[debian-edu-commits] debian-edu/ 01/01: Remove unused (and outdated) files etc/ldap/slapd-debian-edu.conf and etc/ldap/slapd-lenny_debian-edu.conf. Add code in postinst to remove the now obsolete conffiles. Add code in postinst to remove the now obsolete conffiles.

Holger Levsen holger at moszumanska.debian.org
Mon Jan 5 19:25:06 UTC 2015


This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch post-jessie-cleanup
in repository debian-edu-config.

commit c67d6d1adfd637be625dfae6fe284904714624c4
Author: Wolfgang Schweer <wschweer at arcor.de>
Date:   Mon Jan 5 09:06:40 2015 +0100

    Remove unused (and outdated) files etc/ldap/slapd-debian-edu.conf and etc/ldap/slapd-lenny_debian-edu.conf. Add code in postinst to remove the now obsolete conffiles. Add code in postinst to remove the now obsolete conffiles.
---
 debian/debian-edu-config.postinst    |   5 +
 etc/ldap/slapd-debian-edu.conf       | 210 -----------------------------------
 etc/ldap/slapd-lenny_debian-edu.conf | 195 --------------------------------
 3 files changed, 5 insertions(+), 405 deletions(-)

diff --git a/debian/debian-edu-config.postinst b/debian/debian-edu-config.postinst
index a0b192f..cf955b4 100644
--- a/debian/debian-edu-config.postinst
+++ b/debian/debian-edu-config.postinst
@@ -236,6 +236,11 @@ configure)
 	rm_conffile debian-edu-config /etc/powerdns/pdns.d/pdns-debian-edu.conf
     fi
 
+    if dpkg --compare-versions "$2" le "1.815"; then
+	rm_conffile debian-edu-config /etc/ldap/slapd-debian-edu.conf
+	rm_conffile debian-edu-config /etc/ldap/slapd-lenny_debian-edu.conf
+    fi
+
     # sssd refuses to read the file if it has any other mode
     chmod 600 /etc/sssd/sssd-debian-edu.conf
     chown root:root /etc/sssd/sssd-debian-edu.conf
diff --git a/etc/ldap/slapd-debian-edu.conf b/etc/ldap/slapd-debian-edu.conf
deleted file mode 100644
index 419f13e..0000000
--- a/etc/ldap/slapd-debian-edu.conf
+++ /dev/null
@@ -1,210 +0,0 @@
-# Allow LDAPv2 binds
-allow bind_v2
-
-# The skolelinux slapd configuration file
-#
-# $Id: slapd-skolelinux.conf,v 1.7 2003/06/27 14:47:20 pere Exp $
-
-# Schema and objectClass definitions
-include         /etc/ldap/schema/core.schema
-include         /etc/ldap/schema/cosine.schema
-include         /etc/ldap/schema/nis.schema
-include         /etc/ldap/schema/courier.schema
-include         /etc/ldap/schema/automount.schema
-include		/etc/ldap/schema/inetorgperson.schema
-include		/etc/ldap/schema/samba.schema
-include		/etc/ldap/schema/lis.schema
-include		/etc/ldap/schema/dhcp.schema
-include		/etc/ldap/schema/dnsdomain2.schema
-include		/etc/ldap/schema/kerberos.schema
-
-# Where the pid file is put. The init.d script
-# will not stop the server if you change this.
-pidfile		/var/run/slapd/slapd.pid
-
-# Read slapd.conf(5) for possible values
-#loglevel	65535
-loglevel	none
-
-rootDSE                 /etc/ldap/rootDSE-debian-edu.ldif
-
-# TLS/SSL
-TLSCACertificateFile    /etc/ldap/ssl/slapd.pem
-TLSCertificateKeyFile   /etc/ldap/ssl/slapd.pem
-TLSCertificateFile      /etc/ldap/ssl/slapd.pem
-#TLSCACertificateFile    /var/lib/pyca/Root/cacert.pem
-#TLSCertificateKeyFile   /var/lib/pyca/ServerCerts/private/cakey.pem
-#TLSCertificateFile      /var/lib/pyca/ServerCerts/cacert.pem
-
-modulepath	/usr/lib/ldap
-moduleload	back_bdb
-moduleload	back_monitor
-
-defaultsearchbase "dc=skole,dc=skolelinux,dc=no"
-security update_ssf=128  simple_bind=128
-
-backend		bdb
-backend		monitor
-
-
-
-#######################################################################
-# ldbm database definitions
-#######################################################################
-
-# The backend type, ldbm, is the default standard
-
-database	bdb
-# Set the database in memory cache size.
-#
-cachesize   4000
-#dbnosync
-sizelimit 4000
-
-# First database
-suffix		"dc=skole,dc=skolelinux,dc=no"
-rootdn		"cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no"
-# Where the database file are physically stored
-directory	"/var/lib/ldap"
-
-# Indices to maintain
-index           objectClass     pres,eq
-index           cn,sn,ou        pres,eq,sub
-index           uid             pres,eq,sub
-index		groupType	eq
-index           uidNumber       eq
-index           gidNumber       eq
-index           memberUid       eq
-index           default         eq
-#for some clients, even if not used
-index		givenname	eq
-index		displayName	eq
-index		telephoneNumber	eq
-
-#samba index
-index sambaSID                          eq
-index sambaPrimaryGroupSID              eq
-index sambaDomainName                   eq
-index sambaGroupType                    eq
-index sambaSIDList                      eq
-
-# PowerDNS index
-index associatedDomain         pres,eq,sub
-
-# Save the time that the entry gets modified
-lastmod on
-
-
-
-# Webmin-ldap-skolelinux use TLS, and PAM authentication use SSL
-# The ssf=128 option is to be used when SL bug 213 and 404 are closed.
-#
-
-access to dn.base="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" 
-	by dn.exact="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wx 
-	by * none break
-
-access to * 
-	by group/lisAclGroup/member="cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 write
-	by dn.exact="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
-	by * none break
-	
-access to dn.base="cn=nextID,ou=variables,dc=skole,dc=skolelinux,dc=no" 
-	attrs=gidNumber
-	by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 write
-	by * read 
-
-# Don not give jradmins access to the userPassword attribute of the higher privileged
-
-access to dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no"
-	attrs=userPassword
-	by self      ssf=128 =wx
-	by anonymous ssf=128 auth
-	by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" none
-	by * none 
-
-access to dn.exact="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no"
-	attrs=userPassword
-	by self      ssf=128 =wx
-	by anonymous ssf=128 auth
-	by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" none
-	by * none 
-
-access to attrs=userPassword
-	by self      ssf=128 =wx
-	by anonymous ssf=128 auth
-	by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
-	by * none 
-
-access to attrs=shadowLastChange
-	by self      ssf=128 =w
-	by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
-	by * none 
-
-#
-# Allow samba to add groupmap information to existing groups.
-#
-access to dn.subtree="ou=group,dc=skole,dc=skolelinux,dc=no"
-	attrs=objectClass,sambaSID,sambaGroupType,displayName,description,sambaSIDList
-	by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 write
-	by * none break
-
-#
-# Ensure samba password hashes.
-#
-# Restricted access to some samba attributes
-# (allow access for admin to don't break old installations)
-# Restricted jradmin from accessing the attributes of the higher privileged
-access to attrs=sambaLMPassword,sambaNTPassword
-	by self ssf=128 =w
-	by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
-	by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
-	by * none
-
-access to attrs=sambaPwdLastSet,sambaPwdCanChange
-	by self ssf=128 =wr
-	by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
-	by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
-	by * read
-
-# Access to samba attributs
-access to attrs=objectClass,sambaSID,sambaPrimaryGroupSID,displayName,sambaPwdMustChange,sambaAcctFlags,sambaGroupType,sambaPasswordHistory,sambaNextRid
-	by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
-	by * read
-
-access to attrs=sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaLogonHours,sambaBadPasswordCount,sambaBadPasswordTime
-	by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
-	by * read
-
-# We store machine-accounts for samba in a private ou
-access to  dn.sub="ou=machines,ou=people,dc=skole,dc=skolelinux,dc=no"  
-	by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no"  ssf=128 =wsr
-	by * read
-
-# Limit access to kerberos data in cn=kerberos
-access to dn.subtree="cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no"
-       by dn.exact="cn=kdc-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no" read
-       by dn.exact="cn=kadmin-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no" write
-       by * none
-
-# Control access to kerberos attributes
-access to attrs=krbPrincipalName,krbPrincipalKey,krbLastPwdChange,krbExtraData
-       by dn.exact="cn=kdc-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no"  read
-       by dn.exact="cn=kadmin-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no"  write
-       by self read
-       by * auth
-
-# Defaultaccess ##FIXME: this ACL for kadmin-service is probably 
-# never active because of prior rules (to be refined above)
-access to *
-       by dn.exact="cn=kadmin-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no" write
-       by * read
-
-# Last database.. back-monitor is nice to have. Use 'cn=monitor' as base
-database monitor
-
-# End of ldapd configuration file
diff --git a/etc/ldap/slapd-lenny_debian-edu.conf b/etc/ldap/slapd-lenny_debian-edu.conf
deleted file mode 100644
index 3cc6132..0000000
--- a/etc/ldap/slapd-lenny_debian-edu.conf
+++ /dev/null
@@ -1,195 +0,0 @@
-# Allow LDAPv2 binds
-allow bind_v2
-
-# The skolelinux slapd configuration file
-#
-# $Id: slapd-skolelinux.conf,v 1.7 2003/06/27 14:47:20 pere Exp $
-
-# Schema and objectClass definitions
-include         /etc/ldap/schema/core.schema
-include         /etc/ldap/schema/cosine.schema
-include         /etc/ldap/schema/nis.schema
-include         /etc/ldap/schema/courier.schema
-include         /etc/ldap/schema/automount.schema
-include		/etc/ldap/schema/inetorgperson.schema
-include		/etc/ldap/schema/samba.schema
-include		/etc/ldap/schema/lis.schema
-include		/etc/ldap/schema/dhcp.schema
-include		/etc/ldap/schema/dnsdomain2.schema
-
-# Where the pid file is put. The init.d script
-# will not stop the server if you change this.
-pidfile		/var/run/slapd/slapd.pid
-
-# Read slapd.conf(5) for possible values
-#loglevel	65535
-loglevel	none
-
-rootDSE                 /etc/ldap/rootDSE-debian-edu.ldif
-
-# TLS/SSL
-TLSCACertificateFile    /etc/ldap/ssl/slapd.pem
-TLSCertificateKeyFile   /etc/ldap/ssl/slapd.pem
-TLSCertificateFile      /etc/ldap/ssl/slapd.pem
-#TLSCACertificateFile    /var/lib/pyca/Root/cacert.pem
-#TLSCertificateKeyFile   /var/lib/pyca/ServerCerts/private/cakey.pem
-#TLSCertificateFile      /var/lib/pyca/ServerCerts/cacert.pem
-
-modulepath	/usr/lib/ldap
-moduleload	back_bdb
-moduleload	back_monitor
-
-defaultsearchbase "dc=skole,dc=skolelinux,dc=no"
-security update_ssf=128  simple_bind=128
-
-backend		bdb
-backend		monitor
-
-
-
-#######################################################################
-# ldbm database definitions
-#######################################################################
-
-# The backend type, ldbm, is the default standard
-
-database	bdb
-# Set the database in memory cache size.
-#
-cachesize   4000
-dbnosync
-sizelimit 4000
-
-# First database
-suffix		"dc=skole,dc=skolelinux,dc=no"
-rootdn		"cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no"
-# Where the database file are physically stored
-directory	"/var/lib/ldap"
-
-# Indices to maintain
-index           objectClass     pres,eq
-index           cn,sn,ou        pres,eq,sub
-index           uid             pres,eq,sub
-index		groupType	eq
-index           uidNumber       eq
-index           gidNumber       eq
-index           memberUid       eq
-index           default         eq
-#for some clients, even if not used
-index		givenname	eq
-index		displayName	eq
-index		telephoneNumber	eq
-
-#samba index
-index sambaSID                          eq
-index sambaPrimaryGroupSID              eq
-index sambaDomainName                   eq
-index sambaGroupType                    eq
-index sambaSIDList                      eq
-
-# PowerDNS index
-index associatedDomain         pres,eq,sub
-
-# Save the time that the entry gets modified
-lastmod on
-
-
-
-# Webmin-ldap-skolelinux use TLS, and PAM authentication use SSL
-# The ssf=128 option is to be used when SL bug 213 and 404 are closed.
-#
-
-access to dn.base="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" 
-	by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wx 
-	by * none break
-
-access to * 
-	by group/lisAclGroup/member="cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 write
-	by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
-	by * none break
-	
-access to dn.base="cn=nextID,ou=Variables,dc=skole,dc=skolelinux,dc=no" 
-	attrs=gidNumber
-	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 write
-	by * read 
-
-# Don not give jradmins access to the userPassword attribute of the higher privileged
-
-access to dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no"
-	attrs=userPassword
-	by self      ssf=128 =wx
-	by anonymous ssf=128 auth
-	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" none
-	by * none 
-
-access to dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no"
-	attrs=userPassword
-	by self      ssf=128 =wx
-	by anonymous ssf=128 auth
-	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" none
-	by * none 
-
-access to attrs=userPassword
-	by self      ssf=128 =wx
-	by anonymous ssf=128 auth
-	by set="[cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
-	by * none 
-
-access to attrs=shadowLastChange
-	by self      ssf=128 =w
-	by set="[cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
-	by * none 
-
-#
-# Allow samba to add groupmap information to existing groups.
-#
-access to dn.subtree="ou=Group,dc=skole,dc=skolelinux,dc=no"
-	attrs=objectClass,sambaSID,sambaGroupType,displayName,description,sambaSIDList
-	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 write
-	by * none break
-
-#
-# Ensure samba password hashes.
-#
-# Restricted access to some samba attributes
-# (allow access for admin to don't break old installations)
-# Restricted jradmin from accessing the attributes of the higher privileged
-access to attrs=sambaLMPassword,sambaNTPassword
-	by self ssf=128 =w
-	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
-	by set="[cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
-	by * none
-
-access to attrs=sambaPwdLastSet,sambaPwdCanChange
-	by self ssf=128 =wr
-	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
-	by set="[cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
-	by * read
-
-# Access to samba attributs
-access to attrs=objectClass,sambaSID,sambaPrimaryGroupSID,displayName,sambaPwdMustChange,sambaAcctFlags,sambaGroupType,sambaPasswordHistory,sambaNextRid
-	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
-	by * read
-
-access to attrs=sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaLogonHours,sambaBadPasswordCount,sambaBadPasswordTime
-	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
-	by * read
-
-# We store machine-accounts for samba in a private ou
-access to  dn.sub="ou=Machines,ou=People,dc=skole,dc=skolelinux,dc=no"  
-	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no"  ssf=128 =wsr
-	by * read
-
-
-# Defaultaccess
-access to * 
-	by * read
-
-# Last database.. back-monitor is nice to have. Use 'cn=monitor' as base
-database monitor
-
-# End of ldapd configuration file

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git



More information about the debian-edu-commits mailing list