Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4DFF91785A for ; Sat, 9 Jan 2016 16:13:00 +0000 (UTC) Received: (qmail 44999 invoked by uid 500); 9 Jan 2016 16:12:59 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 44951 invoked by uid 500); 9 Jan 2016 16:12:59 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 44941 invoked by uid 99); 9 Jan 2016 16:12:59 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Jan 2016 16:12:59 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 922FAE0007; Sat, 9 Jan 2016 16:12:59 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: smckinney@apache.org To: commits@directory.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: directory-fortress-core git commit: more cleanup Date: Sat, 9 Jan 2016 16:12:59 +0000 (UTC) Repository: directory-fortress-core Updated Branches: refs/heads/master 4f25be755 -> b8a4b0441 more cleanup Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/b8a4b044 Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/b8a4b044 Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/b8a4b044 Branch: refs/heads/master Commit: b8a4b044193195ac02ed77b7850e7615e914d9b2 Parents: 4f25be7 Author: Shawn McKinney Authored: Sat Jan 9 10:12:54 2016 -0600 Committer: Shawn McKinney Committed: Sat Jan 9 10:12:54 2016 -0600 ---------------------------------------------------------------------- README.md | 30 +++++++++++++++++------------- ldap/schema/fortress.schema | 5 ++--- ldap/schema/rbac.schema | 3 ++- 3 files changed, 21 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/b8a4b044/README.md ---------------------------------------------------------------------- diff --git a/README.md b/README.md index 289fbfa..e69c92f 100755 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ # README for Apache Fortress Core * Version 1.0-RC41 - * last updated: January 8, 2016 + * last updated: January 9, 2016 * Apache Fortress Core System Architecture Diagram ![Apache Fortress Core System Architecture](images/fortress-core-system-arch.png "Apache Fortress Core System Architecture") @@ -149,7 +149,7 @@ ________________________________________________________________________________ ``` -4. View the generated document here: [overview-summary.html](./target/site/apidocs/overview-summary.html). +4. View the generated document here: [./target/site/apidocs/overview-summary.html](./target/site/apidocs/overview-summary.html). Build Notes: * The Apache Fortress [pom.xml](./pom.xml) may run without connection to Internet iff its dependencies are already present in local or intermediate maven repo. @@ -180,14 +180,14 @@ ________________________________________________________________________________ vi OPENLDAP_HOME/etc/openldap/slapd.conf ``` -3. Enable Fortress schema. +4. Enable Fortress schema. Add to the top of the file: ``` include OPENLDAP_HOME/etc/openldap/schema/fortress.schema ``` -4. For password policy support, enable pwpolicy overlay. +5. For password policy support, enable pwpolicy overlay. Add right before the ACL definitions: @@ -195,13 +195,13 @@ ________________________________________________________________________________ moduleload ppolicy.la ``` -5. For Fortress audit support, enable slapo accesslog overlay. +6. For Fortress audit support, enable slapo accesslog overlay. ``` moduleload accesslog.la ``` -6. Enable Fortress default DB. +7. Enable Fortress default DB. ``` # Default DB Settings @@ -223,7 +223,7 @@ ________________________________________________________________________________ checkpoint 64 5 ``` -7. Enable Fortress slapo access log DB. +8. Enable Fortress slapo access log DB. ``` # History DB Settings (optional) @@ -241,7 +241,7 @@ ________________________________________________________________________________ checkpoint 64 5 ``` -8. Set the slapo access log usage policy on DB. +9. Set the slapo access log usage policy on DB. ``` # Audit Log Settings (optional) @@ -251,7 +251,7 @@ ________________________________________________________________________________ logpurge 5+00:00 1+00:00 ``` -9. Enable slapo pwpolicy overlay. +10. Enable slapo pwpolicy overlay. ``` ####################################################################### @@ -264,7 +264,7 @@ ________________________________________________________________________________ ppolicy_hash_cleartext ``` -10. Add to OpenLDAP ACL's. +11. Add to OpenLDAP ACL's. ``` ### ACLs @@ -282,7 +282,7 @@ ________________________________________________________________________________ by * auth ``` -11. A few more for good measure. +12. A few more for good measure. ``` # Never allow anonymous binds: @@ -302,14 +302,18 @@ ________________________________________________________________________________ ``` -11. Create the dirs needed by the new slapd databases: +13. Create the dirs needed by the new slapd databases: ``` mkdir /var/openldap/dflt mkdir /var/openldap/hist ``` -12. Restart the slapd daemon. Ensure there are no errors. +14. Restart the slapd daemon. Ensure there are no errors. + +Config Notes: + * Have a look at sample slapd.conf file: [./ldap/slapd.conf.src](./ldap/slapd.conf.src). + ___________________________________________________________________________________ ## SECTION 8. Instructions for using Apache Fortress with OpenLDAP http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/b8a4b044/ldap/schema/fortress.schema ---------------------------------------------------------------------- diff --git a/ldap/schema/fortress.schema b/ldap/schema/fortress.schema index c67f82e..d739ad1 100644 --- a/ldap/schema/fortress.schema +++ b/ldap/schema/fortress.schema @@ -19,9 +19,8 @@ # under the License. # # -# Fortress slapd.conf default settings. -# Note: Directives that begin with '@' are substitution parms for Fortress' build.xml 'init-slapd' target. -### Fortress Schema version 1.0.0.RC37 +### Fortress Schema version 1.0.RC41 +### This schema is required for all Apache Fortress Core deployments ### IANA PRIVATE ENTERPRISE NUMBER: 38088 ### 1. Fortress Attributes: 1.3.6.1.4.1.38088.1.* ### 2. Fortress Object Classes: 1.3.6.1.4.1.38088.2.* http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/b8a4b044/ldap/schema/rbac.schema ---------------------------------------------------------------------- diff --git a/ldap/schema/rbac.schema b/ldap/schema/rbac.schema index 213f792..f77179d 100644 --- a/ldap/schema/rbac.schema +++ b/ldap/schema/rbac.schema @@ -19,7 +19,8 @@ # ###################################################################### ### RBAC Accelerator Schema version 1.0.0.RC34 -### This schema is used by RBAC accelerator overlay in OpenLDAP +### This schema is required for OoenLDAP slapo-rbac (accelerator) overlay +### Not required for fortress-core (only) deployments. ###################################################################### objectIdentifier RBAC OpenLDAProot:1000