robbat2 14/10/12 06:26:40 Modified: slapd.tmpfilesd slapd.service Added: openldap-2.4.40-slapd-conf slapd-initd-2.4.40 Log: Version bump for bug #524694; Bug #520234: Improve TLS_REQCERT advice; Bug #502948: Improve datadir sanity checks; Bug #405167: USE=static-libs support; Bug #486424: cleanup QA warning re append-flags; Bug #426100: fix LICENSE; Bug #450948: Better smbkrb5passwd support; Bug #466992: backend example scripts; Bug #421017: fix automagic dep; Bug #444912: use /run instead of /var/run, ensure it exists; Bug #497590: install LMDB tools; Bug #449776: install mdb backend (Portage version: 2.2.10/cvs/Linux x86_64, unsigned Manifest commit)
Revision Changes Path 1.2 net-nds/openldap/files/slapd.tmpfilesd file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/slapd.tmpfilesd?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/slapd.tmpfilesd?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/slapd.tmpfilesd?r1=1.1&r2=1.2 Index: slapd.tmpfilesd =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd.tmpfilesd,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- slapd.tmpfilesd 18 Sep 2013 20:59:10 -0000 1.1 +++ slapd.tmpfilesd 12 Oct 2014 06:26:40 -0000 1.2 @@ -1,2 +1,2 @@ # openldap runtime directory for slapd.arg and slapd.pid -d /var/run/openldap 0755 ldap ldap - +d /run/openldap 0755 ldap ldap - 1.2 net-nds/openldap/files/slapd.service file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/slapd.service?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/slapd.service?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/slapd.service?r1=1.1&r2=1.2 Index: slapd.service =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd.service,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- slapd.service 18 Sep 2013 20:59:10 -0000 1.1 +++ slapd.service 12 Oct 2014 06:26:40 -0000 1.2 @@ -4,7 +4,7 @@ [Service] Type=forking -PIDFile=/var/run/openldap/slapd.pid +PIDFile=/run/openldap/slapd.pid ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS 1.1 net-nds/openldap/files/openldap-2.4.40-slapd-conf file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/openldap-2.4.40-slapd-conf?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/openldap-2.4.40-slapd-conf?rev=1.1&content-type=text/plain Index: openldap-2.4.40-slapd-conf =================================================================== # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /run/openldap/slapd.pid argsfile /run/openldap/slapd.args # Load dynamic backend modules: ###INSERTDYNAMICMODULESHERE### # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database hdb suffix "dc=my-domain,dc=com" # <kbyte> <min> checkpoint 32 30 rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/openldap-data # Indices to maintain index objectClass eq 1.1 net-nds/openldap/files/slapd-initd-2.4.40 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/slapd-initd-2.4.40?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-nds/openldap/files/slapd-initd-2.4.40?rev=1.1&content-type=text/plain Index: slapd-initd-2.4.40 =================================================================== #!/sbin/runscript # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd-2.4.40,v 1.1 2014/10/12 06:26:40 robbat2 Exp $ extra_commands="checkconfig" [ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}" PIDDIR=/run/openldap PIDFILE=$PIDDIR/$SVCNAME.pid depend() { need net before dbus hald avahi-daemon provide ldap } start() { checkpath -q -d ${PIDDIR} -o ldap:ldap if ! checkconfig -Q ; then eerror "There is a problem with your slapd.conf!" return 1 fi ebegin "Starting ldap-server" [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}" eend $? } stop() { ebegin "Stopping ldap-server" start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE} eend $? } checkconfig() { # checks requested by bug #502948 for d in `awk '/^directory/{print $2}'`; do if [ ! -d $d ]; then eerror "Directory $d in config does not exist!" return 1 fi /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq . if [ $? -ne 0 ]; then ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!" fi [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal" done # now test the config fully /usr/sbin/slaptest -u "$@" ${OPTS_CONF} }
