}/starlingx/slapd.sysconfig ${sysconfdir}/sysconfig/slapd } FILES_${PN}_append = " \ @@ -141,5 +169,5 @@ FILES_${PN}_append = " \ ${libexecdir}/openldap/ \ ${sysconfdir}/sysconfig \ ${sysconfdir}/tmpfiles.d \ - ${systemd_unitdir}/stx-slapd.service \ + ${systemd_system_unitdir}/stx-slapd.service \ "