ITS#8205 - contrib/smbk5pwd: add man page, install it too

Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
install the new manual page.

ITS#8205 - contrib/lastbind: install man page

Update lastbind's Makefile to install the manual page too.

ITS#8205 - contrib/passwd/sha2: add man page, install it too

Add a manual page slapd-pw-sha2.5 and update passwd/sha2's Makefile to
install the new manual page.

ITS#8205 - contrib/adremap: install man page

Update adremap's Makefile to install the manual page too.

ITS#8205 - contrib/allop: install man page

Update allop's Makefile to install the manual page too.

ITS#8205 - contrib/cloak: install man page

Update cloak's Makefile to install the manual page too.

ITS#8205 - contrib/lastmod: install man page

Update lastmod's Makefile to install the manual page too.

ITS#8205 - contrib/nops: install man page

Update nops's Makefile to install the manual page too.

ITS#8205 - contrib/nssov: install man page

Update nssov's Makefile to install the manual page too.

ITS#8205 - contrib/passwd: add man page slapd-pw-sha2.5, install it too

Add a manual page slapd-pw-radius.5 and update passwd's Makefile to
install the new manual page.

ITS#8205 - contrib/passwd/totp: add man page, install it too

Add a manual page slapo-totp.5 and update passwd/totp's Makefile to
install the new manual page.

ITS#8205 - contrib/passwd/pbkdf2: add man page, install it too

Add a manual page slapd-pw-pbkdf2.5 and update passwd/pbkdf2's Makefile to
install the new manual page.

contrib/slapd-modules/adremap/Makefile

@@ -17,6 +17,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 DEFS = -DSLAPD_OVER_ADREMAP=SLAPD_MOD_DYNAMIC
@@ -24,6 +25,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB)
 
 PROGRAMS = adremap.la
+MANPAGES = slapo-adremap.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -33,6 +35,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -48,9 +52,17 @@ adremap.la: adremap.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/allop/Makefile

@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 DEFS = 
@@ -14,6 +15,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB)
 
 PROGRAMS = allop.la
+MANPAGES = slapo-allop.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -23,6 +25,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -38,9 +42,17 @@ allop.la: allop.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/cloak/Makefile

@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 DEFS = -DSLAPD_OVER_CLOAK=SLAPD_MOD_DYNAMIC
@@ -14,6 +15,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB)
 
 PROGRAMS = cloak.la
+MANPAGES = slapo-cloak.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -23,6 +25,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -38,9 +42,17 @@ cloak.la: cloak.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/lastbind/Makefile

@@ -17,6 +17,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 DEFS = -DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC
@@ -24,6 +25,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB)
 
 PROGRAMS = lastbind.la
+MANPAGES = slapo-lastbind.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -33,6 +35,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -48,9 +52,17 @@ lastbind.la: lastbind.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/lastmod/Makefile

@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 DEFS = -DSLAPD_OVER_LASTMOD=SLAPD_MOD_DYNAMIC
@@ -14,6 +15,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB)
 
 PROGRAMS = lastmod.la
+MANPAGES = slapo-lastmod.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -23,6 +25,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -38,10 +42,17 @@ lastmod.la: lastmod.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
 

contrib/slapd-modules/nops/Makefile

@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 DEFS = -DSLAPD_OVER_NOPS=SLAPD_MOD_DYNAMIC
@@ -14,6 +15,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB)
 
 PROGRAMS = nops.la
+MANPAGES = slapo-nops.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -23,6 +25,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -38,9 +42,17 @@ nops.la: nops.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/nssov/Makefile

@@ -26,6 +26,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 NLDAPD_INC=-Inss-pam-ldapd
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 OPT = -g -O2 -Wall
 CC = gcc
 DEFS =
@@ -41,6 +42,8 @@ libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
 sysconfdir = $(prefix)/etc$(ldap_subdir)
 schemadir = $(sysconfdir)/schema
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 all:	nssov.la
 
@@ -49,6 +52,8 @@ XOBJS = tio.lo
 OBJS = alias.lo ether.lo group.lo host.lo netgroup.lo network.lo \
 	nssov.lo passwd.lo protocol.lo rpc.lo service.lo shadow.lo pam.lo
 
+MANPAGES = slapo-nssov.5
+
 .SUFFIXES: .c .o .lo
 
 .c.lo:
@@ -63,11 +68,19 @@ nssov.la:	$(OBJS) $(XOBJS)
 	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
 	-rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS)
 
-install: nssov.la
+install: install-lib install-man FORCE
+
+install-lib: nssov.la
 	mkdir -p $(DESTDIR)$(moduledir)
 	$(LIBTOOL) --mode=install cp nssov.la $(DESTDIR)$(moduledir)
 	cp ldapns.schema $(DESTDIR)$(schemadir)
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
 clean:
 	rm -f *.*o *.la .libs/*
 	rm -rf .libs

contrib/slapd-modules/passwd/Makefile

@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 DEFS = 
@@ -14,6 +15,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB)
 
 PROGRAMS = pw-kerberos.la pw-netscape.la pw-radius.la pw-apr1.la
+MANPAGES = slapd-pw-radius.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -23,6 +25,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -50,9 +54,17 @@ pw-apr1.la:	apr1.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/passwd/pbkdf2/Makefile

@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 #DEFS = -DSLAPD_PBKDF2_DEBUG
@@ -15,6 +16,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB) -lcrypto
 
 PROGRAMS = pw-pbkdf2.la
+MANPAGES = slapd-pw-pbkdf2.5
 LTVER = 0:0:0
 
 #prefix=/usr/local
@@ -26,6 +28,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -41,8 +45,17 @@ pw-pbkdf2.la: pw-pbkdf2.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install:	$(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/passwd/pbkdf2/slapd-pw-pbkdf2.5

@@ -0,0 +1,112 @@
+.TH SLAPD-PW-PBKDF2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-pw-pbkdf2 \- SHA-2 password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-pbkdf2
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-pbkdf2
+module to
+.BR slapd (8)
+provides support for the use of the key stretching function
+PBKDF2 (Password-Based Key Derivation Function 2) following RFC 2898
+in hashed passwords in OpenLDAP.
+.LP
+It does so by providing the following additional password schemes for use in slapd:
+.RS
+.TP
+.B {PBKDF2}
+alias to {PBKDF2-SHA1}
+.TP
+.B {PBKDF2-SHA1}
+PBKDF2 using HMAC-SHA-1 as the underlying pseudorandom function
+.TP
+.B {PBKDF2-SHA256}
+PBKDF2 using HMAC-SHA-256 as the underlying pseudorandom function
+.TP
+.B {PBKDF2-SHA512}
+PBKDF2 using HMAC-SHA-512 as the underlying pseudorandom function
+.RE
+
+.SH CONFIGURATION
+The
+.B pw-pbkdf2
+module does not need any configuration.
+.LP
+After loading the module, the password schemes
+{PBKDF2}, {PBKDF2-SHA1}, {PBKDF2-SHA256}, and {PBKDF2-SHA512}
+will be recognised in values of the
+.I userPassword
+attribute.
+.LP
+You can then instruct OpenLDAP to use these schemes when processing
+the LDAPv3 Password Modify (RFC 3062) extended operations by using the
+.BR password-hash
+option in
+.BR slapd.conf (5).
+
+.SH NOTES
+If you want to use the schemes described here with
+.BR slappasswd (8),
+don't forget to load the module using its command line options.
+The relevant option/value is:
+.RS
+.LP
+.B \-o
+.BR module\-load = pw-pbkdf2
+.LP
+.RE
+Depending on
+.BR pw-pbkdf2 's
+location, you may also need:
+.RS
+.LP
+.B \-o
+.BR module\-path = \fIpathspec\fP
+.RE
+
+.SH EXAMPLES
+All of the userPassword LDAP attributes below encode the password
+.RI ' secret '.
+.EX
+.LP
+userPassword: {PBKDF2-SHA512}10000$/oQ4xZi382mk7kvCd3ZdkA$2wqjpuyV2l0U/a1QwoQPOtlQL.UcJGNACj1O24balruqQb/NgPW6OCvvrrJP8.SzA3/5iYvLnwWPzeX8IK/bEQ
+.LP
+userPassword: {PBKDF2-SHA256}10000$jq40ImWtmpTE.aYDYV1GfQ$mpiL4ui02ACmYOAnCjp/MI1gQk50xLbZ54RZneU0fCg
+.LP
+userPassword: {PBKDF2-SHA1}10000$QJTEclnXgh9Cz3ChCWpdAg$9.s98jwFJM.NXJK9ca/oJ5AyoAQ
+.EE
+.LP
+To make {PBKDF2-SHA512} the password hash used in Password Modify extended operations,
+simply set this line in slapd.conf(5):
+.EX
+.LP
+password-hash   {PBKDF2-SHA512}
+.EX
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR slappasswd (8),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall based on the
+module's README file written by HAMANO Tsukasa <hamano@osstech.co.jp>
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.

contrib/slapd-modules/passwd/sha2/Makefile

@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 DEFS = 
@@ -15,6 +16,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB)
 
 PROGRAMS = pw-sha2.la
+MANPAGES = slapd-pw-sha2.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -24,6 +26,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -39,9 +43,17 @@ pw-sha2.la:	slapd-sha2.lo sha2.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install:	$(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/passwd/sha2/slapd-pw-sha2.5

@@ -0,0 +1,118 @@
+.TH SLAPD-PW-SHA2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-pw-sha2 \- SHA-2 password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-sha2
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-sha2
+module to
+.BR slapd (8)
+provides support for the use of SSHA-512, SSHA-384, SSHA-256, SHA-512,
+SHA-384 and SHA-256 from the SHA-2 family (FIPS 180-2) of hash functions
+in hashed passwords in OpenLDAP.
+.LP
+It does so by providing the following additional password schemes for use in slapd:
+.RS
+.TP
+.B {SSHA256}
+SHA-256 with salt, giving hash values of 256 bits length
+.TP
+.B {SHA256}
+plain SHA-256 giving hash values of 256 bits length
+.TP
+.B {SSHA384}
+SHA-384 with salt, giving hash values of 384 bits length
+.TP
+.B {SHA384}
+plain SHA-384 giving hash values of 384 bits length
+.TP
+.B {SSHA512}
+SHA-512 with salt, giving hash values of 512 bits length
+.TP
+.B {SHA512}
+plain SHA-512 giving hash values of 512 bits length
+.RE
+
+.SH CONFIGURATION
+The
+.B pw-sha2
+module does not need any configuration.
+.LP
+After loading the module, the password schemes
+{SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384}, and {SHA512}
+will be recognised in values of the
+.I userPassword
+attribute.
+.LP
+You can then instruct OpenLDAP to use these schemes when processing
+the LDAPv3 Password Modify (RFC 3062) extended operations by using the
+.BR password-hash
+option in
+.BR slapd.conf (5).
+
+.SH NOTES
+If you want to use the schemes described here with
+.BR slappasswd (8),
+don't forget to load the module using its command line options.
+The relevant option/value is:
+.RS
+.LP
+.B \-o
+.BR module\-load = pw-sha2
+.LP
+.RE
+Depending on
+.BR pw-sha2 's
+location, you may also need:
+.RS
+.LP
+.B \-o
+.BR module\-path = \fIpathspec\fP
+.RE
+
+.SH EXAMPLES
+All of the userPassword LDAP attributes below encode the password
+.RI ' secret '.
+.EX
+.LP
+userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
+.LP
+userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
+.LP
+userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+.EE
+.LP
+To make {SSHA512} the password hash used in Password Modify extended operations,
+simply set this line in slapd.conf(5):
+.EX
+.LP
+password-hash   {SSHA512}
+.EX
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR slappasswd (8),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall based on the
+module's README file written by Jeff Turner.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.

contrib/slapd-modules/passwd/slapd-pw-radius.5

@@ -0,0 +1,110 @@
+.TH SLAPD-PW-RADIUS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-pw-radius \- Radius backend password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-radius
+.I /path/to/radius.conf
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-radius
+module to
+.BR slapd (8)
+provides support for using a RADIUS infrastructure as backend to
+verify the password provided in Simple Bind operations to OpenLDAP.
+.LP
+It does so by providing an additional password scheme for use in slapd:
+.RS
+.TP
+.B {RADIUS}
+RADIUS password scheme
+.RE
+.LP
+Unlike in other password schemes, the value following the scheme is not
+a - potentially hashed - password, but the name of the corresponding
+RADIUS user in the RADIUS infrastructure.
+.LP
+This value, together with the password used in the Simple Bind operation,
+will be sent to the RADIUS server for authentication.
+.LP
+If the RADIUS server successfully authenticates the user,
+then the password verification succeeds, resulting in the LDAP Bind
+operation's success.
+.LP
+Conversely, failed RADIUS authentications lead to failing LDAP Binds.
+
+.SH CONFIGURATION
+The
+.B pw-radius
+module needs no configuration beyond the additional
+.I filename
+argument to
+.BR slapd.conf (5)'s
+.B moduleload
+directive.
+This filename is expected to point to a valid
+.BR radius.conf (5).
+file adhering to
+.BR libradius (3).
+.LP
+After loading the module, the password scheme
+.B {RADIUS}
+will be recognised in values of the
+.I userPassword
+attribute.
+
+.SH NOTES
+Owing to its construction, using the
+.B {RADIUS}
+scheme as argument to the
+.BR password-hash
+option in
+.BR slapd.conf (5)
+does not make much sense, because of the scheme's construction.
+.LP
+This also applies to the ise of the
+.B {RADIUS}
+scheme in
+.B slappasswd
+or
+.BR ldappasswd .
+
+
+.SH EXAMPLES
+To indicate that Simple Bind operations shall use the RADIUS user
+.B johndoe
+when validating passwords against the RADIUS infrastrcuture,
+set a user's LDAP attribute userPassword to:
+.EX
+.LP
+userPassword: {RADIUS}johndoe
+.EE
+
+.SH LIMITATIONS
+Due to the way the configuration is loaded (additional argument
+to slapd.conf's moduleload directive), this module cannot be used
+with table-driven configuration.
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR libradius (3)
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.

contrib/slapd-modules/passwd/totp/Makefile

@@ -7,6 +7,7 @@ LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
 	$(LDAP_BUILD)/libraries/liblber/liblber.la
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 DEFS = 
@@ -14,6 +15,7 @@ INCS = $(LDAP_INC)
 LIBS = $(LDAP_LIB)
 
 PROGRAMS = pw-totp.la
+MANPAGES = slapo-totp.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -23,6 +25,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -38,9 +42,17 @@ pw-totp.la:	slapd-totp.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install:	$(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/passwd/totp/slapo-totp.5

@@ -0,0 +1,131 @@
+.TH SLAPO-TOTP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo-totp \- TOTP password support overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+moduleload
+.B lastbind
+.LP
+moduleload
+.B totp
+.LP
+...
+.LP
+database ...
+.LP
+...
+.LP
+overlay
+.B lastbind
+.LP
+overlay
+.B totp
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B totp
+overlay to
+.BR slapd (8)
+provides support for RFC 6238 TOTP Time-based One
+Time Passwords in OpenLDAP using SHA-1, SHA-256, and SHA-512 hashes.
+.LP
+It does so by providing the following additional password schemes for use in slapd:
+.RS
+.TP
+.B {TOTP1}
+TOTP with SHA-1 as hash function.
+This algorithm is compatible with Google Authenticator.
+.TP
+.B {TOTP256}
+TOTP with SHA-256 as hash function
+.TP
+.B {TOTP512}
+TOTP with SHA-512 as hash function
+.RE
+
+.SH CONFIGURATION
+The
+.B totp
+overlay does not need any configuration beyond loading the module and
+defining it as an overlay where the users reside.
+.LP
+After that, the password schemes
+{TOTP1}, {TOTP256}, and {TOTP512}
+will be recognised in values of the
+.I userPassword
+attribute.
+.LP
+You can then instruct OpenLDAP to use these schemes when processing
+the LDAPv3 Password Modify (RFC 3062) extended operations by using the
+.BR password-hash
+option in
+.BR slapd.conf (5).
+
+.SH NOTES
+When using the
+.B lastbind
+overlay together with the
+.B totp
+overlay, the former one needs to be loaded first.
+.LP
+If you want to use the schemes described here with
+.BR slappasswd (8),
+don't forget to load the module using its command line options.
+The relevant option/value is:
+.RS
+.LP
+.B \-o
+.BR module\-load = totp
+.LP
+.RE
+Depending on
+.BR totp 's
+location, you may also need:
+.RS
+.LP
+.B \-o
+.BR module\-path = \fIpathspec\fP
+.RE
+
+
+.SH EXAMPLES
+For instance, one could have the LDAP attribute:
+.LP
+.EX
+userPassword: {TOTP1}GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ
+.EE
+.LP
+which encodes the key
+.RB ' 12345678901234567890 '.
+.LP
+To make {TOTP1} the password algorithm used in Password Modify extended operations,
+simply set this line in slapd.conf(5):
+.LP
+.EX
+password-hash   {TOTP1}
+.EX
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR slappasswd (8),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall based on the
+module's README file written by Howard Chu.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
+

contrib/slapd-modules/smbk5pwd/Makefile

@@ -25,6 +25,7 @@ HEIMDAL_INC = -I/usr/heimdal/include
 HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
 
 LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
 CC = gcc
 OPT = -g -O2 -Wall
 # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
@@ -33,6 +34,7 @@ INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
 LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
 
 PROGRAMS = smbk5pwd.la
+MANPAGES = slapo-smbk5pwd.5
 LTVER = 0:0:0
 
 prefix=/usr/local
@@ -42,6 +44,8 @@ ldap_subdir=/openldap
 libdir=$(exec_prefix)/lib
 libexecdir=$(exec_prefix)/libexec
 moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
 
 .SUFFIXES: .c .o .lo
 
@@ -57,9 +61,17 @@ smbk5pwd.la:	smbk5pwd.lo
 clean:
 	rm -rf *.o *.lo *.la .libs
 
-install: $(PROGRAMS)
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
 	mkdir -p $(DESTDIR)$(moduledir)
 	for p in $(PROGRAMS) ; do \
 		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
 	done
 
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+

contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5

@@ -0,0 +1,179 @@
+.TH SLAPO-SMBK5PWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo-smbk5pwd \- Samba & Kerberos password sync overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+include
+.B "<path to>/krb5-kdc.schema"
+.LP
+include
+.B "<path to>/samba.schema"
+.LP
+moduleload
+.B smbk5pwd.so
+.LP
+ ...
+.LP
+database mdb
+.LP
+ ...
+.LP
+overlay
+.B smbk5pwd
+.RE
+
+.SH DESCRIPTION
+.LP
+The
+.B smbk5pwd
+overlay to
+.BR slapd (8)
+overloads the Password Modify Extended Operation (RFC 3062) to update
+Kerberos keys and Samba password hashes for an LDAP user, as well as
+updating password change related attributes for Kerberos, Samba and/or
+UNIX user accounts.
+.LP
+The Samba support is written using the Samba 3.0 LDAP schema;
+Kerberos support is written for Heimdal using its hdb-ldap backend.
+.LP
+Additionally, a new
+.B {K5KEY}
+password hash mechanism is provided.
+For
+.B krb5KDCEntry
+objects that have this scheme specifier in their
+.I userPassword
+attribute, Simple Binds will be checked against the Kerberos keys of the entry.
+No data is needed after the
+.B {K5KEY}
+scheme specifier in the
+.IR userPassword ,
+it is looked up from the entry directly.
+
+.SH CONFIGURATION
+The
+.B smbk5pwd
+overlay supports the following
+.B slapd.conf
+configuration options, which should appear after the
+.B overlay
+directive:
+.TP
+.BI smbk5pwd-enable " <module>"
+can be used to enable only the desired modules.
+Legal values for
+.I <module>
+are
+.LP
+.RS
+.TP
+.B krb5
+If the user has the
+.B krb5KDCEntry
+objectclass, update the
+.B krb5Key
+and
+.B krb5KeyVersionNumber
+attributes using the new password in the Password Modify operation,
+provided the Kerberos account is not expired.
+Exiration is determined by evaluating the
+.B krb5ValidEnd
+attribute.
+.TP
+.B samba
+If the user is a
+.B sambaSamAccount
+object, synchronize the
+.B sambaLMPassword
+and
+.B sambaNTPassword
+to the password entered in the Password Modify operation, and update
+.B sambaPwdLastSet
+accordingly.
+.TP
+.B shadow
+Update the attribute
+.BR shadowLastChange ,
+if the entry has the objectclass
+.BR shadowAccount .
+.LP
+By default all modules compiled in are enabled.
+Setting the config statement restricts the enabled modules to the ones
+explicitly mentioned.
+.RE
+.TP
+.BI smbk5pwd-can-change " <seconds>"
+If the
+.B samba
+module is enabled and the user is a
+.BR sambaSamAccount ,
+update the attribute
+.B sambaPwdCanChange
+to point
+.I <seconds>
+into the future, essentially denying any Samba password change until then.
+A value of
+.B 0
+disables this feature.
+.TP
+.BI smbk5pwd-must-change " <seconds>"
+If the
+.B samba
+module is enabled and the user is a
+.BR sambaSamAccount ,
+update the attribute
+.B sambaPwdMustChange
+to point
+.I <seconds>
+into the future, essentially setting the Samba password expiration time.
+A value of
+.B 0
+disables this feature.
+.LP
+Alternatively, the overlay supports table-driven configuration,
+and thus can be run-time loaded and configured via back-config.
+
+.SH EXAMPLE
+The layout of a slapd.d based, table-driven configuration entry looks like:
+.LP
+.EX
+        # {0}smbk5pwd, {1}bdb, config
+        dn: olcOverlay={0}smbk5pwd,olcDatabase={1}mdb,cn=config
+        objectClass: olcOverlayConfig
+        objectClass: olcSmbK5PwdConfig
+        olcOverlay: {0}smbk5pwd
+        olcSmbK5PwdEnable: krb5
+        olcSmbK5PwdEnable: samba
+        olcSmbK5PwdMustChange: 2592000
+.EE
+.LP
+which enables both
+.B krb5
+and
+.B samba
+modules with a Samba password expiration time of 30 days (=
+.B 2592000
+seconds).
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been writen by Peter Marschall based on the
+module's README file written by Howard Chu.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
+