summaryrefslogtreecommitdiff
path: root/testing/openldap
diff options
context:
space:
mode:
authorroot <root@rshg054.dnsready.net>2011-12-15 23:15:01 +0000
committerroot <root@rshg054.dnsready.net>2011-12-15 23:15:01 +0000
commitac25f0b5aaf7aff394a8df695be995ec8463e264 (patch)
tree040d788c6c53b1f114363d01336bafa980a942ee /testing/openldap
parentf96b67a7733c348213a216ba6472d43614b44f04 (diff)
Thu Dec 15 23:15:01 UTC 2011
Diffstat (limited to 'testing/openldap')
-rw-r--r--testing/openldap/PKGBUILD96
-rw-r--r--testing/openldap/ntlm.patch230
-rw-r--r--testing/openldap/openldap.install20
-rwxr-xr-xtesting/openldap/slapd49
-rw-r--r--testing/openldap/slapd.default6
5 files changed, 401 insertions, 0 deletions
diff --git a/testing/openldap/PKGBUILD b/testing/openldap/PKGBUILD
new file mode 100644
index 000000000..8a06572b5
--- /dev/null
+++ b/testing/openldap/PKGBUILD
@@ -0,0 +1,96 @@
+# $Id: PKGBUILD 145019 2011-12-14 23:01:42Z eric $
+# Maintainer:
+
+pkgbase=openldap
+pkgname=('libldap' 'openldap')
+pkgver=2.4.28
+pkgrel=1
+arch=('i686' 'x86_64')
+url="http://www.openldap.org/"
+license=('custom')
+makedepends=('libfetch' 'libltdl' 'libsasl' 'e2fsprogs' 'util-linux')
+source=(ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/${pkgbase}-${pkgver}.tgz
+ slapd slapd.default ntlm.patch)
+sha1sums=('d888beae1723002a5a2ff5509d3040df40885774'
+ 'bd1ea19256d3d467f1f803e0f4046ef50f17628f'
+ 'd89b8a533045123f1ab46c9c430cf132d58a20a4'
+ 'e4afd9f1c810ef4c4cd8fe1101dfe5887f2b7eef')
+
+build() {
+ cd "${srcdir}"/${pkgbase}-${pkgver}
+ patch -Np1 -i "${srcdir}"/ntlm.patch
+ sed -i 's|-m 644 $(LIBRARY)|-m 755 $(LIBRARY)|' libraries/{liblber,libldap,libldap_r}/Makefile.in
+ sed -i 's|#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"|#define LDAPI_SOCK LDAP_DIRSEP "run" LDAP_DIRSEP "openldap" LDAP_DIRSEP "ldapi"|' include/ldap_defaults.h
+ sed -i 's|%LOCALSTATEDIR%/run|/run/openldap|' servers/slapd/slapd.conf
+ sed -i 's|-$(MKDIR) $(DESTDIR)$(localstatedir)/run|-$(MKDIR) $(DESTDIR)/run/openldap|' servers/slapd/Makefile.in
+
+ LDFLAGS="$LDFLAGS -L\"${pkgdir}\"/libldap/usr/lib"
+ ./configure --prefix=/usr --mandir=/usr/share/man --libexecdir=/usr/lib \
+ --sysconfdir=/etc --localstatedir=/var/lib/openldap \
+ --enable-ipv6 --enable-syslog --enable-local \
+ --enable-bdb --enable-hdb \
+ --enable-crypt --enable-dynamic \
+ --with-threads --disable-wrappers \
+ --enable-spasswd --with-cyrus-sasl \
+ --enable-overlays=mod --enable-modules=yes
+ make
+}
+
+check() {
+ cd "${srcdir}"/${pkgbase}-${pkgver}
+ make test
+}
+
+package_libldap() {
+ pkgdesc="Lightweight Directory Access Protocol (LDAP) client libraries"
+ depends=('libsasl' 'libfetch' 'e2fsprogs')
+ backup=('etc/openldap/ldap.conf')
+ options=('!libtool')
+
+ cd "${srcdir}"/${pkgbase}-${pkgver}
+ for dir in include libraries doc/man/man3 ; do
+ pushd ${dir}
+ make DESTDIR="${pkgdir}" install
+ popd
+ done
+ install -Dm644 doc/man/man5/ldap.conf.5.tmp "${pkgdir}"/usr/share/man/man5/ldap.conf.5
+
+# get rid of duplicate default conf files
+ rm "${pkgdir}"/etc/openldap/*.default
+
+ ln -sf liblber.so "${pkgdir}"/usr/lib/liblber.so.2
+ ln -sf libldap.so "${pkgdir}"/usr/lib/libldap.so.2
+
+ install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
+}
+
+package_openldap() {
+ pkgdesc="Lightweight Directory Access Protocol (LDAP) client and server"
+ depends=("libldap>=${pkgver}" 'libltdl' 'util-linux')
+ backup=('etc/openldap/slapd.conf' 'etc/conf.d/slapd')
+ options=('!libtool' 'emptydirs')
+ install=openldap.install
+
+ cd "${srcdir}"/${pkgbase}-${pkgver}
+ for dir in clients servers doc/man/man{1,5,8} ; do
+ pushd ${dir}
+ make DESTDIR="${pkgdir}" install
+ popd
+ done
+ rm "${pkgdir}"/usr/share/man/man5/ldap.conf.5
+ rm -r "${pkgdir}"/run
+
+# get rid of duplicate default conf files
+ rm "${pkgdir}"/etc/openldap/*.default
+
+ ln -s ../lib/slapd "${pkgdir}"/usr/sbin/slapd
+
+ chown root:439 "${pkgdir}"/etc/openldap/{slapd.conf,DB_CONFIG.example}
+ chmod 640 "${pkgdir}"/etc/openldap/{slapd.conf,DB_CONFIG.example}
+
+ install -dm700 -o 439 -g 439 "${pkgdir}"/var/lib/openldap
+ install -dm700 -o 439 -g 439 "${pkgdir}"/etc/openldap/slapd.d
+ install -Dm755 "${srcdir}"/slapd "${pkgdir}"/etc/rc.d/slapd
+ install -Dm644 "${srcdir}"/slapd.default "${pkgdir}"/etc/conf.d/slapd
+ install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE
+}
diff --git a/testing/openldap/ntlm.patch b/testing/openldap/ntlm.patch
new file mode 100644
index 000000000..6804b610d
--- /dev/null
+++ b/testing/openldap/ntlm.patch
@@ -0,0 +1,230 @@
+Patch from evolution-exchange (2.10.3). The ldap_ntlm_bind function is
+actually called by evolution-data-server, checked at version 1.12.2.
+Without this patch, the Exchange addressbook integration uses simple binds
+with cleartext passwords.
+
+Russ checked with openldap-software for upstream's opinion on this patch
+on 2007-12-21. Upstream had never received it as a patch submission and
+given that it's apparently only for older Exchange servers that can't do
+SASL and DIGEST-MD5, it's not very appealing.
+
+Bug#457374 filed against evolution-data-server asking if this support is
+still required on 2007-12-21.
+
+Index: trunk/include/ldap.h
+===================================================================
+--- trunk.orig/include/ldap.h
++++ trunk/include/ldap.h
+@@ -2461,5 +2461,25 @@
+ LDAPControl **ctrls,
+ LDAPDerefRes **drp ));
+
++/*
++ * hacks for NTLM
++ */
++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
++LDAP_F( int )
++ldap_ntlm_bind LDAP_P((
++ LDAP *ld,
++ LDAP_CONST char *dn,
++ ber_tag_t tag,
++ struct berval *cred,
++ LDAPControl **sctrls,
++ LDAPControl **cctrls,
++ int *msgidp ));
++LDAP_F( int )
++ldap_parse_ntlm_bind_result LDAP_P((
++ LDAP *ld,
++ LDAPMessage *res,
++ struct berval *challenge));
++
+ LDAP_END_DECL
+ #endif /* _LDAP_H */
+Index: trunk/libraries/libldap/ntlm.c
+===================================================================
+--- /dev/null
++++ trunk/libraries/libldap/ntlm.c
+@@ -0,0 +1,138 @@
++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
++/*
++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
++ */
++
++/* Mostly copied from sasl.c */
++
++#include "portable.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++
++#include <ac/socket.h>
++#include <ac/string.h>
++#include <ac/time.h>
++#include <ac/errno.h>
++
++#include "ldap-int.h"
++
++int
++ldap_ntlm_bind(
++ LDAP *ld,
++ LDAP_CONST char *dn,
++ ber_tag_t tag,
++ struct berval *cred,
++ LDAPControl **sctrls,
++ LDAPControl **cctrls,
++ int *msgidp )
++{
++ BerElement *ber;
++ int rc;
++ ber_int_t id;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( msgidp != NULL );
++
++ if( msgidp == NULL ) {
++ ld->ld_errno = LDAP_PARAM_ERROR;
++ return ld->ld_errno;
++ }
++
++ /* create a message to send */
++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
++ ld->ld_errno = LDAP_NO_MEMORY;
++ return ld->ld_errno;
++ }
++
++ assert( LBER_VALID( ber ) );
++
++ LDAP_NEXT_MSGID( ld, id );
++ rc = ber_printf( ber, "{it{istON}" /*}*/,
++ id, LDAP_REQ_BIND,
++ ld->ld_version, dn, tag,
++ cred );
++
++ /* Put Server Controls */
++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
++ ber_free( ber, 1 );
++ return ld->ld_errno;
++ }
++
++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
++ ld->ld_errno = LDAP_ENCODING_ERROR;
++ ber_free( ber, 1 );
++ return ld->ld_errno;
++ }
++
++ /* send the message */
++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
++
++ if(*msgidp < 0)
++ return ld->ld_errno;
++
++ return LDAP_SUCCESS;
++}
++
++int
++ldap_parse_ntlm_bind_result(
++ LDAP *ld,
++ LDAPMessage *res,
++ struct berval *challenge)
++{
++ ber_int_t errcode;
++ ber_tag_t tag;
++ BerElement *ber;
++ ber_len_t len;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( res != NULL );
++
++ if ( ld == NULL || res == NULL ) {
++ return LDAP_PARAM_ERROR;
++ }
++
++ if( res->lm_msgtype != LDAP_RES_BIND ) {
++ ld->ld_errno = LDAP_PARAM_ERROR;
++ return ld->ld_errno;
++ }
++
++ if ( ld->ld_error ) {
++ LDAP_FREE( ld->ld_error );
++ ld->ld_error = NULL;
++ }
++ if ( ld->ld_matched ) {
++ LDAP_FREE( ld->ld_matched );
++ ld->ld_matched = NULL;
++ }
++
++ /* parse results */
++
++ ber = ber_dup( res->lm_ber );
++
++ if( ber == NULL ) {
++ ld->ld_errno = LDAP_NO_MEMORY;
++ return ld->ld_errno;
++ }
++
++ tag = ber_scanf( ber, "{ioa" /*}*/,
++ &errcode, challenge, &ld->ld_error );
++ ber_free( ber, 0 );
++
++ if( tag == LBER_ERROR ) {
++ ld->ld_errno = LDAP_DECODING_ERROR;
++ return ld->ld_errno;
++ }
++
++ ld->ld_errno = errcode;
++
++ return( ld->ld_errno );
++}
++
+Index: trunk/libraries/libldap/Makefile.in
+===================================================================
+--- trunk.orig/libraries/libldap/Makefile.in
++++ trunk/libraries/libldap/Makefile.in
+@@ -27,7 +27,7 @@
+ init.c options.c print.c string.c util-int.c schema.c \
+ charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+ tls2.c tls_o.c tls_g.c tls_m.c \
+- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \
+ assertion.c deref.c ldif.c fetch.c
+
+ OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
+@@ -40,7 +40,7 @@
+ init.lo options.lo print.lo string.lo util-int.lo schema.lo \
+ charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+ tls2.lo tls_o.lo tls_g.lo tls_m.lo \
+- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \
+ assertion.lo deref.lo ldif.lo fetch.lo
+
+ LDAP_INCDIR= ../../include
+Index: trunk/libraries/libldap_r/Makefile.in
+===================================================================
+--- trunk.orig/libraries/libldap_r/Makefile.in
++++ trunk/libraries/libldap_r/Makefile.in
+@@ -29,7 +29,7 @@
+ init.c options.c print.c string.c util-int.c schema.c \
+ charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+ tls2.c tls_o.c tls_g.c tls_m.c \
+- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \
+ assertion.c deref.c ldif.c fetch.c
+ SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \
+ thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \
+@@ -47,7 +47,7 @@
+ init.lo options.lo print.lo string.lo util-int.lo schema.lo \
+ charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+ tls2.lo tls_o.lo tls_g.lo tls_m.lo \
+- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \
+ assertion.lo deref.lo ldif.lo fetch.lo
+
+ LDAP_INCDIR= ../../include
diff --git a/testing/openldap/openldap.install b/testing/openldap/openldap.install
new file mode 100644
index 000000000..cf3cb9f25
--- /dev/null
+++ b/testing/openldap/openldap.install
@@ -0,0 +1,20 @@
+post_install(){
+ groupadd -g 439 ldap &>/dev/null
+ useradd -u 439 -g ldap -d /var/lib/openldap -s /bin/false ldap &>/dev/null
+ chown -R ldap:ldap var/lib/openldap &>/dev/null
+}
+
+post_upgrade(){
+ getent group ldap >/dev/null 2>&1 || groupadd -g 439 ldap &>/dev/null
+ getent passwd ldap >/dev/null 2>&1 || useradd -u 439 -g ldap -d /var/lib/openldap -s /bin/false ldap &>/dev/null
+ chown -R ldap:ldap var/lib/openldap &>/dev/null
+}
+
+post_remove(){
+ if getent passwd ldap >/dev/null 2>&1; then
+ userdel ldap
+ fi
+ if getent group ldap >/dev/null 2>&1; then
+ groupdel ldap
+ fi
+}
diff --git a/testing/openldap/slapd b/testing/openldap/slapd
new file mode 100755
index 000000000..4f212da66
--- /dev/null
+++ b/testing/openldap/slapd
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+[ -f "/etc/conf.d/slapd" ] && . /etc/conf.d/slapd
+
+PID=`pidof -o %PPID /usr/sbin/slapd`
+case "$1" in
+ start)
+ stat_busy "Starting OpenLDAP"
+ [ ! -d /run/openldap ] && install -d -m755 -o ldap -g ldap /run/openldap
+ if [ -z "$PID" ]; then
+ if [ -z "$SLAPD_SERVICES" ]; then
+ /usr/sbin/slapd -u ldap -g ldap $SLAPD_OPTIONS
+ else
+ /usr/sbin/slapd -u ldap -g ldap -h "$SLAPD_SERVICES" $SLAPD_OPTIONS
+ fi
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ fi
+ add_daemon slapd
+ else
+ stat_fail
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping OpenLDAP"
+ [ ! -z "$PID" ] && kill $PID &> /dev/null
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ rm -f /run/openldap/slapd.pid
+ rm -f /run/openldap/slapd.args
+ rm_daemon slapd
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 3
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
+esac
+exit 0
diff --git a/testing/openldap/slapd.default b/testing/openldap/slapd.default
new file mode 100644
index 000000000..72ae2a6a7
--- /dev/null
+++ b/testing/openldap/slapd.default
@@ -0,0 +1,6 @@
+# slapd normally serves ldap only on all TCP-ports 389. slapd can also
+# service requests on TCP-port 636 (ldaps) and requests via unix
+# sockets.
+# Example usage:
+#SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
+SLAPD_OPTIONS=""