diff options
| author | taca <taca@pkgsrc.org> | 2008-06-16 16:04:25 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2008-06-16 16:04:25 +0000 |
| commit | 55a29dc539bb1a3a92fb96d2cbb9612be0098d28 (patch) | |
| tree | 5d099b32eb69364224300973786d9f4d86787626 /sysutils | |
| parent | cd39d2df06c785622fa32d13b0f362b195369c77 (diff) | |
| download | pkgsrc-55a29dc539bb1a3a92fb96d2cbb9612be0098d28.tar.gz | |
Importing smbldap-tools version 0.9.5. It has still experimental phase.
Smbldap-tools is a set of scripts designed to help integrate Samba and
a LDAP directory. They target both users and administrators of unix
systems.
Users can change their password in a way similar to the standard
`passwd' command.
Administrators can perform user and group management command line
actions and synchronise Samba account management consistently.
A version of these tools are bundled with samba, but this set is from
the master development site and is generally more up to date.
Diffstat (limited to 'sysutils')
| -rw-r--r-- | sysutils/smbldap-tools/DESCR | 12 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/MESSAGE | 7 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/Makefile | 94 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/PLIST | 27 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/distinfo | 14 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/patches/patch-aa | 96 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/patches/patch-ab | 96 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/patches/patch-ac | 64 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/patches/patch-ad | 31 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/patches/patch-ae | 40 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/patches/patch-af | 13 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/patches/patch-ag | 13 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/patches/patch-ah | 96 | ||||
| -rw-r--r-- | sysutils/smbldap-tools/patches/patch-ai | 131 |
14 files changed, 734 insertions, 0 deletions
diff --git a/sysutils/smbldap-tools/DESCR b/sysutils/smbldap-tools/DESCR new file mode 100644 index 00000000000..395c3ffeb70 --- /dev/null +++ b/sysutils/smbldap-tools/DESCR @@ -0,0 +1,12 @@ +Smbldap-tools is a set of scripts designed to help integrate Samba and +a LDAP directory. They target both users and administrators of unix +systems. + +Users can change their password in a way similar to the standard +`passwd' command. + +Administrators can perform user and group management command line +actions and synchronise Samba account management consistently. + +A version of these tools are bundled with samba, but this set is from +the master development site and is generally more up to date. diff --git a/sysutils/smbldap-tools/MESSAGE b/sysutils/smbldap-tools/MESSAGE new file mode 100644 index 00000000000..f8fd4d2119d --- /dev/null +++ b/sysutils/smbldap-tools/MESSAGE @@ -0,0 +1,7 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +Please use this package with caution since it includes experimental +patches. + +=========================================================================== diff --git a/sysutils/smbldap-tools/Makefile b/sysutils/smbldap-tools/Makefile new file mode 100644 index 00000000000..bfbf7ac26bd --- /dev/null +++ b/sysutils/smbldap-tools/Makefile @@ -0,0 +1,94 @@ +# $NetBSD: Makefile,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +DISTNAME= smbldap-tools-0.9.5 +CATEGORIES= sysutils net databases +MASTER_SITES= http://download.gna.org/smbldap-tools/packages/ +EXTRACT_SUFX= .tgz + +MAINTAINER= pkgsrc-users@NetBSD.org +HOMEPAGE= https://gna.org/projects/smbldap-tools/ +COMMENT= Set of ldap administration scripts for samba + +DEPENDS+= samba>=3.0.22:../../net/samba +DEPENDS+= p5-perl-ldap>=0.33:../../databases/p5-perl-ldap +DEPENDS+= p5-Crypt-SmbHash>=0.12:../../security/p5-Crypt-SmbHash +DEPENDS+= p5-Digest-SHA1>=2.11:../../security/p5-Digest-SHA1 +DEPENDS+= p5-Unicode-MapUTF8-[0-9]*:../../converters/p5-Unicode-MapUTF8 + +NO_BUILD= yes +USE_TOOLS+= perl:run +WRKSRC= ${WRKDIR}/smbldap-tools-0.9.5 + +SMBLDAP_CONF= smbldap.conf smbldap_bind.conf +SMBLDAP_DOCS= doc/smbldap-tools.html doc/smbldap-tools.pdf +SMBLDAP_EG= doc/slapd.conf doc/smb.conf +SMBLDAP_LIBS= smbldap_tools.pm +SMBLDAP_PASSWD= smbldap-passwd +SMBLDAP_TOOLS= smbldap-groupadd smbldap-groupdel smbldap-groupmod \ + smbldap-groupshow \ + smbldap-useradd smbldap-userdel smbldap-userinfo \ + smbldap-usermod smbldap-usershow +SMBLDAP_UTILS= configure.pl smbldap-populate \ + doc/migration_scripts/smbldap-migrate-pwdump-accounts \ + doc/migration_scripts/smbldap-migrate-pwdump-groups \ + doc/migration_scripts/smbldap-migrate-unix-accounts \ + doc/migration_scripts/smbldap-migrate-unix-groups + +REPLACE_PERL= ${SMBLDAP_LIBS} ${SMBLDAP_PASSWD} ${SMBLDAP_TOOLS} \ + ${SMBLDAP_UTILS} + +SUBST_CLASSES+= path +SUBST_STAGE.path= pre-install +SUBST_FILES.path= configure.pl doc/slapd.conf doc/smb.conf +SUBST_FILES.path+= smbldap_tools.pm smbldap.conf +SUBST_SED.path= -e "s,@PREFIX@,${PREFIX},g" +SUBST_SED.path+= -e "s,@OPENLDAP_VARDIR@,${OPENLDAP_VARDIR},g" +SUBST_SED.path+= -e "s,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR},g" +SUBST_SED.path+= -e "s,@SAMBA_PIDDIR@,${SAMBA_PIDDIR},g" + +SUBST_CLASSES+= conf +SUBST_STAGE.conf= pre-install +SUBST_FILES.conf= configure.pl +SUBST_SED.conf+= -e '/\$$Source: /cvsroot/pkgsrc/sysutils/smbldap-tools/Makefile,v $$]//g' +SUBST_SED.conf+= -e '/\$$Id: Makefile,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $$]//g' + +EGDIR= share/examples/smbldap-tools + +CONF_FILES+= ${EGDIR}/smbldap.conf ${PKG_SYSCONFDIR}/smbldap.conf +CONF_FILES_PERMS+= ${EGDIR}/smbldap_bind.conf \ + ${PKG_SYSCONFDIR}/smbldap_bind.conf \ + ${BINOWN} ${BINGRP} 0600 + +BUILD_DEFS= VARBASE +INSTALLATION_DIRS= bin sbin/smbldap-tools share/doc/smbldap-tools ${EGDIR} + +.include "../../mk/bsd.prefs.mk" + +PKG_SYSCONFSUBDIR?= smbldap-tools +OPENLDAP_VARDIR?= ${VARBASE}/openldap +SAMBA_PIDDIR?= ${VARBASE}/run + +do-install: +.for f in ${SMBLDAP_LIBS} + ${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PERL5_INSTALLVENDORLIB} +.endfor +.for f in ${SMBLDAP_PASSWD} + ${INSTALL_SCRIPT} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/bin +.endfor +.for f in ${SMBLDAP_TOOLS} + ${INSTALL_SCRIPT} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/sbin +.endfor +.for f in ${SMBLDAP_UTILS} + ${INSTALL_SCRIPT} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/sbin/smbldap-tools +.endfor +.for f in ${SMBLDAP_CONF} ${SMBLDAP_EG} + ${INSTALL_DATA} ${WRKSRC}/${f} \ + ${DESTDIR}${PREFIX}/share/examples/smbldap-tools +.endfor +.for f in ${SMBLDAP_DOCS} + ${INSTALL_DATA} ${WRKSRC}/${f} \ + ${DESTDIR}${PREFIX}/share/doc/smbldap-tools +.endfor + +.include "../../lang/perl5/vars.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/sysutils/smbldap-tools/PLIST b/sysutils/smbldap-tools/PLIST new file mode 100644 index 00000000000..7f09cc60548 --- /dev/null +++ b/sysutils/smbldap-tools/PLIST @@ -0,0 +1,27 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ +bin/smbldap-passwd +${PERL5_SUB_INSTALLVENDORLIB}/smbldap_tools.pm +sbin/smbldap-groupadd +sbin/smbldap-groupdel +sbin/smbldap-groupmod +sbin/smbldap-groupshow +sbin/smbldap-useradd +sbin/smbldap-userdel +sbin/smbldap-userinfo +sbin/smbldap-usermod +sbin/smbldap-usershow +sbin/smbldap-tools/configure.pl +sbin/smbldap-tools/smbldap-populate +sbin/smbldap-tools/smbldap-migrate-pwdump-accounts +sbin/smbldap-tools/smbldap-migrate-pwdump-groups +sbin/smbldap-tools/smbldap-migrate-unix-accounts +sbin/smbldap-tools/smbldap-migrate-unix-groups +share/doc/smbldap-tools/smbldap-tools.html +share/doc/smbldap-tools/smbldap-tools.pdf +share/examples/smbldap-tools/slapd.conf +share/examples/smbldap-tools/smb.conf +share/examples/smbldap-tools/smbldap.conf +share/examples/smbldap-tools/smbldap_bind.conf +@dirrm share/examples/smbldap-tools +@dirrm share/doc/smbldap-tools +@dirrm sbin/smbldap-tools diff --git a/sysutils/smbldap-tools/distinfo b/sysutils/smbldap-tools/distinfo new file mode 100644 index 00000000000..718f19e8ae3 --- /dev/null +++ b/sysutils/smbldap-tools/distinfo @@ -0,0 +1,14 @@ +$NetBSD: distinfo,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +SHA1 (smbldap-tools-0.9.5.tgz) = 05534385b6f7d031d0721d64f339bf8d166a68f5 +RMD160 (smbldap-tools-0.9.5.tgz) = 055d7dc059d19ad153412c449d1448858c1fe42c +Size (smbldap-tools-0.9.5.tgz) = 303131 bytes +SHA1 (patch-aa) = f49e131afbead61baafef55bc5d8a5dd700bbf7d +SHA1 (patch-ab) = f785d67107435cc94ed202de84249aa4f95dd7fd +SHA1 (patch-ac) = db681d57c9eb1b6195e77bd7d58431f3bb773421 +SHA1 (patch-ad) = ec00520ae444ed7842e6139bf592b855e0de491f +SHA1 (patch-ae) = b9909ba4c29aa894c133d21fdd73183b51fbc0de +SHA1 (patch-af) = 3eedae8c4fa29736231ffa0a6885a3f416f58d04 +SHA1 (patch-ag) = f8b0f27ab3938f82b22df01c126f75d196157099 +SHA1 (patch-ah) = cd2e2b15061e0f1c0c2d0cf9aedf9d90a106342a +SHA1 (patch-ai) = ed9f750eeb5985846df3fa6652cc8796f1d7736b diff --git a/sysutils/smbldap-tools/patches/patch-aa b/sysutils/smbldap-tools/patches/patch-aa new file mode 100644 index 00000000000..e3faf3b4a13 --- /dev/null +++ b/sysutils/smbldap-tools/patches/patch-aa @@ -0,0 +1,96 @@ +$NetBSD: patch-aa,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +--- configure.pl.orig 2008-04-22 17:13:29.000000000 +0900 ++++ configure.pl +@@ -31,6 +31,7 @@ + + use strict; + use File::Basename; ++use FileHandle; + + # we need to be root to configure the scripts + if ($< != 0) { +@@ -49,16 +50,19 @@ Before starting, check + print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n"; + + # we first check if Samba is up and running +-my $test_smb=`pidof smbd`; +-chomp($test_smb); ++my $test_smb; ++$test_smb = read_pidfile('@SAMBA_PIDDIR@/smbd.pid'); ++if (not defined $test_smb) { ++ $test_smb =`pidof smbd`; ++ chomp($test_smb); ++} ++ + die "\nSamba need to be started first !\n" if ($test_smb eq "" || not defined $test_smb); + + print "Looking for configuration files...\n\n"; + my $smb_conf=""; +-if (-e "/etc/samba/smb.conf") { +- $smb_conf="/etc/samba/smb.conf"; +-} elsif (-e "/usr/local/samba/lib/smb.conf") { +- $smb_conf="/usr/local/samba/lib/smb.conf"; ++if (-e "@PREFIX@/etc/samba/smb.conf") { ++ $smb_conf="@PREFIX@/etc/samba/smb.conf"; + } + print "Samba Configuration File Path [$smb_conf] > "; + chomp(my $config_smb=<STDIN>); +@@ -66,14 +70,7 @@ if ($config_smb ne "") { + $smb_conf=$config_smb; + } + +-my $conf_dir; +-if (-d "/etc/opt/IDEALX/smbldap-tools") { +- $conf_dir="/etc/opt/IDEALX/smbldap-tools/"; +-} elsif (-d "/etc/smbldap-tools") { +- $conf_dir="/etc/smbldap-tools/"; +-} else { +- $conf_dir="/etc/opt/IDEALX/smbldap-tools/"; +-} ++my $conf_dir = '@PKG_SYSCONFDIR@'; + + print "\nThe default directory in which the smbldap configuration files are stored is shown.\n"; + print "If you need to change this, enter the full directory path, then press enter to continue.\n"; +@@ -304,7 +301,7 @@ my $default_user_gidnumber=read_entry(". + + my $default_computer_gidnumber=read_entry(". default computer gidNumber","","515",0); + +-my $userLoginShell=read_entry(". default login shell","","/bin/bash",0); ++my $userLoginShell=read_entry(". default login shell","","/bin/csh",0); + + my $skeletonDir=read_entry(". default skeleton directory","","/etc/skel",0); + +@@ -528,12 +525,12 @@ mailDomain=\"$mailDomain\" + # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but + # prefer Crypt::SmbHash library + with_smbpasswd=\"0\" +-smbpasswd=\"/usr/bin/smbpasswd\" ++smbpasswd=\"@PREFIX@/bin/smbpasswd\" + + # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) + # but prefer Crypt:: libraries + with_slappasswd=\"0\" +-slappasswd=\"/usr/sbin/slappasswd\" ++slappasswd=\"@PREFIX@/sbin/slappasswd\" + + # comment out the following line to get rid of the default banner + # no_banner=\"1\" +@@ -574,5 +571,15 @@ print " $smbldap_bind_conf done.\n"; + $mode=0600; + chmod $mode,"$smbldap_bind_conf","$smbldap_bind_conf.old"; + +- +- ++sub read_pidfile { ++ my($file) = @_; ++ my($fh, $line); ++ ++ $fh = new FileHandle $file; ++ if (defined $fh) { ++ $line = $fh->getline; ++ chomp($line); ++ $fh->close; ++ } ++ return $line; ++} diff --git a/sysutils/smbldap-tools/patches/patch-ab b/sysutils/smbldap-tools/patches/patch-ab new file mode 100644 index 00000000000..b16cf69849f --- /dev/null +++ b/sysutils/smbldap-tools/patches/patch-ab @@ -0,0 +1,96 @@ +$NetBSD: patch-ab,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +--- doc/slapd.conf.orig 2008-04-22 17:13:30.000000000 +0900 ++++ doc/slapd.conf +@@ -2,11 +2,11 @@ + # See slapd.conf(5) for details on configuration options. + # This file should NOT be world readable. + # +-include /etc/openldap/schema/core.schema +-include /etc/openldap/schema/cosine.schema +-include /etc/openldap/schema/inetorgperson.schema +-include /etc/openldap/schema/nis.schema +-include /etc/openldap/schema/samba.schema ++include @PREFIX@/etc/openldap/schema/core.schema ++include @PREFIX@/etc/openldap/schema/cosine.schema ++include @PREFIX@/etc/openldap/schema/inetorgperson.schema ++include @PREFIX@/etc/openldap/schema/nis.schema ++include @PREFIX@/etc/openldap/schema/samba.schema + + schemacheck on + +@@ -17,11 +17,11 @@ allow bind_v2 + # service AND an understanding of referrals. + #referral ldap://root.openldap.org + +-pidfile /var/run/slapd.pid +-argsfile /var/run/slapd.args ++pidfile @OPENLDAP_VARDIR@/run/slapd.pid ++argsfile @OPENLDAP_VARDIR@/run/slapd.args + + # Load dynamic backend modules: +-# modulepath /usr/sbin/openldap ++# modulepath @PREFIX@/lib/openldap + # moduleload back_bdb.la + # moduleload back_ldap.la + # moduleload back_ldbm.la +@@ -33,9 +33,9 @@ argsfile /var/run/slapd.args + # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on + # slapd.pem so that the ldap user or group can read it. Your client software + # may balk at self-signed certificates, however. +-#TLSCertificateFile /etc/openldap/ldap.company.com.pem +-#TLSCertificateKeyFile /etc/openldap/ldap.company.com.key +-#TLSCACertificateFile /etc/openldap/ca.pem ++#TLSCertificateFile @PREFIX@/etc/openldap/ldap.example.com.pem ++#TLSCertificateKeyFile @PREFIX@/etc/openldap/ldap.example.com.key ++#TLSCACertificateFile @PREFIX@/etc/openldap/ca.pem + #TLSCipherSuite :SSLv3 + + # Sample security restrictions +@@ -70,8 +70,8 @@ argsfile /var/run/slapd.args + ####################################################################### + + database bdb +-suffix "dc=company,dc=com" +-rootdn "cn=Manager,dc=company,dc=com" ++suffix "dc=example,dc=com" ++rootdn "cn=Manager,dc=example,dc=com" + # Cleartext passwords, especially for the rootdn, should + # be avoided. See slappasswd(8) and slapd.conf(5) for details. + # Use of strong authentication encouraged. +@@ -81,7 +81,7 @@ rootpw secret + # The database directory MUST exist prior to running slapd AND + # should only be accessible by the slapd and slap tools. + # Mode 700 recommended. +-directory /var/lib/ldap ++directory @OPENLDAP_VARDIR@/openldap-data + lastmod on + + # Indices to maintain for this database +@@ -102,7 +102,7 @@ index default sub + + # users can authenticate and change their password + access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet +- by dn="cn=Manager,dc=company,dc=com" write ++ by dn="cn=Manager,dc=example,dc=com" write + by self write + by anonymous auth + by * none +@@ -110,7 +110,7 @@ access to attrs=userPassword,sambaNTPass + # those 2 parameters must be world readable for password aging to work correctly + # (or use a priviledge account in /etc/ldap.conf to bind to the directory) + access to attrs=shadowLastChange,shadowMax +- by dn="cn=Manager,dc=company,dc=com" write ++ by dn="cn=Manager,dc=example,dc=com" write + by self write + by * read + +@@ -119,7 +119,7 @@ access to * + by * read + + # Replicas of this database +-#replogfile /var/lib/ldap/openldap-master-replog ++#replogfile @OPENLDAP_VARDIR@/openldap-data/openldap-master-replog + #replica host=ldap-1.example.com:389 starttls=critical + # bindmethod=sasl saslmech=GSSAPI + # authcId=host/ldap-master.example.com@EXAMPLE.COM diff --git a/sysutils/smbldap-tools/patches/patch-ac b/sysutils/smbldap-tools/patches/patch-ac new file mode 100644 index 00000000000..c54f1aaa86e --- /dev/null +++ b/sysutils/smbldap-tools/patches/patch-ac @@ -0,0 +1,64 @@ +$NetBSD: patch-ac,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +--- doc/smb.conf.orig 2008-04-22 17:13:30.000000000 +0900 ++++ doc/smb.conf +@@ -5,7 +5,7 @@ + security = user + enable privileges = yes + #interfaces = 192.168.5.11 +- #username map = /etc/samba/smbusers ++ #username map = @PREFIX@/etc/samba/smbusers + server string = Samba Server %v + #security = ads + encrypt passwords = Yes +@@ -20,13 +20,13 @@ + # method 2: + unix password sync = yes + ldap passwd sync = no +- passwd program = /usr/sbin/smbldap-passwd -u "%u" ++ passwd program = @PREFIX@/sbin/smbldap-passwd -u "%u" + passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n" + + log level = 0 + syslog = 0 +- log file = /var/log/samba/log.%U +- max log size = 100000 ++ #log file = /var/log/samba/log.%U ++ #max log size = 100000 + time server = Yes + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + mangling method = hash2 +@@ -45,22 +45,22 @@ + wins support = yes + # passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com" + passdb backend = ldapsam:ldap://127.0.0.1/ +- ldap admin dn = cn=Manager,dc=company,dc=com +- #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com +- ldap suffix = dc=company,dc=com ++ ldap admin dn = cn=Manager,dc=example,dc=com ++ #ldap admin dn = cn=samba,ou=DSA,dc=example,dc=com ++ ldap suffix = dc=example,dc=com + ldap group suffix = ou=Groups + ldap user suffix = ou=Users + ldap machine suffix = ou=Computers + #ldap idmap suffix = ou=Idmap +- add user script = /usr/sbin/smbldap-useradd -m "%u" ++ add user script = @PREFIX@/sbin/smbldap-useradd -m "%u" + #ldap delete dn = Yes +- delete user script = /usr/sbin/smbldap-userdel "%u" +- add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" +- add group script = /usr/sbin/smbldap-groupadd -p "%g" +- #delete group script = /usr/sbin/smbldap-groupdel "%g" +- add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" +- delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" +- set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' ++ delete user script = @PREFIX@/sbin/smbldap-userdel "%u" ++ add machine script = @PREFIX@/sbin/smbldap-useradd -t 0 -w "%u" ++ add group script = @PREFIX@/sbin/smbldap-groupadd -p "%g" ++ #delete group script = @PREFIX@/sbin/smbldap-groupdel "%g" ++ add user to group script = @PREFIX@/sbin/smbldap-groupmod -m "%u" "%g" ++ delete user from group script = @PREFIX@/sbin/smbldap-groupmod -x "%u" "%g" ++ set primary group script = @PREFIX@/sbin/smbldap-usermod -g '%g' '%u' + + # printers configuration + #printer admin = @"Print Operators" diff --git a/sysutils/smbldap-tools/patches/patch-ad b/sysutils/smbldap-tools/patches/patch-ad new file mode 100644 index 00000000000..33adfcfd0cd --- /dev/null +++ b/sysutils/smbldap-tools/patches/patch-ad @@ -0,0 +1,31 @@ +$NetBSD: patch-ad,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +--- smbldap-passwd.orig 2008-04-22 17:13:29.000000000 +0900 ++++ smbldap-passwd +@@ -99,6 +99,17 @@ if ($< != 0) { + system "/bin/stty echo" if (-t STDIN); + print "\n"; + ++ { # Check if user dn is stored in subtree. ++ my $test_conn = connect_ldap_master(); ++ my $usersdn = &get_user_dn($user); ++ if ($usersdn && $usersdn =~ /^dn: uid=(.+?)(,(.*))?$config{usersdn}/) { ++ my ($uid,$subtree) = ("",""); ++ $uid = $1; $subtree = defined($3)?$3 : ""; ++ $config{usersdn} = $subtree . $config{usersdn}; ++ } ++ $test_conn->unbind; ++ } ++ + $config{masterDN}="uid=$user,$config{usersdn}"; + $config{masterPw}="$oldpass"; + $ldap_master=connect_ldap_master(); +@@ -228,7 +239,7 @@ if ( $samba and $update_samba_passwd ) { + my $winmagic = 2147483647; + my $valacctflags = "[U]"; + push(@mods, 'sambaPwdMustChange' => 0); +- push(@mods, 'sambaPwdLastSet' => 0); ++ push(@mods, 'sambaPwdLastSet' => $date); + push(@mods, 'sambaAcctFlags' => $valacctflags); + } + # Let's change nt/lm passwords diff --git a/sysutils/smbldap-tools/patches/patch-ae b/sysutils/smbldap-tools/patches/patch-ae new file mode 100644 index 00000000000..741a0b85665 --- /dev/null +++ b/sysutils/smbldap-tools/patches/patch-ae @@ -0,0 +1,40 @@ +$NetBSD: patch-ae,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +--- smbldap-populate.orig 2008-04-22 17:13:29.000000000 +0900 ++++ smbldap-populate +@@ -214,7 +214,7 @@ uidNumber: $adminUidNumber\n"; + $userHome=~s/\%U/$adminName/; + $entries.="homeDirectory: $userHome\n"; + } else { +- $entries.="homeDirectory: /dev/null\n"; ++ $entries.="homeDirectory: /nonexistent\n"; + } + $entries.="sambaPwdLastSet: 0 + sambaLogonTime: 0 +@@ -240,7 +240,7 @@ sambaLMPassword: XXX + sambaNTPassword: XXX + sambaAcctFlags: [U ] + sambaSID: $config{SID}-$adminrid +-loginShell: /bin/false ++loginShell: /sbin/nologin + gecos: Netbios Domain Administrator + + dn: uid=$guestName,$config{usersdn} +@@ -256,7 +256,7 @@ objectClass: shadowAccount + gidNumber: 514 + uid: $guestName + uidNumber: $guestUidNumber +-homeDirectory: /dev/null ++homeDirectory: /nonexistent + sambaPwdLastSet: 0 + sambaLogonTime: 0 + sambaLogoffTime: 2147483647 +@@ -282,7 +282,7 @@ sambaNTPassword: NO PASSWORDXXXXXXXXXXXX + # account disabled by default + sambaAcctFlags: [NUD ] + sambaSID: $config{SID}-2998 +-loginShell: /bin/false ++loginShell: /sbin/nologin + + dn: cn=Domain Admins,$config{groupsdn} + objectClass: top diff --git a/sysutils/smbldap-tools/patches/patch-af b/sysutils/smbldap-tools/patches/patch-af new file mode 100644 index 00000000000..5202feed0ca --- /dev/null +++ b/sysutils/smbldap-tools/patches/patch-af @@ -0,0 +1,13 @@ +$NetBSD: patch-af,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +--- smbldap-useradd.orig 2008-04-22 17:13:29.000000000 +0900 ++++ smbldap-useradd +@@ -467,7 +467,7 @@ if ( defined( $tmp = $Options{'m'} ) ) { + system "mkdir $userHomeDirectory 2>/dev/null"; + } + system +-"chown -R $userName:$userGidNumber $userHomeDirectory 2>/dev/null"; ++"chown -R $userUidNumber:$userGidNumber $userHomeDirectory 2>/dev/null"; + if ( defined $config{userHomeDirectoryMode} ) { + system + "chmod $config{userHomeDirectoryMode} $userHomeDirectory 2>/dev/null"; diff --git a/sysutils/smbldap-tools/patches/patch-ag b/sysutils/smbldap-tools/patches/patch-ag new file mode 100644 index 00000000000..c9935eba475 --- /dev/null +++ b/sysutils/smbldap-tools/patches/patch-ag @@ -0,0 +1,13 @@ +$NetBSD: patch-ag,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +--- smbldap-usermod.orig 2008-04-22 17:13:29.000000000 +0900 ++++ smbldap-usermod +@@ -626,7 +626,7 @@ if ( defined( $tmp = $Options{'B'} ) ) { + $_sambaAcctFlags = "\[$letters\]"; + push( @mods, 'sambaAcctFlags' => $_sambaAcctFlags ); + } +- push( @mods, 'sambaPwdLastSet' => '0' ); ++ push( @mods, 'sambaPwdLastSet' => time ); + } + else { + $_sambaPwdMustChange = $winmagic; diff --git a/sysutils/smbldap-tools/patches/patch-ah b/sysutils/smbldap-tools/patches/patch-ah new file mode 100644 index 00000000000..b4c093f1224 --- /dev/null +++ b/sysutils/smbldap-tools/patches/patch-ah @@ -0,0 +1,96 @@ +$NetBSD: patch-ah,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +--- smbldap.conf.orig 2008-04-22 17:13:29.000000000 +0900 ++++ smbldap.conf +@@ -58,7 +58,7 @@ sambaDomain="DOMSMB" + # Slave LDAP server + # Ex: slaveLDAP=127.0.0.1 + # If not defined, parameter is set to "127.0.0.1" +-slaveLDAP="ldap.iallanis.info" ++slaveLDAP="ldap.example.info" + + # Slave LDAP port + # If not defined, parameter is set to "389" +@@ -67,7 +67,7 @@ slavePort="389" + # Master LDAP server: needed for write operations + # Ex: masterLDAP=127.0.0.1 + # If not defined, parameter is set to "127.0.0.1" +-masterLDAP="ldap.iallanis.info" ++masterLDAP="ldap.example.info" + + # Master LDAP port + # If not defined, parameter is set to "389" +@@ -92,19 +92,19 @@ verify="require" + + # CA certificate + # see "man Net::LDAP" in start_tls section for more details +-cafile="/etc/smbldap-tools/ca.pem" ++cafile="@PKG_SYSCONFDIR@/ca.pem" + + # certificate to use to connect to the ldap server + # see "man Net::LDAP" in start_tls section for more details +-clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem" ++clientcert="@PKG_SYSCONFDIR@/smbldap-tools.example.info.pem" + + # key certificate to use to connect to the ldap server + # see "man Net::LDAP" in start_tls section for more details +-clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key" ++clientkey="@PKG_SYSCONFDIR@/smbldap-tools.example.info.key" + + # LDAP Suffix + # Ex: suffix=dc=IDEALX,dc=ORG +-suffix="dc=iallanis,dc=info" ++suffix="dc=example,dc=info" + + # Where are stored Users + # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG" +@@ -121,6 +121,14 @@ computersdn="ou=Computers,${suffix}" + # Warning: if 'suffix' is not set here, you must set the full dn for groupsdn + groupsdn="ou=Groups,${suffix}" + ++# Groups objectclasses, as a space-separated list ++# Ex: groupsclasses="top posixGroup" ++groupsclasses="posixGroup groupOfNames" ++ ++# Groups default member (rfc2307bis prohibit empty groups) ++# Ex: groupsdefaultmember="cn=default,${suffix}" ++groupsdefaultmember="cn=default,ou=roles,${suffix}" ++ + # Where are stored Idmap entries (used if samba is a domain member server) + # Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG" + # Warning: if 'suffix' is not set here, you must set the full dn for idmapdn +@@ -151,8 +159,8 @@ crypt_salt_format="%s" + + # Login defs + # Default Login Shell +-# Ex: userLoginShell="/bin/bash" +-userLoginShell="/bin/bash" ++# Ex: userLoginShell="/bin/csh" ++userLoginShell="/bin/csh" + + # Home directory + # Ex: userHome="/home/%U" +@@ -210,7 +218,7 @@ userScript="logon.bat" + # Domain appended to the users "mail"-attribute + # when smbldap-useradd -M is used + # Ex: mailDomain="idealx.com" +-mailDomain="iallanis.info" ++mailDomain="example.info" + + ############################################################################## + # +@@ -221,12 +229,12 @@ mailDomain="iallanis.info" + # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but + # prefer Crypt::SmbHash library + with_smbpasswd="0" +-smbpasswd="/usr/bin/smbpasswd" ++smbpasswd="@PREFIX@/bin/smbpasswd" + + # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) + # but prefer Crypt:: libraries + with_slappasswd="0" +-slappasswd="/usr/sbin/slappasswd" ++slappasswd="@PREFIX@/sbin/slappasswd" + + # comment out the following line to get rid of the default banner + # no_banner="1" diff --git a/sysutils/smbldap-tools/patches/patch-ai b/sysutils/smbldap-tools/patches/patch-ai new file mode 100644 index 00000000000..b51606bcb06 --- /dev/null +++ b/sysutils/smbldap-tools/patches/patch-ai @@ -0,0 +1,131 @@ +$NetBSD: patch-ai,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $ + +--- smbldap_tools.pm.orig 2008-04-22 17:13:29.000000000 +0900 ++++ smbldap_tools.pm +@@ -27,28 +27,9 @@ use Net::LDAP; + use Crypt::SmbHash; + use Unicode::MapUTF8 qw(to_utf8 from_utf8); + +-my $smbldap_conf; +-if ( -e "/etc/smbldap-tools/smbldap.conf" ) { +- $smbldap_conf = "/etc/smbldap-tools/smbldap.conf"; +-} +-else { +- $smbldap_conf = "/etc/opt/IDEALX/smbldap-tools/smbldap.conf"; +-} +- +-my $smbldap_bind_conf; +-if ( -e "/etc/smbldap-tools/smbldap_bind.conf" ) { +- $smbldap_bind_conf = "/etc/smbldap-tools/smbldap_bind.conf"; +-} +-else { +- $smbldap_bind_conf = "/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf"; +-} +-my $samba_conf; +-if ( -e "/etc/samba/smb.conf" ) { +- $samba_conf = "/etc/samba/smb.conf"; +-} +-else { +- $samba_conf = "/usr/local/samba/lib/smb.conf"; +-} ++my $smbldap_conf = "@PKG_SYSCONFDIR@/smbldap.conf"; ++my $smbldap_bind_conf = "@PKG_SYSCONFDIR@/smbldap_bind.conf"; ++my $samba_conf = "@PREFIX@/etc/samba/smb.conf"; + + use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); + use Exporter; +@@ -267,6 +248,15 @@ $config{groupsdn} = get_parameter( "ldap + if ( $config{groupsdn} !~ m/,/ ) { + $config{groupsdn} = $config{groupsdn} . "," . $config{suffix}; + } ++if ( ! defined $config{groupsclasses} ) { ++ $config{groupsclasses} = "top posixGroup"; ++} ++if ( defined $config{groupsdefaultmember} ) { ++ if ( $config{groupsdefaultmember} !~ m/,/ ) { ++ $config{groupsdefaultmember} = ++ $config{groupsdefaultmember} . "," . $config{suffix}; ++ } ++} + $config{computersdn} = get_parameter( "ldap machine suffix", "computersdn" ); + if ( $config{computersdn} !~ m/,/ ) { + $config{computersdn} = $config{computersdn} . "," . $config{suffix}; +@@ -606,8 +596,8 @@ sub add_posix_machine { + 'uid' => "$user", + 'uidNumber' => "$uid", + 'gidNumber' => "$gid", +- 'homeDirectory' => '/dev/null', +- 'loginShell' => '/bin/false', ++ 'homeDirectory' => '/nonexistent', ++ 'loginShell' => '/sbin/nologin', + 'description' => 'Computer', + 'gecos' => 'Computer', + ] +@@ -764,15 +754,22 @@ sub group_add { + if ( $nscd_status == 0 ) { + system "/etc/init.d/nscd start > /dev/null 2>&1"; + } +- my $modify = $ldap->add( +- "cn=$gname,$config{groupsdn}", +- attrs => [ +- objectClass => [ 'top', 'posixGroup' ], +- cn => "$gname", +- gidNumber => "$gid" +- ] ++ ++ my $entry = Net::LDAP::Entry->new(); ++ $entry->dn("cn=$gname,$config{groupsdn}"); ++ $entry->add( ++ objectClass => [ split(' ', $config{groupsclasses}) ], ++ cn => "$gname", ++ gidNumber => "$gid" + ); + ++ if ($config{groupsdefaultmember}) { ++ $entry->add( ++ member => $config{groupsdefaultmember} ++ ); ++ } ++ my $modify = $ldap->add($entry); ++ + $modify->code && die "failed to add entry: ", $modify->error; + return $gid; + } +@@ -1159,6 +1156,22 @@ sub get_next_id($$) { + my $found = 0; + my $next_uid_mesg; + my $nextuid; ++ ++ # retry number ++ my $retrv = 5; ++ # lock directory path ++ my $lockdir = "/tmp/smbldap-useradd"; ++ # wait time ++ my $wtime = 3; ++ # create the lockdir ++ while (!mkdir($lockdir,0755)) { ++ if (--$retrv <= 0) { ++ die "System busy and failed to add entry"; ++ } ++ # if exist the lockdir, wait x second ++ sleep($wtime); ++ } ++ + if ( $ldap_base_dn =~ m/$config{usersdn}/i ) { + + # when adding a new user, we'll check if the uidNumber available is not +@@ -1198,9 +1211,14 @@ sub get_next_id($$) { + # now, look if the id or gid is not already used in /etc/passwd or /etc/group + if ( !getpwuid($nextuid) ) { + $found = 1; ++ ++ # remove the lockdir ++ rmdir($lockdir); + return $nextuid; + } + } ++ # remove the lockdir ++ rmdir($lockdir); + $tries++; + print + "Cannot confirm $attribute $nextuid is free: checking for the next one\n"; |