$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
DEFS = -DSLAPD_OVER_ADREMAP=SLAPD_MOD_DYNAMIC
LIBS = $(LDAP_LIB)
PROGRAMS = adremap.la
+MANPAGES = slapo-adremap.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
DEFS =
LIBS = $(LDAP_LIB)
PROGRAMS = allop.la
+MANPAGES = slapo-allop.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
DEFS = -DSLAPD_OVER_CLOAK=SLAPD_MOD_DYNAMIC
LIBS = $(LDAP_LIB)
PROGRAMS = cloak.la
+MANPAGES = slapo-cloak.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
DEFS = -DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC
LIBS = $(LDAP_LIB)
PROGRAMS = lastbind.la
+MANPAGES = slapo-lastbind.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
DEFS = -DSLAPD_OVER_LASTMOD=SLAPD_MOD_DYNAMIC
LIBS = $(LDAP_LIB)
PROGRAMS = lastmod.la
+MANPAGES = slapo-lastmod.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
DEFS = -DSLAPD_OVER_NOPS=SLAPD_MOD_DYNAMIC
LIBS = $(LDAP_LIB)
PROGRAMS = nops.la
+MANPAGES = slapo-nops.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
NLDAPD_INC=-Inss-pam-ldapd
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
OPT = -g -O2 -Wall
CC = gcc
DEFS =
moduledir = $(libexecdir)$(ldap_subdir)
sysconfdir = $(prefix)/etc$(ldap_subdir)
schemadir = $(sysconfdir)/schema
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
all: nssov.la
OBJS = alias.lo ether.lo group.lo host.lo netgroup.lo network.lo \
nssov.lo passwd.lo protocol.lo rpc.lo service.lo shadow.lo pam.lo
+MANPAGES = slapo-nssov.5
+
.SUFFIXES: .c .o .lo
.c.lo:
$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
-rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS)
-install: nssov.la
+install: install-lib install-man FORCE
+
+install-lib: nssov.la
mkdir -p $(DESTDIR)$(moduledir)
$(LIBTOOL) --mode=install cp nssov.la $(DESTDIR)$(moduledir)
cp ldapns.schema $(DESTDIR)$(schemadir)
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
clean:
rm -f *.*o *.la .libs/*
rm -rf .libs
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
DEFS =
LIBS = $(LDAP_LIB)
PROGRAMS = pw-kerberos.la pw-netscape.la pw-radius.la pw-apr1.la
+MANPAGES = slapd-pw-radius.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
#DEFS = -DSLAPD_PBKDF2_DEBUG
LIBS = $(LDAP_LIB) -lcrypto
PROGRAMS = pw-pbkdf2.la
+MANPAGES = slapd-pw-pbkdf2.5
LTVER = 0:0:0
#prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
--- /dev/null
+.TH SLAPD-PW-PBKDF2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-pw-pbkdf2 \- SHA-2 password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-pbkdf2
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-pbkdf2
+module to
+.BR slapd (8)
+provides support for the use of the key stretching function
+PBKDF2 (Password-Based Key Derivation Function 2) following RFC 2898
+in hashed passwords in OpenLDAP.
+.LP
+It does so by providing the following additional password schemes for use in slapd:
+.RS
+.TP
+.B {PBKDF2}
+alias to {PBKDF2-SHA1}
+.TP
+.B {PBKDF2-SHA1}
+PBKDF2 using HMAC-SHA-1 as the underlying pseudorandom function
+.TP
+.B {PBKDF2-SHA256}
+PBKDF2 using HMAC-SHA-256 as the underlying pseudorandom function
+.TP
+.B {PBKDF2-SHA512}
+PBKDF2 using HMAC-SHA-512 as the underlying pseudorandom function
+.RE
+
+.SH CONFIGURATION
+The
+.B pw-pbkdf2
+module does not need any configuration.
+.LP
+After loading the module, the password schemes
+{PBKDF2}, {PBKDF2-SHA1}, {PBKDF2-SHA256}, and {PBKDF2-SHA512}
+will be recognised in values of the
+.I userPassword
+attribute.
+.LP
+You can then instruct OpenLDAP to use these schemes when processing
+the LDAPv3 Password Modify (RFC 3062) extended operations by using the
+.BR password-hash
+option in
+.BR slapd.conf (5).
+
+.SH NOTES
+If you want to use the schemes described here with
+.BR slappasswd (8),
+don't forget to load the module using its command line options.
+The relevant option/value is:
+.RS
+.LP
+.B \-o
+.BR module\-load = pw-pbkdf2
+.LP
+.RE
+Depending on
+.BR pw-pbkdf2 's
+location, you may also need:
+.RS
+.LP
+.B \-o
+.BR module\-path = \fIpathspec\fP
+.RE
+
+.SH EXAMPLES
+All of the userPassword LDAP attributes below encode the password
+.RI ' secret '.
+.EX
+.LP
+userPassword: {PBKDF2-SHA512}10000$/oQ4xZi382mk7kvCd3ZdkA$2wqjpuyV2l0U/a1QwoQPOtlQL.UcJGNACj1O24balruqQb/NgPW6OCvvrrJP8.SzA3/5iYvLnwWPzeX8IK/bEQ
+.LP
+userPassword: {PBKDF2-SHA256}10000$jq40ImWtmpTE.aYDYV1GfQ$mpiL4ui02ACmYOAnCjp/MI1gQk50xLbZ54RZneU0fCg
+.LP
+userPassword: {PBKDF2-SHA1}10000$QJTEclnXgh9Cz3ChCWpdAg$9.s98jwFJM.NXJK9ca/oJ5AyoAQ
+.EE
+.LP
+To make {PBKDF2-SHA512} the password hash used in Password Modify extended operations,
+simply set this line in slapd.conf(5):
+.EX
+.LP
+password-hash {PBKDF2-SHA512}
+.EX
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR slappasswd (8),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall based on the
+module's README file written by HAMANO Tsukasa <hamano@osstech.co.jp>
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
DEFS =
LIBS = $(LDAP_LIB)
PROGRAMS = pw-sha2.la
+MANPAGES = slapd-pw-sha2.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
--- /dev/null
+.TH SLAPD-PW-SHA2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-pw-sha2 \- SHA-2 password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-sha2
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-sha2
+module to
+.BR slapd (8)
+provides support for the use of SSHA-512, SSHA-384, SSHA-256, SHA-512,
+SHA-384 and SHA-256 from the SHA-2 family (FIPS 180-2) of hash functions
+in hashed passwords in OpenLDAP.
+.LP
+It does so by providing the following additional password schemes for use in slapd:
+.RS
+.TP
+.B {SSHA256}
+SHA-256 with salt, giving hash values of 256 bits length
+.TP
+.B {SHA256}
+plain SHA-256 giving hash values of 256 bits length
+.TP
+.B {SSHA384}
+SHA-384 with salt, giving hash values of 384 bits length
+.TP
+.B {SHA384}
+plain SHA-384 giving hash values of 384 bits length
+.TP
+.B {SSHA512}
+SHA-512 with salt, giving hash values of 512 bits length
+.TP
+.B {SHA512}
+plain SHA-512 giving hash values of 512 bits length
+.RE
+
+.SH CONFIGURATION
+The
+.B pw-sha2
+module does not need any configuration.
+.LP
+After loading the module, the password schemes
+{SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384}, and {SHA512}
+will be recognised in values of the
+.I userPassword
+attribute.
+.LP
+You can then instruct OpenLDAP to use these schemes when processing
+the LDAPv3 Password Modify (RFC 3062) extended operations by using the
+.BR password-hash
+option in
+.BR slapd.conf (5).
+
+.SH NOTES
+If you want to use the schemes described here with
+.BR slappasswd (8),
+don't forget to load the module using its command line options.
+The relevant option/value is:
+.RS
+.LP
+.B \-o
+.BR module\-load = pw-sha2
+.LP
+.RE
+Depending on
+.BR pw-sha2 's
+location, you may also need:
+.RS
+.LP
+.B \-o
+.BR module\-path = \fIpathspec\fP
+.RE
+
+.SH EXAMPLES
+All of the userPassword LDAP attributes below encode the password
+.RI ' secret '.
+.EX
+.LP
+userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
+.LP
+userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
+.LP
+userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+.EE
+.LP
+To make {SSHA512} the password hash used in Password Modify extended operations,
+simply set this line in slapd.conf(5):
+.EX
+.LP
+password-hash {SSHA512}
+.EX
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR slappasswd (8),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall based on the
+module's README file written by Jeff Turner.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
--- /dev/null
+.TH SLAPD-PW-RADIUS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-pw-radius \- Radius backend password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-radius
+.I /path/to/radius.conf
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-radius
+module to
+.BR slapd (8)
+provides support for using a RADIUS infrastructure as backend to
+verify the password provided in Simple Bind operations to OpenLDAP.
+.LP
+It does so by providing an additional password scheme for use in slapd:
+.RS
+.TP
+.B {RADIUS}
+RADIUS password scheme
+.RE
+.LP
+Unlike in other password schemes, the value following the scheme is not
+a - potentially hashed - password, but the name of the corresponding
+RADIUS user in the RADIUS infrastructure.
+.LP
+This value, together with the password used in the Simple Bind operation,
+will be sent to the RADIUS server for authentication.
+.LP
+If the RADIUS server successfully authenticates the user,
+then the password verification succeeds, resulting in the LDAP Bind
+operation's success.
+.LP
+Conversely, failed RADIUS authentications lead to failing LDAP Binds.
+
+.SH CONFIGURATION
+The
+.B pw-radius
+module needs no configuration beyond the additional
+.I filename
+argument to
+.BR slapd.conf (5)'s
+.B moduleload
+directive.
+This filename is expected to point to a valid
+.BR radius.conf (5).
+file adhering to
+.BR libradius (3).
+.LP
+After loading the module, the password scheme
+.B {RADIUS}
+will be recognised in values of the
+.I userPassword
+attribute.
+
+.SH NOTES
+Owing to its construction, using the
+.B {RADIUS}
+scheme as argument to the
+.BR password-hash
+option in
+.BR slapd.conf (5)
+does not make much sense, because of the scheme's construction.
+.LP
+This also applies to the ise of the
+.B {RADIUS}
+scheme in
+.B slappasswd
+or
+.BR ldappasswd .
+
+
+.SH EXAMPLES
+To indicate that Simple Bind operations shall use the RADIUS user
+.B johndoe
+when validating passwords against the RADIUS infrastrcuture,
+set a user's LDAP attribute userPassword to:
+.EX
+.LP
+userPassword: {RADIUS}johndoe
+.EE
+
+.SH LIMITATIONS
+Due to the way the configuration is loaded (additional argument
+to slapd.conf's moduleload directive), this module cannot be used
+with table-driven configuration.
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR libradius (3)
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
DEFS =
LIBS = $(LDAP_LIB)
PROGRAMS = pw-totp.la
+MANPAGES = slapo-totp.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
--- /dev/null
+.TH SLAPO-TOTP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo-totp \- TOTP password support overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+moduleload
+.B lastbind
+.LP
+moduleload
+.B totp
+.LP
+...
+.LP
+database ...
+.LP
+...
+.LP
+overlay
+.B lastbind
+.LP
+overlay
+.B totp
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B totp
+overlay to
+.BR slapd (8)
+provides support for RFC 6238 TOTP Time-based One
+Time Passwords in OpenLDAP using SHA-1, SHA-256, and SHA-512 hashes.
+.LP
+It does so by providing the following additional password schemes for use in slapd:
+.RS
+.TP
+.B {TOTP1}
+TOTP with SHA-1 as hash function.
+This algorithm is compatible with Google Authenticator.
+.TP
+.B {TOTP256}
+TOTP with SHA-256 as hash function
+.TP
+.B {TOTP512}
+TOTP with SHA-512 as hash function
+.RE
+
+.SH CONFIGURATION
+The
+.B totp
+overlay does not need any configuration beyond loading the module and
+defining it as an overlay where the users reside.
+.LP
+After that, the password schemes
+{TOTP1}, {TOTP256}, and {TOTP512}
+will be recognised in values of the
+.I userPassword
+attribute.
+.LP
+You can then instruct OpenLDAP to use these schemes when processing
+the LDAPv3 Password Modify (RFC 3062) extended operations by using the
+.BR password-hash
+option in
+.BR slapd.conf (5).
+
+.SH NOTES
+When using the
+.B lastbind
+overlay together with the
+.B totp
+overlay, the former one needs to be loaded first.
+.LP
+If you want to use the schemes described here with
+.BR slappasswd (8),
+don't forget to load the module using its command line options.
+The relevant option/value is:
+.RS
+.LP
+.B \-o
+.BR module\-load = totp
+.LP
+.RE
+Depending on
+.BR totp 's
+location, you may also need:
+.RS
+.LP
+.B \-o
+.BR module\-path = \fIpathspec\fP
+.RE
+
+
+.SH EXAMPLES
+For instance, one could have the LDAP attribute:
+.LP
+.EX
+userPassword: {TOTP1}GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ
+.EE
+.LP
+which encodes the key
+.RB ' 12345678901234567890 '.
+.LP
+To make {TOTP1} the password algorithm used in Password Modify extended operations,
+simply set this line in slapd.conf(5):
+.LP
+.EX
+password-hash {TOTP1}
+.EX
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR slappasswd (8),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall based on the
+module's README file written by Howard Chu.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
+
HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
# Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
PROGRAMS = smbk5pwd.la
+MANPAGES = slapo-smbk5pwd.5
LTVER = 0:0:0
prefix=/usr/local
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
clean:
rm -rf *.o *.lo *.la .libs
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
+install-man: $(MANPAGES)
+ mkdir -p $(DESTDIR)$(man5dir)
+ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
--- /dev/null
+.TH SLAPO-SMBK5PWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo-smbk5pwd \- Samba & Kerberos password sync overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+include
+.B "<path to>/krb5-kdc.schema"
+.LP
+include
+.B "<path to>/samba.schema"
+.LP
+moduleload
+.B smbk5pwd.so
+.LP
+ ...
+.LP
+database mdb
+.LP
+ ...
+.LP
+overlay
+.B smbk5pwd
+.RE
+
+.SH DESCRIPTION
+.LP
+The
+.B smbk5pwd
+overlay to
+.BR slapd (8)
+overloads the Password Modify Extended Operation (RFC 3062) to update
+Kerberos keys and Samba password hashes for an LDAP user, as well as
+updating password change related attributes for Kerberos, Samba and/or
+UNIX user accounts.
+.LP
+The Samba support is written using the Samba 3.0 LDAP schema;
+Kerberos support is written for Heimdal using its hdb-ldap backend.
+.LP
+Additionally, a new
+.B {K5KEY}
+password hash mechanism is provided.
+For
+.B krb5KDCEntry
+objects that have this scheme specifier in their
+.I userPassword
+attribute, Simple Binds will be checked against the Kerberos keys of the entry.
+No data is needed after the
+.B {K5KEY}
+scheme specifier in the
+.IR userPassword ,
+it is looked up from the entry directly.
+
+.SH CONFIGURATION
+The
+.B smbk5pwd
+overlay supports the following
+.B slapd.conf
+configuration options, which should appear after the
+.B overlay
+directive:
+.TP
+.BI smbk5pwd-enable " <module>"
+can be used to enable only the desired modules.
+Legal values for
+.I <module>
+are
+.LP
+.RS
+.TP
+.B krb5
+If the user has the
+.B krb5KDCEntry
+objectclass, update the
+.B krb5Key
+and
+.B krb5KeyVersionNumber
+attributes using the new password in the Password Modify operation,
+provided the Kerberos account is not expired.
+Exiration is determined by evaluating the
+.B krb5ValidEnd
+attribute.
+.TP
+.B samba
+If the user is a
+.B sambaSamAccount
+object, synchronize the
+.B sambaLMPassword
+and
+.B sambaNTPassword
+to the password entered in the Password Modify operation, and update
+.B sambaPwdLastSet
+accordingly.
+.TP
+.B shadow
+Update the attribute
+.BR shadowLastChange ,
+if the entry has the objectclass
+.BR shadowAccount .
+.LP
+By default all modules compiled in are enabled.
+Setting the config statement restricts the enabled modules to the ones
+explicitly mentioned.
+.RE
+.TP
+.BI smbk5pwd-can-change " <seconds>"
+If the
+.B samba
+module is enabled and the user is a
+.BR sambaSamAccount ,
+update the attribute
+.B sambaPwdCanChange
+to point
+.I <seconds>
+into the future, essentially denying any Samba password change until then.
+A value of
+.B 0
+disables this feature.
+.TP
+.BI smbk5pwd-must-change " <seconds>"
+If the
+.B samba
+module is enabled and the user is a
+.BR sambaSamAccount ,
+update the attribute
+.B sambaPwdMustChange
+to point
+.I <seconds>
+into the future, essentially setting the Samba password expiration time.
+A value of
+.B 0
+disables this feature.
+.LP
+Alternatively, the overlay supports table-driven configuration,
+and thus can be run-time loaded and configured via back-config.
+
+.SH EXAMPLE
+The layout of a slapd.d based, table-driven configuration entry looks like:
+.LP
+.EX
+ # {0}smbk5pwd, {1}bdb, config
+ dn: olcOverlay={0}smbk5pwd,olcDatabase={1}mdb,cn=config
+ objectClass: olcOverlayConfig
+ objectClass: olcSmbK5PwdConfig
+ olcOverlay: {0}smbk5pwd
+ olcSmbK5PwdEnable: krb5
+ olcSmbK5PwdEnable: samba
+ olcSmbK5PwdMustChange: 2592000
+.EE
+.LP
+which enables both
+.B krb5
+and
+.B samba
+modules with a Samba password expiration time of 30 days (=
+.B 2592000
+seconds).
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall based on the
+module's README file written by Howard Chu.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
+
projects / openldap / commitdiff