+++ /dev/null
-From ceaad5c741c95c78d924cb6b179daa6c6b60bf91 Mon Sep 17 00:00:00 2001
-From: babak sarashki <babak.sarashki@windriver.com>
-Date: Wed, 4 Dec 2019 08:07:24 -0800
-Subject: [PATCH] stx openldap config files
-
----
- stx-openldap-config/LICENSE | 202 ++++++++++++++++++++++++
- stx-openldap-config/initial_config.ldif | 80 ++++++++++
- stx-openldap-config/initscript | 100 ++++++++++++
- stx-openldap-config/slapd.conf | 117 ++++++++++++++
- stx-openldap-config/slapd.service | 23 +++
- stx-openldap-config/slapd.sysconfig | 15 ++
- 6 files changed, 537 insertions(+)
- create mode 100644 stx-openldap-config/LICENSE
- create mode 100644 stx-openldap-config/initial_config.ldif
- create mode 100755 stx-openldap-config/initscript
- create mode 100644 stx-openldap-config/slapd.conf
- create mode 100644 stx-openldap-config/slapd.service
- create mode 100644 stx-openldap-config/slapd.sysconfig
-
-diff --git a/stx-openldap-config/LICENSE b/stx-openldap-config/LICENSE
-new file mode 100644
-index 000000000..d64569567
---- /dev/null
-+++ b/stx-openldap-config/LICENSE
-@@ -0,0 +1,202 @@
-+
-+ Apache License
-+ Version 2.0, January 2004
-+ http://www.apache.org/licenses/
-+
-+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-+
-+ 1. Definitions.
-+
-+ "License" shall mean the terms and conditions for use, reproduction,
-+ and distribution as defined by Sections 1 through 9 of this document.
-+
-+ "Licensor" shall mean the copyright owner or entity authorized by
-+ the copyright owner that is granting the License.
-+
-+ "Legal Entity" shall mean the union of the acting entity and all
-+ other entities that control, are controlled by, or are under common
-+ control with that entity. For the purposes of this definition,
-+ "control" means (i) the power, direct or indirect, to cause the
-+ direction or management of such entity, whether by contract or
-+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
-+ outstanding shares, or (iii) beneficial ownership of such entity.
-+
-+ "You" (or "Your") shall mean an individual or Legal Entity
-+ exercising permissions granted by this License.
-+
-+ "Source" form shall mean the preferred form for making modifications,
-+ including but not limited to software source code, documentation
-+ source, and configuration files.
-+
-+ "Object" form shall mean any form resulting from mechanical
-+ transformation or translation of a Source form, including but
-+ not limited to compiled object code, generated documentation,
-+ and conversions to other media types.
-+
-+ "Work" shall mean the work of authorship, whether in Source or
-+ Object form, made available under the License, as indicated by a
-+ copyright notice that is included in or attached to the work
-+ (an example is provided in the Appendix below).
-+
-+ "Derivative Works" shall mean any work, whether in Source or Object
-+ form, that is based on (or derived from) the Work and for which the
-+ editorial revisions, annotations, elaborations, or other modifications
-+ represent, as a whole, an original work of authorship. For the purposes
-+ of this License, Derivative Works shall not include works that remain
-+ separable from, or merely link (or bind by name) to the interfaces of,
-+ the Work and Derivative Works thereof.
-+
-+ "Contribution" shall mean any work of authorship, including
-+ the original version of the Work and any modifications or additions
-+ to that Work or Derivative Works thereof, that is intentionally
-+ submitted to Licensor for inclusion in the Work by the copyright owner
-+ or by an individual or Legal Entity authorized to submit on behalf of
-+ the copyright owner. For the purposes of this definition, "submitted"
-+ means any form of electronic, verbal, or written communication sent
-+ to the Licensor or its representatives, including but not limited to
-+ communication on electronic mailing lists, source code control systems,
-+ and issue tracking systems that are managed by, or on behalf of, the
-+ Licensor for the purpose of discussing and improving the Work, but
-+ excluding communication that is conspicuously marked or otherwise
-+ designated in writing by the copyright owner as "Not a Contribution."
-+
-+ "Contributor" shall mean Licensor and any individual or Legal Entity
-+ on behalf of whom a Contribution has been received by Licensor and
-+ subsequently incorporated within the Work.
-+
-+ 2. Grant of Copyright License. Subject to the terms and conditions of
-+ this License, each Contributor hereby grants to You a perpetual,
-+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-+ copyright license to reproduce, prepare Derivative Works of,
-+ publicly display, publicly perform, sublicense, and distribute the
-+ Work and such Derivative Works in Source or Object form.
-+
-+ 3. Grant of Patent License. Subject to the terms and conditions of
-+ this License, each Contributor hereby grants to You a perpetual,
-+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-+ (except as stated in this section) patent license to make, have made,
-+ use, offer to sell, sell, import, and otherwise transfer the Work,
-+ where such license applies only to those patent claims licensable
-+ by such Contributor that are necessarily infringed by their
-+ Contribution(s) alone or by combination of their Contribution(s)
-+ with the Work to which such Contribution(s) was submitted. If You
-+ institute patent litigation against any entity (including a
-+ cross-claim or counterclaim in a lawsuit) alleging that the Work
-+ or a Contribution incorporated within the Work constitutes direct
-+ or contributory patent infringement, then any patent licenses
-+ granted to You under this License for that Work shall terminate
-+ as of the date such litigation is filed.
-+
-+ 4. Redistribution. You may reproduce and distribute copies of the
-+ Work or Derivative Works thereof in any medium, with or without
-+ modifications, and in Source or Object form, provided that You
-+ meet the following conditions:
-+
-+ (a) You must give any other recipients of the Work or
-+ Derivative Works a copy of this License; and
-+
-+ (b) You must cause any modified files to carry prominent notices
-+ stating that You changed the files; and
-+
-+ (c) You must retain, in the Source form of any Derivative Works
-+ that You distribute, all copyright, patent, trademark, and
-+ attribution notices from the Source form of the Work,
-+ excluding those notices that do not pertain to any part of
-+ the Derivative Works; and
-+
-+ (d) If the Work includes a "NOTICE" text file as part of its
-+ distribution, then any Derivative Works that You distribute must
-+ include a readable copy of the attribution notices contained
-+ within such NOTICE file, excluding those notices that do not
-+ pertain to any part of the Derivative Works, in at least one
-+ of the following places: within a NOTICE text file distributed
-+ as part of the Derivative Works; within the Source form or
-+ documentation, if provided along with the Derivative Works; or,
-+ within a display generated by the Derivative Works, if and
-+ wherever such third-party notices normally appear. The contents
-+ of the NOTICE file are for informational purposes only and
-+ do not modify the License. You may add Your own attribution
-+ notices within Derivative Works that You distribute, alongside
-+ or as an addendum to the NOTICE text from the Work, provided
-+ that such additional attribution notices cannot be construed
-+ as modifying the License.
-+
-+ You may add Your own copyright statement to Your modifications and
-+ may provide additional or different license terms and conditions
-+ for use, reproduction, or distribution of Your modifications, or
-+ for any such Derivative Works as a whole, provided Your use,
-+ reproduction, and distribution of the Work otherwise complies with
-+ the conditions stated in this License.
-+
-+ 5. Submission of Contributions. Unless You explicitly state otherwise,
-+ any Contribution intentionally submitted for inclusion in the Work
-+ by You to the Licensor shall be under the terms and conditions of
-+ this License, without any additional terms or conditions.
-+ Notwithstanding the above, nothing herein shall supersede or modify
-+ the terms of any separate license agreement you may have executed
-+ with Licensor regarding such Contributions.
-+
-+ 6. Trademarks. This License does not grant permission to use the trade
-+ names, trademarks, service marks, or product names of the Licensor,
-+ except as required for reasonable and customary use in describing the
-+ origin of the Work and reproducing the content of the NOTICE file.
-+
-+ 7. Disclaimer of Warranty. Unless required by applicable law or
-+ agreed to in writing, Licensor provides the Work (and each
-+ Contributor provides its Contributions) on an "AS IS" BASIS,
-+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-+ implied, including, without limitation, any warranties or conditions
-+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-+ PARTICULAR PURPOSE. You are solely responsible for determining the
-+ appropriateness of using or redistributing the Work and assume any
-+ risks associated with Your exercise of permissions under this License.
-+
-+ 8. Limitation of Liability. In no event and under no legal theory,
-+ whether in tort (including negligence), contract, or otherwise,
-+ unless required by applicable law (such as deliberate and grossly
-+ negligent acts) or agreed to in writing, shall any Contributor be
-+ liable to You for damages, including any direct, indirect, special,
-+ incidental, or consequential damages of any character arising as a
-+ result of this License or out of the use or inability to use the
-+ Work (including but not limited to damages for loss of goodwill,
-+ work stoppage, computer failure or malfunction, or any and all
-+ other commercial damages or losses), even if such Contributor
-+ has been advised of the possibility of such damages.
-+
-+ 9. Accepting Warranty or Additional Liability. While redistributing
-+ the Work or Derivative Works thereof, You may choose to offer,
-+ and charge a fee for, acceptance of support, warranty, indemnity,
-+ or other liability obligations and/or rights consistent with this
-+ License. However, in accepting such obligations, You may act only
-+ on Your own behalf and on Your sole responsibility, not on behalf
-+ of any other Contributor, and only if You agree to indemnify,
-+ defend, and hold each Contributor harmless for any liability
-+ incurred by, or claims asserted against, such Contributor by reason
-+ of your accepting any such warranty or additional liability.
-+
-+ END OF TERMS AND CONDITIONS
-+
-+ APPENDIX: How to apply the Apache License to your work.
-+
-+ To apply the Apache License to your work, attach the following
-+ boilerplate notice, with the fields enclosed by brackets "[]"
-+ replaced with your own identifying information. (Don't include
-+ the brackets!) The text should be enclosed in the appropriate
-+ comment syntax for the file format. We also recommend that a
-+ file or class name and description of purpose be included on the
-+ same "printed page" as the copyright notice for easier
-+ identification within third-party archives.
-+
-+ Copyright [yyyy] [name of copyright owner]
-+
-+ Licensed under the Apache License, Version 2.0 (the "License");
-+ you may not use this file except in compliance with the License.
-+ You may obtain a copy of the License at
-+
-+ http://www.apache.org/licenses/LICENSE-2.0
-+
-+ Unless required by applicable law or agreed to in writing, software
-+ distributed under the License is distributed on an "AS IS" BASIS,
-+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ See the License for the specific language governing permissions and
-+ limitations under the License.
-diff --git a/stx-openldap-config/initial_config.ldif b/stx-openldap-config/initial_config.ldif
-new file mode 100644
-index 000000000..672e364b5
---- /dev/null
-+++ b/stx-openldap-config/initial_config.ldif
-@@ -0,0 +1,80 @@
-+#ldapadd -D "cn=ldapadmin,dc=cgcs,dc=local" -W -f /etc/openldap/initial_config.ldif
-+#ldapsearch -x -b 'dc=cgcs,dc=local' '(objectclass=*)'
-+dn: dc=cgcs,dc=local
-+dc: cgcs
-+objectClass: top
-+objectClass: domain
-+
-+dn: ou=policies,dc=cgcs,dc=local
-+ou: policies
-+objectClass: top
-+objectClass: organizationalUnit
-+
-+dn: ou=People,dc=cgcs,dc=local
-+ou: People
-+objectClass: top
-+objectClass: organizationalUnit
-+
-+dn: ou=Group,dc=cgcs,dc=local
-+ou: Group
-+objectClass: top
-+objectClass: organizationalUnit
-+
-+dn: ou=SUDOers,dc=cgcs,dc=local
-+objectClass: top
-+objectClass: organizationalUnit
-+ou: SUDOers
-+
-+dn: cn=users,ou=Group,dc=cgcs,dc=local
-+objectClass: posixGroup
-+objectClass: top
-+cn: users
-+userPassword: {crypt}x
-+gidNumber: 100
-+
-+dn: cn=cgcs,ou=Group,dc=cgcs,dc=local
-+objectClass: posixGroup
-+objectClass: top
-+cn: cgcs
-+userPassword: {crypt}x
-+gidNumber: 1000
-+
-+dn: cn=default,ou=policies,dc=cgcs,dc=local
-+objectClass: top
-+objectClass: device
-+objectClass: pwdPolicy
-+objectClass: pwdPolicyChecker
-+cn: default
-+pwdAttribute: userPassword
-+pwdMaxAge: 0
-+pwdExpireWarning: 432000
-+pwdInHistory: 2
-+pwdCheckModule: check_password.so
-+pwdCheckQuality: 1
-+pwdMinLength: 7
-+pwdMaxFailure: 5
-+pwdLockout: TRUE
-+pwdLockoutDuration: 300
-+pwdFailureCountInterval: 0
-+pwdMustChange: TRUE
-+pwdAllowUserChange: TRUE
-+pwdSafeModify: FALSE
-+pwdGraceAuthNLimit: 0
-+
-+dn: cn=defaults,ou=SUDOers,dc=cgcs,dc=local
-+objectClass: top
-+objectClass: sudoRole
-+cn: defaults
-+description: Default sudoOption's go here
-+sudoOrder: 1
-+
-+dn: cn=admin,ou=SUDOers,dc=cgcs,dc=local
-+objectClass: top
-+objectClass: sudoRole
-+cn: admin
-+sudoUser: admin
-+sudoHost: ALL
-+sudoRunAsUser: ALL
-+sudoCommand: ALL
-+sudoOrder: 2
-+sudoOption: secure_path=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
-diff --git a/stx-openldap-config/initscript b/stx-openldap-config/initscript
-new file mode 100755
-index 000000000..d3208dd9a
---- /dev/null
-+++ b/stx-openldap-config/initscript
-@@ -0,0 +1,100 @@
-+#! /bin/sh
-+#
-+# This is an init script for openembedded
-+# Copy it to /etc/init.d/openldap and type
-+# > update-rc.d openldap defaults 60
-+#
-+. /etc/init.d/functions
-+
-+################################################################################
-+# Wait for a process to stop running.
-+#
-+################################################################################
-+function wait_for_proc_stop()
-+{
-+ PROGNAME=$1
-+ TIMEOUT=${2:-"5"}
-+
-+ for I in $(seq 1 $TIMEOUT); do
-+ PID=$(pidof $PROGNAME 2> /dev/null)
-+ if [ $? -ne 0 ]; then
-+ ## already dead
-+ return 0
-+ fi
-+ sleep 1
-+ done
-+
-+ return 1
-+}
-+
-+slapd=/usr/sbin/slapd
-+test -x "$slapd" || exit 0
-+
-+RETVAL=0
-+
-+case "$1" in
-+ start)
-+ echo -n "Starting SLAPD: "
-+ if [ -f /etc/openldap/schema/cn=config.ldif ]; then
-+ start-stop-daemon --start --oknodo --quiet --exec $slapd \
-+ -- -F /etc/openldap/schema/
-+ RETVAL=$?
-+ else
-+ start-stop-daemon --start --oknodo --quiet --exec $slapd
-+ RETVAL=$?
-+ fi
-+ if [ $RETVAL -ne 0 ]; then
-+ echo "Failed to start SLAPD."
-+ exit $RETVAL
-+ fi
-+
-+ # we need to start nscd service as part of this openldap
-+ # init.d script since SM manages this as a service and both
-+ # daemons should be running on a controller host
-+ systemctl status nscd.service
-+ if [ $? -ne 0 ]; then
-+ echo -n "Starting NSCD: "
-+ systemctl start nscd.service
-+ RETVAL=$?
-+ if [ $RETVAL -ne 0 ]; then
-+ echo "Failed to start NSCD."
-+ exit $RETVAL
-+ fi
-+ fi
-+
-+ echo "."
-+ ;;
-+ stop)
-+ echo -n "Stopping NSCD: "
-+ systemctl stop nscd.service
-+ rm -f /var/run/nscd/nscd.pid
-+
-+ echo -n "Stopping SLAPD: "
-+ start-stop-daemon --retry 60 --stop --oknodo --quiet --pidfile /var/run/slapd.pid
-+ RETVAL=$?
-+ wait_for_proc_stop $slapd 10
-+ WRETVAL=$?
-+ while [ $WRETVAL -eq 1 ]; do
-+ killproc $slapd
-+ wait_for_proc_stop $slapd 10
-+ WRETVAL=$?
-+ done
-+ rm -f /var/run/slapd.pid
-+ echo "."
-+ ;;
-+ status)
-+ status $slapd
-+ [ $? -eq 0 ] || exit $?
-+ systemctl status nscd.service
-+ [ $? -eq 0 ] || exit $?
-+ ;;
-+ restart)
-+ $0 stop
-+ $0 start
-+ ;;
-+ *)
-+ echo "Usage: /etc/init.d/openldap {start|stop|status|restart}"
-+ exit 1
-+esac
-+
-+exit $RETVAL
-diff --git a/stx-openldap-config/slapd.conf b/stx-openldap-config/slapd.conf
-new file mode 100644
-index 000000000..3b6fcc545
---- /dev/null
-+++ b/stx-openldap-config/slapd.conf
-@@ -0,0 +1,117 @@
-+#
-+# See slapd.conf(5) for details on configuration options.
-+# This file should NOT be world readable.
-+#
-+include /etc/openldap/schema/core.schema
-+include /etc/openldap/schema/cosine.schema
-+include /etc/openldap/schema/inetorgperson.schema
-+include /etc/openldap/schema/nis.schema
-+include /etc/openldap/schema/ppolicy.schema
-+include /etc/openldap/schema/sudo.schema
-+
-+# Define global ACLs to disable default read access.
-+
-+# Do not enable referrals until AFTER you have a working directory
-+# service AND an understanding of referrals.
-+#referral ldap://root.openldap.org
-+
-+pidfile /var/run/slapd.pid
-+argsfile /var/run/slapd.args
-+
-+# uniquely identifies this server
-+serverID 001
-+
-+# Load dynamic backend modules:
-+modulepath /usr/libexec/openldap
-+moduleload back_mdb.la
-+moduleload ppolicy.la
-+moduleload syncprov.la
-+
-+# Sample security restrictions
-+# Require integrity protection (prevent hijacking)
-+# Require 112-bit (3DES or better) encryption for updates
-+# Require 63-bit encryption for simple bind
-+# security ssf=1 update_ssf=112 simple_bind=64
-+
-+# Sample access control policy:
-+# Root DSE: allow anyone to read it
-+# Subschema (sub)entry DSE: allow anyone to read it
-+# Other DSEs:
-+# Allow self write access
-+# Allow authenticated users read access
-+# Allow anonymous users to authenticate
-+# Directives needed to implement policy:
-+#access to dn.base="" by * read
-+#access to dn.base="cn=Subschema" by * read
-+#access to *
-+# by self write
-+# by anonymous auth
-+# by * read
-+#
-+# if no access controls are present, the default policy
-+# allows anyone and everyone to read anything but restricts
-+# updates to rootdn. (e.g., "access to * by * read")
-+#
-+# rootdn can always read and write EVERYTHING!
-+
-+#######################################################################
-+# BDB database definitions
-+#######################################################################
-+
-+database mdb
-+suffix "dc=cgcs,dc=local"
-+rootdn "cn=ldapadmin,dc=cgcs,dc=local"
-+# Cleartext passwords, especially for the rootdn, should
-+# be avoid. See slappasswd(8) and slapd.conf(5) for details.
-+# Use of strong authentication encouraged.
-+rootpw _LDAPADMIN_PW_
-+# The database directory MUST exist prior to running slapd AND
-+# should only be accessible by the slapd and slap tools.
-+# Mode 700 recommended.
-+directory /var/lib/openldap-data
-+# Maximum size
-+maxsize 1073741824
-+# Indices to maintain
-+index cn eq
-+index objectClass eq
-+index uid eq,pres,sub
-+index uidNumber eq
-+index gidNumber eq
-+index memberUid eq
-+index sudoUser eq,sub
-+
-+access to *
-+ by self write
-+ by * read
-+
-+loglevel none
-+
-+overlay ppolicy
-+ppolicy_default "cn=default,ou=policies,dc=cgcs,dc=local"
-+ppolicy_use_lockout
-+
-+# NOTE:
-+# syncrepl directives for each of the other masters
-+syncrepl rid=000
-+ provider=ldap://controller-1
-+ type=refreshAndPersist
-+ retry="5 5 300 +"
-+ searchbase="dc=cgcs,dc=local"
-+ attrs="*,+"
-+ bindmethod=simple
-+ binddn="cn=ldapadmin,dc=cgcs,dc=local"
-+ credentials=_LDAPADMIN_PW_
-+
-+# syncprov specific indexing (add others as required)
-+index entryCSN eq
-+index entryUUID eq
-+# ...
-+# # mirror mode essential to allow writes
-+# # and must appear after all syncrepl directives
-+mirrormode TRUE
-+#
-+# # define the provider to use the syncprov overlay
-+# # (last directives in database section)
-+overlay syncprov
-+# # contextCSN saved to database every 100 updates or ten minutes
-+syncprov-checkpoint 1 1
-diff --git a/stx-openldap-config/slapd.service b/stx-openldap-config/slapd.service
-new file mode 100644
-index 000000000..24b39380a
---- /dev/null
-+++ b/stx-openldap-config/slapd.service
-@@ -0,0 +1,23 @@
-+[Unit]
-+Description=OpenLDAP Server Daemon
-+Before=rsyncd.service
-+After=network.target syslog-ng.target
-+Documentation=man:slapd
-+Documentation=man:slapd-config
-+Documentation=man:slapd-hdb
-+Documentation=man:slapd-mdb
-+Documentation=file:///usr/share/doc/openldap-servers/guide.html
-+
-+[Service]
-+Type=forking
-+PIDFile=/var/run/slapd.pid
-+Environment="SLAPD_URLS=ldap:/// ldapi:///" "SLAPD_OPTIONS="
-+EnvironmentFile=/etc/sysconfig/slapd
-+ExecStartPre=/usr/libexec/openldap/check-config.sh
-+ExecStart=/etc/init.d/openldap start
-+ExecStop=/etc/init.d/openldap stop
-+ExecReload=/etc/init.d/openldap restart
-+RemainAfterExit=yes
-+
-+[Install]
-+WantedBy=multi-user.target
-diff --git a/stx-openldap-config/slapd.sysconfig b/stx-openldap-config/slapd.sysconfig
-new file mode 100644
-index 000000000..573486da4
---- /dev/null
-+++ b/stx-openldap-config/slapd.sysconfig
-@@ -0,0 +1,15 @@
-+# OpenLDAP server configuration
-+# see 'man slapd' for additional information
-+
-+# Where the server will run (-h option)
-+# - ldapi:/// is required for on-the-fly configuration using client tools
-+# (use SASL with EXTERNAL mechanism for authentication)
-+# - default: ldapi:/// ldap:///
-+# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:///
-+SLAPD_URLS="ldapi:/// ldap:///"
-+
-+# Any custom options
-+SLAPD_OPTIONS=""
-+
-+# Keytab location for GSSAPI Kerberos authentication
-+#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"
---
-2.17.1
-
Code Review / pti / rtp.git / blobdiff