deprecated/e-smith-ldap
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

initial commit of file from CVS for e-smith-ldap on Wed 12 Jul 08:58:23 BST 2023

Browse Source
This commit is contained in:
Brian Read
2023-07-12 08:58:23 +01:00
parent a24f2abb0c
commit ae371ebfe0
84 changed files with 3651 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
root/etc/e-smith/templates/etc/hosts.allow/ldap Normal file
View File

@@ -0,0 +1,3 @@
{
"# LDAP servers\n" . $DB->hosts_allow_spec('ldap', 'slapd')
}

20
root/etc/e-smith/templates/etc/openldap/ldap.conf/20ldap-default Normal file
View File

@@ -0,0 +1,20 @@
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable.
#BASE dc=OpenLDAP, dc=Org
#HOST ldap.openldap.org
#HOST ldap.openldap.org ldap-master.openldap.org:666
#PORT 389
BASE { esmith::util::ldapBase ($DomainName); }
HOST localhost
PORT 389
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

7
root/etc/e-smith/templates/etc/openldap/slapd.conf/10schema Normal file
View File

@@ -0,0 +1,7 @@
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/mailRelatedObject.schema

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/11rfc2739schema Normal file
View File

@@ -0,0 +1 @@
include /etc/openldap/schema/rfc2739.schema

3
root/etc/e-smith/templates/etc/openldap/slapd.conf/12pid Normal file
View File

@@ -0,0 +1,3 @@
pidfile /var/run/openldap/slapd.pid

18
root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls Normal file
View File

@@ -0,0 +1,18 @@
TLSCipherSuite { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
TLSProtocolMin { my $TLSProtocolMin = $ldap{TLSProtocolMin} || 'TLSv1.2';
if ( $TLSProtocolMin eq 'SSLv3' ){
$OUT = " 3.0";
} elsif ( $TLSProtocolMin eq 'TLSv1.0' || $TLSProtocolMin eq 'TLSv1' ){
$OUT = " 3.1";
} elsif ( $TLSProtocolMin eq 'TLSv1.1' ){
$OUT = " 3.2";
} elsif ( $TLSProtocolMin eq 'TLSv1.2' ){
$OUT = " 3.3";
}
}
TLSCACertificateFile /etc/openldap/ssl/slapd.pem
TLSCertificateFile /etc/openldap//ssl/slapd.pem
TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem
TLSVerifyClient never

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/40bind_v2 Normal file
View File

@@ -0,0 +1 @@
allow bind_v2

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/45limit Normal file
View File

@@ -0,0 +1 @@
sizelimit unlimited

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/50database Normal file
View File

@@ -0,0 +1 @@
database bdb

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/65suffix Normal file
View File

@@ -0,0 +1 @@
suffix "{ esmith::util::ldapBase ($DomainName); }"

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/66checkpoints Normal file
View File

@@ -0,0 +1 @@
checkpoint 512 5

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/70directory Normal file
View File

@@ -0,0 +1 @@
directory /var/lib/ldap

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/75rootdn Normal file
View File

@@ -0,0 +1 @@
rootdn "cn=root,{ esmith::util::ldapBase ($DomainName); }"

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/80rootpw Normal file
View File

@@ -0,0 +1 @@
rootpw { esmith::util::LdapPassword (); }

5
root/etc/e-smith/templates/etc/openldap/slapd.conf/85passwordHash Normal file
View File

@@ -0,0 +1,5 @@
# Use md5crypt
password-hash \{CRYPT\}
password-crypt-salt-format "$1$%.8s"

6
root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexes Normal file
View File

@@ -0,0 +1,6 @@
# Indices to maintain
#index objectClass eq
index objectClass,uid,uidNumber,gidNumber eq
index memberUid eq
index cn,mail,surname,givenname eq,subinitial

6
root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls05userPassword Normal file
View File

@@ -0,0 +1,6 @@
access to attrs=userPassword
by self peername.ip="127.0.0.1" read
by self ssf=128 read
by anonymous peername.ip="127.0.0.1" auth
by anonymous ssf=128 auth
by * none

18
root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls60sensibleObjects Normal file
View File

@@ -0,0 +1,18 @@
# Anonymous users should only be able to see SME users and groups for addressbook purpose
# Prevent access to system, dummy and machine accounts
access to dn.children=ou=Users,{ esmith::util::ldapBase ($DomainName); } filter=(!(objectClass=inetOrgPerson))
by users peername.ip="127.0.0.1" read
by users ssf=128 read
by anonymous none
access to dn.children=ou=Groups,{ esmith::util::ldapBase ($DomainName); } filter=(!(objectClass=mailboxRelatedObject))
by users peername.ip="127.0.0.1" read
by users ssf=128 read
by anonymous none
access to dn.subtree=ou=Computers,{ esmith::util::ldapBase ($DomainName); }
by users peername.ip="127.0.0.1" read
by users ssf=128 read
by anonymous none

11
root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls70sensibleAttrs Normal file
View File

@@ -0,0 +1,11 @@
{
# Array of attrs which should not be visible anonymously
@anon = ();
# Array of attrs which should not be visible by other users
@users = ();
$OUT .= '';
}

8
root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls72posixAccount Normal file
View File

@@ -0,0 +1,8 @@
{
# Sensible attributes related to posixAccount
push @anon, qw/loginShell gidNumber homeDirectory uidNumber/;
$OUT .= '';
}

8
root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls74shadowAccount Normal file
View File

@@ -0,0 +1,8 @@
{
# Sensible attributes related to shadowAccount
push @anon, qw/shadowExpire shadowFlag shadowInactive shadowLastChange shadowMax shadowMin shadowWarning/;
$OUT .= '';
}

27
root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls80sensibleAcl Normal file
View File

@@ -0,0 +1,27 @@
{
my $anon_attrs = join(",",@anon);
my $users_attrs = join(",",@users);
unless ($anon_attrs eq ''){
$OUT .=<<"HERE";
access to attrs=$anon_attrs
by self peername.ip="127.0.0.1" read
by self ssf=128 read
by users peername.ip="127.0.0.1" read
by users ssf=128 read
by * none
HERE
}
unless ($users_attrs eq ''){
$OUT .=<<"HERE";
access to attrs=$users_attrs
by self peername.ip="127.0.0.1" read
by self ssf=128 read
by * none
HERE
}
}

10
root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls99default Normal file
View File

@@ -0,0 +1,10 @@
{
$anonAccess = (($ldap{'AnonymousAccess'} || 'enabled') eq 'enabled') ? 'read':'none';
$OUT .= '';
}
access to *
by users read
by anonymous {"$anonAccess";}
by * none

4
root/etc/e-smith/templates/etc/rsyslog.conf/32ldap Normal file
View File

@@ -0,0 +1,4 @@
#ldap
:programname, isequal, "slapd" /var/log/ldap/ldap.log
& stop

3
root/etc/e-smith/templates/etc/sysconfig/slapd/05head Normal file
View File

@@ -0,0 +1,3 @@
# OpenLDAP server configuration
# see 'man slapd' for additional information

8
root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS Normal file
View File

@@ -0,0 +1,8 @@
# Where the server will run (-h option)
# - ldapi:/// is required for on-the-fly configuration using client tools
# (use SASL with EXTERNAL mechanism for authentication)
# - default: ldapi:/// ldap:///
# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:///
SLAPD_URLS="ldap:/// ldaps:/// ldapi:///"

4
root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS Normal file
View File

@@ -0,0 +1,4 @@
# Any custom options
SLAPD_OPTIONS=" -4 -d { $ldap{LogLevel} || 256 } -s 0 "

4
root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 Normal file
View File

@@ -0,0 +1,4 @@
# Keytab location for GSSAPI Kerberos authentication
#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"

4
root/etc/e-smith/templates/var/lib/ldap/DB_CONFIG/10memory Normal file
View File

@@ -0,0 +1,4 @@
#
# Set the database in memory cache size.
#
set_cachesize 0 2097152 0

8
root/etc/e-smith/templates/var/lib/ldap/DB_CONFIG/30logs Normal file
View File

@@ -0,0 +1,8 @@
#
# Set log values.
#
set_lg_regionmax 1048576
set_lg_max 10485760
set_lg_bsize 2097152
set_lg_dir /var/log/bdb
set_flags DB_LOG_AUTOREMOVE