rebase to 2.4.23
- package rebased - removed embeded db4 - removed patches merged by upstream - removed no longer required patches - merged patches doing manpage changes - merged patches exporting ldif API - reapplied patches and added description to each one - removed unnecessary BuildRequires - cleaned %config, %build and %install sections - updated database upgrade process: - database is exported (slapcat) and reimported (slapadd) when minor version of openldap changes (safe and recomended way) - database is upgraded (db4) when minor version of db4 package changes (this is not done in %post anymore, as the database is not embeded, but using triggers) Resolved: #624616 Bogus links in "SEE ALSO" part of several man-pages Resolved: #625740 openldap-2.4.23 is available
This commit is contained in:
parent
b68d557f79
commit
95d8d32fc5
@ -1,9 +0,0 @@
|
||||
These files are here specifically for use in building the nss_ldap package,
|
||||
and should not be used for any other purpose.
|
||||
|
||||
They contain a backported patch which adds two functions which nss_ldap can
|
||||
use to avoid blocking in one particular use case, but which are not included
|
||||
in the 2.2 branch of OpenLDAP.
|
||||
|
||||
When the openldap package updates to 2.3, these libraries will simply
|
||||
disappear.
|
@ -1,21 +0,0 @@
|
||||
/* Gleaned from glibc, though I suppose it's documented in the specs, too.
|
||||
NPTL requires support that isn't in kernels prior to 2.4.20 (or 2.5.36 if
|
||||
you're not using a backported TLS implementation in your kernel), but ld.so
|
||||
will try to use this library on an insufficiently-new system unless we make
|
||||
a note of the required kernel version here.
|
||||
We also add in a section which marks the library as not needing an
|
||||
executable stack to avoid unintentionally disabling exec-shield and the
|
||||
like (thanks Arjan!). */
|
||||
.section ".note.ABI-tag", "a"
|
||||
.p2align 2
|
||||
.long 1f - 0f
|
||||
.long 3f - 2f
|
||||
.long 1
|
||||
0: .asciz "GNU"
|
||||
1: .p2align 2
|
||||
2: .long 0
|
||||
.long 2,4,20
|
||||
3: .p2align 2
|
||||
|
||||
.section .note.GNU-stack, "", @progbits
|
||||
.previous
|
@ -1,13 +0,0 @@
|
||||
diff -up openldap-2.4.11/libraries/libldap/init.c.patch2 openldap-2.4.11/libraries/libldap/init.c
|
||||
--- openldap-2.4.11/libraries/libldap/init.c.patch2 2008-02-12 00:26:41.000000000 +0100
|
||||
+++ openldap-2.4.11/libraries/libldap/init.c 2008-09-01 09:57:09.000000000 +0200
|
||||
@@ -327,9 +327,6 @@ static void openldap_ldap_init_w_usercon
|
||||
if(path != NULL) {
|
||||
LDAP_FREE(path);
|
||||
}
|
||||
-
|
||||
- /* try file */
|
||||
- openldap_ldap_init_w_conf(file, 1);
|
||||
}
|
||||
|
||||
static void openldap_ldap_init_w_env(
|
@ -1,14 +0,0 @@
|
||||
Don't read the user's configuration file if we're running in a setuid
|
||||
or setgid application.
|
||||
diff -up openldap-2.4.14/libraries/libldap/init.c.setugid openldap-2.4.14/libraries/libldap/init.c
|
||||
--- openldap-2.4.14/libraries/libldap/init.c.setugid 2009-02-17 08:31:19.000000000 +0100
|
||||
+++ openldap-2.4.14/libraries/libldap/init.c 2009-02-17 08:39:01.000000000 +0100
|
||||
@@ -634,7 +634,7 @@ void ldap_int_initialize( struct ldapopt
|
||||
openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
|
||||
|
||||
#ifdef HAVE_GETEUID
|
||||
- if ( geteuid() != getuid() )
|
||||
+ if ( geteuid() != getuid() || getegid() != getgid() )
|
||||
return;
|
||||
#endif
|
||||
|
@ -1,20 +0,0 @@
|
||||
If libexecdir and sbindir are the same, avoid making an absolute symlink.
|
||||
|
||||
|
||||
diff -up openldap-2.4.11/servers/slapd/Makefile.in.patch5 openldap-2.4.11/servers/slapd/Makefile.in
|
||||
--- openldap-2.4.11/servers/slapd/Makefile.in.patch5 2008-09-01 09:57:09.000000000 +0200
|
||||
+++ openldap-2.4.11/servers/slapd/Makefile.in 2008-09-01 09:57:09.000000000 +0200
|
||||
@@ -270,7 +270,12 @@ slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
|
||||
$(WRAP_LIBS)
|
||||
$(RM) $(SLAPTOOLS)
|
||||
for i in $(SLAPTOOLS); do \
|
||||
- $(LN_S) slapd$(EXEEXT) $$i$(EXEEXT); done
|
||||
+ if test $(libexecdir) != $(sbindir) ; then \
|
||||
+ $(LN_S) $(libexecdir)/slapd$(EXEEXT) $$i$(EXEEXT); \
|
||||
+ else \
|
||||
+ $(LN_S) slapd$(EXEEXT) $$i$(EXEEXT); \
|
||||
+ fi \
|
||||
+ done
|
||||
|
||||
|
||||
sslapd: version.o
|
@ -1,112 +0,0 @@
|
||||
--- openldap/clients/tools/common.c 2009-04-09 11:37:06.000000000 +0200
|
||||
+++ openldap/clients/tools/common.c.option 2009-04-09 14:52:23.000000000 +0200
|
||||
@@ -267,7 +267,6 @@ void
|
||||
tool_common_usage( void )
|
||||
{
|
||||
static const char *const descriptions[] = {
|
||||
-N_(" -c continuous operation mode (do not stop on errors)\n"),
|
||||
N_(" -d level set LDAP debugging level to `level'\n"),
|
||||
N_(" -D binddn bind DN\n"),
|
||||
N_(" -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)\n")
|
||||
@@ -298,18 +297,15 @@ N_(" [!]sessiontracking\n")
|
||||
N_(" abandon, cancel, ignore (SIGINT sends abandon/cancel,\n"
|
||||
" or ignores response; if critical, doesn't wait for SIGINT.\n"
|
||||
" not really controls)\n")
|
||||
-N_(" -f file read operations from `file'\n"),
|
||||
N_(" -h host LDAP server\n"),
|
||||
N_(" -H URI LDAP Uniform Resource Identifier(s)\n"),
|
||||
N_(" -I use SASL Interactive mode\n"),
|
||||
-N_(" -M enable Manage DSA IT control (-MM to make critical)\n"),
|
||||
N_(" -n show what would be done but don't actually do it\n"),
|
||||
N_(" -N do not use reverse DNS to canonicalize SASL host name\n"),
|
||||
N_(" -O props SASL security properties\n"),
|
||||
N_(" -o <opt>[=<optparam] general options\n"),
|
||||
N_(" nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
|
||||
N_(" -p port port on LDAP server\n"),
|
||||
-N_(" -P version protocol version (default: 3)\n"),
|
||||
N_(" -Q use SASL Quiet mode\n"),
|
||||
N_(" -R realm SASL realm\n"),
|
||||
N_(" -U authcid SASL authentication identity\n"),
|
||||
|
||||
--- openldap/clients/tools/ldapcompare.c 2009-04-09 11:37:06.000000000 +0200
|
||||
+++ openldap/clients/tools/ldapcompare.c.option 2009-04-09 14:46:37.000000000 +0200
|
||||
@@ -85,6 +85,8 @@ usage( void )
|
||||
fprintf( stderr, _("Compare options:\n"));
|
||||
fprintf( stderr, _(" -E [!]<ext>[=<extparam>] compare extensions (! indicates criticality)\n"));
|
||||
fprintf( stderr, _(" !dontUseCopy (Don't Use Copy)\n"));
|
||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
||||
fprintf( stderr, _(" -z Quiet mode,"
|
||||
" don't print anything, use return values\n"));
|
||||
tool_common_usage();
|
||||
|
||||
--- openldap/clients/tools/ldapdelete.c 2009-04-09 11:37:06.000000000 +0200
|
||||
+++ openldap/clients/tools/ldapdelete.c.option 2009-04-09 14:48:48.000000000 +0200
|
||||
@@ -71,6 +71,10 @@ usage( void )
|
||||
fprintf( stderr, _(" dn: list of DNs to delete. If not given, it will be readed from stdin\n"));
|
||||
fprintf( stderr, _(" or from the file specified with \"-f file\".\n"));
|
||||
fprintf( stderr, _("Delete Options:\n"));
|
||||
+ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
|
||||
+ fprintf( stderr, _(" -f file read operations from `file'\n"));
|
||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
||||
fprintf( stderr, _(" -r delete recursively\n"));
|
||||
tool_common_usage();
|
||||
exit( EXIT_FAILURE );
|
||||
|
||||
--- openldap/clients/tools/ldapmodify.c 2009-04-09 11:37:06.000000000 +0200
|
||||
+++ openldap/clients/tools/ldapmodify.c.option 2009-04-09 14:50:14.000000000 +0200
|
||||
@@ -137,8 +137,12 @@ usage( void )
|
||||
fprintf( stderr, _("Add or modify options:\n"));
|
||||
fprintf( stderr, _(" -a add values (%s)\n"),
|
||||
(ldapadd ? _("default") : _("default is to replace")));
|
||||
+ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
|
||||
fprintf( stderr, _(" -E [!]ext=extparam modify extensions"
|
||||
" (! indicate s criticality)\n"));
|
||||
+ fprintf( stderr, _(" -f file read operations from `file'\n"));
|
||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
||||
#ifdef LDAP_X_TXN
|
||||
fprintf( stderr,
|
||||
_(" [!]txn=<commit|abort> (transaction)\n"));
|
||||
|
||||
--- openldap/clients/tools/ldapmodrdn.c 2009-04-09 11:37:06.000000000 +0200
|
||||
+++ openldap/clients/tools/ldapmodrdn.c.option 2009-04-09 14:50:40.000000000 +0200
|
||||
@@ -83,6 +83,10 @@ usage( void )
|
||||
fprintf( stderr, _(" If not given, the list of modifications is read from stdin or\n"));
|
||||
fprintf( stderr, _(" from the file specified by \"-f file\" (see man page).\n"));
|
||||
fprintf( stderr, _("Rename options:\n"));
|
||||
+ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
|
||||
+ fprintf( stderr, _(" -f file read operations from `file'\n"));
|
||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
||||
fprintf( stderr, _(" -r remove old RDN\n"));
|
||||
fprintf( stderr, _(" -s newsup new superior entry\n"));
|
||||
tool_common_usage();
|
||||
|
||||
--- openldap/clients/tools/ldapsearch.c 2009-04-09 11:37:06.000000000 +0200
|
||||
+++ openldap/clients/tools/ldapsearch.c.option 2009-04-09 14:51:51.000000000 +0200
|
||||
@@ -123,6 +123,7 @@ usage( void )
|
||||
fprintf( stderr, _(" -a deref one of never (default), always, search, or find\n"));
|
||||
fprintf( stderr, _(" -A retrieve attribute names only (no values)\n"));
|
||||
fprintf( stderr, _(" -b basedn base dn for search\n"));
|
||||
+ fprintf( stderr, _(" -c continuous operation mode (do not stop on errors)\n"));
|
||||
fprintf( stderr, _(" -E [!]<ext>[=<extparam>] search extensions (! indicates criticality)\n"));
|
||||
fprintf( stderr, _(" [!]domainScope (domain scope)\n"));
|
||||
fprintf( stderr, _(" !dontUseCopy (Don't Use Copy)\n"));
|
||||
@@ -137,12 +138,15 @@ usage( void )
|
||||
fprintf( stderr, _(" [!]deref=derefAttr:attr[,...][;derefAttr:attr[,...][;...]]\n"));
|
||||
#endif
|
||||
fprintf( stderr, _(" [!]<oid>=:<value> (generic control; no response handling)\n"));
|
||||
+ fprintf( stderr, _(" -f file read operations from `file'\n"));
|
||||
fprintf( stderr, _(" -F prefix URL prefix for files (default: %s)\n"), def_urlpre);
|
||||
fprintf( stderr, _(" -l limit time limit (in seconds, or \"none\" or \"max\") for search\n"));
|
||||
fprintf( stderr, _(" -L print responses in LDIFv1 format\n"));
|
||||
fprintf( stderr, _(" -LL print responses in LDIF format without comments\n"));
|
||||
fprintf( stderr, _(" -LLL print responses in LDIF format without comments\n"));
|
||||
fprintf( stderr, _(" and version\n"));
|
||||
+ fprintf( stderr, _(" -M enable Manage DSA IT control (-MM to make critical)\n"));
|
||||
+ fprintf( stderr, _(" -P version protocol version (default: 3)\n"));
|
||||
fprintf( stderr, _(" -s scope one of base, one, sub or children (search scope)\n"));
|
||||
fprintf( stderr, _(" -S attr sort the results by attribute `attr'\n"));
|
||||
fprintf( stderr, _(" -t write binary values to files in temporary directory\n"));
|
@ -1,10 +0,0 @@
|
||||
--- openldap-2.4.16/doc/man/man5/ldap.conf.5.orig 2009-09-16 17:12:01.000000000 +0200
|
||||
+++ openldap-2.4.16/doc/man/man5/ldap.conf.5 2009-09-16 17:15:32.000000000 +0200
|
||||
@@ -305,6 +305,7 @@
|
||||
.B TLS_CACERT
|
||||
is always used before
|
||||
.B TLS_CACERTDIR.
|
||||
+The specified directory must be managed with the OpenSSL c_rehash utility.
|
||||
This parameter is ignored with GNUtls.
|
||||
.TP
|
||||
.B TLS_CERT <filename>
|
@ -1,11 +0,0 @@
|
||||
--- openldap-2.4.19/servers/slapd/back-bdb/dn2id.c.orig 2010-02-24 09:55:39.000000000 +0100
|
||||
+++ openldap-2.4.19/servers/slapd/back-bdb/dn2id.c 2010-02-24 09:56:07.000000000 +0100
|
||||
@@ -676,7 +676,7 @@ hdb_dn2id_delete(
|
||||
d->nrdnlen[0] = (BEI(e)->bei_nrdn.bv_len >> 8) | 0x80;
|
||||
dlen[0] = d->nrdnlen[0];
|
||||
dlen[1] = d->nrdnlen[1];
|
||||
- strcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val );
|
||||
+ memcpy( d->nrdn, BEI(e)->bei_nrdn.bv_val, BEI(e)->bei_nrdn.bv_len+1 );
|
||||
data.data = d;
|
||||
|
||||
rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
|
@ -1,22 +0,0 @@
|
||||
--- openldap-2.4.22/include/Makefile.in.orig 2010-06-03 07:38:29.000000000 -0600
|
||||
+++ openldap-2.4.22/include/Makefile.in 2010-06-03 07:39:21.000000000 -0600
|
||||
@@ -15,17 +15,18 @@
|
||||
|
||||
all-local: ldap_config.h FORCE
|
||||
|
||||
install-local: FORCE
|
||||
-$(MKDIR) $(DESTDIR)$(includedir)
|
||||
for header in $(srcdir)/lber.h lber_types.h \
|
||||
$(srcdir)/ldap.h $(srcdir)/ldap_cdefs.h \
|
||||
$(srcdir)/ldap_schema.h $(srcdir)/ldap_utf8.h \
|
||||
- $(srcdir)/slapi-plugin.h ldap_features.h; \
|
||||
+ $(srcdir)/slapi-plugin.h ldap_features.h \
|
||||
+ $(srcdir)/ldif.h ; \
|
||||
do \
|
||||
$(INSTALL) $(INSTALLFLAGS) -m 644 $$header $(DESTDIR)$(includedir); \
|
||||
done
|
||||
|
||||
clean-local: FORCE
|
||||
$(RM) ldap_config.h
|
||||
|
||||
veryclean-local: clean-local FORCE
|
@ -1,66 +0,0 @@
|
||||
--- openldap-2.4.22/libraries/liblutil/Makefile.in.orig 2010-06-03 10:57:01.000000000 -0600
|
||||
+++ openldap-2.4.22/libraries/liblutil/Makefile.in 2010-06-03 10:59:29.000000000 -0600
|
||||
@@ -9,16 +9,19 @@
|
||||
## modification, are permitted only as authorized by the OpenLDAP
|
||||
## Public License.
|
||||
##
|
||||
## A copy of this license is available in the file LICENSE in the
|
||||
## top-level directory of the distribution or, alternatively, at
|
||||
## <http://www.OpenLDAP.org/license.html>.
|
||||
|
||||
LIBRARY = liblutil.a
|
||||
+
|
||||
+SHAREDLIB = libldif.la
|
||||
+
|
||||
PROGRAM = testavl
|
||||
|
||||
LDAP_INCDIR= ../../include
|
||||
LDAP_LIBDIR= ../../libraries
|
||||
|
||||
NT_SRCS = ntservice.c
|
||||
NT_OBJS = ntservice.o slapdmsg.res
|
||||
|
||||
@@ -35,16 +38,18 @@
|
||||
@LIBSRCS@ $(@PLAT@_SRCS)
|
||||
|
||||
OBJS = base64.o entropy.o sasl.o signal.o hash.o passfile.o \
|
||||
md5.o passwd.o sha1.o getpass.o lockf.o utils.o uuid.o sockpair.o \
|
||||
avl.o tavl.o ldif.o fetch.o \
|
||||
meter.o \
|
||||
@LIBOBJS@ $(@PLAT@_OBJS)
|
||||
|
||||
+SHAREDLIBOBJS = ldif.lo fetch.lo
|
||||
+
|
||||
testavl: $(XLIBS) testavl.o
|
||||
(LTLINK) -o $@ testavl.o $(LIBS)
|
||||
|
||||
testtavl: $(XLIBS) testtavl.o
|
||||
(LTLINK) -o $@ testtavl.o $(LIBS)
|
||||
|
||||
# These rules are for a Mingw32 build, specifically.
|
||||
# It's ok for them to be here because the clean rule is harmless, and
|
||||
@@ -54,8 +59,24 @@
|
||||
@if [ ! -f $@ ]; then cp $(srcdir)/$@ .; fi
|
||||
|
||||
slapdmsg.res: slapdmsg.rc slapdmsg.bin
|
||||
windres $< -O coff -o $@
|
||||
|
||||
clean-local:
|
||||
$(RM) *.res
|
||||
|
||||
+all-local: $(SHAREDLIB)
|
||||
+
|
||||
+.SUFFIXES: .c .o .lo
|
||||
+
|
||||
+.c.lo:
|
||||
+ $(LTCOMPILE_LIB) $<
|
||||
+
|
||||
+$(LIBRARY): $(SHAREDLIBOBJS) version.lo
|
||||
+
|
||||
+$(SHAREDLIB): $(SHAREDLIBOBJS) version.lo
|
||||
+ $(LTLINK_LIB) -o $(SHAREDLIB) $(SHAREDLIBOBJS) version.lo $(LINK_LIBS)
|
||||
+
|
||||
+install-local: FORCE
|
||||
+ -$(MKDIR) $(DESTDIR)$(libdir)
|
||||
+ $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(SHAREDLIB) $(DESTDIR)$(libdir)
|
||||
+ $(LTFINISH) $(DESTDIR)$(libdir)
|
@ -1,74 +0,0 @@
|
||||
bz #605448 CVE-2010-0211 openldap: modrdn processing uninitialized pointer free
|
||||
bz #605452 CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference
|
||||
|
||||
diff -urp openldap-2.4.22/servers/slapd/dn.c openldap-2.4.22.new/servers/slapd/dn.c
|
||||
--- openldap-2.4.22/servers/slapd/dn.c 2010-04-13 22:23:14.000000000 +0200
|
||||
+++ openldap-2.4.22.new/servers/slapd/dn.c 2010-07-19 17:57:51.974346501 +0200
|
||||
@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned f
|
||||
ava->la_attr = ad->ad_cname;
|
||||
|
||||
if( ava->la_flags & LDAP_AVA_BINARY ) {
|
||||
- if( ava->la_value.bv_len == 0 ) {
|
||||
- /* BER encoding is empty */
|
||||
- return LDAP_INVALID_SYNTAX;
|
||||
- }
|
||||
+ /* AVA is binary encoded, not supported */
|
||||
+ return LDAP_INVALID_SYNTAX;
|
||||
|
||||
/* Do not allow X-ORDERED 'VALUES' naming attributes */
|
||||
} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
|
||||
return LDAP_INVALID_SYNTAX;
|
||||
|
||||
- /* AVA is binary encoded, don't muck with it */
|
||||
} else if( flags & SLAP_LDAPDN_PRETTY ) {
|
||||
transf = ad->ad_type->sat_syntax->ssyn_pretty;
|
||||
if( !transf ) {
|
||||
@@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned f
|
||||
ava->la_value = bv;
|
||||
ava->la_flags |= LDAP_AVA_FREE_VALUE;
|
||||
}
|
||||
+ /* reject empty values */
|
||||
+ if (!ava->la_value.bv_len) {
|
||||
+ return LDAP_INVALID_SYNTAX;
|
||||
+ }
|
||||
}
|
||||
rc = LDAP_SUCCESS;
|
||||
|
||||
diff -urp openldap-2.4.22/servers/slapd/modrdn.c openldap-2.4.22.new/servers/slapd/modrdn.c
|
||||
--- openldap-2.4.22/servers/slapd/modrdn.c 2010-04-13 22:23:16.000000000 +0200
|
||||
+++ openldap-2.4.22.new/servers/slapd/modrdn.c 2010-07-19 17:57:51.975346274 +0200
|
||||
@@ -445,12 +445,19 @@ slap_modrdn2mods(
|
||||
mod_tmp->sml_values[1].bv_val = NULL;
|
||||
if( desc->ad_type->sat_equality->smr_normalize) {
|
||||
mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
|
||||
- (void) (*desc->ad_type->sat_equality->smr_normalize)(
|
||||
+ rs->sr_err = desc->ad_type->sat_equality->smr_normalize(
|
||||
SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
|
||||
desc->ad_type->sat_syntax,
|
||||
desc->ad_type->sat_equality,
|
||||
&mod_tmp->sml_values[0],
|
||||
&mod_tmp->sml_nvalues[0], NULL );
|
||||
+ if (rs->sr_err != LDAP_SUCCESS) {
|
||||
+ ch_free(mod_tmp->sml_nvalues);
|
||||
+ ch_free(mod_tmp->sml_values[0].bv_val);
|
||||
+ ch_free(mod_tmp->sml_values);
|
||||
+ ch_free(mod_tmp);
|
||||
+ goto done;
|
||||
+ }
|
||||
mod_tmp->sml_nvalues[1].bv_val = NULL;
|
||||
} else {
|
||||
mod_tmp->sml_nvalues = NULL;
|
||||
diff -urp openldap-2.4.22/servers/slapd/schema_init.c openldap-2.4.22.new/servers/slapd/schema_init.c
|
||||
--- openldap-2.4.22/servers/slapd/schema_init.c 2010-04-14 20:12:15.000000000 +0200
|
||||
+++ openldap-2.4.22.new/servers/slapd/schema_init.c 2010-07-19 17:57:51.978346712 +0200
|
||||
@@ -1735,8 +1735,9 @@ UTF8StringNormalize(
|
||||
? LDAP_UTF8_APPROX : 0;
|
||||
|
||||
val = UTF8bvnormalize( val, &tmp, flags, ctx );
|
||||
+ /* out of memory or syntax error, the former is unlikely */
|
||||
if( val == NULL ) {
|
||||
- return LDAP_OTHER;
|
||||
+ return LDAP_INVALID_SYNTAX;
|
||||
}
|
||||
|
||||
/* collapse spaces (in place) */
|
@ -1,30 +0,0 @@
|
||||
diff -up openldap-2.4.11/doc/man/man8/slapd.8.patch9 openldap-2.4.11/doc/man/man8/slapd.8
|
||||
--- openldap-2.4.11/doc/man/man8/slapd.8.patch9 2008-02-12 00:26:40.000000000 +0100
|
||||
+++ openldap-2.4.11/doc/man/man8/slapd.8 2008-09-01 09:57:09.000000000 +0200
|
||||
@@ -5,7 +5,7 @@
|
||||
.SH NAME
|
||||
slapd \- Stand-alone LDAP Daemon
|
||||
.SH SYNOPSIS
|
||||
-.B LIBEXECDIR/slapd
|
||||
+.B slapd
|
||||
[\c
|
||||
.BR \-4 | \-6 ]
|
||||
[\c
|
||||
@@ -312,7 +312,7 @@ on voluminous debugging which will be pr
|
||||
.LP
|
||||
.nf
|
||||
.ft tt
|
||||
- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
|
||||
+ slapd -f /var/tmp/slapd.conf -d 255
|
||||
.ft
|
||||
.fi
|
||||
.LP
|
||||
@@ -320,7 +320,7 @@ To test whether the configuration file i
|
||||
.LP
|
||||
.nf
|
||||
.ft tt
|
||||
- LIBEXECDIR/slapd \-Tt
|
||||
+ slapd -Tt
|
||||
.ft
|
||||
.fi
|
||||
.LP
|
@ -1,12 +0,0 @@
|
||||
diff -up openldap-2.4.11/build/top.mk.patch6 openldap-2.4.11/build/top.mk
|
||||
--- openldap-2.4.11/build/top.mk.patch6 2008-02-12 00:26:38.000000000 +0100
|
||||
+++ openldap-2.4.11/build/top.mk 2008-09-01 09:57:09.000000000 +0200
|
||||
@@ -199,7 +199,7 @@ SLAPD_SQL_LDFLAGS = @SLAPD_SQL_LDFLAGS@
|
||||
SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
|
||||
SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@
|
||||
|
||||
-SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
|
||||
+SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_SLP_LIBS@ $(ICU_LIBS)
|
||||
|
||||
# Our Defaults
|
||||
CC = $(AC_CC)
|
@ -1,16 +0,0 @@
|
||||
Build both slapd as position-independent executables. This really
|
||||
should be threaded into the various autotools, but I guess this is what we have
|
||||
until that happens, if it happens.
|
||||
|
||||
diff -up openldap-2.4.11/servers/slapd/Makefile.in.patch4 openldap-2.4.11/servers/slapd/Makefile.in
|
||||
--- openldap-2.4.11/servers/slapd/Makefile.in.patch4 2008-02-12 00:26:43.000000000 +0100
|
||||
+++ openldap-2.4.11/servers/slapd/Makefile.in 2008-09-01 09:57:09.000000000 +0200
|
||||
@@ -266,7 +266,7 @@ libslapi.a: slapi/.libs/libslapi.a
|
||||
cp slapi/.libs/libslapi.a .
|
||||
|
||||
slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
|
||||
- $(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \
|
||||
+ $(LTLINK) -pie -Wl,-z,defs -o $@ $(SLAPD_OBJECTS) $(LIBS) \
|
||||
$(WRAP_LIBS)
|
||||
$(RM) $(SLAPTOOLS)
|
||||
for i in $(SLAPTOOLS); do \
|
@ -1,7 +1,10 @@
|
||||
diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/include/ldap.h
|
||||
--- evo-openldap-2.4.14/include/ldap.h.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100
|
||||
+++ evo-openldap-2.4.14/include/ldap.h 2009-02-17 10:10:00.000000000 +0100
|
||||
@@ -2461,5 +2461,26 @@ ldap_parse_deref_control LDAP_P((
|
||||
Get rid of this patch as soon as possible.
|
||||
More details are provided in README.evolution
|
||||
|
||||
diff -uNPrp openldap-2.4.23.old/include/ldap.h openldap-2.4.23.new/include/ldap.h
|
||||
--- openldap-2.4.23.old/include/ldap.h 2010-06-10 20:48:36.000000000 +0200
|
||||
+++ openldap-2.4.23.new/include/ldap.h 2010-08-24 18:17:46.306679878 +0200
|
||||
@@ -2487,5 +2487,26 @@ ldap_parse_deref_control LDAP_P((
|
||||
LDAPControl **ctrls,
|
||||
LDAPDerefRes **drp ));
|
||||
|
||||
@ -28,9 +31,9 @@ diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/i
|
||||
+
|
||||
LDAP_END_DECL
|
||||
#endif /* _LDAP_H */
|
||||
diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.14/libraries/libldap/Makefile.in
|
||||
--- evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100
|
||||
+++ evo-openldap-2.4.14/libraries/libldap/Makefile.in 2009-02-17 10:10:00.000000000 +0100
|
||||
diff -uNPrp openldap-2.4.23.old/libraries/libldap/Makefile.in openldap-2.4.23.new/libraries/libldap/Makefile.in
|
||||
--- openldap-2.4.23.old/libraries/libldap/Makefile.in 2010-04-13 22:22:55.000000000 +0200
|
||||
+++ openldap-2.4.23.new/libraries/libldap/Makefile.in 2010-08-24 18:17:46.306679878 +0200
|
||||
@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur
|
||||
SRCS = bind.c open.c result.c error.c compare.c search.c \
|
||||
controls.c messages.c references.c extended.c cyrus.c \
|
||||
@ -49,9 +52,9 @@ diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-op
|
||||
filter.lo free.lo sort.lo passwd.lo whoami.lo \
|
||||
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
|
||||
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
|
||||
diff -up /dev/null evo-openldap-2.4.14/libraries/libldap/ntlm.c
|
||||
--- /dev/null 2009-02-17 09:19:52.829004420 +0100
|
||||
+++ evo-openldap-2.4.14/libraries/libldap/ntlm.c 2009-02-17 10:10:00.000000000 +0100
|
||||
diff -uNPrp openldap-2.4.23.old/libraries/libldap/ntlm.c openldap-2.4.23.new/libraries/libldap/ntlm.c
|
||||
--- openldap-2.4.23.old/libraries/libldap/ntlm.c 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ openldap-2.4.23.new/libraries/libldap/ntlm.c 2010-08-24 18:17:46.330680333 +0200
|
||||
@@ -0,0 +1,137 @@
|
||||
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
|
||||
+/*
|
61
openldap-export-ldif.patch
Normal file
61
openldap-export-ldif.patch
Normal file
@ -0,0 +1,61 @@
|
||||
Patch exposes LDIF reading/writing API. This change is required to replace
|
||||
mozldap with openldap in FreeIPA project.
|
||||
|
||||
Upstream: ITS #6194
|
||||
Author: Rich Megginson <rmeggins@redhat.com>
|
||||
|
||||
diff -uNPrp openldap-2.4.23.old/include/Makefile.in openldap-2.4.23.new/include/Makefile.in
|
||||
--- openldap-2.4.23.old/include/Makefile.in 2010-04-13 22:22:47.000000000 +0200
|
||||
+++ openldap-2.4.23.new/include/Makefile.in 2010-08-19 17:40:29.073805139 +0200
|
||||
@@ -20,7 +20,8 @@ install-local: FORCE
|
||||
for header in $(srcdir)/lber.h lber_types.h \
|
||||
$(srcdir)/ldap.h $(srcdir)/ldap_cdefs.h \
|
||||
$(srcdir)/ldap_schema.h $(srcdir)/ldap_utf8.h \
|
||||
- $(srcdir)/slapi-plugin.h ldap_features.h; \
|
||||
+ $(srcdir)/slapi-plugin.h ldap_features.h \
|
||||
+ $(srcdir)/ldif.h ; \
|
||||
do \
|
||||
$(INSTALL) $(INSTALLFLAGS) -m 644 $$header $(DESTDIR)$(includedir); \
|
||||
done
|
||||
diff -uNPrp openldap-2.4.23.old/libraries/liblutil/Makefile.in openldap-2.4.23.new/libraries/liblutil/Makefile.in
|
||||
--- openldap-2.4.23.old/libraries/liblutil/Makefile.in 2010-04-19 18:53:01.000000000 +0200
|
||||
+++ openldap-2.4.23.new/libraries/liblutil/Makefile.in 2010-08-19 17:40:20.424679962 +0200
|
||||
@@ -14,6 +14,9 @@
|
||||
## <http://www.OpenLDAP.org/license.html>.
|
||||
|
||||
LIBRARY = liblutil.a
|
||||
+
|
||||
+SHAREDLIB = libldif.la
|
||||
+
|
||||
PROGRAM = testavl
|
||||
|
||||
LDAP_INCDIR= ../../include
|
||||
@@ -40,6 +43,8 @@ OBJS = base64.o entropy.o sasl.o signal.
|
||||
meter.o \
|
||||
@LIBOBJS@ $(@PLAT@_OBJS)
|
||||
|
||||
+SHAREDLIBOBJS = ldif.lo fetch.lo
|
||||
+
|
||||
testavl: $(XLIBS) testavl.o
|
||||
(LTLINK) -o $@ testavl.o $(LIBS)
|
||||
|
||||
@@ -59,3 +64,19 @@ slapdmsg.res: slapdmsg.rc slapdmsg.bin
|
||||
clean-local:
|
||||
$(RM) *.res
|
||||
|
||||
+all-local: $(SHAREDLIB)
|
||||
+
|
||||
+.SUFFIXES: .c .o .lo
|
||||
+
|
||||
+.c.lo:
|
||||
+ $(LTCOMPILE_LIB) $<
|
||||
+
|
||||
+$(LIBRARY): $(SHAREDLIBOBJS) version.lo
|
||||
+
|
||||
+$(SHAREDLIB): $(SHAREDLIBOBJS) version.lo
|
||||
+ $(LTLINK_LIB) -o $(SHAREDLIB) $(SHAREDLIBOBJS) version.lo $(LINK_LIBS)
|
||||
+
|
||||
+install-local: FORCE
|
||||
+ -$(MKDIR) $(DESTDIR)$(libdir)
|
||||
+ $(LTINSTALL) $(INSTALLFLAGS) -m 644 $(SHAREDLIB) $(DESTDIR)$(libdir)
|
||||
+ $(LTFINISH) $(DESTDIR)$(libdir)
|
19
openldap-ldaprc-currentdir.patch
Normal file
19
openldap-ldaprc-currentdir.patch
Normal file
@ -0,0 +1,19 @@
|
||||
Disables opening of ldaprc file in current directory.
|
||||
|
||||
Resolves: #38402
|
||||
Upstream: ITS #1131
|
||||
Author: Henning Schmiedehausen <hps@intermeta.de>
|
||||
|
||||
diff -u -uNPrp openldap-2.4.23.old/libraries/libldap/init.c openldap-2.4.23.new/libraries/libldap/init.c
|
||||
--- openldap-2.4.23.old/libraries/libldap/init.c 2010-04-13 22:22:57.000000000 +0200
|
||||
+++ openldap-2.4.23.new/libraries/libldap/init.c 2010-08-24 15:34:27.780680598 +0200
|
||||
@@ -346,9 +346,6 @@ static void openldap_ldap_init_w_usercon
|
||||
if(path != NULL) {
|
||||
LDAP_FREE(path);
|
||||
}
|
||||
-
|
||||
- /* try file */
|
||||
- openldap_ldap_init_w_conf(file, 1);
|
||||
}
|
||||
|
||||
static void openldap_ldap_init_w_env(
|
103
openldap-manpages.patch
Normal file
103
openldap-manpages.patch
Normal file
@ -0,0 +1,103 @@
|
||||
Various manual pages changes:
|
||||
* removes LIBEXECDIR from slapd.8
|
||||
* removes references to non-existing manpages (bz 624616)
|
||||
|
||||
diff -uNPrp openldap-2.4.23.old/doc/man/man1/ldapmodify.1 openldap-2.4.23.new/doc/man/man1/ldapmodify.1
|
||||
--- openldap-2.4.23.old/doc/man/man1/ldapmodify.1 2010-04-13 22:22:36.000000000 +0200
|
||||
+++ openldap-2.4.23.new/doc/man/man1/ldapmodify.1 2010-08-19 17:42:10.256805450 +0200
|
||||
@@ -364,9 +364,7 @@ exit status and a diagnostic message bei
|
||||
.BR ldap_add_ext (3),
|
||||
.BR ldap_delete_ext (3),
|
||||
.BR ldap_modify_ext (3),
|
||||
-.BR ldap_modrdn_ext (3),
|
||||
-.BR ldif (5),
|
||||
-.BR slapd.replog (5)
|
||||
+.BR ldif (5)
|
||||
.SH AUTHOR
|
||||
The OpenLDAP Project <http://www.openldap.org/>
|
||||
.SH ACKNOWLEDGEMENTS
|
||||
diff -uNPrp openldap-2.4.23.old/doc/man/man5/ldap.conf.5 openldap-2.4.23.new/doc/man/man5/ldap.conf.5
|
||||
--- openldap-2.4.23.old/doc/man/man5/ldap.conf.5 2010-04-13 22:22:41.000000000 +0200
|
||||
+++ openldap-2.4.23.new/doc/man/man5/ldap.conf.5 2010-08-19 17:43:25.312805428 +0200
|
||||
@@ -317,6 +317,7 @@ certificates in separate individual file
|
||||
.B TLS_CACERT
|
||||
is always used before
|
||||
.B TLS_CACERTDIR.
|
||||
+The specified directory must be managed with the OpenSSL c_rehash utility.
|
||||
This parameter is ignored with GNUtls.
|
||||
.TP
|
||||
.B TLS_CERT <filename>
|
||||
diff -uNPrp openldap-2.4.23.old/doc/man/man5/ldif.5 openldap-2.4.23.new/doc/man/man5/ldif.5
|
||||
--- openldap-2.4.23.old/doc/man/man5/ldif.5 2010-04-13 22:22:41.000000000 +0200
|
||||
+++ openldap-2.4.23.new/doc/man/man5/ldif.5 2010-08-19 17:42:10.256805450 +0200
|
||||
@@ -270,8 +270,7 @@ commands.
|
||||
.BR ldapmodify (1),
|
||||
.BR slapadd (8),
|
||||
.BR slapcat (8),
|
||||
-.BR slapd\-ldif (5),
|
||||
-.BR slapd.replog (5).
|
||||
+.BR slapd\-ldif (5).
|
||||
.LP
|
||||
"LDAP Data Interchange Format," Good, G., RFC 2849.
|
||||
.SH ACKNOWLEDGEMENTS
|
||||
diff -uNPrp openldap-2.4.23.old/doc/man/man5/slapd-config.5 openldap-2.4.23.new/doc/man/man5/slapd-config.5
|
||||
--- openldap-2.4.23.old/doc/man/man5/slapd-config.5 2010-06-10 19:17:53.000000000 +0200
|
||||
+++ openldap-2.4.23.new/doc/man/man5/slapd-config.5 2010-08-19 17:42:10.258805346 +0200
|
||||
@@ -1995,7 +1995,6 @@ default slapd configuration directory
|
||||
.BR slapd.conf (5),
|
||||
.BR slapd.overlays (5),
|
||||
.BR slapd.plugin (5),
|
||||
-.BR slapd.replog (5),
|
||||
.BR slapd (8),
|
||||
.BR slapacl (8),
|
||||
.BR slapadd (8),
|
||||
diff -uNPrp openldap-2.4.23.old/doc/man/man5/slapd.conf.5 openldap-2.4.23.new/doc/man/man5/slapd.conf.5
|
||||
--- openldap-2.4.23.old/doc/man/man5/slapd.conf.5 2010-04-16 20:05:07.000000000 +0200
|
||||
+++ openldap-2.4.23.new/doc/man/man5/slapd.conf.5 2010-08-19 17:42:10.261805644 +0200
|
||||
@@ -1927,7 +1927,6 @@ default slapd configuration file
|
||||
.BR slapd.backends (5),
|
||||
.BR slapd.overlays (5),
|
||||
.BR slapd.plugin (5),
|
||||
-.BR slapd.replog (5),
|
||||
.BR slapd (8),
|
||||
.BR slapacl (8),
|
||||
.BR slapadd (8),
|
||||
diff -uNPrp openldap-2.4.23.old/doc/man/man8/slapd.8 openldap-2.4.23.new/doc/man/man8/slapd.8
|
||||
--- openldap-2.4.23.old/doc/man/man8/slapd.8 2010-04-13 22:22:46.000000000 +0200
|
||||
+++ openldap-2.4.23.new/doc/man/man8/slapd.8 2010-08-19 17:44:19.996680613 +0200
|
||||
@@ -5,7 +5,7 @@
|
||||
.SH NAME
|
||||
slapd \- Stand-alone LDAP Daemon
|
||||
.SH SYNOPSIS
|
||||
-.B LIBEXECDIR/slapd
|
||||
+.B slapd
|
||||
[\c
|
||||
.BR \-4 | \-6 ]
|
||||
[\c
|
||||
@@ -301,7 +301,7 @@ the LDAP databases defined in the defaul
|
||||
.LP
|
||||
.nf
|
||||
.ft tt
|
||||
- LIBEXECDIR/slapd
|
||||
+ slapd
|
||||
.ft
|
||||
.fi
|
||||
.LP
|
||||
@@ -312,7 +312,7 @@ on voluminous debugging which will be pr
|
||||
.LP
|
||||
.nf
|
||||
.ft tt
|
||||
- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
|
||||
+ slapd -f /var/tmp/slapd.conf -d 255
|
||||
.ft
|
||||
.fi
|
||||
.LP
|
||||
@@ -320,7 +320,7 @@ To test whether the configuration file i
|
||||
.LP
|
||||
.nf
|
||||
.ft tt
|
||||
- LIBEXECDIR/slapd \-Tt
|
||||
+ slapd -Tt
|
||||
.ft
|
||||
.fi
|
||||
.LP
|
@ -1,5 +1,8 @@
|
||||
#614545 Mozilla NSS - support use of self signed CA certs as server certs
|
||||
upstream: http://www.openldap.org/its/index.cgi issue 6589
|
||||
|
||||
Resolves: #614545
|
||||
Upstream: ITS #6589
|
||||
Author: Rich Megginson <rmeggins@redhat.com>
|
||||
|
||||
diff -urNP openldap-2.4.22.old/libraries/libldap/tls_m.c openldap-2.4.22.new/libraries/libldap/tls_m.c
|
||||
--- openldap-2.4.22.old/libraries/libldap/tls_m.c 2010-04-15 23:26:00.000000000 +0200
|
@ -1,5 +1,8 @@
|
||||
#616552 Mozilla NSS - delay token auth until needed
|
||||
upstream: http://www.openldap.org/its/index.cgi issue 6595
|
||||
Mozilla NSS - delay token auth until needed
|
||||
|
||||
Resolves: #616552
|
||||
Upstream: ITS #6595
|
||||
Author: Rich Megginson <rmeggins@redhat.com>
|
||||
|
||||
diff -urNP openldap-2.4.22.old/libraries/libldap/tls_m.c openldap-2.4.22.new/libraries/libldap/tls_m.c
|
||||
--- openldap-2.4.22.old/libraries/libldap/tls_m.c 2010-07-22 09:56:58.984806148 +0200
|
@ -2,11 +2,14 @@ The non-reentrant gethostbyXXXX() functions deadlock if called recursively, for
|
||||
example if libldap needs to be initialized from within gethostbyXXXX() (which
|
||||
actually happens if nss_ldap is used for hostname resolution and earlier
|
||||
modules can't resolve the local host name), so use the reentrant versions of
|
||||
the functions, even if we're not being compiled for use in libldap_r (patch
|
||||
from Jeffery Layton, #179730).
|
||||
diff -up openldap-2.4.11/libraries/libldap/util-int.c.patch7 openldap-2.4.11/libraries/libldap/util-int.c
|
||||
--- openldap-2.4.11/libraries/libldap/util-int.c.patch7 2008-02-12 00:26:41.000000000 +0100
|
||||
+++ openldap-2.4.11/libraries/libldap/util-int.c 2008-09-01 09:57:09.000000000 +0200
|
||||
the functions, even if we're not being compiled for use in libldap_r
|
||||
|
||||
Resolves: #179730
|
||||
Author: Jeffery Layton <jlayton@redhat.com>
|
||||
|
||||
diff -uNPrp openldap-2.4.23.old/libraries/libldap/util-int.c openldap-2.4.23.new/libraries/libldap/util-int.c
|
||||
--- openldap-2.4.23.old/libraries/libldap/util-int.c 2010-04-19 18:53:01.000000000 +0200
|
||||
+++ openldap-2.4.23.new/libraries/libldap/util-int.c 2010-08-19 17:47:52.456805354 +0200
|
||||
@@ -52,8 +52,8 @@ extern int h_errno;
|
||||
#ifndef LDAP_R_COMPILE
|
||||
# undef HAVE_REENTRANT_FUNCTIONS
|
||||
@ -18,7 +21,7 @@ diff -up openldap-2.4.11/libraries/libldap/util-int.c.patch7 openldap-2.4.11/lib
|
||||
|
||||
#else
|
||||
# include <ldap_pvt_thread.h>
|
||||
@@ -110,7 +110,7 @@ char *ldap_pvt_ctime( const time_t *tp,
|
||||
@@ -330,7 +330,7 @@ ldap_pvt_csnstr(char *buf, size_t len, u
|
||||
#define BUFSTART (1024-32)
|
||||
#define BUFMAX (32*1024-32)
|
||||
|
17
openldap-security-pie.patch
Normal file
17
openldap-security-pie.patch
Normal file
@ -0,0 +1,17 @@
|
||||
Build slapd as position-independent executable (PIE) to take an advantage of
|
||||
address space layout randomization (ASLD).
|
||||
|
||||
Author: Thomas Woerner <twoerner@redhat.com>
|
||||
|
||||
diff -uNPrp openldap-2.4.23.old/servers/slapd/Makefile.in openldap-2.4.23.new/servers/slapd/Makefile.in
|
||||
--- openldap-2.4.23.old/servers/slapd/Makefile.in 2010-04-13 22:23:09.000000000 +0200
|
||||
+++ openldap-2.4.23.new/servers/slapd/Makefile.in 2010-08-24 15:09:08.999680712 +0200
|
||||
@@ -266,7 +266,7 @@ libslapi.a: slapi/.libs/libslapi.a
|
||||
cp slapi/.libs/libslapi.a .
|
||||
|
||||
slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
|
||||
- $(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \
|
||||
+ $(LTLINK) -pie -Wl,-z,defs -o $@ $(SLAPD_OBJECTS) $(LIBS) \
|
||||
$(WRAP_LIBS)
|
||||
$(RM) $(SLAPTOOLS)
|
||||
for i in $(SLAPTOOLS); do \
|
@ -1,6 +1,8 @@
|
||||
diff -up openldap-2.4.11/servers/slapd/slapd.conf.config openldap-2.4.11/servers/slapd/slapd.conf
|
||||
--- openldap-2.4.11/servers/slapd/slapd.conf.config 2007-02-13 21:22:22.000000000 +0100
|
||||
+++ openldap-2.4.11/servers/slapd/slapd.conf 2008-10-09 16:13:52.000000000 +0200
|
||||
Updates initial slapd configuration.
|
||||
|
||||
diff -urNPp openldap-2.4.23.old/servers/slapd/slapd.conf openldap-2.4.23.new/servers/slapd/slapd.conf
|
||||
--- openldap-2.4.23.old/servers/slapd/slapd.conf 2007-02-13 21:22:22.000000000 +0100
|
||||
+++ openldap-2.4.23.new/servers/slapd/slapd.conf 2010-08-19 15:45:05.835681213 +0200
|
||||
@@ -2,22 +2,57 @@
|
||||
# See slapd.conf(5) for details on configuration options.
|
||||
# This file should NOT be world readable.
|
@ -1,21 +1,24 @@
|
||||
Compile smbk5pwd together with other overlays.
|
||||
|
||||
diff -up openldap-2.4.11/contrib/slapd-modules/smbk5pwd/README.patch8 openldap-2.4.11/contrib/slapd-modules/smbk5pwd/README
|
||||
--- openldap-2.4.11/contrib/slapd-modules/smbk5pwd/README.patch8 2005-11-12 16:18:09.000000000 +0100
|
||||
+++ openldap-2.4.11/contrib/slapd-modules/smbk5pwd/README 2008-09-01 09:57:09.000000000 +0200
|
||||
Resolves: 550895
|
||||
Author: Jan Šafránek <jsafrane@redhat.com>
|
||||
|
||||
diff -urNPp openldap-2.4.23.old/contrib/slapd-modules/smbk5pwd/README openldap-2.4.23.new/contrib/slapd-modules/smbk5pwd/README
|
||||
--- openldap-2.4.23.old/contrib/slapd-modules/smbk5pwd/README 2010-04-13 22:22:30.000000000 +0200
|
||||
+++ openldap-2.4.23.new/contrib/slapd-modules/smbk5pwd/README 2010-08-23 13:20:33.338687818 +0200
|
||||
@@ -1,3 +1,8 @@
|
||||
+***************************************************************
|
||||
+*******************************************************
|
||||
+Red Hat note: Kerberos support is NOT compiled into
|
||||
+this version of smbk5pwd because we do not use Heimdall.
|
||||
+***************************************************************
|
||||
+this version of smbk5pwd because we do not use Heimdal.
|
||||
+*******************************************************
|
||||
+
|
||||
This directory contains a slapd overlay, smbk5pwd, that extends the
|
||||
PasswordModify Extended Operation to update Kerberos keys and Samba
|
||||
password hashes for an LDAP user.
|
||||
diff -up openldap-2.4.11/servers/slapd/overlays/Makefile.in.patch8 openldap-2.4.11/servers/slapd/overlays/Makefile.in
|
||||
--- openldap-2.4.11/servers/slapd/overlays/Makefile.in.patch8 2008-02-12 00:26:48.000000000 +0100
|
||||
+++ openldap-2.4.11/servers/slapd/overlays/Makefile.in 2008-09-01 09:57:09.000000000 +0200
|
||||
@@ -30,7 +30,8 @@ SRCS = overlays.c \
|
||||
diff -urNPp openldap-2.4.23.old/servers/slapd/overlays/Makefile.in openldap-2.4.23.new/servers/slapd/overlays/Makefile.in
|
||||
--- openldap-2.4.23.old/servers/slapd/overlays/Makefile.in 2010-04-13 22:23:44.000000000 +0200
|
||||
+++ openldap-2.4.23.new/servers/slapd/overlays/Makefile.in 2010-08-23 13:20:33.338687818 +0200
|
||||
@@ -33,7 +33,8 @@ SRCS = overlays.c \
|
||||
syncprov.c \
|
||||
translucent.c \
|
||||
unique.c \
|
||||
@ -25,7 +28,7 @@ diff -up openldap-2.4.11/servers/slapd/overlays/Makefile.in.patch8 openldap-2.4.
|
||||
OBJS = statover.o \
|
||||
@SLAPD_STATIC_OVERLAYS@ \
|
||||
overlays.o
|
||||
@@ -43,14 +44,14 @@ LTONLY_MOD = $(LTONLY_mod)
|
||||
@@ -46,14 +47,14 @@ LTONLY_MOD = $(LTONLY_mod)
|
||||
LDAP_INCDIR= ../../../include
|
||||
LDAP_LIBDIR= ../../../libraries
|
||||
|
||||
@ -42,7 +45,7 @@ diff -up openldap-2.4.11/servers/slapd/overlays/Makefile.in.patch8 openldap-2.4.
|
||||
|
||||
XINCPATH = -I.. -I$(srcdir)/..
|
||||
XDEFS = $(MODULES_CPPFLAGS)
|
||||
@@ -113,6 +114,9 @@ unique.la : unique.lo
|
||||
@@ -125,6 +126,9 @@ unique.la : unique.lo
|
||||
valsort.la : valsort.lo
|
||||
$(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS)
|
||||
|
15
openldap-sql-linking.patch
Normal file
15
openldap-sql-linking.patch
Normal file
@ -0,0 +1,15 @@
|
||||
Removes unnecessary linking of SQL libraries into slapd. This makes openldap-servers package
|
||||
independent on libodbc. (SQL backend is packaged separately in openldap-servers-sql.)
|
||||
|
||||
diff -uNPrp openldap-2.4.23.old/build/top.mk openldap-2.4.23.new/build/top.mk
|
||||
--- openldap-2.4.23.old/build/top.mk 2010-04-13 22:22:22.000000000 +0200
|
||||
+++ openldap-2.4.23.new/build/top.mk 2010-08-25 15:58:18.477648731 +0200
|
||||
@@ -201,7 +201,7 @@ SLAPD_SQL_LDFLAGS = @SLAPD_SQL_LDFLAGS@
|
||||
SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
|
||||
SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@
|
||||
|
||||
-SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
|
||||
+SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
|
||||
|
||||
# Our Defaults
|
||||
CC = $(AC_CC)
|
17
openldap-userconfig-setgid.patch
Normal file
17
openldap-userconfig-setgid.patch
Normal file
@ -0,0 +1,17 @@
|
||||
Normally, skips reading of user configuration file when running with different effective UID.
|
||||
This patch adds the same behavior for GID.
|
||||
|
||||
Author: Nalin Dahyabhai <nalin@redhat.com>
|
||||
|
||||
diff -uNPrp openldap-2.4.23.old/libraries/libldap/init.c openldap-2.4.23.new/libraries/libldap/init.c
|
||||
--- openldap-2.4.23.old/libraries/libldap/init.c 2010-04-13 22:22:57.000000000 +0200
|
||||
+++ openldap-2.4.23.new/libraries/libldap/init.c 2010-08-24 17:25:07.207682002 +0200
|
||||
@@ -663,7 +663,7 @@ void ldap_int_initialize( struct ldapopt
|
||||
openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
|
||||
|
||||
#ifdef HAVE_GETEUID
|
||||
- if ( geteuid() != getuid() )
|
||||
+ if ( geteuid() != getuid() || getegid() != getgid() )
|
||||
return;
|
||||
#endif
|
||||
|
586
openldap.spec
586
openldap.spec
@ -1,59 +1,52 @@
|
||||
# We distribute own version of Berkeley DB to prevent
|
||||
# problems on db4.rpm upgrade - some versions of db4 do
|
||||
# not work with some versions of OpenLDAP.
|
||||
%define db_version 4.8.26
|
||||
# TODO: add make test after build
|
||||
|
||||
%define ldbm_backend berkeley
|
||||
%define version 2.4.22
|
||||
%define evolution_connector_prefix %{_libdir}/evolution-openldap
|
||||
%define evolution_connector_includedir %{evolution_connector_prefix}/include
|
||||
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
|
||||
|
||||
Summary: LDAP support libraries
|
||||
Name: openldap
|
||||
Version: %{version}
|
||||
Release: 7%{?dist}
|
||||
License: OpenLDAP
|
||||
Version: 2.4.23
|
||||
Release: 1%{?dist}
|
||||
Summary: LDAP support libraries
|
||||
Group: System Environment/Daemons
|
||||
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
||||
Source1: http://download.oracle.com/berkeley-db/db-%{db_version}.tar.gz
|
||||
Source3: README.migration
|
||||
Source4: ldap.init
|
||||
Source5: migration-tools.txt
|
||||
Source6: autofs.schema
|
||||
Source7: README.upgrading
|
||||
Source9: README.evolution
|
||||
Source10: ldap.sysconfig
|
||||
|
||||
# Patches for 2.4
|
||||
Patch0: openldap-2.4.6-config.patch
|
||||
Patch1: openldap-2.0.11-ldaprc.patch
|
||||
Patch2: openldap-2.2.13-setugid.patch
|
||||
Patch3: openldap-2.4.6-pie.patch
|
||||
Patch4: openldap-2.3.11-toollinks.patch
|
||||
Patch5: openldap-2.4.6-nosql.patch
|
||||
Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
|
||||
Patch9: openldap-2.3.37-smbk5pwd.patch
|
||||
Patch10: openldap-2.4.6-multilib.patch
|
||||
Patch11: openldap-2.4.16-doc-cacertdir.patch
|
||||
Patch12: openldap-2.4.21-dn2id-segfault.patch
|
||||
Patch13: openldap-2.4.22-ldif_h.patch
|
||||
Patch14: openldap-2.4.22-libldif.patch
|
||||
Patch15: openldap-2.4.22-modrdn-segfault.patch
|
||||
Patch16: openldap-2.4.23-selfsignedcacert.patch
|
||||
Patch17: openldap-2.4.22-initauthtoken.patch
|
||||
|
||||
# Patches for the evolution library
|
||||
Patch200: openldap-2.4.6-evolution-ntlm.patch
|
||||
|
||||
License: OpenLDAP
|
||||
URL: http://www.openldap.org/
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
BuildRequires: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel
|
||||
BuildRequires: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers-devel,
|
||||
BuildRequires: unixODBC-devel, libtool-ltdl-devel, groff
|
||||
BuildRequires: nss-devel
|
||||
Requires: glibc >= 2.2.3-48, mktemp
|
||||
Obsoletes: compat-openldap < 2.4
|
||||
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
|
||||
Source1: ldap.init
|
||||
Source2: ldap.sysconfig
|
||||
Source3: autofs.schema
|
||||
Source4: migration-tools.txt
|
||||
Source5: README.migration
|
||||
Source6: README.upgrading
|
||||
Source7: README.evolution
|
||||
|
||||
# patches for 2.4
|
||||
Patch0: openldap-slapd-conf.patch
|
||||
Patch1: openldap-manpages.patch
|
||||
Patch2: openldap-security-pie.patch
|
||||
Patch3: openldap-sql-linking.patch
|
||||
Patch4: openldap-reentrant-gethostby.patch
|
||||
Patch5: openldap-export-ldif.patch
|
||||
Patch6: openldap-smbk5pwd-overlay.patch
|
||||
Patch7: openldap-ldaprc-currentdir.patch
|
||||
Patch8: openldap-userconfig-setgid.patch
|
||||
|
||||
# already merged upstream
|
||||
Patch100: openldap-nss-ca-selfsigned.patch
|
||||
Patch101: openldap-nss-delay-token-auth.patch
|
||||
|
||||
# patches for the evolution library (see README.evolution)
|
||||
Patch200: openldap-evolution-ntlm.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
BuildRequires: cyrus-sasl-devel >= 2.1, nss-devel, krb5-devel, tcp_wrappers-devel, unixODBC-devel
|
||||
BuildRequires: glibc-devel, libtool, libtool-ltdl-devel, groff, perl
|
||||
# smbk5pwd overlay:
|
||||
BuildRequires: openssl-devel
|
||||
|
||||
Obsoletes: compat-openldap < 2.4
|
||||
# provide ldif2ldbm functionality for migrationtools
|
||||
Provides: ldif2ldbm
|
||||
|
||||
@ -82,9 +75,12 @@ customized LDAP clients.
|
||||
|
||||
%package servers
|
||||
Summary: LDAP server
|
||||
# OpenLDAP server includes Berkeley DB library, which is licensed under Sleepycat and BSD licenses)
|
||||
License: OpenLDAP and (Sleepycat and BSD)
|
||||
Requires: fileutils, make, openldap = %{version}-%{release}, openssl, /usr/sbin/useradd, /usr/sbin/groupadd, /sbin/chkconfig, /sbin/runuser
|
||||
License: OpenLDAP
|
||||
Requires: openldap = %{version}-%{release}, openssl
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): chkconfig, /sbin/runuser, make
|
||||
Requires(preun): chkconfig
|
||||
BuildRequires: db4-devel >= 4.4, db4-devel <= 4.8
|
||||
Group: System Environment/Daemons
|
||||
|
||||
%description servers
|
||||
@ -124,33 +120,40 @@ over the Internet. The openldap-clients package contains the client
|
||||
programs needed for accessing and modifying OpenLDAP directories.
|
||||
|
||||
%prep
|
||||
%setup -q -c -a 1
|
||||
%setup -q -c -a 0
|
||||
|
||||
# setup tree for openldap
|
||||
|
||||
pushd openldap-%{version}
|
||||
|
||||
%patch0 -p1 -b .config
|
||||
%patch1 -p1 -b .ldaprc
|
||||
%patch2 -p1 -b .setugid
|
||||
%patch3 -p1 -b .pie
|
||||
%patch4 -p1 -b .toollinks
|
||||
%patch5 -p1 -b .nosql
|
||||
%patch6 -p1 -b .gethostbyname_r
|
||||
%patch9 -p1 -b .smbk5pwd
|
||||
%patch10 -p1 -b .multilib
|
||||
%patch11 -p1 -b .cacertdir
|
||||
%patch12 -p1 -b .segfault
|
||||
%patch13 -p1 -b .ldif_h
|
||||
%patch14 -p1 -b .libldif
|
||||
%patch15 -p1 -b .modrdn-segfault
|
||||
%patch16 -p1 -b .selfsignedcacert
|
||||
%patch17 -p1 -b .initauthtoken
|
||||
%patch1 -p1 -b .manpages
|
||||
%patch2 -p1 -b .security-pie
|
||||
%patch3 -p1 -b .sql-linking
|
||||
%patch4 -p1 -b .reentrant-gethostby
|
||||
%patch5 -p1 -b .export-ldif
|
||||
%patch6 -p1 -b .smbk5pwd-overlay
|
||||
%patch7 -p1 -b .ldaprc-currentdir
|
||||
%patch8 -p1 -b .userconfig-setgid
|
||||
|
||||
%patch100 -p1 -b .nss-ca-selfsigned
|
||||
%patch101 -p1 -b .nss-delay-token-auth
|
||||
|
||||
cp %{_datadir}/libtool/config/config.{sub,guess} build/
|
||||
|
||||
for subdir in build-servers build-clients ; do
|
||||
mkdir $subdir
|
||||
ln -s ../configure $subdir
|
||||
done
|
||||
|
||||
# build smbk5pwd with other overlays
|
||||
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
||||
mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
||||
|
||||
popd
|
||||
|
||||
# Set up a build tree for a static version of libldap with the hooks for the
|
||||
# non-standard NTLM bind type which is needed to connect to Win2k GC servers
|
||||
# (Win2k3 supports SASL with DIGEST-MD5, so this shouldn't be needed for those
|
||||
# servers, though as of version 1.4 the connector doesn't try SASL first).
|
||||
# setup tree for openldap with evolution-specific patches
|
||||
|
||||
if ! cp -al openldap-%{version} evo-openldap-%{version} ; then
|
||||
rm -fr evo-openldap-%{version}
|
||||
cp -a openldap-%{version} evo-openldap-%{version}
|
||||
@ -159,66 +162,32 @@ pushd evo-openldap-%{version}
|
||||
%patch200 -p1 -b .evolution-ntlm
|
||||
popd
|
||||
|
||||
pushd openldap-%{version}
|
||||
for subdir in build-servers build-clients ; do
|
||||
mkdir $subdir
|
||||
ln -s ../configure $subdir
|
||||
done
|
||||
# build smbk5pwd with other overlays
|
||||
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
||||
mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
||||
popd
|
||||
|
||||
%build
|
||||
dbdir=`pwd`/db-instroot
|
||||
|
||||
libtool='%{_bindir}/libtool'
|
||||
tagname=CC; export tagname
|
||||
export tagname=CC
|
||||
|
||||
%ifarch ia64
|
||||
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
|
||||
%endif
|
||||
|
||||
# Set CFLAGS to incorporate RPM_OPT_FLAGS.
|
||||
CFLAGS="$RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
|
||||
|
||||
# Build Berkeley DB and install it into a temporary area, isolating OpenLDAP
|
||||
# from any future changes to the system-wide Berkeley DB library. Version 4.2
|
||||
# or later is required by the BDB backend in OpenLDAP 2.1 and later.
|
||||
install -d db-%{db_version}/build-rpm
|
||||
pushd db-%{db_version}/build-rpm
|
||||
../dist/configure -C \
|
||||
--with-pic \
|
||||
--disable-static \
|
||||
--enable-shared \
|
||||
--with-uniquename=_openldap_slapd_46 \
|
||||
--prefix=${dbdir} \
|
||||
--includedir=${dbdir}/include \
|
||||
--libdir=${dbdir}/%{_lib}${subdir:+/${subdir}}
|
||||
# fix libtool: no rpath
|
||||
perl -pi -e 's|hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=\"-L\\\$libdir\"|g;' libtool
|
||||
|
||||
make %{_smp_mflags} libdb_base=libslapd_db libso_base=libslapd_db
|
||||
make install libdb_base=libslapd_db libso_base=libslapd_db strip="false"
|
||||
ln -sf libslapd_db.so ${dbdir}/%{_lib}/${subdir}/libdb.so
|
||||
popd
|
||||
|
||||
export CPPFLAGS="-I${dbdir}/include -I%_includedir/nss3 -I%_includedir/nspr4"
|
||||
export CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -DLDAP_CONNECTIONLESS -fPIC -D_GNU_SOURCE -DHAVE_TLS -DHAVE_MOZNSS -DSLAPD_LMHASH"
|
||||
export LDFLAGS="-L${dbdir}/%{_lib}"
|
||||
export LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
||||
MOZNSS_TLS_LIBS="-lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4"
|
||||
export LIBS="$MOZNSS_TLS_LIBS"
|
||||
export CPPFLAGS="-I%_includedir/nss3 -I%_includedir/nspr4"
|
||||
export CFLAGS="$RPM_OPT_FLAGS $CPPFLAGS -fPIC -D_REENTRANT -DLDAP_CONNECTIONLESS -D_GNU_SOURCE -DHAVE_TLS -DHAVE_MOZNSS -DSLAPD_LMHASH"
|
||||
export NSS_LIBS="-lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4"
|
||||
export LIBS=""
|
||||
|
||||
build() {
|
||||
|
||||
%configure \
|
||||
--with-threads=posix \
|
||||
\
|
||||
--enable-local --enable-rlookups \
|
||||
--enable-local \
|
||||
--enable-rlookups \
|
||||
\
|
||||
--with-tls=no \
|
||||
--with-cyrus-sasl \
|
||||
\
|
||||
--enable-wrappers \
|
||||
--with-wrappers \
|
||||
\
|
||||
--enable-passwd \
|
||||
\
|
||||
@ -231,24 +200,27 @@ build() {
|
||||
\
|
||||
--libexecdir=%{_libdir} \
|
||||
$@
|
||||
# HACK HACK HACK
|
||||
# openldap uses #include <nss/somemoznssfile.h>
|
||||
# this doesn't work on fedora and similar which uses /usr/include/nss3
|
||||
# so we have to fake it out
|
||||
|
||||
# allow #include <nss/file.h> and <nspr/file.h>
|
||||
pushd include
|
||||
if [ ! -d nss ] ; then
|
||||
ln -s %_includedir/nss3 nss
|
||||
ln -s %{_includedir}/nss3 nss
|
||||
fi
|
||||
if [ ! -d nspr ] ; then
|
||||
ln -s %_includedir/nspr4 nspr
|
||||
ln -s %{_includedir}/nspr4 nspr
|
||||
fi
|
||||
popd
|
||||
|
||||
make %{_smp_mflags} LIBTOOL="$libtool"
|
||||
|
||||
}
|
||||
|
||||
# Build the servers with Kerberos support (for password checking, mainly).
|
||||
LIBS="$LIBS -lpthread"; export LIBS
|
||||
LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}; export LD_LIBRARY_PATH
|
||||
# Kerberos support:
|
||||
# - enabled in server (mainly for password checking)
|
||||
# - disabled in clients (not needed, to avoid stray dependencies)
|
||||
|
||||
# build servers
|
||||
export LIBS="$NSS_LIBS -lpthread"
|
||||
pushd openldap-%{version}/build-servers
|
||||
build \
|
||||
--enable-plugins \
|
||||
@ -273,12 +245,10 @@ build \
|
||||
--disable-dynamic \
|
||||
--with-kerberos=k5only \
|
||||
--enable-overlays=mod
|
||||
unset LIBS
|
||||
popd
|
||||
|
||||
# Build clients without Kerberos password-checking support, which is only
|
||||
# useful in the server anyway, to avoid stray dependencies.
|
||||
export LIBS="$MOZNSS_TLS_LIBS"
|
||||
# build clients
|
||||
export LIBS="$NSS_LIBS"
|
||||
pushd openldap-%{version}/build-clients
|
||||
build \
|
||||
--disable-slapd \
|
||||
@ -288,8 +258,8 @@ build \
|
||||
--with-pic
|
||||
popd
|
||||
|
||||
# Build evolution-specific clients just as we would normal clients, except with
|
||||
# a different installation directory in mind and no shared libraries.
|
||||
# build evolution-specific clients
|
||||
# (specific patch, different installation directory, no shared libraries)
|
||||
pushd evo-openldap-%{version}
|
||||
build \
|
||||
--disable-slapd \
|
||||
@ -303,135 +273,122 @@ build \
|
||||
popd
|
||||
|
||||
%install
|
||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
||||
rm -rf %{buildroot}
|
||||
libtool='%{_bindir}/libtool'
|
||||
tagname=CC; export tagname
|
||||
export tagname=CC
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/
|
||||
|
||||
pushd db-instroot/%{_lib}/
|
||||
install -d $RPM_BUILD_ROOT/%{_libdir}/
|
||||
install -m755 libslapd_db-*.*.so $RPM_BUILD_ROOT/%{_libdir}/
|
||||
popd
|
||||
|
||||
pushd db-%{db_version}
|
||||
mv LICENSE LICENSE.bdb-backend
|
||||
popd
|
||||
mkdir -p %{buildroot}/%{_libdir}/
|
||||
|
||||
# install servers
|
||||
pushd openldap-%{version}/build-servers
|
||||
make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" STRIP=""
|
||||
make install DESTDIR=%{buildroot} \
|
||||
libdir=%{_libdir} \
|
||||
LIBTOOL="$libtool" \
|
||||
STRIP=""
|
||||
popd
|
||||
|
||||
# Install the bdb maintenance tools.
|
||||
pushd db-instroot/bin
|
||||
for binary in db_* ; do
|
||||
install -m755 ${binary} $RPM_BUILD_ROOT/%{_sbindir}/slapd_${binary}
|
||||
done
|
||||
popd
|
||||
|
||||
# Install clients and shared libraries. Install the evo-specific versions
|
||||
# first so that any conflicting files are overwritten by generic versions.
|
||||
# install evolution-specific clients (conflicting files will be overwriten by generic version)
|
||||
pushd evo-openldap-%{version}
|
||||
make install DESTDIR=$RPM_BUILD_ROOT \
|
||||
make install DESTDIR=%{buildroot} \
|
||||
includedir=%{evolution_connector_includedir} \
|
||||
libdir=%{evolution_connector_libdir} \
|
||||
LIBTOOL="$libtool" \
|
||||
STRIP=""
|
||||
|
||||
install -m644 %SOURCE9 \
|
||||
$RPM_BUILD_ROOT/%{evolution_connector_prefix}/
|
||||
install -m 644 %SOURCE7 \
|
||||
%{buildroot}/%{evolution_connector_prefix}/
|
||||
popd
|
||||
|
||||
# install clients
|
||||
pushd openldap-%{version}/build-clients
|
||||
make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" STRIP=""
|
||||
make install DESTDIR=%{buildroot} \
|
||||
libdir=%{_libdir} \
|
||||
LIBTOOL="$libtool" \
|
||||
STRIP=""
|
||||
popd
|
||||
|
||||
# Create this directory so that authconfig setting TLS_CACERT to
|
||||
# /etc/openldap/cacerts doesn't cause TLS startup of any kind to fail
|
||||
# when the directory doesn't exist.
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/openldap/cacerts
|
||||
# make sure the certs directory exists
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
|
||||
# Touch the dummy slapd.pem to make rpmbuild happy
|
||||
touch $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/slapd.pem
|
||||
# setup directories for TLS certificates
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/openldap/cacerts
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
|
||||
|
||||
install -m 644 %SOURCE7 README.upgrading
|
||||
install -m 644 %SOURCE3 README.migration
|
||||
# install additional documentation
|
||||
install -m 644 %SOURCE5 README.migration
|
||||
install -m 644 %SOURCE6 README.upgrading
|
||||
|
||||
# Create the data directory.
|
||||
mkdir -p $RPM_BUILD_ROOT/var/lib/ldap
|
||||
# Create the new run directory
|
||||
mkdir -p $RPM_BUILD_ROOT/var/run/openldap
|
||||
# setup data and runtime directories
|
||||
mkdir -p %{buildroot}/var/lib/ldap
|
||||
mkdir -p %{buildroot}/var/run/openldap
|
||||
|
||||
# Hack the build root out of the default config files.
|
||||
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.conf
|
||||
# remove build root from config files and manual pages
|
||||
perl -pi -e "s|%{buildroot}||g" %{buildroot}/%{_sysconfdir}/openldap/*.conf
|
||||
perl -pi -e "s|%{buildroot}||g" %{buildroot}%{_mandir}/*/*.*
|
||||
|
||||
# Get the buildroot out of the man pages.
|
||||
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/*/*.*
|
||||
# we don't need the default files -- RPM handles changes
|
||||
rm -f %{buildroot}/%{_sysconfdir}/openldap/*.default
|
||||
rm -f %{buildroot}/%{_sysconfdir}/openldap/schema/*.default
|
||||
|
||||
# We don't need the default files -- RPM handles changes.
|
||||
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.default
|
||||
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/*.default
|
||||
# install an init script for the servers
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
|
||||
install -m 755 %SOURCE1 %{buildroot}%{_sysconfdir}/rc.d/init.d/slapd
|
||||
|
||||
# Install an init script for the servers.
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
|
||||
install -m 755 %SOURCE4 $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/slapd
|
||||
# install syconfig/ldap
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
|
||||
install -m 644 %SOURCE2 %{buildroot}%{_sysconfdir}/sysconfig/ldap
|
||||
|
||||
# Install syconfig/ldap
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
|
||||
install -m 644 %SOURCE10 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ldap
|
||||
# add some more schema for the sake of migration scripts
|
||||
install -d -m755 %{buildroot}%{_sysconfdir}/openldap/schema/redhat
|
||||
install -m644 %SOURCE3 \
|
||||
%{buildroot}%{_sysconfdir}/openldap/schema/redhat/
|
||||
|
||||
# Add some more schema for the sake of migration scripts.
|
||||
install -d -m755 $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat
|
||||
install -m644 %SOURCE6 \
|
||||
$RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat/
|
||||
# move slapd out of _libdir
|
||||
mv %{buildroot}/%{_libdir}/slapd %{buildroot}/%{_sbindir}/
|
||||
|
||||
# Move slapd and slurpd out of _libdir
|
||||
mv $RPM_BUILD_ROOT/%{_libdir}/slapd $RPM_BUILD_ROOT/%{_sbindir}/
|
||||
rm -f $RPM_BUILD_ROOT/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
||||
for X in acl add auth cat dn index passwd test schema; do ln -s slapd $RPM_BUILD_ROOT/%{_sbindir}/slap$X ; done
|
||||
# setup tools as symlinks to slapd
|
||||
rm -f %{buildroot}/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
||||
rm -f %{buildroot}/%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
|
||||
for X in acl add auth cat dn index passwd test schema; do ln -s slapd %{buildroot}/%{_sbindir}/slap$X ; done
|
||||
|
||||
# Tweak permissions on the libraries to make sure they're correct.
|
||||
chmod 755 $RPM_BUILD_ROOT/%{_libdir}/lib*.so*
|
||||
chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a
|
||||
# tweak permissions on the libraries to make sure they're correct
|
||||
chmod 755 %{buildroot}/%{_libdir}/lib*.so*
|
||||
chmod 644 %{buildroot}/%{_libdir}/lib*.*a
|
||||
|
||||
# slapd.conf(5) is obsoleted since 2.3, see slapd-config(5)
|
||||
# new configuration will be generated in %post
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openldap-servers
|
||||
mkdir $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
|
||||
mv $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.conf $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
||||
chmod 0644 $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
||||
mkdir -p %{buildroot}/%{_datadir}/openldap-servers
|
||||
mkdir %{buildroot}/%{_sysconfdir}/openldap/slapd.d
|
||||
mv %{buildroot}/%{_sysconfdir}/openldap/slapd.conf %{buildroot}/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
||||
chmod 0644 %{buildroot}/%{_datadir}/openldap-servers/slapd.conf.obsolete
|
||||
|
||||
# Move doc files out of _sysconfdir
|
||||
mv $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/README README.schema
|
||||
mv $RPM_BUILD_ROOT%{_sysconfdir}/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/DB_CONFIG.example
|
||||
# move doc files out of _sysconfdir
|
||||
mv %{buildroot}%{_sysconfdir}/openldap/schema/README README.schema
|
||||
mv %{buildroot}%{_sysconfdir}/openldap/DB_CONFIG.example %{buildroot}/%{_datadir}/openldap-servers/DB_CONFIG.example
|
||||
chmod 0644 openldap-%{version}/servers/slapd/back-sql/rdbms_depend/timesten/*.sh
|
||||
chmod 0644 $RPM_BUILD_ROOT/%{_datadir}/openldap-servers/DB_CONFIG.example
|
||||
chmod 0644 %{buildroot}/%{_datadir}/openldap-servers/DB_CONFIG.example
|
||||
|
||||
# Remove files which we don't want packaged.
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.a
|
||||
rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.la
|
||||
rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.so*
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.a
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.so
|
||||
# remove files which we don't want packaged
|
||||
rm -f %{buildroot}/%{_libdir}/*.la
|
||||
rm -f %{buildroot}/%{_libdir}/*.a
|
||||
rm -f %{buildroot}/%{evolution_connector_libdir}/*.la
|
||||
rm -f %{buildroot}/%{evolution_connector_libdir}/*.so*
|
||||
rm -f %{buildroot}/%{_libdir}/openldap/*.a
|
||||
rm -f %{buildroot}/%{_libdir}/openldap/*.so
|
||||
|
||||
rm -f $RPM_BUILD_ROOT%{_localstatedir}/openldap-data/DB_CONFIG.example
|
||||
rmdir $RPM_BUILD_ROOT%{_localstatedir}/openldap-data
|
||||
rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example
|
||||
rmdir %{buildroot}%{_localstatedir}/openldap-data
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
rm -rf %{buildroot}
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%pre servers
|
||||
# Take care to only do ownership-changing if we're adding the user.
|
||||
getent group ldap > /dev/null || \
|
||||
/usr/sbin/groupadd -r -g 55 ldap
|
||||
if /usr/sbin/useradd -c "LDAP User" -u 55 -g ldap \
|
||||
-s /sbin/nologin -r -d /var/lib/ldap ldap 2> /dev/null ; then
|
||||
|
||||
# create ldap user and group
|
||||
getent group ldap >/dev/null || groupadd -r -g 55 ldap
|
||||
if ! getent passwd ldap >/dev/null; then
|
||||
useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "LDAP User" ldap
|
||||
# setup ownership of database files
|
||||
if [ -d /var/lib/ldap ] ; then
|
||||
for dbfile in /var/lib/ldap/* ; do
|
||||
if [ -f $dbfile ] ; then
|
||||
@ -441,86 +398,55 @@ if /usr/sbin/useradd -c "LDAP User" -u 55 -g ldap \
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$1" = "2" ]; then
|
||||
# guess, if database upgrade is necessary
|
||||
OLD_BDB_VERSION=$( slapd_db_upgrade -V | sed 's/.* \([0-9\.]*\)\.[0-9]*:.*/\1/' )
|
||||
NEW_BDB_VERSION=$( echo %{db_version} | sed 's/.[0-9]*$//' )
|
||||
# upgrade
|
||||
if [ $1 -eq 2 ]; then
|
||||
# safe way to migrate the database if minor version number changed (2.x -> 2.y)
|
||||
# http://www.openldap.org/doc/admin24/maintenance.html
|
||||
|
||||
OLD_SLAPD_VERSION=$( rpm -q --qf "%{VERSION}" openldap-servers | sed 's/\.[0-9]*$//' )
|
||||
NEW_SLAPD_VERSION=$( echo %{version} | sed 's/\.[0-9]*$//' )
|
||||
# we need to detect how is the init script named
|
||||
# - in older versions ldap
|
||||
# - in newer versions slapd
|
||||
if [ -f %{_initrddir}/ldap ]; then
|
||||
SERVICE_NAME=ldap
|
||||
elif [ -f %{_initrddir}/slapd ]; then
|
||||
SERVICE_NAME=slapd
|
||||
fi
|
||||
old_version=$(rpm -q --qf=%%{version} openldap-servers | sed 's/\.[0-9]*$//')
|
||||
new_version=$(sed 's/\.[0-9]*$//' <<< %{version})
|
||||
|
||||
if [ "$OLD_SLAPD_VERSION" != "$NEW_SLAPD_VERSION" ]; then
|
||||
# Minor version number has changed -> slapcat/slapadd of the BDB database
|
||||
# is necessary. Save an ldif of the database where the "% post servers"
|
||||
# scriptlet can restore it. Also save the database files to a "rpmorig"
|
||||
# directory - Just In Case (TM)
|
||||
if [ "$old_version" != "$new_version" ]; then
|
||||
pushd %{_sharedstatedir}/ldap
|
||||
|
||||
# stop the server
|
||||
if /sbin/service $SERVICE_NAME status &>/dev/null; then
|
||||
touch /var/lib/ldap/need_start
|
||||
/sbin/service $SERVICE_NAME stop &>/dev/null
|
||||
fi
|
||||
|
||||
files=$(echo /var/lib/ldap/{log.*,__db.*,[a]lock})
|
||||
if [ "$files" != '/var/lib/ldap/log.* /var/lib/ldap/__db.* /var/lib/ldap/[a]lock' ] ; then
|
||||
if /usr/sbin/slapcat -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1 ; then
|
||||
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
|
||||
/bin/rm -fr /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
|
||||
mkdir /var/lib/ldap/rpmorig
|
||||
mv /var/lib/ldap/{alock,*.bdb,__db.*,log.*} /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
|
||||
cp -f /var/lib/ldap/DB_CONFIG /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
|
||||
# stop the service
|
||||
if service slapd status &>/dev/null; then
|
||||
touch need_start
|
||||
service slapd stop
|
||||
else
|
||||
/bin/rm -f /var/lib/ldap/upgrade.ldif
|
||||
fi
|
||||
fi
|
||||
rm -f need_start
|
||||
fi
|
||||
|
||||
if ls __db.* &>/dev/null; then
|
||||
# export the database
|
||||
if [ -f %{_sysconfdir}/openldap/slapd.conf ]; then
|
||||
slapcat -f %{_sysconfdir}/openldap/slapd.conf -l upgrade.ldif &>/dev/null
|
||||
else
|
||||
if [ "$OLD_BDB_VERSION" != "$NEW_BDB_VERSION" ]; then
|
||||
# Minor version number of bdb has changed -> run db_upgrade in % post script
|
||||
|
||||
# stop the server
|
||||
if /sbin/service $SERVICE_NAME status &>/dev/null; then
|
||||
touch /var/lib/ldap/need_start
|
||||
/sbin/service $SERVICE_NAME stop &>/dev/null
|
||||
slapcat -F %{_sysconfdir}/openldap/slapd.d -l upgrade.ldif &>/dev/null
|
||||
fi
|
||||
|
||||
# Ensure, that the database is correct
|
||||
/sbin/runuser -m -s /usr/sbin/slapd_db_recover -- "ldap" -h /var/lib/ldap &>/dev/null
|
||||
# Just create /var/lib/ldap/need_db_upgrade so % post knows
|
||||
touch /var/lib/ldap/need_db_upgrade &>/dev/null
|
||||
# backup the old database
|
||||
if [ $? -eq 0 ]; then
|
||||
rm -rf rpmorig
|
||||
mv alock *.bdb __db.* log.* rpmorig &>/dev/null || :
|
||||
cp -f rpmorig/DB_CONFIG . &>/dev/null || :
|
||||
else
|
||||
rm -f upgrade.ldif
|
||||
fi
|
||||
fi
|
||||
|
||||
popd
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
%post servers
|
||||
|
||||
/sbin/ldconfig
|
||||
/sbin/chkconfig --add slapd
|
||||
# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
|
||||
# It was created by the % pre above.
|
||||
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
|
||||
/sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1
|
||||
rm -f /var/lib/ldap/upgrade.ldif
|
||||
fi
|
||||
|
||||
# If there's a /var/lib/ldap/need_db_upgrade file, run db_upgrade and delete it.
|
||||
# It was created by the % pre above.
|
||||
if [ -f /var/lib/ldap/need_db_upgrade ]; then
|
||||
if ls /var/lib/ldap/*.bdb > /dev/null 2>&1; then
|
||||
/sbin/runuser -m -s /usr/sbin/slapd_db_upgrade -- "ldap" -h /var/lib/ldap /var/lib/ldap/*.bdb
|
||||
fi
|
||||
/sbin/runuser -m -s /usr/sbin/slapd_db_checkpoint -- "ldap" -h /var/lib/ldap -1
|
||||
rm -f /var/lib/ldap/need_db_upgrade
|
||||
fi
|
||||
|
||||
# generate sample TLS certificates
|
||||
if [ ! -f %{_sysconfdir}/pki/tls/certs/slapd.pem ] ; then
|
||||
pushd %{_sysconfdir}/pki/tls/certs > /dev/null 2>&1
|
||||
umask 077
|
||||
@ -538,18 +464,20 @@ chmod 640 slapd.pem
|
||||
popd
|
||||
fi
|
||||
|
||||
if [ `find %{_sysconfdir}/openldap/slapd.d -maxdepth 0 -empty | wc -l` = "1" ]; then
|
||||
# configuration in slapd.d not available
|
||||
# generate configuration in slapd.d
|
||||
if ! ls -d %{_sysconfdir}/openldap/slapd.d/* &>/dev/null; then
|
||||
|
||||
# fresh installation
|
||||
[ ! -f %{_sysconfdir}/openldap/slapd.conf ]
|
||||
fresh_install=$?
|
||||
|
||||
[ $fresh_install -eq 0 ] && \
|
||||
cp %{_datadir}/openldap-servers/slapd.conf.obsolete %{_sysconfdir}/openldap/slapd.conf
|
||||
|
||||
# convert from old style config slapd.conf
|
||||
mv %{_sysconfdir}/openldap/slapd.conf %{_sysconfdir}/openldap/slapd.conf.bak
|
||||
mkdir -p %{_sysconfdir}/openldap/slapd.d/
|
||||
lines=`egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1`
|
||||
lines=$(egrep -n '^(database|backend)' %{_sysconfdir}/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1)
|
||||
lines=$(($lines-1))
|
||||
head -n $lines %{_sysconfdir}/openldap/slapd.conf.bak > %{_sysconfdir}/openldap/slapd.conf
|
||||
cat >> %{_sysconfdir}/openldap/slapd.conf << EOF
|
||||
@ -557,7 +485,7 @@ database config
|
||||
rootdn "cn=admin,cn=config"
|
||||
#rootpw secret
|
||||
EOF
|
||||
lines_r=`wc --lines %{_sysconfdir}/openldap/slapd.conf.bak | cut -f1 -d" "`
|
||||
lines_r=$(wc --lines %{_sysconfdir}/openldap/slapd.conf.bak | cut -f1 -d" ")
|
||||
lines_r=$(($lines_r-$lines))
|
||||
tail -n $lines_r %{_sysconfdir}/openldap/slapd.conf.bak >> %{_sysconfdir}/openldap/slapd.conf
|
||||
slaptest -f %{_sysconfdir}/openldap/slapd.conf -F %{_sysconfdir}/openldap/slapd.d > /dev/null 2> /dev/null
|
||||
@ -570,26 +498,31 @@ EOF
|
||||
[ $fresh_install -eq 0 ] && rm -f %{_sysconfdir}/openldap/slapd.conf.bak
|
||||
fi
|
||||
|
||||
# finish database migration (see %pre)
|
||||
if [ -f %{_sharedstatedir}/ldap/upgrade.ldif ]; then
|
||||
runuser -m -s /usr/sbin/slapadd -- ldap -l %{_sharedstatedir}/ldap/upgrade.ldif &>/dev/null
|
||||
rm -f %{_sharedstatedir}/ldap/upgrade.ldif
|
||||
fi
|
||||
|
||||
# restart after upgrade
|
||||
if [ $1 -ge 1 ]; then
|
||||
/sbin/service slapd condrestart &>/dev/null
|
||||
/sbin/service slapd status &>/dev/null
|
||||
if [ "$?" != "0" -a -f /var/lib/ldap/need_start ]; then
|
||||
/sbin/service slapd start &>/dev/null
|
||||
rm -f /var/lib/ldap/need_start &>/dev/null
|
||||
if [ -f %{_sharedstatedir}/ldap/need_start ]; then
|
||||
service slapd start
|
||||
rm -f %{_sharedstatedir}/ldap/need_start
|
||||
else
|
||||
/sbin/service slapd condrestart
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
%preun servers
|
||||
if [ "$1" = "0" ] ; then
|
||||
if [ $1 -eq 0 ] ; then
|
||||
/sbin/service slapd stop > /dev/null 2>&1 || :
|
||||
/sbin/chkconfig --del slapd
|
||||
# Openldap-servers are being removed from system.
|
||||
# Do not touch the database! Older versions of this
|
||||
# package attempted to store database in LDIF format, so
|
||||
# it can be restored later - but it's up to the administrator
|
||||
# to save the database, if he/she wants so.
|
||||
|
||||
# openldap-servers are being removed from system
|
||||
# do not touch the database!
|
||||
fi
|
||||
|
||||
%postun servers
|
||||
@ -599,6 +532,58 @@ fi
|
||||
|
||||
%postun devel -p /sbin/ldconfig
|
||||
|
||||
%triggerin servers -- db4
|
||||
|
||||
# db4 upgrade (see %triggerun)
|
||||
if [ $2 -eq 2 ]; then
|
||||
pushd %{_sharedstatedir}/ldap
|
||||
|
||||
# we are interested in minor version changes (both versions of db4 are installed at this moment)
|
||||
if [ "$(rpm -q --qf="%%{version}\n" db4 | sed 's/\.[0-9]*$//' | sort -u | wc -l)" != "1" ]; then
|
||||
# stop the service
|
||||
if service slapd status &>/dev/null; then
|
||||
touch need_start
|
||||
service slapd stop
|
||||
fi
|
||||
|
||||
# ensure the database is consistent
|
||||
runuser -m -s /usr/sbin/db_recover -- "ldap" -h %{_sharedstatedir}/ldap &>/dev/null
|
||||
|
||||
# upgrade will be performed after removing old db4
|
||||
touch upgrade_db4
|
||||
else
|
||||
rm -f upgrade_db4
|
||||
fi
|
||||
|
||||
popd
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
%triggerun servers -- db4
|
||||
|
||||
# db4 upgrade (see %triggerin)
|
||||
if [ -f %{_sharedstatedir}/ldap/upgrade_db4 ]; then
|
||||
pushd %{_sharedstatedir}/ldap
|
||||
|
||||
# perform the upgrade
|
||||
if ls *.bdb &>/dev/null; then
|
||||
runuser -m -s /usr/bin/db_upgrade -- "ldap" -h %{_sharedstatedir}/ldap %{_sharedstatedir}/ldap/*.bdb
|
||||
runuser -m -s /usr/bin/db_checkpoint -- "ldap" -h %{_sharedstatedir}/ldap -1
|
||||
fi
|
||||
|
||||
# start the service
|
||||
if [ -f need_start ]; then
|
||||
service slapd start
|
||||
rm -f need_start
|
||||
fi
|
||||
|
||||
rm -f upgrade_db4
|
||||
popd
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc openldap-%{version}/ANNOUNCEMENT
|
||||
@ -618,14 +603,13 @@ fi
|
||||
|
||||
%files servers
|
||||
%defattr(-,root,root)
|
||||
%doc db-%{db_version}/LICENSE.bdb-backend
|
||||
%doc README.upgrading
|
||||
%doc README.migration
|
||||
%doc openldap-%{version}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
|
||||
%doc openldap-%{version}/doc/guide/admin/*.html
|
||||
%doc openldap-%{version}/doc/guide/admin/*.png
|
||||
%doc README.schema
|
||||
%ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/slapd.pem
|
||||
%attr(0640,root,ldap) %ghost %config(noreplace) %{_sysconfdir}/pki/tls/certs/slapd.pem
|
||||
%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/slapd
|
||||
%attr(0750,ldap,ldap) %dir %config(noreplace) %{_sysconfdir}/openldap/slapd.d
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ldap
|
||||
@ -640,7 +624,6 @@ fi
|
||||
%attr(0644,root,root) %{_mandir}/man5/slapo-*.5*
|
||||
%attr(0700,ldap,ldap) %dir /var/lib/ldap
|
||||
%attr(0755,ldap,ldap) %dir /var/run/openldap
|
||||
%attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
|
||||
%attr(0755,root,root) %dir %{_libdir}/openldap
|
||||
%attr(0755,root,root) %{_libdir}/openldap/[^b]*
|
||||
%attr(0755,root,root) %dir %{_datadir}/openldap-servers
|
||||
@ -675,6 +658,11 @@ fi
|
||||
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
|
||||
|
||||
%changelog
|
||||
* Fri Aug 27 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.23-1
|
||||
- rebase to 2.4.23
|
||||
- embeded db4 library removed
|
||||
- removed bogus links in "SEE ALSO" in several man-pages (#624616)
|
||||
|
||||
* Thu Jul 22 2010 Jan Vcelak <jvcelak@redhat.com> 2.4.22-7
|
||||
- Mozilla NSS - delay token auth until needed (#616552)
|
||||
- Mozilla NSS - support use of self signed CA certs as server certs (#614545)
|
||||
|
Loading…
Reference in New Issue
Block a user