[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: question about password policy



Hi!

I use attached spec for building openldap2.3 on RHEL3.
For compatibility with dependent software I compile openldap2.0 too.
You can remove this code from SPEC.

On Wed, May 03, 2006 at 04:49:43PM -0500, Israel Garcia wrote:
> Quanah, thanks again.. I've just downloaded Symas CDS silver.. but, i
> could not find this Mandrive RPM's from Buchan Milne... I dont know if
> you remenber I use redhat, not mandriva linux... do you know some
> openldap 2.3 rpm for redhat?
> well, I am testing Symas CDS now.. i'll comment you all about the results..
> 
> thanks again
> Israel
> 
> On 5/3/06, Quanah Gibson-Mount <quanah@stanford.edu> wrote:
> >
> >
> >--On Wednesday, May 03, 2006 7:11 AM -0500 Israel Garcia
> ><igalvarez@gmail.com> wrote:
> >
> >> Quanah, thanks foryour help.. I am running the same the version redhat
> >> ships in redhat enterprise linux 4, I think is openldap-2.2, i dont
> >> believe it is a beta version.. my problem is that i need some policy
> >> of strong password (slapo-ppolicy)  that this version redhat ships in
> >> RHEL4 does not have. That's why I am looking for another ldap server
> >> (on unix).
> >>
> >> what do you recommend me? compile openldap 2.3.21 (stable version)??
> >
> >You have 3 options:
> >
> >1) Build it yourself
> >2) Use the Mandrive RPM's from Buchan Milne
> >3) Use Symas CDS Silver, which may or may not have ppolicy in it, or
> >purchase Symas CDS gold.
> >
> >Please keep responses to the list.
> >
> >--Quanah
> >
> >--
> >Quanah Gibson-Mount
> >Principal Software Developer
> >ITS/Shared Application Services
> >Stanford University
> >GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
> >
> 
> 
> --
> Regards;
> Israel Garcia

-- 
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.203 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com
# $Id: oilspace-openldap.spec,v 1.24 2005/11/18 16:49:03 dkirhlarov Exp $
%define version_23 2.3.11

%define db_version_40 4.0.14
%define ldbm_backend berkeley
%define version_20 2.0.27
%define nptl_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 x86_64

Summary: The configuration files, libraries, and documentation for OpenLDAP.
Name: openldap
Version: %{version_23}
Release: ols5
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
Source1: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_20}.tgz
Source3: ftp://ftp.OpenLDAP.org/pub/tools/autoconf-2.13.1.tar.gz
Source4: ftp://ftp.OpenLDAP.org/pub/tools/automake-1.4a.tar.gz
Source6: http://www.sleepycat.com/update/snapshot/db-%{db_version_40}.tar.gz
Source7: ldap.init
Source9: migration-tools.txt
Source10: autofs.schema
Source11: README.upgrading
Source12: http://www.OpenLDAP.org/doc/admin/guide.html
Source13: nptl-abi-note.S
Source14: README.evolution

Patch0: openldap-2.0.16-config.patch
Patch1: openldap-2.0.12-redhat.patch
Patch2: openldap-1.2.11-cldap.patch
Patch3: openldap-2.0.3-syslog.patch
Patch6: openldap-2.0.23-sendbuf.patch
Patch7: openldap-2.0.11-ldaprc.patch
Patch8: openldap-2.0.11-debug.patch
Patch9: openldap-2.0.11-libtool.patch
Patch10: openldap-2.0.11-linkage.patch

Patch26: openldap-2.0.27-susesec.patch
Patch27: openldap-2.0.27-messages-references.patch
Patch28: openldap-2.0.27-openssl-0.9.7.patch
Patch29: openldap-2.0.27-hostnamecheck.patch
Patch30: openldap-2.0.27-64.patch

Patch12: db-4.0.14-disable-mutex.patch
Patch13: db-4.0.14-libobjs.patch

URL: http://www.openldap.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildPreReq: cyrus-sasl-devel >= 2.1.21, gdbm-devel, libtool, krb5-devel
BuildPreReq: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers
BuildPreReq: unixODBC-devel
Requires: cyrus-sasl >= 2.1.21, cyrus-sasl-md5 >= 2.1.21, mktemp

%description
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. The openldap package contains configuration files,
libraries, and documentation for OpenLDAP.

%package devel
Summary: OpenLDAP development libraries and header files.
Group: Development/Libraries
Requires: openldap = %{version}-%{release}, cyrus-sasl-devel >= 2.1
Provides: openldap-evolution-devel = %{version}-%{release}

%description devel
The openldap-devel package includes the development libraries and
header files needed for compiling applications that use LDAP
(Lightweight Directory Access Protocol) internals. LDAP is a set of
protocols for enabling directory services over the Internet. Install
this package only if you plan to develop or will need to compile
customized LDAP clients.

%package servers
Summary: OpenLDAP servers and related files.
Prereq: fileutils, make, openldap = %{version}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig
Group: System Environment/Daemons

%description servers
OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. This package contains the slapd and slurpd servers,
migration scripts, and related files.

%package servers-sql
Summary: OpenLDAP server SQL support module.
Prereq: openldap-servers = %{version}-%{release}
Group: System Environment/Daemons

%description servers-sql
OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. This package contains a loadable module which the
slapd server can use to read data from an RDBMS.

%package clients
Summary: Client programs for OpenLDAP.
Prereq: openldap = %{version}-%{release}
Group: Applications/Internet

%description clients
OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. The openldap-clients package contains the client
programs needed for accessing and modifying OpenLDAP directories.

%prep
### START NEW ENTRY
# %setup -q -c -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 8
%setup -q -c -a1 -a3 -a4 -a6
### END NEW ENTRY

pushd db-%{db_version_40}
%patch12 -p1 -b .disable-mutex
%patch13 -p1 -b .libobj
cd dist
./s_config
popd

pushd openldap-%{version_20}
	for subdir in build-gdbm build-berkeley build-krb5 build-clients ; do
		mkdir $subdir
		ln -s ../configure $subdir
	done
%patch0 -p1 -b .config
%patch1 -p1 -b .redhat
%patch2 -p1 -b .cldap
%patch3 -p1 -b .syslog
%patch6 -p1 -b .sendbuf
%patch7 -p1 -b .ldaprc
%patch8 -p1 -b .debug
%patch9 -p1 -b .libtool
%patch10 -p1 -b .linkage
%patch26 -p0 -b .susesec
%patch27 -p1 -b .messages-references
%patch28 -p1 -b .openssl-0.9.7
%patch29 -p1 -b .hostnamecheck
%patch30 -p1 -b .64
popd

### START NEW ENTRY
pushd openldap-%{version_23}
	for subdir in build-servers build-clients ; do
		mkdir $subdir
		ln -s ../configure $subdir
	done
popd
### END NEW ENTRY

autodir=`pwd`/auto-instroot
pushd autoconf-2.13.1
./configure --prefix=$autodir
make all install
popd
pushd automake-1.4a
./configure --prefix=$autodir
make all install
popd

%build

autodir=`pwd`/auto-instroot
dbdir=`pwd`/db-instroot
dbdir40=`pwd`/db-instroot-4.0
libtool='%{_bindir}/libtool'
tagname=CC; export tagname

PATH=${autodir}/bin:${PATH}

# Set CFLAGS to incorporate RPM_OPT_FLAGS.
CFLAGS="$RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS

# Find OpenSSL's header and library dependencies.
if pkg-config openssl ; then
	OPENSSL_CPPFLAGS=`pkg-config --cflags-only-I openssl`
	CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS
	OPENSSL_LDFLAGS=`pkg-config --libs-only-L openssl`
	LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS
fi
CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS
CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS

build23() {
%configure \
	--with-cyrus-sasl --enable-shared \
	--with-tls --enable-wrappers \
	--enable-local --enable-rlookups --enable-passwd \
	--enable-crypt \
	--enable-cleartext \
	--enable-spasswd \
	--with-threads=posix \
	--disable-sql \
	\
	--libexecdir=%{_sbindir} \
	$@
make %{_smp_mflags} # LIBTOOL="$libtool"
}

### 23
pushd openldap-%{version_23}/build-servers
LIBS=-lpthread; export LIBS
build23 \
	--datadir=/var/lib/ldap \
	--enable-slapd \
	--enable-slurpd \
	--enable-aci \
	--enable-bdb \
	--enable-hdb \
	--enable-ldap \
	--enable-meta \
	--enable-monitor --enable-null \
	--enable-relay --enable-shell \
	--enable-overlays --enable-accesslog \
	--enable-denyop --enable-denygroup \
	--enable-lastmod --enable-glue \
	--enable-proxycache --enable-syncprov \
	--enable-unique

unset LIBS
popd

### 23
pushd openldap-%{version_23}/build-clients
build23 \
	--disable-slapd \
	--disable-slurpd \
	--without-kerberos \
	--with-cyrus-sasl \
	--with-pic
popd

%ifarch ia64
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
%endif
if pkg-config openssl ; then
	OPENSSL_CPPFLAGS=`pkg-config --cflags openssl`
	CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS
	OPENSSL_LDFLAGS=`pkg-config --libs-only-L openssl`
	LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS
fi
CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
# Set CFLAGS to incorporate RPM_OPT_FLAGS.
CFLAGS="$RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS

# Set CPPFLAGS/CFLAGS/LDFLAGS to find our just-built DB 4.0.
TARGET_PLATFORM=%{_target_platform}
%define _target_platform --target=${TARGET_PLATFORM}
build() {
cat << _EOF | sed -e 's,--host=[^ ]*,,g' -e 's,--build=[^ ]*,,g' -e 's,--target=[^ ]*,,g' -e 's,%{_target_platform},,g' > run-build
%configure \
	--with-slapd --with-slurpd --without-ldapd \
	--with-threads=posix --enable-static \
	\
	--enable-local --enable-cldap --disable-rlookups \
	\
	--with-tls \
	--with-cyrus-sasl \
	\
	--enable-wrappers \
	\
	--enable-passwd \
	--enable-shell \
	--enable-cleartext \
	--enable-crypt \
	--enable-spasswd \
	--enable-modules \
	--disable-sql \
	\
	--libexecdir=%{_sbindir} \
	--localstatedir=/%{_var}/run \
	$@ \$@
_EOF
sh -x ./run-build %{_target_platform}
make depend %{_smp_mflags}
make %{_smp_mflags}
}
# Build the servers with Kerberos support and whichever backend we want.  Even
# enable the bdb backend, which doesn't exist yet.
CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS
LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS
# Build clients without Kerberos password-checking support, which is only
# useful in the server anyway.
unset LIBS
pushd openldap-%{version_20}/build-clients
build --disable-ldbm --enable-shared --without-kerberos
popd


%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
libtool='%{_bindir}/libtool'
tagname=CC; export tagname

makeinstall() {
%makeinstall \
	datadir=%{_datadir}/openldap \
	libexecdir=$RPM_BUILD_ROOT%{_sbindir} \
	localstatedir=/%{_var}/run \
	sysconfdir=$RPM_BUILD_ROOT%{_sysconfdir}/openldap $@
}

# Install clients and libraries.
pushd openldap-%{version_20}/build-clients
makeinstall -C libraries libdir=$RPM_BUILD_ROOT%{_libdir}
popd

pushd openldap-%{version_23}/build-servers
 	make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir}
popd

# Create the data directory.
mkdir -p $RPM_BUILD_ROOT/var/lib/ldap

# Hack the build root out of the default config files.
# perl -pi -e "s|$RPM_BUILD_ROOT||g" %{_sysconfdir}/openldap/*.conf

# Get the buildroot out of the man pages.
# perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT/%{_mandir}/*/*.*

# Install an init script for the servers.
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d

install -m 755 $RPM_SOURCE_DIR/ldap.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ldap

# Tweak permissions on the libraries to make sure they're correct.
chmod 755 $RPM_BUILD_ROOT/%{_libdir}/lib*.so*
chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a

# Remove files which we don't want packaged.
#rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
#rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.a
#rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.so

%clean 
rm -rf $RPM_BUILD_ROOT

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%pre servers
# Take care to only do ownership-changing if we're adding the user.
if /usr/sbin/useradd -c "LDAP User" -u 55 \
	-s /bin/false -r -d /var/lib/ldap ldap 2> /dev/null ; then
	if [ -d /var/lib/ldap ] ; then
		for dbfile in /var/lib/ldap/* ; do
			if [ -f $dbfile ] ; then
				chown ldap:ldap $dbfile
			fi
		done
	fi
fi

%post servers
/sbin/ldconfig
/sbin/chkconfig --add ldap

%preun servers
if [ "$1" = "0" ] ; then
	/sbin/service ldap stop > /dev/null 2>&1 || :
	/sbin/chkconfig --del ldap
fi

%postun servers
/sbin/ldconfig
if [ $1 -ge 1 ] ; then
	/sbin/service ldap condrestart > /dev/null 2>&1 || :
fi

%files
%defattr(-,root,root)
%attr(0755,root,root) %dir /etc/openldap
%attr(0644,root,root) %config(noreplace) /etc/openldap/ldap*.conf*
%attr(0644,root,root) %{_libdir}/lib*.so*
%attr(0644,root,root) %{_mandir}/man5/*

%files servers
%defattr(-,root,root)
%doc openldap-%{version_23}/ANNOUNCEMENT
%doc openldap-%{version_23}/CHANGES
%doc openldap-%{version_23}/COPYRIGHT
%doc openldap-%{version_23}/LICENSE
%doc openldap-%{version_23}/README
%attr(0755,root,root) %config /etc/rc.d/init.d/ldap
%attr(0640,root,ldap) %config(noreplace) /etc/openldap/slapd.conf*
%attr(0755,root,root) %dir /etc/openldap/schema
%attr(0644,root,root) %dir /etc/openldap/schema/README*
%attr(0644,root,root) %config(noreplace) /etc/openldap/schema/*.schema*
%attr(0644,root,root) %config(noreplace) /etc/openldap/schema/*.ldif*
%attr(0644,root,root) %config(noreplace) /etc/openldap/DB_CONFIG.example
%attr(0644,root,root) %config(noreplace) /var/openldap-data/DB_CONFIG.example
%attr(0755,root,root) %{_sbindir}/*
%attr(0644,root,root) %{_mandir}/man8/*
%attr(0700,ldap,ldap) %dir /var/lib/ldap
%attr(0644,root,root) %{_libdir}/lib*a

%files clients
%defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/*
%attr(0644,root,root) %{_mandir}/man1/*

%files devel
%defattr(-,root,root)
%doc openldap-%{version_23}/doc/drafts openldap-%{version_23}/doc/rfc
%attr(0644,root,root) %{_libdir}/lib*
%attr(0644,root,root) %{_includedir}/*
%attr(0644,root,root) %{_mandir}/man3/*

%changelog
* Fri Nov 18 2005 Kirhlarov Dmitriy <dimma@oilspace.com> 2.3.11-ols5
 - update version

* Thu Sep 15 2005 Kirhlarov Dmitriy <dimma@oilspace.com> 2.3.7-ols5
 - add correct Recured

* Wed Sep 14 2005 Kirhlarov Dmitriy <dimma@oilspace.com> 2.3.7-ols4
 - remove lib*so* from server

* Wed Sep 14 2005 Kirhlarov Dmitriy <dimma@oilspace.com> 2.3.7-ols3
 - add ldapadd and ldapmodify

* Thu Sep  8 2005 Kirhlarov Dmitriy <dimma@oilspace.com> 2.3.7-ols2
 - 2.3.7 release with 2.0.27 libs for compatibility

* Wed Aug 31 2005 Kirhlarov Dmitriy <dimma@oilspace.com> 2.3.6-ols1
 - new release

* Tue Jul 19 2005 Kirhlarov Dmitriy <dimma@oilspace.com> 2.3.4-ols1
 - created spec-file and added to cvs