/[smeserver]/rpms/e-smith-base+ldap/sme7/e-smith-base+ldap-4.19.1-ldap_fixes.patch
ViewVC logotype

Annotation of /rpms/e-smith-base+ldap/sme7/e-smith-base+ldap-4.19.1-ldap_fixes.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Apr 22 20:57:01 2008 UTC (16 years, 7 months ago) by slords
Branch: MAIN
CVS Tags: e-smith-base+ldap-4_19_1-13_el4_sme, e-smith-base+ldap-4_19_1-16_el4_sme, e-smith-base+ldap-4_19_1-14_el4_sme, e-smith-base+ldap-4_19_1-21_el4_sme, e-smith-base+ldap-4_19_1-30_el4_sme, e-smith-base+ldap-4_19_1-10_el4_sme, e-smith-base+ldap-4_19_1-11_el4_sme, e-smith-base+ldap-4_19_1-18_el4_sme, e-smith-base+ldap-4_19_1-28_el4_sme, e-smith-base+ldap-4_19_1-26_el4_sme, e-smith-base+ldap-4_19_1-19_el4_sme, e-smith-base+ldap-4_19_1-25_el4_sme, e-smith-base+ldap-4_19_1-20_el4_sme, e-smith-base+ldap-4_19_1-23_el4_sme, e-smith-base+ldap-4_19_1-17_el4_sme, e-smith-base+ldap-4_19_1-29_el4_sme, e-smith-base+ldap-4_19_1-24_el4_sme, e-smith-base+ldap-4_19_1-12_el4_sme, e-smith-base+ldap-4_19_1-22_el4_sme
* Tue Apr 22 2008 Daniel B. <daniel@firewall-services.com> 4.19.1-10
- Updated samba.schema (necessary for substr search on sambaSID)
- configured salpd to use md5crypt as hash
- configure ldap.conf to use exop as hash (negociated with ldap server => md5crypt)
- ACL for sambaLMPassword and sambaNTPassword
- Allow unix account lookup in ou=Computers (for machine accounts)
- Remove warnings in ldap.conf template

1 slords 1.1 diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all
2     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all 2008-04-17 09:51:47.000000000 +0200
3     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/cpu.conf/all 2008-04-17 09:37:58.000000000 +0200
4     @@ -32,7 +32,7 @@
5     RANDOM = "false"
6     PASSWORD_FILE = "/etc/passfile"
7     SHADOW_FILE = "/etc/shadowfile"
8     -HASH = "sha1"
9     +HASH = "crypt"
10     #ADD_SCRIPT = "contrib/postaddscript.sh"
11     #DEL_SCRIPT = "foo"
12     SHADOWLASTCHANGE = 11192
13     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password
14     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password 2008-04-17 09:51:47.000000000 +0200
15     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/20pam_password 2008-04-17 09:38:21.000000000 +0200
16     @@ -1 +1 @@
17     -pam_password md5
18     +pam_password exop
19     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd
20     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd 2008-04-17 09:51:47.000000000 +0200
21     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/40nss_base_passwd 2008-04-17 09:39:05.000000000 +0200
22     @@ -2,4 +2,8 @@
23     $OUT .= "nss_base_passwd ou=Users,";
24     $OUT .= esmith::util::ldapBase ($DomainName);
25     $OUT .= '?one';
26     + $OUT .= "\n";
27     + $OUT .= "nss_base_passwd ou=Computers,";
28     + $OUT .= esmith::util::ldapBase ($DomainName);
29     + $OUT .= '?one';
30     }
31     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55bind_policy mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55bind_policy
32     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55bind_policy 2008-04-17 09:51:47.000000000 +0200
33     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/ldap.conf/55bind_policy 2008-04-17 09:39:40.000000000 +0200
34     @@ -1,2 +1,4 @@
35     +{
36     # Allow read /etc/{passwd,groups,shadow} files when ldap is down.
37     +}
38     bind_policy soft
39     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/85passwordHash mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/85passwordHash
40     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/85passwordHash 1970-01-01 01:00:00.000000000 +0100
41     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/85passwordHash 2008-04-17 09:41:03.000000000 +0200
42     @@ -0,0 +1,5 @@
43     +
44     +# This is to use md5crypt
45     +password-hash \{CRYPT\}
46     +password-crypt-salt-format "$1$%.8s"
47     +
48     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls
49     --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls 2008-04-17 09:51:47.000000000 +0200
50     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls 2008-04-17 09:41:52.000000000 +0200
51     @@ -5,6 +5,18 @@
52     by dn="cn=root,{ esmith::util::ldapBase ($DomainName); }" write
53     by * none
54    
55     + access to attr=sambaLMPassword
56     + by self write
57     + by anonymous auth
58     + by dn="cn=root,{ esmith::util::ldapBase ($DomainName); }" write
59     + by * none
60     +
61     + access to attr=sambaNTPassword
62     + by self write
63     + by anonymous auth
64     + by dn="cn=root,{ esmith::util::ldapBase ($DomainName); }" write
65     + by * none
66     +
67     access to *
68     by self write
69     by dn="cn=root,{ esmith::util::ldapBase ($DomainName); }" write
70     diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema
71     --- e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema 2008-04-17 09:51:47.000000000 +0200
72     +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/openldap/schema/samba.schema 2007-03-01 05:55:18.000000000 +0100
73     @@ -14,6 +14,13 @@
74     ## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
75     ## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
76     ##
77     +## Samba4
78     +## 1.3.6.1.4.1.7165.4.1.x - attributetypes
79     +## 1.3.6.1.4.1.7165.4.2.x - objectclasses
80     +## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
81     +## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
82     +## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
83     +##
84     ## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
85     ##
86     ## Run the 'get_next_oid' bash script in this directory to find the
87     @@ -38,6 +45,7 @@
88     # objectIdentifier Samba3 SambaRoot:2
89     # objectIdentifier Samba3Attrib Samba3:1
90     # objectIdentifier Samba3ObjectClass Samba3:2
91     +# objectIdentifier Samba4 SambaRoot:4
92    
93     ########################################################################
94     ## HISTORICAL ##
95     @@ -279,12 +287,12 @@
96     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
97    
98     attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
99     - DESC ''
100     + DESC 'Base64 encoded user parameter string'
101     EQUALITY caseExactMatch
102     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
103    
104     attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
105     - DESC 'Concatenated MD4 hashes of the unicode passwords used on this account'
106     + DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
107     EQUALITY caseIgnoreIA5Match
108     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
109    
110     @@ -295,9 +303,9 @@
111     attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
112     DESC 'Security ID'
113     EQUALITY caseIgnoreIA5Match
114     + SUBSTR caseExactIA5SubstringsMatch
115     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
116    
117     -
118     ##
119     ## Primary group SID, compatible with ntSid
120     ##
121     @@ -376,19 +384,81 @@
122     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
123    
124    
125     -attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
126     - SUP name )
127     +##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
128     +## SUP name )
129    
130     -attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
131     - DESC 'Privileges List'
132     - EQUALITY caseIgnoreIA5Match
133     - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
134     +##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
135     +## DESC 'Privileges List'
136     +## EQUALITY caseIgnoreIA5Match
137     +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
138    
139     attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
140     DESC 'Trust Password Flags'
141     EQUALITY caseIgnoreIA5Match
142     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
143    
144     +# "min password length"
145     +attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
146     + DESC 'Minimal password length (default: 5)'
147     + EQUALITY integerMatch
148     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
149     +
150     +# "password history"
151     +attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
152     + DESC 'Length of Password History Entries (default: 0 => off)'
153     + EQUALITY integerMatch
154     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
155     +
156     +# "user must logon to change password"
157     +attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
158     + DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
159     + EQUALITY integerMatch
160     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
161     +
162     +# "maximum password age"
163     +attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
164     + DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
165     + EQUALITY integerMatch
166     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
167     +
168     +# "minimum password age"
169     +attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
170     + DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
171     + EQUALITY integerMatch
172     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
173     +
174     +# "lockout duration"
175     +attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
176     + DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
177     + EQUALITY integerMatch
178     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
179     +
180     +# "reset count minutes"
181     +attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
182     + DESC 'Reset time after lockout in minutes (default: 30)'
183     + EQUALITY integerMatch
184     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
185     +
186     +# "bad lockout attempt"
187     +attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
188     + DESC 'Lockout users after bad logon attempts (default: 0 => off)'
189     + EQUALITY integerMatch
190     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
191     +
192     +# "disconnect time"
193     +attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
194     + DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
195     + EQUALITY integerMatch
196     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
197     +
198     +# "refuse machine password change"
199     +attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
200     + DESC 'Allow Machine Password changes (default: 0 => off)'
201     + EQUALITY integerMatch
202     + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
203     +
204     +
205     +
206    
207     #######################################################################
208     ## objectClasses used by Samba 3.0 schema ##
209     @@ -438,7 +508,11 @@
210     MUST ( sambaDomainName $
211     sambaSID )
212     MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
213     - sambaAlgorithmicRidBase ) )
214     + sambaAlgorithmicRidBase $
215     + sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
216     + sambaMaxPwdAge $ sambaMinPwdAge $
217     + sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
218     + sambaForceLogoff $ sambaRefuseMachinePwdChange ))
219    
220     ##
221     ## used for idmap_ldap module
222     @@ -457,7 +531,7 @@
223     DESC 'Structural Class for a SID'
224     MUST ( sambaSID ) )
225    
226     -objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
227     +objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
228     DESC 'Samba Configuration Section'
229     MAY ( description ) )
230    
231     @@ -473,8 +547,8 @@
232     sambaStringListoption $ description ) )
233    
234    
235     -objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
236     - DESC 'Samba Privilege'
237     - MUST ( sambaSID )
238     - MAY ( sambaPrivilegeList ) )
239     -
240     +## retired during privilege rewrite
241     +##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
242     +## DESC 'Samba Privilege'
243     +## MUST ( sambaSID )
244     +## MAY ( sambaPrivilegeList ) )

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed