From owner-svn-src-all@freebsd.org  Wed Jan 13 01:49:37 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85A5CA6EF95;
 Wed, 13 Jan 2016 01:49:37 +0000 (UTC)
 (envelope-from araujo@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 47107187D;
 Wed, 13 Jan 2016 01:49:37 +0000 (UTC)
 (envelope-from araujo@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u0D1nawk053971;
 Wed, 13 Jan 2016 01:49:36 GMT (envelope-from araujo@FreeBSD.org)
Received: (from araujo@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u0D1nZmI053966;
 Wed, 13 Jan 2016 01:49:35 GMT (envelope-from araujo@FreeBSD.org)
Message-Id: <201601130149.u0D1nZmI053966@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: araujo set sender to
 araujo@FreeBSD.org using -f
From: Marcelo Araujo <araujo@FreeBSD.org>
Date: Wed, 13 Jan 2016 01:49:35 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r293801 - in head: . etc share/examples/ypldap
 usr.sbin/ypldap
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2016 01:49:37 -0000

Author: araujo
Date: Wed Jan 13 01:49:35 2016
New Revision: 293801
URL: https://svnweb.freebsd.org/changeset/base/293801

Log:
  ypldap(8) is a feature ready to be used to translate nis(8) database to ldap(3).
  
  This commit, fix a core dump on ypldap(8) related with memory allocation.
  Also an example of how to set the ypldap.conf(5) properly is added to
  examples files.
  
  A new user _ypldap is required to be able to run ypldap(8) as well as
  in a chroot mode.
  
  Reviewed by:	rodrigc (mentor), bjk
  Approved by:	bapt (mentor)
  Relnotes:	Yes
  Sponsored by:	gandi.net
  Differential Revision:	https://reviews.freebsd.org/D4744

Added:
  head/share/examples/ypldap/
  head/share/examples/ypldap/ypldap.conf   (contents, props changed)
Modified:
  head/UPDATING
  head/etc/master.passwd
  head/usr.sbin/ypldap/yp.c
  head/usr.sbin/ypldap/ypldap.conf.5

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Wed Jan 13 01:32:04 2016	(r293800)
+++ head/UPDATING	Wed Jan 13 01:49:35 2016	(r293801)
@@ -31,6 +31,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20160113:
+	With the addition of ypldap(8), a new _ypldap user is now required
+	during installworld. "mergemaster -p" can be used to add the user
+	prior to installworld, as documented in the handbook.
+
 20151216:
 	The tftp loader (pxeboot) now uses the option root-path directive. As a
 	consequence it no longer looks for a pxeboot.4th file on the tftp

Modified: head/etc/master.passwd
==============================================================================
--- head/etc/master.passwd	Wed Jan 13 01:32:04 2016	(r293800)
+++ head/etc/master.passwd	Wed Jan 13 01:49:35 2016	(r293801)
@@ -22,5 +22,6 @@ uucp:*:66:66::0:0:UUCP pseudo-user:/var/
 pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
 auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
 www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
+_ypldap:*:93:93::0:0:YP Ldap unprivileged user:/var/empty:/usr/sbin/nologin
 hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
 nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin

Added: head/share/examples/ypldap/ypldap.conf
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/examples/ypldap/ypldap.conf	Wed Jan 13 01:49:35 2016	(r293801)
@@ -0,0 +1,40 @@
+$FreeBSD$
+domain		"freebsd.org"
+interval	60
+provide map	"passwd.byname"
+provide map	"passwd.byuid"
+provide map	"group.byname"
+provide map	"group.bygid"
+provide map	"netid.byname"
+
+directory "127.0.0.1" {
+	# directory options
+	binddn "cn=ldap,dc=freebsd,dc=org"
+	bindcred "secret"
+	basedn "dc=freebsd.,dc=org"
+	# starting point for groups directory search, default to basedn
+	groupdn "ou=Groups,dc=freebsd,dc=org"
+
+	# passwd maps configuration (RFC 2307 posixAccount object class)
+	passwd filter "(objectClass=posixAccount)"
+
+	attribute name maps to "uid"
+	fixed attribute passwd "*"
+	attribute uid maps to "uidNumber"
+	attribute gid maps to "gidNumber"
+	attribute gecos maps to "cn"
+	attribute home maps to "homeDirectory"
+	attribute shell maps to "loginShell"
+	fixed attribute change "0"
+	fixed attribute expire "0"
+	fixed attribute class ""
+
+	# group maps configuration (RFC 2307 posixGroup object class)
+	group filter "(objectClass=posixGroup)"
+
+	attribute groupname maps to "cn"
+	fixed attribute grouppasswd "*"
+	attribute groupgid maps to "gidNumber"
+	# memberUid returns multiple group members
+	list groupmembers maps to "memberUid"
+}

Modified: head/usr.sbin/ypldap/yp.c
==============================================================================
--- head/usr.sbin/ypldap/yp.c	Wed Jan 13 01:32:04 2016	(r293800)
+++ head/usr.sbin/ypldap/yp.c	Wed Jan 13 01:49:35 2016	(r293801)
@@ -83,10 +83,10 @@ void
 yp_enable_events(void)
 {
 	int i;
-	extern fd_set	svc_fdset;
+	extern fd_set svc_fdset;
 	struct yp_event	*ye;
 
-	for (i = 0; i < getdtablesize(); i++) {
+	for (i = 0; i < FD_SETSIZE; i++) {
 		if (FD_ISSET(i, &svc_fdset)) {
 			if ((ye = calloc(1, sizeof(*ye))) == NULL)
 				fatal(NULL);

Modified: head/usr.sbin/ypldap/ypldap.conf.5
==============================================================================
--- head/usr.sbin/ypldap/ypldap.conf.5	Wed Jan 13 01:32:04 2016	(r293800)
+++ head/usr.sbin/ypldap/ypldap.conf.5	Wed Jan 13 01:49:35 2016	(r293801)
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: April 30 2012 $
+.Dd $Mdocdate: January 13 2016 $
 .Dt YPLDAP.CONF 5
 .Os
 .Sh NAME
@@ -155,6 +155,9 @@ Use the supplied LDAP filter to retrieve
 .It Pa /etc/ypldap.conf
 .Xr ypldap 8
 configuration file.
+.It Pa /usr/share/example/ypldap/ypldap.conf
+.Xr ypldap 8
+configuration file example.
 .El
 .Sh SEE ALSO
 .Xr ypbind 8 ,