[packages/openldap.git] / openldap-config.patch

--- openldap-2.4.44/servers/slapd/slapd.conf.orig	2016-06-29 20:55:38.281854483 +0200
+++ openldap-2.4.44/servers/slapd/slapd.conf	2016-06-29 21:19:04.660902139 +0200
@@ -2,21 +2,61 @@
 # See slapd.conf(5) for details on configuration options.
 # This file should NOT be world readable.
 #
-include		%SYSCONFDIR%/schema/core.schema
+include		/usr/share/openldap/schema/core.schema
+include		/usr/share/openldap/schema/cosine.schema
+include		/usr/share/openldap/schema/inetorgperson.schema
+include		/usr/share/openldap/schema/nis.schema
+include		/usr/share/openldap/schema/misc.schema
+#include		/usr/share/openldap/schema/java.schema
+#include		/usr/share/openldap/schema/corba.schema
+#include		/usr/share/openldap/schema/openldap.schema
+include		%SYSCONFDIR%/schema/local.schema
 
 # Define global ACLs to disable default read access.
+include 	%SYSCONFDIR%/slapd.access.conf
 
 # Do not enable referrals until AFTER you have a working directory
 # service AND an understanding of referrals.
 #referral	ldap://root.openldap.org
 
-pidfile		%LOCALSTATEDIR%/run/slapd.pid
-argsfile	%LOCALSTATEDIR%/run/slapd.args
+pidfile		/var/run/slapd/slapd.pid
+argsfile	/var/run/slapd/slapd.args
 
 # Load dynamic backend modules:
-# modulepath	%MODULEDIR%
+modulepath	%MODULEDIR%
+# moduleload	back_dnssrv.la
 # moduleload	back_mdb.la
 # moduleload	back_ldap.la
+# moduleload	back_ldif.la
+# moduleload	back_meta.la
+# moduleload	back_monitor.la
+# moduleload	back_passwd.la
+# moduleload	back_perl.la
+# moduleload	back_relay.la
+# moduleload	back_shell.la
+# moduleload	back_sql.la
+# moduleload	accesslog.la
+# moduleload	auditlog.la
+# moduleload	constraint.la
+# moduleload	dds.la
+# moduleload	dyngroup.la
+# moduleload	dynlist.la
+# moduleload	memberof.la
+# moduleload	pcache.la
+# moduleload	ppolicy.la
+# moduleload	refint.la
+# moduleload	retcode.la
+# moduleload	rwm.la
+# moduleload	smbk5pwd.la
+# moduleload	syncprov.la
+# moduleload	translucent.la
+# moduleload	unique.la
+# moduleload	valsort.la
+
+# TLSCACertificateFile /usr/share/ssl/ca-bundle.crt
+# TLSCertificateFile /etc/openldap/slapd.pem
+# TLSCertificateKeyFile /etc/openldap/slapd.key
+# TLSVerifyClient never
 
 # Sample security restrictions
 #	Require integrity protection (prevent hijacking)
@@ -56,10 +96,21 @@
 # Cleartext passwords, especially for the rootdn, should
 # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
 # Use of strong authentication encouraged.
-rootpw		secret
+# rootpw		secret
+# rootpw		{crypt}ijFYNcSNctBYg
 # The database directory MUST exist prior to running slapd AND 
 # should only be accessible by the slapd and slap tools.
 # Mode 700 recommended.
 directory	%LOCALSTATEDIR%/openldap-data
 # Indices to maintain
-index	objectClass	eq
+index objectClass			eq,pres
+index ou,cn,mail,surname,givenname	eq,pres,sub
+index uidNumber,gidNumber,loginShell	eq,pres
+index uid,memberUid			eq,pres,sub
+index nisMapName,nisMapEntry		eq,pres,sub
+
+# Replicas of this database
+#replogfile %LOCALSTATEDIR%/openldap-data/openldap-master-replog
+#replica host=ldap-1.example.com:389 starttls=critical
+#	bindmethod=sasl saslmech=GSSAPI
+#	authcId=host/ldap-master.example.com@EXAMPLE.COM
--- openldap-2.2.6/build/top.mk.orig	2004-01-01 19:16:25.000000000 +0100
+++ openldap-2.2.6/build/top.mk	2004-02-28 15:43:38.579652400 +0100
@@ -37,7 +37,7 @@
 libexecdir = @libexecdir@
 localstatedir = @localstatedir@
 mandir = @mandir@
-moduledir = @libexecdir@$(ldap_subdir)
+moduledir = @libdir@$(ldap_subdir)
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 sysconfdir = @sysconfdir@$(ldap_subdir)
Commit	Line	Data
40ce4106 JB	1	--- openldap-2.4.44/servers/slapd/slapd.conf.orig 2016-06-29 20:55:38.281854483 +0200
	2	+++ openldap-2.4.44/servers/slapd/slapd.conf 2016-06-29 21:19:04.660902139 +0200
	3	@@ -2,21 +2,61 @@
cea7cca9 JK	4	# See slapd.conf(5) for details on configuration options.
	5	# This file should NOT be world readable.
	6	#
26ffd129	7	-include %SYSCONFDIR%/schema/core.schema
ae8d2971	8	+include /usr/share/openldap/schema/core.schema
7dc84be3 JR	9	+include /usr/share/openldap/schema/cosine.schema
	10	+include /usr/share/openldap/schema/inetorgperson.schema
	11	+include /usr/share/openldap/schema/nis.schema
	12	+include /usr/share/openldap/schema/misc.schema
	13	+#include /usr/share/openldap/schema/java.schema
	14	+#include /usr/share/openldap/schema/corba.schema
	15	+#include /usr/share/openldap/schema/openldap.schema
ae8d2971	16	+include %SYSCONFDIR%/schema/local.schema
26ffd129 JK	17
	18	# Define global ACLs to disable default read access.
	19	+include %SYSCONFDIR%/slapd.access.conf
	20
	21	# Do not enable referrals until AFTER you have a working directory
	22	# service AND an understanding of referrals.
	23	#referral ldap://root.openldap.org
cea7cca9	24
ae8d2971 JB	25	-pidfile %LOCALSTATEDIR%/run/slapd.pid
ae8d2971 JB	26	-argsfile %LOCALSTATEDIR%/run/slapd.args
036a70cc ER	27	+pidfile /var/run/slapd/slapd.pid
036a70cc ER	28	+argsfile /var/run/slapd/slapd.args
cea7cca9	29
26ffd129 JK	30	# Load dynamic backend modules:
26ffd129 JK	31	-# modulepath %MODULEDIR%
ae8d2971	32	+modulepath %MODULEDIR%
93ac3601	33	+# moduleload back_dnssrv.la
40ce4106	34	# moduleload back_mdb.la
26ffd129	35	# moduleload back_ldap.la
a682f2ed	36	+# moduleload back_ldif.la
93ac3601 JK	37	+# moduleload back_meta.la
93ac3601 JK	38	+# moduleload back_monitor.la
a682f2ed	39	+# moduleload back_passwd.la
93ac3601	40	+# moduleload back_perl.la
48991c04	41	+# moduleload back_relay.la
a682f2ed	42	+# moduleload back_shell.la
93ac3601	43	+# moduleload back_sql.la
48991c04 ER	44	+# moduleload accesslog.la
48991c04 ER	45	+# moduleload auditlog.la
a682f2ed JR	46	+# moduleload constraint.la
a682f2ed JR	47	+# moduleload dds.la
48991c04 ER	48	+# moduleload dyngroup.la
48991c04 ER	49	+# moduleload dynlist.la
a682f2ed	50	+# moduleload memberof.la
48991c04 ER	51	+# moduleload pcache.la
	52	+# moduleload ppolicy.la
	53	+# moduleload refint.la
	54	+# moduleload retcode.la
	55	+# moduleload rwm.la
58a17d40	56	+# moduleload smbk5pwd.la
48991c04 ER	57	+# moduleload syncprov.la
	58	+# moduleload translucent.la
	59	+# moduleload unique.la
	60	+# moduleload valsort.la
7dc84be3 JR	61	+
	62	+# TLSCACertificateFile /usr/share/ssl/ca-bundle.crt
	63	+# TLSCertificateFile /etc/openldap/slapd.pem
	64	+# TLSCertificateKeyFile /etc/openldap/slapd.key
7e5c9ba2	65	+# TLSVerifyClient never
40ce4106	66
93ac3601	67	# Sample security restrictions
ae8d2971	68	# Require integrity protection (prevent hijacking)
40ce4106	69	@@ -56,10 +96,21 @@
26ffd129 JK	70	# Cleartext passwords, especially for the rootdn, should
	71	# be avoid. See slappasswd(8) and slapd.conf(5) for details.
	72	# Use of strong authentication encouraged.
a8cfc661	73	-rootpw secret
2fb91cf2 JB	74	+# rootpw secret
2fb91cf2 JB	75	+# rootpw {crypt}ijFYNcSNctBYg
26ffd129	76	# The database directory MUST exist prior to running slapd AND
d418cb94 AF	77	# should only be accessible by the slapd and slap tools.
d418cb94 AF	78	# Mode 700 recommended.
93ac3601 JK	79	directory %LOCALSTATEDIR%/openldap-data
93ac3601 JK	80	# Indices to maintain
7dc84be3 JR	81	-index objectClass eq
	82	+index objectClass eq,pres
	83	+index ou,cn,mail,surname,givenname eq,pres,sub
	84	+index uidNumber,gidNumber,loginShell eq,pres
	85	+index uid,memberUid eq,pres,sub
	86	+index nisMapName,nisMapEntry eq,pres,sub
973ecb8b	87	+
7dc84be3 JR	88	+# Replicas of this database
	89	+#replogfile %LOCALSTATEDIR%/openldap-data/openldap-master-replog
	90	+#replica host=ldap-1.example.com:389 starttls=critical
	91	+# bindmethod=sasl saslmech=GSSAPI
	92	+# authcId=host/ldap-master.example.com@EXAMPLE.COM
ae8d2971 JB	93	--- openldap-2.2.6/build/top.mk.orig 2004-01-01 19:16:25.000000000 +0100
	94	+++ openldap-2.2.6/build/top.mk 2004-02-28 15:43:38.579652400 +0100
	95	@@ -37,7 +37,7 @@
	96	libexecdir = @libexecdir@
	97	localstatedir = @localstatedir@
	98	mandir = @mandir@
	99	-moduledir = @libexecdir@$(ldap_subdir)
	100	+moduledir = @libdir@$(ldap_subdir)
	101	sbindir = @sbindir@
	102	sharedstatedir = @sharedstatedir@
	103	sysconfdir = @sysconfdir@$(ldap_subdir)