ports/51277: [maintainer update] openldap21, user and group for ldap, sasl support
Christian Kratzer
ck at cksoft.de
Tue Apr 22 11:20:16 UTC 2003
>Number: 51277
>Category: ports
>Synopsis: [maintainer update] openldap21, user and group for ldap, sasl support
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 22 04:20:05 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Christian Kratzer
>Release: FreeBSD 4.7-STABLE i386
>Organization:
CK Software GmbH
>Environment:
System: FreeBSD majakka.cksoft.de 4.7-STABLE FreeBSD 4.7-STABLE #1: Thu Dec 19 14:57:42 CET 2002 ck at majakka.cksoft.de:/usr/obj/usr/src/RELENG_4/src/sys/MAJAKKA i386
>Description:
NOTE: New user and group ldap added by this port. Please consider adding
them to the base system in the future.
This port adds following features:
1. User and group ldap worked into startup scripts and pkg-install
ck at majakka[build-root-ports]: {111} pw show user ldap
ldap:*:389:389::0:0:OpenLDAP Server:/nonexistent:/sbin/nologin
ck at majakka[build-root-ports]: {112} pw show group ldap
ldap:*:389:
2. New option. WITHOUT_SASL to build without sasl. Building with
sasl is now default. This should be a very common configuration.
>How-To-Repeat:
>Fix:
--- openldap21/files/slapd.sh.orig Sun Apr 20 09:42:41 2003
+++ openldap21/files/slapd.sh Sun Apr 20 09:45:08 2003
@@ -7,18 +7,18 @@
# Uncomment one of the following:
#
# IPv4 Only
-#slapd_args='-h ldap://0.0.0.0'
+#slapd_args='-u ldap -g ldap -h ldap://0.0.0.0'
#
# IPv6 and IPv4
-#slapd_ags='-h "ldap://[::] ldap://0.0.0.0"'
+#slapd_ags='-u ldap -g ldap -h "ldap://[::] ldap://0.0.0.0"'
#
# IPv6 Only
-#slapd_args='-h ldap://[::]'
+#slapd_args='-u ldap -g ldap -h ldap://[::]'
#
#
-slapd_args=
+slapd_args="-u ldap -g ldap"
-pidfile=/var/run/slapd.pid
+pidfile=/var/run/ldap/slapd.pid
case "$1" in
start)
@@ -31,7 +31,6 @@
stop)
if [ -f $pidfile ]; then
kill `cat $pidfile`
- telnet localhost ldap </dev/null >/dev/null 2>&1
echo -n ' slapd'
rm $pidfile
else
--- openldap21/files/slurpd.sh.orig Tue Apr 22 13:00:26 2003
+++ openldap21/files/slurpd.sh Tue Apr 22 13:01:31 2003
@@ -4,7 +4,7 @@
#
slurpd=@@PREFIX@@/libexec/slurpd
-pidfile=/var/run/slurpd.pid
+pidfile=/var/run/ldap/slurpd.pid
case "$1" in
start)
--- openldap21/Makefile.orig Sun Apr 20 07:46:07 2003
+++ openldap21/Makefile Mon Apr 21 10:57:22 2003
@@ -10,13 +10,17 @@
# SLAPD_ONLY builds openldap21-slapd-PORTVERSION (slapd and slapd tools)
# SLURPD_ONLY builds openldap21-slurpd-PORTVERSION (slurpd only)
# SERVERS_ONLY builds openldap21-servers-PORTVERSION (slapd and slurpd)
+# WITHOUT_SASL do not build against sasl2
+#
+# OPENLDAP_STABLE an attempt to track the openldap stable branch
+# It remains to be seen if this stays practical.
#
# $FreeBSD: ports/net/openldap21/Makefile,v 1.64 2003/04/11 14:43:46 nork Exp $
#
PORTNAME= openldap21
PORTVERSION= 2.1.17
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= net databases
MASTER_SITES= ftp://ftp.OpenLDAP.org/pub/OpenLDAP/%SUBDIR%/ \
http://www.PlanetMirror.com/pub/openldap/%SUBDIR%/ \
@@ -47,27 +51,42 @@
LIB_DEPENDS+= db41:${PORTSDIR}/databases/db41
-CXXFLAGS+= -D_REENTRANT ${PTHREAD_CFLAGS} -I${LOCALBASE}/include/db41
-CPPFLAGS+= -D_REENTRANT ${PTHREAD_CFLAGS} -I${LOCALBASE}/include/db41
+CXXFLAGS+= -D_REENTRANT ${PTHREAD_CFLAGS} \
+ -I${LOCALBASE}/include \
+ -I${LOCALBASE}/include/db41
+
+CPPFLAGS+= -D_REENTRANT ${PTHREAD_CFLAGS} \
+ -I${LOCALBASE}/include \
+ -I${LOCALBASE}/include/db41
+
LDFLAGS+= -L${LOCALBASE}/lib
USE_OPENSSL= yes
HAS_CONFIGURE= yes
-CONFIGURE_ENV+= CXXFLAGS="${CXXFLAGS}" \
- CPPFLAGS="${CPPFLAGS}" \
+CONFIGURE_ENV+= CXXFLAGS="${CXXFLAGS}" \
+ CPPFLAGS="${CPPFLAGS}" \
LDFLAGS="${LDFLAGS}"
CONFIGURE_ARGS+=--prefix=${PREFIX} \
--enable-bdb \
--enable-crypt
+.if defined(WITHOUT_SASL)
+CONFIGURE_ARGS+= \
+ --without-cyrus-sasl
+.else
+LIB_DEPENDS+= sasl2:${PORTSDIR}/security/cyrus-sasl2
+CONFIGURE_ARGS+= \
+ --with-cyrus-sasl \
+ --enable-spasswd
+.endif
+
# ------------------------------------------------------------------------------
# common configure
#
CONFIGURE_ARGS+= \
--with-tls \
- --without-cyrus-sasl \
--localstatedir=/var/db
# Include tcp-wrapper support
@@ -382,8 +401,8 @@
post-patch:
@${CP} ${WRKSRC}/servers/slapd/slapd.conf \
${WRKSRC}/servers/slapd/slapd.conf.Dist
- @${SED} -e '/^pidfile/s#%LOCALSTATEDIR%#/var/run#' \
- -e '/^argsfile/s#%LOCALSTATEDIR%#/var/run#' \
+ @${SED} -e '/^pidfile/s#%LOCALSTATEDIR%#/var/run/ldap#' \
+ -e '/^argsfile/s#%LOCALSTATEDIR%#/var/run/ldap#' \
${WRKSRC}/servers/slapd/slapd.conf.Dist > \
${WRKSRC}/servers/slapd/slapd.conf
--- openldap21/pkg-install.orig Sun Apr 20 08:35:44 2003
+++ openldap21/pkg-install Mon Apr 21 11:01:50 2003
@@ -0,0 +1,52 @@
+#!/bin/sh
+#
+# $FreeBSD:$
+#
+
+PKG_PREFIX=${PKG_PREFIX:=/usr/local}
+BATCH=${BATCH:=no}
+
+USER=ldap
+USER_UID=389
+
+GROUP=ldap
+GROUP_GID=389
+
+if [ x"$2" = xPRE-INSTALL ]; then
+ if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
+ echo "You already have a group \"${GROUP}\", so I will use it."
+ else
+ if /usr/sbin/pw groupadd ${GROUP} -g ${GROUP_GID} -h -
+ then
+ echo "Added group \"${GROUP}\"."
+ else
+ echo "Adding group \"${GROUP}\" failed..."
+ echo "Please create it, and try again."
+ exit 1
+ fi
+ fi
+
+ if /usr/sbin/pw user show "${USER}" 2>/dev/null; then
+ echo "You already have a user \"${USER}\", so I will use it."
+ else
+ if /usr/sbin/pw useradd ${USER} -u ${USER_UID} -g ${GROUP} -h - \
+ -d /nonexistent \
+ -s /sbin/nologin \
+ -c "OpenLDAP Server"
+ then
+ echo "Added user \"${USER}\"."
+ else
+ echo "Adding user \"${USER}\" failed..."
+ echo "Please create it, and try again."
+ exit 1
+ fi
+ fi
+fi
+
+if [ x"$2" = xPOST-INSTALL ]; then
+ chown -R $USER:$GROUP /var/db/openldap-data
+ chown -R $USER:$GROUP /var/run/ldap
+ chown $USER:$GROUP $PKG_PREFIX/etc/openldap/slapd.conf
+ chown $USER:$GROUP $PKG_PREFIX/etc/openldap/slapd.conf.default
+fi
+
--- openldap21/pkg-message.orig Tue Apr 22 12:31:06 2003
+++ openldap21/pkg-message Tue Apr 22 12:30:40 2003
@@ -0,0 +1,8 @@
+The openldap21 port now creates a ldap user an a ldap group.
+
+If you use slapadd as root to populate your ldap Database please
+remember to chown the database directories and containing files
+to user ldap and group ldap.
+
+ chown -R ldap:ldap /var/db/openldap-data
+
--- openldap21/pkg-plist.orig Sun Apr 20 09:46:05 2003
+++ openldap21/pkg-plist Sun Apr 20 09:49:08 2003
@@ -93,3 +93,5 @@
%%NO_SLAPD%%@unexec /bin/rmdir %D/etc/openldap 2>/dev/null || true
%%NO_SLAPD%%@exec [ -d /var/db/openldap-data ] || /bin/mkdir /var/db/openldap-data
%%NO_SLAPD%%@unexec /bin/rmdir /var/db/openldap-data 2>/dev/null || true
+%%NO_SLAPD%%@exec [ -d /var/run/ldap ] || /bin/mkdir /var/run/ldap
+%%NO_SLAPD%%@unexec /bin/rmdir /var/run/ldap 2>/dev/null || true
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list