.389-ds-base.metadata

@@ -1,3 +1 @@
-bd9aab32d9cbf9231058d585479813f3420dc872 SOURCES/389-ds-base-1.4.3.39.tar.bz2
-1c8f2d0dfbf39fa8cd86363bf3314351ab21f8d4 SOURCES/jemalloc-5.3.0.tar.bz2
-978b7c5e4a9e5784fddb23ba1abe4dc5a071589f SOURCES/vendor-1.4.3.39-1.tar.gz
+1c8f2d0dfbf39fa8cd86363bf3314351ab21f8d4 jemalloc-5.3.0.tar.bz2

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,3 +1,221 @@
-SOURCES/389-ds-base-1.4.3.39.tar.bz2
-SOURCES/jemalloc-5.3.0.tar.bz2
-SOURCES/vendor-1.4.3.39-1.tar.gz
+*~
+/389-ds-base-1.2.7.2.tar.bz2
+/389-ds-base-1.2.7.3.tar.bz2
+/389-ds-base-1.2.7.4.tar.bz2
+/389-ds-base-1.2.7.5.tar.bz2
+/389-ds-base-1.2.8.a1.tar.bz2
+/389-ds-base-1.2.8.a2.tar.bz2
+/389-ds-base-1.2.8.a3.tar.bz2
+/389-ds-base-1.2.8.rc1.tar.bz2
+/389-ds-base-1.2.8.rc2.tar.bz2
+/389-ds-base-1.2.8.rc4.tar.bz2
+/389-ds-base-1.2.8.rc5.tar.bz2
+/389-ds-base-1.2.8.0.tar.bz2
+/389-ds-base-1.2.8.1.tar.bz2
+/389-ds-base-1.2.8.2.tar.bz2
+/389-ds-base-1.2.8.3.tar.bz2
+/389-ds-base-1.2.9.a1.tar.bz2
+/389-ds-base-1.2.9.a2.tar.bz2
+/389-ds-base-1.2.9.0.tar.bz2
+/389-ds-base-1.2.9.1.tar.bz2
+/389-ds-base-1.2.9.2.tar.bz2
+/389-ds-base-1.2.9.3.tar.bz2
+/389-ds-base-1.2.9.4.tar.bz2
+/389-ds-base-1.2.9.5.tar.bz2
+/389-ds-base-1.2.9.6.tar.bz2
+/389-ds-base-1.2.9.7.tar.bz2
+/389-ds-base-1.2.9.8.tar.bz2
+/389-ds-base-1.2.9.9.tar.bz2
+/389-ds-base-1.2.9.10.tar.bz2
+/389-ds-base-1.2.10.a1.tar.bz2
+/389-ds-base-1.2.10.a2.tar.bz2
+/389-ds-base-1.2.10.a3.tar.bz2
+/389-ds-base-1.2.10.a4.tar.bz2
+/389-ds-base-1.2.10.a5.tar.bz2
+/389-ds-base-1.2.10.a6.tar.bz2
+/389-ds-base-1.2.10.a7.tar.bz2
+/389-ds-base-1.2.10.a8.tar.bz2
+/389-ds-base-1.2.10.rc1.tar.bz2
+/389-ds-base-1.2.10.0.tar.bz2
+/389-ds-base-1.2.10.1.tar.bz2
+/389-ds-base-1.2.10.2.tar.bz2
+/389-ds-base-1.2.10.3.tar.bz2
+/389-ds-base-1.2.10.4.tar.bz2
+/389-ds-base-1.2.11.a1.tar.bz2
+/389-ds-base-1.2.11.1.tar.bz2
+/389-ds-base-1.2.11.2.tar.bz2
+/389-ds-base-1.2.11.3.tar.bz2
+/389-ds-base-1.2.11.4.tar.bz2
+/389-ds-base-1.2.11.5.tar.bz2
+/389-ds-base-1.2.11.6.tar.bz2
+/389-ds-base-1.2.11.7.tar.bz2
+/389-ds-base-1.2.11.8.tar.bz2
+/389-ds-base-1.2.11.9.tar.bz2
+/389-ds-base-1.2.11.10.tar.bz2
+/389-ds-base-1.2.11.11.tar.bz2
+/389-ds-base-1.2.11.12.tar.bz2
+/389-ds-base-1.2.11.13.tar.bz2
+/389-ds-base-1.2.11.14.tar.bz2
+/389-ds-base-1.2.11.15.tar.bz2
+/389-ds-base-1.3.0.a1.tar.bz2
+/389-ds-base-1.3.0.rc1.tar.bz2
+/389-ds-base-1.3.0.rc2.tar.bz2
+/389-ds-base-1.3.0.rc3.tar.bz2
+/389-ds-base-1.3.0.0.tar.bz2
+/389-ds-base-1.3.0.1.tar.bz2
+/389-ds-base-1.3.0.2.tar.bz2
+/389-ds-base-1.3.0.3.tar.bz2
+/389-ds-base-1.3.0.4.tar.bz2
+/389-ds-base-1.3.0.5.tar.bz2
+/389-ds-base-1.3.1.0.tar.bz2
+/389-ds-base-1.3.1.1.tar.bz2
+/389-ds-base-1.3.1.2.tar.bz2
+/389-ds-base-1.3.1.3.tar.bz2
+/389-ds-base-1.3.1.4.tar.bz2
+/389-ds-base-1.3.1.5.tar.bz2
+/389-ds-base-1.3.1.6.tar.bz2
+/389-ds-base-1.3.1.7.tar.bz2
+/389-ds-base-1.3.1.8.tar.bz2
+/389-ds-base-1.3.1.9.tar.bz2
+/389-ds-base-1.3.1.10.tar.bz2
+/389-ds-base-1.3.1.11.tar.bz2
+/389-ds-base-1.3.2.0.tar.bz2
+/389-ds-base-1.3.2.1.tar.bz2
+/389-ds-base-1.3.2.2.tar.bz2
+/389-ds-base-1.3.2.3.tar.bz2
+/389-ds-base-1.3.2.4.tar.bz2
+/389-ds-base-1.3.2.5.tar.bz2
+/389-ds-base-1.3.2.6.tar.bz2
+/389-ds-base-1.3.2.7.tar.bz2
+/389-ds-base-1.3.2.8.tar.bz2
+/389-ds-base-1.3.2.9.tar.bz2
+/389-ds-base-1.3.2.10.tar.bz2
+/389-ds-base-1.3.2.11.tar.bz2
+/389-ds-base-1.3.2.12.tar.bz2
+/389-ds-base-1.3.2.13.tar.bz2
+/389-ds-base-1.3.2.14.tar.bz2
+/389-ds-base-1.3.2.15.tar.bz2
+/389-ds-base-1.3.2.16.tar.bz2
+/389-ds-base-1.3.2.17.tar.bz2
+/389-ds-base-1.3.2.18.tar.bz2
+/389-ds-base-1.3.2.19.tar.bz2
+/389-ds-base-1.3.2.20.tar.bz2
+/389-ds-base-1.3.2.21.tar.bz2
+/389-ds-base-1.3.2.22.tar.bz2
+/389-ds-base-1.3.2.23.tar.bz2
+/389-ds-base-1.3.3.0.tar.bz2
+/389-ds-base-1.3.3.2.tar.bz2
+/389-ds-base-1.3.3.3.tar.bz2
+/389-ds-base-1.3.3.4.tar.bz2
+/389-ds-base-1.3.3.5.tar.bz2
+/389-ds-base-1.3.3.6.tar.bz2
+/389-ds-base-1.3.3.7.tar.bz2
+/389-ds-base-1.3.3.8.tar.bz2
+/389-ds-base-1.3.3.9.tar.bz2
+/389-ds-base-1.3.3.10.tar.bz2
+/389-ds-base-1.3.3.11.tar.bz2
+/389-ds-base-1.3.3.12.tar.bz2
+/389-ds-base-1.3.4.0.tar.bz2
+/nunc-stans-0.1.3.tar.bz2
+/nunc-stans-0.1.4.tar.bz2
+/389-ds-base-1.3.4.1.tar.bz2
+/nunc-stans-0.1.5.tar.bz2
+/389-ds-base-1.3.4.2.tar.bz2
+/389-ds-base-1.3.4.3.tar.bz2
+/389-ds-base-1.3.4.4.tar.bz2
+/389-ds-base-1.3.4.5.tar.bz2
+/389-ds-base-1.3.4.6.tar.bz2
+/389-ds-base-1.3.4.7.tar.bz2
+/389-ds-base-1.3.4.8.tar.bz2
+/389-ds-base-1.3.5.0.tar.bz2
+/nunc-stans-0.1.8.tar.bz2
+/389-ds-base-1.3.5.1.tar.bz2
+/389-ds-base-1.3.5.3.tar.bz2
+/389-ds-base-1.3.5.4.tar.bz2
+/389-ds-base-1.3.5.5.tar.bz2
+/389-ds-base-1.3.5.6.tar.bz2
+/389-ds-base-1.3.5.10.tar.bz2
+/389-ds-base-1.3.5.11.tar.bz2
+/389-ds-base-1.3.5.12.tar.bz2
+/389-ds-base-1.3.5.13.tar.bz2
+/389-ds-base-1.3.5.14.tar.bz2
+/nunc-stans-0.2.0.tar.bz2
+/389-ds-base-1.3.6.1.tar.bz2
+/389-ds-base-1.3.6.2.tar.bz2
+/389-ds-base-1.3.6.3.tar.bz2
+/389-ds-base-1.3.6.4.tar.bz2
+/389-ds-base-1.3.6.5.tar.bz2
+/389-ds-base-1.3.6.6.tar.bz2
+/389-ds-base-1.3.7.1.tar.bz2
+/389-ds-base-1.3.7.2.tar.bz2
+/389-ds-base-1.3.7.3.tar.bz2
+/389-ds-base-1.3.7.4.tar.bz2
+/389-ds-base-1.4.0.0.tar.bz2
+/389-ds-base-1.4.0.1.tar.bz2
+/389-ds-base-1.4.0.2.tar.bz2
+/389-ds-base-1.4.0.3.tar.bz2
+/389-ds-base-1.4.0.4.tar.bz2
+/389-ds-base-1.4.0.5.tar.bz2
+/389-ds-base-1.4.0.6.tar.bz2
+/389-ds-base-1.4.0.7.tar.bz2
+/389-ds-base-1.4.0.8.tar.bz2
+/389-ds-base-1.4.0.9.tar.bz2
+/389-ds-base-1.4.0.10.tar.bz2
+/jemalloc-5.0.1.tar.bz2
+/389-ds-base-1.4.0.11.tar.bz2
+/jemalloc-5.1.0.tar.bz2
+/389-ds-base-1.4.0.12.tar.bz2
+/389-ds-base-1.4.0.13.tar.bz2
+/389-ds-base-1.4.0.14.tar.bz2
+/389-ds-base-1.4.0.15.tar.bz2
+/389-ds-base-1.4.0.16.tar.bz2
+/389-ds-base-1.4.0.17.tar.bz2
+/389-ds-base-1.4.0.18.tar.bz2
+/389-ds-base-1.4.0.19.tar.bz2
+/389-ds-base-1.4.0.20.tar.bz2
+/389-ds-base-1.4.1.1.tar.bz2
+/389-ds-base-1.4.1.2.tar.bz2
+/389-ds-base-1.4.1.3.tar.bz2
+/389-ds-base-1.4.1.4.tar.bz2
+/389-ds-base-1.4.1.5.tar.bz2
+/jemalloc-5.2.0.tar.bz2
+/389-ds-base-1.4.1.6.tar.bz2
+/389-ds-base-1.4.2.1.tar.bz2
+/389-ds-base-1.4.2.2.tar.bz2
+/389-ds-base-1.4.2.3.tar.bz2
+/389-ds-base-1.4.2.4.tar.bz2
+/389-ds-base-1.4.2.5.tar.bz2
+/389-ds-base-1.4.3.1.tar.bz2
+/jemalloc-5.2.1.tar.bz2
+/389-ds-base-1.4.3.2.tar.bz2
+/389-ds-base-1.4.3.3.tar.bz2
+/389-ds-base-1.4.3.4.tar.bz2
+/389-ds-base-1.4.3.5.tar.bz2
+/389-ds-base-1.4.4.0.tar.bz2
+/389-ds-base-1.4.4.1.tar.bz2
+/389-ds-base-1.4.4.2.tar.bz2
+/389-ds-base-1.4.4.3.tar.bz2
+/389-ds-base-1.4.4.4.tar.bz2
+/389-ds-base-1.4.4.6.tar.bz2
+/389-ds-base-1.4.5.0.tar.bz2
+/389-ds-base-2.0.1.tar.bz2
+/389-ds-base-2.0.2.tar.bz2
+/389-ds-base-2.0.3.tar.bz2
+/rust-openssl-770ba32702abd2b4cab80727958c27ac3043c3ec.tar.gz
+/389-ds-base-2.0.5.tar.bz2
+/389-ds-base-2.0.6.tar.bz2
+/389-ds-base-2.0.7.tar.bz2
+/389-ds-base-2.0.8.tar.bz2
+/389-ds-base-2.0.11.tar.bz2
+/389-ds-base-2.0.13.tar.bz2
+/389-ds-base-2.0.14.tar.bz2
+/389-ds-base-2.1.0.tar.bz2
+/389-ds-base-2.1.1.tar.bz2
+/389-ds-base-2.1.3.tar.bz2
+/jemalloc-5.3.0.tar.bz2
+/389-ds-base-2.2.4.tar.bz2
+/389-ds-base-2.3.4.tar.bz2
+/389-ds-base-2.3.6.tar.bz2
+/389-ds-base-2.4.4.tar.bz2
+/389-ds-base-2.4.5.tar.bz2
+/389-ds-base-2.5.1.tar.bz2

0001-CVE-2024-3657.patch

@@ -0,0 +1,213 @@
+From 5cfa136c48c477765cb20b007ad441ed21534e86 Mon Sep 17 00:00:00 2001
+From: Pierre Rogier <progier@redhat.com>
+Date: Wed, 17 Apr 2024 18:18:04 +0200
+Subject: [PATCH] CVE-2024-3657
+
+---
+ .../tests/suites/filter/large_filter_test.py  |  34 +++++-
+ ldap/servers/slapd/back-ldbm/index.c          | 111 ++++++++++--------
+ 2 files changed, 92 insertions(+), 53 deletions(-)
+
+diff --git a/dirsrvtests/tests/suites/filter/large_filter_test.py b/dirsrvtests/tests/suites/filter/large_filter_test.py
+index 964facae5..5390a0f9c 100644
+--- a/dirsrvtests/tests/suites/filter/large_filter_test.py
++++ b/dirsrvtests/tests/suites/filter/large_filter_test.py
+@@ -13,19 +13,29 @@ verify and testing  Filter from a search
+ 
+ import os
+ import pytest
++import ldap
+ 
+-from lib389._constants import PW_DM
++from lib389._constants import PW_DM, DEFAULT_SUFFIX, ErrorLog
+ from lib389.topologies import topology_st as topo
+ from lib389.idm.user import UserAccounts, UserAccount
+ from lib389.idm.account import Accounts
+ from lib389.backend import Backends
+ from lib389.idm.domain import Domain
++from lib389.utils import get_ldapurl_from_serverid
+ 
+ SUFFIX = 'dc=anuj,dc=com'
+ 
+ pytestmark = pytest.mark.tier1
+ 
+ 
++def open_new_ldapi_conn(dsinstance):
++    ldapurl, certdir = get_ldapurl_from_serverid(dsinstance)
++    assert 'ldapi://' in ldapurl
++    conn = ldap.initialize(ldapurl)
++    conn.sasl_interactive_bind_s("", ldap.sasl.external())
++    return conn
++
++
+ @pytest.fixture(scope="module")
+ def _create_entries(request, topo):
+     """
+@@ -159,6 +169,28 @@ def test_large_filter(topo, _create_entries, real_value):
+     assert len(Accounts(conn, SUFFIX).filter(real_value)) == 3
+ 
+ 
++def test_long_filter_value(topo):
++    """Exercise large eq filter with dn syntax attributes
++
++        :id: b069ef72-fcc3-11ee-981c-482ae39447e5
++        :setup: Standalone
++        :steps:
++            1. Try to pass filter rules as per the condition.
++        :expectedresults:
++            1. Pass
++    """
++    inst = topo.standalone
++    conn = open_new_ldapi_conn(inst.serverid)
++    inst.config.loglevel(vals=(ErrorLog.DEFAULT,ErrorLog.TRACE,ErrorLog.SEARCH_FILTER))
++    filter_value = "a\x1Edmin" * 1025
++    conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, f'(cn={filter_value})')
++    filter_value = "aAdmin" * 1025
++    conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, f'(cn={filter_value})')
++    filter_value = "*"
++    conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, f'(cn={filter_value})')
++    inst.config.loglevel(vals=(ErrorLog.DEFAULT,))
++
++
+ if __name__ == '__main__':
+     CURRENT_FILE = os.path.realpath(__file__)
+     pytest.main("-s -v %s" % CURRENT_FILE)
+diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
+index 86bc825fe..bdac0a616 100644
+--- a/ldap/servers/slapd/back-ldbm/index.c
++++ b/ldap/servers/slapd/back-ldbm/index.c
+@@ -74,6 +74,32 @@ typedef struct _index_buffer_handle index_buffer_handle;
+ #define INDEX_BUFFER_FLAG_SERIALIZE 1
+ #define INDEX_BUFFER_FLAG_STATS 2
+ 
++/*
++ * space needed to encode a byte:
++ *  0x00-0x31 and 0x7f-0xff requires 3 bytes: \xx
++ *  0x22 and 0x5C requires 2 bytes: \" and \\
++ *  other requires 1 byte: c
++ */
++static char encode_size[] = {
++    /* 0x00 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++    /* 0x10 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++    /* 0x20 */   1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
++    /* 0x30 */   1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
++    /* 0x40 */   1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
++    /* 0x50 */   1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1,
++    /* 0x60 */   1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
++    /* 0x70 */   1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3,
++    /* 0x80 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++    /* 0x90 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++    /* 0xA0 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++    /* 0xB0 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++    /* 0xC0 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++    /* 0xD0 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++    /* 0xE0 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++    /* 0xF0 */   3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
++};
++
++
+ /* Index buffering functions */
+ 
+ static int
+@@ -802,65 +828,46 @@ index_add_mods(
+ 
+ /*
+  * Convert a 'struct berval' into a displayable ASCII string
++ * returns the printable string
+  */
+-
+-#define SPECIAL(c) (c < 32 || c > 126 || c == '\\' || c == '"')
+-
+ const char *
+ encode(const struct berval *data, char buf[BUFSIZ])
+ {
+-    char *s;
+-    char *last;
+-    if (data == NULL || data->bv_len == 0)
+-        return "";
+-    last = data->bv_val + data->bv_len - 1;
+-    for (s = data->bv_val; s < last; ++s) {
+-        if (SPECIAL(*s)) {
+-            char *first = data->bv_val;
+-            char *bufNext = buf;
+-            size_t bufSpace = BUFSIZ - 4;
+-            while (1) {
+-                /* printf ("%lu bytes ASCII\n", (unsigned long)(s - first)); */
+-                if (bufSpace < (size_t)(s - first))
+-                    s = first + bufSpace - 1;
+-                if (s != first) {
+-                    memcpy(bufNext, first, s - first);
+-                    bufNext += (s - first);
+-                    bufSpace -= (s - first);
+-                }
+-                do {
+-                    if (bufSpace) {
+-                        *bufNext++ = '\\';
+-                        --bufSpace;
+-                    }
+-                    if (bufSpace < 2) {
+-                        memcpy(bufNext, "..", 2);
+-                        bufNext += 2;
+-                        goto bail;
+-                    }
+-                    if (*s == '\\' || *s == '"') {
+-                        *bufNext++ = *s;
+-                        --bufSpace;
+-                    } else {
+-                        sprintf(bufNext, "%02x", (unsigned)*(unsigned char *)s);
+-                        bufNext += 2;
+-                        bufSpace -= 2;
+-                    }
+-                } while (++s <= last && SPECIAL(*s));
+-                if (s > last)
+-                    break;
+-                first = s;
+-                while (!SPECIAL(*s) && s <= last)
+-                    ++s;
+-            }
+-        bail:
+-            *bufNext = '\0';
+-            /* printf ("%lu chars in buffer\n", (unsigned long)(bufNext - buf)); */
++    if (!data || !data->bv_val) {
++        strcpy(buf, "<NULL>");
++        return buf;
++    }
++    char *endbuff = &buf[BUFSIZ-4];  /* Reserve space to append "...\0" */
++    char *ptout = buf;
++    unsigned char *ptin = (unsigned char*) data->bv_val;
++    unsigned char *endptin = ptin+data->bv_len;
++
++    while (ptin < endptin) {
++        if (ptout >= endbuff) {
++            /*
++             * BUFSIZ(8K) > SLAPI_LOG_BUFSIZ(2K) so the error log message will be
++             * truncated anyway. So there is no real interrest to test if the original
++             * data contains no special characters and return it as is.
++             */
++            strcpy(endbuff, "...");
+             return buf;
+         }
++        switch (encode_size[*ptin]) {
++            case 1:
++                *ptout++ = *ptin++;
++                break;
++            case 2:
++                *ptout++ = '\\';
++                *ptout++ = *ptin++;
++                break;
++            case 3:
++                sprintf(ptout, "\\%02x", *ptin++);
++                ptout += 3;
++                break;
++        }
+     }
+-    /* printf ("%lu bytes, all ASCII\n", (unsigned long)(s - data->bv_val)); */
+-    return data->bv_val;
++    *ptout = 0;
++    return buf;
+ }
+ 
+ static const char *
+-- 
+2.44.0
+

0001-Issue-3527-Support-HAProxy-and-Instance-on-the-same-.patch

@@ -1,4 +1,4 @@
-From 7d1bc439a07c51b5f4f37405b6b27a1990b8cb28 Mon Sep 17 00:00:00 2001
+From fcdeec3b876a28e06bb53a60fe502cb702403931 Mon Sep 17 00:00:00 2001
 From: Simon Pichugin <spichugi@redhat.com>
 Date: Tue, 27 Feb 2024 16:30:47 -0800
 Subject: [PATCH] Issue 3527 - Support HAProxy and Instance on the same machine
@@ -19,7 +19,7 @@ Reviewed by: @progier389, @jchapma (Thanks!)
  1 file changed, 27 insertions(+), 8 deletions(-)
 
 diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
-index d28a39bf7..10a8cc577 100644
+index a30511c97..07d629475 100644
 --- a/ldap/servers/slapd/connection.c
 +++ b/ldap/servers/slapd/connection.c
 @@ -1187,6 +1187,8 @@ connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, int *

0002-Issue-6112-RFE-add-new-operation-note-for-MFA-authen.patch

@@ -0,0 +1,237 @@
+From 3cd7d30628007f839436c417af6dd8a056c6a165 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Fri, 1 Mar 2024 11:28:17 -0500
+Subject: [PATCH 2/3] Issue 6112 - RFE - add new operation note for MFA
+ authentications
+
+Add a new operation note to indicate that a MFA plugin performed the
+BIND.  This implies that the plugin must set the note itself as there is
+no other way to detect this:
+
+    slapi_pblock_set_flag_operation_notes(pb, SLAPI_OP_NOTE_MFA_AUTH);
+
+The purpose for this is for auditing needs
+
+Fixes: https://github.com/389ds/389-ds-base/issues/6112
+
+Reviewed by: spichugi(Thanks!)
+---
+ ldap/admin/src/logconv.pl         | 37 ++++++++++++++++++-------------
+ ldap/servers/slapd/log.c          |  6 ++++-
+ ldap/servers/slapd/result.c       |  2 +-
+ ldap/servers/slapd/slapi-plugin.h |  1 +
+ 4 files changed, 28 insertions(+), 18 deletions(-)
+
+diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
+index 5ba91e99c..10bd5d2aa 100755
+--- a/ldap/admin/src/logconv.pl
++++ b/ldap/admin/src/logconv.pl
+@@ -2,11 +2,11 @@
+ #
+ # BEGIN COPYRIGHT BLOCK
+ # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
+-# Copyright (C) 2022 Red Hat, Inc.
++# Copyright (C) 2010-2024 Red Hat, Inc.
+ # All rights reserved.
+ #
+ # License: GPL (version 3 or any later version).
+-# See LICENSE for details. 
++# See LICENSE for details.
+ # END COPYRIGHT BLOCK
+ #
+ 
+@@ -218,6 +218,7 @@ my $sslClientFailedCount = 0;
+ my $objectclassTopCount= 0;
+ my $pagedSearchCount = 0;
+ my $invalidFilterCount = 0;
++my $mfaCount = 0;
+ my $bindCount = 0;
+ my $filterCount = 0;
+ my $baseCount = 0;
+@@ -407,7 +408,7 @@ sub statusreport {
+ ##########################################
+ #                                        #
+ #         Parse Access Logs              #
+-#                                        # 
++#                                        #
+ ##########################################
+ 
+ if ($files[$#files] =~ m/access.rotationinfo/) {
+@@ -709,7 +710,7 @@ if($endTime){
+ 
+ #
+ # Get the start time in seconds
+-#  
++#
+ my $logStart = $start;
+ my $startTotal = convertTimeToNanoseconds($logStart);
+ 
+@@ -890,6 +891,7 @@ $etimeAvg = $totalEtime / $etimeCount;
+ print sprintf "Average etime (elapsed time):  %.9f\n", $etimeAvg;
+ 
+ print "\n";
++print "Multi-factor Authentications:  $mfaCount\n";
+ print "Proxied Auth Operations:       $proxiedAuthCount\n";
+ print "Persistent Searches:           $persistentSrchCount\n";
+ print "Internal Operations:           $internalOpCount\n";
+@@ -1758,7 +1760,7 @@ if ($usage =~ /j/i || $verb eq "yes"){
+ 		$recCount++;
+ 	}
+ 	if ($objectclassTopCount > ($srchCount *.25)){
+-		print "\n $recCount.  You have a high number of searches that query the entire search base.  Although this is not necessarily bad, it could be resource intensive if the search base contains many entries.\n"; 
++		print "\n $recCount.  You have a high number of searches that query the entire search base.  Although this is not necessarily bad, it could be resource intensive if the search base contains many entries.\n";
+ 		$recCount++;
+ 	}
+ 	if ($recCount == 1){
+@@ -1792,7 +1794,7 @@ sub displayUsage {
+ 
+ 	print "         -h, --help         help/usage\n";
+ 	print "         -d, --rootDN       <Directory Managers DN>  default is \"cn=directory manager\"\n";
+-	print "         -D, --data         <Location for temporary data files>  default is \"/tmp\"\n";    
++	print "         -D, --data         <Location for temporary data files>  default is \"/tmp\"\n";
+ 	print "         -s, --sizeLimit    <Number of results to return per catagory>  default is 20\n";
+ 	print "         -X, --excludeIP    <IP address to exclude from connection stats>  E.g. Load balancers\n";
+ 	print "         -v, --version      show version of tool\n";
+@@ -1800,8 +1802,8 @@ sub displayUsage {
+ 	print "             E.g. \"[28/Mar/2002:13:14:22 -0800]\"\n";
+ 	print "         -E, --endTime      <time to stop analyzing logfile>\n";
+ 	print "             E.g. \"[28/Mar/2002:13:24:62 -0800]\"\n";
+-	print "         -m, --reportFileSecs  <CSV output file - per second stats>\n"; 
+-	print "         -M, --reportFileMins  <CSV output file - per minute stats>\n";	
++	print "         -m, --reportFileSecs  <CSV output file - per second stats>\n";
++	print "         -M, --reportFileMins  <CSV output file - per minute stats>\n";
+ 	print "         -B, --bind         <ALL | ANONYMOUS | \"Actual Bind DN\">\n";
+ 	print "	        -T, --minEtime     <minimum etime to report unindexed searches>\n";
+ 	print "         -V, --verbose      <enable verbose output - includes all stats listed below>\n";
+@@ -2288,6 +2290,9 @@ sub parseLineNormal
+ 	if (m/ RESULT err=/ && m/ notes=[A-Z,]*P/){
+ 		$pagedSearchCount++;
+ 	}
++	if (m/ RESULT err=/ && m/ notes=[A-Z,]*M/){
++		$mfaCount++;
++	}
+ 	if (m/ RESULT err=/ && m/ notes=[A-Z,]*F/){
+ 		$invalidFilterCount++;
+ 		$con = "";
+@@ -2318,7 +2323,7 @@ sub parseLineNormal
+ 			if ($vlvconn[$i] eq $con && $vlvop[$i] eq $op){ $vlvNotesACount++; $isVlvNotes="1";}
+ 		}
+ 		if($isVlvNotes == 0){
+-			#  We don't want to record vlv unindexed searches for our regular "bad" 
++			#  We don't want to record vlv unindexed searches for our regular "bad"
+ 			#  unindexed search stat, as VLV unindexed searches aren't that bad
+ 			$unindexedSrchCountNotesA++;
+ 			if($reportStats){ inc_stats('notesA',$s_stats,$m_stats); }
+@@ -2345,7 +2350,7 @@ sub parseLineNormal
+ 			if ($vlvconn[$i] eq $con && $vlvop[$i] eq $op){ $vlvNotesUCount++; $isVlvNotes="1";}
+ 		}
+ 		if($isVlvNotes == 0){
+-			#  We don't want to record vlv unindexed searches for our regular "bad" 
++			#  We don't want to record vlv unindexed searches for our regular "bad"
+ 			#  unindexed search stat, as VLV unindexed searches aren't that bad
+ 			$unindexedSrchCountNotesU++;
+ 			if($reportStats){ inc_stats('notesU',$s_stats,$m_stats); }
+@@ -2586,7 +2591,7 @@ sub parseLineNormal
+ 		if ($errcode ne "0"){ $errorCount++;}
+ 		else { $successCount++;}
+ 	}
+-	if ($_ =~ /etime= *([0-9.]+)/ ) { 
++	if ($_ =~ /etime= *([0-9.]+)/ ) {
+ 		my $etime_val = $1;
+ 		$totalEtime = $totalEtime + $1;
+ 		$etimeCount++;
+@@ -2608,10 +2613,10 @@ sub parseLineNormal
+ 		if ($reportStats){ inc_stats_val('optime',$optime_val,$s_stats,$m_stats); }
+ 	}
+ 	if ($_ =~ / tag=101 / || $_ =~ / tag=111 / || $_ =~ / tag=100 / || $_ =~ / tag=115 /){
+-		if ($_ =~ / nentries= *([0-9]+)/i ){ 
++		if ($_ =~ / nentries= *([0-9]+)/i ){
+ 			my $nents = $1;
+-			if ($usage =~ /n/i || $verb eq "yes"){ 
+-				$hashes->{nentries}->{$nents}++; 
++			if ($usage =~ /n/i || $verb eq "yes"){
++				$hashes->{nentries}->{$nents}++;
+ 			}
+ 		}
+ 	}
+@@ -2621,7 +2626,7 @@ sub parseLineNormal
+ 	if (m/ EXT oid=/){
+ 		$extopCount++;
+ 		my $oid;
+-		if ($_ =~ /oid=\" *([0-9\.]+)/i ){ 
++		if ($_ =~ /oid=\" *([0-9\.]+)/i ){
+ 			$oid = $1;
+ 			if ($usage =~ /x/i || $verb eq "yes"){$hashes->{oid}->{$oid}++; }
+ 		}
+@@ -2921,7 +2926,7 @@ printClients
+ 	my $IPcount = "1";
+ 
+ 	foreach my $ip ( keys %connList ){   # Loop over all the IP addresses
+-		foreach my $bc (@bindConns){ # Loop over each bind conn number and compare it 
++		foreach my $bc (@bindConns){ # Loop over each bind conn number and compare it
+ 			if($connList{$ip} =~ / $bc /){
+ 				print("        [$IPcount]  $ip\n");
+ 				$IPcount++;
+diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
+index 4aa905576..2c7bd933b 100644
+--- a/ldap/servers/slapd/log.c
++++ b/ldap/servers/slapd/log.c
+@@ -3892,6 +3892,7 @@ slapi_log_security(Slapi_PBlock *pb, const char *event_type, const char *msg)
+     int isroot = 0;
+     int rc = 0;
+     uint64_t conn_id = 0;
++    uint32_t operation_notes = 0;
+     int32_t op_id = 0;
+     json_object *log_json = NULL;
+ 
+@@ -3916,6 +3917,8 @@ slapi_log_security(Slapi_PBlock *pb, const char *event_type, const char *msg)
+     client_ip = pb_conn->c_ipaddr;
+     server_ip = pb_conn->c_serveripaddr;
+     ldap_version = pb_conn->c_ldapversion;
++    operation_notes = slapi_pblock_get_operation_notes(pb);
++
+     if (saslmech) {
+         external_bind = !strcasecmp(saslmech, LDAP_SASL_EXTERNAL);
+     }
+@@ -3982,7 +3985,8 @@ slapi_log_security(Slapi_PBlock *pb, const char *event_type, const char *msg)
+         break;
+     default:
+         /* Simple auth */
+-        PR_snprintf(method_and_mech, sizeof(method_and_mech), "SIMPLE");
++        PR_snprintf(method_and_mech, sizeof(method_and_mech), "%s",
++                    (operation_notes & SLAPI_OP_NOTE_MFA_AUTH) ? "SIMPLE/MFA" : "SIMPLE");
+     }
+ 
+     /* Get the time */
+diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
+index 56ba6db8b..97af5a2b8 100644
+--- a/ldap/servers/slapd/result.c
++++ b/ldap/servers/slapd/result.c
+@@ -1946,11 +1946,11 @@ static struct slapi_note_map notemap[] = {
+     {SLAPI_OP_NOTE_SIMPLEPAGED, "P", "Paged Search"},
+     {SLAPI_OP_NOTE_FULL_UNINDEXED, "A", "Fully Unindexed Filter"},
+     {SLAPI_OP_NOTE_FILTER_INVALID, "F", "Filter Element Missing From Schema"},
++    {SLAPI_OP_NOTE_MFA_AUTH, "M", "Multi-factor Authentication"},
+ };
+ 
+ #define SLAPI_NOTEMAP_COUNT (sizeof(notemap) / sizeof(struct slapi_note_map))
+ 
+-
+ /*
+  * fill buf with a string representation of the bits present in notes.
+  *
+diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
+index 4853e143b..12bc1f0aa 100644
+--- a/ldap/servers/slapd/slapi-plugin.h
++++ b/ldap/servers/slapd/slapi-plugin.h
+@@ -7323,6 +7323,7 @@ typedef enum _slapi_op_note_t {
+     SLAPI_OP_NOTE_SIMPLEPAGED = 0x02,
+     SLAPI_OP_NOTE_FULL_UNINDEXED = 0x04,
+     SLAPI_OP_NOTE_FILTER_INVALID = 0x08,
++    SLAPI_OP_NOTE_MFA_AUTH = 0x10,
+ } slapi_op_note_t;
+ 
+ 
+-- 
+2.44.0
+

0003-Issue-6133-Move-slapi_pblock_set_flag_operation_note.patch

@@ -0,0 +1,54 @@
+From 189e078f574f586f6cff6f80081eded2c22c8868 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 26 Mar 2024 11:19:10 -0400
+Subject: [PATCH 3/3] Issue 6133 - Move slapi_pblock_set_flag_operation_notes()
+ to slapi-plugin.h
+
+Description:
+
+slapi_pblock_set_flag_operation_notes() is currently only available in slapi-private.h, but with the latest changes at add "notes=M" it needs to be available to plugins.
+
+relates: https://github.com/389ds/389-ds-base/issues/6133
+
+Reviewed by: spichugi(Thanks!)
+---
+ ldap/servers/slapd/slapi-plugin.h  | 10 ++++++++++
+ ldap/servers/slapd/slapi-private.h |  1 -
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
+index 12bc1f0aa..5d4af7c20 100644
+--- a/ldap/servers/slapd/slapi-plugin.h
++++ b/ldap/servers/slapd/slapi-plugin.h
+@@ -7326,6 +7326,16 @@ typedef enum _slapi_op_note_t {
+     SLAPI_OP_NOTE_MFA_AUTH = 0x10,
+ } slapi_op_note_t;
+ 
++/**
++ * Set an operation note on an operation.  This will append a notes keyword
++ * in the access log result line for this operation
++ *
++ * \param pb - The slapi_pblock structure
++ * \param opnotes
++ * \return void
++ */
++void slapi_pblock_set_operation_notes(Slapi_PBlock *pb, uint32_t opnotes);
++
+ 
+ /* Allows controls to be passed before operation object is created */
+ #define SLAPI_CONTROLS_ARG 58
+diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
+index 17eedc2de..ee7659ac0 100644
+--- a/ldap/servers/slapd/slapi-private.h
++++ b/ldap/servers/slapd/slapi-private.h
+@@ -1510,7 +1510,6 @@ struct slapi_entry *slapi_pblock_get_pw_entry(Slapi_PBlock *pb);
+ void slapi_pblock_set_pw_entry(Slapi_PBlock *pb, struct slapi_entry *entry);
+ 
+ uint32_t slapi_pblock_get_operation_notes(Slapi_PBlock *pb);
+-void slapi_pblock_set_operation_notes(Slapi_PBlock *pb, uint32_t opnotes);
+ void slapi_pblock_set_flag_operation_notes(Slapi_PBlock *pb, uint32_t opflag);
+ void slapi_pblock_set_result_text_if_empty(Slapi_PBlock *pb, char *text);
+ 
+-- 
+2.44.0
+

389-ds-base-git-local.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+DATE=`date +%Y%m%d`
+# use a real tag name here
+VERSION=1.3.5.14
+PKGNAME=389-ds-base
+TAG=${TAG:-$PKGNAME-$VERSION}
+#SRCNAME=$PKGNAME-$VERSION-$DATE
+SRCNAME=$PKGNAME-$VERSION
+
+test -d .git || {
+    echo you must be in the ds git repo to use this
+    echo bye
+    exit 1
+}
+
+if [ -z "$1" ] ; then
+	dir=.
+else
+	dir="$1"
+fi
+
+git archive --prefix=$SRCNAME/ $TAG | bzip2 > $dir/$SRCNAME.tar.bz2

389-ds-base.sysusers

@@ -0,0 +1,3 @@
+#Type Name     ID             GECOS                   Home directory       Shell
+g     dirsrv   389
+u     dirsrv   389:389        "user for 389-ds-base"  /usr/share/dirsrv/   /sbin/nologin

SOURCES/0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch

@@ -1,119 +0,0 @@
-From dddb14210b402f317e566b6387c76a8e659bf7fa Mon Sep 17 00:00:00 2001
-From: progier389 <progier@redhat.com>
-Date: Tue, 14 Feb 2023 13:34:10 +0100
-Subject: [PATCH 1/2] issue 5647 - covscan: memory leak in audit log when
- adding entries (#5650)
-
-covscan reported an issue about "vals" variable in auditlog.c:231 and indeed a charray_free is missing.
-Issue: 5647
-Reviewed by: @mreynolds389, @droideck
----
- ldap/servers/slapd/auditlog.c | 71 +++++++++++++++++++----------------
- 1 file changed, 38 insertions(+), 33 deletions(-)
-
-diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
-index 68cbc674d..3128e0497 100644
---- a/ldap/servers/slapd/auditlog.c
-+++ b/ldap/servers/slapd/auditlog.c
-@@ -177,6 +177,40 @@ write_auditfail_log_entry(Slapi_PBlock *pb)
-     slapi_ch_free_string(&audit_config);
- }
- 
-+/*
-+ * Write the attribute values to the audit log as "comments"
-+ *
-+ *   Slapi_Attr *entry - the attribute begin logged.
-+ *   char *attrname - the attribute name.
-+ *   lenstr *l - the audit log buffer
-+ *
-+ *   Resulting output in the log:
-+ *
-+ *       #ATTR: VALUE
-+ *       #ATTR: VALUE
-+ */
-+static void
-+log_entry_attr(Slapi_Attr *entry_attr, char *attrname, lenstr *l)
-+{
-+    Slapi_Value **vals = attr_get_present_values(entry_attr);
-+    for(size_t i = 0; vals && vals[i]; i++) {
-+        char log_val[256] = "";
-+        const struct berval *bv = slapi_value_get_berval(vals[i]);
-+        if (bv->bv_len >= 256) {
-+            strncpy(log_val, bv->bv_val, 252);
-+            strcpy(log_val+252, "...");
-+        } else {
-+            strncpy(log_val, bv->bv_val, bv->bv_len);
-+            log_val[bv->bv_len] = 0;
-+        }
-+        addlenstr(l, "#");
-+        addlenstr(l, attrname);
-+        addlenstr(l, ": ");
-+        addlenstr(l, log_val);
-+        addlenstr(l, "\n");
-+    }
-+}
-+
- /*
-  * Write "requested" attributes from the entry to the audit log as "comments"
-  *
-@@ -212,21 +246,9 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
-         for (req_attr = ldap_utf8strtok_r(display_attrs, ", ", &last); req_attr;
-              req_attr = ldap_utf8strtok_r(NULL, ", ", &last))
-         {
--            char **vals = slapi_entry_attr_get_charray(entry, req_attr);
--            for(size_t i = 0; vals && vals[i]; i++) {
--                char log_val[256] = {0};
--
--                if (strlen(vals[i]) > 256) {
--                    strncpy(log_val, vals[i], 252);
--                    strcat(log_val, "...");
--                } else {
--                    strcpy(log_val, vals[i]);
--                }
--                addlenstr(l, "#");
--                addlenstr(l, req_attr);
--                addlenstr(l, ": ");
--                addlenstr(l, log_val);
--                addlenstr(l, "\n");
-+            slapi_entry_attr_find(entry, req_attr, &entry_attr);
-+            if (entry_attr) {
-+                log_entry_attr(entry_attr, req_attr, l);
-             }
-         }
-     } else {
-@@ -234,7 +256,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
-         for (; entry_attr; entry_attr = entry_attr->a_next) {
-             Slapi_Value **vals = attr_get_present_values(entry_attr);
-             char *attr = NULL;
--            const char *val = NULL;
- 
-             slapi_attr_get_type(entry_attr, &attr);
-             if (strcmp(attr, PSEUDO_ATTR_UNHASHEDUSERPASSWORD) == 0) {
-@@ -251,23 +272,7 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
-                 addlenstr(l, ": ****************************\n");
-                 continue;
-             }
--
--            for(size_t i = 0; vals && vals[i]; i++) {
--                char log_val[256] = {0};
--
--                val = slapi_value_get_string(vals[i]);
--                if (strlen(val) > 256) {
--                    strncpy(log_val, val, 252);
--                    strcat(log_val, "...");
--                } else {
--                    strcpy(log_val, val);
--                }
--                addlenstr(l, "#");
--                addlenstr(l, attr);
--                addlenstr(l, ": ");
--                addlenstr(l, log_val);
--                addlenstr(l, "\n");
--            }
-+            log_entry_attr(entry_attr, attr, l);
-         }
-     }
-     slapi_ch_free_string(&display_attrs);
--- 
-2.43.0
-

SOURCES/0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch

@@ -1,27 +0,0 @@
-From be7c2b82958e91ce08775bf6b5da3c311d3b00e5 Mon Sep 17 00:00:00 2001
-From: progier389 <progier@redhat.com>
-Date: Mon, 20 Feb 2023 16:14:05 +0100
-Subject: [PATCH 2/2] Issue 5647 - Fix unused variable warning from previous
- commit (#5670)
-
-* issue 5647 - memory leak in audit log when adding entries
-* Issue 5647 - Fix unused variable warning from previous commit
----
- ldap/servers/slapd/auditlog.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
-index 3128e0497..0597ecc6f 100644
---- a/ldap/servers/slapd/auditlog.c
-+++ b/ldap/servers/slapd/auditlog.c
-@@ -254,7 +254,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
-     } else {
-         /* Return all attributes */
-         for (; entry_attr; entry_attr = entry_attr->a_next) {
--            Slapi_Value **vals = attr_get_present_values(entry_attr);
-             char *attr = NULL;
- 
-             slapi_attr_get_type(entry_attr, &attr);
--- 
-2.43.0
-

SOURCES/0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch

@@ -1,147 +0,0 @@
-From 692c4cec6cc5c0086cf58f83bcfa690c766c9887 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Fri, 2 Feb 2024 14:14:28 +0100
-Subject: [PATCH] Issue 5407 - sync_repl crashes if enabled while dynamic
- plugin is enabled (#5411)
-
-Bug description:
-        When dynamic plugin is enabled, if a MOD enables sync_repl plugin
-        then sync_repl init function registers the postop callback
-        that will be called for the MOD itself while the preop
-        has not been called.
-        postop expects preop to be called and so primary operation
-        to be set. When it is not set it crashes
-
-Fix description:
-        If the primary operation is not set, just return
-
-relates: #5407
----
- .../suites/syncrepl_plugin/basic_test.py      | 68 +++++++++++++++++++
- ldap/servers/plugins/sync/sync_persist.c      | 23 ++++++-
- 2 files changed, 90 insertions(+), 1 deletion(-)
-
-diff --git a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
-index eb3770b78..cdf35eeaa 100644
---- a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
-+++ b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
-@@ -592,6 +592,74 @@ def test_sync_repl_cenotaph(topo_m2, request):
- 
-     request.addfinalizer(fin)
- 
-+def test_sync_repl_dynamic_plugin(topology, request):
-+    """Test sync_repl with dynamic plugin
-+
-+    :id: d4f84913-c18a-459f-8525-110f610ca9e6
-+    :setup: install a standalone instance
-+    :steps:
-+        1. reset instance to standard (no retroCL, no sync_repl, no dynamic plugin)
-+        2. Enable dynamic plugin
-+        3. Enable retroCL/content_sync
-+        4. Establish a sync_repl req
-+    :expectedresults:
-+        1. Should succeeds
-+        2. Should succeeds
-+        3. Should succeeds
-+        4. Should succeeds
-+    """
-+
-+    # Reset the instance in a default config
-+    # Disable content sync plugin
-+    topology.standalone.plugins.disable(name=PLUGIN_REPL_SYNC)
-+
-+    # Disable retro changelog
-+    topology.standalone.plugins.disable(name=PLUGIN_RETRO_CHANGELOG)
-+
-+    # Disable dynamic plugins
-+    topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'off')])
-+    topology.standalone.restart()
-+
-+    # Now start the test 
-+    # Enable dynamic plugins
-+    try:
-+        topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'on')])
-+    except ldap.LDAPError as e:
-+        log.error('Failed to enable dynamic plugin! {}'.format(e.args[0]['desc']))
-+        assert False
-+
-+    # Enable retro changelog
-+    topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
-+
-+    # Enbale content sync plugin
-+    topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC)
-+
-+    # create a sync repl client and wait 5 seconds to be sure it is running
-+    sync_repl = Sync_persist(topology.standalone)
-+    sync_repl.start()
-+    time.sleep(5)
-+
-+    # create users
-+    users = UserAccounts(topology.standalone, DEFAULT_SUFFIX)
-+    users_set = []
-+    for i in range(10001, 10004):
-+        users_set.append(users.create_test_user(uid=i))
-+
-+    time.sleep(10)
-+    # delete users, that automember/memberof will generate nested updates
-+    for user in users_set:
-+        user.delete()
-+    # stop the server to get the sync_repl result set (exit from while loop).
-+    # Only way I found to acheive that.
-+    # and wait a bit to let sync_repl thread time to set its result before fetching it.
-+    topology.standalone.stop()
-+    sync_repl.get_result()
-+    sync_repl.join()
-+    log.info('test_sync_repl_dynamic_plugin: PASS\n')
-+
-+    # Success
-+    log.info('Test complete')
-+
- def test_sync_repl_invalid_cookie(topology, request):
-     """Test sync_repl with invalid cookie
- 
-diff --git a/ldap/servers/plugins/sync/sync_persist.c b/ldap/servers/plugins/sync/sync_persist.c
-index d2210b64c..283607361 100644
---- a/ldap/servers/plugins/sync/sync_persist.c
-+++ b/ldap/servers/plugins/sync/sync_persist.c
-@@ -156,6 +156,17 @@ ignore_op_pl(Slapi_PBlock *pb)
-      * This is the same for ident
-      */
-     prim_op = get_thread_primary_op();
-+    if (prim_op == NULL) {
-+        /* This can happen if the PRE_OP (sync_update_persist_betxn_pre_op) was not called.
-+         * The only known case it happens is with dynamic plugin enabled and an
-+         * update that enable the sync_repl plugin. In such case sync_repl registers
-+         * the postop (sync_update_persist_op) that is called while the preop was not called
-+         */
-+        slapi_log_err(SLAPI_LOG_PLUGIN, SYNC_PLUGIN_SUBSYSTEM,
-+              "ignore_op_pl - Operation without primary op set (0x%lx)\n",
-+              (ulong) op);
-+        return;
-+    }
-     ident = sync_persist_get_operation_extension(pb);
- 
-     if (ident) {
-@@ -232,8 +243,18 @@ sync_update_persist_op(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eprev, ber
- 
- 
-     prim_op = get_thread_primary_op();
-+    if (prim_op == NULL) {
-+        /* This can happen if the PRE_OP (sync_update_persist_betxn_pre_op) was not called.
-+         * The only known case it happens is with dynamic plugin enabled and an
-+         * update that enable the sync_repl plugin. In such case sync_repl registers
-+         * the postop (sync_update_persist_op) that is called while the preop was not called
-+         */
-+        slapi_log_err(SLAPI_LOG_PLUGIN, SYNC_PLUGIN_SUBSYSTEM,
-+                      "sync_update_persist_op - Operation without primary op set (0x%lx)\n",
-+                      (ulong) pb_op);
-+        return;
-+    }
-     ident = sync_persist_get_operation_extension(pb);
--    PR_ASSERT(prim_op);
- 
-     if ((ident == NULL) && operation_is_flag_set(pb_op, OP_FLAG_NOOP)) {
-         /* This happens for URP (add cenotaph, fixup rename, tombstone resurrect)
--- 
-2.43.0
-

SOURCES/0004-Issue-5547-automember-plugin-improvements.patch

@@ -1,840 +0,0 @@
-From 8dc61a176323f0d41df730abd715ccff3034c2be Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Sun, 27 Nov 2022 09:37:19 -0500
-Subject: [PATCH] Issue 5547 - automember plugin improvements
-
-Description:
-
-Rebuild task has the following improvements:
-
-- Only one task allowed at a time
-- Do not cleanup previous members by default.  Add new CLI option to intentionally
-  cleanup memberships before rebuilding from scratch.
-- Add better task logging to show fixup progress
-
-To prevent automember from being called in a nested be_txn loop thread storage is
-used to check and skip these loops.
-
-relates: https://github.com/389ds/389-ds-base/issues/5547
-
-Reviewed by: spichugi(Thanks!)
----
- .../automember_plugin/automember_mod_test.py  |  43 +++-
- ldap/servers/plugins/automember/automember.c  | 232 ++++++++++++++----
- ldap/servers/slapd/back-ldbm/ldbm_add.c       |  11 +-
- ldap/servers/slapd/back-ldbm/ldbm_delete.c    |  10 +-
- ldap/servers/slapd/back-ldbm/ldbm_modify.c    |  11 +-
- .../lib389/cli_conf/plugins/automember.py     |  10 +-
- src/lib389/lib389/plugins.py                  |   7 +-
- src/lib389/lib389/tasks.py                    |   9 +-
- 8 files changed, 250 insertions(+), 83 deletions(-)
-
-diff --git a/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py b/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py
-index 8d25384bf..7a0ed3275 100644
---- a/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py
-+++ b/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py
-@@ -5,12 +5,13 @@
- # License: GPL (version 3 or any later version).
- # See LICENSE for details.
- # --- END COPYRIGHT BLOCK ---
--#
-+import ldap
- import logging
- import pytest
- import os
-+import time
- from lib389.utils import ds_is_older
--from lib389._constants import *
-+from lib389._constants import DEFAULT_SUFFIX
- from lib389.plugins import AutoMembershipPlugin, AutoMembershipDefinitions
- from lib389.idm.user import UserAccounts
- from lib389.idm.group import Groups
-@@ -41,6 +42,11 @@ def automember_fixture(topo, request):
-     user_accts = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
-     user = user_accts.create_test_user()
- 
-+    # Create extra users
-+    users = UserAccounts(topo.standalone, DEFAULT_SUFFIX)
-+    for i in range(0, 100):
-+        users.create_test_user(uid=i)
-+
-     # Create automember definitions and regex rules
-     automember_prop = {
-         'cn': 'testgroup_definition',
-@@ -59,7 +65,7 @@ def automember_fixture(topo, request):
-     automemberplugin.enable()
-     topo.standalone.restart()
- 
--    return (user, groups)
-+    return user, groups
- 
- 
- def test_mods(automember_fixture, topo):
-@@ -72,19 +78,21 @@ def test_mods(automember_fixture, topo):
-         2. Update user that should add it to group[1]
-         3. Update user that should add it to group[2]
-         4. Update user that should add it to group[0]
--        5. Test rebuild task correctly moves user to group[1]
-+        5. Test rebuild task adds user to group[1]
-+        6. Test rebuild task cleanups groups and only adds it to group[1]
-     :expectedresults:
-         1. Success
-         2. Success
-         3. Success
-         4. Success
-         5. Success
-+        6. Success
-     """
-     (user, groups) = automember_fixture
- 
-     # Update user which should go into group[0]
-     user.replace('cn', 'whatever')
--    groups[0].is_member(user.dn)
-+    assert groups[0].is_member(user.dn)
-     if groups[1].is_member(user.dn):
-         assert False
-     if groups[2].is_member(user.dn):
-@@ -92,7 +100,7 @@ def test_mods(automember_fixture, topo):
- 
-     # Update user0 which should go into group[1]
-     user.replace('cn', 'mark')
--    groups[1].is_member(user.dn)
-+    assert groups[1].is_member(user.dn)
-     if groups[0].is_member(user.dn):
-         assert False
-     if groups[2].is_member(user.dn):
-@@ -100,7 +108,7 @@ def test_mods(automember_fixture, topo):
- 
-     # Update user which should go into group[2]
-     user.replace('cn', 'simon')
--    groups[2].is_member(user.dn)
-+    assert groups[2].is_member(user.dn)
-     if groups[0].is_member(user.dn):
-         assert False
-     if groups[1].is_member(user.dn):
-@@ -108,7 +116,7 @@ def test_mods(automember_fixture, topo):
- 
-     # Update user which should go back into group[0] (full circle)
-     user.replace('cn', 'whatever')
--    groups[0].is_member(user.dn)
-+    assert groups[0].is_member(user.dn)
-     if groups[1].is_member(user.dn):
-         assert False
-     if groups[2].is_member(user.dn):
-@@ -128,12 +136,24 @@ def test_mods(automember_fixture, topo):
-     automemberplugin.enable()
-     topo.standalone.restart()
- 
--    # Run rebuild task
-+    # Run rebuild task (no cleanup)
-     task = automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=posixaccount")
-+    with pytest.raises(ldap.UNWILLING_TO_PERFORM):
-+        # test only one fixup task is allowed at a time
-+        automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=top")
-     task.wait()
- 
--    # Test membership
--    groups[1].is_member(user.dn)
-+    # Test membership (user should still be in groups[0])
-+    assert groups[1].is_member(user.dn)
-+    if not groups[0].is_member(user.dn):
-+        assert False
-+
-+    # Run rebuild task with cleanup
-+    task = automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=posixaccount", cleanup=True)
-+    task.wait()
-+
-+    # Test membership (user should only be in groups[1])
-+    assert groups[1].is_member(user.dn)
-     if groups[0].is_member(user.dn):
-         assert False
-     if groups[2].is_member(user.dn):
-@@ -148,4 +168,3 @@ if __name__ == '__main__':
-     # -s for DEBUG mode
-     CURRENT_FILE = os.path.realpath(__file__)
-     pytest.main(["-s", CURRENT_FILE])
--
-diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
-index 3494d0343..419adb052 100644
---- a/ldap/servers/plugins/automember/automember.c
-+++ b/ldap/servers/plugins/automember/automember.c
-@@ -1,5 +1,5 @@
- /** BEGIN COPYRIGHT BLOCK
-- * Copyright (C) 2011 Red Hat, Inc.
-+ * Copyright (C) 2022 Red Hat, Inc.
-  * All rights reserved.
-  *
-  * License: GPL (version 3 or any later version).
-@@ -14,7 +14,7 @@
-  * Auto Membership Plug-in
-  */
- #include "automember.h"
--
-+#include <pthread.h>
- 
- /*
-  * Plug-in globals
-@@ -22,7 +22,9 @@
- static PRCList *g_automember_config = NULL;
- static Slapi_RWLock *g_automember_config_lock = NULL;
- static uint64_t abort_rebuild_task = 0;
--
-+static pthread_key_t td_automem_block_nested;
-+static PRBool fixup_running = PR_FALSE;
-+static PRLock *fixup_lock = NULL;
- static void *_PluginID = NULL;
- static Slapi_DN *_PluginDN = NULL;
- static Slapi_DN *_ConfigAreaDN = NULL;
-@@ -93,9 +95,43 @@ static void automember_task_export_destructor(Slapi_Task *task);
- static void automember_task_map_destructor(Slapi_Task *task);
- 
- #define DEFAULT_FILE_MODE PR_IRUSR | PR_IWUSR
-+#define FIXUP_PROGRESS_LIMIT 1000
- static uint64_t plugin_do_modify = 0;
- static uint64_t plugin_is_betxn = 0;
- 
-+/* automember_plugin fixup task and add operations should block other be_txn
-+ * plugins from calling automember_post_op_mod() */
-+static int32_t
-+slapi_td_block_nested_post_op(void)
-+{
-+    int32_t val = 12345;
-+
-+    if (pthread_setspecific(td_automem_block_nested, (void *)&val) != 0) {
-+        return PR_FAILURE;
-+    }
-+    return PR_SUCCESS;
-+}
-+
-+static int32_t
-+slapi_td_unblock_nested_post_op(void)
-+{
-+    if (pthread_setspecific(td_automem_block_nested, NULL) != 0) {
-+        return PR_FAILURE;
-+    }
-+    return PR_SUCCESS;
-+}
-+
-+static int32_t
-+slapi_td_is_post_op_nested(void)
-+{
-+    int32_t *value = pthread_getspecific(td_automem_block_nested);
-+
-+    if (value == NULL) {
-+        return 0;
-+    }
-+    return 1;
-+}
-+
- /*
-  * Config cache locking functions
-  */
-@@ -317,6 +353,14 @@ automember_start(Slapi_PBlock *pb)
-         return -1;
-     }
- 
-+    if (fixup_lock == NULL) {
-+        if ((fixup_lock = PR_NewLock()) == NULL) {
-+            slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+                          "automember_start - Failed to create fixup lock.\n");
-+            return -1;
-+        }
-+    }
-+
-     /*
-      * Get the plug-in target dn from the system
-      * and store it for future use. */
-@@ -360,6 +404,11 @@ automember_start(Slapi_PBlock *pb)
-         }
-     }
- 
-+    if (pthread_key_create(&td_automem_block_nested, NULL) != 0) {
-+        slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+                      "automember_start - pthread_key_create failed\n");
-+    }
-+
-     slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                   "automember_start - ready for service\n");
-     slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-@@ -394,6 +443,8 @@ automember_close(Slapi_PBlock *pb __attribute__((unused)))
-     slapi_sdn_free(&_ConfigAreaDN);
-     slapi_destroy_rwlock(g_automember_config_lock);
-     g_automember_config_lock = NULL;
-+    PR_DestroyLock(fixup_lock);
-+    fixup_lock = NULL;
- 
-     slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                   "<-- automember_close\n");
-@@ -1619,7 +1670,6 @@ out:
-     return rc;
- }
- 
--
- /*
-  * automember_update_member_value()
-  *
-@@ -1634,7 +1684,7 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char
-     LDAPMod *mods[2];
-     char *vals[2];
-     char *member_value = NULL;
--    int rc = 0;
-+    int rc = LDAP_SUCCESS;
-     Slapi_DN *group_sdn;
- 
-     /* First thing check that the group still exists */
-@@ -1653,7 +1703,7 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char
-                       "automember_update_member_value - group (default or target) can not be retrieved (%s) err=%d\n",
-                       group_dn, rc);
-         }
--        return rc;
-+        goto out;
-     }
- 
-     /* If grouping_value is dn, we need to fetch the dn instead. */
-@@ -1879,6 +1929,13 @@ automember_mod_post_op(Slapi_PBlock *pb)
-     PRCList *list = NULL;
-     int rc = SLAPI_PLUGIN_SUCCESS;
- 
-+    if (slapi_td_is_post_op_nested()) {
-+        /* don't process op twice in the same thread */
-+        return rc;
-+    } else {
-+        slapi_td_block_nested_post_op();
-+    }
-+
-     slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                   "--> automember_mod_post_op\n");
- 
-@@ -2005,6 +2062,7 @@ automember_mod_post_op(Slapi_PBlock *pb)
-             }
-         }
-     }
-+    slapi_td_unblock_nested_post_op();
- 
-     slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                   "<-- automember_mod_post_op (%d)\n", rc);
-@@ -2024,6 +2082,13 @@ automember_add_post_op(Slapi_PBlock *pb)
-     slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                   "--> automember_add_post_op\n");
- 
-+    if (slapi_td_is_post_op_nested()) {
-+        /* don't process op twice in the same thread */
-+        return rc;
-+    } else {
-+        slapi_td_block_nested_post_op();
-+    }
-+
-     /* Reload config if a config entry was added. */
-     if ((sdn = automember_get_sdn(pb))) {
-         if (automember_dn_is_config(sdn)) {
-@@ -2039,7 +2104,7 @@ automember_add_post_op(Slapi_PBlock *pb)
- 
-     /* If replication, just bail. */
-     if (automember_isrepl(pb)) {
--        return SLAPI_PLUGIN_SUCCESS;
-+        goto bail;
-     }
- 
-     /* Get the newly added entry. */
-@@ -2052,7 +2117,7 @@ automember_add_post_op(Slapi_PBlock *pb)
-                                                              tombstone);
-         slapi_value_free(&tombstone);
-         if (is_tombstone) {
--            return SLAPI_PLUGIN_SUCCESS;
-+            goto bail;
-         }
- 
-         /* Check if a config entry applies
-@@ -2063,21 +2128,19 @@ automember_add_post_op(Slapi_PBlock *pb)
-             list = PR_LIST_HEAD(g_automember_config);
-             while (list != g_automember_config) {
-                 config = (struct configEntry *)list;
--
-                 /* Does the entry meet scope and filter requirements? */
-                 if (slapi_dn_issuffix(slapi_sdn_get_dn(sdn), config->scope) &&
--                    (slapi_filter_test_simple(e, config->filter) == 0)) {
-+                    (slapi_filter_test_simple(e, config->filter) == 0))
-+                {
-                     /* Find out what membership changes are needed and make them. */
-                     if (automember_update_membership(config, e, NULL) == SLAPI_PLUGIN_FAILURE) {
-                         rc = SLAPI_PLUGIN_FAILURE;
-                         break;
-                     }
-                 }
--
-                 list = PR_NEXT_LINK(list);
-             }
-         }
--
-         automember_config_unlock();
-     } else {
-         slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-@@ -2098,6 +2161,7 @@ bail:
-         slapi_pblock_set(pb, SLAPI_RESULT_CODE, &result);
-         slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, &errtxt);
-     }
-+    slapi_td_unblock_nested_post_op();
- 
-     return rc;
- }
-@@ -2138,6 +2202,7 @@ typedef struct _task_data
-     Slapi_DN *base_dn;
-     char *bind_dn;
-     int scope;
-+    PRBool cleanup;
- } task_data;
- 
- static void
-@@ -2270,6 +2335,7 @@ automember_task_abort_thread(void *arg)
-  *    basedn: dc=example,dc=com
-  *    filter: (uid=*)
-  *    scope: sub
-+ *    cleanup: yes/on  (default is off)
-  *
-  *    basedn and filter are required. If scope is omitted, the default is sub
-  */
-@@ -2284,9 +2350,22 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr
-     const char *base_dn;
-     const char *filter;
-     const char *scope;
-+    const char *cleanup_str;
-+    PRBool cleanup = PR_FALSE;
- 
-     *returncode = LDAP_SUCCESS;
- 
-+    PR_Lock(fixup_lock);
-+    if (fixup_running) {
-+        PR_Unlock(fixup_lock);
-+        *returncode = LDAP_UNWILLING_TO_PERFORM;
-+        slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+                "automember_task_add - there is already a fixup task running\n");
-+        rv = SLAPI_DSE_CALLBACK_ERROR;
-+        goto out;
-+    }
-+    PR_Unlock(fixup_lock);
-+
-     /*
-      *  Grab the task params
-      */
-@@ -2300,6 +2379,12 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr
-         rv = SLAPI_DSE_CALLBACK_ERROR;
-         goto out;
-     }
-+    if ((cleanup_str = slapi_entry_attr_get_ref(e, "cleanup"))) {
-+        if (strcasecmp(cleanup_str, "yes") == 0 || strcasecmp(cleanup_str, "on")) {
-+            cleanup = PR_TRUE;
-+        }
-+    }
-+
-     scope = slapi_fetch_attr(e, "scope", "sub");
-     /*
-      *  setup our task data
-@@ -2315,6 +2400,7 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr
-     mytaskdata->bind_dn = slapi_ch_strdup(bind_dn);
-     mytaskdata->base_dn = slapi_sdn_new_dn_byval(base_dn);
-     mytaskdata->filter_str = slapi_ch_strdup(filter);
-+    mytaskdata->cleanup = cleanup;
- 
-     if (scope) {
-         if (strcasecmp(scope, "sub") == 0) {
-@@ -2334,6 +2420,9 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr
-     task = slapi_plugin_new_task(slapi_entry_get_ndn(e), arg);
-     slapi_task_set_destructor_fn(task, automember_task_destructor);
-     slapi_task_set_data(task, mytaskdata);
-+    PR_Lock(fixup_lock);
-+    fixup_running = PR_TRUE;
-+    PR_Unlock(fixup_lock);
-     /*
-      *  Start the task as a separate thread
-      */
-@@ -2345,6 +2434,9 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr
-                       "automember_task_add - Unable to create task thread!\n");
-         *returncode = LDAP_OPERATIONS_ERROR;
-         slapi_task_finish(task, *returncode);
-+        PR_Lock(fixup_lock);
-+        fixup_running = PR_FALSE;
-+        PR_Unlock(fixup_lock);
-         rv = SLAPI_DSE_CALLBACK_ERROR;
-     } else {
-         rv = SLAPI_DSE_CALLBACK_OK;
-@@ -2372,6 +2464,9 @@ automember_rebuild_task_thread(void *arg)
-     PRCList *list = NULL;
-     PRCList *include_list = NULL;
-     int result = 0;
-+    int64_t fixup_progress_count = 0;
-+    int64_t fixup_progress_elapsed = 0;
-+    int64_t fixup_start_time = 0;
-     size_t i = 0;
- 
-     /* Reset abort flag */
-@@ -2380,6 +2475,7 @@ automember_rebuild_task_thread(void *arg)
-     if (!task) {
-         return; /* no task */
-     }
-+
-     slapi_task_inc_refcount(task);
-     slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                   "automember_rebuild_task_thread - Refcount incremented.\n");
-@@ -2393,9 +2489,11 @@ automember_rebuild_task_thread(void *arg)
-     slapi_task_log_status(task, "Automember rebuild task starting (base dn: (%s) filter (%s)...",
-                           slapi_sdn_get_dn(td->base_dn), td->filter_str);
-     /*
--     *  Set the bind dn in the local thread data
-+     *  Set the bind dn in the local thread data, and block post op mods
-      */
-     slapi_td_set_dn(slapi_ch_strdup(td->bind_dn));
-+    slapi_td_block_nested_post_op();
-+    fixup_start_time = slapi_current_rel_time_t();
-     /*
-      *  Take the config lock now and search the database
-      */
-@@ -2426,6 +2524,21 @@ automember_rebuild_task_thread(void *arg)
-      * Loop over the entries
-      */
-     for (i = 0; entries && (entries[i] != NULL); i++) {
-+        fixup_progress_count++;
-+        if (fixup_progress_count % FIXUP_PROGRESS_LIMIT == 0 ) {
-+            slapi_task_log_notice(task,
-+                                  "Processed %ld entries in %ld seconds (+%ld seconds)",
-+                                  fixup_progress_count,
-+                                  slapi_current_rel_time_t() - fixup_start_time,
-+                                  slapi_current_rel_time_t() - fixup_progress_elapsed);
-+            slapi_task_log_status(task,
-+                                  "Processed %ld entries in %ld seconds (+%ld seconds)",
-+                                  fixup_progress_count,
-+                                  slapi_current_rel_time_t() - fixup_start_time,
-+                                  slapi_current_rel_time_t() - fixup_progress_elapsed);
-+            slapi_task_inc_progress(task);
-+            fixup_progress_elapsed = slapi_current_rel_time_t();
-+        }
-         if (slapi_atomic_load_64(&abort_rebuild_task, __ATOMIC_ACQUIRE) == 1) {
-             /* The task was aborted */
-             slapi_task_log_notice(task, "Automember rebuild task was intentionally aborted");
-@@ -2443,48 +2556,66 @@ automember_rebuild_task_thread(void *arg)
-                 if (slapi_dn_issuffix(slapi_entry_get_dn(entries[i]), config->scope) &&
-                     (slapi_filter_test_simple(entries[i], config->filter) == 0))
-                 {
--                    /* First clear out all the defaults groups */
--                    for (size_t ii = 0; config->default_groups && config->default_groups[ii]; ii++) {
--                        if ((result = automember_update_member_value(entries[i], config->default_groups[ii],
--                                config->grouping_attr, config->grouping_value, NULL, DEL_MEMBER)))
--                        {
--                            slapi_task_log_notice(task, "Automember rebuild membership task unable to delete "
--                                                        "member from default group (%s) error (%d)",
--                                                        config->default_groups[ii], result);
--                            slapi_task_log_status(task, "Automember rebuild membership task unable to delete "
--                                                        "member from default group (%s) error (%d)",
--                                                        config->default_groups[ii], result);
--                            slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
--                                          "automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n",
--                                          config->default_groups[ii], result);
--                            goto out;
--                        }
--                    }
--
--                    /* Then clear out the non-default group */
--                    if (config->inclusive_rules && !PR_CLIST_IS_EMPTY((PRCList *)config->inclusive_rules)) {
--                        include_list = PR_LIST_HEAD((PRCList *)config->inclusive_rules);
--                        while (include_list != (PRCList *)config->inclusive_rules) {
--                            struct automemberRegexRule *curr_rule = (struct automemberRegexRule *)include_list;
--                            if ((result = automember_update_member_value(entries[i], slapi_sdn_get_dn(curr_rule->target_group_dn),
--                                    config->grouping_attr, config->grouping_value, NULL, DEL_MEMBER)))
-+                    if (td->cleanup) {
-+
-+                        slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+                                      "automember_rebuild_task_thread - Cleaning up groups (config %s)\n",
-+                                      config->dn);
-+                        /* First clear out all the defaults groups */
-+                        for (size_t ii = 0; config->default_groups && config->default_groups[ii]; ii++) {
-+                            if ((result = automember_update_member_value(entries[i],
-+                                                                         config->default_groups[ii],
-+                                                                         config->grouping_attr,
-+                                                                         config->grouping_value,
-+                                                                         NULL, DEL_MEMBER)))
-                             {
-                                 slapi_task_log_notice(task, "Automember rebuild membership task unable to delete "
--                                                            "member from group (%s) error (%d)",
--                                                            slapi_sdn_get_dn(curr_rule->target_group_dn), result);
-+                                                      "member from default group (%s) error (%d)",
-+                                                      config->default_groups[ii], result);
-                                 slapi_task_log_status(task, "Automember rebuild membership task unable to delete "
--                                                            "member from group (%s) error (%d)",
--                                                            slapi_sdn_get_dn(curr_rule->target_group_dn), result);
-+                                                      "member from default group (%s) error (%d)",
-+                                                      config->default_groups[ii], result);
-                                 slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-                                               "automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n",
--                                              slapi_sdn_get_dn(curr_rule->target_group_dn), result);
-+                                              config->default_groups[ii], result);
-                                 goto out;
-                             }
--                            include_list = PR_NEXT_LINK(include_list);
-                         }
-+
-+                        /* Then clear out the non-default group */
-+                        if (config->inclusive_rules && !PR_CLIST_IS_EMPTY((PRCList *)config->inclusive_rules)) {
-+                            include_list = PR_LIST_HEAD((PRCList *)config->inclusive_rules);
-+                            while (include_list != (PRCList *)config->inclusive_rules) {
-+                                struct automemberRegexRule *curr_rule = (struct automemberRegexRule *)include_list;
-+                                if ((result = automember_update_member_value(entries[i],
-+                                                                             slapi_sdn_get_dn(curr_rule->target_group_dn),
-+                                                                             config->grouping_attr,
-+                                                                             config->grouping_value,
-+                                                                             NULL, DEL_MEMBER)))
-+                                {
-+                                    slapi_task_log_notice(task, "Automember rebuild membership task unable to delete "
-+                                                          "member from group (%s) error (%d)",
-+                                                          slapi_sdn_get_dn(curr_rule->target_group_dn), result);
-+                                    slapi_task_log_status(task, "Automember rebuild membership task unable to delete "
-+                                                          "member from group (%s) error (%d)",
-+                                                          slapi_sdn_get_dn(curr_rule->target_group_dn), result);
-+                                    slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+                                                  "automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n",
-+                                                  slapi_sdn_get_dn(curr_rule->target_group_dn), result);
-+                                    goto out;
-+                                }
-+                                include_list = PR_NEXT_LINK(include_list);
-+                            }
-+                        }
-+                        slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+                                      "automember_rebuild_task_thread - Finished cleaning up groups (config %s)\n",
-+                                      config->dn);
-                     }
- 
-                     /* Update the memberships for this entries */
-+                    slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+                                  "automember_rebuild_task_thread - Updating membership (config %s)\n",
-+                                  config->dn);
-                     if (slapi_is_shutting_down() ||
-                         automember_update_membership(config, entries[i], NULL) == SLAPI_PLUGIN_FAILURE)
-                     {
-@@ -2508,15 +2639,22 @@ out:
-         slapi_task_log_notice(task, "Automember rebuild task aborted.  Error (%d)", result);
-         slapi_task_log_status(task, "Automember rebuild task aborted.  Error (%d)", result);
-     } else {
--        slapi_task_log_notice(task, "Automember rebuild task finished. Processed (%d) entries.", (int32_t)i);
--        slapi_task_log_status(task, "Automember rebuild task finished. Processed (%d) entries.", (int32_t)i);
-+        slapi_task_log_notice(task, "Automember rebuild task finished. Processed (%ld) entries in %ld seconds",
-+                (int64_t)i, slapi_current_rel_time_t() - fixup_start_time);
-+        slapi_task_log_status(task, "Automember rebuild task finished. Processed (%ld) entries in %ld seconds",
-+                (int64_t)i, slapi_current_rel_time_t() - fixup_start_time);
-     }
-     slapi_task_inc_progress(task);
-     slapi_task_finish(task, result);
-     slapi_task_dec_refcount(task);
-     slapi_atomic_store_64(&abort_rebuild_task, 0, __ATOMIC_RELEASE);
-+    slapi_td_unblock_nested_post_op();
-+    PR_Lock(fixup_lock);
-+    fixup_running = PR_FALSE;
-+    PR_Unlock(fixup_lock);
-+
-     slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
--                  "automember_rebuild_task_thread - Refcount decremented.\n");
-+                  "automember_rebuild_task_thread - task finished, refcount decremented.\n");
- }
- 
- /*
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
-index ba2d73a84..ce4c314a1 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
-@@ -1,6 +1,6 @@
- /** BEGIN COPYRIGHT BLOCK
-  * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-- * Copyright (C) 2005 Red Hat, Inc.
-+ * Copyright (C) 2022 Red Hat, Inc.
-  * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
-  * All rights reserved.
-  *
-@@ -1264,10 +1264,6 @@ ldbm_back_add(Slapi_PBlock *pb)
-     goto common_return;
- 
- error_return:
--    /* Revert the caches if this is the parent operation */
--    if (parent_op && betxn_callback_fails) {
--        revert_cache(inst, &parent_time);
--    }
-     if (addingentry_id_assigned) {
-         next_id_return(be, addingentry->ep_id);
-     }
-@@ -1376,6 +1372,11 @@ diskfull_return:
-         if (!not_an_error) {
-             rc = SLAPI_FAIL_GENERAL;
-         }
-+
-+        /* Revert the caches if this is the parent operation */
-+        if (parent_op && betxn_callback_fails) {
-+            revert_cache(inst, &parent_time);
-+        }
-     }
- 
- common_return:
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-index de23190c3..27f0ac58a 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-@@ -1407,11 +1407,6 @@ commit_return:
-     goto common_return;
- 
- error_return:
--    /* Revert the caches if this is the parent operation */
--    if (parent_op && betxn_callback_fails) {
--        revert_cache(inst, &parent_time);
--    }
--
-     if (tombstone) {
-         if (cache_is_in_cache(&inst->inst_cache, tombstone)) {
-             tomb_ep_id = tombstone->ep_id; /* Otherwise, tombstone might have been freed. */
-@@ -1496,6 +1491,11 @@ error_return:
-                       conn_id, op_id, parent_modify_c.old_entry, parent_modify_c.new_entry, myrc);
-     }
- 
-+    /* Revert the caches if this is the parent operation */
-+    if (parent_op && betxn_callback_fails) {
-+        revert_cache(inst, &parent_time);
-+    }
-+
- common_return:
-     if (orig_entry) {
-         /* NOTE: #define SLAPI_DELETE_BEPREOP_ENTRY SLAPI_ENTRY_PRE_OP */
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-index 537369055..64b293001 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-@@ -1,6 +1,6 @@
- /** BEGIN COPYRIGHT BLOCK
-  * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-- * Copyright (C) 2005 Red Hat, Inc.
-+ * Copyright (C) 2022 Red Hat, Inc.
-  * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
-  * All rights reserved.
-  *
-@@ -1043,11 +1043,6 @@ ldbm_back_modify(Slapi_PBlock *pb)
-     goto common_return;
- 
- error_return:
--    /* Revert the caches if this is the parent operation */
--    if (parent_op && betxn_callback_fails) {
--        revert_cache(inst, &parent_time);
--    }
--
-     if (postentry != NULL) {
-         slapi_entry_free(postentry);
-         postentry = NULL;
-@@ -1103,6 +1098,10 @@ error_return:
-         if (!not_an_error) {
-             rc = SLAPI_FAIL_GENERAL;
-         }
-+        /* Revert the caches if this is the parent operation */
-+        if (parent_op && betxn_callback_fails) {
-+            revert_cache(inst, &parent_time);
-+        }
-     }
- 
-     /* if ec is in cache, remove it, then add back e if we still have it */
-diff --git a/src/lib389/lib389/cli_conf/plugins/automember.py b/src/lib389/lib389/cli_conf/plugins/automember.py
-index 15b00c633..568586ad8 100644
---- a/src/lib389/lib389/cli_conf/plugins/automember.py
-+++ b/src/lib389/lib389/cli_conf/plugins/automember.py
-@@ -155,7 +155,7 @@ def fixup(inst, basedn, log, args):
-     log.info('Attempting to add task entry... This will fail if Automembership plug-in is not enabled.')
-     if not plugin.status():
-         log.error("'%s' is disabled. Rebuild membership task can't be executed" % plugin.rdn)
--    fixup_task = plugin.fixup(args.DN, args.filter)
-+    fixup_task = plugin.fixup(args.DN, args.filter, args.cleanup)
-     if args.wait:
-         log.info(f'Waiting for fixup task "{fixup_task.dn}" to complete.  You can safely exit by pressing Control C ...')
-         fixup_task.wait(timeout=args.timeout)
-@@ -225,8 +225,8 @@ def create_parser(subparsers):
-     subcommands = automember.add_subparsers(help='action')
-     add_generic_plugin_parsers(subcommands, AutoMembershipPlugin)
- 
--    list = subcommands.add_parser('list', help='List Automembership definitions or regex rules.')
--    subcommands_list = list.add_subparsers(help='action')
-+    automember_list = subcommands.add_parser('list', help='List Automembership definitions or regex rules.')
-+    subcommands_list = automember_list.add_subparsers(help='action')
-     list_definitions = subcommands_list.add_parser('definitions', help='Lists Automembership definitions.')
-     list_definitions.set_defaults(func=definition_list)
-     list_regexes = subcommands_list.add_parser('regexes', help='List Automembership regex rules.')
-@@ -269,6 +269,8 @@ def create_parser(subparsers):
-     fixup_task.add_argument('-f', '--filter', required=True, help='Sets the LDAP filter for entries to fix up')
-     fixup_task.add_argument('-s', '--scope', required=True, choices=['sub', 'base', 'one'], type=str.lower,
-                             help='Sets the LDAP search scope for entries to fix up')
-+    fixup_task.add_argument('--cleanup', action='store_true',
-+                            help="Clean up previous group memberships before rebuilding")
-     fixup_task.add_argument('--wait', action='store_true',
-                             help="Wait for the task to finish, this could take a long time")
-     fixup_task.add_argument('--timeout', default=0, type=int,
-@@ -279,7 +281,7 @@ def create_parser(subparsers):
-     fixup_status.add_argument('--dn', help="The task entry's DN")
-     fixup_status.add_argument('--show-log', action='store_true', help="Display the task log")
-     fixup_status.add_argument('--watch', action='store_true',
--                       help="Watch the task's status and wait for it to finish")
-+                              help="Watch the task's status and wait for it to finish")
- 
-     abort_fixup = subcommands.add_parser('abort-fixup', help='Abort the rebuild membership task.')
-     abort_fixup.set_defaults(func=abort)
-diff --git a/src/lib389/lib389/plugins.py b/src/lib389/lib389/plugins.py
-index 52691a44c..a1ad0a45b 100644
---- a/src/lib389/lib389/plugins.py
-+++ b/src/lib389/lib389/plugins.py
-@@ -1141,13 +1141,15 @@ class AutoMembershipPlugin(Plugin):
-     def __init__(self, instance, dn="cn=Auto Membership Plugin,cn=plugins,cn=config"):
-         super(AutoMembershipPlugin, self).__init__(instance, dn)
- 
--    def fixup(self, basedn, _filter=None):
-+    def fixup(self, basedn, _filter=None, cleanup=False):
-         """Create an automember rebuild membership task
- 
-         :param basedn: Basedn to fix up
-         :type basedn: str
-         :param _filter: a filter for entries to fix up
-         :type _filter: str
-+        :param cleanup: cleanup old group memberships
-+        :type cleanup: boolean
- 
-         :returns: an instance of Task(DSLdapObject)
-         """
-@@ -1156,6 +1158,9 @@ class AutoMembershipPlugin(Plugin):
-         task_properties = {'basedn': basedn}
-         if _filter is not None:
-             task_properties['filter'] = _filter
-+        if cleanup:
-+            task_properties['cleanup'] = "yes"
-+
-         task.create(properties=task_properties)
- 
-         return task
-diff --git a/src/lib389/lib389/tasks.py b/src/lib389/lib389/tasks.py
-index 1a16bbb83..193805780 100644
---- a/src/lib389/lib389/tasks.py
-+++ b/src/lib389/lib389/tasks.py
-@@ -1006,12 +1006,13 @@ class Tasks(object):
-         return exitCode
- 
-     def automemberRebuild(self, suffix=DEFAULT_SUFFIX, scope='sub',
--                          filterstr='objectclass=top', args=None):
-+                          filterstr='objectclass=top', cleanup=False, args=None):
-         '''
--        @param suffix - The suffix the task should examine - defualt is
-+        @param suffix - The suffix the task should examine - default is
-                         "dc=example,dc=com"
-         @param scope - The scope of the search to find entries
--        @param fitlerstr - THe search filter to find entries
-+        @param fitlerstr - The search filter to find entries
-+        @param cleanup - reset/clear the old group mmeberships prior to rebuilding
-         @param args - is a dictionary that contains modifier of the task
-                 wait: True/[False] - If True,  waits for the completion of
-                                      the task before to return
-@@ -1027,6 +1028,8 @@ class Tasks(object):
-         entry.setValues('basedn', suffix)
-         entry.setValues('filter', filterstr)
-         entry.setValues('scope', scope)
-+        if cleanup:
-+            entry.setValues('cleanup', 'yes')
- 
-         # start the task and possibly wait for task completion
-         try:
--- 
-2.43.0
-

SOURCES/Cargo-1.4.3.39-1.lock

@@ -1,933 +0,0 @@
-# This file is automatically @generated by Cargo.
-# It is not intended for manual editing.
-version = 3
-
-[[package]]
-name = "addr2line"
-version = "0.21.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb"
-dependencies = [
- "gimli",
-]
-
-[[package]]
-name = "adler"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
-
-[[package]]
-name = "ahash"
-version = "0.7.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a824f2aa7e75a0c98c5a504fceb80649e9c35265d44525b5f94de4771a395cd"
-dependencies = [
- "getrandom",
- "once_cell",
- "version_check",
-]
-
-[[package]]
-name = "ansi_term"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
-dependencies = [
- "winapi",
-]
-
-[[package]]
-name = "atty"
-version = "0.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
-dependencies = [
- "hermit-abi",
- "libc",
- "winapi",
-]
-
-[[package]]
-name = "autocfg"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
-
-[[package]]
-name = "backtrace"
-version = "0.3.69"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837"
-dependencies = [
- "addr2line",
- "cc",
- "cfg-if",
- "libc",
- "miniz_oxide",
- "object",
- "rustc-demangle",
-]
-
-[[package]]
-name = "base64"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
-
-[[package]]
-name = "bitflags"
-version = "1.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
-
-[[package]]
-name = "bitflags"
-version = "2.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"
-
-[[package]]
-name = "byteorder"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
-
-[[package]]
-name = "cbindgen"
-version = "0.9.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9daec6140ab4dcd38c3dd57e580b59a621172a526ac79f1527af760a55afeafd"
-dependencies = [
- "clap",
- "log",
- "proc-macro2",
- "quote",
- "serde",
- "serde_json",
- "syn 1.0.109",
- "tempfile",
- "toml",
-]
-
-[[package]]
-name = "cc"
-version = "1.0.83"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0"
-dependencies = [
- "jobserver",
- "libc",
-]
-
-[[package]]
-name = "cfg-if"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-
-[[package]]
-name = "clap"
-version = "2.34.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
-dependencies = [
- "ansi_term",
- "atty",
- "bitflags 1.3.2",
- "strsim",
- "textwrap",
- "unicode-width",
- "vec_map",
-]
-
-[[package]]
-name = "concread"
-version = "0.2.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcc9816f5ac93ebd51c37f7f9a6bf2b40dfcd42978ad2aea5d542016e9244cf6"
-dependencies = [
- "ahash",
- "crossbeam",
- "crossbeam-epoch",
- "crossbeam-utils",
- "lru",
- "parking_lot",
- "rand",
- "smallvec",
- "tokio",
-]
-
-[[package]]
-name = "crossbeam"
-version = "0.8.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1137cd7e7fc0fb5d3c5a8678be38ec56e819125d8d7907411fe24ccb943faca8"
-dependencies = [
- "crossbeam-channel",
- "crossbeam-deque",
- "crossbeam-epoch",
- "crossbeam-queue",
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-channel"
-version = "0.5.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "176dc175b78f56c0f321911d9c8eb2b77a78a4860b9c19db83835fea1a46649b"
-dependencies = [
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-deque"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d"
-dependencies = [
- "crossbeam-epoch",
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-epoch"
-version = "0.9.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
-dependencies = [
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-queue"
-version = "0.3.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df0346b5d5e76ac2fe4e327c5fd1118d6be7c51dfb18f9b7922923f287471e35"
-dependencies = [
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-utils"
-version = "0.8.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345"
-
-[[package]]
-name = "entryuuid"
-version = "0.1.0"
-dependencies = [
- "cc",
- "libc",
- "paste",
- "slapi_r_plugin",
- "uuid",
-]
-
-[[package]]
-name = "entryuuid_syntax"
-version = "0.1.0"
-dependencies = [
- "cc",
- "libc",
- "paste",
- "slapi_r_plugin",
- "uuid",
-]
-
-[[package]]
-name = "errno"
-version = "0.3.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245"
-dependencies = [
- "libc",
- "windows-sys",
-]
-
-[[package]]
-name = "fastrand"
-version = "2.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5"
-
-[[package]]
-name = "fernet"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93804560e638370a8be6d59ce71ed803e55e230abdbf42598e666b41adda9b1f"
-dependencies = [
- "base64",
- "byteorder",
- "getrandom",
- "openssl",
- "zeroize",
-]
-
-[[package]]
-name = "foreign-types"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
-dependencies = [
- "foreign-types-shared",
-]
-
-[[package]]
-name = "foreign-types-shared"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
-
-[[package]]
-name = "getrandom"
-version = "0.2.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi",
-]
-
-[[package]]
-name = "gimli"
-version = "0.28.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
-
-[[package]]
-name = "hashbrown"
-version = "0.12.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
-dependencies = [
- "ahash",
-]
-
-[[package]]
-name = "hermit-abi"
-version = "0.1.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "instant"
-version = "0.1.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c"
-dependencies = [
- "cfg-if",
-]
-
-[[package]]
-name = "itoa"
-version = "1.0.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c"
-
-[[package]]
-name = "jobserver"
-version = "0.1.27"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c37f63953c4c63420ed5fd3d6d398c719489b9f872b9fa683262f8edd363c7d"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "libc"
-version = "0.2.152"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7"
-
-[[package]]
-name = "librnsslapd"
-version = "0.1.0"
-dependencies = [
- "cbindgen",
- "libc",
- "slapd",
-]
-
-[[package]]
-name = "librslapd"
-version = "0.1.0"
-dependencies = [
- "cbindgen",
- "concread",
- "libc",
- "slapd",
-]
-
-[[package]]
-name = "linux-raw-sys"
-version = "0.4.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456"
-
-[[package]]
-name = "lock_api"
-version = "0.4.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45"
-dependencies = [
- "autocfg",
- "scopeguard",
-]
-
-[[package]]
-name = "log"
-version = "0.4.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
-
-[[package]]
-name = "lru"
-version = "0.7.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e999beba7b6e8345721bd280141ed958096a2e4abdf74f67ff4ce49b4b54e47a"
-dependencies = [
- "hashbrown",
-]
-
-[[package]]
-name = "memchr"
-version = "2.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149"
-
-[[package]]
-name = "miniz_oxide"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
-dependencies = [
- "adler",
-]
-
-[[package]]
-name = "object"
-version = "0.32.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441"
-dependencies = [
- "memchr",
-]
-
-[[package]]
-name = "once_cell"
-version = "1.19.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
-
-[[package]]
-name = "openssl"
-version = "0.10.62"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671"
-dependencies = [
- "bitflags 2.4.1",
- "cfg-if",
- "foreign-types",
- "libc",
- "once_cell",
- "openssl-macros",
- "openssl-sys",
-]
-
-[[package]]
-name = "openssl-macros"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.48",
-]
-
-[[package]]
-name = "openssl-sys"
-version = "0.9.98"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7"
-dependencies = [
- "cc",
- "libc",
- "pkg-config",
- "vcpkg",
-]
-
-[[package]]
-name = "parking_lot"
-version = "0.11.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99"
-dependencies = [
- "instant",
- "lock_api",
- "parking_lot_core",
-]
-
-[[package]]
-name = "parking_lot_core"
-version = "0.8.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "60a2cfe6f0ad2bfc16aefa463b497d5c7a5ecd44a23efa72aa342d90177356dc"
-dependencies = [
- "cfg-if",
- "instant",
- "libc",
- "redox_syscall 0.2.16",
- "smallvec",
- "winapi",
-]
-
-[[package]]
-name = "paste"
-version = "0.1.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880"
-dependencies = [
- "paste-impl",
- "proc-macro-hack",
-]
-
-[[package]]
-name = "paste-impl"
-version = "0.1.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6"
-dependencies = [
- "proc-macro-hack",
-]
-
-[[package]]
-name = "pin-project-lite"
-version = "0.2.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58"
-
-[[package]]
-name = "pkg-config"
-version = "0.3.28"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69d3587f8a9e599cc7ec2c00e331f71c4e69a5f9a4b8a6efd5b07466b9736f9a"
-
-[[package]]
-name = "ppv-lite86"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
-
-[[package]]
-name = "proc-macro-hack"
-version = "0.5.20+deprecated"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068"
-
-[[package]]
-name = "proc-macro2"
-version = "1.0.76"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95fc56cda0b5c3325f5fbbd7ff9fda9e02bb00bb3dac51252d2f1bfa1cb8cc8c"
-dependencies = [
- "unicode-ident",
-]
-
-[[package]]
-name = "pwdchan"
-version = "0.1.0"
-dependencies = [
- "base64",
- "cc",
- "libc",
- "openssl",
- "paste",
- "slapi_r_plugin",
- "uuid",
-]
-
-[[package]]
-name = "quote"
-version = "1.0.35"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef"
-dependencies = [
- "proc-macro2",
-]
-
-[[package]]
-name = "rand"
-version = "0.8.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
-dependencies = [
- "libc",
- "rand_chacha",
- "rand_core",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
-dependencies = [
- "ppv-lite86",
- "rand_core",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
-dependencies = [
- "getrandom",
-]
-
-[[package]]
-name = "redox_syscall"
-version = "0.2.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
-dependencies = [
- "bitflags 1.3.2",
-]
-
-[[package]]
-name = "redox_syscall"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
-dependencies = [
- "bitflags 1.3.2",
-]
-
-[[package]]
-name = "rsds"
-version = "0.1.0"
-
-[[package]]
-name = "rustc-demangle"
-version = "0.1.23"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
-
-[[package]]
-name = "rustix"
-version = "0.38.30"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca"
-dependencies = [
- "bitflags 2.4.1",
- "errno",
- "libc",
- "linux-raw-sys",
- "windows-sys",
-]
-
-[[package]]
-name = "ryu"
-version = "1.0.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c"
-
-[[package]]
-name = "scopeguard"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
-
-[[package]]
-name = "serde"
-version = "1.0.195"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02"
-dependencies = [
- "serde_derive",
-]
-
-[[package]]
-name = "serde_derive"
-version = "1.0.195"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.48",
-]
-
-[[package]]
-name = "serde_json"
-version = "1.0.111"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "176e46fa42316f18edd598015a5166857fc835ec732f5215eac6b7bdbf0a84f4"
-dependencies = [
- "itoa",
- "ryu",
- "serde",
-]
-
-[[package]]
-name = "slapd"
-version = "0.1.0"
-dependencies = [
- "fernet",
-]
-
-[[package]]
-name = "slapi_r_plugin"
-version = "0.1.0"
-dependencies = [
- "libc",
- "paste",
- "uuid",
-]
-
-[[package]]
-name = "smallvec"
-version = "1.12.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2593d31f82ead8df961d8bd23a64c2ccf2eb5dd34b0a34bfb4dd54011c72009e"
-
-[[package]]
-name = "strsim"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"
-
-[[package]]
-name = "syn"
-version = "1.0.109"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
-[[package]]
-name = "syn"
-version = "2.0.48"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
-[[package]]
-name = "tempfile"
-version = "3.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa"
-dependencies = [
- "cfg-if",
- "fastrand",
- "redox_syscall 0.4.1",
- "rustix",
- "windows-sys",
-]
-
-[[package]]
-name = "textwrap"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060"
-dependencies = [
- "unicode-width",
-]
-
-[[package]]
-name = "tokio"
-version = "1.35.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104"
-dependencies = [
- "backtrace",
- "pin-project-lite",
- "tokio-macros",
-]
-
-[[package]]
-name = "tokio-macros"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.48",
-]
-
-[[package]]
-name = "toml"
-version = "0.5.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "unicode-ident"
-version = "1.0.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
-
-[[package]]
-name = "unicode-width"
-version = "0.1.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85"
-
-[[package]]
-name = "uuid"
-version = "0.8.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
-dependencies = [
- "getrandom",
-]
-
-[[package]]
-name = "vcpkg"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-
-[[package]]
-name = "vec_map"
-version = "0.8.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
-
-[[package]]
-name = "version_check"
-version = "0.9.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
-
-[[package]]
-name = "wasi"
-version = "0.11.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
-
-[[package]]
-name = "winapi"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
-dependencies = [
- "winapi-i686-pc-windows-gnu",
- "winapi-x86_64-pc-windows-gnu",
-]
-
-[[package]]
-name = "winapi-i686-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
-
-[[package]]
-name = "winapi-x86_64-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
-
-[[package]]
-name = "windows-sys"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
-dependencies = [
- "windows-targets",
-]
-
-[[package]]
-name = "windows-targets"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd"
-dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
-]
-
-[[package]]
-name = "windows_aarch64_gnullvm"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea"
-
-[[package]]
-name = "windows_aarch64_msvc"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef"
-
-[[package]]
-name = "windows_i686_gnu"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313"
-
-[[package]]
-name = "windows_i686_msvc"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a"
-
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd"
-
-[[package]]
-name = "windows_x86_64_gnullvm"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e"
-
-[[package]]
-name = "windows_x86_64_msvc"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04"
-
-[[package]]
-name = "zeroize"
-version = "1.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
-dependencies = [
- "zeroize_derive",
-]
-
-[[package]]
-name = "zeroize_derive"
-version = "1.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.48",
-]

SPECS/389-ds-base.spec

@@ -1,973 +0,0 @@
-
-%global pkgname   dirsrv
-%global srcname   389-ds-base
-
-# Exclude i686 bit arches
-ExcludeArch: i686
-
-# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
-# also remove the space between % and global - this space is needed because
-# fedpkg verrel stupidly ignores comment lines
-#% global prerel .rc3
-# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
-#% global relprefix 0.
-
-# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
-%global use_Socket6 0
-
-%global use_asan 0
-%global use_rust 1
-%global use_legacy 1
-%global bundle_jemalloc 1
-%if %{use_asan}
-%global bundle_jemalloc 0
-%endif
-
-%if %{bundle_jemalloc}
-%global jemalloc_name jemalloc
-%global jemalloc_ver 5.3.0
-%global __provides_exclude ^libjemalloc\\.so.*$
-%endif
-
-# Use Clang instead of GCC
-%global use_clang 0
-
-# fedora 15 and later uses tmpfiles.d
-# otherwise, comment this out
-%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
-
-# systemd support
-%global groupname %{pkgname}.target
-
-# set PIE flag
-%global _hardened_build 1
-
-# Filter argparse-manpage from autogenerated package Requires
-%global __requires_exclude ^python.*argparse-manpage
-
-Summary:          389 Directory Server (base)
-Name:             389-ds-base
-Version:          1.4.3.39
-Release:          %{?relprefix}3%{?prerel}%{?dist}
-License:          GPLv3+ and (ASL 2.0 or MIT)
-URL:              https://www.port389.org
-Group:            System Environment/Daemons
-Conflicts:        selinux-policy-base < 3.9.8
-Conflicts:        freeipa-server < 4.0.3
-Obsoletes:        %{name} <= 1.4.0.9
-Provides:         ldif2ldbm >= 0
-
-##### Bundled cargo crates list - START #####
-Provides:  bundled(crate(addr2line)) = 0.21.0
-Provides:  bundled(crate(adler)) = 1.0.2
-Provides:  bundled(crate(ahash)) = 0.7.7
-Provides:  bundled(crate(ansi_term)) = 0.12.1
-Provides:  bundled(crate(atty)) = 0.2.14
-Provides:  bundled(crate(autocfg)) = 1.1.0
-Provides:  bundled(crate(backtrace)) = 0.3.69
-Provides:  bundled(crate(base64)) = 0.13.1
-Provides:  bundled(crate(bitflags)) = 1.3.2
-Provides:  bundled(crate(bitflags)) = 2.4.1
-Provides:  bundled(crate(byteorder)) = 1.5.0
-Provides:  bundled(crate(cbindgen)) = 0.9.1
-Provides:  bundled(crate(cc)) = 1.0.83
-Provides:  bundled(crate(cfg-if)) = 1.0.0
-Provides:  bundled(crate(clap)) = 2.34.0
-Provides:  bundled(crate(concread)) = 0.2.21
-Provides:  bundled(crate(crossbeam)) = 0.8.4
-Provides:  bundled(crate(crossbeam-channel)) = 0.5.11
-Provides:  bundled(crate(crossbeam-deque)) = 0.8.5
-Provides:  bundled(crate(crossbeam-epoch)) = 0.9.18
-Provides:  bundled(crate(crossbeam-queue)) = 0.3.11
-Provides:  bundled(crate(crossbeam-utils)) = 0.8.19
-Provides:  bundled(crate(entryuuid)) = 0.1.0
-Provides:  bundled(crate(entryuuid_syntax)) = 0.1.0
-Provides:  bundled(crate(errno)) = 0.3.8
-Provides:  bundled(crate(fastrand)) = 2.0.1
-Provides:  bundled(crate(fernet)) = 0.1.4
-Provides:  bundled(crate(foreign-types)) = 0.3.2
-Provides:  bundled(crate(foreign-types-shared)) = 0.1.1
-Provides:  bundled(crate(getrandom)) = 0.2.12
-Provides:  bundled(crate(gimli)) = 0.28.1
-Provides:  bundled(crate(hashbrown)) = 0.12.3
-Provides:  bundled(crate(hermit-abi)) = 0.1.19
-Provides:  bundled(crate(instant)) = 0.1.12
-Provides:  bundled(crate(itoa)) = 1.0.10
-Provides:  bundled(crate(jobserver)) = 0.1.27
-Provides:  bundled(crate(libc)) = 0.2.152
-Provides:  bundled(crate(librnsslapd)) = 0.1.0
-Provides:  bundled(crate(librslapd)) = 0.1.0
-Provides:  bundled(crate(linux-raw-sys)) = 0.4.12
-Provides:  bundled(crate(lock_api)) = 0.4.11
-Provides:  bundled(crate(log)) = 0.4.20
-Provides:  bundled(crate(lru)) = 0.7.8
-Provides:  bundled(crate(memchr)) = 2.7.1
-Provides:  bundled(crate(miniz_oxide)) = 0.7.1
-Provides:  bundled(crate(object)) = 0.32.2
-Provides:  bundled(crate(once_cell)) = 1.19.0
-Provides:  bundled(crate(openssl)) = 0.10.62
-Provides:  bundled(crate(openssl-macros)) = 0.1.1
-Provides:  bundled(crate(openssl-sys)) = 0.9.98
-Provides:  bundled(crate(parking_lot)) = 0.11.2
-Provides:  bundled(crate(parking_lot_core)) = 0.8.6
-Provides:  bundled(crate(paste)) = 0.1.18
-Provides:  bundled(crate(paste-impl)) = 0.1.18
-Provides:  bundled(crate(pin-project-lite)) = 0.2.13
-Provides:  bundled(crate(pkg-config)) = 0.3.28
-Provides:  bundled(crate(ppv-lite86)) = 0.2.17
-Provides:  bundled(crate(proc-macro-hack)) = 0.5.20+deprecated
-Provides:  bundled(crate(proc-macro2)) = 1.0.76
-Provides:  bundled(crate(pwdchan)) = 0.1.0
-Provides:  bundled(crate(quote)) = 1.0.35
-Provides:  bundled(crate(rand)) = 0.8.5
-Provides:  bundled(crate(rand_chacha)) = 0.3.1
-Provides:  bundled(crate(rand_core)) = 0.6.4
-Provides:  bundled(crate(redox_syscall)) = 0.2.16
-Provides:  bundled(crate(redox_syscall)) = 0.4.1
-Provides:  bundled(crate(rsds)) = 0.1.0
-Provides:  bundled(crate(rustc-demangle)) = 0.1.23
-Provides:  bundled(crate(rustix)) = 0.38.30
-Provides:  bundled(crate(ryu)) = 1.0.16
-Provides:  bundled(crate(scopeguard)) = 1.2.0
-Provides:  bundled(crate(serde)) = 1.0.195
-Provides:  bundled(crate(serde_derive)) = 1.0.195
-Provides:  bundled(crate(serde_json)) = 1.0.111
-Provides:  bundled(crate(slapd)) = 0.1.0
-Provides:  bundled(crate(slapi_r_plugin)) = 0.1.0
-Provides:  bundled(crate(smallvec)) = 1.12.0
-Provides:  bundled(crate(strsim)) = 0.8.0
-Provides:  bundled(crate(syn)) = 1.0.109
-Provides:  bundled(crate(syn)) = 2.0.48
-Provides:  bundled(crate(tempfile)) = 3.9.0
-Provides:  bundled(crate(textwrap)) = 0.11.0
-Provides:  bundled(crate(tokio)) = 1.35.1
-Provides:  bundled(crate(tokio-macros)) = 2.2.0
-Provides:  bundled(crate(toml)) = 0.5.11
-Provides:  bundled(crate(unicode-ident)) = 1.0.12
-Provides:  bundled(crate(unicode-width)) = 0.1.11
-Provides:  bundled(crate(uuid)) = 0.8.2
-Provides:  bundled(crate(vcpkg)) = 0.2.15
-Provides:  bundled(crate(vec_map)) = 0.8.2
-Provides:  bundled(crate(version_check)) = 0.9.4
-Provides:  bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1
-Provides:  bundled(crate(winapi)) = 0.3.9
-Provides:  bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
-Provides:  bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
-Provides:  bundled(crate(windows-sys)) = 0.52.0
-Provides:  bundled(crate(windows-targets)) = 0.52.0
-Provides:  bundled(crate(windows_aarch64_gnullvm)) = 0.52.0
-Provides:  bundled(crate(windows_aarch64_msvc)) = 0.52.0
-Provides:  bundled(crate(windows_i686_gnu)) = 0.52.0
-Provides:  bundled(crate(windows_i686_msvc)) = 0.52.0
-Provides:  bundled(crate(windows_x86_64_gnu)) = 0.52.0
-Provides:  bundled(crate(windows_x86_64_gnullvm)) = 0.52.0
-Provides:  bundled(crate(windows_x86_64_msvc)) = 0.52.0
-Provides:  bundled(crate(zeroize)) = 1.7.0
-Provides:  bundled(crate(zeroize_derive)) = 1.4.2
-##### Bundled cargo crates list - END #####
-
-BuildRequires:    nspr-devel >= 4.32
-BuildRequires:    nss-devel >= 3.67.0-7
-BuildRequires:    perl-generators
-BuildRequires:    openldap-devel
-BuildRequires:    libdb-devel
-BuildRequires:    cyrus-sasl-devel
-BuildRequires:    icu
-BuildRequires:    libicu-devel
-BuildRequires:    pcre-devel
-BuildRequires:    cracklib-devel
-%if %{use_clang}
-BuildRequires:    libatomic
-BuildRequires:    clang
-%else
-BuildRequires:    gcc
-BuildRequires:    gcc-c++
-%endif
-# The following are needed to build the snmp ldap-agent
-BuildRequires:    net-snmp-devel
-BuildRequires:    lm_sensors-devel
-BuildRequires:    bzip2-devel
-BuildRequires:    zlib-devel
-BuildRequires:    openssl-devel
-# the following is for the pam passthru auth plug-in
-BuildRequires:    pam-devel
-BuildRequires:    systemd-units
-BuildRequires:    systemd-devel
-%if %{use_asan}
-BuildRequires:    libasan
-%endif
-# If rust is enabled
-%if %{use_rust}
-BuildRequires: cargo
-BuildRequires: rust
-%endif
-BuildRequires:    pkgconfig
-BuildRequires:    pkgconfig(systemd)
-BuildRequires:    pkgconfig(krb5)
-
-# Needed to support regeneration of the autotool artifacts.
-BuildRequires:    autoconf
-BuildRequires:    automake
-BuildRequires:    libtool
-# For our documentation
-BuildRequires:    doxygen
-# For tests!
-BuildRequires:    libcmocka-devel
-BuildRequires:    libevent-devel
-# For lib389 and related components
-BuildRequires:    python%{python3_pkgversion}
-BuildRequires:    python%{python3_pkgversion}-devel
-BuildRequires:    python%{python3_pkgversion}-setuptools
-BuildRequires:    python%{python3_pkgversion}-ldap
-BuildRequires:    python%{python3_pkgversion}-six
-BuildRequires:    python%{python3_pkgversion}-pyasn1
-BuildRequires:    python%{python3_pkgversion}-pyasn1-modules
-BuildRequires:    python%{python3_pkgversion}-dateutil
-BuildRequires:    python%{python3_pkgversion}-argcomplete
-BuildRequires:    python%{python3_pkgversion}-argparse-manpage
-BuildRequires:    python%{python3_pkgversion}-policycoreutils
-BuildRequires:    python%{python3_pkgversion}-libselinux
-BuildRequires:    python%{python3_pkgversion}-cryptography
-
-# For cockpit
-BuildRequires:    rsync
-
-Requires:         %{name}-libs = %{version}-%{release}
-Requires:         python%{python3_pkgversion}-lib389 = %{version}-%{release}
-
-# this is needed for using semanage from our setup scripts
-Requires:         policycoreutils-python-utils
-Requires:         /usr/sbin/semanage
-Requires:         libsemanage-python%{python3_pkgversion}
-
-Requires:         selinux-policy >= 3.14.1-29
-
-# the following are needed for some of our scripts
-Requires:         openldap-clients
-Requires:         openssl-perl
-Requires:         python%{python3_pkgversion}-ldap
-
-# this is needed to setup SSL if you are not using the
-# administration server package
-Requires:         nss-tools
-Requires:         nspr >= 4.32
-Requires:         nss >= 3.67.0-7
-
-# these are not found by the auto-dependency method
-# they are required to support the mandatory LDAP SASL mechs
-Requires:         cyrus-sasl-gssapi
-Requires:         cyrus-sasl-md5
-Requires:         cyrus-sasl-plain
-
-# this is needed for verify-db.pl
-Requires:         libdb-utils
-
-# Needed for password dictionary checks
-Requires:         cracklib-dicts
-
-# This picks up libperl.so as a Requires, so we add this versioned one
-Requires:         perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
-Requires:         perl-Errno >= 1.23-360
-
-# Needed by logconv.pl
-Requires:         perl-DB_File
-Requires:         perl-Archive-Tar
-
-# Needed for password dictionary checks
-Requires:         cracklib-dicts
-
-# Picks up our systemd deps.
-%{?systemd_requires}
-
-Obsoletes:        %{name} <= 1.3.5.4
-
-Source0:          https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2
-# 389-ds-git.sh should be used to generate the source tarball from git
-Source1:          %{name}-git.sh
-Source2:          %{name}-devel.README
-%if %{bundle_jemalloc}
-Source3:          https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
-%endif
-%if %{use_rust}
-Source4:          vendor-%{version}-1.tar.gz
-Source5:          Cargo-%{version}-1.lock
-%endif
-
-Patch01:          0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch
-Patch02:          0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch
-Patch03:          0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch
-Patch04:          0004-Issue-5547-automember-plugin-improvements.patch
-Patch05:          0001-Issue-3527-Support-HAProxy-and-Instance-on-the-same-.patch
-
-%description
-389 Directory Server is an LDAPv3 compliant server.  The base package includes
-the LDAP server and command line utilities for server administration.
-%if %{use_asan}
-WARNING! This build is linked to Address Sanitisation libraries. This probably
-isn't what you want. Please contact support immediately.
-Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
-%endif
-
-%package          libs
-Summary:          Core libraries for 389 Directory Server
-Group:            System Environment/Daemons
-BuildRequires:    nspr-devel >= 4.32
-BuildRequires:    nss-devel >= 3.67.0-7
-BuildRequires:    openldap-devel
-BuildRequires:    libdb-devel
-BuildRequires:    cyrus-sasl-devel
-BuildRequires:    libicu-devel
-BuildRequires:    pcre-devel
-BuildRequires:    libtalloc-devel
-BuildRequires:    libevent-devel
-BuildRequires:    libtevent-devel
-Requires:         krb5-libs
-Requires:         libevent
-BuildRequires:    systemd-devel
-Provides:         svrcore = 4.1.4
-Conflicts:        svrcore
-Obsoletes:        svrcore <= 4.1.3
-
-%description      libs
-Core libraries for the 389 Directory Server base package.  These libraries
-are used by the main package and the -devel package.  This allows the -devel
-package to be installed with just the -libs package and without the main package.
-
-%if %{use_legacy}
-%package          legacy-tools
-Summary:          Legacy utilities for 389 Directory Server
-Group:            System Environment/Daemons
-Obsoletes:        %{name} <= 1.4.0.9
-Requires:         %{name}-libs = %{version}-%{release}
-# for setup-ds.pl to support ipv6
-%if %{use_Socket6}
-Requires:         perl-Socket6
-%else
-Requires:         perl-Socket
-%endif
-Requires:         perl-NetAddr-IP
-# use_openldap assumes perl-Mozilla-LDAP is built with openldap support
-Requires:         perl-Mozilla-LDAP
-# for setup-ds.pl
-Requires:         bind-utils
-%global __provides_exclude_from %{_libdir}/%{pkgname}/perl
-%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog)
-%{?perl_default_filter}
-
-%description      legacy-tools
-Legacy (and deprecated) utilities for 389 Directory Server. This includes
-the old account management and task scripts. These are deprecated in favour of
-the dscreate, dsctl, dsconf and dsidm tools.
-%endif
-
-%package          devel
-Summary:          Development libraries for 389 Directory Server
-Group:            Development/Libraries
-Requires:         %{name}-libs = %{version}-%{release}
-Requires:         pkgconfig
-Requires:         nspr-devel >= 4.32
-Requires:         nss-devel >= 3.67.0-7
-Requires:         openldap-devel
-Requires:         libtalloc
-Requires:         libevent
-Requires:         libtevent
-Requires:         systemd-libs
-Provides:         svrcore-devel = 4.1.4
-Conflicts:        svrcore-devel
-Obsoletes:        svrcore-devel <= 4.1.3
-
-%description      devel
-Development Libraries and headers for the 389 Directory Server base package.
-
-%package          snmp
-Summary:          SNMP Agent for 389 Directory Server
-Group:            System Environment/Daemons
-Requires:         %{name} = %{version}-%{release}
-
-Obsoletes:        %{name} <= 1.4.0.0
-
-%description      snmp
-SNMP Agent for the 389 Directory Server base package.
-
-%package -n python%{python3_pkgversion}-lib389
-Summary:  A library for accessing, testing, and configuring the 389 Directory Server
-BuildArch:        noarch
-Group:            Development/Libraries
-Requires: 389-ds-base
-Requires: openssl
-Requires: iproute
-Requires: platform-python
-Recommends: bash-completion
-Requires: python%{python3_pkgversion}-ldap
-Requires: python%{python3_pkgversion}-six
-Requires: python%{python3_pkgversion}-pyasn1
-Requires: python%{python3_pkgversion}-pyasn1-modules
-Requires: python%{python3_pkgversion}-dateutil
-Requires: python%{python3_pkgversion}-argcomplete
-Requires: python%{python3_pkgversion}-libselinux
-Requires: python%{python3_pkgversion}-setuptools
-Requires: python%{python3_pkgversion}-distro
-Requires: python%{python3_pkgversion}-cryptography
-%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
-
-%description -n python%{python3_pkgversion}-lib389
-This module contains tools and libraries for accessing, testing,
- and configuring the 389 Directory Server.
-
-%package -n cockpit-389-ds
-Summary:          Cockpit UI Plugin for configuring and administering the 389 Directory Server
-BuildArch:        noarch
-Requires:         cockpit
-Requires:         platform-python
-Requires:         python%{python3_pkgversion}-lib389
-
-%description -n cockpit-389-ds
-A cockpit UI Plugin for configuring and administering the 389 Directory Server
-
-%prep
-%autosetup -p1 -v -n %{name}-%{version}%{?prerel}
-%if %{use_rust}
-tar xvzf %{SOURCE4}
-cp %{SOURCE5} src/Cargo.lock
-%endif
-%if %{bundle_jemalloc}
-%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
-%endif
-cp %{SOURCE2} README.devel
-
-%build
-
-OPENLDAP_FLAG="--with-openldap"
-%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
-# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
-NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
-
-%if %{use_asan}
-ASAN_FLAGS="--enable-asan --enable-debug"
-%endif
-
-%if %{use_rust}
-RUST_FLAGS="--enable-rust --enable-rust-offline"
-%endif
-
-%if %{use_legacy}
-LEGACY_FLAGS="--enable-legacy --enable-perl"
-%else
-LEGACY_FLAGS="--disable-legacy --disable-perl"
-%endif
-
-%if %{use_clang}
-export CC=clang
-export CXX=clang++
-CLANG_FLAGS="--enable-clang"
-%endif
-
-%if %{bundle_jemalloc}
-# Override page size, bz #1545539
-# 4K
-%ifarch %ix86 %arm x86_64 s390x
-%define lg_page --with-lg-page=12
-%endif
-
-# 64K
-%ifarch ppc64 ppc64le aarch64
-%define lg_page --with-lg-page=16
-%endif
-
-# Override huge page size on aarch64
-# 2M instead of 512M
-%ifarch aarch64
-%define lg_hugepage --with-lg-hugepage=21
-%endif
-
-# Build jemalloc
-pushd ../%{jemalloc_name}-%{jemalloc_ver}
-%configure \
-        --libdir=%{_libdir}/%{pkgname}/lib \
-        --bindir=%{_libdir}/%{pkgname}/bin \
-        --enable-prof
-make %{?_smp_mflags}        
-popd
-%endif
-
-
-# Enforce strict linking
-%define _strict_symbol_defs_build 1
-
-# Rebuild the autotool artifacts now.
-autoreconf -fiv
-
-%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
-           --with-systemd \
-           --with-systemdsystemunitdir=%{_unitdir} \
-           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
-           --with-systemdgroupname=%{groupname}  \
-           --libexecdir=%{_libexecdir}/%{pkgname} \
-           $NSSARGS $ASAN_FLAGS $RUST_FLAGS $LEGACY_FLAGS $CLANG_FLAGS \
-           --enable-cmocka 
-
-# lib389
-pushd ./src/lib389
-%py3_build
-popd
-# argparse-manpage dynamic man pages have hardcoded man v1 in header,
-# need to change it to v8
-sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8
-sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8
-sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8
-sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8
-
-# Generate symbolic info for debuggers
-export XCFLAGS=$RPM_OPT_FLAGS
-
-#make %{?_smp_mflags}
-make
-
-%install
-
-mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
-mkdir -p %{buildroot}%{_datadir}/cockpit
-make DESTDIR="$RPM_BUILD_ROOT" install
-
-# Cockpit file list
-find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
-find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
-
-# Copy in our docs from doxygen.
-cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
-
-# lib389
-pushd src/lib389
-%py3_install
-popd
-
-mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
-mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
-mkdir -p $RPM_BUILD_ROOT/var/3lock/%{pkgname}
-
-# for systemd
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
-
-#remove libtool archives and static libs
-find %{buildroot} -type f -name "*.la" -delete
-find %{buildroot} -type f -name "*.a" -delete
-
-%if %{use_legacy}
-# make sure perl scripts have a proper shebang
-sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl
-%endif
-
-%if %{bundle_jemalloc}
-pushd ../%{jemalloc_name}-%{jemalloc_ver}
-make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
-cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc
-cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc
-popd
-%endif
-
-%check
-# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
-if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%post
-if [ -n "$DEBUGPOSTTRANS" ] ; then
-    output=$DEBUGPOSTTRANS
-    output2=${DEBUGPOSTTRANS}.upgrade
-else
-    output=/dev/null
-    output2=/dev/null
-fi
-
-# reload to pick up any changes to systemd files
-/bin/systemctl daemon-reload >$output 2>&1 || :
-
-# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
-# Soft static allocation for UID and GID
-USERNAME="dirsrv"
-ALLOCATED_UID=389
-GROUPNAME="dirsrv"
-ALLOCATED_GID=389
-HOMEDIR="/usr/share/dirsrv"
-
-getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME
-if ! getent passwd $USERNAME >/dev/null ; then
-    if ! getent passwd $ALLOCATED_UID >/dev/null ; then
-      /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
-    else
-      /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
-    fi
-fi
-
-# Reload our sysctl before we restart (if we can)
-sysctl --system &> $output; true
-
-%preun
-if [ $1 -eq 0 ]; then # Final removal
-    # remove instance specific service files/links
-    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
-fi
-
-%postun
-if [ $1 = 0 ]; then # Final removal
-    rm -rf /var/run/%{pkgname}
-fi
-
-%post snmp
-%systemd_post %{pkgname}-snmp.service
-
-%preun snmp
-%systemd_preun %{pkgname}-snmp.service %{groupname}
-
-%postun snmp
-%systemd_postun_with_restart %{pkgname}-snmp.service
-
-%if %{use_legacy}
-%post legacy-tools
-
-# START UPGRADE SCRIPT
-
-if [ -n "$DEBUGPOSTTRANS" ] ; then
-    output=$DEBUGPOSTTRANS
-    output2=${DEBUGPOSTTRANS}.upgrade
-else
-    output=/dev/null
-    output2=/dev/null
-fi
-
-# find all instances
-instances="" # instances that require a restart after upgrade
-ninst=0 # number of instances found in total
-
-echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
-instbase="%{_sysconfdir}/%{pkgname}"
-for dir in $instbase/slapd-* ; do
-    echo dir = $dir >> $output 2>&1 || :
-    if [ ! -d "$dir" ] ; then continue ; fi
-    case "$dir" in *.removed) continue ;; esac
-    basename=`basename $dir`
-    inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
-    echo found instance $inst - getting status  >> $output 2>&1 || :
-    if /bin/systemctl -q is-active $inst ; then
-       echo instance $inst is running >> $output 2>&1 || :
-       instances="$instances $inst"
-    else
-       echo instance $inst is not running >> $output 2>&1 || :
-    fi
-    ninst=`expr $ninst + 1`
-done
-if [ $ninst -eq 0 ] ; then
-    echo no instances to upgrade >> $output 2>&1 || :
-    exit 0 # have no instances to upgrade - just skip the rest
-fi
-# shutdown all instances
-echo shutting down all instances . . . >> $output 2>&1 || :
-for inst in $instances ; do
-    echo stopping instance $inst >> $output 2>&1 || :
-    /bin/systemctl stop $inst >> $output 2>&1 || :
-done
-echo remove pid files . . . >> $output 2>&1 || :
-/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid
-# do the upgrade
-echo upgrading instances . . . >> $output 2>&1 || :
-DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
-if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
-    %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
-else
-    %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || :
-fi
-
-# restart instances that require it
-for inst in $instances ; do
-    echo restarting instance $inst >> $output 2>&1 || :
-    /bin/systemctl start $inst >> $output 2>&1 || :
-done
-#END UPGRADE
-%endif
-
-exit 0
-
-
-%files
-%if %{bundle_jemalloc}
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
-%license COPYING.jemalloc
-%else
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
-%endif
-%dir %{_sysconfdir}/%{pkgname}
-%dir %{_sysconfdir}/%{pkgname}/schema
-%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
-%dir %{_sysconfdir}/%{pkgname}/config
-%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
-%{_datadir}/%{pkgname}
-%{_datadir}/gdb/auto-load/*
-%{_unitdir}
-%{_bindir}/dbscan
-%{_mandir}/man1/dbscan.1.gz
-%{_bindir}/ds-replcheck
-%{_mandir}/man1/ds-replcheck.1.gz
-%{_bindir}/ds-logpipe.py
-%{_mandir}/man1/ds-logpipe.py.1.gz
-%{_bindir}/ldclt
-%{_mandir}/man1/ldclt.1.gz
-%{_sbindir}/ldif2ldap
-%{_mandir}/man8/ldif2ldap.8.gz
-%{_bindir}/logconv.pl
-%{_mandir}/man1/logconv.pl.1.gz
-%{_bindir}/pwdhash
-%{_mandir}/man1/pwdhash.1.gz
-%{_bindir}/readnsstate
-%{_mandir}/man1/readnsstate.1.gz
-# Remove for now: %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
-%{_sbindir}/ns-slapd
-%{_mandir}/man8/ns-slapd.8.gz
-%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
-%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
-%{_mandir}/man5/99user.ldif.5.gz
-%{_mandir}/man5/certmap.conf.5.gz
-%{_mandir}/man5/slapd-collations.conf.5.gz
-%{_mandir}/man5/dirsrv.5.gz
-%{_mandir}/man5/dirsrv.systemd.5.gz
-%{_libdir}/%{pkgname}/python
-%dir %{_libdir}/%{pkgname}/plugins
-%{_libdir}/%{pkgname}/plugins/*.so
-# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
-# sysctl.d is always in /lib.
-%{_prefix}/lib/sysctl.d/*
-%dir %{_localstatedir}/lib/%{pkgname}
-%dir %{_localstatedir}/log/%{pkgname}
-%ghost %dir %{_localstatedir}/lock/%{pkgname}
-%exclude %{_sbindir}/ldap-agent*
-%exclude %{_mandir}/man1/ldap-agent.1.gz
-%exclude %{_unitdir}/%{pkgname}-snmp.service
-%if %{bundle_jemalloc}
-%{_libdir}/%{pkgname}/lib/
-%{_libdir}/%{pkgname}/bin/
-%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
-%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
-%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
-%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
-%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
-%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
-%endif
-
-%files devel
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
-%{_mandir}/man3/*
-%{_includedir}/svrcore.h
-%{_includedir}/%{pkgname}
-%{_libdir}/libsvrcore.so
-%{_libdir}/%{pkgname}/libslapd.so
-%{_libdir}/%{pkgname}/libns-dshttpd.so
-%{_libdir}/%{pkgname}/libsds.so
-%{_libdir}/%{pkgname}/libldaputil.so
-%{_libdir}/pkgconfig/svrcore.pc
-%{_libdir}/pkgconfig/dirsrv.pc
-%{_libdir}/pkgconfig/libsds.pc
-
-%files libs
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
-%dir %{_libdir}/%{pkgname}
-%{_libdir}/libsvrcore.so.*
-%{_libdir}/%{pkgname}/libslapd.so.*
-%{_libdir}/%{pkgname}/libns-dshttpd-*.so
-%{_libdir}/%{pkgname}/libsds.so.*
-%{_libdir}/%{pkgname}/libldaputil.so.*
-%{_libdir}/%{pkgname}/librewriters.so*
-%if %{bundle_jemalloc}
-%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
-%endif
-
-%if %{use_legacy}
-%files legacy-tools
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
-%{_bindir}/infadd
-%{_mandir}/man1/infadd.1.gz
-%{_bindir}/ldif
-%{_mandir}/man1/ldif.1.gz
-%{_bindir}/migratecred
-%{_mandir}/man1/migratecred.1.gz
-%{_bindir}/mmldif
-%{_mandir}/man1/mmldif.1.gz
-%{_bindir}/rsearch
-%{_mandir}/man1/rsearch.1.gz
-%{_libexecdir}/%{pkgname}/ds_selinux_enabled
-%{_libexecdir}/%{pkgname}/ds_selinux_port_query
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
-%{_mandir}/man5/template-initconfig.5.gz
-%{_datadir}/%{pkgname}/properties/*.res
-%{_datadir}/%{pkgname}/script-templates
-%{_datadir}/%{pkgname}/updates
-%{_sbindir}/ldif2ldap
-%{_mandir}/man8/ldif2ldap.8.gz
-%{_sbindir}/bak2db
-%{_mandir}/man8/bak2db.8.gz
-%{_sbindir}/db2bak
-%{_mandir}/man8/db2bak.8.gz
-%{_sbindir}/db2index
-%{_mandir}/man8/db2index.8.gz
-%{_sbindir}/db2ldif
-%{_mandir}/man8/db2ldif.8.gz
-%{_sbindir}/dbverify
-%{_mandir}/man8/dbverify.8.gz
-%{_sbindir}/ldif2db
-%{_mandir}/man8/ldif2db.8.gz
-%{_sbindir}/restart-dirsrv
-%{_mandir}/man8/restart-dirsrv.8.gz
-%{_sbindir}/start-dirsrv
-%{_mandir}/man8/start-dirsrv.8.gz
-%{_sbindir}/status-dirsrv
-%{_mandir}/man8/status-dirsrv.8.gz
-%{_sbindir}/stop-dirsrv
-%{_mandir}/man8/stop-dirsrv.8.gz
-%{_sbindir}/upgradedb
-%{_mandir}/man8/upgradedb.8.gz
-%{_sbindir}/vlvindex
-%{_mandir}/man8/vlvindex.8.gz
-%{_sbindir}/monitor
-%{_mandir}/man8/monitor.8.gz
-%{_sbindir}/dbmon.sh
-%{_mandir}/man8/dbmon.sh.8.gz
-%{_sbindir}/dn2rdn
-%{_mandir}/man8/dn2rdn.8.gz
-%{_sbindir}/restoreconfig
-%{_mandir}/man8/restoreconfig.8.gz
-%{_sbindir}/saveconfig
-%{_mandir}/man8/saveconfig.8.gz
-%{_sbindir}/suffix2instance
-%{_mandir}/man8/suffix2instance.8.gz
-%{_sbindir}/upgradednformat
-%{_mandir}/man8/upgradednformat.8.gz
-%{_mandir}/man1/dbgen.pl.1.gz
-%{_bindir}/repl-monitor
-%{_mandir}/man1/repl-monitor.1.gz
-%{_bindir}/repl-monitor.pl
-%{_mandir}/man1/repl-monitor.pl.1.gz
-%{_bindir}/cl-dump
-%{_mandir}/man1/cl-dump.1.gz
-%{_bindir}/cl-dump.pl
-%{_mandir}/man1/cl-dump.pl.1.gz
-%{_bindir}/dbgen.pl
-%{_mandir}/man8/bak2db.pl.8.gz
-%{_sbindir}/bak2db.pl
-%{_sbindir}/cleanallruv.pl
-%{_mandir}/man8/cleanallruv.pl.8.gz
-%{_sbindir}/db2bak.pl
-%{_mandir}/man8/db2bak.pl.8.gz
-%{_sbindir}/db2index.pl
-%{_mandir}/man8/db2index.pl.8.gz
-%{_sbindir}/db2ldif.pl
-%{_mandir}/man8/db2ldif.pl.8.gz
-%{_sbindir}/fixup-linkedattrs.pl
-%{_mandir}/man8/fixup-linkedattrs.pl.8.gz
-%{_sbindir}/fixup-memberof.pl
-%{_mandir}/man8/fixup-memberof.pl.8.gz
-%{_sbindir}/ldif2db.pl
-%{_mandir}/man8/ldif2db.pl.8.gz
-%{_sbindir}/migrate-ds.pl
-%{_mandir}/man8/migrate-ds.pl.8.gz
-%{_sbindir}/ns-accountstatus.pl
-%{_mandir}/man8/ns-accountstatus.pl.8.gz
-%{_sbindir}/ns-activate.pl
-%{_mandir}/man8/ns-activate.pl.8.gz
-%{_sbindir}/ns-inactivate.pl
-%{_mandir}/man8/ns-inactivate.pl.8.gz
-%{_sbindir}/ns-newpwpolicy.pl
-%{_mandir}/man8/ns-newpwpolicy.pl.8.gz
-%{_sbindir}/remove-ds.pl
-%{_mandir}/man8/remove-ds.pl.8.gz
-%{_sbindir}/schema-reload.pl
-%{_mandir}/man8/schema-reload.pl.8.gz
-%{_sbindir}/setup-ds.pl
-%{_mandir}/man8/setup-ds.pl.8.gz
-%{_sbindir}/syntax-validate.pl
-%{_mandir}/man8/syntax-validate.pl.8.gz
-%{_sbindir}/usn-tombstone-cleanup.pl
-%{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz
-%{_sbindir}/verify-db.pl
-%{_mandir}/man8/verify-db.pl.8.gz
-%{_libdir}/%{pkgname}/perl
-%endif
-
-%files snmp
-%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
-%{_sbindir}/ldap-agent*
-%{_mandir}/man1/ldap-agent.1.gz
-%{_unitdir}/%{pkgname}-snmp.service
-
-%files -n python%{python3_pkgversion}-lib389
-%doc LICENSE LICENSE.GPLv3+
-%{python3_sitelib}/lib389*
-%{_sbindir}/dsconf
-%{_mandir}/man8/dsconf.8.gz
-%{_sbindir}/dscreate
-%{_mandir}/man8/dscreate.8.gz
-%{_sbindir}/dsctl
-%{_mandir}/man8/dsctl.8.gz
-%{_sbindir}/dsidm
-%{_mandir}/man8/dsidm.8.gz
-%{_libexecdir}/%{pkgname}/dscontainer
-
-%files -n cockpit-389-ds -f cockpit.list
-%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
-%doc README.md
-
-%changelog
-* Thu Mar 14 2024 Simon Pichugin <spichugi@redhat.com> - 1.4.3.39-3
-- Bump version to 1.4.3.39-3
-- Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix
-
-* Mon Feb 05 2024 Thierry Bordaz <tbordaz@redhat.com> - 1.4.3.39-2
-- Bump version to 1.4.3.39-2
-- Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
-- Resolves: RHEL-5390  - schema-compat-plugin expensive with automember rebuild
-- Resolves: RHEL-5135  - crash in sync_update_persist_op() of content sync plugin
-
-* Tue Jan 16 2024 Simon Pichugin <spichugi@redhat.com> - 1.4.3.39-1
-- Bump version to 1.4.3.39-1
-- Resolves: RHEL-19028 - Rebase 389-ds-base in RHEL 8.10 to 1.4.3.39
-- Resolves: RHEL-19240 - [RFE] Add PROXY protocol support to 389-ds-base
-- Resolves: RHEL-5143  - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG.
-- Resolves: RHEL-5107  - bdb_start - Detected Disorderly Shutdown directory server is not starting
-- Resolves: RHEL-16338 - ns-slapd crash in slapi_attr_basetype
-- Resolves: RHEL-14025 - After an upgrade the LDAP server won't start if nsslapd-conntablesize is present in the dse.ldif file.
-
-
-* Fri Dec 08 2023 James Chapman <jachapma@redhat.com> - 1.4.3.38-1
-- Bump version to 1.4.3.38-1
-- Resolves: RHEL-19028 - Rebase 389-ds-base in RHEL 8.10 to 1.4.3.38
-
-* Wed Aug 16 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.37-1
-- Bump versionto 1.4.3.37-1
-- Resolves: rhbz#2224505 - Paged search impacts performance
-- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme
-- Resolves: rhbz#2218235 - python3-lib389: Python tarfile extraction needs change to avoid a warning
-- Resolves: rhbz#2210491 - dtablesize being set to soft maxfiledescriptor limit causing massive slowdown in large enviroments.
-- Resolves: rhbz#2149967 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG
-
-* Tue Jul 11 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.36-2
-- Bump version to 1.4.3.36-2
-- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme
-
-* Wed Jun 14 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.36-1
-- Bump version to 1.4.3.36-1
-- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.36
-
-* Mon May 22 2023 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.35-1
-- Bump version to 1.4.3.35-1
-- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.35
-
-* Tue Nov 15 2022 Mark Reynolds <mreynolds@redhat.com> - 1.4.3.32-1
-- Bump version to 1.4.3.32-1
-- Resolves: Bug 2098138 - broken nsslapd-subtree-rename-switch option in rhds11
-- Resolves: Bug 2119063 - entryuuid fixup tasks fails because entryUUID is not mutable
-- Resolves: Bug 2136610 - [RFE] Add 'cn' attribute to IPA audit logs 
-- Resolves: Bug 2142638 - pam mutex lock causing high etimes, affecting red hat internal sso
-- Resolves: Bug 2096795 - [RFE] Support ECDSA private keys for TLS
-

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+    - rhel-9
+decision_context: osci_compose_gate
+rules:
+    - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

main.fmf

@@ -0,0 +1,17 @@
+/plan:
+    summary: Basic test suite
+    discover:
+        how: fmf
+    execute:
+        how: tmt
+    prepare:
+      - name: install required packages
+        how: install
+        package: [389-ds-base, git, pytest]
+      - name: clone repo
+        how: shell
+        script: git clone https://github.com/389ds/389-ds-base /root/ds
+/test:
+    /upstream_basic:
+        test: pytest -v /root/ds/dirsrvtests/tests/suites/basic/basic_test.py
+        duration: 30m

rpminspect.yaml

@@ -0,0 +1,7 @@
+---
+specname:
+    match: suffix
+runpath:
+    allowed_paths:
+        - /usr/lib64/dirsrv
+        - /usr/lib64/dirsrv/plugins

sources

@@ -0,0 +1,2 @@
+SHA512 (jemalloc-5.3.0.tar.bz2) = 22907bb052096e2caffb6e4e23548aecc5cc9283dce476896a2b1127eee64170e3562fa2e7db9571298814a7a2c7df6e8d1fbe152bd3f3b0c1abec22a2de34b1
+SHA512 (389-ds-base-2.5.1.tar.bz2) = bb3c9b4f08787deccc70a653520438b386f8b45d69ab3a755ed67c6b2896fb1727a8710643e042d68af5126b3183ee6cd501816f476541566bad0727c99de36c