diff options
author | Giuseppe Di Terlizzi <giuseppe.diterlizzi@gmail.com> | 2017-04-07 17:45:04 +0100 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2017-04-08 06:57:49 +0700 |
commit | 683caa309d82c7207ad08816627cf69ee99dd1a7 (patch) | |
tree | dc66f6ad1b13d5f560c16565ccf617d7ae7e2a72 | |
parent | 09859e3dfe4158fcdcebcbe6e928fa86e06af433 (diff) |
network/openldap-server: Added (OpenLDAP server).
Signed-off-by: David Spencer <idlemoor@slackbuilds.org>
-rw-r--r-- | network/openldap-server/README | 22 | ||||
-rw-r--r-- | network/openldap-server/README.SLACKWARE | 103 | ||||
-rw-r--r-- | network/openldap-server/doinst.sh | 28 | ||||
-rw-r--r-- | network/openldap-server/openldap-server.SlackBuild | 255 | ||||
-rw-r--r-- | network/openldap-server/openldap-server.info | 10 | ||||
-rw-r--r-- | network/openldap-server/rc.openldap | 100 | ||||
-rw-r--r-- | network/openldap-server/slack-desc | 19 | ||||
-rw-r--r-- | network/openldap-server/slapd | 16 |
8 files changed, 553 insertions, 0 deletions
diff --git a/network/openldap-server/README b/network/openldap-server/README new file mode 100644 index 0000000000000..6a31d75bf86d4 --- /dev/null +++ b/network/openldap-server/README @@ -0,0 +1,22 @@ +OpenLDAP Server + +OpenLDAP is an open source implementation of the Lightweight Directory +Access Protocol. + +The suite includes: + + * slapd - stand-alone LDAP daemon (server) + * libraries implementing the LDAP protocol + * utilities, tools, and sample clients. + + +Groupname and Username + +You must have the 'ldap' group and user to run this script, +for example: + + groupadd -g 330 ldap + useradd -u 330 -d /var/lib/openldap -s /bin/false -c "OpenLDAP server" -g ldap ldap + + +For more information see README.SLACKWARE diff --git a/network/openldap-server/README.SLACKWARE b/network/openldap-server/README.SLACKWARE new file mode 100644 index 0000000000000..ea245662b6ec8 --- /dev/null +++ b/network/openldap-server/README.SLACKWARE @@ -0,0 +1,103 @@ +# Initial Setup + +Set the directory suffix and Manager user in your slapd.conf(5): + + [...] + suffix "dc=example,dc=org" + rootdn "cn=Manager,dc=example,dc=org" + rootpw {SSHA}CjQ2ddDHu92qd2BrcNYT1hQDzLrVlgCo # Encryted password using slappasswd(8) + [...] + +Create the DB_CONFIG file to initialize the database: + + # cd /var/lib/openldap + # cp -a DB_CONFIG.example DB_CONFIG + + + +# Logging + +Add this to your /etc/syslog.conf file, and then restart syslogd, +to enable the slapd log file: + + local4.* -/var/log/slapd + + + +# Configuration + +All configuration and schemas are stored in /etc/openlap + + slapd.conf legacy OpenLDAP configuration file (see slapd.conf(5)) + slapd.ldif OpenLDAP configuration file (see slapd-config(5)) + ldap.conf ldap client (eg. ldapsearch) configuration file (see ldap.conf(5)) + certs/ directory can contains server certificates + schema/ OpenLDAP schema + +The default OpenLDAP database is located in /var/lib/openldap + +*NOTE* OpenLDAP 2.3 and later supports old slapd.conf(5) and dynamic + configuration engine, slapd-config(5). + + + +# Using the slapd.d directory + +An existing slapd.conf(5) file can be converted to the new format using +slaptest(8): + + # sh /etc/rc.d/rc.openldap stop + # mkdir -p /etc/openldap/slapd.d + # slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d + # chown ldap:ldap /etc/openldap/slapd.d + + + +# Starting and Stopping the OpenLDAP server + +This package provides the /etc/rc.d/rc.openldap start/stop script. + +Slackware is OpenLDAP server ready (see the rc.M script) and you can start +the OpenLDAP server automatically at boot by adding execution permission to +/etc/rc.d/rc.openldap + + + +# Troubleshooting + +## Can't contact LDAP server via ldapi:/// url + + $ ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/test.ldif + ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) + +openldap-server package use the same libraries from n/openldap-client Slackware +package. The openldap-client package use a non-standard location for ldapi socket. + +### Solution 1 + +Create a symlink from /var/run/openldap/ldapi to /var/lib/run/ldapi + + # mkdir -p /var/lib/run + # ln -sf /var/run/openldap/ldapi /var/lib/run/ldapi + +### Solution 2 + +Change or add the URI in ldap.conf(5) file: + + URI ldapi://%2fvar%2frun%2fopenldap%2fldapi + +Run the ldap utility command without "-H" argument (example): + + $ ldapadd -Y EXTERNAL -f /tmp/test.ldif + +### Solution 3 + +Use ldapi url with ldap utility command: + + $ ldapadd -Y EXTERNAL -H ldapi://%2fvar%2frun%2fopenldap%2fldapi -f /tmp/test.ldif + + + +# Documentation + +See /usr/doc/openldap-2.4.42/guide.html (OpenLDAP Administrator Guide) diff --git a/network/openldap-server/doinst.sh b/network/openldap-server/doinst.sh new file mode 100644 index 0000000000000..17bd5215de80b --- /dev/null +++ b/network/openldap-server/doinst.sh @@ -0,0 +1,28 @@ +config() { + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.openldap.new + +config etc/openldap/slapd.conf.new +config etc/openldap/slapd.ldif.new +config etc/default/slapd.new diff --git a/network/openldap-server/openldap-server.SlackBuild b/network/openldap-server/openldap-server.SlackBuild new file mode 100644 index 0000000000000..663c238cf4933 --- /dev/null +++ b/network/openldap-server/openldap-server.SlackBuild @@ -0,0 +1,255 @@ +#!/bin/sh + +# Slackware build script for OpenLDAP server + +# Copyright 2015-2017 Giuseppe Di Terlizzi <giuseppe.diterlizzi@gmail.com> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=openldap-server +VERSION=${VERSION:-2.4.42} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + *) export ARCH=$( uname -m ) ;; + esac +fi + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +if ! grep ^ldap: /etc/group 2>&1 > /dev/null; then + echo " You must have a ldap group to run this script." + echo " # groupadd -r -g 330 ldap" + echo " Or something similar." + exit 1 +elif ! grep ^ldap: /etc/passwd 2>&1 > /dev/null; then + echo " You must have a ldap user to run this script." + echo " # useradd -r -u 330 -g ldap -d /var/lib/openldap -s /bin/false -c \"OpenLDAP server\" ldap" + echo " Or something similar." + exit 1 +fi + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf openldap-$VERSION +tar xvf $CWD/openldap-$VERSION.t*z* +cd openldap-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + + +# Change the location of run directory into /var/run/openldap +sed -i -e 's|%LOCALSTATEDIR%/run/|/var/run/openldap/|' \ + servers/slapd/slapd.* + +# Change the location of ldapi socket into /var/run/openldap +sed -i -e 's|\(#define LDAPI_SOCK\).*|\1 "/var/run/openldap/ldapi"|' \ + include/ldap_defaults.h + +# Change the default OpenLDAP database directory +sed -i -e 's|openldap-data|lib/openldap|' \ + servers/slapd/slapd.* include/ldap_defaults.h servers/slapd/Makefile.in + + +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --exec-prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/man \ + --localstatedir=/var \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + \ + --enable-debug \ + --enable-dynamic \ + --enable-syslog \ + --enable-proctitle \ + --enable-ipv6 \ + --enable-local \ + \ + --enable-slapd \ + --enable-dynacl \ + --enable-aci \ + --enable-cleartext \ + --enable-crypt \ + --enable-lmpasswd \ + --enable-spasswd \ + --enable-modules \ + --enable-rewrite \ + --enable-rlookups \ + --enable-slapi \ + --disable-slp \ + --enable-wrappers \ + \ + --enable-backends=mod \ + --enable-bdb=yes \ + --enable-hdb=yes \ + --enable-mdb=yes \ + --enable-monitor=yes \ + --enable-perl=yes \ + --disable-ndb \ + \ + --enable-overlays=mod \ + \ + --disable-static \ + --enable-shared \ + \ + --with-cyrus-sasl \ + --without-fetch \ + --with-threads \ + --with-pic \ + --with-tls + +make depend + +# Build only slapd server. The libraries and header files are present in +# Slackware n/openldap-client package + +( cd libraries + make +) + +( cd servers + make -j1 + make -j1 install DESTDIR=$PKG +) + +( cd doc + make + make install DESTDIR=$PKG +) + +rm -f $PKG/etc/openldap/*.default + +# Copy default slapd configuration +mv $PKG/etc/openldap/slapd.conf $PKG/etc/openldap/slapd.conf.new +mv $PKG/etc/openldap/slapd.ldif $PKG/etc/openldap/slapd.ldif.new + +# Create a symlink for slapd into /usr/sbin +mkdir -p $PKG/usr/sbin +( cd $PKG/usr/sbin ; ln -sf ../libexec/slapd slapd ) + +# Create OpenLDAP run directory +mkdir -p $PKG/var/run/openldap + +# Fix ldapi socket location for n/openldap-client package +mkdir -p $PKG/var/lib/run +( cd $PKG/var/lib/run; ln -sf ../../run/openldap/ldapi ldapi ) + +# Create OpenLDAP certificates directory +mkdir -p $PKG/etc/openldap/certs + +# Copy rc.openldap +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.openldap > $PKG/etc/rc.d/rc.openldap.new + +# Copy slapd default file +mkdir -p $PKG/etc/default +cat $CWD/slapd > $PKG/etc/default/slapd.new + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE + +cp -a \ + ANNOUNCEMENT COPYRIGHT LICENSE README CHANGES \ + $PKG/usr/doc/$PRGNAM-$VERSION + +# Include monitor backend README +cp -a \ + servers/slapd/back-monitor/README \ + $PKG/usr/doc/$PRGNAM-$VERSION/README.back-monitor + +# Include Perl backend README +cp -a \ + servers/slapd/back-perl/README \ + $PKG/usr/doc/$PRGNAM-$VERSION/README.back-perl + +# Include Perl backend sample file +cp -a \ + servers/slapd/back-perl/SampleLDAP.pm \ + $PKG/usr/doc/$PRGNAM-$VERSION + +# Include OpenLDAP documentation +cp -a \ + doc/guide/admin/*.png \ + doc/guide/admin/*.html \ + $PKG/usr/doc/$PRGNAM-$VERSION + +# Fix permissions +chmod 755 $PKG/usr/lib${LIBDIRSUFFIX}/*.so.* +chmod 700 $PKG/var/lib/openldap +chmod 755 $PKG/usr/libexec/openldap + +# Fix ownership +chown -R ldap:ldap $PKG/var/lib/openldap +chown -R ldap:ldap $PKG/var/run/openldap +chown -R ldap:ldap $PKG/etc/openldap + +# Remove OpenLDAP client man pages +rm -rf $PKG/usr/man/man1 +rm -rf $PKG/usr/man/man3 +rm -rf $PKG/usr/man/man5/{ldap,ldif}.* + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +# Create an empty slapd log file +mkdir -p $PKG/var/log +touch $PKG/var/log/slapd +chown ldap:ldap $PKG/var/log/slapd + + +mkdir $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/openldap-server/openldap-server.info b/network/openldap-server/openldap-server.info new file mode 100644 index 0000000000000..c2602f06afd55 --- /dev/null +++ b/network/openldap-server/openldap-server.info @@ -0,0 +1,10 @@ +PRGNAM="openldap-server" +VERSION="2.4.42" +HOMEPAGE="http://www.openldap.org" +DOWNLOAD="http://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-2.4.42.tgz" +MD5SUM="47c8e2f283647a6105b8b0325257e922" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="Giuseppe Di Terlizzi" +EMAIL="giuseppe.diterlizzi@gmail.com" diff --git a/network/openldap-server/rc.openldap b/network/openldap-server/rc.openldap new file mode 100644 index 0000000000000..0e64c219fc040 --- /dev/null +++ b/network/openldap-server/rc.openldap @@ -0,0 +1,100 @@ +#!/bin/sh + +# OpenLDAP Server start/stop script + + +. /etc/default/slapd + +PID_FILE=/var/run/openldap/slapd.pid +EXEC=/usr/sbin/slapd + + +# re-create /var/run/openldap directory +if [ ! -d /var/run/openldap ]; then + mkdir -p /var/run/openldap + chown ldap:ldap /var/run/openldap +fi + + +slapd_start() { + + echo -n "Starting OpenLDAP server..." + + if [ -e $PID_FILE ]; then + + if ps axc | grep slapd >/dev/null 2>&1 ; then + echo "already running!" + return 1 + else + rm $PID_FILE + fi + + fi + + $EXEC -u ldap -h "$SLAPD_URLS" $SLAPD_OPTIONS > /dev/null 2>&1 + echo "done!" + +} + + +slapd_stop() { + + echo -n "Stopping OpenLDAP server..." + + if [ -e $PID_FILE ]; then + if ps axc | grep slapd >/dev/null 2>&1; then + kill -INT $(cat $PID_FILE) + else + echo "already stopped!" + fi + fi + + rm $PID_FILE >/dev/null 2>&1 + echo "done!" + +} + + +slapd_restart() { + slapd_stop + sleep 1 + slapd_start +} + + +slapd_status() { + + if [ -e $PID_FILE ]; then + if ps axc | grep slapd >/dev/null 2>&1; then + echo "OpenLDAP is running!" + return 0 + fi + + echo "OpenLDAP PID file exists but the service is down!" + return 1 + + else + echo "OpenLDAP is stopped!" + return 0 + fi + +} + + +case "$1" in + 'start') + slapd_start + ;; + 'stop') + slapd_stop + ;; + 'restart') + slapd_restart + ;; + 'status') + slapd_status + ;; + *) + echo "usage $0 start|stop|restart" +esac + diff --git a/network/openldap-server/slack-desc b/network/openldap-server/slack-desc new file mode 100644 index 0000000000000..92bf98bc926b3 --- /dev/null +++ b/network/openldap-server/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +openldap-server: openldap-server (OpenLDAP server) +openldap-server: +openldap-server: OpenLDAP is an open source implementation of the Lightweight +openldap-server: Directory Access Protocol. LDAP is a alternative to the X.500 +openldap-server: Directory Access Protocol (DAP). It uses the TCP/IP stack versus +openldap-server: the overly complex OSI stack. +openldap-server: +openldap-server: LDAP is often used to provide authentication (such as for email). +openldap-server: +openldap-server: The OpenLDAP homepage is http://www.openldap.org/ +openldap-server: diff --git a/network/openldap-server/slapd b/network/openldap-server/slapd new file mode 100644 index 0000000000000..afbbfb55fc88d --- /dev/null +++ b/network/openldap-server/slapd @@ -0,0 +1,16 @@ +# OpenLDAP server configuration +# see 'man slapd' for additional information + +# Where the server will run (-h option) +# - ldapi:/// is required for on-the-fly configuration using client tools +# (use SASL with EXTERNAL mechanism for authentication) +# - default: ldapi:/// ldap:/// +# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// +SLAPD_URLS="ldapi:/// ldap:///" + +# Any custom options +#SLAPD_OPTIONS="" + +# Keytab location for GSSAPI Kerberos authentication +#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab" + |