From 822420e2d390a7cfd06f8783310bb23c194c8b75 Mon Sep 17 00:00:00 2001 From: slin14 Date: Fri, 16 Nov 2018 22:03:56 +0800 Subject: [PATCH] refactor openldap Package openldap-config is added to config customized config file of openldap. Here is the customized change in slapd.service: " -After=syslog.target network-online.target +Before=rsyncd.service +After=network.target syslog-ng.target -PIDFile=/var/run/openldap/slapd.pid +PIDFile=/var/run/slapd.pid -ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS +ExecStart=/etc/init.d/openldap start +ExecStop=/etc/init.d/openldap stop +ExecReload=/etc/init.d/openldap restart +RemainAfterExit=yes " Here is the customized change in slapd.sysconfig: " -#SLAPD_OPTIONS="" +SLAPD_OPTIONS="" " Test: Pass build and multi node deploy test. Confirmed related config file is the same as before in deploy node. Story: 2003768 Task: 26462 Depends-On: https://review.openstack.org/618440 Change-Id: I2559a8e43619449d6179ed913181052d653fa91d Signed-off-by: slin14 --- centos_iso_image.inc | 1 + centos_pkg_dirs | 1 + ldap/openldap-config/centos/build_srpm.data | 2 + .../centos/openldap-config.spec | 52 +++++ ldap/openldap-config/files/LICENSE | 202 ++++++++++++++++++ .../files/initial_config.ldif | 0 .../files/initscript | 0 .../files/slapd.conf} | 0 ldap/openldap-config/files/slapd.service | 23 ++ ldap/openldap-config/files/slapd.sysconfig | 15 ++ ldap/openldap/centos/build_srpm.data | 3 +- ldap/openldap/centos/meta_patches/PATCH_ORDER | 5 +- ...e-package-versioning-for-TIS-format.patch} | 0 .../openldap-enable-password-policy.patch | 6 +- .../openldap-remove-ldap-conf-cgcs-file.patch | 33 --- .../meta_patches/openldap-service-file.patch | 42 ---- .../meta_patches/openldap-spec-file.patch | 64 +----- .../openldap-sysconfig-file.patch | 25 --- .../rootdn-should-not-bypass-ppolicy.patch | 10 +- 19 files changed, 313 insertions(+), 171 deletions(-) create mode 100644 ldap/openldap-config/centos/build_srpm.data create mode 100644 ldap/openldap-config/centos/openldap-config.spec create mode 100644 ldap/openldap-config/files/LICENSE rename ldap/{openldap => openldap-config}/files/initial_config.ldif (100%) rename ldap/{openldap => openldap-config}/files/initscript (100%) rename ldap/{openldap/files/slapd.conf.cgcs => openldap-config/files/slapd.conf} (100%) create mode 100644 ldap/openldap-config/files/slapd.service create mode 100644 ldap/openldap-config/files/slapd.sysconfig rename ldap/openldap/centos/meta_patches/{0001-Update-package-versioning-for-TIS-format.patch => Update-package-versioning-for-TIS-format.patch} (100%) delete mode 100644 ldap/openldap/centos/meta_patches/openldap-remove-ldap-conf-cgcs-file.patch delete mode 100644 ldap/openldap/centos/meta_patches/openldap-service-file.patch delete mode 100644 ldap/openldap/centos/meta_patches/openldap-sysconfig-file.patch rename ldap/openldap/{files => centos/patches}/rootdn-should-not-bypass-ppolicy.patch (98%) diff --git a/centos_iso_image.inc b/centos_iso_image.inc index e7f203dc5..6766278ea 100644 --- a/centos_iso_image.inc +++ b/centos_iso_image.inc @@ -232,6 +232,7 @@ net-snmp-python # openldap openldap +openldap-config openldap-servers openldap-clients diff --git a/centos_pkg_dirs b/centos_pkg_dirs index 0c4d157ce..ff74ac9ef 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -36,6 +36,7 @@ virt/cloud-init base/watchdog base/net-snmp ldap/openldap +ldap/openldap-config networking/mellanox/mlx4-config networking/openvswitch networking/openvswitch-config diff --git a/ldap/openldap-config/centos/build_srpm.data b/ldap/openldap-config/centos/build_srpm.data new file mode 100644 index 000000000..da1e20bd8 --- /dev/null +++ b/ldap/openldap-config/centos/build_srpm.data @@ -0,0 +1,2 @@ +SRC_DIR="files" +TIS_PATCH_VER=0 diff --git a/ldap/openldap-config/centos/openldap-config.spec b/ldap/openldap-config/centos/openldap-config.spec new file mode 100644 index 000000000..3ae8d9cde --- /dev/null +++ b/ldap/openldap-config/centos/openldap-config.spec @@ -0,0 +1,52 @@ +Summary: StarlingX openldap Configuration File +Name: openldap-config +Version: 1.0 +Release: %{tis_patch_ver}%{?_tis_dist} +License: Apache-2.0 +Group: config-files +Packager: StarlingX +URL: unknown +Source: %name-%version.tar.gz + +BuildArch: noarch +Requires: openldap-servers + +%define debug_package %{nil} + +%description +StarlingX openldap configuration file + +%prep + +%setup + +%build + +%install +mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d +install -m 755 initscript %{buildroot}%{_sysconfdir}/rc.d/init.d/openldap +install -d -m 740 %{buildroot}%{_sysconfdir}/openldap +install -m 600 slapd.conf %{buildroot}%{_sysconfdir}/openldap/slapd.conf +install -m 600 initial_config.ldif %{buildroot}%{_sysconfdir}/openldap/initial_config.ldif + +install -d %{buildroot}%{_datadir}/starlingx +install -m 644 slapd.service %{buildroot}%{_datadir}/starlingx/slapd.service +install -m 644 slapd.sysconfig %{buildroot}%{_datadir}/starlingx/slapd.sysconfig + + +%post +if [ $1 -eq 1 ] ; then + cp -f %{_datadir}/starlingx/slapd.service %{_unitdir}/slapd.service + chmod 644 %{_unitdir}/slapd.service + cp -f %{_datadir}/starlingx/slapd.sysconfig %{_sysconfdir}/sysconfig/slapd + chmod 644 %{_unitdir}/slapd +fi + +%files +%defattr(-,root,root) +%license LICENSE +%{_sysconfdir}/rc.d/init.d/openldap +%{_sysconfdir}/openldap/slapd.conf +%{_sysconfdir}/openldap/initial_config.ldif +%{_datadir}/starlingx/slapd.service +%{_datadir}/starlingx/slapd.sysconfig diff --git a/ldap/openldap-config/files/LICENSE b/ldap/openldap-config/files/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/ldap/openldap-config/files/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/ldap/openldap/files/initial_config.ldif b/ldap/openldap-config/files/initial_config.ldif similarity index 100% rename from ldap/openldap/files/initial_config.ldif rename to ldap/openldap-config/files/initial_config.ldif diff --git a/ldap/openldap/files/initscript b/ldap/openldap-config/files/initscript similarity index 100% rename from ldap/openldap/files/initscript rename to ldap/openldap-config/files/initscript diff --git a/ldap/openldap/files/slapd.conf.cgcs b/ldap/openldap-config/files/slapd.conf similarity index 100% rename from ldap/openldap/files/slapd.conf.cgcs rename to ldap/openldap-config/files/slapd.conf diff --git a/ldap/openldap-config/files/slapd.service b/ldap/openldap-config/files/slapd.service new file mode 100644 index 000000000..24b39380a --- /dev/null +++ b/ldap/openldap-config/files/slapd.service @@ -0,0 +1,23 @@ +[Unit] +Description=OpenLDAP Server Daemon +Before=rsyncd.service +After=network.target syslog-ng.target +Documentation=man:slapd +Documentation=man:slapd-config +Documentation=man:slapd-hdb +Documentation=man:slapd-mdb +Documentation=file:///usr/share/doc/openldap-servers/guide.html + +[Service] +Type=forking +PIDFile=/var/run/slapd.pid +Environment="SLAPD_URLS=ldap:/// ldapi:///" "SLAPD_OPTIONS=" +EnvironmentFile=/etc/sysconfig/slapd +ExecStartPre=/usr/libexec/openldap/check-config.sh +ExecStart=/etc/init.d/openldap start +ExecStop=/etc/init.d/openldap stop +ExecReload=/etc/init.d/openldap restart +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/ldap/openldap-config/files/slapd.sysconfig b/ldap/openldap-config/files/slapd.sysconfig new file mode 100644 index 000000000..573486da4 --- /dev/null +++ b/ldap/openldap-config/files/slapd.sysconfig @@ -0,0 +1,15 @@ +# OpenLDAP server configuration +# see 'man slapd' for additional information + +# Where the server will run (-h option) +# - ldapi:/// is required for on-the-fly configuration using client tools +# (use SASL with EXTERNAL mechanism for authentication) +# - default: ldapi:/// ldap:/// +# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// +SLAPD_URLS="ldapi:/// ldap:///" + +# Any custom options +SLAPD_OPTIONS="" + +# Keytab location for GSSAPI Kerberos authentication +#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab" diff --git a/ldap/openldap/centos/build_srpm.data b/ldap/openldap/centos/build_srpm.data index 717ae4a92..1c4dae2b7 100644 --- a/ldap/openldap/centos/build_srpm.data +++ b/ldap/openldap/centos/build_srpm.data @@ -1,3 +1,2 @@ -COPY_LIST="files/*" -TIS_PATCH_VER=8 +TIS_PATCH_VER=9 BUILD_IS_SLOW=3 diff --git a/ldap/openldap/centos/meta_patches/PATCH_ORDER b/ldap/openldap/centos/meta_patches/PATCH_ORDER index 6935b97f1..5c1220c5b 100644 --- a/ldap/openldap/centos/meta_patches/PATCH_ORDER +++ b/ldap/openldap/centos/meta_patches/PATCH_ORDER @@ -1,6 +1,3 @@ openldap-spec-file.patch -openldap-service-file.patch -openldap-sysconfig-file.patch openldap-enable-password-policy.patch -openldap-remove-ldap-conf-cgcs-file.patch -0001-Update-package-versioning-for-TIS-format.patch +Update-package-versioning-for-TIS-format.patch diff --git a/ldap/openldap/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/ldap/openldap/centos/meta_patches/Update-package-versioning-for-TIS-format.patch similarity index 100% rename from ldap/openldap/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch rename to ldap/openldap/centos/meta_patches/Update-package-versioning-for-TIS-format.patch diff --git a/ldap/openldap/centos/meta_patches/openldap-enable-password-policy.patch b/ldap/openldap/centos/meta_patches/openldap-enable-password-policy.patch index 69f927327..7ec88d097 100644 --- a/ldap/openldap/centos/meta_patches/openldap-enable-password-policy.patch +++ b/ldap/openldap/centos/meta_patches/openldap-enable-password-policy.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec index 66a1377..468ca0e 100644 --- a/SPECS/openldap.spec +++ b/SPECS/openldap.spec -@@ -70,6 +70,9 @@ Patch101: openldap-tlsmc.patch +@@ -64,6 +64,9 @@ Patch101: openldap-tlsmc.patch # Fedora specific patches Patch102: openldap-fedora-systemd.patch @@ -21,7 +21,7 @@ index 66a1377..468ca0e 100644 BuildRequires: cyrus-sasl-devel, nss-devel, openssl-devel, krb5-devel, tcp_wrappers-devel, unixODBC-devel BuildRequires: glibc-devel, libtool, libtool-ltdl-devel, groff, perl, perl-devel, perl(ExtUtils::Embed) Requires: nss-tools -@@ -184,6 +187,9 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi +@@ -178,6 +181,9 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch102 -p1 @@ -31,7 +31,7 @@ index 66a1377..468ca0e 100644 # build smbk5pwd with other overlays ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd -@@ -308,12 +314,12 @@ install -d -m 740 %{buildroot}%{_sysconfdir}/openldap +@@ -302,12 +308,12 @@ install -d -m 740 %{buildroot}%{_sysconfdir}/openldap cat > %{buildroot}%{_sysconfdir}/openldap/check_password.conf < -Date: Mon, 15 Jan 2018 13:59:26 -0500 -Subject: [PATCH] remove-ldap-conf-cgcs-file - ---- - SPECS/openldap.spec | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec -index 468ca0e..c38f1bd 100644 ---- a/SPECS/openldap.spec -+++ b/SPECS/openldap.spec -@@ -26,7 +26,6 @@ Source55: libexec-generate-server-cert.sh - Source56: libexec-update-ppolicy-schema.sh - - # WRS: --Source100: ldap.conf.cgcs - Source101: slapd.conf.cgcs - Source102: initial_config.ldif - Source103: initscript -@@ -417,7 +416,7 @@ rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example - rmdir %{buildroot}%{_localstatedir}/openldap-data - - # WRS: slapd-config is backward compatible with slapd.conf --install -m 600 %{SOURCE100} %{buildroot}%{_sysconfdir}/openldap/ldap.conf -+# WRS: SOURCE100 (ldap.conf.cgcs) is replaced by puppet template - install -m 600 %{SOURCE101} %{buildroot}%{_sysconfdir}/openldap/slapd.conf - install -m 600 %{SOURCE102} %{buildroot}%{_sysconfdir}/openldap/initial_config.ldif - --- -2.7.4 - diff --git a/ldap/openldap/centos/meta_patches/openldap-service-file.patch b/ldap/openldap/centos/meta_patches/openldap-service-file.patch deleted file mode 100644 index ee93a5a2c..000000000 --- a/ldap/openldap/centos/meta_patches/openldap-service-file.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 4e88d0be6ebdd48f3d66840de5f142a660b8045a Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 17:11:21 -0400 -Subject: [PATCH 2/5] WRS: openldap-service-file.patch - ---- - SOURCES/slapd.service | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/SOURCES/slapd.service b/SOURCES/slapd.service -index 8a3a722..24b3938 100644 ---- a/SOURCES/slapd.service -+++ b/SOURCES/slapd.service -@@ -1,6 +1,7 @@ - [Unit] - Description=OpenLDAP Server Daemon --After=syslog.target network-online.target -+Before=rsyncd.service -+After=network.target syslog-ng.target - Documentation=man:slapd - Documentation=man:slapd-config - Documentation=man:slapd-hdb -@@ -9,11 +10,14 @@ Documentation=file:///usr/share/doc/openldap-servers/guide.html - - [Service] - Type=forking --PIDFile=/var/run/openldap/slapd.pid -+PIDFile=/var/run/slapd.pid - Environment="SLAPD_URLS=ldap:/// ldapi:///" "SLAPD_OPTIONS=" - EnvironmentFile=/etc/sysconfig/slapd - ExecStartPre=/usr/libexec/openldap/check-config.sh --ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS -+ExecStart=/etc/init.d/openldap start -+ExecStop=/etc/init.d/openldap stop -+ExecReload=/etc/init.d/openldap restart -+RemainAfterExit=yes - - [Install] - WantedBy=multi-user.target --- -1.9.1 - diff --git a/ldap/openldap/centos/meta_patches/openldap-spec-file.patch b/ldap/openldap/centos/meta_patches/openldap-spec-file.patch index 4412e412e..45e1fa963 100644 --- a/ldap/openldap/centos/meta_patches/openldap-spec-file.patch +++ b/ldap/openldap/centos/meta_patches/openldap-spec-file.patch @@ -3,30 +3,15 @@ From: Scott Little Date: Mon, 2 Oct 2017 17:11:21 -0400 Subject: [PATCH] WRS: openldap-spec-file.patch -Conflicts: - SPECS/openldap.spec --- - SPECS/openldap.spec | 33 ++++++++++++++++++++++++++++----- - 1 file changed, 28 insertions(+), 5 deletions(-) + SPECS/openldap.spec | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec index 85abac9..66a1377 100644 --- a/SPECS/openldap.spec +++ b/SPECS/openldap.spec -@@ -25,6 +25,12 @@ Source54: libexec-create-certdb.sh - Source55: libexec-generate-server-cert.sh - Source56: libexec-update-ppolicy-schema.sh - -+# WRS: -+Source100: ldap.conf.cgcs -+Source101: slapd.conf.cgcs -+Source102: initial_config.ldif -+Source103: initscript -+ - # patches for 2.4 - Patch0: openldap-manpages.patch - Patch1: openldap-ppolicy-loglevels.patch -@@ -245,9 +251,11 @@ pushd openldap-%{version} +@@ -245,9 +245,11 @@ pushd openldap-%{version} --enable-backends=mod \ --enable-bdb=yes \ --enable-hdb=yes \ @@ -39,7 +24,7 @@ index 85abac9..66a1377 100644 \ --enable-overlays=mod \ \ -@@ -296,7 +304,7 @@ mv check_password.so check_password.so.%{check_password_version} +@@ -296,7 +298,7 @@ mv check_password.so check_password.so.%{check_password_version} ln -s check_password.so.%{check_password_version} %{buildroot}%{_libdir}/openldap/check_password.so install -m 755 check_password.so.%{check_password_version} %{buildroot}%{_libdir}/openldap/ # install -m 644 README %{buildroot}%{_libdir}/openldap @@ -48,30 +33,7 @@ index 85abac9..66a1377 100644 cat > %{buildroot}%{_sysconfdir}/openldap/check_password.conf <&/dev/null || : -@@ -432,6 +449,7 @@ exit 0 +@@ -432,6 +434,7 @@ exit 0 %post servers /sbin/ldconfig -n %{_libdir}/openldap @@ -79,7 +41,7 @@ index 85abac9..66a1377 100644 %systemd_post slapd.service -@@ -442,7 +460,6 @@ exit 0 +@@ -442,7 +445,6 @@ exit 0 if [ ! -f %{_sysconfdir}/openldap/slapd.d/cn=config.ldif ]; then if [ -f %{_sysconfdir}/openldap/slapd.conf ]; then %{_libexecdir}/openldap/convert-config.sh &>/dev/null @@ -87,15 +49,7 @@ index 85abac9..66a1377 100644 else %{_libexecdir}/openldap/convert-config.sh -f %{_datadir}/openldap-servers/slapd.ldif &>/dev/null fi -@@ -594,6 +611,7 @@ exit 0 - %dir %attr(0700,ldap,ldap) %{_sharedstatedir}/ldap - %dir %attr(-,ldap,ldap) %{_localstatedir}/run/openldap - %{_unitdir}/slapd.service -+%{_sysconfdir}/rc.d/init.d/openldap - %{_datadir}/openldap-servers/ - %{_libdir}/openldap/accesslog* - %{_libdir}/openldap/auditlog* -@@ -641,8 +659,13 @@ exit 0 +@@ -641,8 +643,9 @@ exit 0 %{_mandir}/man5/slapd*.5* %{_mandir}/man5/slapo-*.5* # obsolete configuration @@ -103,11 +57,7 @@ index 85abac9..66a1377 100644 -%ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf.bak +# %ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf +# %ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf.bak -+ -+# WRS +%{_libdir}/openldap/back_mdb* -+%{_sysconfdir}/openldap/slapd.conf -+%{_sysconfdir}/openldap/initial_config.ldif %files servers-sql %doc openldap-%{version}/servers/slapd/back-sql/docs/* diff --git a/ldap/openldap/centos/meta_patches/openldap-sysconfig-file.patch b/ldap/openldap/centos/meta_patches/openldap-sysconfig-file.patch deleted file mode 100644 index 080162fe7..000000000 --- a/ldap/openldap/centos/meta_patches/openldap-sysconfig-file.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 9771ea4fdcbea1f4124564654b0541dcb8ccf780 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 17:11:21 -0400 -Subject: [PATCH 3/5] WRS: openldap-sysconfig-file.patch - ---- - SOURCES/slapd.sysconfig | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/SOURCES/slapd.sysconfig b/SOURCES/slapd.sysconfig -index 68091a5..573486d 100644 ---- a/SOURCES/slapd.sysconfig -+++ b/SOURCES/slapd.sysconfig -@@ -9,7 +9,7 @@ - SLAPD_URLS="ldapi:/// ldap:///" - - # Any custom options --#SLAPD_OPTIONS="" -+SLAPD_OPTIONS="" - - # Keytab location for GSSAPI Kerberos authentication - #KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab" --- -1.9.1 - diff --git a/ldap/openldap/files/rootdn-should-not-bypass-ppolicy.patch b/ldap/openldap/centos/patches/rootdn-should-not-bypass-ppolicy.patch similarity index 98% rename from ldap/openldap/files/rootdn-should-not-bypass-ppolicy.patch rename to ldap/openldap/centos/patches/rootdn-should-not-bypass-ppolicy.patch index b57246fc0..38e839244 100644 --- a/ldap/openldap/files/rootdn-should-not-bypass-ppolicy.patch +++ b/ldap/openldap/centos/patches/rootdn-should-not-bypass-ppolicy.patch @@ -17,15 +17,15 @@ index b446deb..fa79872 100644 } - - if (be_isroot( op )) goto do_modify; -+ ++ + /* WRS UPDATE: Run ppolicy for all user password modify ops */ + //if (be_isroot( op )) goto do_modify; - + /* NOTE: according to draft-behera-ldap-password-policy * pwdAllowUserChange == FALSE must only prevent pwd changes @@ -2009,7 +2010,13 @@ ppolicy_modify( Operation *op, SlapReply *rs ) } - + bv = newpw.bv_val ? &newpw : &addmod->sml_values[0]; - if (pp.pwdCheckQuality > 0) { + @@ -35,9 +35,9 @@ index b446deb..fa79872 100644 + * creation + */ + if (pp.pwdCheckQuality > 0 && !(be_isroot( op ) && !pa)) { - + rc = check_password_quality( bv, &pp, &pErr, e, (char **)&txt ); if (rc != LDAP_SUCCESS) { --- +-- 1.9.1