summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--main/openldap/APKBUILD19
-rw-r--r--main/openldap/bdb-enabled-by-default.patch12
-rw-r--r--main/openldap/configs.patch117
-rw-r--r--main/openldap/openldap.post-install8
-rw-r--r--main/openldap/openldap.post-upgrade18
5 files changed, 150 insertions, 24 deletions
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index fbedaccd216..2e5c7a2c352 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -7,7 +7,7 @@
#
pkgname=openldap
pkgver=2.4.45
-pkgrel=1
+pkgrel=2
pkgdesc="LDAP Server"
url="http://www.openldap.org/"
arch="all"
@@ -20,21 +20,21 @@ makedepends="$depends_dev db-dev groff unixodbc-dev libtool mosquitto-dev
autoconf automake libtool"
subpackages="$pkgname-dev $pkgname-doc libldap
$pkgname-clients $pkgname-mqtt $pkgname-passwd-pbkdf2:passwd_pbkdf2"
-install="$pkgname.pre-install"
+install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz
openldap-2.4-ppolicy.patch
openldap-2.4.11-libldap_r.patch
- bdb-enabled-by-default.patch
openldap-mqtt-overlay.patch
libressl.patch
fix-manpages.patch
+ configs.patch
slapd.initd
slapd.confd
"
builddir="$srcdir/$pkgname-$pkgver"
-for _name in bdb hdb ldap meta monitor sql; do
+for _name in bdb hdb ldap mdb meta monitor sql; do
subpackages="$subpackages $pkgname-back-$_name:_backend"
done
@@ -63,9 +63,10 @@ build () {
--enable-modules \
--enable-dynamic \
--enable-bdb=mod \
- --enable-hdb=mod \
--enable-dnssrv=mod \
+ --enable-hdb=mod \
--enable-ldap=mod \
+ --enable-mdb=mod \
--enable-meta=mod \
--enable-monitor=mod \
--enable-null=mod \
@@ -117,12 +118,6 @@ package() {
mkdir -p usr/share/doc/$pkgname
mv etc/openldap/*.default usr/share/doc/$pkgname/
- sed -i -e 's:/var/lib/openldap/run:/run/openldap:g' \
- -e 's:back_bdb.la:back_bdb.so:' \
- -e 's:back_hdb.la:back_hdb.so:' \
- -e 's:back_ldap.la:back_ldap.so:' \
- -e '/slapd\.pid/i # If you change this, adjust also runscript!' \
- etc/openldap/slapd.*
chgrp ldap etc/openldap/slapd.*
chmod g+r etc/openldap/slapd.*
@@ -179,9 +174,9 @@ _submv() {
sha512sums="1c9fc84efed8998f107ce6e1c6be3f5466388241afdca0cb3847720c9def0bc263a2dbc15bf0f9112d1b4c391fd01e8531a4fb08c5532c30fb86924c08daedab openldap-2.4.45.tgz
5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch
44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch
-d94f791ff3d10f1fe244a6a071331d6dd5933ed859e1cf9465654e650ff7223eedad5f054ad77de2ad4dbbd0b4a2cfda970ad733baaa833183aee996216bdbf1 bdb-enabled-by-default.patch
9c7f41279e91ed995c91e9a8c543c797d9294a93cf260afdc03ab5777e45ed045a4d6a4d4d0180b5dc387dc04babca01d818fbfa8168309df44f4500d2a430a4 openldap-mqtt-overlay.patch
cbfd573139e6b0c51d0f1f1337d74d5c07813509754758df240b09bc2ba559127f656580eef88f1db1c1322d7cb05042b1926e046e24c19889759647aee7aec6 libressl.patch
8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch
+0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch
0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd
64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd"
diff --git a/main/openldap/bdb-enabled-by-default.patch b/main/openldap/bdb-enabled-by-default.patch
deleted file mode 100644
index cff64ddfe6b..00000000000
--- a/main/openldap/bdb-enabled-by-default.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -upr openldap-2.4.44.orig/servers/slapd/slapd.ldif openldap-2.4.44/servers/slapd/slapd.ldif
---- openldap-2.4.44.orig/servers/slapd/slapd.ldif 2016-03-20 16:31:37.592683978 +0100
-+++ openldap-2.4.44/servers/slapd/slapd.ldif 2016-03-20 16:33:13.022396171 +0100
-@@ -30,7 +30,7 @@ olcPidFile: %LOCALSTATEDIR%/run/slapd.pi
- #objectClass: olcModuleList
- #cn: module
- #olcModulepath: %MODULEDIR%
--#olcModuleload: back_bdb.la
-+olcModuleload: back_bdb.la
- #olcModuleload: back_hdb.la
- #olcModuleload: back_ldap.la
- #olcModuleload: back_passwd.la
diff --git a/main/openldap/configs.patch b/main/openldap/configs.patch
new file mode 100644
index 00000000000..e7ec65c4bde
--- /dev/null
+++ b/main/openldap/configs.patch
@@ -0,0 +1,117 @@
+--- a/servers/slapd/slapd.conf
++++ b/servers/slapd/slapd.conf
+@@ -2,7 +2,7 @@
+ # See slapd.conf(5) for details on configuration options.
+ # This file should NOT be world readable.
+ #
+-include %SYSCONFDIR%/schema/core.schema
++include /etc/openldap/schema/core.schema
+
+ # Define global ACLs to disable default read access.
+
+@@ -10,13 +10,16 @@
+ # service AND an understanding of referrals.
+ #referral ldap://root.openldap.org
+
+-pidfile %LOCALSTATEDIR%/run/slapd.pid
+-argsfile %LOCALSTATEDIR%/run/slapd.args
++# If you change this, adjust pidfile path also in runscript!
++pidfile /run/openldap/slapd.pid
++argsfile /run/openldap/slapd.args
+
+ # Load dynamic backend modules:
+-# modulepath %MODULEDIR%
+-# moduleload back_mdb.la
+-# moduleload back_ldap.la
++modulepath /usr/lib/openldap
++moduleload back_mdb.so
++# moduleload back_hdb.so
++# moduleload back_bbd.so
++# moduleload back_ldap.so
+
+ # Sample security restrictions
+ # Require integrity protection (prevent hijacking)
+@@ -53,13 +56,16 @@
+ maxsize 1073741824
+ suffix "dc=my-domain,dc=com"
+ rootdn "cn=Manager,dc=my-domain,dc=com"
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoid. See slappasswd(8) and slapd.conf(5) for details.
+ # Use of strong authentication encouraged.
+ rootpw secret
++
+ # The database directory MUST exist prior to running slapd AND
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-directory %LOCALSTATEDIR%/openldap-data
++directory /var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ index objectClass eq
+--- a/servers/slapd/slapd.ldif
++++ b/servers/slapd/slapd.ldif
+@@ -9,8 +9,9 @@
+ #
+ # Define global ACLs to disable default read access.
+ #
+-olcArgsFile: %LOCALSTATEDIR%/run/slapd.args
+-olcPidFile: %LOCALSTATEDIR%/run/slapd.pid
++# If you change this, set pidfile variable in /etc/conf.d/slapd!
++olcPidFile: /run/openldap/slapd.pid
++olcArgsFile: /run/openldap/slapd.args
+ #
+ # Do not enable referrals until AFTER you have a working directory
+ # service AND an understanding of referrals.
+@@ -26,22 +27,23 @@
+ #
+ # Load dynamic backend modules:
+ #
+-#dn: cn=module,cn=config
+-#objectClass: olcModuleList
+-#cn: module
+-#olcModulepath: %MODULEDIR%
+-#olcModuleload: back_bdb.la
+-#olcModuleload: back_hdb.la
+-#olcModuleload: back_ldap.la
+-#olcModuleload: back_passwd.la
+-#olcModuleload: back_shell.la
++dn: cn=module,cn=config
++objectClass: olcModuleList
++cn: module
++olcModulepath: /usr/lib/openldap
++#olcModuleload: back_bdb.so
++#olcModuleload: back_hdb.so
++#olcModuleload: back_ldap.so
++olcModuleload: back_mdb.so
++#olcModuleload: back_passwd.so
++#olcModuleload: back_shell.so
+
+
+ dn: cn=schema,cn=config
+ objectClass: olcSchemaConfig
+ cn: schema
+
+-include: file://%SYSCONFDIR%/schema/core.ldif
++include: file:///etc/openldap/schema/core.ldif
+
+ # Frontend settings
+ #
+@@ -83,13 +85,16 @@
+ olcDatabase: mdb
+ olcSuffix: dc=my-domain,dc=com
+ olcRootDN: cn=Manager,dc=my-domain,dc=com
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoided. See slappasswd(8) and slapd-config(5) for details.
+ # Use of strong authentication encouraged.
+ olcRootPW: secret
++
+ # The database directory MUST exist prior to running slapd AND
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-olcDbDirectory: %LOCALSTATEDIR%/openldap-data
++olcDbDirectory: /var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ olcDbIndex: objectClass eq
diff --git a/main/openldap/openldap.post-install b/main/openldap/openldap.post-install
new file mode 100644
index 00000000000..1e45b9abd25
--- /dev/null
+++ b/main/openldap/openldap.post-install
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+cat >&2 <<-EOF
+*
+* To use LDAP server, you have to install some backend. Most users would need MDB
+* backend which you can install using: apk add openldap-back-mdb.
+*
+EOF
diff --git a/main/openldap/openldap.post-upgrade b/main/openldap/openldap.post-upgrade
new file mode 100644
index 00000000000..c10ad5ad2b4
--- /dev/null
+++ b/main/openldap/openldap.post-upgrade
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+new_ver="$1"
+old_ver="$2"
+
+if [ "$(apk version -t "$old_ver" "2.4.45-r2")" = "<" ]; then
+ if [ -e /var/lib/openldap/openldap-data/data.mdb ]; then
+ cat >&2 <<-EOF
+ *
+ * Found existing MDB database. You have to install MDB backend:
+ * apk add openldap-back-mdb
+ *
+ * and add "moduleload back_mdb.so" to /etc/openldap/slapd.conf,
+ * or "olcModuleload back_mdb.so" to slapd.ldif.
+ *
+ EOF
+ fi
+fi