summaryrefslogtreecommitdiff
path: root/system/openldap/configs.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/openldap/configs.patch')
-rw-r--r--system/openldap/configs.patch117
1 files changed, 117 insertions, 0 deletions
diff --git a/system/openldap/configs.patch b/system/openldap/configs.patch
new file mode 100644
index 000000000..e7ec65c4b
--- /dev/null
+++ b/system/openldap/configs.patch
@@ -0,0 +1,117 @@
+--- a/servers/slapd/slapd.conf
++++ b/servers/slapd/slapd.conf
+@@ -2,7 +2,7 @@
+ # See slapd.conf(5) for details on configuration options.
+ # This file should NOT be world readable.
+ #
+-include %SYSCONFDIR%/schema/core.schema
++include /etc/openldap/schema/core.schema
+
+ # Define global ACLs to disable default read access.
+
+@@ -10,13 +10,16 @@
+ # service AND an understanding of referrals.
+ #referral ldap://root.openldap.org
+
+-pidfile %LOCALSTATEDIR%/run/slapd.pid
+-argsfile %LOCALSTATEDIR%/run/slapd.args
++# If you change this, adjust pidfile path also in runscript!
++pidfile /run/openldap/slapd.pid
++argsfile /run/openldap/slapd.args
+
+ # Load dynamic backend modules:
+-# modulepath %MODULEDIR%
+-# moduleload back_mdb.la
+-# moduleload back_ldap.la
++modulepath /usr/lib/openldap
++moduleload back_mdb.so
++# moduleload back_hdb.so
++# moduleload back_bbd.so
++# moduleload back_ldap.so
+
+ # Sample security restrictions
+ # Require integrity protection (prevent hijacking)
+@@ -53,13 +56,16 @@
+ maxsize 1073741824
+ suffix "dc=my-domain,dc=com"
+ rootdn "cn=Manager,dc=my-domain,dc=com"
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoid. See slappasswd(8) and slapd.conf(5) for details.
+ # Use of strong authentication encouraged.
+ rootpw secret
++
+ # The database directory MUST exist prior to running slapd AND
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-directory %LOCALSTATEDIR%/openldap-data
++directory /var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ index objectClass eq
+--- a/servers/slapd/slapd.ldif
++++ b/servers/slapd/slapd.ldif
+@@ -9,8 +9,9 @@
+ #
+ # Define global ACLs to disable default read access.
+ #
+-olcArgsFile: %LOCALSTATEDIR%/run/slapd.args
+-olcPidFile: %LOCALSTATEDIR%/run/slapd.pid
++# If you change this, set pidfile variable in /etc/conf.d/slapd!
++olcPidFile: /run/openldap/slapd.pid
++olcArgsFile: /run/openldap/slapd.args
+ #
+ # Do not enable referrals until AFTER you have a working directory
+ # service AND an understanding of referrals.
+@@ -26,22 +27,23 @@
+ #
+ # Load dynamic backend modules:
+ #
+-#dn: cn=module,cn=config
+-#objectClass: olcModuleList
+-#cn: module
+-#olcModulepath: %MODULEDIR%
+-#olcModuleload: back_bdb.la
+-#olcModuleload: back_hdb.la
+-#olcModuleload: back_ldap.la
+-#olcModuleload: back_passwd.la
+-#olcModuleload: back_shell.la
++dn: cn=module,cn=config
++objectClass: olcModuleList
++cn: module
++olcModulepath: /usr/lib/openldap
++#olcModuleload: back_bdb.so
++#olcModuleload: back_hdb.so
++#olcModuleload: back_ldap.so
++olcModuleload: back_mdb.so
++#olcModuleload: back_passwd.so
++#olcModuleload: back_shell.so
+
+
+ dn: cn=schema,cn=config
+ objectClass: olcSchemaConfig
+ cn: schema
+
+-include: file://%SYSCONFDIR%/schema/core.ldif
++include: file:///etc/openldap/schema/core.ldif
+
+ # Frontend settings
+ #
+@@ -83,13 +85,16 @@
+ olcDatabase: mdb
+ olcSuffix: dc=my-domain,dc=com
+ olcRootDN: cn=Manager,dc=my-domain,dc=com
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoided. See slappasswd(8) and slapd-config(5) for details.
+ # Use of strong authentication encouraged.
+ olcRootPW: secret
++
+ # The database directory MUST exist prior to running slapd AND
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-olcDbDirectory: %LOCALSTATEDIR%/openldap-data
++olcDbDirectory: /var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ olcDbIndex: objectClass eq