rebase to 2.4.23
- package rebased - removed embeded db4 - removed patches merged by upstream - removed no longer required patches - merged patches doing manpage changes - merged patches exporting ldif API - reapplied patches and added description to each one - removed unnecessary BuildRequires - cleaned %config, %build and %install sections - updated database upgrade process: - database is exported (slapcat) and reimported (slapadd) when minor version of openldap changes (safe and recomended way) - database is upgraded (db4) when minor version of db4 package changes (this is not done in %post anymore, as the database is not embeded, but using triggers) Resolved: #624616 Bogus links in "SEE ALSO" part of several man-pages Resolved: #625740 openldap-2.4.23 is available
This commit is contained in:
parent
b68d557f79
commit
95d8d32fc5
@ -1,9 +0,0 @@
|
|||||||
These files are here specifically for use in building the nss_ldap package,
|
|
||||||
and should not be used for any other purpose.
|
|
||||||
|
|
||||||
They contain a backported patch which adds two functions which nss_ldap can
|
|
||||||
use to avoid blocking in one particular use case, but which are not included
|
|
||||||
in the 2.2 branch of OpenLDAP.
|
|
||||||
|
|
||||||
When the openldap package updates to 2.3, these libraries will simply
|
|
||||||
disappear.
|
|
@ -1,21 +0,0 @@
|
|||||||
/* Gleaned from glibc, though I suppose it's documented in the specs, too.
|
|
||||||
NPTL requires support that isn't in kernels prior to 2.4.20 (or 2.5.36 if
|
|
||||||
you're not using a backported TLS implementation in your kernel), but ld.so
|
|
||||||
will try to use this library on an insufficiently-new system unless we make
|
|
||||||
a note of the required kernel version here.
|
|
||||||
We also add in a section which marks the library as not needing an
|
|
||||||
executable stack to avoid unintentionally disabling exec-shield and the
|
|
||||||
like (thanks Arjan!). */
|
|
||||||
.section ".note.ABI-tag", "a"
|
|
||||||
.p2align 2
|
|
||||||
.long 1f - 0f
|
|
||||||
.long 3f - 2f
|
|
||||||
.long 1
|
|
||||||
0: .asciz "GNU"
|
|
||||||
1: .p2align 2
|
|
||||||
2: .long 0
|
|
||||||
.long 2,4,20
|
|
||||||
3: .p2align 2
|
|
||||||
|
|
||||||
.section .note.GNU-stack, "", @progbits
|
|
||||||
.previous
|
|
@ -1,13 +0,0 @@
|
|||||||
diff -up openldap-2.4.11/libraries/libldap/init.c.patch2 openldap-2.4.11/libraries/libldap/init.c
|
|
||||||
--- openldap-2.4.11/libraries/libldap/init.c.patch2 2008-02-12 00:26:41.000000000 +0100
|
|
||||||
+++ openldap-2.4.11/libraries/libldap/init.c 2008-09-01 09:57:09.000000000 +0200
|
|
||||||
@@ -327,9 +327,6 @@ static void openldap_ldap_init_w_usercon
|
|
||||||
if(path != NULL) {
|
|
||||||
LDAP_FREE(path);
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- /* try file */
|
|
||||||
- openldap_ldap_init_w_conf(file, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void openldap_ldap_init_w_env(
|
|
@ -1,14 +0,0 @@
|
|||||||
Don't read the user's configuration file if we're running in a setuid
|
|
||||||
or setgid application.
|
|
||||||
diff -up openldap-2.4.14/libraries/libldap/init.c.setugid openldap-2.4.14/libraries/libldap/init.c
|
|
||||||
--- openldap-2.4.14/libraries/libldap/init.c.setugid 2009-02-17 08:31:19.000000000 +0100
|
|
||||||
+++ openldap-2.4.14/libraries/libldap/init.c 2009-02-17 08:39:01.000000000 +0100
|
|
||||||
@@ -634,7 +634,7 @@ void ldap_int_initialize( struct ldapopt
|
|
||||||
openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
|
|
||||||
|
|
||||||
#ifdef HAVE_GETEUID
|
|
||||||
- if ( geteuid() != getuid() )
|
|
||||||
+ if ( geteuid() != getuid() || getegid() != getgid() )
|
|
||||||
return;
|
|
||||||
#endif
|
|
||||||
|
|
@ -1,20 +0,0 @@
|
|||||||
If libexecdir and sbindir are the same, avoid making an absolute symlink.
|
|
||||||
|
|
||||||
|
|
||||||
diff -up openldap-2.4.11/servers/slapd/Makefile.in.patch5 openldap-2.4.11/servers/slapd/Makefile.in
|
|
||||||
--- openldap-2.4.11/servers/slapd/Makefile.in.patch5 2008-09-01 09:57:09.000000000 +0200
|
|
||||||
+++ openldap-2.4.11/servers/slapd/Makefile.in 2008-09-01 09:57:09.000000000 +0200
|
|
||||||
@@ -270,7 +270,12 @@ slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
|
|
||||||
$(WRAP_LIBS)
|
|
||||||
$(RM) $(SLAPTOOLS)
|
|
||||||
for i in $(SLAPTOOLS); do \
|
|
||||||
- $(LN_S) slapd$(EXEEXT) $$i$(EXEEXT); done
|
|
||||||
+ if test $(libexecdir) != $(sbindir) ; then \
|
|
||||||
+ $(LN_S) $(libexecdir)/slapd$(EXEEXT) $$i$(EXEEXT); \
|
|
||||||
+ else \
|
|
||||||
+ $(LN_S) slapd$(EXEEXT) $$i$(EXEEXT); \
|
|
||||||
+ fi \
|
|
||||||
+ done
|
|
||||||
|
|
||||||
|
|
||||||
sslapd: version.o
|
|
@ -1,112 +0,0 @@
|
|||||||
--- openldap/clients/tools/common.c 2009-04-09 11:37:06.000000000 +0200
|
|
||||||
+++ openldap/clients/tools/common.c.option 2009-04-09 14:52:23.000000000 +0200
|
|
||||||
@@ -267,7 +267,6 @@ void
|
|
||||||
tool_common_usage( void )
|
|
||||||
{
|
|
||||||
static const char *const descriptions[] = {
|
|
||||||
-N_(" -c continuous operation mode (do not stop on errors)\n"),
|
|
||||||
N_(" -d level set LDAP debugging level to `level'\n"),
|
|
||||||
N_(" -D binddn bind DN\n"),
|
|
||||||
N_(" -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)\n")
|
|
||||||
@@ -298,18 +297,15 @@ N_(" [!]sessiontracking\n")
|
|
||||||
N_(" abandon, cancel, ignore (SIGINT sends abandon/cancel,\n"
|
|
||||||
" or ignores response; if critical, doesn't wait for SIGINT.\n"
|
|
||||||
" not really controls)\n")
|
|
||||||
-N_(" -f file read operations from `file'\n"),
|
|
||||||
N_(" -h host LDAP server\n"),
|
|
||||||
N_(" -H URI LDAP Uniform Resource Identifier(s)\n"),
|
|
||||||
N_(" -I use SASL Interactive mode\n"),
|
|
||||||
-N_(" -M enable Manage DSA IT control (-MM to make critical)\n"),
|
|
||||||
N_(" -n show what would be done but don't actually do it\n"),
|
|
||||||
N_(" -N do not use reverse DNS to canonicalize SASL host name\n"),
|
|
||||||
N_(" -O props SASL security properties\n"),
|
|
||||||
N_(" -o <opt>[=<optparam] general options\n"),
|
|
||||||
N_(" nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
|
|
||||||
N_(" -p port port on LDAP server\n"),
|
|
||||||
-N_(" -P version protocol version (default: 3)\n"),
|
|
||||||
N_(" -Q use SASL Quiet mode\n"),
|
|
||||||
N_(" -R realm SASL realm\n"),
|
|
||||||
N_(" -U authcid SASL authentication identity\n"),
|
|
||||||
|
|
||||||
--- openldap/clients/tools/ldapcompare.c 2009-04-09 11:37:06.000000000 +0200
|
|
||||||
+++ openldap/clients/tools/ldapcompare.c.option 2009-04-09 14:46:37.000000000 +0200
|
|
||||||
@@ -85,6 +85,8 @@ usage( void )
|
|
||||||
fprintf( stderr, _("Compare options:\n"));
|
|
||||||
fprintf( stderr, _(" -E [!]<ext>[=<extparam>] compare extensions (! indicates criticality)\n"));
|
|
||||||
fprintf( stderr, _(" !dontUseCopy (Don't Use Copy)\n"));
|
|
||||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
|
||||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
|
||||||
fprintf( stderr, _(" -z Quiet mode,"
|
|
||||||
" don't print anything, use return values\n"));
|
|
||||||
tool_common_usage();
|
|
||||||
|
|
||||||
--- openldap/clients/tools/ldapdelete.c 2009-04-09 11:37:06.000000000 +0200
|
|
||||||
+++ openldap/clients/tools/ldapdelete.c.option 2009-04-09 14:48:48.000000000 +0200
|
|
||||||
@@ -71,6 +71,10 @@ usage( void )
|
|
||||||
fprintf( stderr, _(" dn: list of DNs to delete. If not given, it will be readed from stdin\n"));
|
|
||||||
fprintf( stderr, _(" or from the file specified with \"-f file\".\n"));
|
|
||||||
fprintf( stderr, _("Delete Options:\n"));
|
|
||||||
+ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
|
|
||||||
+ fprintf( stderr, _(" -f file read operations from `file'\n"));
|
|
||||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
|
||||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
|
||||||
fprintf( stderr, _(" -r delete recursively\n"));
|
|
||||||
tool_common_usage();
|
|
||||||
exit( EXIT_FAILURE );
|
|
||||||
|
|
||||||
--- openldap/clients/tools/ldapmodify.c 2009-04-09 11:37:06.000000000 +0200
|
|
||||||
+++ openldap/clients/tools/ldapmodify.c.option 2009-04-09 14:50:14.000000000 +0200
|
|
||||||
@@ -137,8 +137,12 @@ usage( void )
|
|
||||||
fprintf( stderr, _("Add or modify options:\n"));
|
|
||||||
fprintf( stderr, _(" -a add values (%s)\n"),
|
|
||||||
(ldapadd ? _("default") : _("default is to replace")));
|
|
||||||
+ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
|
|
||||||
fprintf( stderr, _(" -E [!]ext=extparam modify extensions"
|
|
||||||
" (! indicate s criticality)\n"));
|
|
||||||
+ fprintf( stderr, _(" -f file read operations from `file'\n"));
|
|
||||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
|
||||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
|
||||||
#ifdef LDAP_X_TXN
|
|
||||||
fprintf( stderr,
|
|
||||||
_(" [!]txn=<commit|abort> (transaction)\n"));
|
|
||||||
|
|
||||||
--- openldap/clients/tools/ldapmodrdn.c 2009-04-09 11:37:06.000000000 +0200
|
|
||||||
+++ openldap/clients/tools/ldapmodrdn.c.option 2009-04-09 14:50:40.000000000 +0200
|
|
||||||
@@ -83,6 +83,10 @@ usage( void )
|
|
||||||
fprintf( stderr, _(" If not given, the list of modifications is read from stdin or\n"));
|
|
||||||
fprintf( stderr, _(" from the file specified by \"-f file\" (see man page).\n"));
|
|
||||||
fprintf( stderr, _("Rename options:\n"));
|
|
||||||
+ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
|
|
||||||
+ fprintf( stderr, _(" -f file read operations from `file'\n"));
|
|
||||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
|
||||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
|
||||||
fprintf( stderr, _(" -r remove old RDN\n"));
|
|
||||||
fprintf( stderr, _(" -s newsup new superior entry\n"));
|
|
||||||
tool_common_usage();
|
|
||||||
|
|
||||||
--- openldap/clients/tools/ldapsearch.c 2009-04-09 11:37:06.000000000 +0200
|
|
||||||
+++ openldap/clients/tools/ldapsearch.c.option 2009-04-09 14:51:51.000000000 +0200
|
|
||||||
@@ -123,6 +123,7 @@ usage( void )
|
|
||||||
fprintf( stderr, _(" -a deref one of never (default), always, search, or find\n"));
|
|
||||||
fprintf( stderr, _(" -A retrieve attribute names only (no values)\n"));
|
|
||||||
fprintf( stderr, _(" -b basedn base dn for search\n"));
|
|
||||||
+ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
|
|
||||||
fprintf( stderr, _(" -E [!]<ext>[=<extparam>] search extensions (! indicates criticality)\n"));
|
|
||||||
fprintf( stderr, _(" [!]domainScope (domain scope)\n"));
|
|
||||||
fprintf( stderr, _(" !dontUseCopy (Don't Use Copy)\n"));
|
|
||||||
@@ -137,12 +138,15 @@ usage( void )
|
|
||||||
fprintf( stderr, _(" [!]deref=derefAttr:attr[,...][;derefAttr:attr[,...][;...]]\n"));
|
|
||||||
#endif
|
|
||||||
fprintf( stderr, _(" [!]<oid>=:<value> (generic control; no response handling)\n"));
|
|
||||||
+ fprintf( stderr, _(" -f file read operations from `file'\n"));
|
|
||||||
fprintf( stderr, _(" -F prefix URL prefix for files (default: %s)\n"), def_urlpre);
|
|
||||||
fprintf( stderr, _(" -l limit time limit (in seconds, or \"none\" or \"max\") for search\n"));
|
|
||||||
fprintf( stderr, _(" -L print responses in LDIFv1 format\n"));
|
|
||||||
fprintf( stderr, _(" -LL print responses in LDIF format without comments\n"));
|
|
||||||
fprintf( stderr, _(" -LLL print responses in LDIF format without comments\n"));
|
|
||||||
fprintf( stderr, _(" and version\n"));
|
|
||||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
|
||||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
|
||||||
fprintf( stderr, _(" -s scope one of base, one, sub or children (search scope)\n"));
|
|
||||||
fprintf( stderr, _(" -S attr sort the results by attribute `attr'\n"));
|
|
||||||
fprintf( stderr, _(" -t write binary values to files in temporary directory\n"));
|
|
@ -1,10 +0,0 @@
|
|||||||
--- openldap-2.4.16/doc/man/man5/ldap.conf.5.orig 2009-09-16 17:12:01.000000000 +0200
|
|
||||||
+++ openldap-2.4.16/doc/man/man5/ldap.conf.5 2009-09-16 17:15:32.000000000 +0200
|
|
||||||
@@ -305,6 +305,7 @@
|
|
||||||
.B TLS_CACERT
|
|
||||||
is always used before
|
|
||||||
.B TLS_CACERTDIR.
|
|
||||||
+The specified directory must be managed with the OpenSSL c_rehash utility.
|
|
||||||
This parameter is ignored with GNUtls.
|
|
||||||
.TP
|
|
||||||
.B TLS_CERT <filename>
|
|
@ -1,11 +0,0 @@
|
|||||||
--- openldap-2.4.19/servers/slapd/back-bdb/dn2id.c.orig 2010-02-24 09:55:39.000000000 +0100
|
|
||||||
+++ openldap-2.4.19/servers/slapd/back-bdb/dn2id.c 2010-02-24 09:56:07.000000000 +0100
|
|
||||||
@@ -676,7 +676,7 @@ hdb_dn2id_delete(
|
|
||||||
d->nrdnlen[0] = (BEI(e)->bei_nrdn.bv_len >> 8) | 0x80;
|
|
||||||
dlen[0] = d->nrdnlen[0];
|
|
||||||
dlen[1] = d->nrdnlen[1];
|
|
||||||
- strcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val );
|
|
||||||
+ memcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val, BEI(e)->bei_nrdn.bv_len+1 );
|
|
||||||
data.data = d;
|
|
||||||
|
|
||||||
rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
|
|
@ -1,22 +0,0 @@
|
|||||||
--- openldap-2.4.22/include/Makefile.in.orig 2010-06-03 07:38:29.000000000 -0600
|
|
||||||
+++ openldap-2.4.22/include/Makefile.in 2010-06-03 07:39:21.000000000 -0600
|
|
||||||
@@ -15,17 +15,18 @@
|
|
||||||
|
|
||||||
all-local: ldap_config.h FORCE
|
|
||||||
|
|
||||||
install-local: FORCE
|
|
||||||
-$(MKDIR) $(DESTDIR)$(includedir)
|
|
||||||
for header in $(srcdir)/lber.h lber_types.h \
|
|
||||||
$(srcdir)/ldap.h $(srcdir)/ldap_cdefs.h \
|
|
||||||
$(srcdir)/ldap_schema.h $(srcdir)/ldap_utf8.h \
|
|
||||||
- $(srcdir)/slapi-plugin.h ldap_features.h; \
|
|
||||||
+ $(srcdir)/slapi-plugin.h ldap_features.h \
|
|
||||||
+ $(srcdir)/ldif.h ; \
|
|
||||||
do \
|
|
||||||
$(INSTALL) $(INSTALLFLAGS) -m 644 $$header $(DESTDIR)$(includedir); \
|
|
||||||
done
|
|
||||||
|
|
||||||
clean-local: FORCE
|
|
||||||
$(RM) ldap_config.h
|
|
||||||
|
|
||||||
veryclean-local: clean-local FORCE
|
|
@ -1,66 +0,0 @@
|
|||||||
--- openldap-2.4.22/libraries/liblutil/Makefile.in.orig 2010-06-03 10:57:01.000000000 -0600
|
|
||||||
+++ openldap-2.4.22/libraries/liblutil/Makefile.in 2010-06-03 10:59:29.000000000 -0600
|
|
||||||
@@ -9,16 +9,19 @@
|
|
||||||
## modification, are permitted only as authorized by the OpenLDAP
|
|
||||||
## Public License.
|
|
||||||
##
|
|
||||||
## A copy of this license is available in the file LICENSE in the
|
|
||||||
## top-level directory of the distribution or, alternatively, at
|
|
||||||
## <http://www.OpenLDAP.org/license.html>.
|
|
||||||
|
|
||||||
LIBRARY = liblutil.a
|
|
||||||
+
|
|
||||||
+SHAREDLIB = libldif.la
|
|
||||||
+
|
|
||||||
PROGRAM = testavl
|
|
||||||
|
|
||||||
LDAP_INCDIR= ../../include
|
|
||||||
LDAP_LIBDIR= ../../libraries
|
|
||||||
|
|
||||||
NT_SRCS = ntservice.c
|
|
||||||
NT_OBJS = ntservice.o slapdmsg.res
|
|
||||||
|
|
||||||
@@ -35,16 +38,18 @@
|
|
||||||
@LIBSRCS@ $(@PLAT@_SRCS)
|
|
||||||
|
|
||||||
OBJS = base64.o entropy.o sasl.o signal.o hash.o passfile.o \
|
|
||||||
md5.o passwd.o sha1.o getpass.o lockf.o utils.o uuid.o sockpair.o \
|
|
||||||
avl.o tavl.o ldif.o fetch.o \
|
|
||||||
meter.o \
|
|
||||||
@LIBOBJS@ $(@PLAT@_OBJS)
|
|
||||||
|
|
||||||
+SHAREDLIBOBJS = ldif.lo fetch.lo
|
|
||||||
+
|
|
||||||
testavl: $(XLIBS) testavl.o
|
|
||||||
(LTLINK) -o $@ testavl.o $(LIBS)
|
|
||||||
|
|
||||||
testtavl: $(XLIBS) testtavl.o
|
|
||||||
(LTLINK) -o $@ testtavl.o $(LIBS)
|
|
||||||
|
|
||||||
# These rules are for a Mingw32 build, specifically.
|
|
||||||
# It's ok for them to be here because the clean rule is harmless, and
|
|
||||||
@@ -54,8 +59,24 @@
|
|
||||||
@if [ ! -f $@ ]; then cp $(srcdir)/$@ .; fi
|
|
||||||
|
|
||||||
slapdmsg.res: slapdmsg.rc slapdmsg.bin
|
|
||||||
windres $< -O coff -o $@
|
|
||||||
|
|
||||||
clean-local:
|
|
||||||
$(RM) *.res
|
|
||||||
|
|
||||||
+all-local: $(SHAREDLIB)
|
|
||||||
+
|
|
||||||
+.SUFFIXES: .c .o .lo
|
|
||||||
+
|
|
||||||
+.c.lo:
|
|
||||||
+ $(LTCOMPILE_LIB) $<
|
|
||||||
+
|
|
||||||
+$(LIBRARY): $(SHAREDLIBOBJS) version.lo
|
|
||||||
+
|
|
||||||
+$(SHAREDLIB): $(SHAREDLIBOBJS) version.lo
|
|
||||||
+ $(LTLINK_LIB) -o $(SHAREDLIB) $(SHAREDLIBOBJS) version.lo $(LINK_LIBS)
|
|
||||||
+
|
|
||||||
+install-local: FORCE
|
|
||||||
+ -$(MKDIR) $(DESTDIR)$(libdir)
|
|
||||||
+ $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(SHAREDLIB) $(DESTDIR)$(libdir)
|
|
||||||
+ $(LTFINISH) $(DESTDIR)$(libdir)
|
|
@ -1,74 +0,0 @@
|
|||||||
bz #605448 CVE-2010-0211 openldap: modrdn processing uninitialized pointer free
|
|
||||||
bz #605452 CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference
|
|
||||||
|
|
||||||
diff -urp openldap-2.4.22/servers/slapd/dn.c openldap-2.4.22.new/servers/slapd/dn.c
|
|
||||||
--- openldap-2.4.22/servers/slapd/dn.c 2010-04-13 22:23:14.000000000 +0200
|
|
||||||
+++ openldap-2.4.22.new/servers/slapd/dn.c 2010-07-19 17:57:51.974346501 +0200
|
|
||||||
@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned f
|
|
||||||
ava->la_attr = ad->ad_cname;
|
|
||||||
|
|
||||||
if( ava->la_flags & LDAP_AVA_BINARY ) {
|
|
||||||
- if( ava->la_value.bv_len == 0 ) {
|
|
||||||
- /* BER encoding is empty */
|
|
||||||
- return LDAP_INVALID_SYNTAX;
|
|
||||||
- }
|
|
||||||
+ /* AVA is binary encoded, not supported */
|
|
||||||
+ return LDAP_INVALID_SYNTAX;
|
|
||||||
|
|
||||||
/* Do not allow X-ORDERED 'VALUES' naming attributes */
|
|
||||||
} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
|
|
||||||
return LDAP_INVALID_SYNTAX;
|
|
||||||
|
|
||||||
- /* AVA is binary encoded, don't muck with it */
|
|
||||||
} else if( flags & SLAP_LDAPDN_PRETTY ) {
|
|
||||||
transf = ad->ad_type->sat_syntax->ssyn_pretty;
|
|
||||||
if( !transf ) {
|
|
||||||
@@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned f
|
|
||||||
ava->la_value = bv;
|
|
||||||
ava->la_flags |= LDAP_AVA_FREE_VALUE;
|
|
||||||
}
|
|
||||||
+ /* reject empty values */
|
|
||||||
+ if (!ava->la_value.bv_len) {
|
|
||||||
+ return LDAP_INVALID_SYNTAX;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
rc = LDAP_SUCCESS;
|
|
||||||
|
|
||||||
diff -urp openldap-2.4.22/servers/slapd/modrdn.c openldap-2.4.22.new/servers/slapd/modrdn.c
|
|
||||||
--- openldap-2.4.22/servers/slapd/modrdn.c 2010-04-13 22:23:16.000000000 +0200
|
|
||||||
+++ openldap-2.4.22.new/servers/slapd/modrdn.c 2010-07-19 17:57:51.975346274 +0200
|
|
||||||
@@ -445,12 +445,19 @@ slap_modrdn2mods(
|
|
||||||
mod_tmp->sml_values[1].bv_val = NULL;
|
|
||||||
if( desc->ad_type->sat_equality->smr_normalize) {
|
|
||||||
mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
|
|
||||||
- (void) (*desc->ad_type->sat_equality->smr_normalize)(
|
|
||||||
+ rs->sr_err = desc->ad_type->sat_equality->smr_normalize(
|
|
||||||
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
|
|
||||||
desc->ad_type->sat_syntax,
|
|
||||||
desc->ad_type->sat_equality,
|
|
||||||
&mod_tmp->sml_values[0],
|
|
||||||
&mod_tmp->sml_nvalues[0], NULL );
|
|
||||||
+ if (rs->sr_err != LDAP_SUCCESS) {
|
|
||||||
+ ch_free(mod_tmp->sml_nvalues);
|
|
||||||
+ ch_free(mod_tmp->sml_values[0].bv_val);
|
|
||||||
+ ch_free(mod_tmp->sml_values);
|
|
||||||
+ ch_free(mod_tmp);
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
mod_tmp->sml_nvalues[1].bv_val = NULL;
|
|
||||||
} else {
|
|
||||||
mod_tmp->sml_nvalues = NULL;
|
|
||||||
diff -urp openldap-2.4.22/servers/slapd/schema_init.c openldap-2.4.22.new/servers/slapd/schema_init.c
|
|
||||||
--- openldap-2.4.22/servers/slapd/schema_init.c 2010-04-14 20:12:15.000000000 +0200
|
|
||||||
+++ openldap-2.4.22.new/servers/slapd/schema_init.c 2010-07-19 17:57:51.978346712 +0200
|
|
||||||
@@ -1735,8 +1735,9 @@ UTF8StringNormalize(
|
|
||||||
? LDAP_UTF8_APPROX : 0;
|
|
||||||
|
|
||||||
val = UTF8bvnormalize( val, &tmp, flags, ctx );
|
|
||||||
+ /* out of memory or syntax error, the former is unlikely */
|
|
||||||
if( val == NULL ) {
|
|
||||||
- return LDAP_OTHER;
|
|
||||||
+ return LDAP_INVALID_SYNTAX;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* collapse spaces (in place) */
|
|
@ -1,30 +0,0 @@
|
|||||||
diff -up openldap-2.4.11/doc/man/man8/slapd.8.patch9 openldap-2.4.11/doc/man/man8/slapd.8
|
|
||||||
--- openldap-2.4.11/doc/man/man8/slapd.8.patch9 2008-02-12 00:26:40.000000000 +0100
|
|
||||||
+++ openldap-2.4.11/doc/man/man8/slapd.8 2008-09-01 09:57:09.000000000 +0200
|
|
||||||
@@ -5,7 +5,7 @@
|
|
||||||
.SH NAME
|
|
||||||
slapd \- Stand-alone LDAP Daemon
|
|
||||||
.SH SYNOPSIS
|
|
||||||
-.B LIBEXECDIR/slapd
|
|
||||||
+.B slapd
|
|
||||||
[\c
|
|
||||||
.BR \-4 | \-6 ]
|
|
||||||
[\c
|
|
||||||
@@ -312,7 +312,7 @@ on voluminous debugging which will be pr
|
|
||||||
.LP
|
|
||||||
.nf
|
|
||||||
.ft tt
|
|
||||||
- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
|
|
||||||
+ slapd -f /var/tmp/slapd.conf -d 255
|
|
||||||
.ft
|
|
||||||
.fi
|
|
||||||
.LP
|
|
||||||
@@ -320,7 +320,7 @@ To test whether the configuration file i
|
|
||||||
.LP
|
|
||||||
.nf
|
|
||||||
.ft tt
|
|
||||||
- LIBEXECDIR/slapd \-Tt
|
|
||||||
+ slapd -Tt
|
|
||||||
.ft
|
|
||||||
.fi
|
|
||||||
.LP
|
|
@ -1,12 +0,0 @@
|
|||||||
diff -up openldap-2.4.11/build/top.mk.patch6 openldap-2.4.11/build/top.mk
|
|
||||||
--- openldap-2.4.11/build/top.mk.patch6 2008-02-12 00:26:38.000000000 +0100
|
|
||||||
+++ openldap-2.4.11/build/top.mk 2008-09-01 09:57:09.000000000 +0200
|
|
||||||
@@ -199,7 +199,7 @@ SLAPD_SQL_LDFLAGS = @SLAPD_SQL_LDFLAGS@
|
|
||||||
SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
|
|
||||||
SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@
|
|
||||||
|
|
||||||
-SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
|
|
||||||
+SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_SLP_LIBS@ $(ICU_LIBS)
|
|
||||||
|
|
||||||
# Our Defaults
|
|
||||||
CC = $(AC_CC)
|
|
@ -1,16 +0,0 @@
|
|||||||
Build both slapd as position-independent executables. This really
|
|
||||||
should be threaded into the various autotools, but I guess this is what we have
|
|
||||||
until that happens, if it happens.
|
|
||||||
|
|
||||||
diff -up openldap-2.4.11/servers/slapd/Makefile.in.patch4 openldap-2.4.11/servers/slapd/Makefile.in
|
|
||||||
--- openldap-2.4.11/servers/slapd/Makefile.in.patch4 2008-02-12 00:26:43.000000000 +0100
|
|
||||||
+++ openldap-2.4.11/servers/slapd/Makefile.in 2008-09-01 09:57:09.000000000 +0200
|
|
||||||
@@ -266,7 +266,7 @@ libslapi.a: slapi/.libs/libslapi.a
|
|
||||||
cp slapi/.libs/libslapi.a .
|
|
||||||
|
|
||||||
slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
|
|
||||||
- $(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \
|
|
||||||
+ $(LTLINK) -pie -Wl,-z,defs -o $@ $(SLAPD_OBJECTS) $(LIBS) \
|
|
||||||
$(WRAP_LIBS)
|
|
||||||
$(RM) $(SLAPTOOLS)
|
|
||||||
for i in $(SLAPTOOLS); do \
|
|
@ -1,7 +1,10 @@
|
|||||||
diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/include/ldap.h
|
Get rid of this patch as soon as possible.
|
||||||
--- evo-openldap-2.4.14/include/ldap.h.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100
|
More details are provided in README.evolution
|
||||||
+++ evo-openldap-2.4.14/include/ldap.h 2009-02-17 10:10:00.000000000 +0100
|
|
||||||
@@ -2461,5 +2461,26 @@ ldap_parse_deref_control LDAP_P((
|
diff -uNPrp openldap-2.4.23.old/include/ldap.h openldap-2.4.23.new/include/ldap.h
|
||||||
|
--- openldap-2.4.23.old/include/ldap.h 2010-06-10 20:48:36.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/include/ldap.h 2010-08-24 18:17:46.306679878 +0200
|
||||||
|
@@ -2487,5 +2487,26 @@ ldap_parse_deref_control LDAP_P((
|
||||||
LDAPControl **ctrls,
|
LDAPControl **ctrls,
|
||||||
LDAPDerefRes **drp ));
|
LDAPDerefRes **drp ));
|
||||||
|
|
||||||
@ -28,9 +31,9 @@ diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/i
|
|||||||
+
|
+
|
||||||
LDAP_END_DECL
|
LDAP_END_DECL
|
||||||
#endif /* _LDAP_H */
|
#endif /* _LDAP_H */
|
||||||
diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.14/libraries/libldap/Makefile.in
|
diff -uNPrp openldap-2.4.23.old/libraries/libldap/Makefile.in openldap-2.4.23.new/libraries/libldap/Makefile.in
|
||||||
--- evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100
|
--- openldap-2.4.23.old/libraries/libldap/Makefile.in 2010-04-13 22:22:55.000000000 +0200
|
||||||
+++ evo-openldap-2.4.14/libraries/libldap/Makefile.in 2009-02-17 10:10:00.000000000 +0100
|
+++ openldap-2.4.23.new/libraries/libldap/Makefile.in 2010-08-24 18:17:46.306679878 +0200
|
||||||
@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur
|
@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur
|
||||||
SRCS = bind.c open.c result.c error.c compare.c search.c \
|
SRCS = bind.c open.c result.c error.c compare.c search.c \
|
||||||
controls.c messages.c references.c extended.c cyrus.c \
|
controls.c messages.c references.c extended.c cyrus.c \
|
||||||
@ -49,9 +52,9 @@ diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-op
|
|||||||
filter.lo free.lo sort.lo passwd.lo whoami.lo \
|
filter.lo free.lo sort.lo passwd.lo whoami.lo \
|
||||||
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
|
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
|
||||||
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
|
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
|
||||||
diff -up /dev/null evo-openldap-2.4.14/libraries/libldap/ntlm.c
|
diff -uNPrp openldap-2.4.23.old/libraries/libldap/ntlm.c openldap-2.4.23.new/libraries/libldap/ntlm.c
|
||||||
--- /dev/null 2009-02-17 09:19:52.829004420 +0100
|
--- openldap-2.4.23.old/libraries/libldap/ntlm.c 1970-01-01 01:00:00.000000000 +0100
|
||||||
+++ evo-openldap-2.4.14/libraries/libldap/ntlm.c 2009-02-17 10:10:00.000000000 +0100
|
+++ openldap-2.4.23.new/libraries/libldap/ntlm.c 2010-08-24 18:17:46.330680333 +0200
|
||||||
@@ -0,0 +1,137 @@
|
@@ -0,0 +1,137 @@
|
||||||
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
|
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
|
||||||
+/*
|
+/*
|
61
openldap-export-ldif.patch
Normal file
61
openldap-export-ldif.patch
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
Patch exposes LDIF reading/writing API. This change is required to replace
|
||||||
|
mozldap with openldap in FreeIPA project.
|
||||||
|
|
||||||
|
Upstream: ITS #6194
|
||||||
|
Author: Rich Megginson <rmeggins@redhat.com>
|
||||||
|
|
||||||
|
diff -uNPrp openldap-2.4.23.old/include/Makefile.in openldap-2.4.23.new/include/Makefile.in
|
||||||
|
--- openldap-2.4.23.old/include/Makefile.in 2010-04-13 22:22:47.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/include/Makefile.in 2010-08-19 17:40:29.073805139 +0200
|
||||||
|
@@ -20,7 +20,8 @@ install-local: FORCE
|
||||||
|
for header in $(srcdir)/lber.h lber_types.h \
|
||||||
|
$(srcdir)/ldap.h $(srcdir)/ldap_cdefs.h \
|
||||||
|
$(srcdir)/ldap_schema.h $(srcdir)/ldap_utf8.h \
|
||||||
|
- $(srcdir)/slapi-plugin.h ldap_features.h; \
|
||||||
|
+ $(srcdir)/slapi-plugin.h ldap_features.h \
|
||||||
|
+ $(srcdir)/ldif.h ; \
|
||||||
|
do \
|
||||||
|
$(INSTALL) $(INSTALLFLAGS) -m 644 $$header $(DESTDIR)$(includedir); \
|
||||||
|
done
|
||||||
|
diff -uNPrp openldap-2.4.23.old/libraries/liblutil/Makefile.in openldap-2.4.23.new/libraries/liblutil/Makefile.in
|
||||||
|
--- openldap-2.4.23.old/libraries/liblutil/Makefile.in 2010-04-19 18:53:01.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/libraries/liblutil/Makefile.in 2010-08-19 17:40:20.424679962 +0200
|
||||||
|
@@ -14,6 +14,9 @@
|
||||||
|
## <http://www.OpenLDAP.org/license.html>.
|
||||||
|
|
||||||
|
LIBRARY = liblutil.a
|
||||||
|
+
|
||||||
|
+SHAREDLIB = libldif.la
|
||||||
|
+
|
||||||
|
PROGRAM = testavl
|
||||||
|
|
||||||
|
LDAP_INCDIR= ../../include
|
||||||
|
@@ -40,6 +43,8 @@ OBJS = base64.o entropy.o sasl.o signal.
|
||||||
|
meter.o \
|
||||||
|
@LIBOBJS@ $(@PLAT@_OBJS)
|
||||||
|
|
||||||
|
+SHAREDLIBOBJS = ldif.lo fetch.lo
|
||||||
|
+
|
||||||
|
testavl: $(XLIBS) testavl.o
|
||||||
|
(LTLINK) -o $@ testavl.o $(LIBS)
|
||||||
|
|
||||||
|
@@ -59,3 +64,19 @@ slapdmsg.res: slapdmsg.rc slapdmsg.bin
|
||||||
|
clean-local:
|
||||||
|
$(RM) *.res
|
||||||
|
|
||||||
|
+all-local: $(SHAREDLIB)
|
||||||
|
+
|
||||||
|
+.SUFFIXES: .c .o .lo
|
||||||
|
+
|
||||||
|
+.c.lo:
|
||||||
|
+ $(LTCOMPILE_LIB) $<
|
||||||
|
+
|
||||||
|
+$(LIBRARY): $(SHAREDLIBOBJS) version.lo
|
||||||
|
+
|
||||||
|
+$(SHAREDLIB): $(SHAREDLIBOBJS) version.lo
|
||||||
|
+ $(LTLINK_LIB) -o $(SHAREDLIB) $(SHAREDLIBOBJS) version.lo $(LINK_LIBS)
|
||||||
|
+
|
||||||
|
+install-local: FORCE
|
||||||
|
+ -$(MKDIR) $(DESTDIR)$(libdir)
|
||||||
|
+ $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(SHAREDLIB) $(DESTDIR)$(libdir)
|
||||||
|
+ $(LTFINISH) $(DESTDIR)$(libdir)
|
19
openldap-ldaprc-currentdir.patch
Normal file
19
openldap-ldaprc-currentdir.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
Disables opening of ldaprc file in current directory.
|
||||||
|
|
||||||
|
Resolves: #38402
|
||||||
|
Upstream: ITS #1131
|
||||||
|
Author: Henning Schmiedehausen <hps@intermeta.de>
|
||||||
|
|
||||||
|
diff -u -uNPrp openldap-2.4.23.old/libraries/libldap/init.c openldap-2.4.23.new/libraries/libldap/init.c
|
||||||
|
--- openldap-2.4.23.old/libraries/libldap/init.c 2010-04-13 22:22:57.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/libraries/libldap/init.c 2010-08-24 15:34:27.780680598 +0200
|
||||||
|
@@ -346,9 +346,6 @@ static void openldap_ldap_init_w_usercon
|
||||||
|
if(path != NULL) {
|
||||||
|
LDAP_FREE(path);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- /* try file */
|
||||||
|
- openldap_ldap_init_w_conf(file, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void openldap_ldap_init_w_env(
|
103
openldap-manpages.patch
Normal file
103
openldap-manpages.patch
Normal file
@ -0,0 +1,103 @@
|
|||||||
|
Various manual pages changes:
|
||||||
|
* removes LIBEXECDIR from slapd.8
|
||||||
|
* removes references to non-existing manpages (bz 624616)
|
||||||
|
|
||||||
|
diff -uNPrp openldap-2.4.23.old/doc/man/man1/ldapmodify.1 openldap-2.4.23.new/doc/man/man1/ldapmodify.1
|
||||||
|
--- openldap-2.4.23.old/doc/man/man1/ldapmodify.1 2010-04-13 22:22:36.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/doc/man/man1/ldapmodify.1 2010-08-19 17:42:10.256805450 +0200
|
||||||
|
@@ -364,9 +364,7 @@ exit status and a diagnostic message bei
|
||||||
|
.BR ldap_add_ext (3),
|
||||||
|
.BR ldap_delete_ext (3),
|
||||||
|
.BR ldap_modify_ext (3),
|
||||||
|
-.BR ldap_modrdn_ext (3),
|
||||||
|
-.BR ldif (5),
|
||||||
|
-.BR slapd.replog (5)
|
||||||
|
+.BR ldif (5)
|
||||||
|
.SH AUTHOR
|
||||||
|
The OpenLDAP Project <http://www.openldap.org/>
|
||||||
|
.SH ACKNOWLEDGEMENTS
|
||||||
|
diff -uNPrp openldap-2.4.23.old/doc/man/man5/ldap.conf.5 openldap-2.4.23.new/doc/man/man5/ldap.conf.5
|
||||||
|
--- openldap-2.4.23.old/doc/man/man5/ldap.conf.5 2010-04-13 22:22:41.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/doc/man/man5/ldap.conf.5 2010-08-19 17:43:25.312805428 +0200
|
||||||
|
@@ -317,6 +317,7 @@ certificates in separate individual file
|
||||||
|
.B TLS_CACERT
|
||||||
|
is always used before
|
||||||
|
.B TLS_CACERTDIR.
|
||||||
|
+The specified directory must be managed with the OpenSSL c_rehash utility.
|
||||||
|
This parameter is ignored with GNUtls.
|
||||||
|
.TP
|
||||||
|
.B TLS_CERT <filename>
|
||||||
|
diff -uNPrp openldap-2.4.23.old/doc/man/man5/ldif.5 openldap-2.4.23.new/doc/man/man5/ldif.5
|
||||||
|
--- openldap-2.4.23.old/doc/man/man5/ldif.5 2010-04-13 22:22:41.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/doc/man/man5/ldif.5 2010-08-19 17:42:10.256805450 +0200
|
||||||
|
@@ -270,8 +270,7 @@ commands.
|
||||||
|
.BR ldapmodify (1),
|
||||||
|
.BR slapadd (8),
|
||||||
|
.BR slapcat (8),
|
||||||
|
-.BR slapd\-ldif (5),
|
||||||
|
-.BR slapd.replog (5).
|
||||||
|
+.BR slapd\-ldif (5).
|
||||||
|
.LP
|
||||||
|
"LDAP Data Interchange Format," Good, G., RFC 2849.
|
||||||
|
.SH ACKNOWLEDGEMENTS
|
||||||
|
diff -uNPrp openldap-2.4.23.old/doc/man/man5/slapd-config.5 openldap-2.4.23.new/doc/man/man5/slapd-config.5
|
||||||
|
--- openldap-2.4.23.old/doc/man/man5/slapd-config.5 2010-06-10 19:17:53.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/doc/man/man5/slapd-config.5 2010-08-19 17:42:10.258805346 +0200
|
||||||
|
@@ -1995,7 +1995,6 @@ default slapd configuration directory
|
||||||
|
.BR slapd.conf (5),
|
||||||
|
.BR slapd.overlays (5),
|
||||||
|
.BR slapd.plugin (5),
|
||||||
|
-.BR slapd.replog (5),
|
||||||
|
.BR slapd (8),
|
||||||
|
.BR slapacl (8),
|
||||||
|
.BR slapadd (8),
|
||||||
|
diff -uNPrp openldap-2.4.23.old/doc/man/man5/slapd.conf.5 openldap-2.4.23.new/doc/man/man5/slapd.conf.5
|
||||||
|
--- openldap-2.4.23.old/doc/man/man5/slapd.conf.5 2010-04-16 20:05:07.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/doc/man/man5/slapd.conf.5 2010-08-19 17:42:10.261805644 +0200
|
||||||
|
@@ -1927,7 +1927,6 @@ default slapd configuration file
|
||||||
|
.BR slapd.backends (5),
|
||||||
|
.BR slapd.overlays (5),
|
||||||
|
.BR slapd.plugin (5),
|
||||||
|
-.BR slapd.replog (5),
|
||||||
|
.BR slapd (8),
|
||||||
|
.BR slapacl (8),
|
||||||
|
.BR slapadd (8),
|
||||||
|
diff -uNPrp openldap-2.4.23.old/doc/man/man8/slapd.8 openldap-2.4.23.new/doc/man/man8/slapd.8
|
||||||
|
--- openldap-2.4.23.old/doc/man/man8/slapd.8 2010-04-13 22:22:46.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/doc/man/man8/slapd.8 2010-08-19 17:44:19.996680613 +0200
|
||||||
|
@@ -5,7 +5,7 @@
|
||||||
|
.SH NAME
|
||||||
|
slapd \- Stand-alone LDAP Daemon
|
||||||
|
.SH SYNOPSIS
|
||||||
|
-.B LIBEXECDIR/slapd
|
||||||
|
+.B slapd
|
||||||
|
[\c
|
||||||
|
.BR \-4 | \-6 ]
|
||||||
|
[\c
|
||||||
|
@@ -301,7 +301,7 @@ the LDAP databases defined in the defaul
|
||||||
|
.LP
|
||||||
|
.nf
|
||||||
|
.ft tt
|
||||||
|
- LIBEXECDIR/slapd
|
||||||
|
+ slapd
|
||||||
|
.ft
|
||||||
|
.fi
|
||||||
|
.LP
|
||||||
|
@@ -312,7 +312,7 @@ on voluminous debugging which will be pr
|
||||||
|
.LP
|
||||||
|
.nf
|
||||||
|
.ft tt
|
||||||
|
- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
|
||||||
|
+ slapd -f /var/tmp/slapd.conf -d 255
|
||||||
|
.ft
|
||||||
|
.fi
|
||||||
|
.LP
|
||||||
|
@@ -320,7 +320,7 @@ To test whether the configuration file i
|
||||||
|
.LP
|
||||||
|
.nf
|
||||||
|
.ft tt
|
||||||
|
- LIBEXECDIR/slapd \-Tt
|
||||||
|
+ slapd -Tt
|
||||||
|
.ft
|
||||||
|
.fi
|
||||||
|
.LP
|
@ -1,5 +1,8 @@
|
|||||||
#614545 Mozilla NSS - support use of self signed CA certs as server certs
|
#614545 Mozilla NSS - support use of self signed CA certs as server certs
|
||||||
upstream: http://www.openldap.org/its/index.cgi issue 6589
|
|
||||||
|
Resolves: #614545
|
||||||
|
Upstream: ITS #6589
|
||||||
|
Author: Rich Megginson <rmeggins@redhat.com>
|
||||||
|
|
||||||
diff -urNP openldap-2.4.22.old/libraries/libldap/tls_m.c openldap-2.4.22.new/libraries/libldap/tls_m.c
|
diff -urNP openldap-2.4.22.old/libraries/libldap/tls_m.c openldap-2.4.22.new/libraries/libldap/tls_m.c
|
||||||
--- openldap-2.4.22.old/libraries/libldap/tls_m.c 2010-04-15 23:26:00.000000000 +0200
|
--- openldap-2.4.22.old/libraries/libldap/tls_m.c 2010-04-15 23:26:00.000000000 +0200
|
@ -1,5 +1,8 @@
|
|||||||
#616552 Mozilla NSS - delay token auth until needed
|
Mozilla NSS - delay token auth until needed
|
||||||
upstream: http://www.openldap.org/its/index.cgi issue 6595
|
|
||||||
|
Resolves: #616552
|
||||||
|
Upstream: ITS #6595
|
||||||
|
Author: Rich Megginson <rmeggins@redhat.com>
|
||||||
|
|
||||||
diff -urNP openldap-2.4.22.old/libraries/libldap/tls_m.c openldap-2.4.22.new/libraries/libldap/tls_m.c
|
diff -urNP openldap-2.4.22.old/libraries/libldap/tls_m.c openldap-2.4.22.new/libraries/libldap/tls_m.c
|
||||||
--- openldap-2.4.22.old/libraries/libldap/tls_m.c 2010-07-22 09:56:58.984806148 +0200
|
--- openldap-2.4.22.old/libraries/libldap/tls_m.c 2010-07-22 09:56:58.984806148 +0200
|
@ -2,11 +2,14 @@ The non-reentrant gethostbyXXXX() functions deadlock if called recursively, for
|
|||||||
example if libldap needs to be initialized from within gethostbyXXXX() (which
|
example if libldap needs to be initialized from within gethostbyXXXX() (which
|
||||||
actually happens if nss_ldap is used for hostname resolution and earlier
|
actually happens if nss_ldap is used for hostname resolution and earlier
|
||||||
modules can't resolve the local host name), so use the reentrant versions of
|
modules can't resolve the local host name), so use the reentrant versions of
|
||||||
the functions, even if we're not being compiled for use in libldap_r (patch
|
the functions, even if we're not being compiled for use in libldap_r
|
||||||
from Jeffery Layton, #179730).
|
|
||||||
diff -up openldap-2.4.11/libraries/libldap/util-int.c.patch7 openldap-2.4.11/libraries/libldap/util-int.c
|
Resolves: #179730
|
||||||
--- openldap-2.4.11/libraries/libldap/util-int.c.patch7 2008-02-12 00:26:41.000000000 +0100
|
Author: Jeffery Layton <jlayton@redhat.com>
|
||||||
+++ openldap-2.4.11/libraries/libldap/util-int.c 2008-09-01 09:57:09.000000000 +0200
|
|
||||||
|
diff -uNPrp openldap-2.4.23.old/libraries/libldap/util-int.c openldap-2.4.23.new/libraries/libldap/util-int.c
|
||||||
|
--- openldap-2.4.23.old/libraries/libldap/util-int.c 2010-04-19 18:53:01.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/libraries/libldap/util-int.c 2010-08-19 17:47:52.456805354 +0200
|
||||||
@@ -52,8 +52,8 @@ extern int h_errno;
|
@@ -52,8 +52,8 @@ extern int h_errno;
|
||||||
#ifndef LDAP_R_COMPILE
|
#ifndef LDAP_R_COMPILE
|
||||||
# undef HAVE_REENTRANT_FUNCTIONS
|
# undef HAVE_REENTRANT_FUNCTIONS
|
||||||
@ -18,7 +21,7 @@ diff -up openldap-2.4.11/libraries/libldap/util-int.c.patch7 openldap-2.4.11/lib
|
|||||||
|
|
||||||
#else
|
#else
|
||||||
# include <ldap_pvt_thread.h>
|
# include <ldap_pvt_thread.h>
|
||||||
@@ -110,7 +110,7 @@ char *ldap_pvt_ctime( const time_t *tp,
|
@@ -330,7 +330,7 @@ ldap_pvt_csnstr(char *buf, size_t len, u
|
||||||
#define BUFSTART (1024-32)
|
#define BUFSTART (1024-32)
|
||||||
#define BUFMAX (32*1024-32)
|
#define BUFMAX (32*1024-32)
|
||||||
|
|
17
openldap-security-pie.patch
Normal file
17
openldap-security-pie.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
Build slapd as position-independent executable (PIE) to take an advantage of
|
||||||
|
address space layout randomization (ASLD).
|
||||||
|
|
||||||
|
Author: Thomas Woerner <twoerner@redhat.com>
|
||||||
|
|
||||||
|
diff -uNPrp openldap-2.4.23.old/servers/slapd/Makefile.in openldap-2.4.23.new/servers/slapd/Makefile.in
|
||||||
|
--- openldap-2.4.23.old/servers/slapd/Makefile.in 2010-04-13 22:23:09.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/servers/slapd/Makefile.in 2010-08-24 15:09:08.999680712 +0200
|
||||||
|
@@ -266,7 +266,7 @@ libslapi.a: slapi/.libs/libslapi.a
|
||||||
|
cp slapi/.libs/libslapi.a .
|
||||||
|
|
||||||
|
slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
|
||||||
|
- $(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \
|
||||||
|
+ $(LTLINK) -pie -Wl,-z,defs -o $@ $(SLAPD_OBJECTS) $(LIBS) \
|
||||||
|
$(WRAP_LIBS)
|
||||||
|
$(RM) $(SLAPTOOLS)
|
||||||
|
for i in $(SLAPTOOLS); do \
|
@ -1,6 +1,8 @@
|
|||||||
diff -up openldap-2.4.11/servers/slapd/slapd.conf.config openldap-2.4.11/servers/slapd/slapd.conf
|
Updates initial slapd configuration.
|
||||||
--- openldap-2.4.11/servers/slapd/slapd.conf.config 2007-02-13 21:22:22.000000000 +0100
|
|
||||||
+++ openldap-2.4.11/servers/slapd/slapd.conf 2008-10-09 16:13:52.000000000 +0200
|
diff -urNPp openldap-2.4.23.old/servers/slapd/slapd.conf openldap-2.4.23.new/servers/slapd/slapd.conf
|
||||||
|
--- openldap-2.4.23.old/servers/slapd/slapd.conf 2007-02-13 21:22:22.000000000 +0100
|
||||||
|
+++ openldap-2.4.23.new/servers/slapd/slapd.conf 2010-08-19 15:45:05.835681213 +0200
|
||||||
@@ -2,22 +2,57 @@
|
@@ -2,22 +2,57 @@
|
||||||
# See slapd.conf(5) for details on configuration options.
|
# See slapd.conf(5) for details on configuration options.
|
||||||
# This file should NOT be world readable.
|
# This file should NOT be world readable.
|
@ -1,21 +1,24 @@
|
|||||||
Compile smbk5pwd together with other overlays.
|
Compile smbk5pwd together with other overlays.
|
||||||
|
|
||||||
diff -up openldap-2.4.11/contrib/slapd-modules/smbk5pwd/README.patch8 openldap-2.4.11/contrib/slapd-modules/smbk5pwd/README
|
Resolves: 550895
|
||||||
--- openldap-2.4.11/contrib/slapd-modules/smbk5pwd/README.patch8 2005-11-12 16:18:09.000000000 +0100
|
Author: Jan Šafránek <jsafrane@redhat.com>
|
||||||
+++ openldap-2.4.11/contrib/slapd-modules/smbk5pwd/README 2008-09-01 09:57:09.000000000 +0200
|
|
||||||
|
diff -urNPp openldap-2.4.23.old/contrib/slapd-modules/smbk5pwd/README openldap-2.4.23.new/contrib/slapd-modules/smbk5pwd/README
|
||||||
|
--- openldap-2.4.23.old/contrib/slapd-modules/smbk5pwd/README 2010-04-13 22:22:30.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/contrib/slapd-modules/smbk5pwd/README 2010-08-23 13:20:33.338687818 +0200
|
||||||
@@ -1,3 +1,8 @@
|
@@ -1,3 +1,8 @@
|
||||||
+***************************************************************
|
+*******************************************************
|
||||||
+Red Hat note: Kerberos support is NOT compiled into
|
+Red Hat note: Kerberos support is NOT compiled into
|
||||||
+this version of smbk5pwd because we do not use Heimdall.
|
+this version of smbk5pwd because we do not use Heimdal.
|
||||||
+***************************************************************
|
+*******************************************************
|
||||||
+
|
+
|
||||||
This directory contains a slapd overlay, smbk5pwd, that extends the
|
This directory contains a slapd overlay, smbk5pwd, that extends the
|
||||||
PasswordModify Extended Operation to update Kerberos keys and Samba
|
PasswordModify Extended Operation to update Kerberos keys and Samba
|
||||||
password hashes for an LDAP user.
|
password hashes for an LDAP user.
|
||||||
diff -up openldap-2.4.11/servers/slapd/overlays/Makefile.in.patch8 openldap-2.4.11/servers/slapd/overlays/Makefile.in
|
diff -urNPp openldap-2.4.23.old/servers/slapd/overlays/Makefile.in openldap-2.4.23.new/servers/slapd/overlays/Makefile.in
|
||||||
--- openldap-2.4.11/servers/slapd/overlays/Makefile.in.patch8 2008-02-12 00:26:48.000000000 +0100
|
--- openldap-2.4.23.old/servers/slapd/overlays/Makefile.in 2010-04-13 22:23:44.000000000 +0200
|
||||||
+++ openldap-2.4.11/servers/slapd/overlays/Makefile.in 2008-09-01 09:57:09.000000000 +0200
|
+++ openldap-2.4.23.new/servers/slapd/overlays/Makefile.in 2010-08-23 13:20:33.338687818 +0200
|
||||||
@@ -30,7 +30,8 @@ SRCS = overlays.c \
|
@@ -33,7 +33,8 @@ SRCS = overlays.c \
|
||||||
syncprov.c \
|
syncprov.c \
|
||||||
translucent.c \
|
translucent.c \
|
||||||
unique.c \
|
unique.c \
|
||||||
@ -25,7 +28,7 @@ diff -up openldap-2.4.11/servers/slapd/overlays/Makefile.in.patch8 openldap-2.4.
|
|||||||
OBJS = statover.o \
|
OBJS = statover.o \
|
||||||
@SLAPD_STATIC_OVERLAYS@ \
|
@SLAPD_STATIC_OVERLAYS@ \
|
||||||
overlays.o
|
overlays.o
|
||||||
@@ -43,14 +44,14 @@ LTONLY_MOD = $(LTONLY_mod)
|
@@ -46,14 +47,14 @@ LTONLY_MOD = $(LTONLY_mod)
|
||||||
LDAP_INCDIR= ../../../include
|
LDAP_INCDIR= ../../../include
|
||||||
LDAP_LIBDIR= ../../../libraries
|
LDAP_LIBDIR= ../../../libraries
|
||||||
|
|
||||||
@ -42,7 +45,7 @@ diff -up openldap-2.4.11/servers/slapd/overlays/Makefile.in.patch8 openldap-2.4.
|
|||||||
|
|
||||||
XINCPATH = -I.. -I$(srcdir)/..
|
XINCPATH = -I.. -I$(srcdir)/..
|
||||||
XDEFS = $(MODULES_CPPFLAGS)
|
XDEFS = $(MODULES_CPPFLAGS)
|
||||||
@@ -113,6 +114,9 @@ unique.la : unique.lo
|
@@ -125,6 +126,9 @@ unique.la : unique.lo
|
||||||
valsort.la : valsort.lo
|
valsort.la : valsort.lo
|
||||||
$(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS)
|
$(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS)
|
||||||
|
|
15
openldap-sql-linking.patch
Normal file
15
openldap-sql-linking.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
Removes unnecessary linking of SQL libraries into slapd. This makes openldap-servers package
|
||||||
|
independent on libodbc. (SQL backend is packaged separately in openldap-servers-sql.)
|
||||||
|
|
||||||
|
diff -uNPrp openldap-2.4.23.old/build/top.mk openldap-2.4.23.new/build/top.mk
|
||||||
|
--- openldap-2.4.23.old/build/top.mk 2010-04-13 22:22:22.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/build/top.mk 2010-08-25 15:58:18.477648731 +0200
|
||||||
|
@@ -201,7 +201,7 @@ SLAPD_SQL_LDFLAGS = @SLAPD_SQL_LDFLAGS@
|
||||||
|
SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
|
||||||
|
SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@
|
||||||
|
|
||||||
|
-SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
|
||||||
|
+SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
|
||||||
|
|
||||||
|
# Our Defaults
|
||||||
|
CC = $(AC_CC)
|
17
openldap-userconfig-setgid.patch
Normal file
17
openldap-userconfig-setgid.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
Normally, skips reading of user configuration file when running with different effective UID.
|
||||||
|
This patch adds the same behavior for GID.
|
||||||
|
|
||||||
|
Author: Nalin Dahyabhai <nalin@redhat.com>
|
||||||
|
|
||||||
|
diff -uNPrp openldap-2.4.23.old/libraries/libldap/init.c openldap-2.4.23.new/libraries/libldap/init.c
|
||||||
|
--- openldap-2.4.23.old/libraries/libldap/init.c 2010-04-13 22:22:57.000000000 +0200
|
||||||
|
+++ openldap-2.4.23.new/libraries/libldap/init.c 2010-08-24 17:25:07.207682002 +0200
|
||||||
|
@@ -663,7 +663,7 @@ void ldap_int_initialize( struct ldapopt
|
||||||
|
openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
|
||||||
|
|
||||||
|
#ifdef HAVE_GETEUID
|
||||||
|
- if ( geteuid() != getuid() )
|
||||||
|
+ if ( geteuid() != getuid() || getegid() != getgid() )
|
||||||
|
return;
|
||||||
|
#endif
|
||||||
|
|
620
openldap.spec
620
openldap.spec
@ -1,59 +1,52 @@
|
|||||||
# We distribute own version of Berkeley DB to prevent
|
# TODO: add make test after build
|
||||||
# problems on db4.rpm upgrade - some versions of db4 do
|
|
||||||
# not work with some versions of OpenLDAP.
|
|
||||||
%define db_version 4.8.26
|
|
||||||
%define ldbm_backend berkeley
|
%define ldbm_backend berkeley
|
||||||
%define version 2.4.22
|
|
||||||
%define evolution_connector_prefix %{_libdir}/evolution-openldap
|
%define evolution_connector_prefix %{_libdir}/evolution-openldap
|
||||||
%define evolution_connector_includedir %{evolution_connector_prefix}/include
|
%define evolution_connector_includedir %{evolution_connector_prefix}/include
|
||||||
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
|
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
|
||||||
|
|
||||||
Summary: LDAP support libraries
|
|
||||||
Name: openldap
|
Name: openldap
|
||||||
Version: %{version}
|
Version: 2.4.23
|
||||||
Release: 7%{?dist}
|
Release: 1%{?dist}
|
||||||
License: OpenLDAP
|
Summary: LDAP support libraries
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
License: OpenLDAP
|
||||||
Source1: http://download.oracle.com/berkeley-db/db-%{db_version}.tar.gz
|
|
||||||
Source3: README.migration
|
|
||||||
Source4: ldap.init
|
|
||||||
Source5: migration-tools.txt
|
|
||||||
Source6: autofs.schema
|
|
||||||
Source7: README.upgrading
|
|
||||||
Source9: README.evolution
|
|
||||||
Source10: ldap.sysconfig
|
|
||||||
|
|
||||||
# Patches for 2.4
|
|
||||||
Patch0: openldap-2.4.6-config.patch
|
|
||||||
Patch1: openldap-2.0.11-ldaprc.patch
|
|
||||||
Patch2: openldap-2.2.13-setugid.patch
|
|
||||||
Patch3: openldap-2.4.6-pie.patch
|
|
||||||
Patch4: openldap-2.3.11-toollinks.patch
|
|
||||||
Patch5: openldap-2.4.6-nosql.patch
|
|
||||||
Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
|
|
||||||
Patch9: openldap-2.3.37-smbk5pwd.patch
|
|
||||||
Patch10: openldap-2.4.6-multilib.patch
|
|
||||||
Patch11: openldap-2.4.16-doc-cacertdir.patch
|
|
||||||
Patch12: openldap-2.4.21-dn2id-segfault.patch
|
|
||||||
Patch13: openldap-2.4.22-ldif_h.patch
|
|
||||||
Patch14: openldap-2.4.22-libldif.patch
|
|
||||||
Patch15: openldap-2.4.22-modrdn-segfault.patch
|
|
||||||
Patch16: openldap-2.4.23-selfsignedcacert.patch
|
|
||||||
Patch17: openldap-2.4.22-initauthtoken.patch
|
|
||||||
|
|
||||||
# Patches for the evolution library
|
|
||||||
Patch200: openldap-2.4.6-evolution-ntlm.patch
|
|
||||||
|
|
||||||
URL: http://www.openldap.org/
|
URL: http://www.openldap.org/
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
||||||
BuildRequires: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel
|
Source1: ldap.init
|
||||||
BuildRequires: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers-devel,
|
Source2: ldap.sysconfig
|
||||||
BuildRequires: unixODBC-devel, libtool-ltdl-devel, groff
|
Source3: autofs.schema
|
||||||
BuildRequires: nss-devel
|
Source4: migration-tools.txt
|
||||||
Requires: glibc >= 2.2.3-48, mktemp
|
Source5: README.migration
|
||||||
Obsoletes: compat-openldap < 2.4
|
Source6: README.upgrading
|
||||||
|
Source7: README.evolution
|
||||||
|
|
||||||
|
# patches for 2.4
|
||||||
|
Patch0: openldap-slapd-conf.patch
|
||||||
|
Patch1: openldap-manpages.patch
|
||||||
|
Patch2: openldap-security-pie.patch
|
||||||
|
Patch3: openldap-sql-linking.patch
|
||||||
|
Patch4: openldap-reentrant-gethostby.patch
|
||||||
|
Patch5: openldap-export-ldif.patch
|
||||||
|
Patch6: openldap-smbk5pwd-overlay.patch
|
||||||
|
Patch7: openldap-ldaprc-currentdir.patch
|
||||||
|
Patch8: openldap-userconfig-setgid.patch
|
||||||
|
|
||||||
|
# already merged upstream
|
||||||
|
Patch100: openldap-nss-ca-selfsigned.patch
|
||||||
|
Patch101: openldap-nss-delay-token-auth.patch
|
||||||
|
|
||||||
|
# patches for the evolution library (see README.evolution)
|
||||||
|
Patch200: openldap-evolution-ntlm.patch
|
||||||
|
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
|
|
||||||
|
BuildRequires: cyrus-sasl-devel >= 2.1, nss-devel, krb5-devel, tcp_wrappers-devel, unixODBC-devel
|
||||||
|
BuildRequires: glibc-devel, libtool, libtool-ltdl-devel, groff, perl
|
||||||
|
# smbk5pwd overlay:
|
||||||
|
BuildRequires: openssl-devel
|
||||||
|
|
||||||
|
Obsoletes: compat-openldap < 2.4
|
||||||
# provide ldif2ldbm functionality for migrationtools
|
# provide ldif2ldbm functionality for migrationtools
|
||||||
Provides: ldif2ldbm
|
Provides: ldif2ldbm
|
||||||
|
|
||||||
@ -82,9 +75,12 @@ customized LDAP clients.
|
|||||||
|
|
||||||
%package servers
|
%package servers
|
||||||
Summary: LDAP server
|
Summary: LDAP server
|
||||||
# OpenLDAP server includes Berkeley DB library, which is licensed under Sleepycat and BSD licenses)
|
License: OpenLDAP
|
||||||
License: OpenLDAP and (Sleepycat and BSD)
|
Requires: openldap = %{version}-%{release}, openssl
|
||||||
Requires: fileutils, make, openldap = %{version}-%{release}, openssl, /usr/sbin/useradd, /usr/sbin/groupadd, /sbin/chkconfig, /sbin/runuser
|
Requires(pre): shadow-utils
|
||||||
|
Requires(post): chkconfig, /sbin/runuser, make
|
||||||
|
Requires(preun): chkconfig
|
||||||
|
BuildRequires: db4-devel >= 4.4, db4-devel <= 4.8
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
|
||||||
%description servers
|
%description servers
|
||||||
@ -124,101 +120,74 @@ over the Internet. The openldap-clients package contains the client
|
|||||||
programs needed for accessing and modifying OpenLDAP directories.
|
programs needed for accessing and modifying OpenLDAP directories.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -c -a 1
|
%setup -q -c -a 0
|
||||||
|
|
||||||
|
# setup tree for openldap
|
||||||
|
|
||||||
pushd openldap-%{version}
|
pushd openldap-%{version}
|
||||||
|
|
||||||
%patch0 -p1 -b .config
|
%patch0 -p1 -b .config
|
||||||
%patch1 -p1 -b .ldaprc
|
%patch1 -p1 -b .manpages
|
||||||
%patch2 -p1 -b .setugid
|
%patch2 -p1 -b .security-pie
|
||||||
%patch3 -p1 -b .pie
|
%patch3 -p1 -b .sql-linking
|
||||||
%patch4 -p1 -b .toollinks
|
%patch4 -p1 -b .reentrant-gethostby
|
||||||
%patch5 -p1 -b .nosql
|
%patch5 -p1 -b .export-ldif
|
||||||
%patch6 -p1 -b .gethostbyname_r
|
%patch6 -p1 -b .smbk5pwd-overlay
|
||||||
%patch9 -p1 -b .smbk5pwd
|
%patch7 -p1 -b .ldaprc-currentdir
|
||||||
%patch10 -p1 -b .multilib
|
%patch8 -p1 -b .userconfig-setgid
|
||||||
%patch11 -p1 -b .cacertdir
|
|
||||||
%patch12 -p1 -b .segfault
|
%patch100 -p1 -b .nss-ca-selfsigned
|
||||||
%patch13 -p1 -b .ldif_h
|
%patch101 -p1 -b .nss-delay-token-auth
|
||||||
%patch14 -p1 -b .libldif
|
|
||||||
%patch15 -p1 -b .modrdn-segfault
|
|
||||||
%patch16 -p1 -b .selfsignedcacert
|
|
||||||
%patch17 -p1 -b .initauthtoken
|
|
||||||
|
|
||||||
cp %{_datadir}/libtool/config/config.{sub,guess} build/
|
cp %{_datadir}/libtool/config/config.{sub,guess} build/
|
||||||
|
|
||||||
|
for subdir in build-servers build-clients ; do
|
||||||
|
mkdir $subdir
|
||||||
|
ln -s ../configure $subdir
|
||||||
|
done
|
||||||
|
|
||||||
|
# build smbk5pwd with other overlays
|
||||||
|
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
||||||
|
mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
||||||
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Set up a build tree for a static version of libldap with the hooks for the
|
# setup tree for openldap with evolution-specific patches
|
||||||
# non-standard NTLM bind type which is needed to connect to Win2k GC servers
|
|
||||||
# (Win2k3 supports SASL with DIGEST-MD5, so this shouldn't be needed for those
|
|
||||||
# servers, though as of version 1.4 the connector doesn't try SASL first).
|
|
||||||
if ! cp -al openldap-%{version} evo-openldap-%{version} ; then
|
if ! cp -al openldap-%{version} evo-openldap-%{version} ; then
|
||||||
rm -fr evo-openldap-%{version}
|
rm -fr evo-openldap-%{version}
|
||||||
cp -a openldap-%{version} evo-openldap-%{version}
|
cp -a openldap-%{version} evo-openldap-%{version}
|
||||||
fi
|
fi
|
||||||
pushd evo-openldap-%{version}
|
pushd evo-openldap-%{version}
|
||||||
%patch200 -p1 -b .evolution-ntlm
|
%patch200 -p1 -b .evolution-ntlm
|
||||||
popd
|
popd
|
||||||
|
|
||||||
pushd openldap-%{version}
|
|
||||||
for subdir in build-servers build-clients ; do
|
|
||||||
mkdir $subdir
|
|
||||||
ln -s ../configure $subdir
|
|
||||||
done
|
|
||||||
# build smbk5pwd with other overlays
|
|
||||||
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
|
||||||
mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
|
||||||
popd
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
dbdir=`pwd`/db-instroot
|
|
||||||
libtool='%{_bindir}/libtool'
|
libtool='%{_bindir}/libtool'
|
||||||
tagname=CC; export tagname
|
export tagname=CC
|
||||||
|
|
||||||
%ifarch ia64
|
%ifarch ia64
|
||||||
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
|
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Set CFLAGS to incorporate RPM_OPT_FLAGS.
|
export CPPFLAGS="-I%_includedir/nss3 -I%_includedir/nspr4"
|
||||||
CFLAGS="$RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
|
export CFLAGS="$RPM_OPT_FLAGS $CPPFLAGS -fPIC -D_REENTRANT -DLDAP_CONNECTIONLESS -D_GNU_SOURCE -DHAVE_TLS -DHAVE_MOZNSS -DSLAPD_LMHASH"
|
||||||
|
export NSS_LIBS="-lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4"
|
||||||
# Build Berkeley DB and install it into a temporary area, isolating OpenLDAP
|
export LIBS=""
|
||||||
# from any future changes to the system-wide Berkeley DB library. Version 4.2
|
|
||||||
# or later is required by the BDB backend in OpenLDAP 2.1 and later.
|
|
||||||
install -d db-%{db_version}/build-rpm
|
|
||||||
pushd db-%{db_version}/build-rpm
|
|
||||||
../dist/configure -C \
|
|
||||||
--with-pic \
|
|
||||||
--disable-static \
|
|
||||||
--enable-shared \
|
|
||||||
--with-uniquename=_openldap_slapd_46 \
|
|
||||||
--prefix=${dbdir} \
|
|
||||||
--includedir=${dbdir}/include \
|
|
||||||
--libdir=${dbdir}/%{_lib}${subdir:+/${subdir}}
|
|
||||||
# fix libtool: no rpath
|
|
||||||
perl -pi -e 's|hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=\"-L\\\$libdir\"|g;' libtool
|
|
||||||
|
|
||||||
make %{_smp_mflags} libdb_base=libslapd_db libso_base=libslapd_db
|
|
||||||
make install libdb_base=libslapd_db libso_base=libslapd_db strip="false"
|
|
||||||
ln -sf libslapd_db.so ${dbdir}/%{_lib}/${subdir}/libdb.so
|
|
||||||
popd
|
|
||||||
|
|
||||||
export CPPFLAGS="-I${dbdir}/include -I%_includedir/nss3 -I%_includedir/nspr4"
|
|
||||||
export CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -DLDAP_CONNECTIONLESS -fPIC -D_GNU_SOURCE -DHAVE_TLS -DHAVE_MOZNSS -DSLAPD_LMHASH"
|
|
||||||
export LDFLAGS="-L${dbdir}/%{_lib}"
|
|
||||||
export LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
|
||||||
MOZNSS_TLS_LIBS="-lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4"
|
|
||||||
export LIBS="$MOZNSS_TLS_LIBS"
|
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
|
|
||||||
%configure \
|
%configure \
|
||||||
--with-threads=posix \
|
--with-threads=posix \
|
||||||
\
|
\
|
||||||
--enable-local --enable-rlookups \
|
--enable-local \
|
||||||
|
--enable-rlookups \
|
||||||
\
|
\
|
||||||
--with-tls=no \
|
--with-tls=no \
|
||||||
--with-cyrus-sasl \
|
--with-cyrus-sasl \
|
||||||
\
|
\
|
||||||
--enable-wrappers \
|
--with-wrappers \
|
||||||
\
|
\
|
||||||
--enable-passwd \
|
--enable-passwd \
|
||||||
\
|
\
|
||||||
@ -231,24 +200,27 @@ build() {
|
|||||||
\
|
\
|
||||||
--libexecdir=%{_libdir} \
|
--libexecdir=%{_libdir} \
|
||||||
$@
|
$@
|
||||||
# HACK HACK HACK
|
|
||||||
# openldap uses #include <nss/somemoznssfile.h>
|
# allow #include <nss/file.h> and <nspr/file.h>
|
||||||
# this doesn't work on fedora and similar which uses /usr/include/nss3
|
|
||||||
# so we have to fake it out
|
|
||||||
pushd include
|
pushd include
|
||||||
if [ ! -d nss ] ; then
|
if [ ! -d nss ] ; then
|
||||||
ln -s %_includedir/nss3 nss
|
ln -s %{_includedir}/nss3 nss
|
||||||
fi
|
fi
|
||||||
if [ ! -d nspr ] ; then
|
if [ ! -d nspr ] ; then
|
||||||
ln -s %_includedir/nspr4 nspr
|
ln -s %{_includedir}/nspr4 nspr
|
||||||
fi
|
fi
|
||||||
popd
|
popd
|
||||||
|
|
||||||
make %{_smp_mflags} LIBTOOL="$libtool"
|
make %{_smp_mflags} LIBTOOL="$libtool"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Build the servers with Kerberos support (for password checking, mainly).
|
# Kerberos support:
|
||||||
LIBS="$LIBS -lpthread"; export LIBS
|
# - enabled in server (mainly for password checking)
|
||||||
LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}; export LD_LIBRARY_PATH
|
# - disabled in clients (not needed, to avoid stray dependencies)
|
||||||
|
|
||||||
|
# build servers
|
||||||
|
export LIBS="$NSS_LIBS -lpthread"
|
||||||
pushd openldap-%{version}/build-servers
|
pushd openldap-%{version}/build-servers
|
||||||
build \
|
build \
|
||||||
--enable-plugins \
|
--enable-plugins \
|
||||||
@ -273,12 +245,10 @@ build \
|
|||||||
--disable-dynamic \
|
--disable-dynamic \
|
||||||
--with-kerberos=k5only \
|
--with-kerberos=k5only \
|
||||||
--enable-overlays=mod
|
--enable-overlays=mod
|
||||||
unset LIBS
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Build clients without Kerberos password-checking support, which is only
|
# build clients
|
||||||
# useful in the server anyway, to avoid stray dependencies.
|
export LIBS="$NSS_LIBS"
|
||||||
export LIBS="$MOZNSS_TLS_LIBS"
|
|
||||||
pushd openldap-%{version}/build-clients
|
pushd openldap-%{version}/build-clients
|
||||||
build \
|
build \
|
||||||
--disable-slapd \
|
--disable-slapd \
|
||||||
@ -288,8 +258,8 @@ build \
|
|||||||
--with-pic
|
--with-pic
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Build evolution-specific clients just as we would normal clients, except with
|
# build evolution-specific clients
|
||||||
# a different installation directory in mind and no shared libraries.
|
# (specific patch, different installation directory, no shared libraries)
|
||||||
pushd evo-openldap-%{version}
|
pushd evo-openldap-%{version}
|
||||||
build \
|
build \
|
||||||
--disable-slapd \
|
--disable-slapd \
|
||||||
@ -303,224 +273,180 @@ build \
|
|||||||
popd
|
popd
|
||||||
|
|
||||||
%install
|
%install
|
||||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
rm -rf %{buildroot}
|
||||||
libtool='%{_bindir}/libtool'
|
libtool='%{_bindir}/libtool'
|
||||||
tagname=CC; export tagname
|
export tagname=CC
|
||||||
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/
|
mkdir -p %{buildroot}/%{_libdir}/
|
||||||
|
|
||||||
pushd db-instroot/%{_lib}/
|
|
||||||
install -d $RPM_BUILD_ROOT/%{_libdir}/
|
|
||||||
install -m755 libslapd_db-*.*.so $RPM_BUILD_ROOT/%{_libdir}/
|
|
||||||
popd
|
|
||||||
|
|
||||||
pushd db-%{db_version}
|
|
||||||
mv LICENSE LICENSE.bdb-backend
|
|
||||||
popd
|
|
||||||
|
|
||||||
|
# install servers
|
||||||
pushd openldap-%{version}/build-servers
|
pushd openldap-%{version}/build-servers
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" STRIP=""
|
make install DESTDIR=%{buildroot} \
|
||||||
|
libdir=%{_libdir} \
|
||||||
|
LIBTOOL="$libtool" \
|
||||||
|
STRIP=""
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Install the bdb maintenance tools.
|
# install evolution-specific clients (conflicting files will be overwriten by generic version)
|
||||||
pushd db-instroot/bin
|
|
||||||
for binary in db_* ; do
|
|
||||||
install -m755 ${binary} $RPM_BUILD_ROOT/%{_sbindir}/slapd_${binary}
|
|
||||||
done
|
|
||||||
popd
|
|
||||||
|
|
||||||
# Install clients and shared libraries. Install the evo-specific versions
|
|
||||||
# first so that any conflicting files are overwritten by generic versions.
|
|
||||||
pushd evo-openldap-%{version}
|
pushd evo-openldap-%{version}
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT \
|
make install DESTDIR=%{buildroot} \
|
||||||
includedir=%{evolution_connector_includedir} \
|
includedir=%{evolution_connector_includedir} \
|
||||||
libdir=%{evolution_connector_libdir} \
|
libdir=%{evolution_connector_libdir} \
|
||||||
LIBTOOL="$libtool" \
|
LIBTOOL="$libtool" \
|
||||||
STRIP=""
|
STRIP=""
|
||||||
|
install -m 644 %SOURCE7 \
|
||||||
install -m644 %SOURCE9 \
|
%{buildroot}/%{evolution_connector_prefix}/
|
||||||
$RPM_BUILD_ROOT/%{evolution_connector_prefix}/
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
|
# install clients
|
||||||
pushd openldap-%{version}/build-clients
|
pushd openldap-%{version}/build-clients
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" STRIP=""
|
make install DESTDIR=%{buildroot} \
|
||||||
|
libdir=%{_libdir} \
|
||||||
|
LIBTOOL="$libtool" \
|
||||||
|
STRIP=""
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Create this directory so that authconfig setting TLS_CACERT to
|
# setup directories for TLS certificates
|
||||||
# /etc/openldap/cacerts doesn't cause TLS startup of any kind to fail
|
mkdir -p %{buildroot}%{_sysconfdir}/openldap/cacerts
|
||||||
# when the directory doesn't exist.
|
mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/openldap/cacerts
|
|
||||||
# make sure the certs directory exists
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
|
|
||||||
# Touch the dummy slapd.pem to make rpmbuild happy
|
|
||||||
touch $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/slapd.pem
|
|
||||||
|
|
||||||
install -m 644 %SOURCE7 README.upgrading
|
# install additional documentation
|
||||||
install -m 644 %SOURCE3 README.migration
|
install -m 644 %SOURCE5 README.migration
|
||||||
|
install -m 644 %SOURCE6 README.upgrading
|
||||||
|
|
||||||
# Create the data directory.
|
# setup data and runtime directories
|
||||||
mkdir -p $RPM_BUILD_ROOT/var/lib/ldap
|
mkdir -p %{buildroot}/var/lib/ldap
|
||||||
# Create the new run directory
|
mkdir -p %{buildroot}/var/run/openldap
|
||||||
mkdir -p $RPM_BUILD_ROOT/var/run/openldap
|
|
||||||
|
|
||||||
# Hack the build root out of the default config files.
|
# remove build root from config files and manual pages
|
||||||
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.conf
|
perl -pi -e "s|%{buildroot}||g" %{buildroot}/%{_sysconfdir}/openldap/*.conf
|
||||||
|
perl -pi -e "s|%{buildroot}||g" %{buildroot}%{_mandir}/*/*.*
|
||||||
|
|
||||||
# Get the buildroot out of the man pages.
|
# we don't need the default files -- RPM handles changes
|
||||||
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/*/*.*
|
rm -f %{buildroot}/%{_sysconfdir}/openldap/*.default
|
||||||
|
rm -f %{buildroot}/%{_sysconfdir}/openldap/schema/*.default
|
||||||
|
|
||||||
# We don't need the default files -- RPM handles changes.
|
# install an init script for the servers
|
||||||
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.default
|
mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
|
||||||
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/*.default
|
install -m 755 %SOURCE1 %{buildroot}%{_sysconfdir}/rc.d/init.d/slapd
|
||||||
|
|
||||||
# Install an init script for the servers.
|
# install syconfig/ldap
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
|
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
|
||||||
install -m 755 %SOURCE4 $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/slapd
|
install -m 644 %SOURCE2 %{buildroot}%{_sysconfdir}/sysconfig/ldap
|
||||||
|
|
||||||
# Install syconfig/ldap
|
# add some more schema for the sake of migration scripts
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
|
install -d -m755 %{buildroot}%{_sysconfdir}/openldap/schema/redhat
|
||||||
install -m 644 %SOURCE10 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ldap
|
install -m644 %SOURCE3 \
|
||||||
|
%{buildroot}%{_sysconfdir}/openldap/schema/redhat/
|
||||||
|
|
||||||
# Add some more schema for the sake of migration scripts.
|
# move slapd out of _libdir
|
||||||
install -d -m755 $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat
|
mv %{buildroot}/%{_libdir}/slapd %{buildroot}/%{_sbindir}/
|
||||||
install -m644 %SOURCE6 \
|
|
||||||
$RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat/
|
|
||||||
|
|
||||||
# Move slapd and slurpd out of _libdir
|
# setup tools as symlinks to slapd
|
||||||
mv $RPM_BUILD_ROOT/%{_libdir}/slapd $RPM_BUILD_ROOT/%{_sbindir}/
|
rm -f %{buildroot}/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
||||||
rm -f $RPM_BUILD_ROOT/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
rm -f %{buildroot}/%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
for X in acl add auth cat dn index passwd test schema; do ln -s slapd %{buildroot}/%{_sbindir}/slap$X ; done
|
||||||
for X in acl add auth cat dn index passwd test schema; do ln -s slapd $RPM_BUILD_ROOT/%{_sbindir}/slap$X ; done
|
|
||||||
|
|
||||||
# Tweak permissions on the libraries to make sure they're correct.
|
# tweak permissions on the libraries to make sure they're correct
|
||||||
chmod 755 $RPM_BUILD_ROOT/%{_libdir}/lib*.so*
|
chmod 755 %{buildroot}/%{_libdir}/lib*.so*
|
||||||
chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a
|
chmod 644 %{buildroot}/%{_libdir}/lib*.*a
|
||||||
|
|
||||||
# slapd.conf(5) is obsoleted since 2.3, see slapd-config(5)
|
# slapd.conf(5) is obsoleted since 2.3, see slapd-config(5)
|
||||||
# new configuration will be generated in %post
|
# new configuration will be generated in %post
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openldap-servers
|
mkdir -p %{buildroot}/%{_datadir}/openldap-servers
|
||||||
mkdir $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
|
mkdir %{buildroot}/%{_sysconfdir}/openldap/slapd.d
|
||||||
mv $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.conf $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
mv %{buildroot}/%{_sysconfdir}/openldap/slapd.conf %{buildroot}/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
||||||
chmod 0644 $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
chmod 0644 %{buildroot}/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
||||||
|
|
||||||
# Move doc files out of _sysconfdir
|
# move doc files out of _sysconfdir
|
||||||
mv $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/README README.schema
|
mv %{buildroot}%{_sysconfdir}/openldap/schema/README README.schema
|
||||||
mv $RPM_BUILD_ROOT%{_sysconfdir}/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/DB_CONFIG.example
|
mv %{buildroot}%{_sysconfdir}/openldap/DB_CONFIG.example %{buildroot}/%{_datadir}/openldap-servers/DB_CONFIG.example
|
||||||
chmod 0644 openldap-%{version}/servers/slapd/back-sql/rdbms_depend/timesten/*.sh
|
chmod 0644 openldap-%{version}/servers/slapd/back-sql/rdbms_depend/timesten/*.sh
|
||||||
chmod 0644 $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/DB_CONFIG.example
|
chmod 0644 %{buildroot}/%{_datadir}/openldap-servers/DB_CONFIG.example
|
||||||
|
|
||||||
# Remove files which we don't want packaged.
|
# remove files which we don't want packaged
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
|
rm -f %{buildroot}/%{_libdir}/*.la
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.a
|
rm -f %{buildroot}/%{_libdir}/*.a
|
||||||
rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.la
|
rm -f %{buildroot}/%{evolution_connector_libdir}/*.la
|
||||||
rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.so*
|
rm -f %{buildroot}/%{evolution_connector_libdir}/*.so*
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.a
|
rm -f %{buildroot}/%{_libdir}/openldap/*.a
|
||||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.so
|
rm -f %{buildroot}/%{_libdir}/openldap/*.so
|
||||||
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_localstatedir}/openldap-data/DB_CONFIG.example
|
rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example
|
||||||
rmdir $RPM_BUILD_ROOT%{_localstatedir}/openldap-data
|
rmdir %{buildroot}%{_localstatedir}/openldap-data
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf %{buildroot}
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
%post -p /sbin/ldconfig
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%pre servers
|
%pre servers
|
||||||
# Take care to only do ownership-changing if we're adding the user.
|
|
||||||
getent group ldap > /dev/null || \
|
# create ldap user and group
|
||||||
/usr/sbin/groupadd -r -g 55 ldap
|
getent group ldap >/dev/null || groupadd -r -g 55 ldap
|
||||||
if /usr/sbin/useradd -c "LDAP User" -u 55 -g ldap \
|
if ! getent passwd ldap >/dev/null; then
|
||||||
-s /sbin/nologin -r -d /var/lib/ldap ldap 2> /dev/null ; then
|
useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "LDAP User" ldap
|
||||||
if [ -d /var/lib/ldap ] ; then
|
# setup ownership of database files
|
||||||
for dbfile in /var/lib/ldap/* ; do
|
if [ -d /var/lib/ldap ] ; then
|
||||||
if [ -f $dbfile ] ; then
|
for dbfile in /var/lib/ldap/* ; do
|
||||||
chown ldap:ldap $dbfile
|
if [ -f $dbfile ] ; then
|
||||||
fi
|
chown ldap:ldap $dbfile
|
||||||
done
|
fi
|
||||||
fi
|
done
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$1" = "2" ]; then
|
# upgrade
|
||||||
# guess, if database upgrade is necessary
|
if [ $1 -eq 2 ]; then
|
||||||
OLD_BDB_VERSION=$( slapd_db_upgrade -V | sed 's/.* \([0-9\.]*\)\.[0-9]*:.*/\1/' )
|
# safe way to migrate the database if minor version number changed (2.x -> 2.y)
|
||||||
NEW_BDB_VERSION=$( echo %{db_version} | sed 's/.[0-9]*$//' )
|
# http://www.openldap.org/doc/admin24/maintenance.html
|
||||||
|
|
||||||
OLD_SLAPD_VERSION=$( rpm -q --qf "%{VERSION}" openldap-servers | sed 's/\.[0-9]*$//' )
|
old_version=$(rpm -q --qf=%%{version} openldap-servers | sed 's/\.[0-9]*$//')
|
||||||
NEW_SLAPD_VERSION=$( echo %{version} | sed 's/\.[0-9]*$//' )
|
new_version=$(sed 's/\.[0-9]*$//' <<< %{version})
|
||||||
# we need to detect how is the init script named
|
|
||||||
# - in older versions ldap
|
|
||||||
# - in newer versions slapd
|
|
||||||
if [ -f %{_initrddir}/ldap ]; then
|
|
||||||
SERVICE_NAME=ldap
|
|
||||||
elif [ -f %{_initrddir}/slapd ]; then
|
|
||||||
SERVICE_NAME=slapd
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$OLD_SLAPD_VERSION" != "$NEW_SLAPD_VERSION" ]; then
|
if [ "$old_version" != "$new_version" ]; then
|
||||||
# Minor version number has changed -> slapcat/slapadd of the BDB database
|
pushd %{_sharedstatedir}/ldap
|
||||||
# is necessary. Save an ldif of the database where the "% post servers"
|
|
||||||
# scriptlet can restore it. Also save the database files to a "rpmorig"
|
|
||||||
# directory - Just In Case (TM)
|
|
||||||
|
|
||||||
# stop the server
|
# stop the service
|
||||||
if /sbin/service $SERVICE_NAME status &>/dev/null; then
|
if service slapd status &>/dev/null; then
|
||||||
touch /var/lib/ldap/need_start
|
touch need_start
|
||||||
/sbin/service $SERVICE_NAME stop &>/dev/null
|
service slapd stop
|
||||||
fi
|
else
|
||||||
|
rm -f need_start
|
||||||
|
fi
|
||||||
|
|
||||||
files=$(echo /var/lib/ldap/{log.*,__db.*,[a]lock})
|
if ls __db.* &>/dev/null; then
|
||||||
if [ "$files" != '/var/lib/ldap/log.* /var/lib/ldap/__db.* /var/lib/ldap/[a]lock' ] ; then
|
# export the database
|
||||||
if /usr/sbin/slapcat -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1 ; then
|
if [ -f %{_sysconfdir}/openldap/slapd.conf ]; then
|
||||||
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
|
slapcat -f %{_sysconfdir}/openldap/slapd.conf -l upgrade.ldif &>/dev/null
|
||||||
/bin/rm -fr /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
|
else
|
||||||
mkdir /var/lib/ldap/rpmorig
|
slapcat -F %{_sysconfdir}/openldap/slapd.d -l upgrade.ldif &>/dev/null
|
||||||
mv /var/lib/ldap/{alock,*.bdb,__db.*,log.*} /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
|
fi
|
||||||
cp -f /var/lib/ldap/DB_CONFIG /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
|
|
||||||
else
|
|
||||||
/bin/rm -f /var/lib/ldap/upgrade.ldif
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
if [ "$OLD_BDB_VERSION" != "$NEW_BDB_VERSION" ]; then
|
|
||||||
# Minor version number of bdb has changed -> run db_upgrade in % post script
|
|
||||||
|
|
||||||
# stop the server
|
# backup the old database
|
||||||
if /sbin/service $SERVICE_NAME status &>/dev/null; then
|
if [ $? -eq 0 ]; then
|
||||||
touch /var/lib/ldap/need_start
|
rm -rf rpmorig
|
||||||
/sbin/service $SERVICE_NAME stop &>/dev/null
|
mv alock *.bdb __db.* log.* rpmorig &>/dev/null || :
|
||||||
fi
|
cp -f rpmorig/DB_CONFIG . &>/dev/null || :
|
||||||
|
else
|
||||||
|
rm -f upgrade.ldif
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Ensure, that the database is correct
|
popd
|
||||||
/sbin/runuser -m -s /usr/sbin/slapd_db_recover -- "ldap" -h /var/lib/ldap &>/dev/null
|
fi
|
||||||
# Just create /var/lib/ldap/need_db_upgrade so % post knows
|
|
||||||
touch /var/lib/ldap/need_db_upgrade &>/dev/null
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%post servers
|
%post servers
|
||||||
|
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
/sbin/chkconfig --add slapd
|
/sbin/chkconfig --add slapd
|
||||||
# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
|
|
||||||
# It was created by the % pre above.
|
|
||||||
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
|
|
||||||
/sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1
|
|
||||||
rm -f /var/lib/ldap/upgrade.ldif
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If there's a /var/lib/ldap/need_db_upgrade file, run db_upgrade and delete it.
|
|
||||||
# It was created by the % pre above.
|
|
||||||
if [ -f /var/lib/ldap/need_db_upgrade ]; then
|
|
||||||
if ls /var/lib/ldap/*.bdb > /dev/null 2>&1; then
|
|
||||||
/sbin/runuser -m -s /usr/sbin/slapd_db_upgrade -- "ldap" -h /var/lib/ldap /var/lib/ldap/*.bdb
|
|
||||||
fi
|
|
||||||
/sbin/runuser -m -s /usr/sbin/slapd_db_checkpoint -- "ldap" -h /var/lib/ldap -1
|
|
||||||
rm -f /var/lib/ldap/need_db_upgrade
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
# generate sample TLS certificates
|
||||||
if [ ! -f %{_sysconfdir}/pki/tls/certs/slapd.pem ] ; then
|
if [ ! -f %{_sysconfdir}/pki/tls/certs/slapd.pem ] ; then
|
||||||
pushd %{_sysconfdir}/pki/tls/certs > /dev/null 2>&1
|
pushd %{_sysconfdir}/pki/tls/certs > /dev/null 2>&1
|
||||||
umask 077
|
umask 077
|
||||||
@ -538,18 +464,20 @@ chmod 640 slapd.pem
|
|||||||
popd
|
popd
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ `find %{_sysconfdir}/openldap/slapd.d -maxdepth 0 -empty | wc -l` = "1" ]; then
|
# generate configuration in slapd.d
|
||||||
# configuration in slapd.d not available
|
if ! ls -d %{_sysconfdir}/openldap/slapd.d/* &>/dev/null; then
|
||||||
|
|
||||||
|
# fresh installation
|
||||||
[ ! -f %{_sysconfdir}/openldap/slapd.conf ]
|
[ ! -f %{_sysconfdir}/openldap/slapd.conf ]
|
||||||
fresh_install=$?
|
fresh_install=$?
|
||||||
|
|
||||||
[ $fresh_install -eq 0 ] && \
|
[ $fresh_install -eq 0 ] && \
|
||||||
cp %{_datadir}/openldap-servers/slapd.conf.obsolete %{_sysconfdir}/openldap/slapd.conf
|
cp %{_datadir}/openldap-servers/slapd.conf.obsolete %{_sysconfdir}/openldap/slapd.conf
|
||||||
|
|
||||||
|
# convert from old style config slapd.conf
|
||||||
mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak
|
mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak
|
||||||
mkdir -p %{_sysconfdir}/openldap/slapd.d/
|
mkdir -p %{_sysconfdir}/openldap/slapd.d/
|
||||||
lines=`egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1`
|
lines=$(egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1)
|
||||||
lines=$(($lines-1))
|
lines=$(($lines-1))
|
||||||
head -n $lines %{_sysconfdir}/openldap/slapd.conf.bak > %{_sysconfdir}/openldap/slapd.conf
|
head -n $lines %{_sysconfdir}/openldap/slapd.conf.bak > %{_sysconfdir}/openldap/slapd.conf
|
||||||
cat >> %{_sysconfdir}/openldap/slapd.conf << EOF
|
cat >> %{_sysconfdir}/openldap/slapd.conf << EOF
|
||||||
@ -557,7 +485,7 @@ database config
|
|||||||
rootdn "cn=admin,cn=config"
|
rootdn "cn=admin,cn=config"
|
||||||
#rootpw secret
|
#rootpw secret
|
||||||
EOF
|
EOF
|
||||||
lines_r=`wc --lines %{_sysconfdir}/openldap/slapd.conf.bak | cut -f1 -d" "`
|
lines_r=$(wc --lines %{_sysconfdir}/openldap/slapd.conf.bak | cut -f1 -d" ")
|
||||||
lines_r=$(($lines_r-$lines))
|
lines_r=$(($lines_r-$lines))
|
||||||
tail -n $lines_r %{_sysconfdir}/openldap/slapd.conf.bak >> %{_sysconfdir}/openldap/slapd.conf
|
tail -n $lines_r %{_sysconfdir}/openldap/slapd.conf.bak >> %{_sysconfdir}/openldap/slapd.conf
|
||||||
slaptest -f %{_sysconfdir}/openldap/slapd.conf -F %{_sysconfdir}/openldap/slapd.d > /dev/null 2> /dev/null
|
slaptest -f %{_sysconfdir}/openldap/slapd.conf -F %{_sysconfdir}/openldap/slapd.d > /dev/null 2> /dev/null
|
||||||
@ -570,26 +498,31 @@ EOF
|
|||||||
[ $fresh_install -eq 0 ] && rm -f %{_sysconfdir}/openldap/slapd.conf.bak
|
[ $fresh_install -eq 0 ] && rm -f %{_sysconfdir}/openldap/slapd.conf.bak
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $1 -ge 1 ] ; then
|
# finish database migration (see %pre)
|
||||||
/sbin/service slapd condrestart &>/dev/null
|
if [ -f %{_sharedstatedir}/ldap/upgrade.ldif ]; then
|
||||||
/sbin/service slapd status &>/dev/null
|
runuser -m -s /usr/sbin/slapadd -- ldap -l %{_sharedstatedir}/ldap/upgrade.ldif &>/dev/null
|
||||||
if [ "$?" != "0" -a -f /var/lib/ldap/need_start ]; then
|
rm -f %{_sharedstatedir}/ldap/upgrade.ldif
|
||||||
/sbin/service slapd start &>/dev/null
|
fi
|
||||||
rm -f /var/lib/ldap/need_start &>/dev/null
|
|
||||||
fi
|
# restart after upgrade
|
||||||
|
if [ $1 -ge 1 ]; then
|
||||||
|
if [ -f %{_sharedstatedir}/ldap/need_start ]; then
|
||||||
|
service slapd start
|
||||||
|
rm -f %{_sharedstatedir}/ldap/need_start
|
||||||
|
else
|
||||||
|
/sbin/service slapd condrestart
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%preun servers
|
%preun servers
|
||||||
if [ "$1" = "0" ] ; then
|
if [ $1 -eq 0 ] ; then
|
||||||
/sbin/service slapd stop > /dev/null 2>&1 || :
|
/sbin/service slapd stop > /dev/null 2>&1 || :
|
||||||
/sbin/chkconfig --del slapd
|
/sbin/chkconfig --del slapd
|
||||||
# Openldap-servers are being removed from system.
|
|
||||||
# Do not touch the database! Older versions of this
|
# openldap-servers are being removed from system
|
||||||
# package attempted to store database in LDIF format, so
|
# do not touch the database!
|
||||||
# it can be restored later - but it's up to the administrator
|
|
||||||
# to save the database, if he/she wants so.
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%postun servers
|
%postun servers
|
||||||
@ -599,6 +532,58 @@ fi
|
|||||||
|
|
||||||
%postun devel -p /sbin/ldconfig
|
%postun devel -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%triggerin servers -- db4
|
||||||
|
|
||||||
|
# db4 upgrade (see %triggerun)
|
||||||
|
if [ $2 -eq 2 ]; then
|
||||||
|
pushd %{_sharedstatedir}/ldap
|
||||||
|
|
||||||
|
# we are interested in minor version changes (both versions of db4 are installed at this moment)
|
||||||
|
if [ "$(rpm -q --qf="%%{version}\n" db4 | sed 's/\.[0-9]*$//' | sort -u | wc -l)" != "1" ]; then
|
||||||
|
# stop the service
|
||||||
|
if service slapd status &>/dev/null; then
|
||||||
|
touch need_start
|
||||||
|
service slapd stop
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ensure the database is consistent
|
||||||
|
runuser -m -s /usr/sbin/db_recover -- "ldap" -h %{_sharedstatedir}/ldap &>/dev/null
|
||||||
|
|
||||||
|
# upgrade will be performed after removing old db4
|
||||||
|
touch upgrade_db4
|
||||||
|
else
|
||||||
|
rm -f upgrade_db4
|
||||||
|
fi
|
||||||
|
|
||||||
|
popd
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%triggerun servers -- db4
|
||||||
|
|
||||||
|
# db4 upgrade (see %triggerin)
|
||||||
|
if [ -f %{_sharedstatedir}/ldap/upgrade_db4 ]; then
|
||||||
|
pushd %{_sharedstatedir}/ldap
|
||||||
|
|
||||||
|
# perform the upgrade
|
||||||
|
if ls *.bdb &>/dev/null; then
|
||||||
|
runuser -m -s /usr/bin/db_upgrade -- "ldap" -h %{_sharedstatedir}/ldap %{_sharedstatedir}/ldap/*.bdb
|
||||||
|
runuser -m -s /usr/bin/db_checkpoint -- "ldap" -h %{_sharedstatedir}/ldap -1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# start the service
|
||||||
|
if [ -f need_start ]; then
|
||||||
|
service slapd start
|
||||||
|
rm -f need_start
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -f upgrade_db4
|
||||||
|
popd
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%doc openldap-%{version}/ANNOUNCEMENT
|
%doc openldap-%{version}/ANNOUNCEMENT
|
||||||
@ -618,14 +603,13 @@ fi
|
|||||||
|
|
||||||
%files servers
|
%files servers
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%doc db-%{db_version}/LICENSE.bdb-backend
|
|
||||||
%doc README.upgrading
|
%doc README.upgrading
|
||||||
%doc README.migration
|
%doc README.migration
|
||||||
%doc openldap-%{version}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
%doc openldap-%{version}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
||||||
%doc openldap-%{version}/doc/guide/admin/*.html
|
%doc openldap-%{version}/doc/guide/admin/*.html
|
||||||
%doc openldap-%{version}/doc/guide/admin/*.png
|
%doc openldap-%{version}/doc/guide/admin/*.png
|
||||||
%doc README.schema
|
%doc README.schema
|
||||||
%ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/slapd.pem
|
%attr(0640,root,ldap) %ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/slapd.pem
|
||||||
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/slapd
|
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/slapd
|
||||||
%attr(0750,ldap,ldap) %dir %config(noreplace) %{_sysconfdir}/openldap/slapd.d
|
%attr(0750,ldap,ldap) %dir %config(noreplace) %{_sysconfdir}/openldap/slapd.d
|
||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ldap
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ldap
|
||||||
@ -640,7 +624,6 @@ fi
|
|||||||
%attr(0644,root,root) %{_mandir}/man5/slapo-*.5*
|
%attr(0644,root,root) %{_mandir}/man5/slapo-*.5*
|
||||||
%attr(0700,ldap,ldap) %dir /var/lib/ldap
|
%attr(0700,ldap,ldap) %dir /var/lib/ldap
|
||||||
%attr(0755,ldap,ldap) %dir /var/run/openldap
|
%attr(0755,ldap,ldap) %dir /var/run/openldap
|
||||||
%attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
|
|
||||||
%attr(0755,root,root) %dir %{_libdir}/openldap
|
%attr(0755,root,root) %dir %{_libdir}/openldap
|
||||||
%attr(0755,root,root) %{_libdir}/openldap/[^b]*
|
%attr(0755,root,root) %{_libdir}/openldap/[^b]*
|
||||||
%attr(0755,root,root) %dir %{_datadir}/openldap-servers
|
%attr(0755,root,root) %dir %{_datadir}/openldap-servers
|
||||||
@ -675,6 +658,11 @@ fi
|
|||||||
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
|
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Aug 27 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.23-1
|
||||||
|
- rebase to 2.4.23
|
||||||
|
- embeded db4 library removed
|
||||||
|
- removed bogus links in "SEE ALSO" in several man-pages (#624616)
|
||||||
|
|
||||||
* Thu Jul 22 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.22-7
|
* Thu Jul 22 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.22-7
|
||||||
- Mozilla NSS - delay token auth until needed (#616552)
|
- Mozilla NSS - delay token auth until needed (#616552)
|
||||||
- Mozilla NSS - support use of self signed CA certs as server certs (#614545)
|
- Mozilla NSS - support use of self signed CA certs as server certs (#614545)
|
||||||
|
Loading…
Reference in New Issue
Block a user