Use systemd-sysusers for ldap user and group

Fix depricated %patch format Replace License with SPDX identifier Resolves: RHEL-5140
2024-02-07 17:41:08 -08:00 · 2024-02-07 17:41:08 -08:00 · 409b720303
commit 409b720303
parent ee624ac9c5
2 changed files with 31 additions and 18 deletions
--- a/openldap.spec
+++ b/openldap.spec
@ -16,9 +16,9 @@

 Name: openldap
 Version: 2.6.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: LDAP support libraries
-License: OpenLDAP
+License: OLDAP-2.8
 URL: http://www.openldap.org/

 Source0: https://openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz
@ -27,6 +27,7 @@ Source2: slapd.tmpfiles
 Source3: slapd.ldif
 Source4: ldap.conf
 Source5: UPGRADE_INSTRUCTIONS
+Source6: openldap.sysusers
 Source10: https://github.com/ltb-project/openldap-ppolicy-check-password/archive/v%{check_password_version}/openldap-ppolicy-check-password-%{check_password_version}.tar.gz
 Source50: libexec-functions
 Source52: libexec-check-config.sh
@ -72,6 +73,8 @@ BuildRequires: unixODBC-devel
 BuildRequires: systemd
 BuildRequires: libdb-devel
 BuildRequires: cracklib-devel
+BuildRequires: systemd-rpm-macros
+%{?sysusers_requires_compat}

 %description
 OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
@ -154,16 +157,16 @@ programs needed for accessing and modifying OpenLDAP directories.
 %setup -q -c -a 0 -a 10

 pushd openldap-%{version}
-%patch0 -p1
-%patch1 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
+%patch -P0 -p1
+%patch -P1 -p1
+%patch -P3 -p1
+%patch -P4 -p1
+%patch -P5 -p1
+%patch -P6 -p1
+%patch -P7 -p1
+%patch -P8 -p1
+%patch -P9 -p1
+%patch -P10 -p1

 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@ -184,8 +187,8 @@ done
 popd

 pushd openldap-ppolicy-check-password-%{check_password_version}
-%patch90 -p1
-%patch91 -p1
+%patch -P90 -p1
+%patch -P91 -p1
 popd

 %build
@ -247,6 +250,9 @@ popd
 %install

 mkdir -p %{buildroot}%{_libdir}/
+%if %{with servers}
+install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/openldap.conf
+%endif

 pushd openldap-%{version}
 %make_install STRIP_OPTS=""
@ -384,10 +390,8 @@ rm %{buildroot}%{_libdir}/*.la  # because we do not want files in %{_libdir}/ope
 %if %{with servers}
 %pre servers
 # create ldap user and group
-getent group ldap &>/dev/null || groupadd -r -g 55 ldap
-getent passwd ldap &>/dev/null || \
-	useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap
-exit 0
+# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
+%sysusers_create_compat %{SOURCE6}

 %post servers
 %systemd_post slapd.service
@ -500,6 +504,7 @@ exit 0
 %{_mandir}/man5/slapd*.5*
 %{_mandir}/man5/slapo-*.5*
 %{_mandir}/man5/slappw-argon2.5*
+%{_sysusersdir}/openldap.conf
 # obsolete configuration
 %ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf
 %else
@ -543,6 +548,11 @@ exit 0
 %{_libdir}/libslapi-2.4*.so.*

 %changelog
+* Fri Feb 9 2024 Simon Pichugin <spichugi@redhat.com> - 2.6.6-3
+- Use systemd-sysusers for ldap user and group
+  Replace License with SPDX identifier
+  Resolves: RHEL-5140
+
 * Thu Dec 14 2023 Simon Pichugin <spichugi@redhat.com> - 2.6.6-2
 - The client tools parameters '-h' and '-p' are still deprecated,
  but this release brings back the client tools options that
--- a/openldap.sysusers
+++ b/openldap.sysusers
@ -0,0 +1,3 @@
+#Type Name     ID             GECOS                   Home directory  Shell
+g     ldap     55
+u     ldap     55:55          "OpenLDAP server"       /var/lib/ldap   /sbin/nologin