/[smeserver]/rpms/e-smith-base+ldap/sme7/e-smith-base+ldap-4.19.1-ldap.patch
ViewVC logotype

Annotation of /rpms/e-smith-base+ldap/sme7/e-smith-base+ldap-4.19.1-ldap.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Tue Oct 7 19:21:54 2008 UTC (16 years, 1 month ago) by slords
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
New streams

1 slords 1.1 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/createlinks mezzanine_patched_e-smith-base+ldap-4.19.1/createlinks
2     --- e-smith-base+ldap-4.19.1/createlinks 2008-03-31 11:22:32.000000000 -0600
3     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/createlinks 2008-03-31 10:01:35.000000000 -0600
4     @@ -206,6 +206,9 @@
5     /etc/pam.d/system-auth
6     /etc/pam.d/passwd
7     /etc/pam.d/pwauth
8     + /etc/ldap.conf
9     + /etc/ldap.secret
10     + /etc/cpu.conf
11     /etc/security/pam_abl.conf
12     ))
13     {
14     @@ -274,6 +277,7 @@
15     panel_link("remoteaccess", $panel);
16     panel_link("review", $panel);
17     panel_link("useraccounts", $panel);
18     +panel_link("directory", $panel);
19    
20     #--------------------------------------------------
21     # actions for console-save event
22     @@ -301,7 +305,6 @@
23     templates2events("/etc/smartd.conf", $event);
24     templates2events("/home/e-smith/ssl.pem/pem", $event);
25     event_link("rmmod-bonding", $event, "10");
26     -event_link("user-lock-passwd", $event, "15");
27     event_link("set-hostname", $event, "10");
28     event_link("conf-modules", $event, "30");
29     event_link("conf-startup", $event, "60");
30     @@ -375,6 +378,7 @@
31    
32     event_link("rotate_timestamped_logfiles", $event, "05");
33     event_link("init-accounts", $event, "05");
34     +#event_link("ldap-init-accounts", $event, "07");
35     event_link("init-passwords", $event, "10");
36     event_link("conf-startup", $event, "10");
37     event_link("conf-modules", $event, "30");
38     @@ -388,11 +392,8 @@
39    
40     event_link("rotate_timestamped_logfiles", $event, "05");
41     event_link("init-accounts", $event, "05");
42     +#event_link("ldap-init-accounts", $event, "07");
43     event_link("conf-startup", $event, "10");
44     -event_link("user-lock-passwd", $event, "15");
45     -event_link("group-modify-unix", $event, "15");
46     -event_link("user-modify-unix", $event, "15");
47     -event_link("update-passwd", $event, "20");
48     event_link("count-active-user-accounts", $event, "25");
49     event_link("conf-modules", $event, "30");
50     event_link("create-mnt-floppy", $event, "50");
51     @@ -567,3 +568,33 @@
52    
53     safe_symlink("run.dhclient", "root/var/service/wan/run.DHCPHostname");
54     safe_symlink("run.dhclient", "root/var/service/wan/run.DHCPEthernetAddress");
55     +
56     +foreach (qw(ldap.conf slapd.conf))
57     +{
58     +templates2events("/etc/openldap/$_",
59     + qw(
60     + bootstrap-console-save
61     + console-save
62     + ));
63     +}
64     +
65     +templates2events("/home/e-smith/db/ldap/ldif", "bootstrap-console-save");
66     +
67     +event_link("ldap-update", "group-create", "25");
68     +event_link("ldap-delete", "group-delete", "25");
69     +event_link("ldap-update", "user-create", "25");
70     +event_link("ldap-delete", "user-delete", "25");
71     +
72     +event_link("ldap-update", "user-modify", "25");
73     +event_link("ldap-update", "group-modify", "25");
74     +
75     +event_link("ldap-update", "ldap-update", "80");
76     +templates2events("/etc/rc.d/init.d/masq", "ldap-update");
77     +templates2events("/etc/hosts.allow", "ldap-update");
78     +safe_symlink("restart", "root/etc/e-smith/events/ldap-update/services2adjust/ldap");
79     +safe_symlink("adjust", "root/etc/e-smith/events/ldap-update/services2adjust/masq");
80     +safe_symlink("sigusr1", "root/etc/e-smith/events/ldap-update/services2adjust/httpd-e-smith");
81     +
82     +event_link("ldap-delete-dumps", "pre-restore", "25");
83     +
84     +exit 0;
85     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/access mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/access
86     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/access 1969-12-31 17:00:00.000000000 -0700
87     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/access 2006-07-05 13:29:58.000000000 -0600
88     @@ -0,0 +1 @@
89     +private
90     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCity mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCity
91     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCity 1969-12-31 17:00:00.000000000 -0700
92     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCity 2006-07-05 13:29:58.000000000 -0600
93     @@ -0,0 +1 @@
94     +Ottawa
95     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCompany mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCompany
96     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCompany 1969-12-31 17:00:00.000000000 -0700
97     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCompany 2006-07-05 13:29:58.000000000 -0600
98     @@ -0,0 +1 @@
99     +XYZ Corporation
100     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultDepartment mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultDepartment
101     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultDepartment 1969-12-31 17:00:00.000000000 -0700
102     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultDepartment 2006-07-05 13:29:58.000000000 -0600
103     @@ -0,0 +1 @@
104     +Main
105     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultPhoneNumber mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultPhoneNumber
106     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultPhoneNumber 1969-12-31 17:00:00.000000000 -0700
107     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultPhoneNumber 2006-07-05 13:29:58.000000000 -0600
108     @@ -0,0 +1 @@
109     +555-5555
110     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultStreet mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultStreet
111     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultStreet 1969-12-31 17:00:00.000000000 -0700
112     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultStreet 2006-07-05 13:29:58.000000000 -0600
113     @@ -0,0 +1 @@
114     +123 Main Street
115     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/status mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/status
116     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/status 1969-12-31 17:00:00.000000000 -0700
117     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/status 2006-07-05 13:29:58.000000000 -0600
118     @@ -0,0 +1 @@
119     +enabled
120     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/TCPPort mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/TCPPort
121     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/TCPPort 1969-12-31 17:00:00.000000000 -0700
122     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/TCPPort 2006-07-05 13:29:58.000000000 -0600
123     @@ -0,0 +1 @@
124     +389
125     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/type mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/type
126     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/type 1969-12-31 17:00:00.000000000 -0700
127     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/type 2006-07-05 13:29:58.000000000 -0600
128     @@ -0,0 +1 @@
129     +service
130     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/migrate/ldap/GenPassword mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/migrate/ldap/GenPassword
131     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/migrate/ldap/GenPassword 1969-12-31 17:00:00.000000000 -0700
132     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/migrate/ldap/GenPassword 2006-07-05 13:29:57.000000000 -0600
133     @@ -0,0 +1,3 @@
134     +{
135     + -f "/etc/openldap/ldap.pw" || esmith::util::genLdapPassword();
136     +}
137     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/gentle-ldap-dump mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/gentle-ldap-dump
138     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/gentle-ldap-dump 1969-12-31 17:00:00.000000000 -0700
139     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/gentle-ldap-dump 2006-07-05 13:29:58.000000000 -0600
140     @@ -0,0 +1,56 @@
141     +#!/usr/bin/perl -w
142     +
143     +#----------------------------------------------------------------------
144     +# copyright (C) 2002 Mitel Networks Corporation
145     +#
146     +# This program is free software; you can redistribute it and/or modify
147     +# it under the terms of the GNU General Public License as published by
148     +# the Free Software Foundation; either version 2 of the License, or
149     +# (at your option) any later version.
150     +#
151     +# This program is distributed in the hope that it will be useful,
152     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
153     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
154     +# GNU General Public License for more details.
155     +#
156     +# You should have received a copy of the GNU General Public License
157     +# along with this program; if not, write to the Free Software
158     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
159     +#
160     +# Technical support for this program is available from Mitel Networks
161     +# Please visit our web site www.mitel.com/sme/ for details.
162     +#----------------------------------------------------------------------
163     +
164     +package esmith;
165     +
166     +use strict;
167     +use Errno;
168     +use esmith::ConfigDB;
169     +use esmith::util;
170     +
171     +my $c = esmith::ConfigDB->open_ro;
172     +my $domain = $c->get('DomainName')
173     + || die("Couldn't determine domain name");
174     +$domain = $domain->value;
175     +
176     +# First try to run slapcat, which may fail if slapd is running
177     +exit 0 unless
178     + system("/usr/sbin/slapcat", "-l", "/home/e-smith/db/ldap/$domain.ldif");
179     +
180     +# and failing that, restart ldap, which will generate a dump file
181     +# in the process
182     +
183     +my $l = $c->get('ldap');
184     +my $status = $l->prop('status') || "disabled";
185     +die "Couldn't run slapcat, and ldap is disabled. Won't restart." .
186     + "No LDIF dump produced\n"
187     + unless ($status eq "enabled" );
188     +esmith::util::serviceControl
189     + (
190     + NAME => 'ldap',
191     + ACTION => 'restart',
192     + BACKGROUND => 'false',
193     + ) ||
194     + die "Couldn't restart ldap";
195     +
196     +exit (0);
197     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-create-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-create-unix
198     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-create-unix 2005-11-20 21:28:05.000000000 -0700
199     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-create-unix 2008-03-31 09:15:45.000000000 -0600
200     @@ -69,7 +69,8 @@
201     # Create the user's unique group first
202    
203     system(
204     - "/usr/sbin/groupadd",
205     + "/usr/sbin/cpu",
206     + "groupadd",
207     "-g", $gid,
208     $groupName
209     ) == 0 or die "Failed to create group $groupName.\n";
210     @@ -77,7 +78,8 @@
211     # Now create the dummy user account
212    
213     system(
214     - "/usr/sbin/useradd",
215     + "/usr/sbin/cpu",
216     + "useradd",
217     "-u", $uid,
218     "-g", $gid,
219     "-c", $description,
220     @@ -126,8 +128,8 @@
221    
222     $groups = join (',', sort (@groupList));
223    
224     - system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
225     - or die "Failed to modify supplementary group list for $member.\n";
226     + system("/usr/sbin/cpu", "usermod", "-G", "$groups", "$member") == 0
227     + or die "Failed to modify supplementary group list for $member.\n";
228     }
229    
230     exit (0);
231     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-delete-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-delete-unix
232     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-delete-unix 2005-11-20 21:28:05.000000000 -0700
233     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-delete-unix 2008-03-31 09:16:14.000000000 -0600
234     @@ -29,10 +29,7 @@
235     my $event = $ARGV [0];
236     my $groupName = $ARGV [1] or die "Groupname argument missing.";
237    
238     -system("/usr/sbin/userdel", "$groupName") == 0
239     +system("/usr/sbin/cpu", "userdel", "$groupName") == 0
240     or die "Failed to delete dummy user for group $groupName.\n";
241    
242     -system("/usr/sbin/groupdel", "$groupName") == 0
243     - or die "Failed to delete group $groupName.\n";
244     -
245     exit (0);
246     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-modify-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-modify-unix
247     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-modify-unix 2005-11-20 21:28:05.000000000 -0700
248     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-modify-unix 2008-03-31 09:16:36.000000000 -0600
249     @@ -64,7 +64,7 @@
250     my $groupDesc = $properties{'Description'}
251     if (defined $properties{'Description'});
252    
253     - system("/usr/sbin/usermod", "-c", "$groupDesc", "$groupName") == 0
254     + system("/usr/sbin/cpu", "usermod", "-c", "$groupDesc", "$groupName") == 0
255     or die "Failed to modify group description for $groupName.\n";
256    
257     my ($name, $passwd, $gid, $members) = getgrnam ($groupName);
258     @@ -118,8 +118,8 @@
259     }
260     $groups = join (',', sort (@groupList));
261    
262     - system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
263     - or die "Failed to modify supplementary group list for $member.\n";
264     + system("/usr/sbin/cpu", "usermod", "-G", "$groups", "$member") == 0
265     + or die "Failed to modify supplementary group list for $member.\n";
266     }
267     }
268    
269     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete
270     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete 1969-12-31 17:00:00.000000000 -0700
271     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete 2008-03-31 10:02:58.000000000 -0600
272     @@ -0,0 +1,77 @@
273     +#!/usr/bin/perl -w
274     +
275     +#----------------------------------------------------------------------
276     +# copyright (C) 1999-2005 Mitel Networks Corporation
277     +#
278     +# This program is free software; you can redistribute it and/or modify
279     +# it under the terms of the GNU General Public License as published by
280     +# the Free Software Foundation; either version 2 of the License, or
281     +# (at your option) any later version.
282     +#
283     +# This program is distributed in the hope that it will be useful,
284     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
285     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
286     +# GNU General Public License for more details.
287     +#
288     +# You should have received a copy of the GNU General Public License
289     +# along with this program; if not, write to the Free Software
290     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
291     +#
292     +#----------------------------------------------------------------------
293     +
294     +package esmith;
295     +
296     +use strict;
297     +use Errno;
298     +use esmith::ConfigDB;
299     +use esmith::util;
300     +use Net::LDAP;
301     +
302     +my $db = esmith::ConfigDB->open_ro or die "Could not open config db";
303     +
304     +unless ($db->get('ldap')->prop('status') eq "enabled" )
305     +{
306     + warn "Not running action script $0, LDAP service not enabled!\n";
307     + exit(0);
308     +}
309     +
310     +my $domain = $db->get('DomainName')
311     + || die("Couldn't determine domain name");
312     + $domain = $domain->value;
313     +
314     +my $event = $ARGV [0];
315     +my $userName = $ARGV [1];
316     +
317     +die "Username argument missing." unless defined ($userName);
318     +
319     +#------------------------------------------------------------
320     +# Delete user from LDAP directory. First read LDAP password
321     +#------------------------------------------------------------
322     +my $pw = esmith::util::LdapPassword();
323     +my $base = esmith::util::ldapBase ($domain);
324     +
325     +#------------------------------------------------------------
326     +# Delete LDAP entry.
327     +#------------------------------------------------------------
328     +my $ldap = Net::LDAP->new('localhost')
329     + or die "$@";
330     +
331     +$ldap->bind(
332     + dn => "cn=root,$base",
333     + password => $pw
334     +);
335     +
336     +my @search_args = ( base => $base, filter => "uid=$userName" );
337     +my $mesg = $ldap->search(@search_args);
338     +
339     +$mesg->code && die "Failed ldap search: ", $mesg->error;
340     +
341     +if ($mesg->count > 1)
342     +{
343     + die("LDAP search for $userName returned $mesg->count - 1 expected\n");
344     +}
345     +
346     +$ldap->delete($mesg->entry(0));
347     +$ldap->unbind;
348     +
349     +exit (0);
350     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete-dumps mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete-dumps
351     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete-dumps 1969-12-31 17:00:00.000000000 -0700
352     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete-dumps 2006-07-05 13:29:58.000000000 -0600
353     @@ -0,0 +1,63 @@
354     +#!/usr/bin/perl -w
355     +
356     +#----------------------------------------------------------------------
357     +# copyright (C) 2002 Mitel Networks Corporation
358     +#
359     +# This program is free software; you can redistribute it and/or modify
360     +# it under the terms of the GNU General Public License as published by
361     +# the Free Software Foundation; either version 2 of the License, or
362     +# (at your option) any later version.
363     +#
364     +# This program is distributed in the hope that it will be useful,
365     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
366     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
367     +# GNU General Public License for more details.
368     +#
369     +# You should have received a copy of the GNU General Public License
370     +# along with this program; if not, write to the Free Software
371     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
372     +#
373     +# Technical support for this program is available from Mitel Networks
374     +# Please visit our web site www.mitel.com/sme/ for details.
375     +#----------------------------------------------------------------------
376     +
377     +package esmith;
378     +
379     +use strict;
380     +use Errno;
381     +use esmith::ConfigDB;
382     +use esmith::util;
383     +
384     +my $conf = esmith::ConfigDB->open;
385     +my $domain = $conf->get('DomainName')
386     + || die("Couldn't determine domain name");
387     +$domain = $domain->value;
388     +
389     +my $ldap = $conf->get('ldap');
390     +if($ldap and $ldap->prop('status') eq 'enabled')
391     +{
392     + esmith::util::serviceControl(
393     + NAME => 'ldap',
394     + ACTION => 'stop',
395     + BACKGROUND => 'false')
396     + or die "Unable to stop ldap\n";
397     +}
398     +
399     +my $file = "/home/e-smith/db/ldap/$domain.ldif";
400     +if(-e $file)
401     +{
402     + unlink($file) or die "Unable to unlink $file: $!\n";
403     +}
404     +
405     +my $ldapdir = "/var/lib/ldap";
406     +opendir DIR, $ldapdir;
407     +foreach my $file (grep(!/^\./, readdir DIR))
408     +{
409     + if(-f "$ldapdir/$file")
410     + {
411     + unlink("$ldapdir/$file")
412     + or warn "Unable to unlink $ldapdir/$file: $!\n";
413     + }
414     +}
415     +closedir DIR;
416     +
417     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-dump mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-dump
418     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-dump 1969-12-31 17:00:00.000000000 -0700
419     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-dump 2006-07-05 13:29:58.000000000 -0600
420     @@ -0,0 +1,58 @@
421     +#!/usr/bin/perl -w
422     +
423     +#----------------------------------------------------------------------
424     +# copyright (C) 2002 Mitel Networks Corporation
425     +#
426     +# This program is free software; you can redistribute it and/or modify
427     +# it under the terms of the GNU General Public License as published by
428     +# the Free Software Foundation; either version 2 of the License, or
429     +# (at your option) any later version.
430     +#
431     +# This program is distributed in the hope that it will be useful,
432     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
433     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
434     +# GNU General Public License for more details.
435     +#
436     +# You should have received a copy of the GNU General Public License
437     +# along with this program; if not, write to the Free Software
438     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
439     +#
440     +# Technical support for this program is available from Mitel Networks
441     +# Please visit our web site www.mitel.com/sme/ for details.
442     +#----------------------------------------------------------------------
443     +
444     +package esmith;
445     +
446     +use strict;
447     +use Errno;
448     +use esmith::ConfigDB;
449     +
450     +my $domain = esmith::ConfigDB->open->get('DomainName')
451     + || die("Couldn't determine domain name");
452     +$domain = $domain->value;
453     +my $ldapconf = '/etc/openldap/ldap.conf';
454     +open(LDCONF, "<$ldapconf") or die "Can't open $ldapconf: $!\n";
455     +my @basedn = grep { /^BASE/ } <LDCONF>;
456     +close(LDCONF);
457     +
458     +# It should look something like this
459     +# BASE dc=sme1,dc=nssg,dc=mitel,dc=com
460     +unless (@basedn)
461     +{
462     + die "Failed to find the basedn in $ldapconf\n";
463     +}
464     +chomp( my $basedn = $basedn[0] );
465     +$basedn =~ s/^BASE //;
466     +$basedn =~ s/dc=//g;
467     +$basedn =~ s/,/./g;
468     +# If the basedn is not equal to the domain, remove any ldif file stored under
469     +# the new domain, so it starts from scratch.
470     +if ($basedn ne $domain)
471     +{
472     + my $backup = "/home/e-smith/db/ldap/$domain.ldif";
473     + unlink $backup if -e $backup;
474     +}
475     +$domain = $basedn;
476     +
477     +exec("/usr/sbin/slapcat", "-l", "/home/e-smith/db/ldap/$domain.ldif");
478     +exit 1;
479     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts
480     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts 1969-12-31 17:00:00.000000000 -0700
481     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts 2008-03-31 09:05:28.000000000 -0600
482     @@ -0,0 +1,300 @@
483     +#!/usr/bin/perl -w
484     +
485     +#----------------------------------------------------------------------
486     +# copyright (C) 1999, 2000 e-smith, inc.
487     +#
488     +# This program is free software; you can redistribute it and/or modify
489     +# it under the terms of the GNU General Public License as published by
490     +# the Free Software Foundation; either version 2 of the License, or
491     +# (at your option) any later version.
492     +#
493     +# This program is distributed in the hope that it will be useful,
494     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
495     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
496     +# GNU General Public License for more details.
497     +#
498     +# You should have received a copy of the GNU General Public License
499     +# along with this program; if not, write to the Free Software
500     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
501     +#----------------------------------------------------------------------
502     +
503     +package esmith;
504     +
505     +use strict;
506     +use Errno;
507     +use esmith::ConfigDB;
508     +use esmith::AccountsDB;
509     +use esmith::util;
510     +use Net::LDAP::LDIF;
511     +
512     +# Events: post-install, post-upgrade.
513     +# We assume we cannot access to ldap during this action.
514     +
515     +my $c = esmith::ConfigDB->open_ro or die "Couldn't open config db\n";
516     +
517     +my $domain = $c->get('DomainName')
518     + || die("Couldn't determine domain name");
519     +$domain = $domain->value;
520     +my $smb_server = $c->get('smb')
521     + || die("Couldn't determine samba server name");
522     +$smb_server = $smb_server->prop("ServerName");
523     +$smb_server =~ tr/[a-z]/[A-Z]/;
524     +my $base = esmith::util::ldapBase ($domain);
525     +
526     +# We specify an empty configuration file to assure no ldap connection.
527     +my $g = `/usr/bin/net getlocalsid -s /dev/null`;
528     +unless ($g =~ /SID.*is: (.+)/) {
529     + warn "Unable to determine SID. Clearning cache to see if it helps.";
530     + rename '/etc/samba/secrets.tdb','/etc/samba/secrets.'.time;
531     + rename '/var/cache/samba/gencache.tdb','/var/cache/samba/gencache.'.time;
532     + rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time;
533     + $g = `/usr/bin/net getlocalsid -s /dev/null`;
534     + $g =~ /SID.*is: (.+)/ or die "Could not get current sid\n";
535     +}
536     +my $local_sid = $1;
537     +
538     +# Since we are adding entries directly to the database, to ensure consistency,
539     +# slapd should not be running.
540     +if (`ps -A|grep slapd`)
541     +{
542     + unless (system("/usr/local/bin/svc -d /service/ldap") == 0)
543     + {
544     + die "Failed to init ldap base because slapd is running.\n";
545     + }
546     +}
547     +
548     +# Be sure that relevant schemas are enabled.
549     +unless (system("/sbin/e-smith/expand-template /etc/openldap/slapd.conf") == 0)
550     +{
551     + die "Failed to expand /etc/openldap/slapd.conf.\n";
552     +}
553     +
554     +# See perldoc perlipc (search for 'Safe Pipe Opens').
555     +my $pid = open(DISCARD, "|-");
556     +
557     +# Write to DISCARD ldif code corresponding to accounts to init.
558     +if ($pid) # parent
559     +{
560     + my $ldif = Net::LDAP::LDIF->new("/home/e-smith/db/ldap/$domain.ldif",
561     + "r", onerror => 'undef');
562     + my $writer = Net::LDAP::LDIF->new(\*DISCARD, "w", onerror => 'undef');
563     +
564     + # Entries to init.
565     + my @ous = ("Groups", "People", "Users"); # ous for Organizational Units.
566     + my @users = ("root", "ntp", "www", "admin", "public");
567     + my @groups = ("shared", "slocate", "nobody", @users);
568     +
569     + # Groups to map with samba, their names and their rids.
570     + my %mapping =
571     + (
572     + 'admin' => ['Domain Admins', "512"],
573     + 'shared' => ['Domain Users', "513"],
574     + 'nobody' => ['Domain Guests', "514"]
575     + );
576     +
577     + # Check for already initialized entries.
578     + my %ou_done = ();
579     + my %group_done = ();
580     + my %user_done = ();
581     + my $smb_domain_done;
582     + while (not $ldif->eof())
583     + {
584     + my $entry = $ldif->read_entry();
585     + if ($ldif->error())
586     + {
587     + warn "Error msg: ", $ldif->error(), "\n";
588     + warn "Error lines:\n", $ldif->error_lines(), "\n";
589     + }
590     + else
591     + {
592     + my $dn = $entry->dn || "";
593     +
594     + $smb_domain_done = 1
595     + if ($dn eq "sambaDomainName=$smb_server,$base");
596     +
597     + foreach (@ous)
598     + {
599     + $ou_done{$_} = 1
600     + if ($dn eq "ou=$_,$base");
601     + }
602     +
603     + foreach (@groups)
604     + {
605     + $group_done{$_} = 1
606     + if ($dn eq "cn=$_,ou=Groups,$base");
607     + }
608     +
609     + foreach (@users)
610     + {
611     + $user_done{$_} = 1
612     + if ($dn eq "uid=$_,ou=Users,$base");
613     + }
614     + }
615     + }
616     + $ldif->done();
617     +
618     + # Produce ldif code.
619     + unless ($smb_domain_done)
620     + {
621     + my $smb_domain = Net::LDAP::Entry->new();
622     + $smb_domain->dn("sambaDomainName=$smb_server,$base");
623     + $smb_domain->add
624     + (
625     + "objectClass" => "sambaDomain",
626     + "sambaAlgorithmicRidBase" => "1000",
627     + "sambaDomainName" => $smb_server,
628     + "sambaSID" => $local_sid,
629     + );
630     +
631     + $writer->write($smb_domain);
632     + }
633     +
634     + foreach (@ous)
635     + {
636     + next if $ou_done{$_};
637     +
638     + my $ou = Net::LDAP::Entry->new();
639     + $ou->dn("ou=$_,$base");
640     + $ou->add
641     + (
642     + "ou" => $_,
643     + "objectClass" => ["organizationalUnit", "top"]
644     + );
645     +
646     + $writer->write($ou);
647     + }
648     +
649     + my $group_info = parse_file("/etc/group", @groups);
650     +
651     + foreach (@groups)
652     + {
653     + next if $group_done{$_};
654     +
655     + my ($name, $passwd, $gid, $members) = @{$group_info->{$_}};
656     +
657     + die "Unable to find $_ informations in /etc/group.\n"
658     + unless ($name ne "" && $gid ne "");
659     +
660     + my $group = Net::LDAP::Entry->new();
661     + $group->dn("cn=$_,ou=Groups,$base");
662     +
663     + if ($mapping{$_})
664     + {
665     + my ($dname, $rid) = @{$mapping{$_}};
666     + $group->add
667     + (
668     + "objectClass" => ["posixGroup", "sambaGroupMapping", "top"],
669     + "cn" => $name,
670     + "gidNumber" => $gid,
671     + "memberUid" => [split(/,/, $members || "")],
672     + "description" => "Local Unix group",
673     + "displayName" => $dname,
674     + "sambaGroupType" => "2",
675     + "sambaSID" => $local_sid . "-" . $rid
676     + );
677     + }
678     + else
679     + {
680     + $group->add
681     + (
682     + "objectClass" => ["posixGroup", "top"],
683     + "cn" => $name,
684     + "gidNumber" => $gid,
685     + "memberUid" => [split(/,/, $members || "")]
686     + );
687     + }
688     +
689     + $writer->write($group);
690     + }
691     +
692     + my $passwd_info = parse_file("/etc/passwd", @users);
693     + my $shadow_info = parse_file("/etc/shadow", @users);
694     +
695     + foreach (@users)
696     + {
697     + next if $user_done{$_};
698     +
699     + my ($name, undef, $uid, $gid, $comment, $home, $shell)
700     + = @{$passwd_info->{$_}};
701     + my (undef, $passwd, $lastchange, $min, $max, $warning, $inactive,
702     + $expire, $flag) = @{$shadow_info->{$_}};
703     +
704     + die "Unable to find $_ informations in /etc/passwd.\n"
705     + unless ($name ne "" && $uid ne "" && $gid ne "" && $home ne "");
706     +
707     + my $user = Net::LDAP::Entry->new();
708     + $user->dn("uid=$_,ou=Users,$base");
709     + $user->add
710     + (
711     + "objectClass" => ["account", "posixAccount", "shadowAccount",
712     + "top"],
713     + "cn" => $name,
714     + "uid" => $name,
715     + "gecos" => $comment || "no comment",
716     + "uidNumber" => $uid,
717     + "gidNumber" => $gid,
718     + "userPassword" => "{crypt}" . ($passwd || "*"),
719     + "homeDirectory" => $home,
720     + "loginShell" => $shell || "/bin/false",
721     + "shadowLastChange" => $lastchange || int(time / (24 * 3600)),
722     + "shadowMin" => $min || "-1",
723     + "shadowMax" => $max || "99999",
724     + "shadowWarning" => $warning || "7",
725     + "shadowInactive" => $inactive || "-1",
726     + "shadowExpire" => $expire || "-1",
727     + "shadowFlag" => $flag || "-1"
728     + );
729     +
730     + $writer->write($user);
731     + }
732     +
733     +$writer->done();
734     +close(DISCARD) || die "Child exited early.";
735     +}
736     +else # child
737     +{
738     + # Add entries to slapd base.
739     + unless (system("/usr/sbin/slapadd -b $base") == 0)
740     + {
741     + die "Failed to add ldif entries to $base via slapadd.\n";
742     + }
743     +
744     + # Make sure ldap db are owned by ldap
745     + system("/bin/chown ldap:ldap /var/lib/ldap/*") == 0
746     + or die "Failed to chown ldap db.\n";
747     +
748     + exit 0;
749     +}
750     +
751     +# Update dump to assute consistency.
752     +unless (system("/usr/sbin/slapcat",
753     + "-b", $base,
754     + "-l", "/home/e-smith/db/ldap/$domain.ldif") == 0)
755     +{
756     + die "Failed to update slapd dump (/home/e-smith/db/ldap/$domain.ldif).\n";
757     +}
758     +
759     +# Parse a file with fields separated by ':' (ie /etc/{group,passwd,shadow}).
760     +sub parse_file
761     +{
762     + # We are only interested in @keep accounts.
763     + my ($file, @keep) = @_;
764     +
765     + my %result = ();
766     +
767     + open(FILE, $file) or die("open: $!");
768     +
769     + my @line;
770     + while(<FILE>)
771     + {
772     + chomp;
773     + @line = split(/:/);
774     + foreach (@keep)
775     + {
776     + $result{$_} = [ @line ]
777     + if ($line[0] eq $_);
778     + }
779     + }
780     +
781     + return \%result;
782     +}
783     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-update mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-update
784     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-update 1969-12-31 17:00:00.000000000 -0700
785     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-update 2008-03-31 10:05:00.000000000 -0600
786     @@ -0,0 +1,170 @@
787     +#!/usr/bin/perl -w
788     +
789     +#----------------------------------------------------------------------
790     +# copyright (C) 1999, 2000 e-smith, inc.
791     +#
792     +# This program is free software; you can redistribute it and/or modify
793     +# it under the terms of the GNU General Public License as published by
794     +# the Free Software Foundation; either version 2 of the License, or
795     +# (at your option) any later version.
796     +#
797     +# This program is distributed in the hope that it will be useful,
798     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
799     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
800     +# GNU General Public License for more details.
801     +#
802     +# You should have received a copy of the GNU General Public License
803     +# along with this program; if not, write to the Free Software
804     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
805     +#
806     +# Technical support for this program is available from e-smith, inc.
807     +# For details, please visit our web site at www.e-smith.com or
808     +# call us on 1 888 ESMITH 1 (US/Canada toll free) or +1 613 564 8000
809     +#----------------------------------------------------------------------
810     +
811     +package esmith;
812     +
813     +use strict;
814     +use Errno;
815     +use esmith::ConfigDB;
816     +use esmith::AccountsDB;
817     +use esmith::util;
818     +use Net::LDAP;
819     +
820     +my $c = esmith::ConfigDB->open_ro;
821     +my $a = esmith::AccountsDB->open_ro;
822     +
823     +my $l = $c->get('ldap');
824     +my $status = $l->prop('status') || "disabled";
825     +unless ($status eq "enabled" )
826     +{
827     + warn "Not running action script $0, LDAP service not enabled!\n";
828     + exit(0);
829     +}
830     +
831     +my $domain = $c->get('DomainName')
832     + || die("Couldn't determine domain name");
833     + $domain = $domain->value;
834     +
835     +my @accounts;
836     +my $account;
837     +my $event = shift || die "Event name must be specified";
838     +if ($event eq 'ldap-update')
839     +{
840     + @accounts = ($a->users, $a->groups);
841     +}
842     +else
843     +{
844     + my $userName = shift;
845     + die "Username argument missing." unless defined ($userName);
846     +
847     + $account = $a->get($userName);
848     + die "Account $userName not found.\n" unless defined $account;
849     + my $type = $account->prop('type') || "unknown";
850     +
851     + die "Account $userName is not a user or group account; " .
852     + "update LDAP entry failed.\n"
853     + unless (($type eq 'user') || ($type eq 'group'));
854     + @accounts = ($account);
855     +}
856     +
857     +#------------------------------------------------------------
858     +# Update LDAP directory entry. First read LDAP password
859     +#------------------------------------------------------------
860     +my $pw = esmith::util::LdapPassword();
861     +
862     +#------------------------------------------------------------
863     +# Update LDAP database entry.
864     +#------------------------------------------------------------
865     +my $base = esmith::util::ldapBase ($domain);
866     +
867     +my $ldap = Net::LDAP->new('localhost')
868     + or die "$@";
869     +
870     +$ldap->bind(
871     + dn => "cn=root,$base",
872     + password => $pw
873     +);
874     +
875     +my $phone = $l->prop('defaultTelephoneNumber') || '';
876     +my $company = $l->prop('defaultCompany') || '';
877     +my $dept = $l->prop('defaultDepartment') || '';
878     +my $city = $l->prop('defaultCity') || '';
879     +my $street = $l->prop('defaultStreet') || '';
880     +foreach my $acct (@accounts)
881     +{
882     + my $key = $acct->key;
883     + my $type = $acct->prop('type');
884     + next unless ($type eq 'user' || $type eq 'group');
885     + my @attrs = ();
886     + if ($type eq 'user')
887     + {
888     + my $name = $acct->prop('FirstName') . " " . $acct->prop('LastName');
889     + utf8::upgrade($name);
890     + my $first = $acct->prop('FirstName') || '';
891     + utf8::upgrade($first);
892     + my $last = $acct->prop('LastName') || '';
893     + utf8::upgrade($last);
894     + my $phone = $acct->prop('Phone') || '';
895     + my $company = $acct->prop('Company') || '';
896     + utf8::upgrade($company);
897     + my $dept = $acct->prop('Dept') || '';
898     + utf8::upgrade($dept);
899     + my $city = $acct->prop('City') || '';
900     + utf8::upgrade($city);
901     + my $street = $acct->prop('Street') || '';
902     + utf8::upgrade($street);
903     + push @attrs, (objectClass => ['person',
904     + 'organizationalPerson',
905     + 'inetOrgPerson']);
906     + push @attrs, (uid => $key);
907     +
908     + push @attrs, (cn => $name) unless ($name =~ /^\s*$/);
909     + push @attrs, (givenName => $first) unless $first =~ /^\s*$/;
910     + push @attrs, (sn => $last) unless $last =~ /^\s*$/;
911     + push @attrs, (mail => "$key\@$domain");
912     + push @attrs, (telephoneNumber => $phone) unless $phone =~ /^\s*$/;
913     + push @attrs, (o => $company) unless $company =~ /^\s*$/;
914     + push @attrs, (ou => $dept) unless $dept =~ /^\s*$/;
915     + push @attrs, (l => $city) unless $city =~ /^\s*$/;
916     + push @attrs, (street => $street) unless $street =~ /^\s*$/;
917     + }
918     + elsif ($type eq 'group')
919     + {
920     + push @attrs, (objectClass => ['person',
921     + 'organizationalPerson',
922     + 'inetOrgPerson']);
923     + push @attrs, (uid => $key);
924     +
925     + my $key = $acct->key;
926     + my $desc = $acct->prop('Description') || '';
927     + utf8::upgrade($desc);
928     + push @attrs, (cn => $desc) unless $desc =~ /^\s*$/;
929     + push @attrs, (sn => $desc) unless $desc =~ /^\s*$/;
930     + push @attrs, (mail => "$key\@$domain");
931     + push @attrs, (telephoneNumber => $phone) unless $phone =~ /^\s*$/;
932     + push @attrs, (o => $company) unless $company =~ /^\s*$/;
933     + push @attrs, (ou => $dept) unless $dept =~ /^\s*$/;
934     + push @attrs, (l => $city) unless $city =~ /^\s*$/;
935     + push @attrs, (street => $street) unless $street =~ /^\s*$/;
936     + }
937     + my $dn = "uid=$key,ou=People,$base";
938     + if (($event eq 'user-create') || ($event eq 'group-create'))
939     + {
940     + my $result = $ldap->add ($dn, attr => \@attrs);
941     +
942     + $result->code &&
943     + warn "failed to add entry for $dn: ", $result->error ;
944     + }
945     + else
946     + {
947     + my %attrs = @attrs;
948     + my $result = $ldap->modify ($dn, replace => \%attrs);
949     +
950     + $result->code &&
951     + warn "failed to modify entry for $dn: ", $result->error ;
952     + }
953     +}
954     +$ldap->unbind;
955     +
956     +exit (0);
957     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/update-passwd mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/update-passwd
958     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/update-passwd 2005-11-20 21:28:05.000000000 -0700
959     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/update-passwd 2007-09-05 08:07:04.000000000 -0600
960     @@ -26,6 +26,7 @@
961     use strict;
962     use Errno;
963     use esmith::AccountsDB;
964     +use esmith::ldap;
965    
966     my $a = esmith::AccountsDB->open_ro or die "Could not open accounts db";
967    
968     @@ -35,8 +36,7 @@
969     my $pwset = $u->prop('PasswordSet') || 'no';
970     unless ($pwset eq 'yes')
971     {
972     - system("/usr/bin/passwd", "-l", $user) == 0
973     - or warn("Problem locking password for user $user\n");
974     + esmith::ldap::cancelLdapPassword($user);
975    
976     system("/usr/bin/smbpasswd", "-d", $user) == 0
977     or warn("Problem locking smbpassword for user $user\n");
978     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-create-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-create-unix
979     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-create-unix 2005-11-20 21:28:05.000000000 -0700
980     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-create-unix 2008-03-31 09:25:13.000000000 -0600
981     @@ -64,7 +64,7 @@
982     # Create the user's unique group first
983    
984     system(
985     - "/usr/sbin/groupadd",
986     + "/usr/sbin/cpu", "groupadd",
987     "-g",
988     $gid,
989     $userName
990     @@ -73,14 +73,14 @@
991     # Now create the user account
992    
993     system(
994     - "/usr/sbin/useradd",
995     + "/usr/sbin/cpu", "useradd",
996     "-u", $uid,
997     "-g", $uid,
998     "-c", "$first $last",
999     "-d", "/home/e-smith/files/users/$userName",
1000     "-G", "shared",
1001     "-m",
1002     - "-k", "/etc/e-smith/skel/user",
1003     + "-k/etc/e-smith/skel/user",
1004     "-s", "$shell",
1005     $userName
1006     ) == 0 or die "Failed to create account $userName.\n";
1007     @@ -92,8 +92,6 @@
1008    
1009     chmod 0700, "/home/e-smith/files/users/$userName";
1010    
1011     -system("/usr/bin/passwd", "-l", "$userName")
1012     - and warn("Could not lock password for $userName\n");
1013     system("/usr/bin/smbpasswd", "-a", "-d", "$userName")
1014     and warn("Could not lock smb password for $userName\n");;
1015    
1016     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-delete-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-delete-unix
1017     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-delete-unix 2005-11-20 21:28:05.000000000 -0700
1018     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-delete-unix 2008-03-31 09:25:38.000000000 -0600
1019     @@ -38,10 +38,15 @@
1020    
1021     esmith::util::cancelUserPassword ($userName);
1022    
1023     -my $discard = `/usr/sbin/userdel -r '$userName'`;
1024     -if ($? != 0)
1025     -{
1026     - die "Failed to delete account $userName.\n";
1027     -}
1028     +system(
1029     + "/usr/sbin/cpu", "userdel",
1030     + "-r",
1031     + $userName
1032     + ) == 0 or die "Failed to delete account $userName.\n";
1033     +
1034     +system(
1035     + "/usr/sbin/cpu", "groupdel",
1036     + $userName
1037     + ) == 0 or die "Failed to delete group account $userName.\n";
1038    
1039     exit (0);
1040     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-lock-passwd mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-lock-passwd
1041     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-lock-passwd 2007-01-19 14:33:22.000000000 -0700
1042     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-lock-passwd 2007-09-05 08:07:04.000000000 -0600
1043     @@ -24,12 +24,29 @@
1044     use Errno;
1045     use esmith::AccountsDB;
1046     use esmith::ConfigDB;
1047     +use esmith::ldap;
1048     use IO::File;
1049     use English;
1050    
1051     my $a = esmith::AccountsDB->open or die "Could not open accounts db";
1052     my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
1053    
1054     +my $l = $conf->get('ldap');
1055     +my $status = $l->prop('status') || "disabled";
1056     +unless ($status eq "enabled" )
1057     +{
1058     + warn "Not running action script $0, LDAP service not enabled!\n";
1059     + exit(0);
1060     +}
1061     +
1062     +my $system = $conf->get('SystemName')
1063     + || die("Couldn't determine system name");
1064     + $system = $system->value;
1065     +
1066     +my $domain = $conf->get('DomainName')
1067     + || die("Couldn't determine domain name");
1068     + $domain = $domain->value;
1069     +
1070     my $event = $ARGV [0];
1071    
1072     my @users_to_lock = bad_password_users();
1073     @@ -52,8 +69,7 @@
1074    
1075     my $u = $a->get($userName) or die "No account record for user $userName";
1076    
1077     - system("/usr/bin/passwd", "-l", $userName) == 0
1078     - or die "Error running /usr/bin/passwd command to lock account $userName";
1079     + esmith::ldap::cancelLdapPassword($userName);
1080     system("/usr/bin/smbpasswd", "-d", $userName) == 0
1081     or die "Error running /usr/bin/smbpasswd command to lock account $userName";
1082     $u->set_prop('PasswordSet', 'no');
1083     @@ -66,26 +82,37 @@
1084    
1085     sub bad_password_users
1086     {
1087     - my $smbpasswd = IO::File->new("/etc/samba/smbpasswd", '<')
1088     - or die "Can't open smbpasswd: $OS_ERROR\n";
1089     + my $pw = esmith::util::LdapPassword();
1090     + my $base = esmith::util::ldapBase ($domain);
1091     + my $ldap = Net::LDAP->new($system . "." . $domain)
1092     + or die "$@";
1093     + $ldap->bind(
1094     + dn => "cn=root,$base",
1095     + password => $pw
1096     + );
1097     +
1098     + my $entries = $ldap->search(
1099     + base => "ou=Users,$base",
1100     + scope => 'sub',
1101     + filter => '(objectClass=sambaSamAccount)'
1102     + );
1103    
1104     - my @users;
1105     + $entries->code && die $entries->error;
1106    
1107     - SMBPASSWD:
1108     - while (my $smb_entry = <$smbpasswd>)
1109     - {
1110     - my ($user, $uid, $lanman_hash, $nt_hash, @rest)
1111     - = split /:/, $smb_entry;
1112     + my @users;
1113     + foreach my $smb_entry ($entries->all_entries) {
1114     + my $user = $smb_entry->get_value('uid');
1115     + my $lanman_hash = $smb_entry->get_value('sambaLMPassword');
1116     + my $nt_hash = $smb_entry->get_value('sambaNTPassword');
1117    
1118     if ( $lanman_hash eq "AAD3B435B51404EEAAD3B435B51404EE"
1119     or $nt_hash eq "31D6CFE0D16AE931B73C59D7E0C089C0"
1120     )
1121     {
1122     push @users, $user;
1123     - next SMBPASSWD;
1124     }
1125     }
1126    
1127     - $smbpasswd->close;
1128     + $ldap->unbind;
1129     return @users;
1130     }
1131     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-modify-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-modify-unix
1132     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-modify-unix 2006-03-14 09:20:43.000000000 -0700
1133     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-modify-unix 2008-03-31 09:26:51.000000000 -0600
1134     @@ -51,6 +51,24 @@
1135     die "Account $userName is not a user account; modify user failed.\n"
1136     unless ( ($userName eq 'admin') or ($type eq 'user') );
1137    
1138     + # cpu usermod called without "-G list,of,supplementary,groups" causes user
1139     + # to be removed from all it's supplementary groups. Thus, to be able to call
1140     + # cpu usermod properly we need to know user supplementary groups.
1141     +
1142     + my $cmd = "/usr/bin/id -G -n '$member'";
1143     + my $groups = `$cmd 2>/dev/null`;
1144     + if ($? != 0)
1145     + {
1146     + die "Failed to get supplementary group list for $member.\n";
1147     + }
1148     + chomp ($groups);
1149     +
1150     + my @groupList = split (/\s+/, $groups);
1151     + @groupList = grep (!/^$member$/, @groupList);
1152     + push @groupList, $groupName;
1153     +
1154     + $groups = join (',', sort (@groupList));
1155     +
1156     setpwent;
1157     my ($comment, $shell) = (getpwnam($userName))[5,8];
1158     endpwent;
1159     @@ -64,8 +82,8 @@
1160     #------------------------------------------------------------
1161     unless ($shell eq $new_shell)
1162     {
1163     - system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0
1164     - or die "Failed to modify shell of account $userName.\n";
1165     + system("/usr/sbin/cpu", "usermod", '-s', "$new_shell", "-G", "$groups", $userName) == 0
1166     + or die "Failed to modify shell of account $userName.\n";
1167     }
1168    
1169     #------------------------------------------------------------
1170     @@ -78,8 +96,8 @@
1171    
1172     unless ($comment eq $new_comment)
1173     {
1174     - system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0
1175     - or die "Failed to modify comment of account $userName.\n";
1176     + system("/usr/sbin/cpu", "usermod", "-c", "$first $last", "-G", "$groups", $userName) == 0
1177     + or die "Failed to modify comment of account $userName.\n";
1178     }
1179     }
1180    
1181     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/directory mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/directory
1182     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/directory 1969-12-31 17:00:00.000000000 -0700
1183     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/directory 2008-03-31 09:13:28.000000000 -0600
1184     @@ -0,0 +1,100 @@
1185     +<lexicon lang="en-us">
1186     + <entry>
1187     + <base>FORM_TITLE</base>
1188     + <trans>Change LDAP directory settings</trans>
1189     + </entry>
1190     + <entry>
1191     + <base>PUBLIC</base>
1192     + <trans>Allow public access (entire Internet)</trans>
1193     + </entry>
1194     + <entry>
1195     + <base>PRIVATE</base>
1196     + <trans>Allow access only from local networks</trans>
1197     + </entry>
1198     +<entry>
1199     +<base>LABEL_ROOT</base>
1200     +<trans>Server root</trans>
1201     +</entry>
1202     +
1203     +<entry>
1204     +<base>DESCRIPTION</base>
1205     +<trans>
1206     +The LDAP server provides a network-available listing of the user accounts
1207     +and groups on your server, and can be accessed using an LDAP client such as the Address Book feature in Netscape Communicator. Configure your LDAP client with the local IP address of your server, port number 389, and the server root parameter shown below.
1208     +</trans>
1209     +</entry>
1210     +<entry>
1211     +<base>DESC_DIRECTORY_ACCESS</base>
1212     +<trans> You can control access to your LDAP directory: the private setting allows access only from your local network, and the public setting allows access from anywhere on the Internet. </trans>
1213     +</entry>
1214     +<entry>
1215     +<base>DIRECTORY_ACCESS</base>
1216     +<trans>LDAP directory access</trans>
1217     +</entry>
1218     +<entry>
1219     + <base>DESC_DEPARTMENT</base>
1220     +<trans>
1221     +These fields are the LDAP defaults for your organization.
1222     +Whenever you create a new user account, you will be prompted
1223     +to enter all of these fields (they can be different for each
1224     +user) but the values you set here
1225     +will show up as defaults. This is a convenience to make it
1226     +faster to create user accounts.
1227     +</trans>
1228     +</entry>
1229     +<entry>
1230     + <base>DEPARTMENT</base>
1231     + <trans>Default department</trans>
1232     +</entry>
1233     +
1234     +<entry>
1235     + <base>COMPANY</base>
1236     + <trans>Default company</trans>
1237     +</entry>
1238     +<entry>
1239     + <base>STREET</base>
1240     + <trans>Default Street address</trans>
1241     +</entry>
1242     +
1243     +<entry>
1244     + <base>CITY</base>
1245     + <trans>Default City</trans>
1246     +</entry>
1247     +
1248     +<entry>
1249     + <base>PHONENUMBER</base>
1250     + <trans>Default Phone Number</trans>
1251     +</entry>
1252     +
1253     +<entry>
1254     +<base>DESC_EXISTING</base>
1255     +<trans>
1256     +You can either leave existing user accounts as they are, using the above defaults only for
1257     +new users, or you can apply the above defaults to all existing users as well.
1258     +</trans>
1259     +</entry>
1260     +
1261     +
1262     +
1263     +<entry>
1264     +<base>EXISTING</base>
1265     +<trans>Existing users</trans>
1266     +</entry>
1267     +<entry>
1268     +<base>SUCCESS</base>
1269     +<trans>The new LDAP default settings have been saved.</trans>
1270     +</entry>
1271     +
1272     +<entry>
1273     +<base>LEAVE</base>
1274     +<trans>Leave as they are</trans>
1275     +</entry>
1276     +<entry>
1277     +<base>UPDATE</base>
1278     +<trans>Update with new defaults</trans>
1279     +</entry>
1280     + <entry>
1281     + <base>Directory</base>
1282     + <trans>Directory</trans>
1283     + </entry>
1284     +</lexicon>
1285     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all
1286     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all 1969-12-31 17:00:00.000000000 -0700
1287     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all 2008-03-31 09:05:27.000000000 -0600
1288     @@ -0,0 +1,57 @@
1289     +# See cpu.conf(5) for documentation
1290     +
1291     +[GLOBAL]
1292     +DEFAULT_METHOD = ldap
1293     +CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict
1294     +
1295     +[LDAP]
1296     +LDAP_HOST = localhost
1297     +LDAP_PORT = 389
1298     +# Can also use LDAP_URI = ldaps://localhost:389 for TLS support
1299     +BIND_DN = "cn=root,{ esmith::util::ldapBase ($DomainName); }"
1300     +BIND_PASS = { esmith::util::LdapPassword (); }
1301     +USER_BASE = ou=Users,{ esmith::util::ldapBase ($DomainName); }
1302     +# replace account with inetOrgPerson if you want first or last name
1303     +GROUP_BASE = ou=Groups,{ esmith::util::ldapBase ($DomainName); }
1304     +USER_OBJECT_CLASS = account,posixAccount,shadowAccount,top
1305     +GROUP_OBJECT_CLASS = posixGroup,top
1306     +USER_FILTER = (objectClass=posixAccount)
1307     +GROUP_FILTER = (objectClass=posixGroup)
1308     +USER_CN_STRING = uid
1309     +GROUP_CN_STRING = cn
1310     +SKEL_DIR = /etc/skel
1311     +DEFAULT_SHELL = /bin/bash
1312     +HOME_DIRECTORY = /home
1313     +MAX_UIDNUMBER = 10000
1314     +MIN_UIDNUMBER = 100
1315     +MAX_GIDNUMBER = 10000
1316     +MIN_GIDNUMBER = 101
1317     +ID_MAX_PASSES = 1000
1318     +USERGROUPS = yes
1319     +USERS_GID = 100
1320     +RANDOM = "false"
1321     +PASSWORD_FILE = "/etc/passfile"
1322     +SHADOW_FILE = "/etc/shadowfile"
1323     +HASH = "sha1"
1324     +#ADD_SCRIPT = "contrib/postaddscript.sh"
1325     +#DEL_SCRIPT = "foo"
1326     +SHADOWLASTCHANGE = 11192
1327     +SHADOWMAX = 99999
1328     +SHADOWWARING = 7
1329     +SHADOWEXPIRE = -1
1330     +SHADOWFLAG = 134538308
1331     +SHADOWMIN = -1
1332     +SHADOWINACTIVE = -1
1333     +
1334     +[PASSWD]
1335     +# Broken
1336     +GROUP = 1000
1337     +HOME = /home
1338     +INACTIVE = -1
1339     +#EXPIRE =
1340     +SHELL = /bin/bash
1341     +SKEL = /etc/skel
1342     +COMMENT = "Default Gecos"
1343     +PASSWORD = /etc/passwd
1344     +SHADOW = /etc/shadow
1345     +
1346     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/hosts.allow/ldap mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/hosts.allow/ldap
1347     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/hosts.allow/ldap 1969-12-31 17:00:00.000000000 -0700
1348     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/hosts.allow/ldap 2006-07-05 13:29:58.000000000 -0600
1349     @@ -0,0 +1,3 @@
1350     +{
1351     + "# LDAP servers\n" . $DB->hosts_allow_spec('ldap', 'slapd')
1352     +}
1353     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/10ssl mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/10ssl
1354     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/10ssl 1969-12-31 17:00:00.000000000 -0700
1355     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/10ssl 2008-03-31 09:05:28.000000000 -0600
1356     @@ -0,0 +1,15 @@
1357     +# OpenLDAP SSL mechanism
1358     +# Start_tls mechanism uses the normal LDAP port, LDAPS typically 636
1359     +# ssl start_tls
1360     +# ssl on
1361     +ssl no
1362     +
1363     +# OpenLDAP SSL options
1364     +# Require and verify server certificate (yes/no)
1365     +# Default is to use libldap's default behavior, which can be configured in
1366     +# /etc/openldap/ldap.conf using the TLS_REQCERT setting.
1367     +# tls_checkpeer yes
1368     +
1369     +# CA certificates for server certificate verification
1370     +# At least one of these are required if tls_checkpeer is "yes"
1371     +# tls_cacertfile /var/service/ldap/ssl/slapd.pem
1372     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password
1373     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password 1969-12-31 17:00:00.000000000 -0700
1374     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password 2007-09-05 08:07:04.000000000 -0600
1375     @@ -0,0 +1 @@
1376     +pam_password md5
1377     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/30host mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/30host
1378     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/30host 1969-12-31 17:00:00.000000000 -0700
1379     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/30host 2008-03-31 09:05:27.000000000 -0600
1380     @@ -0,0 +1 @@
1381     +host localhost
1382     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40base mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40base
1383     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40base 1969-12-31 17:00:00.000000000 -0700
1384     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40base 2007-09-05 08:07:04.000000000 -0600
1385     @@ -0,0 +1,3 @@
1386     +{
1387     + $OUT .= "base " . esmith::util::ldapBase ($DomainName);
1388     +}
1389     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_group mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_group
1390     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_group 1969-12-31 17:00:00.000000000 -0700
1391     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_group 2007-09-05 08:07:04.000000000 -0600
1392     @@ -0,0 +1,5 @@
1393     +{
1394     + $OUT .= "nss_base_group ou=Groups,";
1395     + $OUT .= esmith::util::ldapBase ($DomainName);
1396     + $OUT .= '?one';
1397     +}
1398     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd
1399     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd 1969-12-31 17:00:00.000000000 -0700
1400     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd 2007-09-05 08:07:04.000000000 -0600
1401     @@ -0,0 +1,5 @@
1402     +{
1403     + $OUT .= "nss_base_passwd ou=Users,";
1404     + $OUT .= esmith::util::ldapBase ($DomainName);
1405     + $OUT .= '?one';
1406     +}
1407     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/45rootbinddn mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/45rootbinddn
1408     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/45rootbinddn 1969-12-31 17:00:00.000000000 -0700
1409     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/45rootbinddn 2007-09-05 08:07:04.000000000 -0600
1410     @@ -0,0 +1,3 @@
1411     +{
1412     + $OUT .= "rootbinddn cn=root," . esmith::util::ldapBase ($DomainName);
1413     +}
1414     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/50tls_cacertdir mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/50tls_cacertdir
1415     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/50tls_cacertdir 1969-12-31 17:00:00.000000000 -0700
1416     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/50tls_cacertdir 2007-09-05 08:07:04.000000000 -0600
1417     @@ -0,0 +1 @@
1418     +tls_cacertdir /etc/openldap/cacerts
1419     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55initgroups_ignoreusers mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55initgroups_ignoreusers
1420     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55initgroups_ignoreusers 1969-12-31 17:00:00.000000000 -0700
1421     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55initgroups_ignoreusers 2008-03-31 09:05:28.000000000 -0600
1422     @@ -0,0 +1 @@
1423     +nss_initgroups_ignoreusers ldap
1424     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.secret mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.secret
1425     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.secret 1969-12-31 17:00:00.000000000 -0700
1426     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.secret 2007-09-05 08:07:04.000000000 -0600
1427     @@ -0,0 +1 @@
1428     +{ esmith::util::LdapPassword (); }
1429     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/nsswitch.conf/10files mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/nsswitch.conf/10files
1430     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/nsswitch.conf/10files 2005-11-20 21:28:07.000000000 -0700
1431     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/nsswitch.conf/10files 2007-09-05 08:07:04.000000000 -0600
1432     @@ -1,6 +1,6 @@
1433     -passwd: files
1434     -shadow: files
1435     -group: files
1436     +passwd: files ldap
1437     +shadow: files ldap
1438     +group: files ldap
1439     hosts: { ($AccessType eq "off") ? "files" : "files dns" }
1440     services: files
1441     networks: files
1442     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/12tls mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/12tls
1443     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/12tls 1969-12-31 17:00:00.000000000 -0700
1444     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/12tls 2007-09-05 08:07:04.000000000 -0600
1445     @@ -0,0 +1,3 @@
1446     +TLS_CACERT /var/service/ldap/ssl/slapd.pem
1447     +TLS_REQCERT always
1448     +TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv2
1449     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/20ldap-default mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/20ldap-default
1450     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/20ldap-default 1969-12-31 17:00:00.000000000 -0700
1451     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/20ldap-default 2008-03-31 10:08:12.000000000 -0600
1452     @@ -0,0 +1,20 @@
1453     +#
1454     +# LDAP Defaults
1455     +#
1456     +
1457     +# See ldap.conf(5) for details
1458     +# This file should be world readable.
1459     +
1460     +#BASE dc=OpenLDAP, dc=Org
1461     +#HOST ldap.openldap.org
1462     +
1463     +#HOST ldap.openldap.org ldap-master.openldap.org:666
1464     +#PORT 389
1465     +
1466     +BASE { esmith::util::ldapBase ($DomainName); }
1467     +HOST localhost
1468     +PORT 389
1469     +
1470     +#SIZELIMIT 12
1471     +#TIMELIMIT 15
1472     +#DEREF never
1473     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema
1474     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema 1969-12-31 17:00:00.000000000 -0700
1475     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema 2007-09-05 08:07:04.000000000 -0600
1476     @@ -0,0 +1,8 @@
1477     +
1478     +include /etc/openldap/schema/core.schema
1479     +include /etc/openldap/schema/cosine.schema
1480     +include /etc/openldap/schema/inetorgperson.schema
1481     +include /etc/openldap/schema/nis.schema
1482     +include /etc/openldap/schema/redhat/rfc822-MailMember.schema
1483     +include /etc/openldap/schema/redhat/autofs.schema
1484     +include /etc/openldap/schema/samba.schema
1485     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
1486     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 1969-12-31 17:00:00.000000000 -0700
1487     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2007-09-05 08:07:04.000000000 -0600
1488     @@ -0,0 +1,5 @@
1489     +TLSCipherSuite HIGH:MEDIUM:+SSLv2
1490     +TLSCACertificateFile /var/service/ldap/ssl/slapd.pem
1491     +TLSCertificateFile /var/service/ldap/ssl/slapd.pem
1492     +TLSCertificateKeyFile /var/service/ldap/ssl/slapd.pem
1493     +TLSVerifyClient never
1494     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/40bind_v2 mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/40bind_v2
1495     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/40bind_v2 1969-12-31 17:00:00.000000000 -0700
1496     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/40bind_v2 2006-07-05 13:29:58.000000000 -0600
1497     @@ -0,0 +1 @@
1498     +allow bind_v2
1499     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/50database mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/50database
1500     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/50database 1969-12-31 17:00:00.000000000 -0700
1501     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/50database 2008-03-31 09:05:28.000000000 -0600
1502     @@ -0,0 +1 @@
1503     +database ldbm
1504     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/65suffix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/65suffix
1505     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/65suffix 1969-12-31 17:00:00.000000000 -0700
1506     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/65suffix 2006-07-05 13:29:58.000000000 -0600
1507     @@ -0,0 +1 @@
1508     +suffix "{ esmith::util::ldapBase ($DomainName); }"
1509     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/70directory mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/70directory
1510     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/70directory 1969-12-31 17:00:00.000000000 -0700
1511     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/70directory 2006-07-05 13:29:58.000000000 -0600
1512     @@ -0,0 +1 @@
1513     +directory /var/lib/ldap
1514     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/75rootdn mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/75rootdn
1515     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/75rootdn 1969-12-31 17:00:00.000000000 -0700
1516     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/75rootdn 2006-07-05 13:29:58.000000000 -0600
1517     @@ -0,0 +1 @@
1518     +rootdn "cn=root,{ esmith::util::ldapBase ($DomainName); }"
1519     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/80rootpw mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/80rootpw
1520     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/80rootpw 1969-12-31 17:00:00.000000000 -0700
1521     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/80rootpw 2006-07-05 13:29:58.000000000 -0600
1522     @@ -0,0 +1 @@
1523     +rootpw { esmith::util::LdapPassword (); }
1524     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes
1525     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes 1969-12-31 17:00:00.000000000 -0700
1526     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes 2008-03-31 09:05:28.000000000 -0600
1527     @@ -0,0 +1,5 @@
1528     +# Indices to maintain
1529     +#index objectClass eq
1530     +index objectClass,uid,uidNumber,gidNumber eq
1531     +index cn,mail,surname,givenname eq,subinitial
1532     +
1533     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls
1534     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls 1969-12-31 17:00:00.000000000 -0700
1535     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls 2008-03-31 09:05:27.000000000 -0600
1536     @@ -0,0 +1,12 @@
1537     +# database access control definitions
1538     + access to attr=userPassword
1539     + by self write
1540     + by anonymous auth
1541     + by dn="cn=root,{ esmith::util::ldapBase ($DomainName); }" write
1542     + by * none
1543     +
1544     + access to *
1545     + by self write
1546     + by dn="cn=root,{ esmith::util::ldapBase ($DomainName); }" write
1547     + by * read
1548     +
1549     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth
1550     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth 2008-03-26 10:49:00.000000000 -0600
1551     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth 2008-03-31 09:05:25.000000000 -0600
1552     @@ -10,5 +10,6 @@
1553     $OUT .= "auth required pam_abl.so config=/etc/security/pam_abl.conf";
1554     }
1555     auth sufficient pam_unix.so likeauth nullok
1556     +auth sufficient pam_ldap.so use_first_pass
1557     auth required pam_deny.so
1558    
1559     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/30account mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/30account
1560     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/30account 2008-03-26 10:49:00.000000000 -0600
1561     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/30account 2008-03-31 09:05:25.000000000 -0600
1562     @@ -1,5 +1,6 @@
1563     account required pam_unix.so broken_shadow
1564     account sufficient pam_succeed_if.so uid < 100 quiet
1565     +account [default=bad success=ok user_unknown=ignore] pam_ldap.so
1566     account required pam_permit.so
1567     {
1568     my $status = $pam_tally{status} || 'disabled';
1569     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/40password mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/40password
1570     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/40password 2008-03-26 10:49:00.000000000 -0600
1571     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/40password 2008-03-31 09:46:16.000000000 -0600
1572     @@ -1,3 +1,4 @@
1573     password sufficient pam_unix.so nullok md5 shadow
1574     +password sufficient pam_ldap.so use_authtok
1575     password required pam_deny.so
1576    
1577     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/50session mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/50session
1578     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/50session 2008-03-26 10:49:00.000000000 -0600
1579     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/50session 2008-03-31 09:05:25.000000000 -0600
1580     @@ -1,2 +1,3 @@
1581     session required pam_limits.so
1582     session required pam_unix.so
1583     +session optional pam_ldap.so
1584     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/00filenames mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/00filenames
1585     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/00filenames 2005-11-20 21:28:09.000000000 -0700
1586     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/00filenames 2008-03-31 09:05:26.000000000 -0600
1587     @@ -5,5 +5,6 @@
1588     $cron = "/var/log/cron";
1589     $spooler = "/var/log/spooler";
1590     $maillog = "/var/log/maillog";
1591     + $slapd = "/var/log/slapd";
1592     "";
1593     }
1594     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/local4 mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/local4
1595     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/local4 2005-11-20 21:28:09.000000000 -0700
1596     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/local4 2008-03-31 09:05:26.000000000 -0600
1597     @@ -1 +1 @@
1598     -local4.* -{ "${messages}" }
1599     +local4.* -{ "${slapd}" }
1600     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/10domain mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/10domain
1601     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/10domain 1969-12-31 17:00:00.000000000 -0700
1602     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/10domain 2008-03-31 09:05:27.000000000 -0600
1603     @@ -0,0 +1,7 @@
1604     +{
1605     + my ($dc) = split(/\./, $DomainName);
1606     + $OUT .= "dn: $ldapBase\n";
1607     + $OUT .= "objectClass: top\n";
1608     + $OUT .= "objectClass: domain\n";
1609     + $OUT .= "dc: $dc\n";
1610     +}
1611     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin
1612     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 1969-12-31 17:00:00.000000000 -0700
1613     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 2006-07-05 13:29:58.000000000 -0600
1614     @@ -0,0 +1,14 @@
1615     +{
1616     + use esmith::AccountsDB;
1617     + use esmith::util;
1618     +
1619     + $a = esmith::AccountsDB->open_ro;
1620     + $ldapBase = esmith::util::ldapBase ($DomainName);
1621     + sub utf8
1622     + {
1623     + my $t = shift;
1624     + utf8::encode($t);
1625     + return $t;
1626     + }
1627     + $OUT = "";
1628     +}
1629     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/cpu.conf mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/cpu.conf
1630     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/cpu.conf 1969-12-31 17:00:00.000000000 -0700
1631     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/cpu.conf 2007-09-05 08:07:04.000000000 -0600
1632     @@ -0,0 +1 @@
1633     +PERMS=0600
1634     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/ldap.secret mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/ldap.secret
1635     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/ldap.secret 1969-12-31 17:00:00.000000000 -0700
1636     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/ldap.secret 2007-09-05 08:07:04.000000000 -0600
1637     @@ -0,0 +1 @@
1638     +PERMS=0600
1639     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/openldap/slapd.conf mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/openldap/slapd.conf
1640     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/openldap/slapd.conf 1969-12-31 17:00:00.000000000 -0700
1641     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/openldap/slapd.conf 2007-09-05 08:07:04.000000000 -0600
1642     @@ -0,0 +1,2 @@
1643     +GID="ldap"
1644     +PERMS=0640
1645     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/home/e-smith/db/ldap/ldif mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/home/e-smith/db/ldap/ldif
1646     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/home/e-smith/db/ldap/ldif 1969-12-31 17:00:00.000000000 -0700
1647     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/home/e-smith/db/ldap/ldif 2006-07-05 13:29:58.000000000 -0600
1648     @@ -0,0 +1,2 @@
1649     +TEMPLATE_PATH="/home/e-smith/db/ldap/ldif"
1650     +OUTPUT_FILENAME=use esmith::ConfigDB; my $d = esmith::ConfigDB->open_ro->get('DomainName')->value; "/home/e-smith/db/ldap/$d.ldif"
1651     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/web/functions/directory mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/web/functions/directory
1652     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/web/functions/directory 1969-12-31 17:00:00.000000000 -0700
1653     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/web/functions/directory 2008-03-31 09:05:28.000000000 -0600
1654     @@ -0,0 +1,151 @@
1655     +#!/usr/bin/perl -wT
1656     +# vim:ft=xml:
1657     +
1658     +#----------------------------------------------------------------------
1659     +# heading : Configuration
1660     +# description : Directory
1661     +# navigation : 6000 6300
1662     +#----------------------------------------------------------------------
1663     +# copyright (C) 2002 Mitel Networks Corporation
1664     +#
1665     +# This program is free software; you can redistribute it and/or modify
1666     +# it under the terms of the GNU General Public License as published by
1667     +# the Free Software Foundation; either version 2 of the License, or
1668     +# (at your option) any later version.
1669     +#
1670     +# This program is distributed in the hope that it will be useful,
1671     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
1672     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1673     +# GNU General Public License for more details.
1674     +#
1675     +# You should have received a copy of the GNU General Public License
1676     +# along with this program; if not, write to the Free Software
1677     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
1678     +#
1679     +# Technical support for this program is available from Mitel Networks
1680     +# Please visit our web site www.e-smith.com for details.
1681     +#----------------------------------------------------------------------
1682     +
1683     +
1684     +use strict;
1685     +use esmith::util;
1686     +use esmith::FormMagick::Panel::directory;
1687     +my $f = esmith::FormMagick::Panel::directory->new();
1688     +$f->display();
1689     +
1690     +=head1 TESTING
1691     +
1692     +
1693     +=begin testing
1694     +
1695     +use esmith::FormMagick::Tester;
1696     +use esmith::TestUtils;
1697     +use esmith::ConfigDB;
1698     +my $panel = 'directory';
1699     +my $panel_path = "/etc/e-smith/web/functions/".$panel;
1700     +my $ua = esmith::FormMagick::Tester->new();
1701     +
1702     +
1703     +
1704     +is (mode($panel_path), '4750', "Check permissions on script");
1705     +ok ($ua->get_panel($panel), "ABOUT TO RUN L10N TESTS");
1706     +is ($ua->{status}, 200, "200 OK");
1707     +like($ua->{content}, qr/FORM_TITLE/, "Saw untranslated form title");
1708     +ok ($ua->set_language("en-us"), "Set language to U.S. English");
1709     +ok ($ua->get_panel($panel), "Get panel");
1710     +
1711     +is ($ua->{status}, 200, "200 OK");
1712     +
1713     +like($ua->{content}, qr/LDAP directory settings/, "Saw translated form title");
1714     +
1715     +# Testing changes
1716     +
1717     +ok ($ua->get_panel($panel), "Testing panel retrieval");
1718     +can_ok($ua, "field");
1719     +
1720     +# Destructive testing:
1721     +
1722     +ok ($ua->{form}->find_input('Department'), 'Finding the Department field');
1723     +
1724     +$ua->field('Department' => 'TestDept' );
1725     +$ua->field('Existing' => 'update');
1726     +
1727     +ok ($ua->click("Save"), "Click Save");
1728     +is ($ua->{status}, 200, "200 OK");
1729     +like($ua->{content}, qr/settings have been saved/, "Saw validation messages");
1730     +
1731     +# Gotta open this later, so we don't cache stale data
1732     +my $db = esmith::ConfigDB->open;
1733     +
1734     +ok($db->get('ldap')->prop('defaultDepartment') eq 'TestDept');
1735     +
1736     +my $a = esmith::AccountsDB->open;
1737     +my @users = $a->users();
1738     +foreach $user (@users) {
1739     + ok( $user->prop('Dept') eq 'TestDept');
1740     +}
1741     +
1742     +
1743     +=end testing
1744     +
1745     +=cut
1746     +
1747     +__DATA__
1748     +<form title="FORM_TITLE" header="/etc/e-smith/web/common/head.tmpl" footer="/etc/e-smith/web/common/foot.tmpl">
1749     + <page
1750     + name="First"
1751     + post-event="change_settings()"
1752     + pre-event="print_status_message()">
1753     + <description>DESCRIPTION</description>
1754     +
1755     + <field type="literal" value="get_ldap_base()">
1756     + <label>LABEL_ROOT</label>
1757     + </field>
1758     +
1759     + <field
1760     + type="select"
1761     + id="Access"
1762     + value="get_prop('ldap','access')"
1763     + options="'private' => 'PRIVATE', 'public' => 'PUBLIC'">
1764     + <label>DIRECTORY_ACCESS</label>
1765     + <description>DESC_DIRECTORY_ACCESS</description>
1766     + </field>
1767     +
1768     + <field
1769     + type="text"
1770     + id="Department"
1771     + value="get_prop('ldap','defaultDepartment')">
1772     + <label>DEPARTMENT</label>
1773     + <description>DESC_DEPARTMENT</description>
1774     + </field>
1775     +
1776     + <field type="text" id="Company" value="get_prop('ldap','defaultCompany')">
1777     + <label>COMPANY</label>
1778     + </field>
1779     +
1780     + <field type="text" id="Street" value="get_prop('ldap','defaultStreet')">
1781     + <label>STREET</label>
1782     + </field>
1783     + <field type="text" id="City" value="get_prop('ldap','defaultCity')">
1784     + <label>CITY</label>
1785     + </field>
1786     +
1787     + <field
1788     + type="text"
1789     + id="PhoneNumber"
1790     + value="get_prop('ldap','defaultPhoneNumber')">
1791     + <label>PHONENUMBER</label>
1792     + </field>
1793     +
1794     + <field id="Existing"
1795     + type="select"
1796     + value='leave'
1797     + options="'leave' => 'LEAVE', 'update' => 'UPDATE'">
1798     + <label>EXISTING</label>
1799     + <description>DESC_EXISTING</description>
1800     + </field>
1801     +
1802     + <subroutine src="print_button('SAVE')" />
1803     + </page>
1804     +
1805     +</form>
1806     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/openldap/schema/redhat/rfc822-MailMember.schema mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/redhat/rfc822-MailMember.schema
1807     --- e-smith-base+ldap-4.19.1/root/etc/openldap/schema/redhat/rfc822-MailMember.schema 1969-12-31 17:00:00.000000000 -0700
1808     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/redhat/rfc822-MailMember.schema 2006-07-05 13:29:58.000000000 -0600
1809     @@ -0,0 +1,15 @@
1810     +attributetype
1811     + ( 1.3.6.1.4.1.42.2.27.2.1.15
1812     + NAME 'rfc822MailMember'
1813     + DESC 'rfc822 mail address of group member(s)'
1814     + EQUALITY caseIgnoreIA5Match
1815     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
1816     + )
1817     +objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
1818     + NAME 'nisMailAlias'
1819     + SUP top STRUCTURAL
1820     + DESC 'NIS mail alias'
1821     + MUST cn
1822     + MAY rfc822MailMember )
1823     +
1824     +
1825     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema
1826     --- e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema 1969-12-31 17:00:00.000000000 -0700
1827     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema 2007-09-05 08:07:04.000000000 -0600
1828     @@ -0,0 +1,480 @@
1829     +##
1830     +## schema file for OpenLDAP 2.x
1831     +## Schema for storing Samba user accounts and group maps in LDAP
1832     +## OIDs are owned by the Samba Team
1833     +##
1834     +## Prerequisite schemas - uid (cosine.schema)
1835     +## - displayName (inetorgperson.schema)
1836     +## - gidNumber (nis.schema)
1837     +##
1838     +## 1.3.6.1.4.1.7165.2.1.x - attributetypes
1839     +## 1.3.6.1.4.1.7165.2.2.x - objectclasses
1840     +##
1841     +## Printer support
1842     +## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
1843     +## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
1844     +##
1845     +## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
1846     +##
1847     +## Run the 'get_next_oid' bash script in this directory to find the
1848     +## next available OID for attribute type and object classes.
1849     +##
1850     +## $ ./get_next_oid
1851     +## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
1852     +## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
1853     +##
1854     +## Also ensure that new entries adhere to the declaration style
1855     +## used throughout this file
1856     +##
1857     +## <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
1858     +## ^ ^ ^
1859     +##
1860     +## The spaces are required for the get_next_oid script (and for
1861     +## readability).
1862     +##
1863     +## ------------------------------------------------------------------
1864     +
1865     +# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
1866     +# objectIdentifier Samba3 SambaRoot:2
1867     +# objectIdentifier Samba3Attrib Samba3:1
1868     +# objectIdentifier Samba3ObjectClass Samba3:2
1869     +
1870     +########################################################################
1871     +## HISTORICAL ##
1872     +########################################################################
1873     +
1874     +##
1875     +## Password hashes
1876     +##
1877     +#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
1878     +# DESC 'LanManager Passwd'
1879     +# EQUALITY caseIgnoreIA5Match
1880     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
1881     +
1882     +#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
1883     +# DESC 'NT Passwd'
1884     +# EQUALITY caseIgnoreIA5Match
1885     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
1886     +
1887     +##
1888     +## Account flags in string format ([UWDX ])
1889     +##
1890     +#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
1891     +# DESC 'Account Flags'
1892     +# EQUALITY caseIgnoreIA5Match
1893     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
1894     +
1895     +##
1896     +## Password timestamps & policies
1897     +##
1898     +#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
1899     +# DESC 'NT pwdLastSet'
1900     +# EQUALITY integerMatch
1901     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1902     +
1903     +#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
1904     +# DESC 'NT logonTime'
1905     +# EQUALITY integerMatch
1906     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1907     +
1908     +#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
1909     +# DESC 'NT logoffTime'
1910     +# EQUALITY integerMatch
1911     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1912     +
1913     +#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
1914     +# DESC 'NT kickoffTime'
1915     +# EQUALITY integerMatch
1916     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1917     +
1918     +#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
1919     +# DESC 'NT pwdCanChange'
1920     +# EQUALITY integerMatch
1921     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1922     +
1923     +#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
1924     +# DESC 'NT pwdMustChange'
1925     +# EQUALITY integerMatch
1926     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1927     +
1928     +##
1929     +## string settings
1930     +##
1931     +#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
1932     +# DESC 'NT homeDrive'
1933     +# EQUALITY caseIgnoreIA5Match
1934     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
1935     +
1936     +#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
1937     +# DESC 'NT scriptPath'
1938     +# EQUALITY caseIgnoreIA5Match
1939     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
1940     +
1941     +#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
1942     +# DESC 'NT profilePath'
1943     +# EQUALITY caseIgnoreIA5Match
1944     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
1945     +
1946     +#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
1947     +# DESC 'userWorkstations'
1948     +# EQUALITY caseIgnoreIA5Match
1949     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
1950     +
1951     +#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
1952     +# DESC 'smbHome'
1953     +# EQUALITY caseIgnoreIA5Match
1954     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
1955     +
1956     +#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
1957     +# DESC 'Windows NT domain to which the user belongs'
1958     +# EQUALITY caseIgnoreIA5Match
1959     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
1960     +
1961     +##
1962     +## user and group RID
1963     +##
1964     +#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
1965     +# DESC 'NT rid'
1966     +# EQUALITY integerMatch
1967     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1968     +
1969     +#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
1970     +# DESC 'NT Group RID'
1971     +# EQUALITY integerMatch
1972     +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
1973     +
1974     +##
1975     +## The smbPasswordEntry objectclass has been depreciated in favor of the
1976     +## sambaAccount objectclass
1977     +##
1978     +#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
1979     +# DESC 'Samba smbpasswd entry'
1980     +# MUST ( uid $ uidNumber )
1981     +# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
1982     +
1983     +#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
1984     +# DESC 'Samba Account'
1985     +# MUST ( uid $ rid )
1986     +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
1987     +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
1988     +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
1989     +# description $ userWorkstations $ primaryGroupID $ domain ))
1990     +
1991     +#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
1992     +# DESC 'Samba Auxiliary Account'
1993     +# MUST ( uid $ rid )
1994     +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
1995     +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
1996     +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
1997     +# description $ userWorkstations $ primaryGroupID $ domain ))
1998     +
1999     +########################################################################
2000     +## END OF HISTORICAL ##
2001     +########################################################################
2002     +
2003     +#######################################################################
2004     +## Attributes used by Samba 3.0 schema ##
2005     +#######################################################################
2006     +
2007     +##
2008     +## Password hashes
2009     +##
2010     +attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
2011     + DESC 'LanManager Password'
2012     + EQUALITY caseIgnoreIA5Match
2013     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
2014     +
2015     +attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
2016     + DESC 'MD4 hash of the unicode password'
2017     + EQUALITY caseIgnoreIA5Match
2018     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
2019     +
2020     +##
2021     +## Account flags in string format ([UWDX ])
2022     +##
2023     +attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
2024     + DESC 'Account Flags'
2025     + EQUALITY caseIgnoreIA5Match
2026     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
2027     +
2028     +##
2029     +## Password timestamps & policies
2030     +##
2031     +attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
2032     + DESC 'Timestamp of the last password update'
2033     + EQUALITY integerMatch
2034     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2035     +
2036     +attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
2037     + DESC 'Timestamp of when the user is allowed to update the password'
2038     + EQUALITY integerMatch
2039     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2040     +
2041     +attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
2042     + DESC 'Timestamp of when the password will expire'
2043     + EQUALITY integerMatch
2044     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2045     +
2046     +attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
2047     + DESC 'Timestamp of last logon'
2048     + EQUALITY integerMatch
2049     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2050     +
2051     +attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
2052     + DESC 'Timestamp of last logoff'
2053     + EQUALITY integerMatch
2054     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2055     +
2056     +attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
2057     + DESC 'Timestamp of when the user will be logged off automatically'
2058     + EQUALITY integerMatch
2059     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2060     +
2061     +attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
2062     + DESC 'Bad password attempt count'
2063     + EQUALITY integerMatch
2064     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2065     +
2066     +attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
2067     + DESC 'Time of the last bad password attempt'
2068     + EQUALITY integerMatch
2069     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2070     +
2071     +attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
2072     + DESC 'Logon Hours'
2073     + EQUALITY caseIgnoreIA5Match
2074     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
2075     +
2076     +##
2077     +## string settings
2078     +##
2079     +attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
2080     + DESC 'Driver letter of home directory mapping'
2081     + EQUALITY caseIgnoreIA5Match
2082     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
2083     +
2084     +attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
2085     + DESC 'Logon script path'
2086     + EQUALITY caseIgnoreMatch
2087     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
2088     +
2089     +attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
2090     + DESC 'Roaming profile path'
2091     + EQUALITY caseIgnoreMatch
2092     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
2093     +
2094     +attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
2095     + DESC 'List of user workstations the user is allowed to logon to'
2096     + EQUALITY caseIgnoreMatch
2097     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
2098     +
2099     +attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
2100     + DESC 'Home directory UNC path'
2101     + EQUALITY caseIgnoreMatch
2102     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
2103     +
2104     +attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
2105     + DESC 'Windows NT domain to which the user belongs'
2106     + EQUALITY caseIgnoreMatch
2107     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
2108     +
2109     +attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
2110     + DESC ''
2111     + EQUALITY caseExactMatch
2112     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
2113     +
2114     +attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
2115     + DESC 'Concatenated MD4 hashes of the unicode passwords used on this account'
2116     + EQUALITY caseIgnoreIA5Match
2117     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
2118     +
2119     +##
2120     +## SID, of any type
2121     +##
2122     +
2123     +attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
2124     + DESC 'Security ID'
2125     + EQUALITY caseIgnoreIA5Match
2126     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
2127     +
2128     +
2129     +##
2130     +## Primary group SID, compatible with ntSid
2131     +##
2132     +
2133     +attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
2134     + DESC 'Primary Group Security ID'
2135     + EQUALITY caseIgnoreIA5Match
2136     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
2137     +
2138     +attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
2139     + DESC 'Security ID List'
2140     + EQUALITY caseIgnoreIA5Match
2141     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
2142     +
2143     +##
2144     +## group mapping attributes
2145     +##
2146     +attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
2147     + DESC 'NT Group Type'
2148     + EQUALITY integerMatch
2149     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2150     +
2151     +##
2152     +## Store info on the domain
2153     +##
2154     +
2155     +attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
2156     + DESC 'Next NT rid to give our for users'
2157     + EQUALITY integerMatch
2158     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2159     +
2160     +attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
2161     + DESC 'Next NT rid to give out for groups'
2162     + EQUALITY integerMatch
2163     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2164     +
2165     +attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
2166     + DESC 'Next NT rid to give out for anything'
2167     + EQUALITY integerMatch
2168     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2169     +
2170     +attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
2171     + DESC 'Base at which the samba RID generation algorithm should operate'
2172     + EQUALITY integerMatch
2173     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2174     +
2175     +attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
2176     + DESC 'Share Name'
2177     + EQUALITY caseIgnoreMatch
2178     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
2179     +
2180     +attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
2181     + DESC 'Option Name'
2182     + EQUALITY caseIgnoreMatch
2183     + SUBSTR caseIgnoreSubstringsMatch
2184     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
2185     +
2186     +attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
2187     + DESC 'A boolean option'
2188     + EQUALITY booleanMatch
2189     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
2190     +
2191     +attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
2192     + DESC 'An integer option'
2193     + EQUALITY integerMatch
2194     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2195     +
2196     +attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
2197     + DESC 'A string option'
2198     + EQUALITY caseExactIA5Match
2199     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
2200     +
2201     +attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
2202     + DESC 'A string list option'
2203     + EQUALITY caseIgnoreMatch
2204     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
2205     +
2206     +
2207     +attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
2208     + SUP name )
2209     +
2210     +attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
2211     + DESC 'Privileges List'
2212     + EQUALITY caseIgnoreIA5Match
2213     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
2214     +
2215     +attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
2216     + DESC 'Trust Password Flags'
2217     + EQUALITY caseIgnoreIA5Match
2218     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
2219     +
2220     +
2221     +#######################################################################
2222     +## objectClasses used by Samba 3.0 schema ##
2223     +#######################################################################
2224     +
2225     +## The X.500 data model (and therefore LDAPv3) says that each entry can
2226     +## only have one structural objectclass. OpenLDAP 2.0 does not enforce
2227     +## this currently but will in v2.1
2228     +
2229     +##
2230     +## added new objectclass (and OID) for 3.0 to help us deal with backwards
2231     +## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
2232     +##
2233     +objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
2234     + DESC 'Samba 3.0 Auxilary SAM Account'
2235     + MUST ( uid $ sambaSID )
2236     + MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
2237     + sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
2238     + sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
2239     + displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
2240     + sambaProfilePath $ description $ sambaUserWorkstations $
2241     + sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
2242     + sambaBadPasswordCount $ sambaBadPasswordTime $
2243     + sambaPasswordHistory $ sambaLogonHours))
2244     +
2245     +##
2246     +## Group mapping info
2247     +##
2248     +objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
2249     + DESC 'Samba Group Mapping'
2250     + MUST ( gidNumber $ sambaSID $ sambaGroupType )
2251     + MAY ( displayName $ description $ sambaSIDList ))
2252     +
2253     +##
2254     +## Trust password for trust relationships (any kind)
2255     +##
2256     +objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
2257     + DESC 'Samba Trust Password'
2258     + MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
2259     + MAY ( sambaSID $ sambaPwdLastSet ))
2260     +
2261     +##
2262     +## Whole-of-domain info
2263     +##
2264     +objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
2265     + DESC 'Samba Domain Information'
2266     + MUST ( sambaDomainName $
2267     + sambaSID )
2268     + MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
2269     + sambaAlgorithmicRidBase ) )
2270     +
2271     +##
2272     +## used for idmap_ldap module
2273     +##
2274     +objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
2275     + DESC 'Pool for allocating UNIX uids/gids'
2276     + MUST ( uidNumber $ gidNumber ) )
2277     +
2278     +
2279     +objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
2280     + DESC 'Mapping from a SID to an ID'
2281     + MUST ( sambaSID )
2282     + MAY ( uidNumber $ gidNumber ) )
2283     +
2284     +objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
2285     + DESC 'Structural Class for a SID'
2286     + MUST ( sambaSID ) )
2287     +
2288     +objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
2289     + DESC 'Samba Configuration Section'
2290     + MAY ( description ) )
2291     +
2292     +objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
2293     + DESC 'Samba Share Section'
2294     + MUST ( sambaShareName )
2295     + MAY ( description ) )
2296     +
2297     +objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
2298     + DESC 'Samba Configuration Option'
2299     + MUST ( sambaOptionName )
2300     + MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $
2301     + sambaStringListoption $ description ) )
2302     +
2303     +
2304     +objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
2305     + DESC 'Samba Privilege'
2306     + MUST ( sambaSID )
2307     + MAY ( sambaPrivilegeList ) )
2308     +
2309     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/directory.pm mezzanine_patched_e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/directory.pm
2310     --- e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/directory.pm 1969-12-31 17:00:00.000000000 -0700
2311     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/directory.pm 2008-03-31 09:13:28.000000000 -0600
2312     @@ -0,0 +1,204 @@
2313     +#!/usr/bin/perl -w
2314     +
2315     +#
2316     +# $Id: directory.pm,v 1.3 2003/12/18 17:19:54 msoulier Exp $
2317     +#
2318     +
2319     +package esmith::FormMagick::Panel::directory;
2320     +
2321     +use strict;
2322     +use esmith::AccountsDB;
2323     +use esmith::ConfigDB;
2324     +use esmith::FormMagick;
2325     +use esmith::util;
2326     +use File::Basename;
2327     +use Exporter;
2328     +use Carp;
2329     +
2330     +our @ISA = qw(esmith::FormMagick Exporter);
2331     +
2332     +our @EXPORT = qw(
2333     + get_ldap_base get_value get_prop change_settings
2334     +);
2335     +
2336     +our $VERSION = sprintf '%d.%03d', q$Revision: 1.3 $ =~ /: (\d+).(\d+)/;
2337     +
2338     +our $db = esmith::ConfigDB->open();
2339     +
2340     +
2341     +# {{{ header
2342     +
2343     +=pod
2344     +
2345     +=head1 NAME
2346     +
2347     +esmith::FormMagick::Panels::directory - useful panel functions
2348     +
2349     +=head1 SYNOPSIS
2350     +
2351     + use esmith::FormMagick::Panels::directory;
2352     +
2353     + my $panel = esmith::FormMagick::Panel::directory->new();
2354     + $panel->display();
2355     +
2356     +=head1 DESCRIPTION
2357     +
2358     +=cut
2359     +
2360     +# }}}
2361     +
2362     +# {{{ new
2363     +
2364     +=head2 new();
2365     +
2366     +Exactly as for esmith::FormMagick
2367     +
2368     +=begin testing
2369     +
2370     +
2371     +use_ok('esmith::FormMagick::Panel::directory');
2372     +use vars qw($panel);
2373     +ok($panel = esmith::FormMagick::Panel::directory->new(), "Create panel object");
2374     +isa_ok($panel, 'esmith::FormMagick::Panel::directory');
2375     +
2376     +=end testing
2377     +
2378     +=cut
2379     +
2380     +
2381     +
2382     +sub new {
2383     + shift;
2384     + my $self = esmith::FormMagick->new();
2385     + $self->{calling_package} = (caller)[0];
2386     + bless $self;
2387     + return $self;
2388     +}
2389     +
2390     +# }}}
2391     +
2392     +# {{{ get_prop
2393     +
2394     +=head2 get_prop ITEM PROP
2395     +
2396     +A simple accessor for esmith::ConfigDB::Record::prop
2397     +
2398     +=cut
2399     +
2400     +sub get_prop {
2401     + my $fm = shift;
2402     + my $item = shift;
2403     + my $prop = shift;
2404     +
2405     + my $record = $db->get($item);
2406     + if ($record) {
2407     + return $record->prop($prop);
2408     + }
2409     + else {
2410     + return '';
2411     + }
2412     +
2413     +}
2414     +
2415     +# }}}
2416     +
2417     +=head2 get_ldap_base
2418     +
2419     +Gets the LDAP base for this domain
2420     +
2421     +=cut
2422     +
2423     +sub get_ldap_base {
2424     + return esmith::util::ldapBase(get_value('','DomainName'));
2425     +}
2426     +
2427     +
2428     +# {{{ get_value
2429     +
2430     +=head2 get_value ITEM
2431     +
2432     +A simple accessor for esmith::ConfigDB::Record::value
2433     +
2434     +=cut
2435     +
2436     +sub get_value {
2437     + my $fm = shift;
2438     + my $item = shift;
2439     +
2440     + my $record = $db->get($item);
2441     + if ($record) {
2442     + return $record->value();
2443     + }
2444     + else {
2445     + return '';
2446     + }
2447     +}
2448     +
2449     +# }}}
2450     +
2451     +=head1 ACTION
2452     +
2453     +
2454     +# {{{ change_settings
2455     +
2456     +=head2 change_settings
2457     +
2458     +If everything has been validated, properly, go ahead and set the new settings
2459     +
2460     +=cut
2461     +
2462     +
2463     +
2464     +sub change_settings {
2465     + my ($fm) = @_;
2466     +
2467     + my $q = $fm->{'cgi'};
2468     +
2469     + my $access = $q->param ('Access') || 'private';
2470     + my $department = $q->param ('Department') || "";
2471     + my $company = $q->param ('Company') || "";
2472     + my $street = $q->param ('Street') || "";
2473     + my $city = $q->param ('City') || "";
2474     + my $phone = $q->param ('PhoneNumber') || "";
2475     + my $existing = $q->param ('Existing') || 'leave' ;
2476     + $db->get('ldap')->set_prop('access', $access);
2477     + $db->get('ldap')->set_prop('defaultDepartment', $department);
2478     + $db->get('ldap')->set_prop('defaultCompany', $company);
2479     + $db->get('ldap')->set_prop('defaultStreet', $street);
2480     + $db->get('ldap')->set_prop('defaultCity', $city);
2481     + $db->get('ldap')->set_prop('defaultPhoneNumber', $phone);
2482     +
2483     + #------------------------------------------------------------
2484     + # If requested, update the account records for all existing users.
2485     + # Don't need to signal any special events for this, since we're only
2486     + # changing LDAP information. If we were changing the user names
2487     + # or email parameters, we'd have to signal events to trigger the
2488     + # right updates.
2489     + #------------------------------------------------------------
2490     +
2491     + if ($existing eq 'update') {
2492     + my $a = esmith::AccountsDB->open;
2493     + my @users = $a->users();
2494     +
2495     + foreach my $user (@users) {
2496     + $user->set_prop('Phone', $phone);
2497     + $user->set_prop('Company', $company);
2498     + $user->set_prop('Dept', $department);
2499     + $user->set_prop('City', $city);
2500     + $user->set_prop('Street', $street);
2501     +
2502     + }
2503     + }
2504     + #------------------------------------------------------------
2505     + # Update the system
2506     + #------------------------------------------------------------
2507     +
2508     + system ("/sbin/e-smith/signal-event ldap-update") == 0
2509     + or return $fm->error('ERROR_UPDATING');
2510     +
2511     + return $fm->success('SUCCESS');
2512     +}
2513     +
2514     +# }}}
2515     +
2516     +1;
2517     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/ldap.pm mezzanine_patched_e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/ldap.pm
2518     --- e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/ldap.pm 1969-12-31 17:00:00.000000000 -0700
2519     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/ldap.pm 2007-09-05 08:07:04.000000000 -0600
2520     @@ -0,0 +1,85 @@
2521     +#----------------------------------------------------------------------
2522     +# This program is free software; you can redistribute it and/or
2523     +# modify it under the same terms as Perl itself.
2524     +#----------------------------------------------------------------------
2525     +
2526     +package esmith::ldap;
2527     +
2528     +use strict;
2529     +use warnings;
2530     +use esmith::db;
2531     +
2532     +use vars qw( $AUTOLOAD @ISA );
2533     +
2534     +use esmith::util;
2535     +use Net::LDAP;
2536     +
2537     +=head1 NAME
2538     +
2539     +esmith::ldap - Utilities for ldap directory.
2540     +
2541     +=head1 SYNOPSIS
2542     +
2543     + use esmith::ldap;
2544     +
2545     + cancelLdapPassword("username");
2546     +
2547     +=head1 DESCRIPTION
2548     +
2549     +This module provides utilities specific to ldap directory.
2550     +
2551     +=cut
2552     +
2553     +our $VERSION = sprintf '%d.%03d', q$Revision: 1.0 $ =~ /: (\d+).(\d+)/;
2554     +
2555     +=head2 cancelLdapPassword()
2556     +
2557     +Lock user ldap password.
2558     +
2559     +=cut
2560     +
2561     +sub cancelLdapPassword {
2562     + my ($username) = @_;
2563     +
2564     + my $c = esmith::ConfigDB->open_ro;
2565     +
2566     + my $l = $c->get('ldap');
2567     + my $status = $l->prop('status') || "disabled";
2568     + unless ($status eq "enabled" )
2569     + {
2570     + warn "Not running action script $0, LDAP service not enabled!\n";
2571     + exit(0);
2572     + }
2573     +
2574     + # Ldap base binding.
2575     + my $system = $c->get('SystemName')
2576     + || die("Couldn't determine system name");
2577     + $system = $system->value;
2578     + my $domain = $c->get('DomainName')
2579     + || die("Couldn't determine domain name");
2580     + $domain = $domain->value;
2581     +
2582     + my $pw = esmith::util::LdapPassword();
2583     + my $base = esmith::util::ldapBase ($domain);
2584     + my $ldap = Net::LDAP->new("$system.$domain")
2585     + or die "$@";
2586     +
2587     + $ldap->bind(
2588     + dn => "cn=root,$base",
2589     + password => $pw
2590     + );
2591     +
2592     + # Lock password.
2593     + my $dn = "uid=$username,ou=Users,$base";
2594     +
2595     + my $locked_pass = "{crypt}*";
2596     + my %attrs = (userPassword => $locked_pass);
2597     +
2598     + my $result = $ldap->modify ($dn, replace => \%attrs);
2599     + $result->code &&
2600     + warn "failed to modify entry for $dn: ", $result->error;
2601     +
2602     + $ldap->unbind;
2603     +
2604     + return 1; # success
2605     +}
2606     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/var/service/ldap/control/1 mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/control/1
2607     --- e-smith-base+ldap-4.19.1/root/var/service/ldap/control/1 1969-12-31 17:00:00.000000000 -0700
2608     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/control/1 2007-09-05 08:07:04.000000000 -0600
2609     @@ -0,0 +1,39 @@
2610     +#!/usr/bin/perl -w
2611     +
2612     +#----------------------------------------------------------------------
2613     +# copyright (C) 2005 Mitel Networks Corporation
2614     +#
2615     +# This program is free software; you can redistribute it and/or modify
2616     +# it under the terms of the GNU General Public License as published by
2617     +# the Free Software Foundation; either version 2 of the License, or
2618     +# (at your option) any later version.
2619     +#
2620     +# This program is distributed in the hope that it will be useful,
2621     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
2622     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2623     +# GNU General Public License for more details.
2624     +#
2625     +# You should have received a copy of the GNU General Public License
2626     +# along with this program; if not, write to the Free Software
2627     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
2628     +#
2629     +# Technical support for this program is available from Mitel Networks
2630     +# Please visit our web site www.mitel.com/sme/ for details.
2631     +#----------------------------------------------------------------------
2632     +
2633     +use esmith::ConfigDB;
2634     +use esmith::util;
2635     +use File::Copy;
2636     +
2637     +my $c = esmith::ConfigDB->open_ro;
2638     +my $s = $c->get('SystemName')->value;
2639     +my $d = $c->get('DomainName')->value;
2640     +
2641     +my $pem = "./ssl/slapd.pem";
2642     +# Now copy system pem file into jail used by ldap
2643     +copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$")
2644     + or die "failed to copy SSL PEM: $!";
2645     +chmod 0640, "$pem.$$";
2646     +esmith::util::chownFile("root", "ldap", "$pem.$$");
2647     +rename("$pem.$$", "$pem")
2648     + or die "failed to rename $pem.$$ to $pem: $!";
2649     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/var/service/ldap/finish mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/finish
2650     --- e-smith-base+ldap-4.19.1/root/var/service/ldap/finish 1969-12-31 17:00:00.000000000 -0700
2651     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/finish 2006-07-05 13:29:58.000000000 -0600
2652     @@ -0,0 +1,3 @@
2653     +#! /bin/sh
2654     +
2655     +exec /usr/sbin/slapcat -l ldif
2656     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/var/service/ldap/run mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/run
2657     --- e-smith-base+ldap-4.19.1/root/var/service/ldap/run 1969-12-31 17:00:00.000000000 -0700
2658     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/run 2008-03-31 10:11:50.000000000 -0600
2659     @@ -0,0 +1,47 @@
2660     +#! /bin/sh
2661     +
2662     +domain=$(/sbin/e-smith/config get DomainName)
2663     +system=$(/sbin/e-smith/config get SystemName)
2664     +ldif="/home/e-smith/db/ldap/$domain.ldif"
2665     +
2666     +./control/1
2667     +
2668     +if [ -e ldif ]
2669     +then
2670     + old_ldif=$(readlink ldif)
2671     + if [ "$old_ldif" != "$ldif" ]
2672     + then
2673     + # The domain name has changed, so we need to delete
2674     + # the old directory contents. We still have the old
2675     + # dump.
2676     + find /var/lib/ldap -type f | xargs rm -f
2677     + fi
2678     +fi
2679     +
2680     +# Set up symlink for ldap dump at shutdown
2681     +ln -sf $ldif ./ldif
2682     +
2683     +# Prime directory if required
2684     +if [ \! -f /var/lib/ldap/nextid.dbb ]
2685     +then
2686     + if [ -e "$old_ldif" ]
2687     + then
2688     + old_base_dn=$(basename $old_ldif | sed -e 's/.ldif$//' -e 's/./,dc=/g' -e 's/^/dc=/')
2689     + base_dn=$(echo $domain | sed -e 's/./,dc=/g' -e 's/^/dc=/')
2690     + sed -e "s/$old_base_dn/$base_dn/" \
2691     + -e 's/objectClass: group/objectClass: posixGroup/' < $old_ldif | \
2692     + setuidgid ldap slapadd -c
2693     + else
2694     + if [ \! -e "$ldif" ]
2695     + then
2696     + /sbin/e-smith/expand-template /home/e-smith/db/ldap/ldif
2697     + fi
2698     + sed -e 's/objectClass: group/objectClass: posixGroup/' < $ldif | \
2699     + setuidgid ldap slapadd -c
2700     + /etc/e-smith/events/actions/ldap-init-accounts
2701     + fi
2702     +fi
2703     +
2704     +# Now run daemon
2705     +exec /usr/sbin/slapd -4 -u ldap -d 0 \
2706     + -h "ldap://localhost:389 ldap://$system.$domain:389 ldaps://$system.$domain:636"

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed