Index: trunk/server/doc/install-howto.sh =================================================================== --- trunk/server/doc/install-howto.sh (revision 1293) +++ trunk/server/doc/install-howto.sh (revision 1294) @@ -86,8 +86,4 @@ service named start chkconfig named on - -# XXX: This sometimes doesn't exist, but it really sucks if it -# does exist. So check for it. -# yum remove nss_ldap, because nss-ldapd conflicts with it # In the case of the Kerberos libraries, you'll be told that Index: trunk/server/fedora/Makefile =================================================================== --- trunk/server/fedora/Makefile (revision 1293) +++ trunk/server/fedora/Makefile (revision 1294) @@ -21,5 +21,5 @@ upstream_yum = krb5 httpd openssh php upstream = openafs $(upstream_yum) -oursrc = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i586 whoisd mit-zephyr nss-ldapd nss-ldapd.i586 athrun php_scripts scripts-base +oursrc = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i586 whoisd mit-zephyr athrun php_scripts scripts-base allsrc = $(upstream) $(oursrc) oursrcdir = ${PWD}/../common/oursrc @@ -39,5 +39,4 @@ server_arch = "fedora.stable" openafs_url = "http://dl.openafs.org/dl/openafs/1.4.11/openafs-1.4.11-1.1.1.src.rpm" -nss_ldapd_url = "http://download.opensuse.org/repositories/network:/ldap/openSUSE_Factory/src/nss-ldapd-0.6.10-6.5.src.rpm" .PHONY: minimal-clean @@ -64,5 +63,4 @@ #wget -qO- -nv $(server_url)/$(server_arch) | xargs make cd $(dload) && yumdownloader --source $(upstream_yum) - wget -P $(dload) $(nss_ldapd_url) wget -P $(dload) $(openafs_url) touch download_stamp Index: trunk/server/fedora/config/etc/nss-ldapd.conf =================================================================== --- trunk/server/fedora/config/etc/nss-ldapd.conf (revision 1293) +++ trunk/server/fedora/config/etc/nss-ldapd.conf (revision 1294) @@ -6,5 +6,5 @@ # The uri pointing to the LDAP server to use for name lookups. -# Mulitple entries may be specified. The address that is used +# Multiple entries may be specified. The address that is used # here should be resolvable without using LDAP (obviously). #uri ldap://127.0.0.1/ @@ -12,5 +12,5 @@ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator -uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/ +# uri ldap://127.0.0.1/ # The LDAP version to use (defaults to 3 @@ -19,12 +19,13 @@ # The distinguished name of the search base. -base dc=scripts,dc=mit,dc=edu +# base dc=example,dc=com # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. -#binddn cn=proxyuser,dc=padl,dc=com +#binddn cn=proxyuser,dc=example,dc=com # The credentials to bind with. # Optional: default is no credentials. +# Note that if you set a bindpw you should check the permissions of this file. #bindpw secret @@ -35,40 +36,25 @@ # Customize certain database lookups. -base group ou=Groups,dc=scripts,dc=mit,dc=edu -base passwd ou=People,dc=scripts,dc=mit,dc=edu -#base shadow ou=People,dc=example,dc=net +#base group ou=Groups,dc=example,dc=com +#base passwd ou=People,dc=example,dc=com +#base shadow ou=People,dc=example,dc=com #scope group onelevel #scope hosts sub # Bind/connect timelimit. -bind_timelimit 120 +#bind_timelimit 30 # Search timelimit. -timelimit 120 +#timelimit 30 # Idle timelimit. nslcd will close connections if the # server has not been contacted for the number of seconds. -idle_timelimit 3600 +#idle_timelimit 3600 -# Netscape SDK LDAPS -#ssl on - -# Netscape SDK SSL options -#sslpath /etc/ssl/certs - -# OpenLDAP SSL mechanism -# start_tls mechanism uses the normal LDAP port, LDAPS typically 636 +# Use StartTLS without verifying the server certificate. #ssl start_tls -#ssl on - -# OpenLDAP SSL options -# Require and verify server certificate (yes/no) -# Default is to use libldap's default behavior, which can be configured in -# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for -# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". -#tls_checkpeer yes +#tls_reqcert never # CA certificates for server certificate verification -# At least one of these are required if tls_checkpeer is "yes" #tls_cacertdir /etc/ssl/certs #tls_cacertfile /etc/ssl/ca.cert @@ -137,2 +123,12 @@ #map group uniqueMember member #map group gidNumber gid +uid nslcd +gid ldap +# This comment prevents repeated auto-migration of settings from /etc/ldap.conf. +uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/ +base dc=scripts,dc=mit,dc=edu +timelimit 120 +bind_timelimit 120 +idle_timelimit 3600 +base group ou=Groups,dc=scripts,dc=mit,dc=edu +base passwd ou=People,dc=scripts,dc=mit,dc=edu Index: trunk/server/fedora/specs/nss-ldapd.spec.patch =================================================================== --- trunk/server/fedora/specs/nss-ldapd.spec.patch (revision 1293) +++ (revision ) @@ -1,78 +1,0 @@ ---- nss-ldapd.spec.orig 2009-07-30 20:31:54.000000000 -0400 -+++ nss-ldapd.spec 2009-08-05 00:42:53.000000000 -0400 -@@ -19,20 +19,20 @@ - - - Name: nss-ldapd --BuildRequires: db-devel krb5-devel openldap2-devel -+BuildRequires: db4-devel krb5-devel openldap-devel autoconf automake libtool - License: LGPL v2.1 or later - Group: Productivity/Networking/LDAP/Clients - AutoReqProv: on - PreReq: /bin/chmod - Conflicts: nss_ldap - Version: 0.6.10 --Release: 6.5 -+Release: 6.5.scripts.%{scriptsversion} - Summary: NSS module and daemon for using LDAP as a naming service - Url: http://arthurdejong.org/nss-ldapd/ - Source: nss-ldapd-%{version}.tar.bz2 --Source1: rc.nslcd - Source100: nss-ldapd-0.6.8-rpmlintrc - Patch0: nslcd-passwd-offbyone.dif -+Patch1000: rc.nslcd.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-build - - %description -@@ -53,8 +53,8 @@ - - %prep - %setup -q --cp -v %{S:1} . --%patch -p1 -+%patch0 -p1 -+%patch1000 -p0 -b .rc - - %build - %{?suse_update_config:%{suse_update_config -f}} -@@ -71,7 +71,6 @@ - mkdir -p $RPM_BUILD_ROOT/etc/init.d/ - mkdir -p $RPM_BUILD_ROOT/usr/sbin/ - install -m 755 rc.nslcd $RPM_BUILD_ROOT/etc/init.d/nslcd --ln -sf ../../etc/init.d/nslcd $RPM_BUILD_ROOT/usr/sbin/rcnslcd - make DESTDIR=$RPM_BUILD_ROOT install - mkdir -p $RPM_BUILD_ROOT/var/run/nslcd - install -m 644 man/nss-ldapd.conf.5 $RPM_BUILD_ROOT/usr/share/man/man5 -@@ -87,13 +86,8 @@ - /bin/chmod 640 /etc/nss-ldapd.conf - fi - --%preun --%stop_on_removal nslcd -- - %postun - /sbin/ldconfig --%restart_on_update nslcd --%insserv_cleanup - - %files - %defattr(-,root,root) -@@ -103,7 +97,6 @@ - %doc %{_mandir}/man8/* - %config(noreplace) %attr(640,root,root) /etc/nss-ldapd.conf - %config /etc/init.d/nslcd --/usr/sbin/rcnslcd - %dir /var/run/nslcd - /usr/sbin/nslcd - -@@ -151,6 +144,10 @@ - - Adjust config file permissions upon update, to fix world-readable - /etc/nss-ldapd.conf as created by older versions - (bnc#487737, CVE-2009-1073) -+* Wed Dec 31 2008 - 0.6.4-3.0 -+- add init script for Fedora -+* Wed Dec 31 2008 - 0.6.4-2.4 -+- port from openSUSE to Fedora - * Fri Aug 15 2008 rhafer@suse.de - - Fixed "Required-Stop" Tag to include the same services as - "Required-Start"