diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/createlinks mezzanine_patched_e-smith-base+ldap-4.19.1/createlinks --- e-smith-base+ldap-4.19.1/createlinks 2008-03-31 11:22:32.000000000 -0600 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/createlinks 2008-03-31 10:01:35.000000000 -0600 @@ -206,6 +206,9 @@ /etc/pam.d/system-auth /etc/pam.d/passwd /etc/pam.d/pwauth + /etc/ldap.conf + /etc/ldap.secret + /etc/cpu.conf /etc/security/pam_abl.conf )) { @@ -274,6 +277,7 @@ panel_link("remoteaccess", $panel); panel_link("review", $panel); panel_link("useraccounts", $panel); +panel_link("directory", $panel); #-------------------------------------------------- # actions for console-save event @@ -301,7 +305,6 @@ templates2events("/etc/smartd.conf", $event); templates2events("/home/e-smith/ssl.pem/pem", $event); event_link("rmmod-bonding", $event, "10"); -event_link("user-lock-passwd", $event, "15"); event_link("set-hostname", $event, "10"); event_link("conf-modules", $event, "30"); event_link("conf-startup", $event, "60"); @@ -375,6 +378,7 @@ event_link("rotate_timestamped_logfiles", $event, "05"); event_link("init-accounts", $event, "05"); +#event_link("ldap-init-accounts", $event, "07"); event_link("init-passwords", $event, "10"); event_link("conf-startup", $event, "10"); event_link("conf-modules", $event, "30"); @@ -388,11 +392,8 @@ event_link("rotate_timestamped_logfiles", $event, "05"); event_link("init-accounts", $event, "05"); +#event_link("ldap-init-accounts", $event, "07"); event_link("conf-startup", $event, "10"); -event_link("user-lock-passwd", $event, "15"); -event_link("group-modify-unix", $event, "15"); -event_link("user-modify-unix", $event, "15"); -event_link("update-passwd", $event, "20"); event_link("count-active-user-accounts", $event, "25"); event_link("conf-modules", $event, "30"); event_link("create-mnt-floppy", $event, "50"); @@ -567,3 +568,33 @@ safe_symlink("run.dhclient", "root/var/service/wan/run.DHCPHostname"); safe_symlink("run.dhclient", "root/var/service/wan/run.DHCPEthernetAddress"); + +foreach (qw(ldap.conf slapd.conf)) +{ +templates2events("/etc/openldap/$_", + qw( + bootstrap-console-save + console-save + )); +} + +templates2events("/home/e-smith/db/ldap/ldif", "bootstrap-console-save"); + +event_link("ldap-update", "group-create", "25"); +event_link("ldap-delete", "group-delete", "25"); +event_link("ldap-update", "user-create", "25"); +event_link("ldap-delete", "user-delete", "25"); + +event_link("ldap-update", "user-modify", "25"); +event_link("ldap-update", "group-modify", "25"); + +event_link("ldap-update", "ldap-update", "80"); +templates2events("/etc/rc.d/init.d/masq", "ldap-update"); +templates2events("/etc/hosts.allow", "ldap-update"); +safe_symlink("restart", "root/etc/e-smith/events/ldap-update/services2adjust/ldap"); +safe_symlink("adjust", "root/etc/e-smith/events/ldap-update/services2adjust/masq"); +safe_symlink("sigusr1", "root/etc/e-smith/events/ldap-update/services2adjust/httpd-e-smith"); + +event_link("ldap-delete-dumps", "pre-restore", "25"); + +exit 0; diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/access mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/access --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/access 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/access 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +private diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCity mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCity --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCity 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCity 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +Ottawa diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCompany mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCompany --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCompany 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultCompany 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +XYZ Corporation diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultDepartment mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultDepartment --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultDepartment 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultDepartment 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +Main diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultPhoneNumber mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultPhoneNumber --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultPhoneNumber 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultPhoneNumber 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +555-5555 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultStreet mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultStreet --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultStreet 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/defaultStreet 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +123 Main Street diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/status mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/status --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/status 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/status 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +enabled diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/TCPPort mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/TCPPort --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/TCPPort 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/TCPPort 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +389 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/type mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/type --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/type 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/defaults/ldap/type 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +service diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/migrate/ldap/GenPassword mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/migrate/ldap/GenPassword --- e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/migrate/ldap/GenPassword 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/db/configuration/migrate/ldap/GenPassword 2006-07-05 13:29:57.000000000 -0600 @@ -0,0 +1,3 @@ +{ + -f "/etc/openldap/ldap.pw" || esmith::util::genLdapPassword(); +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/gentle-ldap-dump mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/gentle-ldap-dump --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/gentle-ldap-dump 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/gentle-ldap-dump 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1,56 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2002 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::util; + +my $c = esmith::ConfigDB->open_ro; +my $domain = $c->get('DomainName') + || die("Couldn't determine domain name"); +$domain = $domain->value; + +# First try to run slapcat, which may fail if slapd is running +exit 0 unless + system("/usr/sbin/slapcat", "-l", "/home/e-smith/db/ldap/$domain.ldif"); + +# and failing that, restart ldap, which will generate a dump file +# in the process + +my $l = $c->get('ldap'); +my $status = $l->prop('status') || "disabled"; +die "Couldn't run slapcat, and ldap is disabled. Won't restart." . + "No LDIF dump produced\n" + unless ($status eq "enabled" ); +esmith::util::serviceControl + ( + NAME => 'ldap', + ACTION => 'restart', + BACKGROUND => 'false', + ) || + die "Couldn't restart ldap"; + +exit (0); diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-create-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-create-unix --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-create-unix 2005-11-20 21:28:05.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-create-unix 2008-03-31 09:15:45.000000000 -0600 @@ -69,7 +69,8 @@ # Create the user's unique group first system( - "/usr/sbin/groupadd", + "/usr/sbin/cpu", + "groupadd", "-g", $gid, $groupName ) == 0 or die "Failed to create group $groupName.\n"; @@ -77,7 +78,8 @@ # Now create the dummy user account system( - "/usr/sbin/useradd", + "/usr/sbin/cpu", + "useradd", "-u", $uid, "-g", $gid, "-c", $description, @@ -126,8 +128,8 @@ $groups = join (',', sort (@groupList)); - system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0 - or die "Failed to modify supplementary group list for $member.\n"; + system("/usr/sbin/cpu", "usermod", "-G", "$groups", "$member") == 0 + or die "Failed to modify supplementary group list for $member.\n"; } exit (0); diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-delete-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-delete-unix --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-delete-unix 2005-11-20 21:28:05.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-delete-unix 2008-03-31 09:16:14.000000000 -0600 @@ -29,10 +29,7 @@ my $event = $ARGV [0]; my $groupName = $ARGV [1] or die "Groupname argument missing."; -system("/usr/sbin/userdel", "$groupName") == 0 +system("/usr/sbin/cpu", "userdel", "$groupName") == 0 or die "Failed to delete dummy user for group $groupName.\n"; -system("/usr/sbin/groupdel", "$groupName") == 0 - or die "Failed to delete group $groupName.\n"; - exit (0); diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-modify-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-modify-unix --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-modify-unix 2005-11-20 21:28:05.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/group-modify-unix 2008-03-31 09:16:36.000000000 -0600 @@ -64,7 +64,7 @@ my $groupDesc = $properties{'Description'} if (defined $properties{'Description'}); - system("/usr/sbin/usermod", "-c", "$groupDesc", "$groupName") == 0 + system("/usr/sbin/cpu", "usermod", "-c", "$groupDesc", "$groupName") == 0 or die "Failed to modify group description for $groupName.\n"; my ($name, $passwd, $gid, $members) = getgrnam ($groupName); @@ -118,8 +118,8 @@ } $groups = join (',', sort (@groupList)); - system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0 - or die "Failed to modify supplementary group list for $member.\n"; + system("/usr/sbin/cpu", "usermod", "-G", "$groups", "$member") == 0 + or die "Failed to modify supplementary group list for $member.\n"; } } diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete 2008-03-31 10:02:58.000000000 -0600 @@ -0,0 +1,77 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 1999-2005 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +#---------------------------------------------------------------------- + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::util; +use Net::LDAP; + +my $db = esmith::ConfigDB->open_ro or die "Could not open config db"; + +unless ($db->get('ldap')->prop('status') eq "enabled" ) +{ + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); +} + +my $domain = $db->get('DomainName') + || die("Couldn't determine domain name"); + $domain = $domain->value; + +my $event = $ARGV [0]; +my $userName = $ARGV [1]; + +die "Username argument missing." unless defined ($userName); + +#------------------------------------------------------------ +# Delete user from LDAP directory. First read LDAP password +#------------------------------------------------------------ +my $pw = esmith::util::LdapPassword(); +my $base = esmith::util::ldapBase ($domain); + +#------------------------------------------------------------ +# Delete LDAP entry. +#------------------------------------------------------------ +my $ldap = Net::LDAP->new('localhost') + or die "$@"; + +$ldap->bind( + dn => "cn=root,$base", + password => $pw +); + +my @search_args = ( base => $base, filter => "uid=$userName" ); +my $mesg = $ldap->search(@search_args); + +$mesg->code && die "Failed ldap search: ", $mesg->error; + +if ($mesg->count > 1) +{ + die("LDAP search for $userName returned $mesg->count - 1 expected\n"); +} + +$ldap->delete($mesg->entry(0)); +$ldap->unbind; + +exit (0); diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete-dumps mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete-dumps --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete-dumps 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-delete-dumps 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1,63 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2002 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::util; + +my $conf = esmith::ConfigDB->open; +my $domain = $conf->get('DomainName') + || die("Couldn't determine domain name"); +$domain = $domain->value; + +my $ldap = $conf->get('ldap'); +if($ldap and $ldap->prop('status') eq 'enabled') +{ + esmith::util::serviceControl( + NAME => 'ldap', + ACTION => 'stop', + BACKGROUND => 'false') + or die "Unable to stop ldap\n"; +} + +my $file = "/home/e-smith/db/ldap/$domain.ldif"; +if(-e $file) +{ + unlink($file) or die "Unable to unlink $file: $!\n"; +} + +my $ldapdir = "/var/lib/ldap"; +opendir DIR, $ldapdir; +foreach my $file (grep(!/^\./, readdir DIR)) +{ + if(-f "$ldapdir/$file") + { + unlink("$ldapdir/$file") + or warn "Unable to unlink $ldapdir/$file: $!\n"; + } +} +closedir DIR; + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-dump mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-dump --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-dump 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-dump 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1,58 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2002 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; + +my $domain = esmith::ConfigDB->open->get('DomainName') + || die("Couldn't determine domain name"); +$domain = $domain->value; +my $ldapconf = '/etc/openldap/ldap.conf'; +open(LDCONF, "<$ldapconf") or die "Can't open $ldapconf: $!\n"; +my @basedn = grep { /^BASE/ } ; +close(LDCONF); + +# It should look something like this +# BASE dc=sme1,dc=nssg,dc=mitel,dc=com +unless (@basedn) +{ + die "Failed to find the basedn in $ldapconf\n"; +} +chomp( my $basedn = $basedn[0] ); +$basedn =~ s/^BASE //; +$basedn =~ s/dc=//g; +$basedn =~ s/,/./g; +# If the basedn is not equal to the domain, remove any ldif file stored under +# the new domain, so it starts from scratch. +if ($basedn ne $domain) +{ + my $backup = "/home/e-smith/db/ldap/$domain.ldif"; + unlink $backup if -e $backup; +} +$domain = $basedn; + +exec("/usr/sbin/slapcat", "-l", "/home/e-smith/db/ldap/$domain.ldif"); +exit 1; diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts 2008-03-31 09:05:28.000000000 -0600 @@ -0,0 +1,300 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 1999, 2000 e-smith, inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#---------------------------------------------------------------------- + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::AccountsDB; +use esmith::util; +use Net::LDAP::LDIF; + +# Events: post-install, post-upgrade. +# We assume we cannot access to ldap during this action. + +my $c = esmith::ConfigDB->open_ro or die "Couldn't open config db\n"; + +my $domain = $c->get('DomainName') + || die("Couldn't determine domain name"); +$domain = $domain->value; +my $smb_server = $c->get('smb') + || die("Couldn't determine samba server name"); +$smb_server = $smb_server->prop("ServerName"); +$smb_server =~ tr/[a-z]/[A-Z]/; +my $base = esmith::util::ldapBase ($domain); + +# We specify an empty configuration file to assure no ldap connection. +my $g = `/usr/bin/net getlocalsid -s /dev/null`; +unless ($g =~ /SID.*is: (.+)/) { + warn "Unable to determine SID. Clearning cache to see if it helps."; + rename '/etc/samba/secrets.tdb','/etc/samba/secrets.'.time; + rename '/var/cache/samba/gencache.tdb','/var/cache/samba/gencache.'.time; + rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time; + $g = `/usr/bin/net getlocalsid -s /dev/null`; + $g =~ /SID.*is: (.+)/ or die "Could not get current sid\n"; +} +my $local_sid = $1; + +# Since we are adding entries directly to the database, to ensure consistency, +# slapd should not be running. +if (`ps -A|grep slapd`) +{ + unless (system("/usr/local/bin/svc -d /service/ldap") == 0) + { + die "Failed to init ldap base because slapd is running.\n"; + } +} + +# Be sure that relevant schemas are enabled. +unless (system("/sbin/e-smith/expand-template /etc/openldap/slapd.conf") == 0) +{ + die "Failed to expand /etc/openldap/slapd.conf.\n"; +} + +# See perldoc perlipc (search for 'Safe Pipe Opens'). +my $pid = open(DISCARD, "|-"); + +# Write to DISCARD ldif code corresponding to accounts to init. +if ($pid) # parent +{ + my $ldif = Net::LDAP::LDIF->new("/home/e-smith/db/ldap/$domain.ldif", + "r", onerror => 'undef'); + my $writer = Net::LDAP::LDIF->new(\*DISCARD, "w", onerror => 'undef'); + + # Entries to init. + my @ous = ("Groups", "People", "Users"); # ous for Organizational Units. + my @users = ("root", "ntp", "www", "admin", "public"); + my @groups = ("shared", "slocate", "nobody", @users); + + # Groups to map with samba, their names and their rids. + my %mapping = + ( + 'admin' => ['Domain Admins', "512"], + 'shared' => ['Domain Users', "513"], + 'nobody' => ['Domain Guests', "514"] + ); + + # Check for already initialized entries. + my %ou_done = (); + my %group_done = (); + my %user_done = (); + my $smb_domain_done; + while (not $ldif->eof()) + { + my $entry = $ldif->read_entry(); + if ($ldif->error()) + { + warn "Error msg: ", $ldif->error(), "\n"; + warn "Error lines:\n", $ldif->error_lines(), "\n"; + } + else + { + my $dn = $entry->dn || ""; + + $smb_domain_done = 1 + if ($dn eq "sambaDomainName=$smb_server,$base"); + + foreach (@ous) + { + $ou_done{$_} = 1 + if ($dn eq "ou=$_,$base"); + } + + foreach (@groups) + { + $group_done{$_} = 1 + if ($dn eq "cn=$_,ou=Groups,$base"); + } + + foreach (@users) + { + $user_done{$_} = 1 + if ($dn eq "uid=$_,ou=Users,$base"); + } + } + } + $ldif->done(); + + # Produce ldif code. + unless ($smb_domain_done) + { + my $smb_domain = Net::LDAP::Entry->new(); + $smb_domain->dn("sambaDomainName=$smb_server,$base"); + $smb_domain->add + ( + "objectClass" => "sambaDomain", + "sambaAlgorithmicRidBase" => "1000", + "sambaDomainName" => $smb_server, + "sambaSID" => $local_sid, + ); + + $writer->write($smb_domain); + } + + foreach (@ous) + { + next if $ou_done{$_}; + + my $ou = Net::LDAP::Entry->new(); + $ou->dn("ou=$_,$base"); + $ou->add + ( + "ou" => $_, + "objectClass" => ["organizationalUnit", "top"] + ); + + $writer->write($ou); + } + + my $group_info = parse_file("/etc/group", @groups); + + foreach (@groups) + { + next if $group_done{$_}; + + my ($name, $passwd, $gid, $members) = @{$group_info->{$_}}; + + die "Unable to find $_ informations in /etc/group.\n" + unless ($name ne "" && $gid ne ""); + + my $group = Net::LDAP::Entry->new(); + $group->dn("cn=$_,ou=Groups,$base"); + + if ($mapping{$_}) + { + my ($dname, $rid) = @{$mapping{$_}}; + $group->add + ( + "objectClass" => ["posixGroup", "sambaGroupMapping", "top"], + "cn" => $name, + "gidNumber" => $gid, + "memberUid" => [split(/,/, $members || "")], + "description" => "Local Unix group", + "displayName" => $dname, + "sambaGroupType" => "2", + "sambaSID" => $local_sid . "-" . $rid + ); + } + else + { + $group->add + ( + "objectClass" => ["posixGroup", "top"], + "cn" => $name, + "gidNumber" => $gid, + "memberUid" => [split(/,/, $members || "")] + ); + } + + $writer->write($group); + } + + my $passwd_info = parse_file("/etc/passwd", @users); + my $shadow_info = parse_file("/etc/shadow", @users); + + foreach (@users) + { + next if $user_done{$_}; + + my ($name, undef, $uid, $gid, $comment, $home, $shell) + = @{$passwd_info->{$_}}; + my (undef, $passwd, $lastchange, $min, $max, $warning, $inactive, + $expire, $flag) = @{$shadow_info->{$_}}; + + die "Unable to find $_ informations in /etc/passwd.\n" + unless ($name ne "" && $uid ne "" && $gid ne "" && $home ne ""); + + my $user = Net::LDAP::Entry->new(); + $user->dn("uid=$_,ou=Users,$base"); + $user->add + ( + "objectClass" => ["account", "posixAccount", "shadowAccount", + "top"], + "cn" => $name, + "uid" => $name, + "gecos" => $comment || "no comment", + "uidNumber" => $uid, + "gidNumber" => $gid, + "userPassword" => "{crypt}" . ($passwd || "*"), + "homeDirectory" => $home, + "loginShell" => $shell || "/bin/false", + "shadowLastChange" => $lastchange || int(time / (24 * 3600)), + "shadowMin" => $min || "-1", + "shadowMax" => $max || "99999", + "shadowWarning" => $warning || "7", + "shadowInactive" => $inactive || "-1", + "shadowExpire" => $expire || "-1", + "shadowFlag" => $flag || "-1" + ); + + $writer->write($user); + } + +$writer->done(); +close(DISCARD) || die "Child exited early."; +} +else # child +{ + # Add entries to slapd base. + unless (system("/usr/sbin/slapadd -b $base") == 0) + { + die "Failed to add ldif entries to $base via slapadd.\n"; + } + + # Make sure ldap db are owned by ldap + system("/bin/chown ldap:ldap /var/lib/ldap/*") == 0 + or die "Failed to chown ldap db.\n"; + + exit 0; +} + +# Update dump to assute consistency. +unless (system("/usr/sbin/slapcat", + "-b", $base, + "-l", "/home/e-smith/db/ldap/$domain.ldif") == 0) +{ + die "Failed to update slapd dump (/home/e-smith/db/ldap/$domain.ldif).\n"; +} + +# Parse a file with fields separated by ':' (ie /etc/{group,passwd,shadow}). +sub parse_file +{ + # We are only interested in @keep accounts. + my ($file, @keep) = @_; + + my %result = (); + + open(FILE, $file) or die("open: $!"); + + my @line; + while() + { + chomp; + @line = split(/:/); + foreach (@keep) + { + $result{$_} = [ @line ] + if ($line[0] eq $_); + } + } + + return \%result; +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-update mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-update --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-update 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-update 2008-03-31 10:05:00.000000000 -0600 @@ -0,0 +1,170 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 1999, 2000 e-smith, inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from e-smith, inc. +# For details, please visit our web site at www.e-smith.com or +# call us on 1 888 ESMITH 1 (US/Canada toll free) or +1 613 564 8000 +#---------------------------------------------------------------------- + +package esmith; + +use strict; +use Errno; +use esmith::ConfigDB; +use esmith::AccountsDB; +use esmith::util; +use Net::LDAP; + +my $c = esmith::ConfigDB->open_ro; +my $a = esmith::AccountsDB->open_ro; + +my $l = $c->get('ldap'); +my $status = $l->prop('status') || "disabled"; +unless ($status eq "enabled" ) +{ + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); +} + +my $domain = $c->get('DomainName') + || die("Couldn't determine domain name"); + $domain = $domain->value; + +my @accounts; +my $account; +my $event = shift || die "Event name must be specified"; +if ($event eq 'ldap-update') +{ + @accounts = ($a->users, $a->groups); +} +else +{ + my $userName = shift; + die "Username argument missing." unless defined ($userName); + + $account = $a->get($userName); + die "Account $userName not found.\n" unless defined $account; + my $type = $account->prop('type') || "unknown"; + + die "Account $userName is not a user or group account; " . + "update LDAP entry failed.\n" + unless (($type eq 'user') || ($type eq 'group')); + @accounts = ($account); +} + +#------------------------------------------------------------ +# Update LDAP directory entry. First read LDAP password +#------------------------------------------------------------ +my $pw = esmith::util::LdapPassword(); + +#------------------------------------------------------------ +# Update LDAP database entry. +#------------------------------------------------------------ +my $base = esmith::util::ldapBase ($domain); + +my $ldap = Net::LDAP->new('localhost') + or die "$@"; + +$ldap->bind( + dn => "cn=root,$base", + password => $pw +); + +my $phone = $l->prop('defaultTelephoneNumber') || ''; +my $company = $l->prop('defaultCompany') || ''; +my $dept = $l->prop('defaultDepartment') || ''; +my $city = $l->prop('defaultCity') || ''; +my $street = $l->prop('defaultStreet') || ''; +foreach my $acct (@accounts) +{ + my $key = $acct->key; + my $type = $acct->prop('type'); + next unless ($type eq 'user' || $type eq 'group'); + my @attrs = (); + if ($type eq 'user') + { + my $name = $acct->prop('FirstName') . " " . $acct->prop('LastName'); + utf8::upgrade($name); + my $first = $acct->prop('FirstName') || ''; + utf8::upgrade($first); + my $last = $acct->prop('LastName') || ''; + utf8::upgrade($last); + my $phone = $acct->prop('Phone') || ''; + my $company = $acct->prop('Company') || ''; + utf8::upgrade($company); + my $dept = $acct->prop('Dept') || ''; + utf8::upgrade($dept); + my $city = $acct->prop('City') || ''; + utf8::upgrade($city); + my $street = $acct->prop('Street') || ''; + utf8::upgrade($street); + push @attrs, (objectClass => ['person', + 'organizationalPerson', + 'inetOrgPerson']); + push @attrs, (uid => $key); + + push @attrs, (cn => $name) unless ($name =~ /^\s*$/); + push @attrs, (givenName => $first) unless $first =~ /^\s*$/; + push @attrs, (sn => $last) unless $last =~ /^\s*$/; + push @attrs, (mail => "$key\@$domain"); + push @attrs, (telephoneNumber => $phone) unless $phone =~ /^\s*$/; + push @attrs, (o => $company) unless $company =~ /^\s*$/; + push @attrs, (ou => $dept) unless $dept =~ /^\s*$/; + push @attrs, (l => $city) unless $city =~ /^\s*$/; + push @attrs, (street => $street) unless $street =~ /^\s*$/; + } + elsif ($type eq 'group') + { + push @attrs, (objectClass => ['person', + 'organizationalPerson', + 'inetOrgPerson']); + push @attrs, (uid => $key); + + my $key = $acct->key; + my $desc = $acct->prop('Description') || ''; + utf8::upgrade($desc); + push @attrs, (cn => $desc) unless $desc =~ /^\s*$/; + push @attrs, (sn => $desc) unless $desc =~ /^\s*$/; + push @attrs, (mail => "$key\@$domain"); + push @attrs, (telephoneNumber => $phone) unless $phone =~ /^\s*$/; + push @attrs, (o => $company) unless $company =~ /^\s*$/; + push @attrs, (ou => $dept) unless $dept =~ /^\s*$/; + push @attrs, (l => $city) unless $city =~ /^\s*$/; + push @attrs, (street => $street) unless $street =~ /^\s*$/; + } + my $dn = "uid=$key,ou=People,$base"; + if (($event eq 'user-create') || ($event eq 'group-create')) + { + my $result = $ldap->add ($dn, attr => \@attrs); + + $result->code && + warn "failed to add entry for $dn: ", $result->error ; + } + else + { + my %attrs = @attrs; + my $result = $ldap->modify ($dn, replace => \%attrs); + + $result->code && + warn "failed to modify entry for $dn: ", $result->error ; + } +} +$ldap->unbind; + +exit (0); diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/update-passwd mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/update-passwd --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/update-passwd 2005-11-20 21:28:05.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/update-passwd 2007-09-05 08:07:04.000000000 -0600 @@ -26,6 +26,7 @@ use strict; use Errno; use esmith::AccountsDB; +use esmith::ldap; my $a = esmith::AccountsDB->open_ro or die "Could not open accounts db"; @@ -35,8 +36,7 @@ my $pwset = $u->prop('PasswordSet') || 'no'; unless ($pwset eq 'yes') { - system("/usr/bin/passwd", "-l", $user) == 0 - or warn("Problem locking password for user $user\n"); + esmith::ldap::cancelLdapPassword($user); system("/usr/bin/smbpasswd", "-d", $user) == 0 or warn("Problem locking smbpassword for user $user\n"); diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-create-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-create-unix --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-create-unix 2005-11-20 21:28:05.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-create-unix 2008-03-31 09:25:13.000000000 -0600 @@ -64,7 +64,7 @@ # Create the user's unique group first system( - "/usr/sbin/groupadd", + "/usr/sbin/cpu", "groupadd", "-g", $gid, $userName @@ -73,14 +73,14 @@ # Now create the user account system( - "/usr/sbin/useradd", + "/usr/sbin/cpu", "useradd", "-u", $uid, "-g", $uid, "-c", "$first $last", "-d", "/home/e-smith/files/users/$userName", "-G", "shared", "-m", - "-k", "/etc/e-smith/skel/user", + "-k/etc/e-smith/skel/user", "-s", "$shell", $userName ) == 0 or die "Failed to create account $userName.\n"; @@ -92,8 +92,6 @@ chmod 0700, "/home/e-smith/files/users/$userName"; -system("/usr/bin/passwd", "-l", "$userName") - and warn("Could not lock password for $userName\n"); system("/usr/bin/smbpasswd", "-a", "-d", "$userName") and warn("Could not lock smb password for $userName\n");; diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-delete-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-delete-unix --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-delete-unix 2005-11-20 21:28:05.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-delete-unix 2008-03-31 09:25:38.000000000 -0600 @@ -38,10 +38,15 @@ esmith::util::cancelUserPassword ($userName); -my $discard = `/usr/sbin/userdel -r '$userName'`; -if ($? != 0) -{ - die "Failed to delete account $userName.\n"; -} +system( + "/usr/sbin/cpu", "userdel", + "-r", + $userName + ) == 0 or die "Failed to delete account $userName.\n"; + +system( + "/usr/sbin/cpu", "groupdel", + $userName + ) == 0 or die "Failed to delete group account $userName.\n"; exit (0); diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-lock-passwd mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-lock-passwd --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-lock-passwd 2007-01-19 14:33:22.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-lock-passwd 2007-09-05 08:07:04.000000000 -0600 @@ -24,12 +24,29 @@ use Errno; use esmith::AccountsDB; use esmith::ConfigDB; +use esmith::ldap; use IO::File; use English; my $a = esmith::AccountsDB->open or die "Could not open accounts db"; my $conf = esmith::ConfigDB->open or die "Could not open configuration db"; +my $l = $conf->get('ldap'); +my $status = $l->prop('status') || "disabled"; +unless ($status eq "enabled" ) +{ + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); +} + +my $system = $conf->get('SystemName') + || die("Couldn't determine system name"); + $system = $system->value; + +my $domain = $conf->get('DomainName') + || die("Couldn't determine domain name"); + $domain = $domain->value; + my $event = $ARGV [0]; my @users_to_lock = bad_password_users(); @@ -52,8 +69,7 @@ my $u = $a->get($userName) or die "No account record for user $userName"; - system("/usr/bin/passwd", "-l", $userName) == 0 - or die "Error running /usr/bin/passwd command to lock account $userName"; + esmith::ldap::cancelLdapPassword($userName); system("/usr/bin/smbpasswd", "-d", $userName) == 0 or die "Error running /usr/bin/smbpasswd command to lock account $userName"; $u->set_prop('PasswordSet', 'no'); @@ -66,26 +82,37 @@ sub bad_password_users { - my $smbpasswd = IO::File->new("/etc/samba/smbpasswd", '<') - or die "Can't open smbpasswd: $OS_ERROR\n"; + my $pw = esmith::util::LdapPassword(); + my $base = esmith::util::ldapBase ($domain); + my $ldap = Net::LDAP->new($system . "." . $domain) + or die "$@"; + $ldap->bind( + dn => "cn=root,$base", + password => $pw + ); + + my $entries = $ldap->search( + base => "ou=Users,$base", + scope => 'sub', + filter => '(objectClass=sambaSamAccount)' + ); - my @users; + $entries->code && die $entries->error; - SMBPASSWD: - while (my $smb_entry = <$smbpasswd>) - { - my ($user, $uid, $lanman_hash, $nt_hash, @rest) - = split /:/, $smb_entry; + my @users; + foreach my $smb_entry ($entries->all_entries) { + my $user = $smb_entry->get_value('uid'); + my $lanman_hash = $smb_entry->get_value('sambaLMPassword'); + my $nt_hash = $smb_entry->get_value('sambaNTPassword'); if ( $lanman_hash eq "AAD3B435B51404EEAAD3B435B51404EE" or $nt_hash eq "31D6CFE0D16AE931B73C59D7E0C089C0" ) { push @users, $user; - next SMBPASSWD; } } - $smbpasswd->close; + $ldap->unbind; return @users; } diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-modify-unix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-modify-unix --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-modify-unix 2006-03-14 09:20:43.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/user-modify-unix 2008-03-31 09:26:51.000000000 -0600 @@ -51,6 +51,24 @@ die "Account $userName is not a user account; modify user failed.\n" unless ( ($userName eq 'admin') or ($type eq 'user') ); + # cpu usermod called without "-G list,of,supplementary,groups" causes user + # to be removed from all it's supplementary groups. Thus, to be able to call + # cpu usermod properly we need to know user supplementary groups. + + my $cmd = "/usr/bin/id -G -n '$member'"; + my $groups = `$cmd 2>/dev/null`; + if ($? != 0) + { + die "Failed to get supplementary group list for $member.\n"; + } + chomp ($groups); + + my @groupList = split (/\s+/, $groups); + @groupList = grep (!/^$member$/, @groupList); + push @groupList, $groupName; + + $groups = join (',', sort (@groupList)); + setpwent; my ($comment, $shell) = (getpwnam($userName))[5,8]; endpwent; @@ -64,8 +82,8 @@ #------------------------------------------------------------ unless ($shell eq $new_shell) { - system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0 - or die "Failed to modify shell of account $userName.\n"; + system("/usr/sbin/cpu", "usermod", '-s', "$new_shell", "-G", "$groups", $userName) == 0 + or die "Failed to modify shell of account $userName.\n"; } #------------------------------------------------------------ @@ -78,8 +96,8 @@ unless ($comment eq $new_comment) { - system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0 - or die "Failed to modify comment of account $userName.\n"; + system("/usr/sbin/cpu", "usermod", "-c", "$first $last", "-G", "$groups", $userName) == 0 + or die "Failed to modify comment of account $userName.\n"; } } diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/directory mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/directory --- e-smith-base+ldap-4.19.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/directory 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/directory 2008-03-31 09:13:28.000000000 -0600 @@ -0,0 +1,100 @@ + + + FORM_TITLE + Change LDAP directory settings + + + PUBLIC + Allow public access (entire Internet) + + + PRIVATE + Allow access only from local networks + + +LABEL_ROOT +Server root + + + +DESCRIPTION + +The LDAP server provides a network-available listing of the user accounts +and groups on your server, and can be accessed using an LDAP client such as the Address Book feature in Netscape Communicator. Configure your LDAP client with the local IP address of your server, port number 389, and the server root parameter shown below. + + + +DESC_DIRECTORY_ACCESS + You can control access to your LDAP directory: the private setting allows access only from your local network, and the public setting allows access from anywhere on the Internet. + + +DIRECTORY_ACCESS +LDAP directory access + + + DESC_DEPARTMENT + +These fields are the LDAP defaults for your organization. +Whenever you create a new user account, you will be prompted +to enter all of these fields (they can be different for each +user) but the values you set here +will show up as defaults. This is a convenience to make it +faster to create user accounts. + + + + DEPARTMENT + Default department + + + + COMPANY + Default company + + + STREET + Default Street address + + + + CITY + Default City + + + + PHONENUMBER + Default Phone Number + + + +DESC_EXISTING + +You can either leave existing user accounts as they are, using the above defaults only for +new users, or you can apply the above defaults to all existing users as well. + + + + + + +EXISTING +Existing users + + +SUCCESS +The new LDAP default settings have been saved. + + + +LEAVE +Leave as they are + + +UPDATE +Update with new defaults + + + Directory + Directory + + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all 2008-03-31 09:05:27.000000000 -0600 @@ -0,0 +1,57 @@ +# See cpu.conf(5) for documentation + +[GLOBAL] +DEFAULT_METHOD = ldap +CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict + +[LDAP] +LDAP_HOST = localhost +LDAP_PORT = 389 +# Can also use LDAP_URI = ldaps://localhost:389 for TLS support +BIND_DN = "cn=root,{ esmith::util::ldapBase ($DomainName); }" +BIND_PASS = { esmith::util::LdapPassword (); } +USER_BASE = ou=Users,{ esmith::util::ldapBase ($DomainName); } +# replace account with inetOrgPerson if you want first or last name +GROUP_BASE = ou=Groups,{ esmith::util::ldapBase ($DomainName); } +USER_OBJECT_CLASS = account,posixAccount,shadowAccount,top +GROUP_OBJECT_CLASS = posixGroup,top +USER_FILTER = (objectClass=posixAccount) +GROUP_FILTER = (objectClass=posixGroup) +USER_CN_STRING = uid +GROUP_CN_STRING = cn +SKEL_DIR = /etc/skel +DEFAULT_SHELL = /bin/bash +HOME_DIRECTORY = /home +MAX_UIDNUMBER = 10000 +MIN_UIDNUMBER = 100 +MAX_GIDNUMBER = 10000 +MIN_GIDNUMBER = 101 +ID_MAX_PASSES = 1000 +USERGROUPS = yes +USERS_GID = 100 +RANDOM = "false" +PASSWORD_FILE = "/etc/passfile" +SHADOW_FILE = "/etc/shadowfile" +HASH = "sha1" +#ADD_SCRIPT = "contrib/postaddscript.sh" +#DEL_SCRIPT = "foo" +SHADOWLASTCHANGE = 11192 +SHADOWMAX = 99999 +SHADOWWARING = 7 +SHADOWEXPIRE = -1 +SHADOWFLAG = 134538308 +SHADOWMIN = -1 +SHADOWINACTIVE = -1 + +[PASSWD] +# Broken +GROUP = 1000 +HOME = /home +INACTIVE = -1 +#EXPIRE = +SHELL = /bin/bash +SKEL = /etc/skel +COMMENT = "Default Gecos" +PASSWORD = /etc/passwd +SHADOW = /etc/shadow + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/hosts.allow/ldap mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/hosts.allow/ldap --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/hosts.allow/ldap 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/hosts.allow/ldap 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1,3 @@ +{ + "# LDAP servers\n" . $DB->hosts_allow_spec('ldap', 'slapd') +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/10ssl mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/10ssl --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/10ssl 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/10ssl 2008-03-31 09:05:28.000000000 -0600 @@ -0,0 +1,15 @@ +# OpenLDAP SSL mechanism +# Start_tls mechanism uses the normal LDAP port, LDAPS typically 636 +# ssl start_tls +# ssl on +ssl no + +# OpenLDAP SSL options +# Require and verify server certificate (yes/no) +# Default is to use libldap's default behavior, which can be configured in +# /etc/openldap/ldap.conf using the TLS_REQCERT setting. +# tls_checkpeer yes + +# CA certificates for server certificate verification +# At least one of these are required if tls_checkpeer is "yes" +# tls_cacertfile /var/service/ldap/ssl/slapd.pem diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1 @@ +pam_password md5 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/30host mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/30host --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/30host 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/30host 2008-03-31 09:05:27.000000000 -0600 @@ -0,0 +1 @@ +host localhost diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40base mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40base --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40base 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40base 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,3 @@ +{ + $OUT .= "base " . esmith::util::ldapBase ($DomainName); +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_group mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_group --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_group 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_group 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,5 @@ +{ + $OUT .= "nss_base_group ou=Groups,"; + $OUT .= esmith::util::ldapBase ($DomainName); + $OUT .= '?one'; +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,5 @@ +{ + $OUT .= "nss_base_passwd ou=Users,"; + $OUT .= esmith::util::ldapBase ($DomainName); + $OUT .= '?one'; +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/45rootbinddn mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/45rootbinddn --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/45rootbinddn 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/45rootbinddn 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,3 @@ +{ + $OUT .= "rootbinddn cn=root," . esmith::util::ldapBase ($DomainName); +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/50tls_cacertdir mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/50tls_cacertdir --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/50tls_cacertdir 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/50tls_cacertdir 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1 @@ +tls_cacertdir /etc/openldap/cacerts diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55initgroups_ignoreusers mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55initgroups_ignoreusers --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55initgroups_ignoreusers 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55initgroups_ignoreusers 2008-03-31 09:05:28.000000000 -0600 @@ -0,0 +1 @@ +nss_initgroups_ignoreusers ldap diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.secret mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.secret --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.secret 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.secret 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1 @@ +{ esmith::util::LdapPassword (); } diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/nsswitch.conf/10files mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/nsswitch.conf/10files --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/nsswitch.conf/10files 2005-11-20 21:28:07.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/nsswitch.conf/10files 2007-09-05 08:07:04.000000000 -0600 @@ -1,6 +1,6 @@ -passwd: files -shadow: files -group: files +passwd: files ldap +shadow: files ldap +group: files ldap hosts: { ($AccessType eq "off") ? "files" : "files dns" } services: files networks: files diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/12tls mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/12tls --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/12tls 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/12tls 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,3 @@ +TLS_CACERT /var/service/ldap/ssl/slapd.pem +TLS_REQCERT always +TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv2 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/20ldap-default mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/20ldap-default --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/20ldap-default 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/ldap.conf/20ldap-default 2008-03-31 10:08:12.000000000 -0600 @@ -0,0 +1,20 @@ +# +# LDAP Defaults +# + +# See ldap.conf(5) for details +# This file should be world readable. + +#BASE dc=OpenLDAP, dc=Org +#HOST ldap.openldap.org + +#HOST ldap.openldap.org ldap-master.openldap.org:666 +#PORT 389 + +BASE { esmith::util::ldapBase ($DomainName); } +HOST localhost +PORT 389 + +#SIZELIMIT 12 +#TIMELIMIT 15 +#DEREF never diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,8 @@ + +include /etc/openldap/schema/core.schema +include /etc/openldap/schema/cosine.schema +include /etc/openldap/schema/inetorgperson.schema +include /etc/openldap/schema/nis.schema +include /etc/openldap/schema/redhat/rfc822-MailMember.schema +include /etc/openldap/schema/redhat/autofs.schema +include /etc/openldap/schema/samba.schema diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,5 @@ +TLSCipherSuite HIGH:MEDIUM:+SSLv2 +TLSCACertificateFile /var/service/ldap/ssl/slapd.pem +TLSCertificateFile /var/service/ldap/ssl/slapd.pem +TLSCertificateKeyFile /var/service/ldap/ssl/slapd.pem +TLSVerifyClient never diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/40bind_v2 mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/40bind_v2 --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/40bind_v2 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/40bind_v2 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +allow bind_v2 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/50database mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/50database --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/50database 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/50database 2008-03-31 09:05:28.000000000 -0600 @@ -0,0 +1 @@ +database ldbm diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/65suffix mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/65suffix --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/65suffix 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/65suffix 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +suffix "{ esmith::util::ldapBase ($DomainName); }" diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/70directory mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/70directory --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/70directory 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/70directory 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +directory /var/lib/ldap diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/75rootdn mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/75rootdn --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/75rootdn 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/75rootdn 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +rootdn "cn=root,{ esmith::util::ldapBase ($DomainName); }" diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/80rootpw mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/80rootpw --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/80rootpw 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/80rootpw 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1 @@ +rootpw { esmith::util::LdapPassword (); } diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes 2008-03-31 09:05:28.000000000 -0600 @@ -0,0 +1,5 @@ +# Indices to maintain +#index objectClass eq +index objectClass,uid,uidNumber,gidNumber eq +index cn,mail,surname,givenname eq,subinitial + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls 2008-03-31 09:05:27.000000000 -0600 @@ -0,0 +1,12 @@ +# database access control definitions + access to attr=userPassword + by self write + by anonymous auth + by dn="cn=root,{ esmith::util::ldapBase ($DomainName); }" write + by * none + + access to * + by self write + by dn="cn=root,{ esmith::util::ldapBase ($DomainName); }" write + by * read + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth 2008-03-26 10:49:00.000000000 -0600 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth 2008-03-31 09:05:25.000000000 -0600 @@ -10,5 +10,6 @@ $OUT .= "auth required pam_abl.so config=/etc/security/pam_abl.conf"; } auth sufficient pam_unix.so likeauth nullok +auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/30account mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/30account --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/30account 2008-03-26 10:49:00.000000000 -0600 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/30account 2008-03-31 09:05:25.000000000 -0600 @@ -1,5 +1,6 @@ account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 100 quiet +account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so { my $status = $pam_tally{status} || 'disabled'; diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/40password mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/40password --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/40password 2008-03-26 10:49:00.000000000 -0600 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/40password 2008-03-31 09:46:16.000000000 -0600 @@ -1,3 +1,4 @@ password sufficient pam_unix.so nullok md5 shadow +password sufficient pam_ldap.so use_authtok password required pam_deny.so diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/50session mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/50session --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/50session 2008-03-26 10:49:00.000000000 -0600 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/pam.d/system-auth/50session 2008-03-31 09:05:25.000000000 -0600 @@ -1,2 +1,3 @@ session required pam_limits.so session required pam_unix.so +session optional pam_ldap.so diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/00filenames mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/00filenames --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/00filenames 2005-11-20 21:28:09.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/00filenames 2008-03-31 09:05:26.000000000 -0600 @@ -5,5 +5,6 @@ $cron = "/var/log/cron"; $spooler = "/var/log/spooler"; $maillog = "/var/log/maillog"; + $slapd = "/var/log/slapd"; ""; } diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/local4 mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/local4 --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/local4 2005-11-20 21:28:09.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/syslog.conf/local4 2008-03-31 09:05:26.000000000 -0600 @@ -1 +1 @@ -local4.* -{ "${messages}" } +local4.* -{ "${slapd}" } diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/10domain mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/10domain --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/10domain 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/10domain 2008-03-31 09:05:27.000000000 -0600 @@ -0,0 +1,7 @@ +{ + my ($dc) = split(/\./, $DomainName); + $OUT .= "dn: $ldapBase\n"; + $OUT .= "objectClass: top\n"; + $OUT .= "objectClass: domain\n"; + $OUT .= "dc: $dc\n"; +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1,14 @@ +{ + use esmith::AccountsDB; + use esmith::util; + + $a = esmith::AccountsDB->open_ro; + $ldapBase = esmith::util::ldapBase ($DomainName); + sub utf8 + { + my $t = shift; + utf8::encode($t); + return $t; + } + $OUT = ""; +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/cpu.conf mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/cpu.conf --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/cpu.conf 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/cpu.conf 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1 @@ +PERMS=0600 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/ldap.secret mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/ldap.secret --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/ldap.secret 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/ldap.secret 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1 @@ +PERMS=0600 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/openldap/slapd.conf mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/openldap/slapd.conf --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/openldap/slapd.conf 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/etc/openldap/slapd.conf 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,2 @@ +GID="ldap" +PERMS=0640 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/home/e-smith/db/ldap/ldif mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/home/e-smith/db/ldap/ldif --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/home/e-smith/db/ldap/ldif 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates.metadata/home/e-smith/db/ldap/ldif 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1,2 @@ +TEMPLATE_PATH="/home/e-smith/db/ldap/ldif" +OUTPUT_FILENAME=use esmith::ConfigDB; my $d = esmith::ConfigDB->open_ro->get('DomainName')->value; "/home/e-smith/db/ldap/$d.ldif" diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/web/functions/directory mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/web/functions/directory --- e-smith-base+ldap-4.19.1/root/etc/e-smith/web/functions/directory 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/web/functions/directory 2008-03-31 09:05:28.000000000 -0600 @@ -0,0 +1,151 @@ +#!/usr/bin/perl -wT +# vim:ft=xml: + +#---------------------------------------------------------------------- +# heading : Configuration +# description : Directory +# navigation : 6000 6300 +#---------------------------------------------------------------------- +# copyright (C) 2002 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.e-smith.com for details. +#---------------------------------------------------------------------- + + +use strict; +use esmith::util; +use esmith::FormMagick::Panel::directory; +my $f = esmith::FormMagick::Panel::directory->new(); +$f->display(); + +=head1 TESTING + + +=begin testing + +use esmith::FormMagick::Tester; +use esmith::TestUtils; +use esmith::ConfigDB; +my $panel = 'directory'; +my $panel_path = "/etc/e-smith/web/functions/".$panel; +my $ua = esmith::FormMagick::Tester->new(); + + + +is (mode($panel_path), '4750', "Check permissions on script"); +ok ($ua->get_panel($panel), "ABOUT TO RUN L10N TESTS"); +is ($ua->{status}, 200, "200 OK"); +like($ua->{content}, qr/FORM_TITLE/, "Saw untranslated form title"); +ok ($ua->set_language("en-us"), "Set language to U.S. English"); +ok ($ua->get_panel($panel), "Get panel"); + +is ($ua->{status}, 200, "200 OK"); + +like($ua->{content}, qr/LDAP directory settings/, "Saw translated form title"); + +# Testing changes + +ok ($ua->get_panel($panel), "Testing panel retrieval"); +can_ok($ua, "field"); + +# Destructive testing: + +ok ($ua->{form}->find_input('Department'), 'Finding the Department field'); + +$ua->field('Department' => 'TestDept' ); +$ua->field('Existing' => 'update'); + +ok ($ua->click("Save"), "Click Save"); +is ($ua->{status}, 200, "200 OK"); +like($ua->{content}, qr/settings have been saved/, "Saw validation messages"); + +# Gotta open this later, so we don't cache stale data +my $db = esmith::ConfigDB->open; + +ok($db->get('ldap')->prop('defaultDepartment') eq 'TestDept'); + +my $a = esmith::AccountsDB->open; +my @users = $a->users(); +foreach $user (@users) { + ok( $user->prop('Dept') eq 'TestDept'); +} + + +=end testing + +=cut + +__DATA__ +
+ + DESCRIPTION + + + + + + + + DESC_DIRECTORY_ACCESS + + + + + DESC_DEPARTMENT + + + + + + + + + + + + + + + + + + + + DESC_EXISTING + + + + + +
diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/openldap/schema/redhat/rfc822-MailMember.schema mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/redhat/rfc822-MailMember.schema --- e-smith-base+ldap-4.19.1/root/etc/openldap/schema/redhat/rfc822-MailMember.schema 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/redhat/rfc822-MailMember.schema 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1,15 @@ +attributetype + ( 1.3.6.1.4.1.42.2.27.2.1.15 + NAME 'rfc822MailMember' + DESC 'rfc822 mail address of group member(s)' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5 + NAME 'nisMailAlias' + SUP top STRUCTURAL + DESC 'NIS mail alias' + MUST cn + MAY rfc822MailMember ) + + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema --- e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,480 @@ +## +## schema file for OpenLDAP 2.x +## Schema for storing Samba user accounts and group maps in LDAP +## OIDs are owned by the Samba Team +## +## Prerequisite schemas - uid (cosine.schema) +## - displayName (inetorgperson.schema) +## - gidNumber (nis.schema) +## +## 1.3.6.1.4.1.7165.2.1.x - attributetypes +## 1.3.6.1.4.1.7165.2.2.x - objectclasses +## +## Printer support +## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes +## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses +## +## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------ +## +## Run the 'get_next_oid' bash script in this directory to find the +## next available OID for attribute type and object classes. +## +## $ ./get_next_oid +## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME .... +## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME .... +## +## Also ensure that new entries adhere to the declaration style +## used throughout this file +## +## ( 1.3.6.1.4.1.7165.2.XX.XX NAME .... +## ^ ^ ^ +## +## The spaces are required for the get_next_oid script (and for +## readability). +## +## ------------------------------------------------------------------ + +# objectIdentifier SambaRoot 1.3.6.1.4.1.7165 +# objectIdentifier Samba3 SambaRoot:2 +# objectIdentifier Samba3Attrib Samba3:1 +# objectIdentifier Samba3ObjectClass Samba3:2 + +######################################################################## +## HISTORICAL ## +######################################################################## + +## +## Password hashes +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' +# DESC 'LanManager Passwd' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' +# DESC 'NT Passwd' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +## +## Account flags in string format ([UWDX ]) +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' +# DESC 'Account Flags' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) + +## +## Password timestamps & policies +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' +# DESC 'NT pwdLastSet' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' +# DESC 'NT logonTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' +# DESC 'NT logoffTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' +# DESC 'NT kickoffTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' +# DESC 'NT pwdCanChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' +# DESC 'NT pwdMustChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## string settings +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' +# DESC 'NT homeDrive' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' +# DESC 'NT scriptPath' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' +# DESC 'NT profilePath' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' +# DESC 'userWorkstations' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' +# DESC 'smbHome' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' +# DESC 'Windows NT domain to which the user belongs' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +## +## user and group RID +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' +# DESC 'NT rid' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' +# DESC 'NT Group RID' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## The smbPasswordEntry objectclass has been depreciated in favor of the +## sambaAccount objectclass +## +#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY +# DESC 'Samba smbpasswd entry' +# MUST ( uid $ uidNumber ) +# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) + +#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL +# DESC 'Samba Account' +# MUST ( uid $ rid ) +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ +# description $ userWorkstations $ primaryGroupID $ domain )) + +#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY +# DESC 'Samba Auxiliary Account' +# MUST ( uid $ rid ) +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ +# description $ userWorkstations $ primaryGroupID $ domain )) + +######################################################################## +## END OF HISTORICAL ## +######################################################################## + +####################################################################### +## Attributes used by Samba 3.0 schema ## +####################################################################### + +## +## Password hashes +## +attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' + DESC 'LanManager Password' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' + DESC 'MD4 hash of the unicode password' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +## +## Account flags in string format ([UWDX ]) +## +attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' + DESC 'Account Flags' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) + +## +## Password timestamps & policies +## +attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' + DESC 'Timestamp of the last password update' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' + DESC 'Timestamp of when the user is allowed to update the password' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' + DESC 'Timestamp of when the password will expire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' + DESC 'Timestamp of last logon' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' + DESC 'Timestamp of last logoff' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' + DESC 'Timestamp of when the user will be logged off automatically' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' + DESC 'Bad password attempt count' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' + DESC 'Time of the last bad password attempt' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' + DESC 'Logon Hours' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) + +## +## string settings +## +attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' + DESC 'Driver letter of home directory mapping' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' + DESC 'Logon script path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' + DESC 'Roaming profile path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' + DESC 'List of user workstations the user is allowed to logon to' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' + DESC 'Home directory UNC path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' + DESC 'Windows NT domain to which the user belongs' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' + DESC '' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' + DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +## +## SID, of any type +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' + DESC 'Security ID' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + + +## +## Primary group SID, compatible with ntSid +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' + DESC 'Primary Group Security ID' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' + DESC 'Security ID List' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) + +## +## group mapping attributes +## +attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' + DESC 'NT Group Type' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## Store info on the domain +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' + DESC 'Next NT rid to give our for users' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' + DESC 'Next NT rid to give out for groups' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' + DESC 'Next NT rid to give out for anything' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' + DESC 'Base at which the samba RID generation algorithm should operate' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' + DESC 'Share Name' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' + DESC 'Option Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' + DESC 'A boolean option' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' + DESC 'An integer option' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' + DESC 'A string option' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' + DESC 'A string list option' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + + +attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' + SUP name ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' + DESC 'Privileges List' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' + DESC 'Trust Password Flags' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + + +####################################################################### +## objectClasses used by Samba 3.0 schema ## +####################################################################### + +## The X.500 data model (and therefore LDAPv3) says that each entry can +## only have one structural objectclass. OpenLDAP 2.0 does not enforce +## this currently but will in v2.1 + +## +## added new objectclass (and OID) for 3.0 to help us deal with backwards +## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry +## +objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY + DESC 'Samba 3.0 Auxilary SAM Account' + MUST ( uid $ sambaSID ) + MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ + sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ + sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ + displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ + sambaProfilePath $ description $ sambaUserWorkstations $ + sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ + sambaBadPasswordCount $ sambaBadPasswordTime $ + sambaPasswordHistory $ sambaLogonHours)) + +## +## Group mapping info +## +objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY + DESC 'Samba Group Mapping' + MUST ( gidNumber $ sambaSID $ sambaGroupType ) + MAY ( displayName $ description $ sambaSIDList )) + +## +## Trust password for trust relationships (any kind) +## +objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL + DESC 'Samba Trust Password' + MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) + MAY ( sambaSID $ sambaPwdLastSet )) + +## +## Whole-of-domain info +## +objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL + DESC 'Samba Domain Information' + MUST ( sambaDomainName $ + sambaSID ) + MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ + sambaAlgorithmicRidBase ) ) + +## +## used for idmap_ldap module +## +objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY + DESC 'Pool for allocating UNIX uids/gids' + MUST ( uidNumber $ gidNumber ) ) + + +objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY + DESC 'Mapping from a SID to an ID' + MUST ( sambaSID ) + MAY ( uidNumber $ gidNumber ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL + DESC 'Structural Class for a SID' + MUST ( sambaSID ) ) + +objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY + DESC 'Samba Configuration Section' + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL + DESC 'Samba Share Section' + MUST ( sambaShareName ) + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL + DESC 'Samba Configuration Option' + MUST ( sambaOptionName ) + MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ + sambaStringListoption $ description ) ) + + +objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY + DESC 'Samba Privilege' + MUST ( sambaSID ) + MAY ( sambaPrivilegeList ) ) + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/directory.pm mezzanine_patched_e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/directory.pm --- e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/directory.pm 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/directory.pm 2008-03-31 09:13:28.000000000 -0600 @@ -0,0 +1,204 @@ +#!/usr/bin/perl -w + +# +# $Id: directory.pm,v 1.3 2003/12/18 17:19:54 msoulier Exp $ +# + +package esmith::FormMagick::Panel::directory; + +use strict; +use esmith::AccountsDB; +use esmith::ConfigDB; +use esmith::FormMagick; +use esmith::util; +use File::Basename; +use Exporter; +use Carp; + +our @ISA = qw(esmith::FormMagick Exporter); + +our @EXPORT = qw( + get_ldap_base get_value get_prop change_settings +); + +our $VERSION = sprintf '%d.%03d', q$Revision: 1.3 $ =~ /: (\d+).(\d+)/; + +our $db = esmith::ConfigDB->open(); + + +# {{{ header + +=pod + +=head1 NAME + +esmith::FormMagick::Panels::directory - useful panel functions + +=head1 SYNOPSIS + + use esmith::FormMagick::Panels::directory; + + my $panel = esmith::FormMagick::Panel::directory->new(); + $panel->display(); + +=head1 DESCRIPTION + +=cut + +# }}} + +# {{{ new + +=head2 new(); + +Exactly as for esmith::FormMagick + +=begin testing + + +use_ok('esmith::FormMagick::Panel::directory'); +use vars qw($panel); +ok($panel = esmith::FormMagick::Panel::directory->new(), "Create panel object"); +isa_ok($panel, 'esmith::FormMagick::Panel::directory'); + +=end testing + +=cut + + + +sub new { + shift; + my $self = esmith::FormMagick->new(); + $self->{calling_package} = (caller)[0]; + bless $self; + return $self; +} + +# }}} + +# {{{ get_prop + +=head2 get_prop ITEM PROP + +A simple accessor for esmith::ConfigDB::Record::prop + +=cut + +sub get_prop { + my $fm = shift; + my $item = shift; + my $prop = shift; + + my $record = $db->get($item); + if ($record) { + return $record->prop($prop); + } + else { + return ''; + } + +} + +# }}} + +=head2 get_ldap_base + +Gets the LDAP base for this domain + +=cut + +sub get_ldap_base { + return esmith::util::ldapBase(get_value('','DomainName')); +} + + +# {{{ get_value + +=head2 get_value ITEM + +A simple accessor for esmith::ConfigDB::Record::value + +=cut + +sub get_value { + my $fm = shift; + my $item = shift; + + my $record = $db->get($item); + if ($record) { + return $record->value(); + } + else { + return ''; + } +} + +# }}} + +=head1 ACTION + + +# {{{ change_settings + +=head2 change_settings + +If everything has been validated, properly, go ahead and set the new settings + +=cut + + + +sub change_settings { + my ($fm) = @_; + + my $q = $fm->{'cgi'}; + + my $access = $q->param ('Access') || 'private'; + my $department = $q->param ('Department') || ""; + my $company = $q->param ('Company') || ""; + my $street = $q->param ('Street') || ""; + my $city = $q->param ('City') || ""; + my $phone = $q->param ('PhoneNumber') || ""; + my $existing = $q->param ('Existing') || 'leave' ; + $db->get('ldap')->set_prop('access', $access); + $db->get('ldap')->set_prop('defaultDepartment', $department); + $db->get('ldap')->set_prop('defaultCompany', $company); + $db->get('ldap')->set_prop('defaultStreet', $street); + $db->get('ldap')->set_prop('defaultCity', $city); + $db->get('ldap')->set_prop('defaultPhoneNumber', $phone); + + #------------------------------------------------------------ + # If requested, update the account records for all existing users. + # Don't need to signal any special events for this, since we're only + # changing LDAP information. If we were changing the user names + # or email parameters, we'd have to signal events to trigger the + # right updates. + #------------------------------------------------------------ + + if ($existing eq 'update') { + my $a = esmith::AccountsDB->open; + my @users = $a->users(); + + foreach my $user (@users) { + $user->set_prop('Phone', $phone); + $user->set_prop('Company', $company); + $user->set_prop('Dept', $department); + $user->set_prop('City', $city); + $user->set_prop('Street', $street); + + } + } + #------------------------------------------------------------ + # Update the system + #------------------------------------------------------------ + + system ("/sbin/e-smith/signal-event ldap-update") == 0 + or return $fm->error('ERROR_UPDATING'); + + return $fm->success('SUCCESS'); +} + +# }}} + +1; diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/ldap.pm mezzanine_patched_e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/ldap.pm --- e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/ldap.pm 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/usr/lib/perl5/site_perl/esmith/ldap.pm 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,85 @@ +#---------------------------------------------------------------------- +# This program is free software; you can redistribute it and/or +# modify it under the same terms as Perl itself. +#---------------------------------------------------------------------- + +package esmith::ldap; + +use strict; +use warnings; +use esmith::db; + +use vars qw( $AUTOLOAD @ISA ); + +use esmith::util; +use Net::LDAP; + +=head1 NAME + +esmith::ldap - Utilities for ldap directory. + +=head1 SYNOPSIS + + use esmith::ldap; + + cancelLdapPassword("username"); + +=head1 DESCRIPTION + +This module provides utilities specific to ldap directory. + +=cut + +our $VERSION = sprintf '%d.%03d', q$Revision: 1.0 $ =~ /: (\d+).(\d+)/; + +=head2 cancelLdapPassword() + +Lock user ldap password. + +=cut + +sub cancelLdapPassword { + my ($username) = @_; + + my $c = esmith::ConfigDB->open_ro; + + my $l = $c->get('ldap'); + my $status = $l->prop('status') || "disabled"; + unless ($status eq "enabled" ) + { + warn "Not running action script $0, LDAP service not enabled!\n"; + exit(0); + } + + # Ldap base binding. + my $system = $c->get('SystemName') + || die("Couldn't determine system name"); + $system = $system->value; + my $domain = $c->get('DomainName') + || die("Couldn't determine domain name"); + $domain = $domain->value; + + my $pw = esmith::util::LdapPassword(); + my $base = esmith::util::ldapBase ($domain); + my $ldap = Net::LDAP->new("$system.$domain") + or die "$@"; + + $ldap->bind( + dn => "cn=root,$base", + password => $pw + ); + + # Lock password. + my $dn = "uid=$username,ou=Users,$base"; + + my $locked_pass = "{crypt}*"; + my %attrs = (userPassword => $locked_pass); + + my $result = $ldap->modify ($dn, replace => \%attrs); + $result->code && + warn "failed to modify entry for $dn: ", $result->error; + + $ldap->unbind; + + return 1; # success +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/var/service/ldap/control/1 mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/control/1 --- e-smith-base+ldap-4.19.1/root/var/service/ldap/control/1 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/control/1 2007-09-05 08:07:04.000000000 -0600 @@ -0,0 +1,39 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2005 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +use esmith::ConfigDB; +use esmith::util; +use File::Copy; + +my $c = esmith::ConfigDB->open_ro; +my $s = $c->get('SystemName')->value; +my $d = $c->get('DomainName')->value; + +my $pem = "./ssl/slapd.pem"; +# Now copy system pem file into jail used by ldap +copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$") + or die "failed to copy SSL PEM: $!"; +chmod 0640, "$pem.$$"; +esmith::util::chownFile("root", "ldap", "$pem.$$"); +rename("$pem.$$", "$pem") + or die "failed to rename $pem.$$ to $pem: $!"; diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/var/service/ldap/finish mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/finish --- e-smith-base+ldap-4.19.1/root/var/service/ldap/finish 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/finish 2006-07-05 13:29:58.000000000 -0600 @@ -0,0 +1,3 @@ +#! /bin/sh + +exec /usr/sbin/slapcat -l ldif diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/var/service/ldap/run mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/run --- e-smith-base+ldap-4.19.1/root/var/service/ldap/run 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/run 2008-03-31 10:11:50.000000000 -0600 @@ -0,0 +1,47 @@ +#! /bin/sh + +domain=$(/sbin/e-smith/config get DomainName) +system=$(/sbin/e-smith/config get SystemName) +ldif="/home/e-smith/db/ldap/$domain.ldif" + +./control/1 + +if [ -e ldif ] +then + old_ldif=$(readlink ldif) + if [ "$old_ldif" != "$ldif" ] + then + # The domain name has changed, so we need to delete + # the old directory contents. We still have the old + # dump. + find /var/lib/ldap -type f | xargs rm -f + fi +fi + +# Set up symlink for ldap dump at shutdown +ln -sf $ldif ./ldif + +# Prime directory if required +if [ \! -f /var/lib/ldap/nextid.dbb ] +then + if [ -e "$old_ldif" ] + then + old_base_dn=$(basename $old_ldif | sed -e 's/.ldif$//' -e 's/./,dc=/g' -e 's/^/dc=/') + base_dn=$(echo $domain | sed -e 's/./,dc=/g' -e 's/^/dc=/') + sed -e "s/$old_base_dn/$base_dn/" \ + -e 's/objectClass: group/objectClass: posixGroup/' < $old_ldif | \ + setuidgid ldap slapadd -c + else + if [ \! -e "$ldif" ] + then + /sbin/e-smith/expand-template /home/e-smith/db/ldap/ldif + fi + sed -e 's/objectClass: group/objectClass: posixGroup/' < $ldif | \ + setuidgid ldap slapadd -c + /etc/e-smith/events/actions/ldap-init-accounts + fi +fi + +# Now run daemon +exec /usr/sbin/slapd -4 -u ldap -d 0 \ + -h "ldap://localhost:389 ldap://$system.$domain:389 ldaps://$system.$domain:636"