main/openldap: build mbd backend as module and fix configs

author: Jakub Jirutka <jakub@jirutka.cz> 2017-10-26 21:28:02 +0200
committer: Jakub Jirutka <jakub@jirutka.cz> 2017-10-26 22:49:57 +0200
commit: 046d831a77e8299deb2069d320f2e7d5287b296e (patch)
tree: b9f4e944ed171af965d820eacba5604af86cb852
parent: cc0bb4cffb665767f096245ff52552f09b03fbbf (diff)
download: aports-046d831a77e8299deb2069d320f2e7d5287b296e.zip
5 files changed, 150 insertions, 24 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index fbedaccd216..2e5c7a2c352 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -7,7 +7,7 @@
 #
 pkgname=openldap
 pkgver=2.4.45
-pkgrel=1
+pkgrel=2
 pkgdesc="LDAP Server"
 url="http://www.openldap.org/"
 arch="all"
@@ -20,21 +20,21 @@ makedepends="$depends_dev db-dev groff unixodbc-dev libtool mosquitto-dev
 	autoconf automake libtool"
 subpackages="$pkgname-dev $pkgname-doc libldap
 	$pkgname-clients $pkgname-mqtt $pkgname-passwd-pbkdf2:passwd_pbkdf2"
-install="$pkgname.pre-install"
+install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
 source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz
 	openldap-2.4-ppolicy.patch
 	openldap-2.4.11-libldap_r.patch
-	bdb-enabled-by-default.patch
 	openldap-mqtt-overlay.patch
 	libressl.patch
 	fix-manpages.patch
+	configs.patch
 
 	slapd.initd
 	slapd.confd
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
-for _name in bdb hdb ldap meta monitor sql; do
+for _name in bdb hdb ldap mdb meta monitor sql; do
 	subpackages="$subpackages $pkgname-back-$_name:_backend"
 done
 
@@ -63,9 +63,10 @@ build () {
 		--enable-modules \
 		--enable-dynamic \
 		--enable-bdb=mod \
-		--enable-hdb=mod \
 		--enable-dnssrv=mod \
+		--enable-hdb=mod \
 		--enable-ldap=mod \
+		--enable-mdb=mod \
 		--enable-meta=mod \
 		--enable-monitor=mod \
 		--enable-null=mod \
@@ -117,12 +118,6 @@ package() {
 	mkdir -p usr/share/doc/$pkgname
 	mv etc/openldap/*.default usr/share/doc/$pkgname/
 
-	sed -i -e 's:/var/lib/openldap/run:/run/openldap:g' \
-		-e 's:back_bdb.la:back_bdb.so:' \
-		-e 's:back_hdb.la:back_hdb.so:' \
-		-e 's:back_ldap.la:back_ldap.so:' \
-		-e '/slapd\.pid/i # If you change this, adjust also runscript!' \
-		etc/openldap/slapd.*
 	chgrp ldap etc/openldap/slapd.*
 	chmod g+r etc/openldap/slapd.*
 
@@ -179,9 +174,9 @@ _submv() {
 sha512sums="1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab  openldap-2.4.45.tgz
 5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38  openldap-2.4-ppolicy.patch
 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357  openldap-2.4.11-libldap_r.patch
-d94f791ff3d10f1fe244a6a071331d6dd5933ed859e1cf9465654e650ff7223eedad5f054ad77de2ad4dbbd0b4a2cfda970ad733baaa833183aee996216bdbf1  bdb-enabled-by-default.patch
 9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4  openldap-mqtt-overlay.patch
 cbfd573139e6b0c51d0f1f1337d74d5c07813509754758df240b09bc2ba559127f656580eef88f1db1c1322d7cb05042b1926e046e24c19889759647aee7aec6  libressl.patch
 8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177  fix-manpages.patch
+0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca  configs.patch
 0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532  slapd.initd
 64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a  slapd.confd"
diff --git a/main/openldap/bdb-enabled-by-default.patch b/main/openldap/bdb-enabled-by-default.patch
deleted file mode 100644
index cff64ddfe6b..00000000000
--- a/main/openldap/bdb-enabled-by-default.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -upr openldap-2.4.44.orig/servers/slapd/slapd.ldif openldap-2.4.44/servers/slapd/slapd.ldif
---- openldap-2.4.44.orig/servers/slapd/slapd.ldif	2016-03-20 16:31:37.592683978 +0100
-+++ openldap-2.4.44/servers/slapd/slapd.ldif	2016-03-20 16:33:13.022396171 +0100
-@@ -30,7 +30,7 @@ olcPidFile: %LOCALSTATEDIR%/run/slapd.pi
- #objectClass: olcModuleList
- #cn: module
- #olcModulepath:	%MODULEDIR%
--#olcModuleload:	back_bdb.la
-+olcModuleload:	back_bdb.la
- #olcModuleload:	back_hdb.la
- #olcModuleload:	back_ldap.la
- #olcModuleload:	back_passwd.la
diff --git a/main/openldap/configs.patch b/main/openldap/configs.patch
new file mode 100644
index 00000000000..e7ec65c4bde
--- /dev/null
+++ b/main/openldap/configs.patch
@@ -0,0 +1,117 @@
+--- a/servers/slapd/slapd.conf
++++ b/servers/slapd/slapd.conf
+@@ -2,7 +2,7 @@
+ # See slapd.conf(5) for details on configuration options.
+ # This file should NOT be world readable.
+ #
+-include		%SYSCONFDIR%/schema/core.schema
++include		/etc/openldap/schema/core.schema
+ 
+ # Define global ACLs to disable default read access.
+ 
+@@ -10,13 +10,16 @@
+ # service AND an understanding of referrals.
+ #referral	ldap://root.openldap.org
+ 
+-pidfile		%LOCALSTATEDIR%/run/slapd.pid
+-argsfile	%LOCALSTATEDIR%/run/slapd.args
++# If you change this, adjust pidfile path also in runscript!
++pidfile		/run/openldap/slapd.pid
++argsfile	/run/openldap/slapd.args
+ 
+ # Load dynamic backend modules:
+-# modulepath	%MODULEDIR%
+-# moduleload	back_mdb.la
+-# moduleload	back_ldap.la
++modulepath	/usr/lib/openldap
++moduleload	back_mdb.so
++# moduleload	back_hdb.so
++# moduleload	back_bbd.so
++# moduleload	back_ldap.so
+ 
+ # Sample security restrictions
+ #	Require integrity protection (prevent hijacking)
+@@ -53,13 +56,16 @@
+ maxsize		1073741824
+ suffix		"dc=my-domain,dc=com"
+ rootdn		"cn=Manager,dc=my-domain,dc=com"
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+ # Use of strong authentication encouraged.
+ rootpw		secret
++
+ # The database directory MUST exist prior to running slapd AND 
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-directory	%LOCALSTATEDIR%/openldap-data
++directory	/var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ index	objectClass	eq
+--- a/servers/slapd/slapd.ldif
++++ b/servers/slapd/slapd.ldif
+@@ -9,8 +9,9 @@
+ #
+ # Define global ACLs to disable default read access.
+ #
+-olcArgsFile: %LOCALSTATEDIR%/run/slapd.args
+-olcPidFile: %LOCALSTATEDIR%/run/slapd.pid
++# If you change this, set pidfile variable in /etc/conf.d/slapd!
++olcPidFile: /run/openldap/slapd.pid
++olcArgsFile: /run/openldap/slapd.args
+ #
+ # Do not enable referrals until AFTER you have a working directory
+ # service AND an understanding of referrals.
+@@ -26,22 +27,23 @@
+ #
+ # Load dynamic backend modules:
+ #
+-#dn: cn=module,cn=config
+-#objectClass: olcModuleList
+-#cn: module
+-#olcModulepath:	%MODULEDIR%
+-#olcModuleload:	back_bdb.la
+-#olcModuleload:	back_hdb.la
+-#olcModuleload:	back_ldap.la
+-#olcModuleload:	back_passwd.la
+-#olcModuleload:	back_shell.la
++dn: cn=module,cn=config
++objectClass: olcModuleList
++cn: module
++olcModulepath:	/usr/lib/openldap
++#olcModuleload:	back_bdb.so
++#olcModuleload:	back_hdb.so
++#olcModuleload:	back_ldap.so
++olcModuleload:	back_mdb.so
++#olcModuleload:	back_passwd.so
++#olcModuleload:	back_shell.so
+ 
+ 
+ dn: cn=schema,cn=config
+ objectClass: olcSchemaConfig
+ cn: schema
+ 
+-include: file://%SYSCONFDIR%/schema/core.ldif
++include: file:///etc/openldap/schema/core.ldif
+ 
+ # Frontend settings
+ #
+@@ -83,13 +85,16 @@
+ olcDatabase: mdb
+ olcSuffix: dc=my-domain,dc=com
+ olcRootDN: cn=Manager,dc=my-domain,dc=com
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoided.  See slappasswd(8) and slapd-config(5) for details.
+ # Use of strong authentication encouraged.
+ olcRootPW: secret
++
+ # The database directory MUST exist prior to running slapd AND 
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-olcDbDirectory:	%LOCALSTATEDIR%/openldap-data
++olcDbDirectory:	/var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ olcDbIndex: objectClass eq
diff --git a/main/openldap/openldap.post-install b/main/openldap/openldap.post-install
new file mode 100644
index 00000000000..1e45b9abd25
--- /dev/null
+++ b/main/openldap/openldap.post-install
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+cat >&2 <<-EOF
+*
+* To use LDAP server, you have to install some backend. Most users would need MDB
+* backend which you can install using: apk add openldap-back-mdb.
+*
+EOF
diff --git a/main/openldap/openldap.post-upgrade b/main/openldap/openldap.post-upgrade
new file mode 100644
index 00000000000..c10ad5ad2b4
--- /dev/null
+++ b/main/openldap/openldap.post-upgrade
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+new_ver="$1"
+old_ver="$2"
+
+if [ "$(apk version -t "$old_ver" "2.4.45-r2")" = "<" ]; then
+	if [ -e /var/lib/openldap/openldap-data/data.mdb ]; then
+		cat >&2 <<-EOF
+		*
+		* Found existing MDB database. You have to install MDB backend:
+		*     apk add openldap-back-mdb
+		*
+		* and add "moduleload back_mdb.so" to /etc/openldap/slapd.conf,
+		* or "olcModuleload back_mdb.so" to slapd.ldif.
+		*
+		EOF
+	fi
+fi
author	Jakub Jirutka <jakub@jirutka.cz>	2017-10-26 21:28:02 +0200
committer	Jakub Jirutka <jakub@jirutka.cz>	2017-10-26 22:49:57 +0200
commit	046d831a77e8299deb2069d320f2e7d5287b296e (patch)
tree	b9f4e944ed171af965d820eacba5604af86cb852
parent	cc0bb4cffb665767f096245ff52552f09b03fbbf (diff)
download	aports-046d831a77e8299deb2069d320f2e7d5287b296e.zip