Your message dated Fri, 11 Sep 2015 09:32:21 +0000
with message-id <[email protected]>
and subject line Bug#794998: fixed in openldap 2.4.42+dfsg-2
has caused the Debian Bug report #794998,
regarding openldap: no manual page for smbk5pwd module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
794998: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794998
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openldap
Version: 2.4.41+dfsg-1
Severity: normal
Tags: upstream patch

Hi,

the smbk5pwd module in the slapd-smbk5pwd binary package does not have a manual
page.

The attached patches try to solve the issue:

* 0001-smbk5pwd-makefile-manpage-install-slapo-smbk5pwd.5-m.patch
  Create a manual page for smbk5pwd and make sure it gets installed too.

  This patch is derived from a patch I sent upstream as part of ITS#8205

* 0002-debian-slapd-.manpages-separate-man-pages-between-t.patch
  Make sure the slapo-smbk5pwd.5 manual page does not end up in the slapd
  binary package.

I'd appreciate if these patches make it into the next release of Debian's
openldap packages.

Thanks for packaging openldap for Debian!

Best
Peter

PS: support in getting ITS#8205 included upstream is very welcome ;-))


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
>From b3c6acad00eefe300e0e96ae78e36394ba3766e4 Mon Sep 17 00:00:00 2001
From: Peter Marschall <[email protected]>
Date: Sat, 8 Aug 2015 12:02:12 +0200
Subject: [PATCH 1/2] smbk5pwd-makefile-manpage: install slapo-smbk5pwd.5 man
 page

The patch for creating the smbk5pwd manual page is upstreamed as ITS#8205
---
 debian/patches/series                    |   1 +
 debian/patches/smbk5pwd-makefile-manpage | 251 +++++++++++++++++++++++++++++++
 2 files changed, 252 insertions(+)
 create mode 100644 debian/patches/smbk5pwd-makefile-manpage

diff --git a/debian/patches/series b/debian/patches/series
index eda3a18..87dda63 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,6 +10,7 @@ getaddrinfo-is-threadsafe
 do-not-second-guess-sonames
 contrib-modules-use-dpkg-buildflags
 smbk5pwd-makefile
+smbk5pwd-makefile-manpage
 autogroup-makefile
 lastbind-makefile
 lastbind-makefile-manpage
diff --git a/debian/patches/smbk5pwd-makefile-manpage b/debian/patches/smbk5pwd-makefile-manpage
new file mode 100644
index 0000000..a0ed83b
--- /dev/null
+++ b/debian/patches/smbk5pwd-makefile-manpage
@@ -0,0 +1,251 @@
+From: Peter Marschall <[email protected]>
+Date: Sun, 26 Jul 2015 15:04:26 +0200
+Subject: [PATCH] contrib/smbk5pwd: add man page, install it too
+
+Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
+install the new manual page.
+
+This patch is derived from the corresponding patch upstreamed in ITS#8205
+
+---
+ contrib/slapd-modules/smbk5pwd/Makefile         |  14 +-
+ contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 | 179 ++++++++++++++++++++++++
+ 2 files changed, 192 insertions(+), 1 deletion(-)
+ create mode 100644 contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
+
+diff --git a/contrib/slapd-modules/smbk5pwd/Makefile b/contrib/slapd-modules/smbk5pwd/Makefile
+index 676d914..0042a49 100644
+--- a/contrib/slapd-modules/smbk5pwd/Makefile
++++ b/contrib/slapd-modules/smbk5pwd/Makefile
+@@ -25,6 +25,7 @@
+ HEIMDAL_LIB = $(shell krb5-config.heimdal --libs kadm-server)
+ 
+ LIBTOOL = $(LDAP_BUILD)/debian/build/libtool
++INSTALL = /usr/bin/install
+ CC = gcc
+ OPT = -g -O2 -Wall
+ # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
+@@ -34,6 +35,7 @@
+ LIBS = $(HEIMDAL_LIB) $(LDAP_LIB) $(SSL_LIB)
+ 
+ PROGRAMS = smbk5pwd.la
++MANPAGES = slapo-smbk5pwd.5
+ LTVER = 0:0:0
+ 
+ prefix=/usr
+@@ -43,6 +45,8 @@
+ libdir=$(exec_prefix)/lib
+ libexecdir=$(exec_prefix)/libexec
+ moduledir = $(libdir)$(ldap_subdir)
++mandir = $(exec_prefix)/share/man
++man5dir = $(mandir)/man5
+ 
+ .SUFFIXES: .c .o .lo
+ 
+@@ -58,9 +62,17 @@
+ clean:
+ 	$(LIBTOOL) --mode=clean rm -f
+ 
+-install: $(PROGRAMS)
++install: install-lib install-man FORCE
++
++install-lib: $(PROGRAMS)
+ 	mkdir -p $(DESTDIR)$(moduledir)
+ 	for p in $(PROGRAMS) ; do \
+ 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+ 	done
+ 
++install-man: $(MANPAGES)
++	mkdir -p  $(DESTDIR)$(man5dir)
++	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
++
++FORCE:
++
+diff --git a/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
+new file mode 100644
+index 0000000..431a765
+--- /dev/null
++++ b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
+@@ -0,0 +1,179 @@
++.TH SLAPO-SMBK5PWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
++.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
++.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
++.\" $OpenLDAP$
++.SH NAME
++slapo-smbk5pwd \- Samba & Kerberos password sync overlay to slapd
++.SH SYNOPSIS
++ETCDIR/slapd.conf
++.RS
++.LP
++include
++.B "<path to>/krb5-kdc.schema"
++.LP
++include
++.B "<path to>/samba.schema"
++.LP
++moduleload
++.B smbk5pwd.so
++.LP
++ ...
++.LP
++database mdb
++.LP
++ ...
++.LP
++overlay
++.B smbk5pwd
++.RE
++
++.SH DESCRIPTION
++.LP
++The 
++.B smbk5pwd
++overlay to
++.BR slapd (8)
++overloads the Password Modify Extended Operation (RFC 3062) to update
++Kerberos keys and Samba password hashes for an LDAP user, as well as
++updating password change related attributes for Kerberos, Samba and/or
++UNIX user accounts.
++.LP
++The Samba support is written using the Samba 3.0 LDAP schema;
++Kerberos support is written for Heimdal using its hdb-ldap backend.
++.LP
++Additionally, a new
++.B {K5KEY}
++password hash mechanism is provided.
++For
++.B krb5KDCEntry
++objects that have this scheme specifier in their
++.I userPassword
++attribute, Simple Binds will be checked against the Kerberos keys of the entry.
++No data is needed after the
++.B {K5KEY}
++scheme specifier in the
++.IR userPassword ,
++it is looked up from the entry directly.
++
++.SH CONFIGURATION
++The 
++.B smbk5pwd
++overlay supports the following
++.B slapd.conf
++configuration options, which should appear after the
++.B overlay
++directive:
++.TP
++.BI smbk5pwd-enable " <module>"
++can be used to enable only the desired modules.
++Legal values for
++.I <module>
++are
++.LP
++.RS
++.TP
++.B krb5
++If the user has the
++.B krb5KDCEntry
++objectclass, update the
++.B krb5Key
++and
++.B krb5KeyVersionNumber
++attributes using the new password in the Password Modify operation,
++provided the Kerberos account is not expired.
++Exiration is determined by evaluating the
++.B krb5ValidEnd
++attribute.
++.TP
++.B samba
++If the user is a
++.B sambaSamAccount
++object, synchronize the
++.B sambaLMPassword
++and
++.B sambaNTPassword
++to the password entered in the Password Modify operation, and update
++.B sambaPwdLastSet
++accordingly.
++.TP
++.B shadow
++Update the attribute
++.BR shadowLastChange ,
++if the entry has the objectclass
++.BR shadowAccount .
++.LP
++By default all modules compiled in are enabled.
++Setting the config statement restricts the enabled modules to the ones
++explicitly mentioned.
++.RE
++.TP
++.BI smbk5pwd-can-change " <seconds>"
++If the
++.B samba
++module is enabled and the user is a
++.BR sambaSamAccount ,
++update the attribute
++.B sambaPwdCanChange
++to point
++.I <seconds>
++into the future, essentially denying any Samba password change until then.
++A value of
++.B 0
++disables this feature.
++.TP
++.BI smbk5pwd-must-change " <seconds>"
++If the
++.B samba
++module is enabled and the user is a
++.BR sambaSamAccount ,
++update the attribute
++.B sambaPwdMustChange
++to point
++.I <seconds>
++into the future, essentially setting the Samba password expiration time.
++A value of
++.B 0
++disables this feature.
++.LP
++Alternatively, the overlay supports table-driven configuration,
++and thus can be run-time loaded and configured via back-config.
++
++.SH EXAMPLE
++The layout of a slapd.d based, table-driven configuration entry looks like:
++.LP
++.EX
++        # {0}smbk5pwd, {1}bdb, config
++        dn: olcOverlay={0}smbk5pwd,olcDatabase={1}mdb,cn=config
++        objectClass: olcOverlayConfig
++        objectClass: olcSmbK5PwdConfig
++        olcOverlay: {0}smbk5pwd
++        olcSmbK5PwdEnable: krb5
++        olcSmbK5PwdEnable: samba
++        olcSmbK5PwdMustChange: 2592000
++.EE
++.LP
++which enables both
++.B krb5
++and
++.B samba
++modules with a Samba password expiration time of 30 days (=
++.B 2592000
++seconds).
++
++.SH SEE ALSO
++.BR slapd.conf (5),
++.BR ldappasswd (1),
++.BR ldap (3),
++.LP
++"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
++.LP
++
++.SH ACKNOWLEDGEMENTS
++This manual page has been writen by Peter Marschall based on the
++module's README file written by Howard Chu.
++.LP
++.B OpenLDAP
++is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
++.B OpenLDAP
++is derived from University of Michigan LDAP 3.3 Release.
++
+-- 
+2.5.0
+
-- 
2.5.0

>From 7439b19aa40596b6149db7a5d03b891350e3a5f2 Mon Sep 17 00:00:00 2001
From: Peter Marschall <[email protected]>
Date: Sat, 8 Aug 2015 12:18:34 +0200
Subject: [PATCH 2/2] debian/slapd*.manpages: separate man pages between the
 binary packages

---
 debian/slapd-smbk5pwd.manpages |  1 +
 debian/slapd.manpages          | 25 ++++++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 debian/slapd-smbk5pwd.manpages

diff --git a/debian/slapd-smbk5pwd.manpages b/debian/slapd-smbk5pwd.manpages
new file mode 100644
index 0000000..9640f35
--- /dev/null
+++ b/debian/slapd-smbk5pwd.manpages
@@ -0,0 +1 @@
+debian/tmp/usr/share/man/man5/slapo-smbk5pwd.5
diff --git a/debian/slapd.manpages b/debian/slapd.manpages
index 5969ae9..72cc5c9 100644
--- a/debian/slapd.manpages
+++ b/debian/slapd.manpages
@@ -1,2 +1,25 @@
-debian/tmp/usr/share/man/man5/slap*.5
+debian/tmp/usr/share/man/man5/slapd*.5
+debian/tmp/usr/share/man/man5/slapo-accesslog.5
+debian/tmp/usr/share/man/man5/slapo-auditlog.5
+debian/tmp/usr/share/man/man5/slapo-chain.5
+debian/tmp/usr/share/man/man5/slapo-collect.5
+debian/tmp/usr/share/man/man5/slapo-constraint.5
+debian/tmp/usr/share/man/man5/slapo-dds.5
+debian/tmp/usr/share/man/man5/slapo-dyngroup.5
+debian/tmp/usr/share/man/man5/slapo-dynlist.5
+debian/tmp/usr/share/man/man5/slapo-lastbind.5
+debian/tmp/usr/share/man/man5/slapo-memberof.5
+debian/tmp/usr/share/man/man5/slapo-pbind.5
+debian/tmp/usr/share/man/man5/slapo-pcache.5
+debian/tmp/usr/share/man/man5/slapo-ppolicy.5
+debian/tmp/usr/share/man/man5/slapo-refint.5
+debian/tmp/usr/share/man/man5/slapo-retcode.5
+debian/tmp/usr/share/man/man5/slapo-rwm.5
+#debian/tmp/usr/share/man/man5/slapo-smbk5pwd.5
+debian/tmp/usr/share/man/man5/slapo-sock.5
+debian/tmp/usr/share/man/man5/slapo-sssvlv.5
+debian/tmp/usr/share/man/man5/slapo-syncprov.5
+debian/tmp/usr/share/man/man5/slapo-translucent.5
+debian/tmp/usr/share/man/man5/slapo-unique.5
+debian/tmp/usr/share/man/man5/slapo-valsort.5
 debian/tmp/usr/share/man/man8/slap*.8
-- 
2.5.0


--- End Message ---
--- Begin Message ---
Source: openldap
Source-Version: 2.4.42+dfsg-2

We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryan Tandy <[email protected]> (supplier of updated openldap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Sep 2015 20:13:17 -0700
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg 
libldap2-dev slapd-dbg
Architecture: source
Version: 2.4.42+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenLDAP Maintainers 
<[email protected]>
Changed-By: Ryan Tandy <[email protected]>
Description:
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd      - OpenLDAP server (slapd)
 slapd-dbg  - Debugging information for the OpenLDAP server (slapd)
 slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 669235 724518 794998
Changes:
 openldap (2.4.42+dfsg-2) unstable; urgency=medium
 .
   [ Ryan Tandy ]
   * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as
     recommended by lintian.
   * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile.
     This allows the dependency loop with heimdal to be broken for
     bootstrapping, and the dependency on libperl-dev to be avoided for
     cross-building. Thanks Daniel Schepler and Helmut Grohne.
     (Closes: #724518)
   * Apply wrap-and-sort to the Build-Depends field.
   * Drop libncurses5-dev from Build-Depends, no longer needed since the ud
     tool was removed in OpenLDAP 2.1.4.
   * Drop libltdl3-dev as an alternate Build-Depends, since that package was
     removed after lenny.
   * Annotate Build-Depends on perl with :any to allow running the system perl
     interpreter during cross builds.
   * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne.
   * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for
     restriction formula support.
   * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is
     actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a
     false positive; see #687022.
   * Include the smbk5pwd man page in the slapd-smbk5pwd package.
   * Allow anonymous read access to the shadowLastChange attribute by default,
     allowing nss-ldap/nss-ldapd to handle password expiry correctly even when
     bound anonymously. This was the only restricted shadow attribute, the
     others were already world-readable. (Closes: #669235)
   * Drop the redundant default ACL for dn.base="" from the database entry.
     It's already covered by the fallback case below.
   * Copy more comments from the slapd.conf template to slapd.init.ldif. Also
     comment the shadowLastChange access rule.
   * Import upstream patch to remove an unnecessary assert(0) that could be
     triggered remotely by an unauthenticated user by sending a malformed BER
     element. (ITS#8240)
 .
   [ Peter Marschall ]
   * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
     install the new manual page. (Closes: #794998)
Checksums-Sha1:
 054ba8a83a833789fe536211e00f14dbfb0e38c4 2902 openldap_2.4.42+dfsg-2.dsc
 6f8e74cbaf22ee918719c52a8fd0c4cf73a831b4 152620 
openldap_2.4.42+dfsg-2.debian.tar.xz
Checksums-Sha256:
 66bd0c7ccc8997008a4e8c734cb2ee7fed5ac6897217389dc5647ff86bfbac01 2902 
openldap_2.4.42+dfsg-2.dsc
 6a9bb42aeb745dd2b18765ab067401d450bbf97f8822356fa175397cb9257199 152620 
openldap_2.4.42+dfsg-2.debian.tar.xz
Files:
 749bb6b35d72f415165ae16a4307c0cd 2902 net optional openldap_2.4.42+dfsg-2.dsc
 b144cbc20d844d1696a8be03da49c4f5 152620 net optional 
openldap_2.4.42+dfsg-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJV8pJNAAoJEKmDSiJSB45Otq4P/2OtVRrPAtg4F4U4LlYyDoCQ
qf/emdtJV5dZwIDrckymXCcFPXEGcta1aYeNUqHFNAxW8zi89J2ISzhyhmwh4KdJ
fZhjHBmTdJJLJrvU49aItvYflYcPT8UZ9VbXe8OjHTfq1uWO0iTrpPYBX+KUcwd7
haO0dpmvfBJOq98v7i2tSxg3rlH40S6aAbclMfLVxV6lRC0ixwa9m4050CoFWZoP
TNy1Qsgbazo3ot7pAjLwlgaK9bzfG3uyHv4NecHoJajWf0FVlAlYM3BEfJh2pTFT
KkbR75m2KejrTy0yzcnxK6pdpe4ABWEbPp2Ky6foqy3M809OzpAOB+WnJjGfFZpO
66aCj7fY+rRDuMUOpMu3Q+D+usj/RHpkD+YvbEREvdNTM9R/ZYuQihHGHj4cWo1v
YHUp5z+FyyUUytoiFLV1h5J5fGBzL6FsYMH0et7vSttUPP111mLvTlTUbkgfdLgj
Zyv5zoULldQNxCivfYRTnMgyRh6LQJNHD5dTb+yuGIbvQeKHp9P+QOGOg0RHDEsa
bUaLgDOpOLrnx1+jrtfCnS1v1fCDVP+1CuVbvX2LmErvnRBu8lMEzcpqnlPJXL0+
hpTRgKTgw/saJoZeLFn33f/KFBSKBiAwLJSjJgi2XhQtJncDbp4PNlMWJU20G7ms
6B+ka9e5mj+I8VZuq3og
=mFcQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to