From 92cf4ffd3294a78a24ef17998818e249e1e4c442 Mon Sep 17 00:00:00 2001
From: Simon Pichugin <spichugi@redhat.com>
Date: Wed, 7 Feb 2024 17:41:08 -0800
Subject: [PATCH] Use systemd-sysusers for ldap user and group

---
 .openldap.metadata |  2 ++
 openldap.spec      | 46 ++++++++++++++++++++++++++++------------------
 openldap.sysusers  |  3 +++
 3 files changed, 33 insertions(+), 18 deletions(-)
 create mode 100644 .openldap.metadata
 create mode 100644 openldap.sysusers

diff --git a/.openldap.metadata b/.openldap.metadata
new file mode 100644
index 0000000..980a532
--- /dev/null
+++ b/.openldap.metadata
@@ -0,0 +1,2 @@
+d9f2c30aa3ec5760d4eb5923f461ca8eed92703d openldap-ppolicy-check-password-1.1.tar.gz
+633bc0ce9b5d91852c1fe38c720763f32d18390f openldap-2.6.6.tgz
diff --git a/openldap.spec b/openldap.spec
index 39e677d..8ccecb9 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -16,9 +16,9 @@
 
 Name: openldap
 Version: 2.6.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: LDAP support libraries
-License: OpenLDAP
+License: OLDAP-2.8
 URL: http://www.openldap.org/
 
 Source0: https://openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz
@@ -27,6 +27,7 @@ Source2: slapd.tmpfiles
 Source3: slapd.ldif
 Source4: ldap.conf
 Source5: UPGRADE_INSTRUCTIONS
+Source6: openldap.sysusers
 Source10: https://github.com/ltb-project/openldap-ppolicy-check-password/archive/v%{check_password_version}/openldap-ppolicy-check-password-%{check_password_version}.tar.gz
 Source50: libexec-functions
 Source52: libexec-check-config.sh
@@ -72,6 +73,8 @@ BuildRequires: unixODBC-devel
 BuildRequires: systemd
 BuildRequires: libdb-devel
 BuildRequires: cracklib-devel
+BuildRequires: systemd-rpm-macros
+%{?sysusers_requires_compat}
 
 %description
 OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
@@ -154,16 +157,16 @@ programs needed for accessing and modifying OpenLDAP directories.
 %setup -q -c -a 0 -a 10
 
 pushd openldap-%{version}
-%patch0 -p1
-%patch1 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
+%patch -P0 -p1
+%patch -P1 -p1
+%patch -P3 -p1
+%patch -P4 -p1
+%patch -P5 -p1
+%patch -P6 -p1
+%patch -P7 -p1
+%patch -P8 -p1
+%patch -P9 -p1
+%patch -P10 -p1
 
 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@@ -184,8 +187,8 @@ done
 popd
 
 pushd openldap-ppolicy-check-password-%{check_password_version}
-%patch90 -p1
-%patch91 -p1
+%patch -P90 -p1
+%patch -P91 -p1
 popd
 
 %build
@@ -247,6 +250,9 @@ popd
 %install
 
 mkdir -p %{buildroot}%{_libdir}/
+%if %{with servers}
+install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/openldap.conf
+%endif
 
 pushd openldap-%{version}
 %make_install STRIP_OPTS=""
@@ -384,10 +390,8 @@ rm %{buildroot}%{_libdir}/*.la  # because we do not want files in %{_libdir}/ope
 %if %{with servers}
 %pre servers
 # create ldap user and group
-getent group ldap &>/dev/null || groupadd -r -g 55 ldap
-getent passwd ldap &>/dev/null || \
-	useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap
-exit 0
+# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
+%sysusers_create_compat %{SOURCE6}
 
 %post servers
 %systemd_post slapd.service
@@ -500,6 +504,7 @@ exit 0
 %{_mandir}/man5/slapd*.5*
 %{_mandir}/man5/slapo-*.5*
 %{_mandir}/man5/slappw-argon2.5*
+%{_sysusersdir}/openldap.conf
 # obsolete configuration
 %ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf
 %else
@@ -543,6 +548,11 @@ exit 0
 %{_libdir}/libslapi-2.4*.so.*
 
 %changelog
+* Fri Feb 9 2024 Simon Pichugin <spichugi@redhat.com> - 2.6.6-3
+- Use systemd-sysusers for ldap user and group
+  Replace License with SPDX identifier
+  Resolves: RHEL-5140
+
 * Thu Dec 14 2023 Simon Pichugin <spichugi@redhat.com> - 2.6.6-2
 - The client tools parameters '-h' and '-p' are still deprecated,
   but this release brings back the client tools options that
diff --git a/openldap.sysusers b/openldap.sysusers
new file mode 100644
index 0000000..37ef083
--- /dev/null
+++ b/openldap.sysusers
@@ -0,0 +1,3 @@
+#Type Name     ID             GECOS                   Home directory  Shell
+g     ldap     55
+u     ldap     55:55          "OpenLDAP server"       /var/lib/ldap   /sbin/nologin