SOURCES: openldap-config.patch - sane defaults
baggins
baggins at pld-linux.org
Sat Nov 3 02:02:26 CET 2007
Author: baggins Date: Sat Nov 3 01:02:26 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- sane defaults
---- Files affected:
SOURCES:
openldap-config.patch (1.21 -> 1.22)
---- Diffs:
================================================================
Index: SOURCES/openldap-config.patch
diff -u SOURCES/openldap-config.patch:1.21 SOURCES/openldap-config.patch:1.22
--- SOURCES/openldap-config.patch:1.21 Wed Oct 31 21:04:05 2007
+++ SOURCES/openldap-config.patch Sat Nov 3 02:02:21 2007
@@ -1,18 +1,18 @@
--- openldap-2.2.6/servers/slapd/slapd.conf 2004-02-28 15:42:39.692604592 +0100
+++ openldap-2.3.24/servers/slapd/slapd.conf 2006-07-18 14:25:02.356103035 +0300
-@@ -2,22 +2,57 @@
+@@ -2,22 +2,61 @@
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
-include %SYSCONFDIR%/schema/core.schema
+include /usr/share/openldap/schema/core.schema
-+#include /usr/share/openldap/schema/cosine.schema
-+#include /usr/share/openldap/schema/inetorgperson.schema
-+#include /usr/share/openldap/schema/java.schema
-+#include /usr/share/openldap/schema/misc.schema
-+#include /usr/share/openldap/schema/nis.schema
-+#include /usr/share/openldap/schema/corba.schema
-+#include /usr/share/openldap/schema/openldap.schema
++include /usr/share/openldap/schema/cosine.schema
++include /usr/share/openldap/schema/inetorgperson.schema
++include /usr/share/openldap/schema/nis.schema
++include /usr/share/openldap/schema/misc.schema
++#include /usr/share/openldap/schema/java.schema
++#include /usr/share/openldap/schema/corba.schema
++#include /usr/share/openldap/schema/openldap.schema
+include %SYSCONFDIR%/schema/local.schema
# Define global ACLs to disable default read access.
@@ -59,35 +59,48 @@
+# moduleload translucent.la
+# moduleload unique.la
+# moduleload valsort.la
-
++
++# TLSCACertificateFile /usr/share/ssl/ca-bundle.crt
++# TLSCertificateFile /etc/openldap/slapd.pem
++# TLSCertificateKeyFile /etc/openldap/slapd.key
+
# Sample security restrictions
# Require integrity protection (prevent hijacking)
-@@ -54,14 +85,23 @@
-+# A NULL database configuration follows. It is enough to run slapd, but it does
-+# nothing. You need to install one of the backends and configure a real database
+@@ -54,19 +85,30 @@
+ # rootdn can always read and write EVERYTHING!
+
+ #######################################################################
+-# BDB database definitions
++# BDB or HDB database definitions
+ #######################################################################
-database bdb
-+database null
++database hdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
-rootpw secret
-+#rootpw secret
++# rootpw secret
++# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory %LOCALSTATEDIR%/openldap-data
# Indices to maintain
- index objectClass eq
+-index objectClass eq
++index objectClass eq,pres
++index ou,cn,mail,surname,givenname eq,pres,sub
++index uidNumber,gidNumber,loginShell eq,pres
++index uid,memberUid eq,pres,sub
++index nisMapName,nisMapEntry eq,pres,sub
+
-+#database bdb
-+#suffix "dc=my-domain,dc=com"
-+#rootdn "cn=Manager,dc=my-domain,dc=com"
-+##rootpw secret
-+#directory %LOCALSTATEDIR%/openldap-data
-+#index objectClass eq
++# Replicas of this database
++#replogfile %LOCALSTATEDIR%/openldap-data/openldap-master-replog
++#replica host=ldap-1.example.com:389 starttls=critical
++# bindmethod=sasl saslmech=GSSAPI
++# authcId=host/ldap-master.example.com at EXAMPLE.COM
--- openldap-2.2.6/build/top.mk.orig 2004-01-01 19:16:25.000000000 +0100
+++ openldap-2.2.6/build/top.mk 2004-02-28 15:43:38.579652400 +0100
@@ -37,7 +37,7 @@
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/openldap-config.patch?r1=1.21&r2=1.22&f=u
More information about the pld-cvs-commit
mailing list