Changeset 6b52571 for server

Timestamp:

03/26/2015 09:28:49 PM (9 years ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

698293c

Parents:

f515c0c

Message:

More updates to openldap incorporating a consolidated patch.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@15710 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• server/other/openldap.xml (modified) (9 diffs)

server/other/openldap.xml

@@ -76 +76 @@
         <para>
           Required patch:
-          <ulink url="&patch-root;/openldap-&openldap-version;-blfs_paths-1.patch"/>
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          Required patch:
-          <ulink url="&patch-root;/openldap-&openldap-version;-symbol_versions-1.patch"/>
+          <ulink url="&patch-root;/openldap-&openldap-version;-consolidated-1.patch"/>
         </para>
       </listitem>
@@ -123 +117 @@
       </para>
 
-<screen><userinput>patch -Np1 -i ../openldap-&openldap-version;-blfs_paths-1.patch &amp;&amp;
-patch -Np1 -i ../openldap-&openldap-version;-symbol_versions-1.patch &amp;&amp;
+<screen><userinput>patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch &amp;&amp;
 autoconf &amp;&amp;
 
@@ -145 +138 @@
  
     <warning>
-      <para>If upgrading from a previos installation that used Berkely DB as
+      <para>If upgrading from a previos installation that used Berkeley DB as
       the backend, you will need to dump the database(s) using the
       <command>slapcat</command> utility, relocate all files in
@@ -173 +166 @@
     </para>
 
-<screen><userinput>patch -Np1 -i ../openldap-&openldap-version;-blfs_paths-2.patch &amp;&amp;
-patch -Np1 -i ../openldap-&openldap-version;-symbol_versions-1.patch &amp;&amp;
+<screen><userinput>patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch &amp;&amp;
 autoconf &amp;&amp;
 
@@ -212 +204 @@
 <screen role="root"><userinput>make install &amp;&amp;
 
-chmod -v 700 /var/lib/openldap                          &amp;&amp;
-chown -v -R ldap:ldap /var/lib/openldap                 &amp;&amp;
-chmod -v 640 /etc/openldap/slapd.{conf,ldif}            &amp;&amp;
+install -v -dm700 -o ldap -g ldap /var/lib/openldap     &amp;&amp;
+install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d &amp;&amp;
+chmod -v 640       /etc/openldap/slapd.{conf,ldif}      &amp;&amp;
 chown -v root:ldap /etc/openldap/slapd.{conf,ldif}      &amp;&amp;
-sed 's@bdb@mdb@g' -i /etc/openldap/slapd.conf           &amp;&amp;
-install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d &amp;&amp;
-
-install -v -dm755  /usr/share/doc/openldap-&openldap-version;  &amp;&amp;
-cp -vfr doc/drafts /usr/share/doc/openldap-&openldap-version;  &amp;&amp;
-cp -vfr doc/rfc    /usr/share/doc/openldap-&openldap-version;  &amp;&amp;
-cp -vfr doc/guide  /usr/share/doc/openldap-&openldap-version;</userinput></screen>
-
-    <para>
-      Having slapd configuration files and ldap databases in /var/lib/openldap
-      readable by anyone is a SECURITY ISSUE, especially since a file stores
-      admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership
-      were used. Owner is root, so only root can modify the file, and group is
-      ldap, so that the group which owns slapd daemon could read but not modify
-      the file in case of a security breach. 
-    </para>
+
+install -v -dm755              /usr/share/doc/openldap-&openldap-version; &amp;&amp;
+cp -vfr doc/{drafts,rfc,guide} /usr/share/doc/openldap-&openldap-version;</userinput></screen>
 
   </sect2>
@@ -309 +288 @@
     </para>
  
-    <para>
-      <command>sed 's@bdb@mdb@g' -i /etc/openldap/slapd.conf</command>: This
-      command changes the default backend from the deprecated Berkely DB
-      (which was not included in the available backends) to LMDB as is
-      recommended by the OpenLDAP developers.
-    </para>
-
     <note>
       <para>
@@ -323 +295 @@
       </para>
     </note>
+
+    <para>
+      <command>install ...</command>, <command>chown ...</command>,
+      and <command>chmod ...</command>:
+      Having slapd configuration files and ldap databases in /var/lib/openldap
+      readable by anyone is a SECURITY ISSUE, especially since a file stores the
+      admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership
+      were used. The owner is root, so only root can modify the file, and group is
+      ldap, so that the group which owns slapd daemon could read but not modify
+      the file in case of a security breach. 
+    </para>
 
   </sect2>
@@ -384 +367 @@
         <listitem>
           <para>
-            The <ulink url="http://www.openldap.org/doc/admin24/">
-            OpenLDAP 2.4 Administrator's Guide</ulink>
-            (also installed locally in <filename class='directory'>
+            The <ulink url="http://www.openldap.org/doc/admin24/"> OpenLDAP 2.4
+            Administrator's Guide</ulink> (also installed locally in 
+            <filename class='directory'>
             /usr/share/doc/openldap-&openldap-version;/guide/admin</filename>).
           </para>
@@ -462 +445 @@
 #
 # LDAPv3
-# base &lt;&gt; with scope base
+# base &lt;&gt; with scope baseObject
 # filter: (objectclass=*)
 # requesting: namingContexts