[debian-edu-commits] debian-edu/ 01/01: Remove unused (and outdated) files etc/ldap/slapd-debian-edu.conf and etc/ldap/slapd-lenny_debian-edu.conf. Add code in postinst to remove the now obsolete conffiles. Add code in postinst to remove the now obsolete conffiles.
Holger Levsen
holger at moszumanska.debian.org
Mon Jan 5 19:25:06 UTC 2015
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch post-jessie-cleanup
in repository debian-edu-config.
commit c67d6d1adfd637be625dfae6fe284904714624c4
Author: Wolfgang Schweer <wschweer at arcor.de>
Date: Mon Jan 5 09:06:40 2015 +0100
Remove unused (and outdated) files etc/ldap/slapd-debian-edu.conf and etc/ldap/slapd-lenny_debian-edu.conf. Add code in postinst to remove the now obsolete conffiles. Add code in postinst to remove the now obsolete conffiles.
---
debian/debian-edu-config.postinst | 5 +
etc/ldap/slapd-debian-edu.conf | 210 -----------------------------------
etc/ldap/slapd-lenny_debian-edu.conf | 195 --------------------------------
3 files changed, 5 insertions(+), 405 deletions(-)
diff --git a/debian/debian-edu-config.postinst b/debian/debian-edu-config.postinst
index a0b192f..cf955b4 100644
--- a/debian/debian-edu-config.postinst
+++ b/debian/debian-edu-config.postinst
@@ -236,6 +236,11 @@ configure)
rm_conffile debian-edu-config /etc/powerdns/pdns.d/pdns-debian-edu.conf
fi
+ if dpkg --compare-versions "$2" le "1.815"; then
+ rm_conffile debian-edu-config /etc/ldap/slapd-debian-edu.conf
+ rm_conffile debian-edu-config /etc/ldap/slapd-lenny_debian-edu.conf
+ fi
+
# sssd refuses to read the file if it has any other mode
chmod 600 /etc/sssd/sssd-debian-edu.conf
chown root:root /etc/sssd/sssd-debian-edu.conf
diff --git a/etc/ldap/slapd-debian-edu.conf b/etc/ldap/slapd-debian-edu.conf
deleted file mode 100644
index 419f13e..0000000
--- a/etc/ldap/slapd-debian-edu.conf
+++ /dev/null
@@ -1,210 +0,0 @@
-# Allow LDAPv2 binds
-allow bind_v2
-
-# The skolelinux slapd configuration file
-#
-# $Id: slapd-skolelinux.conf,v 1.7 2003/06/27 14:47:20 pere Exp $
-
-# Schema and objectClass definitions
-include /etc/ldap/schema/core.schema
-include /etc/ldap/schema/cosine.schema
-include /etc/ldap/schema/nis.schema
-include /etc/ldap/schema/courier.schema
-include /etc/ldap/schema/automount.schema
-include /etc/ldap/schema/inetorgperson.schema
-include /etc/ldap/schema/samba.schema
-include /etc/ldap/schema/lis.schema
-include /etc/ldap/schema/dhcp.schema
-include /etc/ldap/schema/dnsdomain2.schema
-include /etc/ldap/schema/kerberos.schema
-
-# Where the pid file is put. The init.d script
-# will not stop the server if you change this.
-pidfile /var/run/slapd/slapd.pid
-
-# Read slapd.conf(5) for possible values
-#loglevel 65535
-loglevel none
-
-rootDSE /etc/ldap/rootDSE-debian-edu.ldif
-
-# TLS/SSL
-TLSCACertificateFile /etc/ldap/ssl/slapd.pem
-TLSCertificateKeyFile /etc/ldap/ssl/slapd.pem
-TLSCertificateFile /etc/ldap/ssl/slapd.pem
-#TLSCACertificateFile /var/lib/pyca/Root/cacert.pem
-#TLSCertificateKeyFile /var/lib/pyca/ServerCerts/private/cakey.pem
-#TLSCertificateFile /var/lib/pyca/ServerCerts/cacert.pem
-
-modulepath /usr/lib/ldap
-moduleload back_bdb
-moduleload back_monitor
-
-defaultsearchbase "dc=skole,dc=skolelinux,dc=no"
-security update_ssf=128 simple_bind=128
-
-backend bdb
-backend monitor
-
-
-
-#######################################################################
-# ldbm database definitions
-#######################################################################
-
-# The backend type, ldbm, is the default standard
-
-database bdb
-# Set the database in memory cache size.
-#
-cachesize 4000
-#dbnosync
-sizelimit 4000
-
-# First database
-suffix "dc=skole,dc=skolelinux,dc=no"
-rootdn "cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no"
-# Where the database file are physically stored
-directory "/var/lib/ldap"
-
-# Indices to maintain
-index objectClass pres,eq
-index cn,sn,ou pres,eq,sub
-index uid pres,eq,sub
-index groupType eq
-index uidNumber eq
-index gidNumber eq
-index memberUid eq
-index default eq
-#for some clients, even if not used
-index givenname eq
-index displayName eq
-index telephoneNumber eq
-
-#samba index
-index sambaSID eq
-index sambaPrimaryGroupSID eq
-index sambaDomainName eq
-index sambaGroupType eq
-index sambaSIDList eq
-
-# PowerDNS index
-index associatedDomain pres,eq,sub
-
-# Save the time that the entry gets modified
-lastmod on
-
-
-
-# Webmin-ldap-skolelinux use TLS, and PAM authentication use SSL
-# The ssf=128 option is to be used when SL bug 213 and 404 are closed.
-#
-
-access to dn.base="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no"
- by dn.exact="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wx
- by * none break
-
-access to *
- by group/lisAclGroup/member="cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 write
- by dn.exact="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * none break
-
-access to dn.base="cn=nextID,ou=variables,dc=skole,dc=skolelinux,dc=no"
- attrs=gidNumber
- by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 write
- by * read
-
-# Don not give jradmins access to the userPassword attribute of the higher privileged
-
-access to dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no"
- attrs=userPassword
- by self ssf=128 =wx
- by anonymous ssf=128 auth
- by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" none
- by * none
-
-access to dn.exact="cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no"
- attrs=userPassword
- by self ssf=128 =wx
- by anonymous ssf=128 auth
- by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" none
- by * none
-
-access to attrs=userPassword
- by self ssf=128 =wx
- by anonymous ssf=128 auth
- by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
- by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * none
-
-access to attrs=shadowLastChange
- by self ssf=128 =w
- by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
- by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * none
-
-#
-# Allow samba to add groupmap information to existing groups.
-#
-access to dn.subtree="ou=group,dc=skole,dc=skolelinux,dc=no"
- attrs=objectClass,sambaSID,sambaGroupType,displayName,description,sambaSIDList
- by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 write
- by * none break
-
-#
-# Ensure samba password hashes.
-#
-# Restricted access to some samba attributes
-# (allow access for admin to don't break old installations)
-# Restricted jradmin from accessing the attributes of the higher privileged
-access to attrs=sambaLMPassword,sambaNTPassword
- by self ssf=128 =w
- by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
- by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
- by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * none
-
-access to attrs=sambaPwdLastSet,sambaPwdCanChange
- by self ssf=128 =wr
- by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
- by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
- by group/lisAclGroup/member="cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * read
-
-# Access to samba attributs
-access to attrs=objectClass,sambaSID,sambaPrimaryGroupSID,displayName,sambaPwdMustChange,sambaAcctFlags,sambaGroupType,sambaPasswordHistory,sambaNextRid
- by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
- by * read
-
-access to attrs=sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaLogonHours,sambaBadPasswordCount,sambaBadPasswordTime
- by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
- by * read
-
-# We store machine-accounts for samba in a private ou
-access to dn.sub="ou=machines,ou=people,dc=skole,dc=skolelinux,dc=no"
- by dn.exact="cn=smbadmin,ou=people,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
- by * read
-
-# Limit access to kerberos data in cn=kerberos
-access to dn.subtree="cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no"
- by dn.exact="cn=kdc-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no" read
- by dn.exact="cn=kadmin-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no" write
- by * none
-
-# Control access to kerberos attributes
-access to attrs=krbPrincipalName,krbPrincipalKey,krbLastPwdChange,krbExtraData
- by dn.exact="cn=kdc-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no" read
- by dn.exact="cn=kadmin-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no" write
- by self read
- by * auth
-
-# Defaultaccess ##FIXME: this ACL for kadmin-service is probably
-# never active because of prior rules (to be refined above)
-access to *
- by dn.exact="cn=kadmin-service,cn=kerberos,ou=services,dc=skole,dc=skolelinux,dc=no" write
- by * read
-
-# Last database.. back-monitor is nice to have. Use 'cn=monitor' as base
-database monitor
-
-# End of ldapd configuration file
diff --git a/etc/ldap/slapd-lenny_debian-edu.conf b/etc/ldap/slapd-lenny_debian-edu.conf
deleted file mode 100644
index 3cc6132..0000000
--- a/etc/ldap/slapd-lenny_debian-edu.conf
+++ /dev/null
@@ -1,195 +0,0 @@
-# Allow LDAPv2 binds
-allow bind_v2
-
-# The skolelinux slapd configuration file
-#
-# $Id: slapd-skolelinux.conf,v 1.7 2003/06/27 14:47:20 pere Exp $
-
-# Schema and objectClass definitions
-include /etc/ldap/schema/core.schema
-include /etc/ldap/schema/cosine.schema
-include /etc/ldap/schema/nis.schema
-include /etc/ldap/schema/courier.schema
-include /etc/ldap/schema/automount.schema
-include /etc/ldap/schema/inetorgperson.schema
-include /etc/ldap/schema/samba.schema
-include /etc/ldap/schema/lis.schema
-include /etc/ldap/schema/dhcp.schema
-include /etc/ldap/schema/dnsdomain2.schema
-
-# Where the pid file is put. The init.d script
-# will not stop the server if you change this.
-pidfile /var/run/slapd/slapd.pid
-
-# Read slapd.conf(5) for possible values
-#loglevel 65535
-loglevel none
-
-rootDSE /etc/ldap/rootDSE-debian-edu.ldif
-
-# TLS/SSL
-TLSCACertificateFile /etc/ldap/ssl/slapd.pem
-TLSCertificateKeyFile /etc/ldap/ssl/slapd.pem
-TLSCertificateFile /etc/ldap/ssl/slapd.pem
-#TLSCACertificateFile /var/lib/pyca/Root/cacert.pem
-#TLSCertificateKeyFile /var/lib/pyca/ServerCerts/private/cakey.pem
-#TLSCertificateFile /var/lib/pyca/ServerCerts/cacert.pem
-
-modulepath /usr/lib/ldap
-moduleload back_bdb
-moduleload back_monitor
-
-defaultsearchbase "dc=skole,dc=skolelinux,dc=no"
-security update_ssf=128 simple_bind=128
-
-backend bdb
-backend monitor
-
-
-
-#######################################################################
-# ldbm database definitions
-#######################################################################
-
-# The backend type, ldbm, is the default standard
-
-database bdb
-# Set the database in memory cache size.
-#
-cachesize 4000
-dbnosync
-sizelimit 4000
-
-# First database
-suffix "dc=skole,dc=skolelinux,dc=no"
-rootdn "cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no"
-# Where the database file are physically stored
-directory "/var/lib/ldap"
-
-# Indices to maintain
-index objectClass pres,eq
-index cn,sn,ou pres,eq,sub
-index uid pres,eq,sub
-index groupType eq
-index uidNumber eq
-index gidNumber eq
-index memberUid eq
-index default eq
-#for some clients, even if not used
-index givenname eq
-index displayName eq
-index telephoneNumber eq
-
-#samba index
-index sambaSID eq
-index sambaPrimaryGroupSID eq
-index sambaDomainName eq
-index sambaGroupType eq
-index sambaSIDList eq
-
-# PowerDNS index
-index associatedDomain pres,eq,sub
-
-# Save the time that the entry gets modified
-lastmod on
-
-
-
-# Webmin-ldap-skolelinux use TLS, and PAM authentication use SSL
-# The ssf=128 option is to be used when SL bug 213 and 404 are closed.
-#
-
-access to dn.base="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no"
- by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wx
- by * none break
-
-access to *
- by group/lisAclGroup/member="cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 write
- by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * none break
-
-access to dn.base="cn=nextID,ou=Variables,dc=skole,dc=skolelinux,dc=no"
- attrs=gidNumber
- by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 write
- by * read
-
-# Don not give jradmins access to the userPassword attribute of the higher privileged
-
-access to dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no"
- attrs=userPassword
- by self ssf=128 =wx
- by anonymous ssf=128 auth
- by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" none
- by * none
-
-access to dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no"
- attrs=userPassword
- by self ssf=128 =wx
- by anonymous ssf=128 auth
- by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" none
- by * none
-
-access to attrs=userPassword
- by self ssf=128 =wx
- by anonymous ssf=128 auth
- by set="[cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no]/member & this" none
- by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * none
-
-access to attrs=shadowLastChange
- by self ssf=128 =w
- by set="[cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no]/member & this" none
- by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * none
-
-#
-# Allow samba to add groupmap information to existing groups.
-#
-access to dn.subtree="ou=Group,dc=skole,dc=skolelinux,dc=no"
- attrs=objectClass,sambaSID,sambaGroupType,displayName,description,sambaSIDList
- by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 write
- by * none break
-
-#
-# Ensure samba password hashes.
-#
-# Restricted access to some samba attributes
-# (allow access for admin to don't break old installations)
-# Restricted jradmin from accessing the attributes of the higher privileged
-access to attrs=sambaLMPassword,sambaNTPassword
- by self ssf=128 =w
- by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
- by set="[cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no]/member & this" none
- by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * none
-
-access to attrs=sambaPwdLastSet,sambaPwdCanChange
- by self ssf=128 =wr
- by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
- by set="[cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no]/member & this" none
- by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
- by * read
-
-# Access to samba attributs
-access to attrs=objectClass,sambaSID,sambaPrimaryGroupSID,displayName,sambaPwdMustChange,sambaAcctFlags,sambaGroupType,sambaPasswordHistory,sambaNextRid
- by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
- by * read
-
-access to attrs=sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaLogonHours,sambaBadPasswordCount,sambaBadPasswordTime
- by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
- by * read
-
-# We store machine-accounts for samba in a private ou
-access to dn.sub="ou=Machines,ou=People,dc=skole,dc=skolelinux,dc=no"
- by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
- by * read
-
-
-# Defaultaccess
-access to *
- by * read
-
-# Last database.. back-monitor is nice to have. Use 'cn=monitor' as base
-database monitor
-
-# End of ldapd configuration file
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git
More information about the debian-edu-commits
mailing list