ldap: Pull nss-pam-ldapd into the openbmc image
Bringing the LDAP authentication module support in openbmc stack
requires to pull the nss-pam-ldapd which allows the LDAP
server to provide the user, passwd, group info that we normally get
from the /etc flat files.
nss-pam-ldapd provides libnss-ldap and pam_ldap module which
delegate the work to the nslcd(daemon) that queries the LDAP server.
pam_ldap uses the openldap client API to interact with the LDAP server.
nss-pam-ldapd files are pulled from
http://git.yoctoproject.org/cgit/cgit.cgi/meta-cloud-services/
tree/recipes-support/nss-pam-ldapd
meta-cloud-services sha: 38cc19fb3a813673051de314aafabda0545d8466
Tested: Adding the "ldap" distro feature brings the nss-pam-ldapd
and its dependencies into the image and removing the "ldap" from the
distro feature doesn't bring the nss-pam-ldapd and its dependencies.
(From meta-phosphor rev: 4835bb3901a4bff777a97d4f363e3a731b87f21c)
Change-Id: Ifa5da20e7ac47b0c9d9af305ae621252e6d765f3
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
index 050a7b4..28b903d 100644
--- a/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
+++ b/meta-phosphor/recipes-phosphor/packagegroups/packagegroup-obmc-apps.bb
@@ -131,4 +131,5 @@
SUMMARY_${PN}-user-mgmt = "User management applications"
RDEPENDS_${PN}-user-mgmt = " \
${VIRTUAL-RUNTIME_obmc-user-mgmt} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'ldap', 'nss-pam-ldapd', '', d)} \
"
diff --git a/meta-phosphor/recipes-support/nss-pam-ldapd/files/nslcd.init b/meta-phosphor/recipes-support/nss-pam-ldapd/files/nslcd.init
new file mode 100644
index 0000000..a27b6e0
--- /dev/null
+++ b/meta-phosphor/recipes-support/nss-pam-ldapd/files/nslcd.init
@@ -0,0 +1,84 @@
+#!/bin/sh
+
+set -x
+
+NAME="nslcd"
+CONFIG="/etc/nslcd.conf"
+DAEMON="/usr/sbin/nslcd"
+DESC="LDAP connection daemon"
+STATEDIR="/var/run/$NAME"
+PIDFILE="$STATEDIR/$NAME.pid"
+
+start()
+{
+ if [ -e $PIDFILE ]; then
+ PIDDIR=/proc/$(cat $PIDFILE)
+ if [ -d ${PIDDIR} ]; then
+ echo "$DESC already running."
+ exit 1
+ else
+ echo "Removing stale PID file $PIDFILE"
+ rm -f $PIDFILE
+ fi
+ fi
+
+ echo -n "Starting $DESC..."
+
+ start-stop-daemon --start --oknodo \
+ --pidfile $PIDFILE --startas $DAEMON
+
+ if [ $? -eq 0 ]; then
+ echo "done."
+ else
+ echo "failed."
+ fi
+}
+
+stop()
+{
+ echo -n "Stopping $DESC..."
+ start-stop-daemon --stop --quiet --pidfile $PIDFILE \
+ --name $NAME
+ if [ $? -eq 0 ]; then
+ echo "done."
+ else
+ echo "failed."
+ fi
+ rm -f $PIDFILE
+}
+
+status()
+{
+ if [ -f $PIDFILE ]; then
+ if $DAEMON --check
+ then
+ echo "$DESC is running (pid `cat $PIDFILE`"
+ else
+ echo "$DESC stopped"
+ fi
+ else
+ echo "$DESC stopped"
+ fi
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart|force-reload|reload)
+ stop
+ start
+ ;;
+ status)
+ status
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|force-reload|restart|reload|status}"
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/meta-phosphor/recipes-support/nss-pam-ldapd/files/nslcd.service b/meta-phosphor/recipes-support/nss-pam-ldapd/files/nslcd.service
new file mode 100644
index 0000000..bc67242
--- /dev/null
+++ b/meta-phosphor/recipes-support/nss-pam-ldapd/files/nslcd.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=LDAP daemon
+After=syslog.target network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/nslcd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-phosphor/recipes-support/nss-pam-ldapd/nss-pam-ldapd_0.9.8.bb b/meta-phosphor/recipes-support/nss-pam-ldapd/nss-pam-ldapd_0.9.8.bb
new file mode 100644
index 0000000..5fcfeea
--- /dev/null
+++ b/meta-phosphor/recipes-support/nss-pam-ldapd/nss-pam-ldapd_0.9.8.bb
@@ -0,0 +1,61 @@
+SUMMARY = "NSS and PAM module for using LDAP as a naming service"
+DESCRIPTION = "\
+ daemon for NSS and PAM lookups using LDAP \
+ This package provides a daemon for retrieving user accounts and similar \
+ system information from LDAP. It is used by the libnss-ldapd and \
+ libpam-ldapd packages but is not very useful by itself. \
+ "
+
+HOMEPAGE = "http://arthurdejong.org/nss-pam-ldapd/"
+
+LICENSE = "LGPLv2.1"
+LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
+SECTION = "base"
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI = "\
+ http://arthurdejong.org/nss-pam-ldapd/${BPN}-${PV}.tar.gz \
+ file://nslcd.init \
+ file://nslcd.service \
+ "
+
+inherit autotools
+
+SRC_URI[md5sum] = "8c99fdc54f4bf9aca8c5f53fdb1403ff"
+SRC_URI[sha256sum] = "ef7362e7f2003da8c7beb7bcc03c30494acf712625aaac8badc6e7eb16f3453f"
+
+DEPENDS += "libpam openldap krb5"
+
+RDEPENDS_${PN} += "nscd"
+
+EXTRA_OECONF = "\
+ --disable-pynslcd \
+ --libdir=${base_libdir} \
+ --with-pam-seclib-dir=${base_libdir}/security \
+ "
+
+CONFFILES_${PN} += "${sysconfdir}/nslcd.conf"
+
+FILES_${PN} += "${base_libdir}/security ${datadir}"
+FILES_${PN}-dbg += "${base_libdir}/security/.debug"
+
+LDAP_DN ?= "dc=my-domain,dc=com"
+
+do_install_append() {
+ install -D -m 0755 ${WORKDIR}/nslcd.init ${D}${sysconfdir}/init.d/nslcd
+
+ sed -i -e 's/^uid nslcd/# uid nslcd/;' ${D}${sysconfdir}/nslcd.conf
+ sed -i -e 's/^gid nslcd/# gid nslcd/;' ${D}${sysconfdir}/nslcd.conf
+ sed -i -e 's/^base dc=example,dc=com/base ${LDAP_DN}/;' ${D}${sysconfdir}/nslcd.conf
+
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/nslcd.service ${D}${systemd_unitdir}/system
+}
+
+inherit update-rc.d systemd
+
+INITSCRIPT_NAME = "nslcd"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_SERVICE_${PN} = "nslcd.service"