Adding debian version 2.4.47+dfsg-3+deb10u7.debian/2.4.47+dfsg-3+deb10u7debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

2 files changed, 303 insertions, 0 deletions

diff --git a/debian/slapd.init b/debian/slapd.init
new file mode 100644
index 0000000..581f0a4
--- /dev/null
+++ b/debian/slapd.init
@@ -0,0 +1,202 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          slapd
+# Required-Start:    $remote_fs $network $syslog
+# Required-Stop:     $remote_fs $network $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: OpenLDAP standalone server (Lightweight Directory Access Protocol)
+### END INIT INFO
+
+# Specify path variable
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+. /lib/lsb/init-functions
+
+# Kill me on all errors
+set -e
+
+# Set the paths to slapd as a variable so that someone who really
+# wants to can override the path in /etc/default/slapd.
+SLAPD=/usr/sbin/slapd
+
+# Stop processing if slapd is not there
+[ -x $SLAPD ] || exit 0
+
+# debconf may have this file descriptor open and it makes things work a bit
+# more reliably if we redirect it as a matter of course.  db_stop will take
+# care of this, but this won't hurt.
+exec 3>/dev/null
+
+# Source the init script configuration
+if [ -f "/etc/default/slapd" ]; then
+	. /etc/default/slapd
+fi
+
+# Load the default location of the slapd config file
+if [ -z "$SLAPD_CONF" ]; then
+	if [ -e /etc/ldap/slapd.d ]; then
+		SLAPD_CONF=/etc/ldap/slapd.d
+	else
+		SLAPD_CONF=/etc/ldap/slapd.conf
+	fi
+fi
+
+# Stop processing if the config file is not there
+if [ ! -r "$SLAPD_CONF" ]; then
+  log_warning_msg "No configuration file was found for slapd at $SLAPD_CONF."
+  # if there is no config at all, we should assume slapd is not running
+  # and exit 0 on stop so that unconfigured packages can be removed.
+  [ "x$1" = xstop ] && exit 0 || exit 1
+fi
+
+# extend options depending on config type
+if [ -f "$SLAPD_CONF" ]; then
+	SLAPD_OPTIONS="-f $SLAPD_CONF $SLAPD_OPTIONS"
+elif [ -d "$SLAPD_CONF" ] ; then
+	SLAPD_OPTIONS="-F $SLAPD_CONF $SLAPD_OPTIONS"
+fi
+
+# Find out the name of slapd's pid file
+if [ -z "$SLAPD_PIDFILE" ]; then
+	# If using old one-file configuration scheme
+	if [ -f "$SLAPD_CONF" ] ; then
+		SLAPD_PIDFILE=`sed -ne 's/^pidfile[[:space:]]\+\(.\+\)/\1/p' \
+			"$SLAPD_CONF"`
+	# Else, if using new directory configuration scheme
+	elif [ -d "$SLAPD_CONF" ] ; then
+		SLAPD_PIDFILE=`sed -ne \
+			's/^olcPidFile:[[:space:]]\+\(.\+\)[[:space:]]*/\1/p' \
+			"$SLAPD_CONF"/'cn=config.ldif'`
+	fi
+fi
+
+# XXX: Breaks upgrading if there is no pidfile (invoke-rc.d stop will fail)
+# -- Torsten
+if [ -z "$SLAPD_PIDFILE" ]; then
+	log_failure_msg "The pidfile for slapd has not been specified"
+	exit 1
+fi
+
+# Pass the user and group to run under to slapd
+if [ "$SLAPD_USER" ]; then
+	SLAPD_OPTIONS="-u $SLAPD_USER $SLAPD_OPTIONS"
+fi
+
+if [ "$SLAPD_GROUP" ]; then
+	SLAPD_OPTIONS="-g $SLAPD_GROUP $SLAPD_OPTIONS"
+fi
+
+# Check whether we were configured to not start the services.
+check_for_no_start() {
+	if [ -n "$SLAPD_NO_START" ]; then
+		echo 'Not starting slapd: SLAPD_NO_START set in /etc/default/slapd' >&2
+		exit 0
+	fi
+	if [ -n "$SLAPD_SENTINEL_FILE" ] && [ -e "$SLAPD_SENTINEL_FILE" ]; then
+		echo "Not starting slapd: $SLAPD_SENTINEL_FILE exists" >&2
+		exit 0
+	fi
+}
+
+# Tell the user that something went wrong and give some hints for
+# resolving the problem.
+report_failure() {
+	log_end_msg 1
+	if [ -n "$reason" ]; then
+		log_failure_msg "$reason"
+	else
+		log_failure_msg "The operation failed but no output was produced."
+
+		if [ -n "$SLAPD_OPTIONS" -o \
+		     -n "$SLAPD_SERVICES" ]; then
+			if [ -z "$SLAPD_SERVICES" ]; then
+				if [ -n "$SLAPD_OPTIONS" ]; then
+					log_failure_msg "Command line used: slapd $SLAPD_OPTIONS"
+				fi
+			else
+				log_failure_msg "Command line used: slapd -h '$SLAPD_SERVICES' $SLAPD_OPTIONS"
+			fi
+		fi
+	fi
+}
+
+# Start the slapd daemon and capture the error message if any to 
+# $reason.
+start_slapd() {
+	# Make sure /var/run/slapd exists with correct permissions
+	if [ ! -d /var/run/slapd ]; then
+		mkdir -p /var/run/slapd
+		[ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" /var/run/slapd
+		[ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" /var/run/slapd
+	fi
+
+	# Make sure the pidfile directory exists with correct permissions
+	piddir=`dirname "$SLAPD_PIDFILE"`
+	if [ ! -d "$piddir" ]; then
+		mkdir -p "$piddir"
+		[ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" "$piddir"
+		[ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" "$piddir"
+	fi
+
+	if [ -z "$SLAPD_SERVICES" ]; then
+		reason="`start-stop-daemon --start --quiet --oknodo \
+			--pidfile "$SLAPD_PIDFILE" \
+			--exec $SLAPD -- $SLAPD_OPTIONS 2>&1`"
+	else
+		reason="`start-stop-daemon --start --quiet --oknodo \
+			--pidfile "$SLAPD_PIDFILE" \
+			--exec $SLAPD -- -h "$SLAPD_SERVICES" $SLAPD_OPTIONS 2>&1`"
+	fi
+
+	# Backward compatibility with OpenLDAP 2.1 client libraries.
+	if [ ! -h /var/run/ldapi ] && [ ! -e /var/run/ldapi ] ; then
+		ln -s slapd/ldapi /var/run/ldapi
+	fi
+}
+
+# Stop the slapd daemon and capture the error message (if any) to
+# $reason.
+stop_slapd() {
+	reason="`start-stop-daemon --stop --quiet --oknodo --retry TERM/10 \
+		--pidfile "$SLAPD_PIDFILE" \
+		--exec $SLAPD 2>&1`"
+}
+
+# Start the OpenLDAP daemons
+start_ldap() {
+	trap 'report_failure' 0
+	log_daemon_msg "Starting OpenLDAP" "slapd"
+	start_slapd
+	trap "-" 0
+	log_end_msg 0
+}
+
+# Stop the OpenLDAP daemons
+stop_ldap() {
+	trap 'report_failure' 0
+	log_daemon_msg "Stopping OpenLDAP" "slapd"
+	stop_slapd
+	trap "-" 0
+	log_end_msg 0
+}
+
+case "$1" in
+  start)
+	check_for_no_start
+  	start_ldap ;;
+  stop)
+  	stop_ldap ;;
+  restart|force-reload)
+	check_for_no_start
+  	stop_ldap
+	start_ldap
+	;;
+  status)
+	status_of_proc -p $SLAPD_PIDFILE $SLAPD slapd
+	;;
+  *)
+  	echo "Usage: $0 {start|stop|restart|force-reload|status}"
+	exit 1
+	;;
+esac
diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif
new file mode 100644
index 0000000..163a8d8
--- /dev/null
+++ b/debian/slapd.init.ldif
@@ -0,0 +1,101 @@
+# Global config:
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+# Where the pid file is put. The init.d script
+# will not stop the server if you change this.
+olcPidFile: /var/run/slapd/slapd.pid
+# List of arguments that were passed to the server
+olcArgsFile: /var/run/slapd/slapd.args
+# Read slapd-config(5) for possible values
+olcLogLevel: none
+# The tool-threads parameter sets the actual amount of cpu's that is used
+# for indexing.
+olcToolThreads: 1
+
+# Frontend settings
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+# The maximum number of entries that is returned for a search operation
+olcSizeLimit: 500
+# Allow unlimited access to local connection from the local root user
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+# Allow unauthenticated read access for schema and base DN autodiscovery
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
+
+# Config db settings
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+# Allow unlimited access to local connection from the local root user
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+olcRootDN: cn=admin,cn=config
+
+# Load schemas
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/ldap/schema/core.ldif
+include: file:///etc/ldap/schema/cosine.ldif
+include: file:///etc/ldap/schema/nis.ldif
+include: file:///etc/ldap/schema/inetorgperson.ldif
+
+# Load module
+dn: cn=module{0},cn=config
+objectClass: olcModuleList
+cn: module{0}
+# Where the dynamically loaded modules are stored
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: back_@BACKEND@
+
+# Set defaults for the backend
+dn: olcBackend=@BACKEND@,cn=config
+objectClass: olcBackendConfig
+olcBackend: @BACKEND@
+
+# The database definition.
+dn: olcDatabase=@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: @BACKENDOBJECTCLASS@
+olcDatabase: @BACKEND@
+# Checkpoint the database periodically in case of system
+# failure and to speed slapd shutdown.
+olcDbCheckpoint: 512 30
+@BACKENDOPTIONS@
+# Save the time that the entry gets modified, for database #1
+olcLastMod: TRUE
+# The base of your directory in database #1
+olcSuffix: @SUFFIX@
+# Where the database file are physically stored for database #1
+olcDbDirectory: /var/lib/ldap
+# olcRootDN directive for specifying a superuser on the database. This
+# is needed for syncrepl.
+olcRootDN: cn=admin,@SUFFIX@
+olcRootPW: @PASSWORD@
+# Indexing options for database #1
+olcDbIndex: objectClass eq
+olcDbIndex: cn,uid eq
+olcDbIndex: uidNumber,gidNumber eq
+olcDbIndex: member,memberUid eq
+# The userPassword by default can be changed by the entry owning it if
+# they are authenticated. Others should not be able to see it, except
+# the admin entry above.
+olcAccess: to attrs=userPassword
+  by self write
+  by anonymous auth
+  by * none
+# Allow update of authenticated user's shadowLastChange attribute.
+# Updating it on password change is implemented at least by libpam-ldap,
+# libpam-ldapd, and the slapo-smbk5pwd overlay.
+olcAccess: to attrs=shadowLastChange
+  by self write
+  by * read
+# The admin dn (olcRootDN) bypasses ACLs and so has total access,
+# everyone else can read everything.
+olcAccess: to *
+  by * read
+