Source: openldap
Version: 2.4.41+dfsg-1
Severity: normal
Tags: upstream patch
Hi,
the smbk5pwd module in the slapd-smbk5pwd binary package does not have a manual
page.
The attached patches try to solve the issue:
* 0001-smbk5pwd-makefile-manpage-install-slapo-smbk5pwd.5-m.patch
Create a manual page for smbk5pwd and make sure it gets installed too.
This patch is derived from a patch I sent upstream as part of ITS#8205
* 0002-debian-slapd-.manpages-separate-man-pages-between-t.patch
Make sure the slapo-smbk5pwd.5 manual page does not end up in the slapd
binary package.
I'd appreciate if these patches make it into the next release of Debian's
openldap packages.
Thanks for packaging openldap for Debian!
Best
Peter
PS: support in getting ITS#8205 included upstream is very welcome ;-))
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
>From b3c6acad00eefe300e0e96ae78e36394ba3766e4 Mon Sep 17 00:00:00 2001
From: Peter Marschall <pe...@adpm.de>
Date: Sat, 8 Aug 2015 12:02:12 +0200
Subject: [PATCH 1/2] smbk5pwd-makefile-manpage: install slapo-smbk5pwd.5 man
page
The patch for creating the smbk5pwd manual page is upstreamed as ITS#8205
---
debian/patches/series | 1 +
debian/patches/smbk5pwd-makefile-manpage | 251 +++++++++++++++++++++++++++++++
2 files changed, 252 insertions(+)
create mode 100644 debian/patches/smbk5pwd-makefile-manpage
diff --git a/debian/patches/series b/debian/patches/series
index eda3a18..87dda63 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,6 +10,7 @@ getaddrinfo-is-threadsafe
do-not-second-guess-sonames
contrib-modules-use-dpkg-buildflags
smbk5pwd-makefile
+smbk5pwd-makefile-manpage
autogroup-makefile
lastbind-makefile
lastbind-makefile-manpage
diff --git a/debian/patches/smbk5pwd-makefile-manpage b/debian/patches/smbk5pwd-makefile-manpage
new file mode 100644
index 0000000..a0ed83b
--- /dev/null
+++ b/debian/patches/smbk5pwd-makefile-manpage
@@ -0,0 +1,251 @@
+From: Peter Marschall <pe...@adpm.de>
+Date: Sun, 26 Jul 2015 15:04:26 +0200
+Subject: [PATCH] contrib/smbk5pwd: add man page, install it too
+
+Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
+install the new manual page.
+
+This patch is derived from the corresponding patch upstreamed in ITS#8205
+
+---
+ contrib/slapd-modules/smbk5pwd/Makefile | 14 +-
+ contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 | 179 ++++++++++++++++++++++++
+ 2 files changed, 192 insertions(+), 1 deletion(-)
+ create mode 100644 contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
+
+diff --git a/contrib/slapd-modules/smbk5pwd/Makefile b/contrib/slapd-modules/smbk5pwd/Makefile
+index 676d914..0042a49 100644
+--- a/contrib/slapd-modules/smbk5pwd/Makefile
++++ b/contrib/slapd-modules/smbk5pwd/Makefile
+@@ -25,6 +25,7 @@
+ HEIMDAL_LIB = $(shell krb5-config.heimdal --libs kadm-server)
+
+ LIBTOOL = $(LDAP_BUILD)/debian/build/libtool
++INSTALL = /usr/bin/install
+ CC = gcc
+ OPT = -g -O2 -Wall
+ # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
+@@ -34,6 +35,7 @@
+ LIBS = $(HEIMDAL_LIB) $(LDAP_LIB) $(SSL_LIB)
+
+ PROGRAMS = smbk5pwd.la
++MANPAGES = slapo-smbk5pwd.5
+ LTVER = 0:0:0
+
+ prefix=/usr
+@@ -43,6 +45,8 @@
+ libdir=$(exec_prefix)/lib
+ libexecdir=$(exec_prefix)/libexec
+ moduledir = $(libdir)$(ldap_subdir)
++mandir = $(exec_prefix)/share/man
++man5dir = $(mandir)/man5
+
+ .SUFFIXES: .c .o .lo
+
+@@ -58,9 +62,17 @@
+ clean:
+ $(LIBTOOL) --mode=clean rm -f
+
+-install: $(PROGRAMS)
++install: install-lib install-man FORCE
++
++install-lib: $(PROGRAMS)
+ mkdir -p $(DESTDIR)$(moduledir)
+ for p in $(PROGRAMS) ; do \
+ $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+ done
+
++install-man: $(MANPAGES)
++ mkdir -p $(DESTDIR)$(man5dir)
++ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
++
++FORCE:
++
+diff --git a/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
+new file mode 100644
+index 0000000..431a765
+--- /dev/null
++++ b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
+@@ -0,0 +1,179 @@
++.TH SLAPO-SMBK5PWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
++.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
++.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
++.\" $OpenLDAP$
++.SH NAME
++slapo-smbk5pwd \- Samba & Kerberos password sync overlay to slapd
++.SH SYNOPSIS
++ETCDIR/slapd.conf
++.RS
++.LP
++include
++.B "<path to>/krb5-kdc.schema"
++.LP
++include
++.B "<path to>/samba.schema"
++.LP
++moduleload
++.B smbk5pwd.so
++.LP
++ ...
++.LP
++database mdb
++.LP
++ ...
++.LP
++overlay
++.B smbk5pwd
++.RE
++
++.SH DESCRIPTION
++.LP
++The
++.B smbk5pwd
++overlay to
++.BR slapd (8)
++overloads the Password Modify Extended Operation (RFC 3062) to update
++Kerberos keys and Samba password hashes for an LDAP user, as well as
++updating password change related attributes for Kerberos, Samba and/or
++UNIX user accounts.
++.LP
++The Samba support is written using the Samba 3.0 LDAP schema;
++Kerberos support is written for Heimdal using its hdb-ldap backend.
++.LP
++Additionally, a new
++.B {K5KEY}
++password hash mechanism is provided.
++For
++.B krb5KDCEntry
++objects that have this scheme specifier in their
++.I userPassword
++attribute, Simple Binds will be checked against the Kerberos keys of the entry.
++No data is needed after the
++.B {K5KEY}
++scheme specifier in the
++.IR userPassword ,
++it is looked up from the entry directly.
++
++.SH CONFIGURATION
++The
++.B smbk5pwd
++overlay supports the following
++.B slapd.conf
++configuration options, which should appear after the
++.B overlay
++directive:
++.TP
++.BI smbk5pwd-enable " <module>"
++can be used to enable only the desired modules.
++Legal values for
++.I <module>
++are
++.LP
++.RS
++.TP
++.B krb5
++If the user has the
++.B krb5KDCEntry
++objectclass, update the
++.B krb5Key
++and
++.B krb5KeyVersionNumber
++attributes using the new password in the Password Modify operation,
++provided the Kerberos account is not expired.
++Exiration is determined by evaluating the
++.B krb5ValidEnd
++attribute.
++.TP
++.B samba
++If the user is a
++.B sambaSamAccount
++object, synchronize the
++.B sambaLMPassword
++and
++.B sambaNTPassword
++to the password entered in the Password Modify operation, and update
++.B sambaPwdLastSet
++accordingly.
++.TP
++.B shadow
++Update the attribute
++.BR shadowLastChange ,
++if the entry has the objectclass
++.BR shadowAccount .
++.LP
++By default all modules compiled in are enabled.
++Setting the config statement restricts the enabled modules to the ones
++explicitly mentioned.
++.RE
++.TP
++.BI smbk5pwd-can-change " <seconds>"
++If the
++.B samba
++module is enabled and the user is a
++.BR sambaSamAccount ,
++update the attribute
++.B sambaPwdCanChange
++to point
++.I <seconds>
++into the future, essentially denying any Samba password change until then.
++A value of
++.B 0
++disables this feature.
++.TP
++.BI smbk5pwd-must-change " <seconds>"
++If the
++.B samba
++module is enabled and the user is a
++.BR sambaSamAccount ,
++update the attribute
++.B sambaPwdMustChange
++to point
++.I <seconds>
++into the future, essentially setting the Samba password expiration time.
++A value of
++.B 0
++disables this feature.
++.LP
++Alternatively, the overlay supports table-driven configuration,
++and thus can be run-time loaded and configured via back-config.
++
++.SH EXAMPLE
++The layout of a slapd.d based, table-driven configuration entry looks like:
++.LP
++.EX
++ # {0}smbk5pwd, {1}bdb, config
++ dn: olcOverlay={0}smbk5pwd,olcDatabase={1}mdb,cn=config
++ objectClass: olcOverlayConfig
++ objectClass: olcSmbK5PwdConfig
++ olcOverlay: {0}smbk5pwd
++ olcSmbK5PwdEnable: krb5
++ olcSmbK5PwdEnable: samba
++ olcSmbK5PwdMustChange: 2592000
++.EE
++.LP
++which enables both
++.B krb5
++and
++.B samba
++modules with a Samba password expiration time of 30 days (=
++.B 2592000
++seconds).
++
++.SH SEE ALSO
++.BR slapd.conf (5),
++.BR ldappasswd (1),
++.BR ldap (3),
++.LP
++"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
++.LP
++
++.SH ACKNOWLEDGEMENTS
++This manual page has been writen by Peter Marschall based on the
++module's README file written by Howard Chu.
++.LP
++.B OpenLDAP
++is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
++.B OpenLDAP
++is derived from University of Michigan LDAP 3.3 Release.
++
+--
+2.5.0
+
--
2.5.0
>From 7439b19aa40596b6149db7a5d03b891350e3a5f2 Mon Sep 17 00:00:00 2001
From: Peter Marschall <pe...@adpm.de>
Date: Sat, 8 Aug 2015 12:18:34 +0200
Subject: [PATCH 2/2] debian/slapd*.manpages: separate man pages between the
binary packages
---
debian/slapd-smbk5pwd.manpages | 1 +
debian/slapd.manpages | 25 ++++++++++++++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 debian/slapd-smbk5pwd.manpages
diff --git a/debian/slapd-smbk5pwd.manpages b/debian/slapd-smbk5pwd.manpages
new file mode 100644
index 0000000..9640f35
--- /dev/null
+++ b/debian/slapd-smbk5pwd.manpages
@@ -0,0 +1 @@
+debian/tmp/usr/share/man/man5/slapo-smbk5pwd.5
diff --git a/debian/slapd.manpages b/debian/slapd.manpages
index 5969ae9..72cc5c9 100644
--- a/debian/slapd.manpages
+++ b/debian/slapd.manpages
@@ -1,2 +1,25 @@
-debian/tmp/usr/share/man/man5/slap*.5
+debian/tmp/usr/share/man/man5/slapd*.5
+debian/tmp/usr/share/man/man5/slapo-accesslog.5
+debian/tmp/usr/share/man/man5/slapo-auditlog.5
+debian/tmp/usr/share/man/man5/slapo-chain.5
+debian/tmp/usr/share/man/man5/slapo-collect.5
+debian/tmp/usr/share/man/man5/slapo-constraint.5
+debian/tmp/usr/share/man/man5/slapo-dds.5
+debian/tmp/usr/share/man/man5/slapo-dyngroup.5
+debian/tmp/usr/share/man/man5/slapo-dynlist.5
+debian/tmp/usr/share/man/man5/slapo-lastbind.5
+debian/tmp/usr/share/man/man5/slapo-memberof.5
+debian/tmp/usr/share/man/man5/slapo-pbind.5
+debian/tmp/usr/share/man/man5/slapo-pcache.5
+debian/tmp/usr/share/man/man5/slapo-ppolicy.5
+debian/tmp/usr/share/man/man5/slapo-refint.5
+debian/tmp/usr/share/man/man5/slapo-retcode.5
+debian/tmp/usr/share/man/man5/slapo-rwm.5
+#debian/tmp/usr/share/man/man5/slapo-smbk5pwd.5
+debian/tmp/usr/share/man/man5/slapo-sock.5
+debian/tmp/usr/share/man/man5/slapo-sssvlv.5
+debian/tmp/usr/share/man/man5/slapo-syncprov.5
+debian/tmp/usr/share/man/man5/slapo-translucent.5
+debian/tmp/usr/share/man/man5/slapo-unique.5
+debian/tmp/usr/share/man/man5/slapo-valsort.5
debian/tmp/usr/share/man/man8/slap*.8
--
2.5.0
