diff --git a/.cvsignore b/.cvsignore index e69de29..748cb04 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1,2 @@ +MigrationTools-24.tar.gz +openldap-1.2.11.tgz diff --git a/ldap.init b/ldap.init new file mode 100644 index 0000000..6cbdfea --- /dev/null +++ b/ldap.init @@ -0,0 +1,103 @@ +#!/bin/sh +# +# ldap This shell script takes care of starting and stopping +# ldap servers (slapd and slurpd). +# +# chkconfig: - 39 61 +# description: LDAP stands for Lightweight Directory Access Protocol, used \ +# for implementing the industry standard directory services. +# processname: slapd +# config: /etc/openldap/slapd.conf +# pidfile: /var/run/slapd.pid + +# Source function library. +. /etc/init.d/functions + +# Source networking configuration and check that networking is up. +if [ -r /etc/sysconfig/network ] ; then + . /etc/sysconfig/network + [ ${NETWORKING} = "no" ] && exit 0 +fi + + +slapd=/usr/sbin/slapd +slurpd=/usr/sbin/slurpd +[ -x ${slapd} ] || exit 0 +[ -x ${slurpd} ] || exit 0 + +RETVAL=0 + +function start() { + # Start daemons. + echo -n "Starting slapd:" + daemon ${slapd} + RETVAL=$? + echo + if [ $RETVAL -eq 0 ]; then + if grep -q "^replogfile" /etc/openldap/slapd.conf; then + echo -n "Starting slurpd:" + daemon ${slurpd} + RETVAL=$? + echo + fi + fi + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap + return $RETVAL +} + +function stop() { + # Stop daemons. + echo -n "Shutting down ldap: " + killproc ${slapd} + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + if grep -q "^replogfile" /etc/openldap/slapd.conf; then + killproc ${slurpd} + RETVAL=$? + fi + fi + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args + return $RETVAL +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status ${slapd} + if grep -q "^replogfile" /etc/openldap/slapd.conf ; then + status ${slurpd} + fi + ;; + restart) + stop + start + ;; + reload) + killall -HUP ${slapd} + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + if grep -q "^replogfile" /etc/openldap/slapd.conf; then + killall -HUP ${slurpd} + RETVAL=$? + fi + fi + ;; + condrestart) + if [ -f /var/lock/subsys/ldap ] ; then + stop + start + fi + ;; + *) + echo "Usage: $0 start|stop|restart|status|condrestart}" + RETVAL=1 +esac + +exit $RETVAL diff --git a/migration-tools.txt b/migration-tools.txt new file mode 100644 index 0000000..5331913 --- /dev/null +++ b/migration-tools.txt @@ -0,0 +1,179 @@ +LDAP Migration Tools + +The MigrationTools are a set of Perl scripts for migrating users, groups, +aliases, hosts, netgroups, networks, protocols, RPCs, and services from +existing nameservices (flat files, NIS, and NetInfo) to LDAP. They are +located on a default installation under /usr/share/openldap/migration. + +The tools require the ldapadd and ldif2dbm commands, which are distributed +with most LDAP servers derived from the University of Michigan LDAP +distribution. The source code for these is available with OpenLDAP. +Additionally, Netscape provide an implementation of ldapmodify which +subsumes the functionality of ldapadd. If you are using Netscape's Directory +Server, you should set the $NSHOME and $serverId environment variables to +assist the MigrationTools in locating your LDAP database and LDIF tools; +they will use ldapmodify instead of ldapadd. + +These tools are freely redistributable according to the license included +with the source files. They may be bundled with LDAP/NIS migration products. +See RFC 2307 for more information on the schema used by these scripts. THIS +SOFTWARE IS PROVIDED "AS IS" WITHOUT EXPRESS OR IMPLIED WARRANTY AND WITHOUT +SUPPORT. + +Scripts + + * migrate_base.pl creates naming context entries, including + subordinate contexts such as ou=people and ou=devices. + * migrate_aliases.pl migrates aliases in /etc/aliases to entries + conforming to the rfc822MailGroup schema. Organizations who have + deployed LDAP-based messaging solutions, such as Netscape's + Messaging Server, may wish to use a different schema for + representing mail aliases. Ypldapd does not use X.500 groups (such + as groupOfUniqueNames) for mail alias expansion because + flattening an arbitrarily nested group at runtime may be + expensive. (It is possible to write a ypldapd plug-in to support + such a schema, however.) + * migrate_group.pl migrates groups in /etc/group + * migrate_hosts.pl migrates hosts in /etc/hosts + * migrate_networks.pl migrates networks in /etc/networks + * migrate_passwd.pl migrates users in /etc/passwd. Note that if + users are allowed read the userPassword attribute, and your LDAP + server doesn't support authenticating against hashed passwords + then anyone may read the userPassword attribute's value and + authenticate as that user. Modern LDAP servers, such as Netscape + Directory Server, support authenticating against hashed passwords, + so this is not an issue. The OpenLDAP LDAP server also supports + such authentication. + * migrate_protocols.pl migrates protocols in /etc/protocols + * migrate_services.pl migrates services in /etc/services + * migrate_netgroup.pl migrates netgroups in /etc/netgroup + * migrate_netgroup_byuser.pl migrates the netgroup.byuser map. It + requires revnetgroup. + * migrate_netgroup_byhost.pl migrates the netgroup.byhost map. It + requires revnetgroup. + * migrate_rpc.pl migrates RPCs in /etc/rpc + +Configuration + +The configuration for these Perl scripts is contained at the head of +migrate_common.ph: + + Perl variable Description + + $DEFAULT_MAIL_DOMAIN The mail domain used for the mail + attribute in migrate_passwd.pl when + extended schema support is enabled. You may + override this with the DEFAULT_MAIL_DOMAIN + environment variable. + + $DEFAULT_BASE The naming suffix to use in + entries' distinguished names. If + undefined, this will be constructed by + mapping the mail domain name into a + distinguished name (eg aceindustry.com + becomes dc=aceindustry,dc=com ). You may + override this with the LDAP_BASEDN + environment variable. + + $EXTENDED_SCHEMA Enables extended schema support. + This adds the organizationalPerson and + inetOrgPerson object classes, amongst + others, to users migrated by the + migrate_passwd.pl script. + + NAMINGCONTEXT Determines the LDAP/X.500 naming context + to use for a migration tool. The dictionary + is keyed by tool (as in migrate_ tool .pl ). + Values are concatenated with $DEFAULT_BASE + by the & getsuffix() subroutine. + +The following environment variables control the behavior of the +migration shell scripts: + + Environment variable Description + + DEFAULT_MAIL_DOMAIN See above + + LDAPADD Path the ldapadd executable, for online + migration (if not in the path or + /usr/local/bin or /usr/bin) + + LDIF2LDBM Path the ldif2ldbm executable, for offline + migration (if not in the path or + /usr/local/bin or /usr/bin) + + PERL Path to the Perl interpreter (if not + /usr/bin or /usr/local/bin) + + LDAPHOST Your LDAP server, for online + migration. This is optional; you'll be + prompted if the environment variable is not + set. + + LDAP_BASEDN See above ( $DEFAULT_BASE). This is + optional; you'll be prompted if the + environment variable is not set. + + LDAP_BINDDN The distinguished name to bind to the + LDAP server as, for online migration. This + is optional; you'll be prompted if the + environment variable is not set. + + LDAP_BINDCRED The password to bind to the LDAP server + with, for online migration. This is + optional; you'll be prompted if the + environment variable is not set. + +You will probably wish to use a shell script or makefile to automate +population of your LDAP database, either off-lien (with ldif2ldbm) or +on-line (with ldapadd). The migrate_all_*.sh shell scripts do this, but you +may wish to customize their behaviour. The following table explains which +migration scripts to use: + + Shell script Existing nameservice LDAP + running? + + migrate_all_online.sh /etc flat files Yes + + migrate_all_offline.sh /etc flat files No + + migrate_all_netinfo_online.sh NetInfo Yes + + migrate_all_netinfo_offline.sh NetInfo No + + migrate_all_nis_online.sh NIS/YP Yes + + migrate_all_nis_offline.sh NIS/YP No + +Below are examples of migrate_hosts.pl and migrate_passwd.plbeing used to +migrate hosts and users, respectively: + +$ migrate_hosts.pl /etc/hosts +dn: cn=mira.aceindustry.com,ou=devices,dc=aceindustry,dc=com +objectclass: ipHost +objectclass: device +objectclass: top +ipHostNumber: 10.1.70.5 +cn: mira +cn: www.aceindustry.com +cn: mira.aceindustry.com + +$ migrate_passwd.pl /etc/passwd +dn: cn=Joe Bloggs,ou=people,dc=aceindustry,dc=com +cn: Joe Bloggs +objectclass: top +objectclass: person +objectclass: organizationalPerson +objectclass: inetOrgPerson +objectclass: posixAccount +objectclass: account +mail: jbloggs@aceindustry.com +givenname: Joe +sn: Bloggs +uid: jbloggs +userPassword: {crypt}daCXgaxahRNkg +loginShell: /bin/csh +uidNumber: 20 +gidNumber: 20 +homeDirectory: /home/jbloggs + diff --git a/openldap-1.2.11-cldap.patch b/openldap-1.2.11-cldap.patch new file mode 100644 index 0000000..41afbba --- /dev/null +++ b/openldap-1.2.11-cldap.patch @@ -0,0 +1,10 @@ +--- openldap-1.2.11/servers/slapd/slap.h.cldap Tue Aug 8 17:05:58 2000 ++++ openldap-1.2.11/servers/slapd/slap.h Tue Aug 8 17:06:03 2000 +@@ -10,6 +10,7 @@ + #endif + + #include ++#include + #include + #include + #include diff --git a/openldap.spec b/openldap.spec new file mode 100644 index 0000000..4dc0f42 --- /dev/null +++ b/openldap.spec @@ -0,0 +1,344 @@ +%define migtools_ver 24 +Summary: LDAP servers, libraries, utilities, tools and sample clients. +Name: openldap +Version: 1.2.11 +Release: 15 +License: OpenLDAP +Group: System Environment/Daemons +Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz +Source1: ldap.init +Source2: ftp://ftp.padl.com/pub/MigrationTools-%{migtools_ver}.tar.gz +Source3: migration-tools.txt +Source4: migrate_automount.pl +Patch0: openldap-1.2.11-config.patch +Patch1: openldap-1.2.11-redhat.patch +Patch2: openldap-1.2.10-ldapuser.patch +Patch3: MigrationTools-24-instdir.patch +Patch4: openldap-1.2.11-pidfile.patch +Patch5: MigrationTools-24-mktemp.patch +Patch6: openldap-1.2.11-syslog.patch +Patch7: openldap-1.2.11-cldap.patch +URL: http://www.openldap.org/ +BuildRoot: %{_tmppath}/%{name}-root +BuildPreReq: autoconf, gdbm-devel +Prereq: /etc/init.d +Requires: mktemp, gdbm + +%description +OpenLDAP is an open source suite of LDAP (Lightweight Directory Access +Protocol) applications and development tools. LDAP is a set of +protocols for accessing directory services (usually phone book style +information, but other information is possible) over the Internet, +similar to the way DNS (Domain Name System) information is propagated +over the Internet. The suite includes a stand-alone LDAP server +(slapd), a stand-alone LDAP replication server (slurpd), libraries for +implementing the LDAP protocol, utilities, tools, and sample clients. + +Install openldap if you need LDAP applications and tools. + +%package devel +Summary: OpenLDAP development libraries and header files. +Group: Development/Libraries +Requires: openldap = %{version} + +%description devel +The openldap-devel package includes the development libraries and +header files needed for compiling applications that use LDAP +(Lightweight Directory Access Protocol) internals. LDAP is a set of +protocols for enabling directory services over the Internet. Install +this package only if you plan to develop or will need to compile +customized LDAP clients. + +%package servers +Summary: LDAP servers, libraries, utilities, tools and sample clients. +Prereq: openldap = %{version}-%{release} +Group: System Environment/Daemons + +%description servers +OpenLDAP is an open source suite of LDAP (Lightweight Directory Access +Protocol) applications and development tools. LDAP is a set of +protocols for accessing directory services (usually phone book style +information, but other information is possible) over the Internet, +similar to the way DNS (Domain Name System) information is propagated +over the Internet. The suite includes a stand-alone LDAP server +(slapd), a stand-alone LDAP replication server (slurpd), libraries for +implementing the LDAP protocol, utilities, tools, and sample clients. + +Install openldap if you need LDAP applications and tools. + +%package clients +Summary: LDAP servers, libraries, utilities, tools and sample clients. +Prereq: openldap = %{version}-%{release} +Group: Applications/Internet + +%description clients +OpenLDAP is an open source suite of LDAP (Lightweight Directory Access +Protocol) applications and development tools. LDAP is a set of +protocols for accessing directory services (usually phone book style +information, but other information is possible) over the Internet, +similar to the way DNS (Domain Name System) information is propagated +over the Internet. The suite includes a stand-alone LDAP server +(slapd), a stand-alone LDAP replication server (slurpd), libraries for +implementing the LDAP protocol, utilities, tools, and sample clients. + +Install openldap if you need LDAP applications and tools. + +%prep +%setup -q -a 2 +%patch0 -p1 -b .config +%patch1 -p1 -b .redhat +%patch2 -p1 -b .ldapuser +%patch3 -p1 -b .instdir +%patch4 -p1 -b .pidfile +%patch5 -p0 -b .mktemp +%patch6 -p1 -b .syslog +%patch7 -p1 -b .cldap +autoconf + +%build +CPPFLAGS="-I/usr/kerberos/include"; export CPPFLAGS +CFLAGS="$RPM_OPT_FLAGS -D_REENTRANT"; export CFLAGS +LDFLAGS="-L/usr/kerberos/lib"; export LDFLAGS +configure_flags=' + --with-ldbm-api=gdbm + --enable-cldap --disable-rlookups + --enable-passwd --with-kerberos + --enable-shell --enable-wrappers + --datadir=%{_datadir}/openldap + --libexecdir=%{_sbindir} + --localstatedir=%{_var}/run' + +%configure ${configure_flags} --without-slapd --with-slurpd --without-ldapd --disable-shared --with-threads +make +cp servers/slurpd/slurpd slurpd.semistatic + +make distclean + +%configure ${configure_flags} --with-slapd --without-slurpd --without-ldapd --enable-shared --without-threads +make + +%install +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT +mkdir $RPM_BUILD_ROOT +%{makeinstall} \ + datadir=$RPM_BUILD_ROOT%{_datadir}/openldap \ + libexecdir=$RPM_BUILD_ROOT%{_sbindir} \ + localstatedir=%{_var}/run \ + sysconfdir=$RPM_BUILD_ROOT%{_sysconfdir}/openldap +install -m755 slurpd.semistatic $RPM_BUILD_ROOT%{_sbindir}/slurpd + +# hack the default config files +perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT/etc/openldap/slapd.conf + +# we don't need the default files +rm -f $RPM_BUILD_ROOT/etc/openldap/*.default + +# install init script +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d +install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/ldap + +# install the migration tools +mkdir -p $RPM_BUILD_ROOT%{_datadir}/openldap/migration +install -m 755 MigrationTools-%{migtools_ver}/migrate_* \ + $RPM_BUILD_ROOT%{_datadir}/openldap/migration +install -m 644 MigrationTools-%{migtools_ver}/README %{SOURCE3} \ + $RPM_BUILD_ROOT%{_datadir}/openldap/migration +install -m 755 %{SOURCE4} $RPM_BUILD_ROOT%{_datadir}/openldap/migration +cp MigrationTools-%{migtools_ver}/README README.migration +cp %{SOURCE3} TOOLS.migration + +# create the data directory +mkdir -p $RPM_BUILD_ROOT/var/lib/ldap + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%post servers +/sbin/chkconfig --add ldap + +%preun servers +if [ "$1" = "0" ] ; then + /sbin/service ldap stop > /dev/null 2>&1 || : + /sbin/chkconfig --del ldap +fi + +%postun servers +/sbin/ldconfig +if [ $1 -ge 1 ] ; then + /sbin/service ldap condrestart > /dev/null 2>&1 || : +fi + +%files +%defattr(-,root,root) +%doc ANNOUNCEMENT CHANGES COPYRIGHT LICENSE README +%attr(0755,root,root) %dir /etc/openldap +%attr(0644,root,root) %config /etc/openldap/ldap*.conf +%attr(0755,root,root) %{_libdir}/lib*.so.* +%attr(0644,root,root) %{_mandir}/man5/* +%attr(0755,root,root) %dir %{_datadir}/openldap +%attr(0644,root,root) %{_datadir}/openldap/ldapfriendly + +%files servers +%defattr(-,root,root) +%doc README.migration TOOLS.migration +%attr(0755,root,root) %config /etc/rc.d/init.d/ldap +%attr(0600,root,root) %config /etc/openldap/sl*.conf +%attr(0755,root,root) %{_sbindir}/* +%attr(0644,root,root) %{_mandir}/man8/* +%attr(0644,root,root) %{_datadir}/openldap/*.help +%attr(0755,root,root) %dir %{_datadir}/openldap/migration +%attr(0644,root,root) %{_datadir}/openldap/migration/README +%attr(0644,root,root) %config %{_datadir}/openldap/migration/*.ph +%attr(0755,root,root) %{_datadir}/openldap/migration/*.pl +%attr(0755,root,root) %{_datadir}/openldap/migration/*.sh +%attr(0644,root,root) %{_datadir}/openldap/migration/*.txt +%attr(0700,root,root) %dir /var/lib/ldap + +%files clients +%defattr(-,root,root) +%attr(0755,root,root) %{_bindir}/* +%attr(0644,root,root) %{_mandir}/man1/* + +%files devel +%defattr(-,root,root) +%doc doc/devel/README doc/devel/guidelines doc/devel/todo doc/rfc/*.txt +%attr(0755,root,root) %{_libdir}/lib*.so +%attr(0644,root,root) %{_libdir}/lib*.a +%attr(0644,root,root) %{_includedir}/* +%attr(0644,root,root) %{_mandir}/man3/* + +%changelog +* Tue Aug 22 2000 Nalin Dahyabhai +- remove that pesky default password +- change "Copyright:" to "License:" + +* Sun Aug 13 2000 Nalin Dahyabhai +- adjust permissions in files lists +- move libexecdir from %{_prefix}/sbin to %{_sbindir} + +* Fri Aug 11 2000 Nalin Dahyabhai +- add migrate_automount.pl to the migration scripts set + +* Tue Aug 8 2000 Nalin Dahyabhai +- build a semistatic slurpd with threads, everything else without +- disable reverse lookups, per email on OpenLDAP mailing lists +- make sure the execute bits are set on the shared libraries + +* Mon Jul 31 2000 Nalin Dahyabhai +- change logging facility used from local4 to daemon (#11047) + +* Thu Jul 27 2000 Nalin Dahyabhai +- split off clients and servers to shrink down the package and remove the + base package's dependency on Perl +- make certain that the binaries have sane permissions + +* Mon Jul 17 2000 Nalin Dahyabhai +- move the init script back + +* Thu Jul 13 2000 Nalin Dahyabhai +- tweak the init script to only source /etc/sysconfig/network if it's found + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Mon Jul 10 2000 Nalin Dahyabhai +- switch to gdbm; I'm getting off the db merry-go-round +- tweak the init script some more +- add instdir to @INC in migration scripts + +* Thu Jul 6 2000 Nalin Dahyabhai +- tweak init script to return error codes properly +- change initscripts dependency to one on /etc/init.d + +* Tue Jul 4 2000 Nalin Dahyabhai +- prereq initscripts +- make migration scripts use mktemp + +* Tue Jun 27 2000 Nalin Dahyabhai +- do condrestart in post and stop in preun +- move init script to /etc/init.d + +* Fri Jun 16 2000 Nalin Dahyabhai +- update to 1.2.11 +- add condrestart logic to init script +- munge migration scripts so that you don't have to be + /usr/share/openldap/migration to run them +- add code to create pid files in /var/run + +* Mon Jun 5 2000 Nalin Dahyabhai +- FHS tweaks +- fix for compiling with libdb2 + +* Thu May 4 2000 Bill Nottingham +- minor tweak so it builds on ia64 + +* Wed May 3 2000 Nalin Dahyabhai +- more minimalistic fix for bug #11111 after consultation with OpenLDAP team +- backport replacement for the ldapuser patch + +* Tue May 2 2000 Nalin Dahyabhai +- fix segfaults from queries with commas in them in in.xfingerd (bug #11111) + +* Tue Apr 25 2000 Nalin Dahyabhai +- update to 1.2.10 +- add revamped version of patch from kos@bastard.net to allow execution as + any non-root user +- remove test suite from %build because of weirdness in the build system + +* Wed Apr 12 2000 Nalin Dahyabhai +- move the defaults for databases and whatnot to /var/lib/ldap (bug #10714) +- fix some possible string-handling problems + +* Mon Feb 14 2000 Bill Nottingham +- start earlier, stop later. + +* Thu Feb 3 2000 Nalin Dahyabhai +- auto rebuild in new environment (release 4) + +* Tue Feb 1 2000 Nalin Dahyabhai +- add -D_REENTRANT to make threaded stuff more stable, even though it looks + like the sources define it, too +- mark *.ph files in migration tools as config files + +* Fri Jan 21 2000 Nalin Dahyabhai +- update to 1.2.9 + +* Mon Sep 13 1999 Bill Nottingham +- strip files + +* Sat Sep 11 1999 Bill Nottingham +- update to 1.2.7 +- fix some bugs from bugzilla (#4885, #4887, #4888, #4967) +- take include files out of base package + +* Fri Aug 27 1999 Jeff Johnson +- missing ;; in init script reload) (#4734). + +* Tue Aug 24 1999 Cristian Gafton +- move stuff from /usr/libexec to /usr/sbin +- relocate config dirs to /etc/openldap + +* Mon Aug 16 1999 Bill Nottingham +- initscript munging + +* Wed Aug 11 1999 Cristian Gafton +- add the migration tools to the package + +* Fri Aug 06 1999 Cristian Gafton +- upgrade to 1.2.6 +- add rc.d script +- split -devel package + +* Sun Feb 07 1999 Preston Brown +- upgrade to latest stable (1.1.4), it now uses configure macro. + +* Fri Jan 15 1999 Bill Nottingham +- build on arm, glibc2.1 + +* Wed Oct 28 1998 Preston Brown +- initial cut. +- patches for signal handling on the alpha diff --git a/sources b/sources index e69de29..98316c6 100644 --- a/sources +++ b/sources @@ -0,0 +1,2 @@ +15562512bd557c0513799ccce86eb9f6 MigrationTools-24.tar.gz +ac469c0fe66ece3893e96182f14b7886 openldap-1.2.11.tgz