1 files changed, 117 insertions, 0 deletions

diff --git a/system/openldap/configs.patch b/system/openldap/configs.patch
new file mode 100644
index 000000000..e7ec65c4b
--- /dev/null
+++ b/system/openldap/configs.patch
@@ -0,0 +1,117 @@
+--- a/servers/slapd/slapd.conf
++++ b/servers/slapd/slapd.conf
+@@ -2,7 +2,7 @@
+ # See slapd.conf(5) for details on configuration options.
+ # This file should NOT be world readable.
+ #
+-include		%SYSCONFDIR%/schema/core.schema
++include		/etc/openldap/schema/core.schema
+ 
+ # Define global ACLs to disable default read access.
+ 
+@@ -10,13 +10,16 @@
+ # service AND an understanding of referrals.
+ #referral	ldap://root.openldap.org
+ 
+-pidfile		%LOCALSTATEDIR%/run/slapd.pid
+-argsfile	%LOCALSTATEDIR%/run/slapd.args
++# If you change this, adjust pidfile path also in runscript!
++pidfile		/run/openldap/slapd.pid
++argsfile	/run/openldap/slapd.args
+ 
+ # Load dynamic backend modules:
+-# modulepath	%MODULEDIR%
+-# moduleload	back_mdb.la
+-# moduleload	back_ldap.la
++modulepath	/usr/lib/openldap
++moduleload	back_mdb.so
++# moduleload	back_hdb.so
++# moduleload	back_bbd.so
++# moduleload	back_ldap.so
+ 
+ # Sample security restrictions
+ #	Require integrity protection (prevent hijacking)
+@@ -53,13 +56,16 @@
+ maxsize		1073741824
+ suffix		"dc=my-domain,dc=com"
+ rootdn		"cn=Manager,dc=my-domain,dc=com"
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+ # Use of strong authentication encouraged.
+ rootpw		secret
++
+ # The database directory MUST exist prior to running slapd AND 
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-directory	%LOCALSTATEDIR%/openldap-data
++directory	/var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ index	objectClass	eq
+--- a/servers/slapd/slapd.ldif
++++ b/servers/slapd/slapd.ldif
+@@ -9,8 +9,9 @@
+ #
+ # Define global ACLs to disable default read access.
+ #
+-olcArgsFile: %LOCALSTATEDIR%/run/slapd.args
+-olcPidFile: %LOCALSTATEDIR%/run/slapd.pid
++# If you change this, set pidfile variable in /etc/conf.d/slapd!
++olcPidFile: /run/openldap/slapd.pid
++olcArgsFile: /run/openldap/slapd.args
+ #
+ # Do not enable referrals until AFTER you have a working directory
+ # service AND an understanding of referrals.
+@@ -26,22 +27,23 @@
+ #
+ # Load dynamic backend modules:
+ #
+-#dn: cn=module,cn=config
+-#objectClass: olcModuleList
+-#cn: module
+-#olcModulepath:	%MODULEDIR%
+-#olcModuleload:	back_bdb.la
+-#olcModuleload:	back_hdb.la
+-#olcModuleload:	back_ldap.la
+-#olcModuleload:	back_passwd.la
+-#olcModuleload:	back_shell.la
++dn: cn=module,cn=config
++objectClass: olcModuleList
++cn: module
++olcModulepath:	/usr/lib/openldap
++#olcModuleload:	back_bdb.so
++#olcModuleload:	back_hdb.so
++#olcModuleload:	back_ldap.so
++olcModuleload:	back_mdb.so
++#olcModuleload:	back_passwd.so
++#olcModuleload:	back_shell.so
+ 
+ 
+ dn: cn=schema,cn=config
+ objectClass: olcSchemaConfig
+ cn: schema
+ 
+-include: file://%SYSCONFDIR%/schema/core.ldif
++include: file:///etc/openldap/schema/core.ldif
+ 
+ # Frontend settings
+ #
+@@ -83,13 +85,16 @@
+ olcDatabase: mdb
+ olcSuffix: dc=my-domain,dc=com
+ olcRootDN: cn=Manager,dc=my-domain,dc=com
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoided.  See slappasswd(8) and slapd-config(5) for details.
+ # Use of strong authentication encouraged.
+ olcRootPW: secret
++
+ # The database directory MUST exist prior to running slapd AND 
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-olcDbDirectory:	%LOCALSTATEDIR%/openldap-data
++olcDbDirectory:	/var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ olcDbIndex: objectClass eq