rpms / openldap

Clone
Source Code
GIT

Files

  1.   35187137d214d3f2fa10b5dd0f86d387bc9a4057
  2.   openldap-2.2.15-config.patch
Blob Blame History Raw 
Force the default db directory to /var/lib/ldap, default to including
nis.schema and its prerequisites, allow LDAPv2 clients, increase the set of
indexed attributes for the default database.

--- openldap-2.2.13/doc/man/man8/slurpd.8	2004-01-01 13:16:27.000000000 -0500
+++ openldap-2.2.13/doc/man/man8/slurpd.8	2004-06-15 11:40:04.000000000 -0400
@@ -120,7 +120,7 @@
 temporary files may contain sensitive information.
 This option allows you to specify the location of these temporary files. 
 The default is
-.BR LOCALSTATEDIR/openldap-slurp .
+.BR /var/lib/ldap .
 .TP
 .BI \-k " srvtab\-file"
 Specify the location of the kerberos srvtab file which contains keys
--- openldap-2.2.13/servers/slapd/slapd.conf	2003-12-29 13:10:40.000000000 -0500
+++ openldap-2.2.13/servers/slapd/slapd.conf	2004-06-15 11:44:23.000000000 -0400
@@ -3,8 +3,12 @@
 # This file should NOT be world readable.
 #
 include		%SYSCONFDIR%/schema/core.schema
+include		%SYSCONFDIR%/schema/cosine.schema
+include		%SYSCONFDIR%/schema/inetorgperson.schema
+include		%SYSCONFDIR%/schema/nis.schema
 
-# Define global ACLs to disable default read access.
+# Allow LDAPv2 client connections.  This is NOT the default.
+allow bind_v2
 
 # Do not enable referrals until AFTER you have a working directory
 # service AND an understanding of referrals.
@@ -21,6 +25,15 @@
 # moduleload	back_passwd.la
 # moduleload	back_shell.la
 
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it.  Your client software
+# may balk at self-signed certificates, however.
+# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
+# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
+# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
+
 # Sample security restrictions
 #	Require integrity protection (prevent hijacking)
 #	Require 112-bit (3DES or better) encryption for updates
@@ -49,19 +62,32 @@
 # rootdn can always read and write EVERYTHING!
 
 #######################################################################
-# BDB database definitions
+# ldbm and/or bdb database definitions
 #######################################################################
 
 database	bdb
 suffix		"dc=my-domain,dc=com"
 rootdn		"cn=Manager,dc=my-domain,dc=com"
 # Cleartext passwords, especially for the rootdn, should
-# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
 # Use of strong authentication encouraged.
-rootpw		secret
+# rootpw		secret
+# rootpw		{crypt}ijFYNcSNctBYg
+
 # The database directory MUST exist prior to running slapd AND 
 # should only be accessible by the slapd and slap tools.
 # Mode 700 recommended.
-directory	%LOCALSTATEDIR%/openldap-data
+directory	/var/lib/ldap
+
-# Indices to maintain
-index	objectClass	eq
+# Indices to maintain for this database
+index objectClass                       eq,pres
+index ou,cn,mail,surname,givenname      eq,pres,sub
+index uidNumber,gidNumber,loginShell    eq,pres
+index uid,memberUid                     eq,pres,sub
+index nisMapName,nisMapEntry            eq,pres,sub
+
+# Replicas of this database
+#replogfile /var/lib/ldap/openldap-master-replog
+#replica host=ldap-1.example.com:389 starttls=critical
+#     bindmethod=sasl saslmech=GSSAPI
+#     authcId=host/ldap-master.example.com@EXAMPLE.COM
--- openldap-2.2.13/servers/slurpd/slurp.h	2004-01-01 13:16:42.000000000 -0500
+++ openldap-2.2.13/servers/slurpd/slurp.h	2004-06-15 11:40:04.000000000 -0400
@@ -66,7 +66,7 @@
 #define SERVICE_NAME	OPENLDAP_PACKAGE "-slurpd"
 
 /* Default directory for slurpd's private copy of replication logs */
-#define	DEFAULT_SLURPD_REPLICA_DIR	LDAP_RUNDIR LDAP_DIRSEP "openldap-slurp"
+#define	DEFAULT_SLURPD_REPLICA_DIR	"/var/lib/ldap"
 
 /* Default name for slurpd's private copy of the replication log */
 #define	DEFAULT_SLURPD_REPLOGFILE	"slurpd.replog"
@@ -75,7 +75,7 @@
 #define	DEFAULT_SLURPD_STATUS_FILE	"slurpd.status"
 
 /* slurpd dump file - contents of rq struct are written here (debugging) */
-#define	SLURPD_DUMPFILE			LDAP_TMPDIR LDAP_DIRSEP "slurpd.dump"
+#define	SLURPD_DUMPFILE			DEFAULT_SLURPD_REPLICA_DIR "/slurpd.dump"
 
 /* Amount of time to sleep if no more work to do */
 #define	DEFAULT_NO_WORK_INTERVAL	3
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.