ltb-project / openldap-deb Goto Github PK

View Code? Open in Web Editor NEW

14.0 14.0 13.0 11.63 MB

Debian packages for OpenLDAP

Home Page: http://ltb-project.org/wiki/documentation/openldap-deb

License: GNU General Public License v3.0

Shell 76.95% Elixir 4.11% Makefile 15.50% Euphoria 3.44%

openldap-deb's People

Contributors

Stargazers

Watchers

Forkers

ripple worteks fred49 marciopocebon tchernomax

openldap-deb's Issues

Packages cannot be authenticated!

In stretch apt can't verify packages

wget -O - https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project | sudo apt-key add -
OK

cat /etc/apt/sources.list.d/ltb-project.list 
deb      [arch=amd64] "https://ltb-project.org/debian/stretch" stretch main

apt-get -q -y install openldap-ltb=2.4.45.1
WARNING: The following packages cannot be authenticated!
  berkeleydb-ltb openldap-ltb
E: There were unauthenticated packages and -y was used without --allow-unauthenticated

Compile with --enable-rlookups

This is required to configure olcReverseLookup parameter

explockout compilation fails when building openldap-ltb on Ubuntu 18.04

When building OpenLDAP LTB packages, I get this error:

libtool: install: warning: relinking `explockout.la'
(cd /home/clement/paquet-openldap-debian/openldap-ltb-2.4.47/ltb-project-openldap-explockout-1.0; /bin/bash ../libtool  --mode=relink gcc -g -O2 -Wall -fpic -DCONFIG_FILE="/opt/openldap-2.4.46-el/etc/openldap/explockout.conf" -DDEBUG -version-info 0:0:0 -rpath /home/clement/paquet-openldap-debian/openldap-ltb-2.4.47/debian/tmp/usr/local/openldap/libexec/openldap -module -o explockout.la explockout.lo -lldap_r -llber -L../libraries/liblber/.libs -L../libraries/libldap_r/.libs )
gcc -shared  .libs/explockout.o  -Wl,--rpath -Wl,/usr/local/openldap/lib64 -L/usr/local/openldap/lib64 -lldap_r -L/usr/local/berkeleydb/lib -llber  -Wl,-soname -Wl,explockout.so.0 -o .libs/explockout.so.0.0.0
/usr/bin/ld: cannot find -lldap_r
/usr/bin/ld: cannot find -llber
collect2: error: ld returned 1 exit status
libtool: install: error: relink `explockout.la' with the above command before installing it
Makefile:52: recipe for target 'install' failed
make[1]: *** [install] Error 1
make[1]: Leaving directory '/home/clement/paquet-openldap-debian/openldap-ltb-2.4.47/ltb-project-openldap-explockout-1.0'
debian/rules:41: recipe for target 'install' failed
make: *** [install] Error 2

Wrong permissions ownership of installed binaries

slapd executable, all libs, all slapd modules, etc. are installed with ownership ldap:ldap. But ldap is the demon user for running slapd. This is very bad security practice.

Only the database directory /usr/local/openldap/var/openldap-data must have ownership ldap:ldap. The rest of all files should be installed with ownership root:root (with same permissions like now).

adapt to ppm makefile modifications

Main objectives:

add a make clean phase
use OLDAP_SOURCES and delete LDAP_INC and LDAP_LIBS variables
if possible, use make install and not a manual file copy

provide all backends and overlays as modules

We choosed to compile official backends and overlays in static mode at the beginning of the project. I recnetly had an issue with this choice : OpenAM is using a specific schema with memberOf in it, which is also redefined in memberOf overlay. With this overlay compiled as static, even if the overlay is not loaded in configuration, the schema is defined and we can't include the OpenAM schema.

So I open this issue so we can discuss to change this mode and provide all backends and overlays as modules.

As this will require a change in configuration (moduleload), I plan it for 2.5.

Failed to start slapd service when adding the option -d : Time-Out

Hello,
We installed openldap-ltb package, it was starting, restarting and stopping very well without any problem, but since we added the option "-d" to the slapd-cli.conf file in order to enable the debug we have some issues when starting the slapd service. It failed to start whith a time out message but then when we restart it again it restart with a success.
Do you know why when adding -d option we have this time-out problem?
Thank you in advance for your response.

integrate explockout

integrate explockout
https://github.com/davidcoutadeur/explockout

Add PBKDF2 module

See ltb-project/openldap-rpm#8

erroring during postinstall scripts after upgrade of openldap packages from LTB repo

Hi,
we've experimenting some issues during the upgrade of openldap packages from LTB repository on our openldap server.

The openldap server is 2.4.44 and o.s. is a debian 8

The errors regarding openldap are the following

Can you please help us?

regards

Installing new version of config file /etc/init.d/slapd ...
addgroup: The group `ldap' already exists as a system group. Exiting.
Job for slapd.service failed. See 'systemctl status slapd.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript slapd, action "start" failed.
dpkg: error processing package openldap-ltb (--configure):
subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of openldap-ltb-check-password:
openldap-ltb-check-password depends on openldap-ltb; however:
Package openldap-ltb is not configured yet.

dpkg: error processing package openldap-ltb-check-password (--configure):
dependency problems - leaving unconfigured
Processing triggers for libc-bin (2.19-18+deb8u10) ...
Processing triggers for systemd (215-17+deb8u7) ...
Errors were encountered while processing:
openldap-ltb
openldap-ltb-check-password
E: Sub-process /usr/bin/dpkg returned an error code (1)

use new 2.3 openldap-initscript

use new 2.3 openldap-initscript:
ltb-project/slapd-cli#4

Useless execution right is added to /lib/systemd/system/slapd.service

Hello,
During installation process, execution right is added to the /lib/systemd/system/slapd.service which is useless :

 systemd[1]: Configuration file /lib/systemd/system/slapd.service is marked executable. Please remove executable permission bits. Proceeding anyway.

Fred.

include new openldap-initscript 2.5 release

include new openldap-initscript release
ltb-project/slapd-cli#20
https://github.com/ltb-project/openldap-initscript/releases/tag/v2.5

update to ppm 1.7

when ltb-project/ppm#11 is done, integrate it into deb package.

conflict with remote ldap system user and group during openldap deb install

When I go to install openldap-ltb after following the instructions here, https://ltb-project.org/documentation/openldap-deb#apt_repository , I get this output:

Setting up openldap-ltb (2.4.47.1) ...
addgroup: The group 'ldap' already exists as a system group. Exiting.
adduser: The user 'ldap' already exists, but is not a system user. Exiting.
dpkg: error processing package openldap-ltb (--configure):
installed openldap-ltb package post-installation script subprocess returned error exit status 1
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Errors were encountered while processing:
openldap-ltb
E: Sub-process /usr/bin/dpkg returned an error code (1)

I tried this on the server I am trying to set this up on as well as a fresh server and got the same issue. On Ubuntu Buster. I see that the errors involve the user/group ldap, but I have no idea why this is causing and issue. Thank you for you help.

Sorry for the wrong placement.

Release 2.4.52 packages

Fix ppm issue when checkRDN is set

Fix this issue: ltb-project/ppm#16

Release OpenLDAP 2.4.53

OpenLDAP 2.4.53 was released today

Self Service Password

hi there

I installed Self Service password changer, but how do you launch it?

I cant get any posts on that?

How is the status about Debian packages for stretch?

integration for ppm 1.6

include ppm 1.6 in OpenLDAP packaging.
Changelog : adding cracklib support

systemd service configuration should be tagged as configuration file

I did an upgrade today and noticed that my systemd service file ( /lib/systemd/system/slapd.service) was erased.

It should be tagged as configuration file I think.

Provide packages for 2.4.48

Remove lastbind overlay in OpenLDAP 2.5

It seems that lastbind overlay will be included nativally into OpenLDAP 2.5. (see for example: https://bugs.openldap.org/show_bug.cgi?id=9156)

If it is true, we will have to remove lastbind overlay, and warn users that configuration directives have changed (overlay lastbind -> lastbind on)

Backup directory has not correct permissions

When installing Debian packages and running slapd-cli backup we have an error because backup directory is not writable by ldap user.

Packages for OpenLDAP 2.4.50

OpenLDAP 2.4.50 was released today

make openldap ltb deb pass lintian checks

See:

lintian -c openldap-ltb_2.4.46.1_amd64.deb 
warning: the authors of lintian do not recommend running it with root privileges!
W: openldap-ltb: debian-changelog-line-too-long line 4
W: openldap-ltb: debian-changelog-line-too-long line 5
W: openldap-ltb: debian-changelog-line-too-long line 9
W: openldap-ltb: debian-changelog-line-too-long ... use --no-tag-display-limit to see all (or pipe to a file/program)
E: openldap-ltb: file-in-usr-marked-as-conffile usr/local/openldap/etc/openldap/slapd.conf
E: openldap-ltb: file-in-usr-marked-as-conffile usr/local/openldap/etc/openldap/slapd-cli.conf
E: openldap-ltb: file-in-usr-marked-as-conffile usr/local/openldap/etc/openldap/ldap.conf
E: openldap-ltb: file-in-usr-marked-as-conffile ... use --no-tag-display-limit to see all (or pipe to a file/program)
W: openldap-ltb: unknown-control-file vars
E: openldap-ltb: helper-templates-in-copyright
W: openldap-ltb: readme-debian-contains-debmake-template
W: openldap-ltb: spelling-error-in-description librairies libraries
E: openldap-ltb: dir-in-usr-local usr/local/openldap/
E: openldap-ltb: dir-in-usr-local usr/local/openldap/bin/
E: openldap-ltb: file-in-usr-local usr/local/openldap/bin/ldapadd
W: openldap-ltb: file-in-unusual-dir usr/local/openldap/bin/ldapadd
E: openldap-ltb: file-in-usr-local usr/local/openldap/bin/ldapcompare
W: openldap-ltb: file-in-unusual-dir usr/local/openldap/bin/ldapcompare
E: openldap-ltb: file-in-usr-local usr/local/openldap/bin/ldapdelete
W: openldap-ltb: file-in-unusual-dir usr/local/openldap/bin/ldapdelete
E: openldap-ltb: file-in-usr-local ... use --no-tag-display-limit to see all (or pipe to a file/program)
W: openldap-ltb: file-in-unusual-dir ... use --no-tag-display-limit to see all (or pipe to a file/program)
E: openldap-ltb: dir-in-usr-local usr/local/openldap/etc/
E: openldap-ltb: dir-in-usr-local ... use --no-tag-display-limit to see all (or pipe to a file/program)
E: openldap-ltb: prerm-calls-updaterc.d slapd
E: openldap-ltb: postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/slapd
W: openldap-ltb: command-with-path-in-maintainer-script postinst:8 /usr/sbin/addgroup
W: openldap-ltb: command-with-path-in-maintainer-script postinst:9 /usr/sbin/adduser
W: openldap-ltb: command-with-path-in-maintainer-script postinst:37 /bin/chown
W: openldap-ltb: command-with-path-in-maintainer-script ... use --no-tag-display-limit to see all (or pipe to a file/program)
W: openldap-ltb: maintainer-script-ignores-errors postinst
W: openldap-ltb: maintainer-script-ignores-errors prerm
W: openldap-ltb: maintainer-script-ignores-errors vars
E: openldap-ltb: non-empty-dependency_libs-in-la-file usr/local/openldap/lib64/liblber.la
E: openldap-ltb: non-empty-dependency_libs-in-la-file usr/local/openldap/lib64/libldap.la
E: openldap-ltb: non-empty-dependency_libs-in-la-file usr/local/openldap/lib64/libldap_r.la
E: openldap-ltb: non-empty-dependency_libs-in-la-file ... use --no-tag-display-limit to see all (or pipe to a file/program)
W: openldap-ltb: package-has-unnecessary-activation-of-ldconfig-trigger
W: openldap-ltb: init.d-script-does-not-source-init-functions etc/init.d/slapd

Argon2: Add new algorithm password hashing

Today, security advise to use the Argon2 hashing algorithm.
SH2 and PBKDF2 are become deprecated and I think Argon2 should be the reference.

openldap package not linked to openssl in debian 9.4

linked to libssl-1.0.0, but libssl-1.1.1 is to be used
Need to recompile on debian stretch

Release 2.4.55

OpenLDAP 2.4.55 was released yesterday

OpenLDAP 2.4.55 is now available for download as detailed on our download page:
        https://www.openldap.org/software/download/

and should soon be available on all official mirrors:

        ftp://ftp.openldap.org/pub/OpenLDAP/MIRRORS

This is a maintenance release and is made available for general use. Users of OpenLDAP Software are encouraged to upgrade.

Significant contributors are:

        Howard Chu (Symas Corp)
        Quanah Gibson-Mount (Symas Corp)
        Ondřej Kuzník (Symas Corp)

OpenLDAP 2.4.55 Release (2020/10/26)
        Fixed slapd normalization handling with modrdn (ITS#9370)
        Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
        Contrib
                Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)

MD5(openldap-2.4.55.tgz)= 333a75f42e55b907543fa3a46a620eab
SHA1(openldap-2.4.55.tgz)= 03f67a56b8760abe0d5fdfa06e93542a3f4b8ef4

LMDB 0.9.27 Release (2020/10/26)
        ITS#9376 fix repeated DUPSORT cursor deletes

Build with SLAP_SCHEMA_EXPOSE

From http://tools.ltb-project.org/issues/854

Provided patch:

Index: trunk/debian/paquet-openldap-debian/openldap-ltb-2.4.44/debian/configure
===================================================================
--- trunk/debian/paquet-openldap-debian/openldap-ltb-2.4.44/debian/configure	(revision 419)
+++ trunk/debian/paquet-openldap-debian/openldap-ltb-2.4.44/debian/configure	(working copy)
@@ -5,7 +5,7 @@
 
 
 export CC="gcc"
-export CFLAGS="-DOPENLDAP_FD_SETSIZE=4096 -O2 -g"
+export CFLAGS="-DOPENLDAP_FD_SETSIZE=4096 -DSLAP_SCHEMA_EXPOSE -O2 -g"
 export CPPFLAGS="-I${BDBDIR}/include -I/usr/kerberos/include"
 export LDFLAGS="-L${BDBDIR}/lib"

issue in production with database mdb

Hello,

Since last week, we see a degradation of our ldap behavior in production.
Counting the number of entries takes more than 15 minutes (it usually last less than 2 minutes).
The backup take now 20 minutes but it took less than 4 minutes previously.
We see that the disk access is used on read at almost 100%

We already had a similar behavior due to a mdb file corruption.
The first time on march after a file system saturation on the system disk (the mdb file is on a secondary disk). A second time, on april after a VM uprgrade.
Each time, we solved the issues by deleting the mdb file and letting it be created by replication.

Now, we don't understand the reason of this new corruption. But it is courious to see that the mdb file is corrupted once by month.
Is there a bug or something that has an impact the mdb file?
Is there a way to make the mdb more reliable?

We are using Openldap-ltb 2.4.47 on Ubuntu 16.04.2

Best Regards,
Mejdi

package OpenLDAP-LTB 2.4.45

Package OpenLDAP-LTB 2.4.45 for debian

2.4.51 package for jessie still set root:root owner recursively

Hello,

When upgrading an openldap 2.4.49 to 2.4.51 on ubuntu 16.04 this morning I've seen this problem again #16

In this case we store accesslogs in /usr/local/openldap/var/openldap-accesslog/

# ls -lha /usr/local/openldap/var/
total 20K
drwxr-xr-x  5 root root 4.0K Jan 25  2019 .
drwxr-xr-x 10 root root 4.0K Nov 28  2017 ..
drwxr-xr-x  2 ldap ldap 4.0K Nov 10 10:35 openldap-accesslog
drwxr-xr-x  2 ldap ldap 4.0K Nov 10 10:35 openldap-data
drwxr-xr-x  2 ldap ldap 4.0K Nov 10 10:35 run

Upgrading the package makes :

chown -R root:root ${LDAPSERVERDIR}/var

Witch result to the accesslog folder being set to root:root, and then slapd is unable to restart :

Errors were encountered while processing:
 openldap-ltb
 openldap-ltb-contrib-overlays
 openldap-ltb-mdb-utils
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@ldap:~# ls -lha /usr/local/openldap/var/openldap-accesslog/
total 168K
drwxr-xr-x 2 root root 4.0K Nov 10 10:38 .
drwxr-xr-x 5 root root 4.0K Jan 25  2019 ..
-rw------- 1 root root 156K Oct 26 09:01 data.mdb
-rw------- 1 root root 8.0K Nov 10 10:31 lock.mdb

Thanks

Package should not set root:root owner recursively

When applying this command:

/bin/chown -R root:root ${LDAPSERVERDIR}

the owner modifications are applied recursively.
However, if the directory slapd.d exists in etc/openldap/ and has correct owner root:ldap, it overwrites the owner permissions.
We could instead select more precisely the files with:

/bin/chown root:root ${LDAPSERVERDIR}
/bin/chown -R root:root ${LDAPSERVERDIR}/bin
/bin/chown -R root:root ${LDAPSERVERDIR}/etc/openldap/{DB_CONFIG.example,ldap.conf,ldap.conf.default,ppm.conf,schema,slapd.conf,slapd.conf.default,slapd.ldif,slapd.ldif.default}
/bin/chown -R root:root ${LDAPSERVERDIR}/include
/bin/chown -R root:root ${LDAPSERVERDIR}/lib64
/bin/chown -R root:root ${LDAPSERVERDIR}/libexec
/bin/chown -R root:root ${LDAPSERVERDIR}/sbin
/bin/chown -R root:root ${LDAPSERVERDIR}/var

integrate new 1.5 release of ppm

See https://github.com/davidcoutadeur/ppm/releases/tag/v1.5

Include new ppm 1.8 release

Include new ppm release: https://github.com/ltb-project/ppm/releases/tag/v1.8

Upgrading openldap-ltb package start the slapd service even if it was stopped

Hello,

When debugging #52 I realized that the slapd service is automatically started even if it was stopped before

root@openldap:~# /usr/local/openldap/sbin/slapd-cli status
slapd-cli: [INFO] Using /usr/local/openldap/etc/openldap/slapd-cli.conf for configuration
slapd-cli: [INFO] LDAP Tool Box OpenLDAP init script version 2.5
slapd-cli: [INFO] Process OpenLDAP is not running
slapd-cli: [INFO] Detected suffix: dc=my-domain,dc=com
root@openldap:~# apt install openldap-ltb
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  libfreetype6
Use 'apt autoremove' to remove it.
Suggested packages:
  openldap-ltb-check-password openldap-ltb-contrib-overlays
The following packages will be upgraded:
  openldap-ltb
1 upgraded, 0 newly installed, 0 to remove and 28 not upgraded.
Need to get 1686 kB of archives.
After this operation, 23.6 kB of additional disk space will be used.
Get:1 https://ltb-project.org/debian/jessie jessie/main amd64 openldap-ltb amd64 2.4.51.1 [1686 kB]
Fetched 1686 kB in 0s (5898 kB/s) 
(Reading database ... 27987 files and directories currently installed.)
Preparing to unpack .../openldap-ltb_2.4.51.1_amd64.deb ...
Unpacking openldap-ltb (2.4.51.1) over (2.4.49.1) ...
Processing triggers for ureadahead (0.100.0-19.1) ...
Processing triggers for systemd (229-4ubuntu21.29) ...
Setting up openldap-ltb (2.4.51.1) ...
Installing new version of config file /usr/local/openldap/etc/openldap/ldap.conf ...
slapd.service is not a native service, redirecting to systemd-sysv-install
Executing /lib/systemd/systemd-sysv-install enable slapd
root@openldap:~# /usr/local/openldap/sbin/slapd-cli status
slapd-cli: [INFO] Using /usr/local/openldap/etc/openldap/slapd-cli.conf for configuration
slapd-cli: [INFO] LDAP Tool Box OpenLDAP init script version 2.5
slapd-cli: [INFO] Process OpenLDAP is running (PID 2804)
slapd-cli: [INFO] Listening to services ldap://*:389 ldaps://*:636 ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi
slapd-cli: [INFO] Process usage:  0.0% CPU /  0.0% MEM
slapd-cli: [INFO] Detected suffix: dc=my-domain,dc=com

Could It be possible to make the service stay as it was before the upgrade ? It would make errors like #52 a lot easier to debug and not leave the packages in a unconfigured state.

Thanks

Mark conflict with slapd?

Hello,

at least on Ubuntu 18.04, shouldn't the package slapd be in conflict with these packages?

Installing both at the same time seems to bring some issues due to PATH and overwritten systemd files.

issue with Debian Stretch postinst when attempting to build a Docker image

Hi,
I'm trying to build a docker image using OpenLDAP LTB project and I have an issue with the postinst script.
It requires to have systemctl installed. I don't want to compile openldap, I want reuse Debian packages even if it is no perfect. So is it possible to test if systemctl exists and then call it ?

Fred.

compilation of berkeleydb-ltb packages fails on clean task

Hello,

I tried to compile berkeleydb-ltb package on Ubuntu 18.04, and I get his:

clement@kptn-ubuntu-18-04:~/paquet-berkeleydb-debian/berkeleydb-ltb-4.6.21.NC$ dpkg-buildpackage -us -uc
dpkg-buildpackage: info: source package berkeleydb-ltb
dpkg-buildpackage: info: source version 4.6.21.NC-4-patch4
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by David Coutadeur <[email protected]>
dpkg-buildpackage: info: host architecture amd64
 dpkg-source --before-build berkeleydb-ltb-4.6.21.NC
 fakeroot debian/rules clean
dh clean 
dh: Compatibility levels before 9 are deprecated (level 7 in use)
   debian/rules override_dh_clean
make[1]: Entering directory '/home/clement/paquet-berkeleydb-debian/berkeleydb-ltb-4.6.21.NC'
cd build_unix && make clean
make[2]: Entering directory '/home/clement/paquet-berkeleydb-debian/berkeleydb-ltb-4.6.21.NC/build_unix'
make[2]: *** No rule to make target 'clean'.  Stop.
make[2]: Leaving directory '/home/clement/paquet-berkeleydb-debian/berkeleydb-ltb-4.6.21.NC/build_unix'
debian/rules:24: recipe for target 'override_dh_clean' failed
make[1]: *** [override_dh_clean] Error 2
make[1]: Leaving directory '/home/clement/paquet-berkeleydb-debian/berkeleydb-ltb-4.6.21.NC'
debian/rules:21: recipe for target 'clean' failed
make: *** [clean] Error 2
dpkg-buildpackage: error: fakeroot debian/rules clean subprocess returned exit status 2

use new 2.4 openldap-initscript

See https://github.com/ltb-project/openldap-initscript/releases/tag/v2.4

Changes:

#12 : possibility to disable LDIF wrapping
#13 : manage spaces in syncrepl options values
#14 : remove ExecRestart in systemd service

add debian stretch

as topic states

provide default data and configuration

A good feature would be to provide a default configuration and some sample data so we start with some entries in the directory

Data corruption on data base mdb

Hello,
We installed the package OpenLDAP-ltb on ubuntu 16.04.2 and we have two LDAP data bases working in multi-master mode replication.
We then, imported our data with "slapadd" on each node. On the first node we have all our data which was imported before with "slapdaddd" and we have 9Go in mdb.data.
In the second node, we can't find all the data that was imported with "slapdadd" and still, we have the same size (9Go) in mdb.data.
We cannot explain why we can't find our data in the second node anymore...
Do you have any idea how is that possible ? And do you know if we can recover our data that was imported ?
Thank you in advance for your response and your help.

$ apt install apt-transport-https

cf: documentation link : https://ltb-project.org/documentation/openldap-deb

Regards

ltb-project / openldap-deb Goto Github PK

openldap-deb's People

Contributors

Stargazers

Watchers

Forkers

openldap-deb's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs