From: root Date: Sat, 7 Jan 2017 20:32:39 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=40275b57c23d44879357b7cf4790fd2742ebd3f9;p=config%2Fhelga%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/.etckeeper b/.etckeeper index 04e2e7a..334eb51 100755 --- a/.etckeeper +++ b/.etckeeper @@ -828,8 +828,7 @@ maybe chmod 0644 'config-archive/etc/openldap/schema/ppolicy.schema,v' maybe chmod 0640 'config-archive/etc/openldap/slapd.conf' maybe chmod 0644 'config-archive/etc/openldap/slapd.conf,v' maybe chmod 0644 'config-archive/etc/openldap/slapd.conf.default,v' -maybe chmod 0644 'config-archive/etc/openldap/slapd.conf.dist' -maybe chmod 0640 'config-archive/etc/openldap/slapd.conf.dist.new' +maybe chmod 0640 'config-archive/etc/openldap/slapd.conf.dist' maybe chmod 0755 'config-archive/etc/pam.d' maybe chmod 0644 'config-archive/etc/pam.d/atd,v' maybe chmod 0644 'config-archive/etc/pam.d/chgpasswd,v' @@ -2043,7 +2042,8 @@ maybe chmod 0644 'openldap/schema/samba.schema' maybe chmod 0644 'openldap/schema/sudo.schema' maybe chgrp 'ldap' 'openldap/slapd.conf' maybe chmod 0640 'openldap/slapd.conf' -maybe chmod 0600 'openldap/slapd.conf.default' +maybe chgrp 'ldap' 'openldap/slapd.conf.default' +maybe chmod 0640 'openldap/slapd.conf.default' maybe chmod 0600 'openldap/slapd.ldif' maybe chmod 0600 'openldap/slapd.ldif.default' maybe chmod 0755 'openldap/ssl' diff --git a/config-archive/etc/openldap/slapd.conf.dist b/config-archive/etc/openldap/slapd.conf.dist index ea9e489..d536b1f 100644 --- a/config-archive/etc/openldap/slapd.conf.dist +++ b/config-archive/etc/openldap/slapd.conf.dist @@ -10,8 +10,8 @@ include /etc/openldap/schema/core.schema # service AND an understanding of referrals. #referral ldap://root.openldap.org -pidfile /var/run/openldap/slapd.pid -argsfile /var/run/openldap/slapd.args +pidfile /run/openldap/slapd.pid +argsfile /run/openldap/slapd.args # Load dynamic backend modules: # modulepath /usr/lib64/openldap/openldap @@ -24,6 +24,7 @@ argsfile /var/run/openldap/slapd.args # moduleload back_null.so # moduleload back_monitor.so # moduleload back_meta.so +# moduleload back_mdb.so # moduleload back_ldap.so # moduleload back_dnssrv.so diff --git a/config-archive/etc/openldap/slapd.conf.dist.new b/config-archive/etc/openldap/slapd.conf.dist.new deleted file mode 100644 index ea9e489..0000000 --- a/config-archive/etc/openldap/slapd.conf.dist.new +++ /dev/null @@ -1,75 +0,0 @@ -# -# See slapd.conf(5) for details on configuration options. -# This file should NOT be world readable. -# -include /etc/openldap/schema/core.schema - -# Define global ACLs to disable default read access. - -# Do not enable referrals until AFTER you have a working directory -# service AND an understanding of referrals. -#referral ldap://root.openldap.org - -pidfile /var/run/openldap/slapd.pid -argsfile /var/run/openldap/slapd.args - -# Load dynamic backend modules: -# modulepath /usr/lib64/openldap/openldap -# moduleload back_sql.so -# moduleload back_sock.so -# moduleload back_shell.so -# moduleload back_relay.so -# moduleload back_perl.so -# moduleload back_passwd.so -# moduleload back_null.so -# moduleload back_monitor.so -# moduleload back_meta.so -# moduleload back_ldap.so -# moduleload back_dnssrv.so - -# Sample security restrictions -# Require integrity protection (prevent hijacking) -# Require 112-bit (3DES or better) encryption for updates -# Require 63-bit encryption for simple bind -# security ssf=1 update_ssf=112 simple_bind=64 - -# Sample access control policy: -# Root DSE: allow anyone to read it -# Subschema (sub)entry DSE: allow anyone to read it -# Other DSEs: -# Allow self write access -# Allow authenticated users read access -# Allow anonymous users to authenticate -# Directives needed to implement policy: -# access to dn.base="" by * read -# access to dn.base="cn=Subschema" by * read -# access to * -# by self write -# by users read -# by anonymous auth -# -# if no access controls are present, the default policy -# allows anyone and everyone to read anything but restricts -# updates to rootdn. (e.g., "access to * by * read") -# -# rootdn can always read and write EVERYTHING! - -####################################################################### -# BDB database definitions -####################################################################### - -database hdb -suffix "dc=my-domain,dc=com" -# -checkpoint 32 30 -rootdn "cn=Manager,dc=my-domain,dc=com" -# Cleartext passwords, especially for the rootdn, should -# be avoid. See slappasswd(8) and slapd.conf(5) for details. -# Use of strong authentication encouraged. -rootpw secret -# The database directory MUST exist prior to running slapd AND -# should only be accessible by the slapd and slap tools. -# Mode 700 recommended. -directory /var/lib/openldap-data -# Indices to maintain -index objectClass eq diff --git a/openldap/slapd.conf b/openldap/slapd.conf index 8d1bdae..fedb914 100644 --- a/openldap/slapd.conf +++ b/openldap/slapd.conf @@ -22,8 +22,8 @@ include /etc/openldap/schema/openssh.schema # service AND an understanding of referrals. #referral ldap://root.openldap.org -pidfile /var/run/openldap/slapd.pid -argsfile /var/run/openldap/slapd.args +pidfile /run/openldap/slapd.pid +argsfile /run/openldap/slapd.args loglevel config ACL stats stats2 @@ -41,6 +41,7 @@ TLSCertificateFile /etc/openldap/ssl/ldap.pem # moduleload back_null.so # moduleload back_monitor.so # moduleload back_meta.so +# moduleload back_mdb.so # moduleload back_ldap.so # moduleload back_dnssrv.so diff --git a/runlevels/default/slapd b/runlevels/default/slapd deleted file mode 120000 index caf57b3..0000000 --- a/runlevels/default/slapd +++ /dev/null @@ -1 +0,0 @@ -/etc/init.d/slapd \ No newline at end of file