Jan Šafránek
parent
233b801a46
commit
8b784d5a4e
@ -1,10 +0,0 @@
|
|||||||
--- openldap-2.3.34/servers/slapd/slapd.conf.orig 2007-05-24 15:35:51.000000000 +0200
|
|
||||||
+++ openldap-2.3.34/servers/slapd/slapd.conf 2007-05-24 15:36:53.000000000 +0200
|
|
||||||
@@ -6,6 +6,7 @@
|
|
||||||
include %SYSCONFDIR%/schema/cosine.schema
|
|
||||||
include %SYSCONFDIR%/schema/inetorgperson.schema
|
|
||||||
include %SYSCONFDIR%/schema/nis.schema
|
|
||||||
+include %SYSCONFDIR%/schema/misc.schema
|
|
||||||
|
|
||||||
# Allow LDAPv2 client connections. This is NOT the default.
|
|
||||||
allow bind_v2
|
|
||||||
@ -1,12 +1,13 @@
|
|||||||
--- openldap-2.3.17/servers/slapd/slapd.conf.config 2004-06-17 22:49:08.000000000 -0400
|
--- openldap-2.3.34/servers/slapd/slapd.conf.orig 2007-06-29 09:01:50.000000000 +0200
|
||||||
+++ openldap-2.3.17/servers/slapd/slapd.conf 2006-01-12 15:33:04.000000000 -0500
|
+++ openldap-2.3.34/servers/slapd/slapd.conf 2007-06-29 09:03:50.000000000 +0200
|
||||||
@@ -3,15 +3,19 @@
|
@@ -3,23 +3,48 @@
|
||||||
# This file should NOT be world readable.
|
# This file should NOT be world readable.
|
||||||
#
|
#
|
||||||
include %SYSCONFDIR%/schema/core.schema
|
include %SYSCONFDIR%/schema/core.schema
|
||||||
+include %SYSCONFDIR%/schema/cosine.schema
|
+include %SYSCONFDIR%/schema/cosine.schema
|
||||||
+include %SYSCONFDIR%/schema/inetorgperson.schema
|
+include %SYSCONFDIR%/schema/inetorgperson.schema
|
||||||
+include %SYSCONFDIR%/schema/nis.schema
|
+include %SYSCONFDIR%/schema/nis.schema
|
||||||
|
+include %SYSCONFDIR%/schema/misc.schema
|
||||||
|
|
||||||
-# Define global ACLs to disable default read access.
|
-# Define global ACLs to disable default read access.
|
||||||
+# Allow LDAPv2 client connections. This is NOT the default.
|
+# Allow LDAPv2 client connections. This is NOT the default.
|
||||||
@ -23,10 +24,28 @@
|
|||||||
|
|
||||||
# Load dynamic backend modules:
|
# Load dynamic backend modules:
|
||||||
# modulepath %MODULEDIR%
|
# modulepath %MODULEDIR%
|
||||||
@@ -21,6 +25,15 @@
|
-# moduleload back_bdb.la
|
||||||
# moduleload back_passwd.la
|
-# moduleload back_ldap.la
|
||||||
# moduleload back_shell.la
|
-# moduleload back_ldbm.la
|
||||||
|
-# moduleload back_passwd.la
|
||||||
|
-# moduleload back_shell.la
|
||||||
|
+# moduleload accesslog.la
|
||||||
|
+# moduleload auditlog.la
|
||||||
|
+# moduleload back_sql.la
|
||||||
|
+# moduleload denyop.la
|
||||||
|
+# moduleload dyngroup.la
|
||||||
|
+# moduleload dynlist.la
|
||||||
|
+# moduleload lastmod.la
|
||||||
|
+# moduleload pcache.la
|
||||||
|
+# moduleload ppolicy.la
|
||||||
|
+# moduleload refint.la
|
||||||
|
+# moduleload retcode.la
|
||||||
|
+# moduleload rwm.la
|
||||||
|
+# moduleload syncprov.la
|
||||||
|
+# moduleload translucent.la
|
||||||
|
+# moduleload unique.la
|
||||||
|
+# moduleload valsort.la
|
||||||
|
+
|
||||||
+# The next three lines allow use of TLS for encrypting connections using a
|
+# The next three lines allow use of TLS for encrypting connections using a
|
||||||
+# dummy test certificate which you can generate by changing to
|
+# dummy test certificate which you can generate by changing to
|
||||||
+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
|
+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
|
||||||
@ -35,11 +54,10 @@
|
|||||||
+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
||||||
+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
|
+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
|
||||||
+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
|
+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
|
||||||
+
|
|
||||||
# Sample security restrictions
|
# Sample security restrictions
|
||||||
# Require integrity protection (prevent hijacking)
|
# Require integrity protection (prevent hijacking)
|
||||||
# Require 112-bit (3DES or better) encryption for updates
|
@@ -49,19 +74,32 @@
|
||||||
@@ -49,19 +62,32 @@
|
|
||||||
# rootdn can always read and write EVERYTHING!
|
# rootdn can always read and write EVERYTHING!
|
||||||
|
|
||||||
#######################################################################
|
#######################################################################
|
||||||
@ -78,34 +96,3 @@
|
|||||||
+#replica host=ldap-1.example.com:389 starttls=critical
|
+#replica host=ldap-1.example.com:389 starttls=critical
|
||||||
+# bindmethod=sasl saslmech=GSSAPI
|
+# bindmethod=sasl saslmech=GSSAPI
|
||||||
+# authcId=host/ldap-master.example.com@EXAMPLE.COM
|
+# authcId=host/ldap-master.example.com@EXAMPLE.COM
|
||||||
--- openldap-2.2.13/servers/slurpd/slurp.h 2004-01-01 13:16:42.000000000 -0500
|
|
||||||
+++ openldap-2.2.13/servers/slurpd/slurp.h 2004-06-15 11:40:04.000000000 -0400
|
|
||||||
@@ -66,7 +66,7 @@
|
|
||||||
#define SERVICE_NAME OPENLDAP_PACKAGE "-slurpd"
|
|
||||||
|
|
||||||
/* Default directory for slurpd's private copy of replication logs */
|
|
||||||
-#define DEFAULT_SLURPD_REPLICA_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-slurp"
|
|
||||||
+#define DEFAULT_SLURPD_REPLICA_DIR "/var/lib/ldap"
|
|
||||||
|
|
||||||
/* Default name for slurpd's private copy of the replication log */
|
|
||||||
#define DEFAULT_SLURPD_REPLOGFILE "slurpd.replog"
|
|
||||||
@@ -75,7 +75,7 @@
|
|
||||||
#define DEFAULT_SLURPD_STATUS_FILE "slurpd.status"
|
|
||||||
|
|
||||||
/* slurpd dump file - contents of rq struct are written here (debugging) */
|
|
||||||
-#define SLURPD_DUMPFILE LDAP_TMPDIR LDAP_DIRSEP "slurpd.dump"
|
|
||||||
+#define SLURPD_DUMPFILE DEFAULT_SLURPD_REPLICA_DIR "/slurpd.dump"
|
|
||||||
|
|
||||||
/* Amount of time to sleep if no more work to do */
|
|
||||||
#define DEFAULT_NO_WORK_INTERVAL 3
|
|
||||||
--- openldap-2.3.11/doc/man/man8/slurpd.8.config 2005-07-10 00:36:41.000000000 -0400
|
|
||||||
+++ openldap-2.3.11/doc/man/man8/slurpd.8 2005-10-28 21:07:54.000000000 -0400
|
|
||||||
@@ -120,7 +120,7 @@
|
|
||||||
temporary files may contain sensitive information.
|
|
||||||
This option allows you to specify the location of these temporary files.
|
|
||||||
The default is
|
|
||||||
-.BR LOCALSTATEDIR/openldap-slurp .
|
|
||||||
+.BR /var/lib/ldap .
|
|
||||||
.SH EXAMPLES
|
|
||||||
To start
|
|
||||||
.I slurpd
|
|
||||||
@ -31,7 +31,7 @@ Source11: nptl-abi-note.S
|
|||||||
Source12: README.evolution
|
Source12: README.evolution
|
||||||
|
|
||||||
# Patches that are still valid for 2.3
|
# Patches that are still valid for 2.3
|
||||||
Patch0: openldap-2.3.11-config.patch
|
Patch0: openldap-2.3.34-config.patch
|
||||||
Patch1: openldap-1.2.11-cldap.patch
|
Patch1: openldap-1.2.11-cldap.patch
|
||||||
Patch2: openldap-2.0.11-ldaprc.patch
|
Patch2: openldap-2.0.11-ldaprc.patch
|
||||||
Patch3: openldap-2.2.13-setugid.patch
|
Patch3: openldap-2.2.13-setugid.patch
|
||||||
@ -42,7 +42,6 @@ Patch6: openldap-2.3.11-nosql.patch
|
|||||||
Patch8: openldap-2.3.19-gethostbyXXXX_r.patch
|
Patch8: openldap-2.3.19-gethostbyXXXX_r.patch
|
||||||
Patch9: openldap-2.3.34-quiet-slaptest.patch
|
Patch9: openldap-2.3.34-quiet-slaptest.patch
|
||||||
Patch10: openldap-2.3.34-pthread.patch
|
Patch10: openldap-2.3.34-pthread.patch
|
||||||
Patch11: openldap-2.3.34-config-include.patch
|
|
||||||
|
|
||||||
# Patches for 2.2.29 for the compat-openldap package.
|
# Patches for 2.2.29 for the compat-openldap package.
|
||||||
Patch100: openldap-2.2.13-tls-fix-connection-test.patch
|
Patch100: openldap-2.2.13-tls-fix-connection-test.patch
|
||||||
@ -181,7 +180,6 @@ pushd openldap-%{version_23}
|
|||||||
%patch8 -p1 -b .gethostbyname_r
|
%patch8 -p1 -b .gethostbyname_r
|
||||||
%patch9 -p1 -b .quiet-slaptest
|
%patch9 -p1 -b .quiet-slaptest
|
||||||
%patch10 -p1 -b .pthread
|
%patch10 -p1 -b .pthread
|
||||||
%patch11 -p1 -b .config-include
|
|
||||||
|
|
||||||
cp %{_datadir}/libtool/config.{sub,guess} build/
|
cp %{_datadir}/libtool/config.{sub,guess} build/
|
||||||
popd
|
popd
|
||||||
@ -375,11 +373,14 @@ build \
|
|||||||
--enable-null \
|
--enable-null \
|
||||||
--enable-shell \
|
--enable-shell \
|
||||||
--enable-sql=mod \
|
--enable-sql=mod \
|
||||||
|
--enable-passwd \
|
||||||
--disable-perl \
|
--disable-perl \
|
||||||
|
--enable-relay \
|
||||||
--disable-shared \
|
--disable-shared \
|
||||||
--disable-dynamic \
|
--disable-dynamic \
|
||||||
--enable-static \
|
--enable-static \
|
||||||
--with-kerberos=k5only
|
--with-kerberos=k5only \
|
||||||
|
--enable-overlays=mod
|
||||||
unset LIBS
|
unset LIBS
|
||||||
popd
|
popd
|
||||||
|
|
||||||
@ -701,6 +702,8 @@ fi
|
|||||||
%attr(0700,ldap,ldap) %dir /var/lib/ldap
|
%attr(0700,ldap,ldap) %dir /var/lib/ldap
|
||||||
%attr(0755,ldap,ldap) %dir /var/run/openldap
|
%attr(0755,ldap,ldap) %dir /var/run/openldap
|
||||||
%attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
|
%attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
|
||||||
|
%attr(0755,root,root) %dir %{_libdir}/openldap
|
||||||
|
%attr(0755,root,root) %{_libdir}/openldap/*
|
||||||
%ifarch %{nptl_arches}
|
%ifarch %{nptl_arches}
|
||||||
%ifnarch %{ix86}
|
%ifnarch %{ix86}
|
||||||
%attr(0755,root,root) %{_libdir}/tls/libslapd_db-*.*.so
|
%attr(0755,root,root) %{_libdir}/tls/libslapd_db-*.*.so
|
||||||
@ -740,6 +743,8 @@ fi
|
|||||||
%changelog
|
%changelog
|
||||||
* Mon Jun 25 2007 Jan Safranek <jsafranek@redhat.com>
|
* Mon Jun 25 2007 Jan Safranek <jsafranek@redhat.com>
|
||||||
- Fix initscript return codes (#242667)
|
- Fix initscript return codes (#242667)
|
||||||
|
- Provide overlays (as modules; #246036, #245896)
|
||||||
|
- Add available modules to config file
|
||||||
|
|
||||||
* Tue May 22 2007 Jan Safranek <jsafranek@redhat.com> 2.3.34-3%{?dist}
|
* Tue May 22 2007 Jan Safranek <jsafranek@redhat.com> 2.3.34-3%{?dist}
|
||||||
- do not create script in /tmp on startup (bz#188298)
|
- do not create script in /tmp on startup (bz#188298)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user