Message ID | 1432329673-6145-1-git-send-email-rdkehn@yahoo.com |
---|---|
State | Superseded |
Headers | show |
Doug, All, On 2015-05-22 16:21 -0500, Doug Kehn spake thusly: > Name Service Switch (NSS) module that allows your LDAP server to provide > user account, group, host name, alias, netgroup, and basically any other > information that you would normally get from /etc flat files or NIS. It > also provides a Pluggable Authentication Module (PAM) to do > authentication to an LDAP server. He! Great! :-) > Signed-off-by: Doug Kehn <rdkehn@yahoo.com> [--SNIP--] > diff --git a/package/nss-pam-ldapd/Config.in b/package/nss-pam-ldapd/Config.in > new file mode 100644 > index 0000000..9dda7a7 > --- /dev/null > +++ b/package/nss-pam-ldapd/Config.in > @@ -0,0 +1,13 @@ > +config BR2_PACKAGE_NSS_PAM_LDAPD > + bool "nss-pam-ldapd" > + depends on BR2_USE_MMU > + depends on BR2_TOOLCHAIN_USES_GLIBC > + help > + nss-pam-ldapd which provides a Name Service Switch (NSS) s/which// > + module that allows your LDAP server to provide user account, > + group, host name, alias, netgroup, and basically any other > + information that you would normally get from /etc flat files > + or NIS. It also provides a Pluggable Authentication Module > + (PAM) to do authentication to an LDAP server. Should the PAM module be alwaus installed, even if we do not have linux-pam installed? I.e. use --enable-pam / --disable-pam accordingly... > + http://arthurdejong.org/nss-pam-ldapd/ Since the package has a dependency on glibc, there's no need to depend on MMU (because glibc already itself is only available on systems with an MMU). Beside, you need to add a comment stating that nss-pam-ldapd needs a (e)glibc toolchain, like explained in the manual, chapter "17.2.2. Dependencies on target and toolchain options" : http://buildroot.net/downloads/manual/manual.html#dependencies-target-toolchain-options like so: comment "nss-pam-ldapd needs an (e)glibc toolchain" depends on !BR2_TOOLCHAIN_USES_GLIBC > diff --git a/package/nss-pam-ldapd/S45nslcd b/package/nss-pam-ldapd/S45nslcd > new file mode 100644 > index 0000000..e9c00f3 > --- /dev/null > +++ b/package/nss-pam-ldapd/S45nslcd > @@ -0,0 +1,31 @@ > +#!/bin/sh > + > +NAME="nslcd" > +DAEMON="/usr/sbin/${NAME}" > +DAEMON_CONF="/etc/${NAME}.conf" > + > +[ -x ${DAEMON} ] || exit 0 Since this script is only installed when nss-pam-ldapd itself is installed, you are guaranteed the daemon will be installed, no need to check for that. > +[ -f ${DAEMON_CONF} ] || exit 0 This variable is used nowhere in this startup script, so get rid of it. If you really need to test that the configuration file exists, just use: if [ ! -f /etc/nslcd.conf ]; then printf "No configuration file\n" >&2 exit 0 # Or '1' to explicitly return an error code fi However, I think it is best to just install the sample config file packaged with nss-pam-ldapd which ensures there *is* a config file on the target, so you don;t even have to check its existence in the startup script. > +case "$1" in > +start) > + echo -n "Starting ${NAME}: " > + start-stop-daemon -S -x ${DAEMON} > + [ $? -eq 0 ] && echo "OK" || echo "FAIL" > + ;; > +stop) > + echo -n "Stopping ${NAME}: " > + start-stop-daemon -K -x ${DAEMON} > + [ $? -eq 0 ] && echo "OK" || echo "FAIL" > + ;; > +restart|reload) > + $0 stop > + $0 start > + ;; > +*) > + echo "Usage: $0 {start|stop|restart|reload}" > + exit 1 > +esac > + > +exit 0 "exit 0" not needed. > diff --git a/package/nss-pam-ldapd/nss-pam-ldapd.hash b/package/nss-pam-ldapd/nss-pam-ldapd.hash > new file mode 100644 > index 0000000..21e61f6 > --- /dev/null > +++ b/package/nss-pam-ldapd/nss-pam-ldapd.hash > @@ -0,0 +1,2 @@ > +# From http://arthurdejong.org/nss-pam-ldapd/ > +md5 1f0517d2c46ca1d8ecdbe23a671edc83 nss-pam-ldapd-0.9.5.tar.gz When upstream only provides an md5 (or no hash at all), we add a locally-computed stronger hash, and we like to use sha256. So add it as thus: # From http://arthurdejong.org/nss-pam-ldapd/ md5 1f0517d2c46ca1d8ecdbe23a671edc83 nss-pam-ldapd-0.9.5.tar.gz # Locally computed: sha256 abcdef1234567890abcdef1234567890 nss-pam-ldapd-0.9.5.tar.gz If you can check the signature (http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-0.9.5.tar.gz.sig) (i.e. you have a path of trust to the signer), you can change the comment as thus; # Locally computed after checking http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-0.9.5.tar.gz.sig: > diff --git a/package/nss-pam-ldapd/nss-pam-ldapd.mk b/package/nss-pam-ldapd/nss-pam-ldapd.mk > new file mode 100644 > index 0000000..a650803 > --- /dev/null > +++ b/package/nss-pam-ldapd/nss-pam-ldapd.mk > @@ -0,0 +1,22 @@ > +################################################################################ > +# > +# nss-pam-ldapd > +# > +################################################################################ > + > +NSS_PAM_LDAPD_VERSION = 0.9.5 > +NSS_PAM_LDAPD_SITE = http://arthurdejong.org/nss-pam-ldapd > +NSS_PAM_LDAPD_LICENSE = LGPLv2.1+ > +NSS_PAM_LDAPD_LICENSE_FILES = LICENSE > +NSS_PAM_LDAPD_INSTALL_STAGING = YES It has a build-dependency on linux-pam: checking security/pam_modutil.h usability... no checking security/pam_modutil.h presence... no checking for security/pam_modutil.h... no configure: error: PAM header files are missing So you need to select it in Config.in (and inherit the dependencies of linux-pam), or depend on it in Config.in, and then add: NSS_PAM_LDAPD_DEPENDENCIES = linux-pam Also, taking into account that linux-pam can be made optional: ifeq ($(BR2_PACKAGE_LINUX_PAM),y) NSS_PAM_LDAPD_CONF_OPTS = --enable-pam NSS_PAM_LDAPD_DEPENDENCIES = linux-pam else NSS_PAM_LDAPD_CONF_OPTS = --enable-pam endif It then breaks because it can't find ldap.h: checking for ldap.h... no configure: error: could not locate <ldap.h> So it probably also needs to depend on openldap: NSS_PAM_LDAPD_DEPENDENCIES += openldap I haven't build further for now, so there might be other dependencies. A simple way to find them is to do a build with just nss-pam-ldapd enabled and see what breaks. > +define NSS_PAM_LDAPD_USERS > + nslcd -1 nslcd -1 * - - - nslcd user > +endef > + > +define NSS_PAM_LDAPD_INSTALL_INIT_SYSV > + $(INSTALL) -m 755 -D package/nss-pam-ldapd/S45nslcd \ > + $(TARGET_DIR)/etc/init.d/S45nslcd > +endef Do you think you could provide a systemd unit file as well? That would be great if you could. ;-) Care to address those issues, then resubmit (and Cc: me please, so I notice). Thanks! :-) Regards, Yann E. MORIN. > +$(eval $(autotools-package)) > -- > 2.4.1 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot
diff --git a/package/Config.in b/package/Config.in index e0c2e2a..1035cab 100644 --- a/package/Config.in +++ b/package/Config.in @@ -981,6 +981,7 @@ menu "Networking" source "package/libwebsockets/Config.in" source "package/neon/Config.in" source "package/nss-mdns/Config.in" + source "package/nss-pam-ldapd/Config.in" source "package/omniorb/Config.in" source "package/openldap/Config.in" source "package/openpgm/Config.in" diff --git a/package/nss-pam-ldapd/Config.in b/package/nss-pam-ldapd/Config.in new file mode 100644 index 0000000..9dda7a7 --- /dev/null +++ b/package/nss-pam-ldapd/Config.in @@ -0,0 +1,13 @@ +config BR2_PACKAGE_NSS_PAM_LDAPD + bool "nss-pam-ldapd" + depends on BR2_USE_MMU + depends on BR2_TOOLCHAIN_USES_GLIBC + help + nss-pam-ldapd which provides a Name Service Switch (NSS) + module that allows your LDAP server to provide user account, + group, host name, alias, netgroup, and basically any other + information that you would normally get from /etc flat files + or NIS. It also provides a Pluggable Authentication Module + (PAM) to do authentication to an LDAP server. + + http://arthurdejong.org/nss-pam-ldapd/ diff --git a/package/nss-pam-ldapd/S45nslcd b/package/nss-pam-ldapd/S45nslcd new file mode 100644 index 0000000..e9c00f3 --- /dev/null +++ b/package/nss-pam-ldapd/S45nslcd @@ -0,0 +1,31 @@ +#!/bin/sh + +NAME="nslcd" +DAEMON="/usr/sbin/${NAME}" +DAEMON_CONF="/etc/${NAME}.conf" + +[ -x ${DAEMON} ] || exit 0 +[ -f ${DAEMON_CONF} ] || exit 0 + +case "$1" in +start) + echo -n "Starting ${NAME}: " + start-stop-daemon -S -x ${DAEMON} + [ $? -eq 0 ] && echo "OK" || echo "FAIL" + ;; +stop) + echo -n "Stopping ${NAME}: " + start-stop-daemon -K -x ${DAEMON} + [ $? -eq 0 ] && echo "OK" || echo "FAIL" + ;; +restart|reload) + $0 stop + $0 start + ;; +*) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac + +exit 0 + diff --git a/package/nss-pam-ldapd/nss-pam-ldapd.hash b/package/nss-pam-ldapd/nss-pam-ldapd.hash new file mode 100644 index 0000000..21e61f6 --- /dev/null +++ b/package/nss-pam-ldapd/nss-pam-ldapd.hash @@ -0,0 +1,2 @@ +# From http://arthurdejong.org/nss-pam-ldapd/ +md5 1f0517d2c46ca1d8ecdbe23a671edc83 nss-pam-ldapd-0.9.5.tar.gz diff --git a/package/nss-pam-ldapd/nss-pam-ldapd.mk b/package/nss-pam-ldapd/nss-pam-ldapd.mk new file mode 100644 index 0000000..a650803 --- /dev/null +++ b/package/nss-pam-ldapd/nss-pam-ldapd.mk @@ -0,0 +1,22 @@ +################################################################################ +# +# nss-pam-ldapd +# +################################################################################ + +NSS_PAM_LDAPD_VERSION = 0.9.5 +NSS_PAM_LDAPD_SITE = http://arthurdejong.org/nss-pam-ldapd +NSS_PAM_LDAPD_LICENSE = LGPLv2.1+ +NSS_PAM_LDAPD_LICENSE_FILES = LICENSE +NSS_PAM_LDAPD_INSTALL_STAGING = YES + +define NSS_PAM_LDAPD_USERS + nslcd -1 nslcd -1 * - - - nslcd user +endef + +define NSS_PAM_LDAPD_INSTALL_INIT_SYSV + $(INSTALL) -m 755 -D package/nss-pam-ldapd/S45nslcd \ + $(TARGET_DIR)/etc/init.d/S45nslcd +endef + +$(eval $(autotools-package))
Name Service Switch (NSS) module that allows your LDAP server to provide user account, group, host name, alias, netgroup, and basically any other information that you would normally get from /etc flat files or NIS. It also provides a Pluggable Authentication Module (PAM) to do authentication to an LDAP server. Signed-off-by: Doug Kehn <rdkehn@yahoo.com> --- package/Config.in | 1 + package/nss-pam-ldapd/Config.in | 13 +++++++++++++ package/nss-pam-ldapd/S45nslcd | 31 +++++++++++++++++++++++++++++++ package/nss-pam-ldapd/nss-pam-ldapd.hash | 2 ++ package/nss-pam-ldapd/nss-pam-ldapd.mk | 22 ++++++++++++++++++++++ 5 files changed, 69 insertions(+) create mode 100644 package/nss-pam-ldapd/Config.in create mode 100644 package/nss-pam-ldapd/S45nslcd create mode 100644 package/nss-pam-ldapd/nss-pam-ldapd.hash create mode 100644 package/nss-pam-ldapd/nss-pam-ldapd.mk