patch cleanup

This commit is contained in:
Jan Šafránek 2007-08-01 08:00:06 +00:00
parent c00068d9a7
commit ed33aae062
5 changed files with 20 additions and 155 deletions

View File

@ -1,10 +0,0 @@
--- openldap-1.2.11/servers/slapd/slap.h.cldap Tue Aug 8 17:05:58 2000
+++ openldap-1.2.11/servers/slapd/slap.h Tue Aug 8 17:06:03 2000
@@ -10,6 +10,7 @@
#endif
#include <sys/types.h>
+#include <sys/socket.h>
#include <ac/syslog.h>
#include <ac/regex.h>
#include <ac/time.h>

View File

@ -1,106 +0,0 @@
Force the default db directory to /var/lib/ldap, default to including
nis.schema and its prerequisites, allow LDAPv2 clients, increase the set of
indexed attributes for the default database.
--- openldap-2.2.13/doc/man/man8/slurpd.8 2004-01-01 13:16:27.000000000 -0500
+++ openldap-2.2.13/doc/man/man8/slurpd.8 2004-06-15 11:40:04.000000000 -0400
@@ -120,7 +120,7 @@
temporary files may contain sensitive information.
This option allows you to specify the location of these temporary files.
The default is
-.BR LOCALSTATEDIR/openldap-slurp .
+.BR /var/lib/ldap .
.TP
.BI \-k " srvtab\-file"
Specify the location of the kerberos srvtab file which contains keys
--- openldap-2.2.13/servers/slapd/slapd.conf 2003-12-29 13:10:40.000000000 -0500
+++ openldap-2.2.13/servers/slapd/slapd.conf 2004-06-15 11:44:23.000000000 -0400
@@ -3,8 +3,12 @@
# This file should NOT be world readable.
#
include %SYSCONFDIR%/schema/core.schema
+include %SYSCONFDIR%/schema/cosine.schema
+include %SYSCONFDIR%/schema/inetorgperson.schema
+include %SYSCONFDIR%/schema/nis.schema
-# Define global ACLs to disable default read access.
+# Allow LDAPv2 client connections. This is NOT the default.
+allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
@@ -21,6 +25,15 @@
# moduleload back_passwd.la
# moduleload back_shell.la
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it. Your client software
+# may balk at self-signed certificates, however.
+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
+
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
@@ -49,19 +62,32 @@
# rootdn can always read and write EVERYTHING!
#######################################################################
-# BDB database definitions
+# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
-# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
-rootpw secret
+# rootpw secret
+# rootpw {crypt}ijFYNcSNctBYg
+
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
-directory %LOCALSTATEDIR%/openldap-data
+directory /var/lib/ldap
+
-# Indices to maintain
-index objectClass eq
+# Indices to maintain for this database
+index objectClass eq,pres
+index ou,cn,mail,surname,givenname eq,pres,sub
+index uidNumber,gidNumber,loginShell eq,pres
+index uid,memberUid eq,pres,sub
+index nisMapName,nisMapEntry eq,pres,sub
+
+# Replicas of this database
+#replogfile /var/lib/ldap/openldap-master-replog
+#replica host=ldap-1.example.com:389 starttls=critical
+# bindmethod=sasl saslmech=GSSAPI
+# authcId=host/ldap-master.example.com@EXAMPLE.COM
--- openldap-2.2.13/servers/slurpd/slurp.h 2004-01-01 13:16:42.000000000 -0500
+++ openldap-2.2.13/servers/slurpd/slurp.h 2004-06-15 11:40:04.000000000 -0400
@@ -66,7 +66,7 @@
#define SERVICE_NAME OPENLDAP_PACKAGE "-slurpd"
/* Default directory for slurpd's private copy of replication logs */
-#define DEFAULT_SLURPD_REPLICA_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-slurp"
+#define DEFAULT_SLURPD_REPLICA_DIR "/var/lib/ldap"
/* Default name for slurpd's private copy of the replication log */
#define DEFAULT_SLURPD_REPLOGFILE "slurpd.replog"
@@ -75,7 +75,7 @@
#define DEFAULT_SLURPD_STATUS_FILE "slurpd.status"
/* slurpd dump file - contents of rq struct are written here (debugging) */
-#define SLURPD_DUMPFILE LDAP_TMPDIR LDAP_DIRSEP "slurpd.dump"
+#define SLURPD_DUMPFILE DEFAULT_SLURPD_REPLICA_DIR "/slurpd.dump"
/* Amount of time to sleep if no more work to do */
#define DEFAULT_NO_WORK_INTERVAL 3

View File

@ -1,16 +0,0 @@
--- openldap-2.3.11/libraries/libldap/cyrus.c.ads 2005-10-05 13:42:19.000000000 -0400
+++ openldap-2.3.11/libraries/libldap/cyrus.c 2005-11-10 13:08:04.000000000 -0500
@@ -734,10 +734,11 @@
Debug( LDAP_DEBUG_TRACE,
"ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
rc, saslrc, scred->bv_len );
+ ber_bvfree( scred );
+ rc = ld->ld_errno = LDAP_LOCAL_ERROR;
+ goto done;
}
ber_bvfree( scred );
- rc = ld->ld_errno = LDAP_LOCAL_ERROR;
- goto done;
}
break;
}

View File

@ -1,3 +1,5 @@
Compile smbk5pwd together with other overlays.
--- openldap-2.3.34/contrib/slapd-modules/smbk5pwd/README.smbk5pwd 2005-11-14 19:06:04.000000000 +0100 --- openldap-2.3.34/contrib/slapd-modules/smbk5pwd/README.smbk5pwd 2005-11-14 19:06:04.000000000 +0100
+++ openldap-2.3.34/contrib/slapd-modules/smbk5pwd/README 2007-07-09 09:44:43.000000000 +0200 +++ openldap-2.3.34/contrib/slapd-modules/smbk5pwd/README 2007-07-09 09:44:43.000000000 +0200
@@ -1,3 +1,8 @@ @@ -1,3 +1,8 @@

View File

@ -32,23 +32,20 @@ Source12: README.evolution
# Patches that are still valid for 2.3 # Patches that are still valid for 2.3
Patch0: openldap-2.3.34-config.patch Patch0: openldap-2.3.34-config.patch
Patch1: openldap-1.2.11-cldap.patch Patch1: openldap-2.0.11-ldaprc.patch
Patch2: openldap-2.0.11-ldaprc.patch Patch2: openldap-2.2.13-setugid.patch
Patch3: openldap-2.2.13-setugid.patch Patch3: openldap-2.2.13-pie.patch
Patch4: openldap-2.2.13-pie.patch Patch4: openldap-2.3.11-toollinks.patch
Patch5: openldap-2.3.11-toollinks.patch Patch5: openldap-2.3.11-nosql.patch
Patch6: openldap-2.3.11-nosql.patch Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
#Patch7: openldap-2.3.19-nostrip.patch Patch7: openldap-2.3.34-quiet-slaptest.patch
Patch8: openldap-2.3.19-gethostbyXXXX_r.patch Patch8: openldap-2.3.34-pthread.patch
Patch9: openldap-2.3.34-quiet-slaptest.patch Patch9: openldap-2.3.37-smbk5pwd.patch
Patch10: openldap-2.3.34-pthread.patch
Patch11: openldap-2.3.37-smbk5pwd.patch
# Patches for 2.2.29 for the compat-openldap package. # Patches for 2.2.29 for the compat-openldap package.
Patch100: openldap-2.2.13-tls-fix-connection-test.patch Patch100: openldap-2.2.13-tls-fix-connection-test.patch
Patch101: openldap-2.2.23-resolv.patch Patch101: openldap-2.2.23-resolv.patch
Patch102: openldap-2.2.29-ads.patch Patch102: openldap-2.2.29-ads.patch
#Patch103: openldap-2.2.29-nostrip.patch
# Patches for the evolution library # Patches for the evolution library
Patch200: openldap-ntlm.diff Patch200: openldap-ntlm.diff
@ -171,17 +168,15 @@ popd
pushd openldap-%{version_23} pushd openldap-%{version_23}
%patch0 -p1 -b .config %patch0 -p1 -b .config
%patch1 -p1 -b .cldap %patch1 -p1 -b .ldaprc
%patch2 -p1 -b .ldaprc %patch2 -p1 -b .setugid
%patch3 -p1 -b .setugid %patch3 -p1 -b .pie
%patch4 -p1 -b .pie %patch4 -p1 -b .toollinks
%patch5 -p1 -b .toollinks %patch5 -p1 -b .nosql
%patch6 -p1 -b .nosql %patch6 -p1 -b .gethostbyname_r
#%patch7 -p1 -b .nostrip %patch7 -p1 -b .quiet-slaptest
%patch8 -p1 -b .gethostbyname_r %patch8 -p1 -b .pthread
%patch9 -p1 -b .quiet-slaptest %patch9 -p1 -b .smbk5pwd
%patch10 -p1 -b .pthread
%patch11 -p1 -b .smbk5pwd
cp %{_datadir}/libtool/config.{sub,guess} build/ cp %{_datadir}/libtool/config.{sub,guess} build/
popd popd