From ca6944a374e3bd792271e61452ceeb52f28f6d39 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 11 Mar 2025 07:53:45 +0000 Subject: [PATCH] import CS openldap-2.6.8-4.el9 --- .gitignore | 2 +- .openldap.metadata | 2 +- ...TS-9917-Remove--h-and-p-from-options.patch | 139 ++++++++++++++++++ ...-fix-TLS-connection-timeout-handling.patch | 100 +++++++++++++ ...L-context-cleanup-during-library-des.patch | 92 ++++++++++++ SOURCES/openldap.sysusers | 3 + SPECS/openldap.spec | 78 +++++++--- 7 files changed, 396 insertions(+), 20 deletions(-) create mode 100644 SOURCES/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch create mode 100644 SOURCES/openldap-fix-TLS-connection-timeout-handling.patch create mode 100644 SOURCES/openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch create mode 100644 SOURCES/openldap.sysusers diff --git a/.gitignore b/.gitignore index 528a221..e1c0b45 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openldap-2.6.6.tgz +SOURCES/openldap-2.6.8.tgz SOURCES/openldap-ppolicy-check-password-1.1.tar.gz diff --git a/.openldap.metadata b/.openldap.metadata index 6dd6183..ccf7d01 100644 --- a/.openldap.metadata +++ b/.openldap.metadata @@ -1,2 +1,2 @@ -633bc0ce9b5d91852c1fe38c720763f32d18390f SOURCES/openldap-2.6.6.tgz +6fd946938df37e2133e043c422039d3a71bd90d4 SOURCES/openldap-2.6.8.tgz d9f2c30aa3ec5760d4eb5923f461ca8eed92703d SOURCES/openldap-ppolicy-check-password-1.1.tar.gz diff --git a/SOURCES/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch b/SOURCES/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch new file mode 100644 index 0000000..31d2033 --- /dev/null +++ b/SOURCES/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch @@ -0,0 +1,139 @@ +From 25db869956b0f8edaa3a688a4b3dc92c2d9832f5 Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Thu, 12 Dec 2024 19:58:37 -0800 +Subject: [PATCH] Revert "ITS#9917 Remove 'h' and 'p' from options[] in client + tools" + +This reverts commit a8f7fd00043e2c63b6216aeb3ba69b0d0485311b. +--- + clients/tools/ldapcompare.c | 2 +- + clients/tools/ldapdelete.c | 2 +- + clients/tools/ldapexop.c | 2 +- + clients/tools/ldapmodify.c | 2 +- + clients/tools/ldapmodrdn.c | 2 +- + clients/tools/ldappasswd.c | 2 +- + clients/tools/ldapsearch.c | 2 +- + clients/tools/ldapvc.c | 2 +- + clients/tools/ldapwhoami.c | 2 +- + 9 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/clients/tools/ldapcompare.c b/clients/tools/ldapcompare.c +index e571600f35..39b7b80aec 100644 +--- a/clients/tools/ldapcompare.c ++++ b/clients/tools/ldapcompare.c +@@ -104,7 +104,7 @@ static int docompare LDAP_P(( + + + const char options[] = "z" +- "Cd:D:e:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z"; ++ "Cd:D:e:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z"; + + #ifdef LDAP_CONTROL_DONTUSECOPY + int dontUseCopy = 0; +diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c +index f31e5bb3f8..b3676faaa7 100644 +--- a/clients/tools/ldapdelete.c ++++ b/clients/tools/ldapdelete.c +@@ -82,7 +82,7 @@ usage( void ) + + + const char options[] = "r" +- "cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:z:Z"; ++ "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapexop.c b/clients/tools/ldapexop.c +index d66f2cfb1f..10fe910dc3 100644 +--- a/clients/tools/ldapexop.c ++++ b/clients/tools/ldapexop.c +@@ -52,7 +52,7 @@ usage( void ) + + + const char options[] = "" +- "d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z"; ++ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c +index 032e4e1479..d33b092308 100644 +--- a/clients/tools/ldapmodify.c ++++ b/clients/tools/ldapmodify.c +@@ -127,7 +127,7 @@ usage( void ) + + + const char options[] = "aE:rS:" +- "cd:D:e:f:H:Ij:MnNO:o:P:QR:U:vVw:WxX:y:Y:Z"; ++ "cd:D:e:f:h:H:Ij:MnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c +index 1197d3813f..6ea8b66380 100644 +--- a/clients/tools/ldapmodrdn.c ++++ b/clients/tools/ldapmodrdn.c +@@ -95,7 +95,7 @@ usage( void ) + + + const char options[] = "rs:" +- "cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z"; ++ "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c +index cd0650e914..e34d897c7b 100644 +--- a/clients/tools/ldappasswd.c ++++ b/clients/tools/ldappasswd.c +@@ -83,7 +83,7 @@ usage( void ) + + + const char options[] = "Ea:As:St:T:" +- "d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z"; ++ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c +index 3755a937d2..ab9308f593 100644 +--- a/clients/tools/ldapsearch.c ++++ b/clients/tools/ldapsearch.c +@@ -363,7 +363,7 @@ parse_vlv(char *cvalue) + } + + const char options[] = "a:Ab:cE:F:l:Ls:S:tT:uz:" +- "Cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z"; ++ "Cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapvc.c b/clients/tools/ldapvc.c +index e359611882..a59595b56e 100644 +--- a/clients/tools/ldapvc.c ++++ b/clients/tools/ldapvc.c +@@ -86,7 +86,7 @@ usage( void ) + + + const char options[] = "abE:" +- "d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z"; ++ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c +index be1f81300a..ac6197b061 100644 +--- a/clients/tools/ldapwhoami.c ++++ b/clients/tools/ldapwhoami.c +@@ -62,7 +62,7 @@ usage( void ) + + + const char options[] = "" +- "d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z"; ++ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +-- +2.47.1 + diff --git a/SOURCES/openldap-fix-TLS-connection-timeout-handling.patch b/SOURCES/openldap-fix-TLS-connection-timeout-handling.patch new file mode 100644 index 0000000..98ec7d4 --- /dev/null +++ b/SOURCES/openldap-fix-TLS-connection-timeout-handling.patch @@ -0,0 +1,100 @@ +From 5645e37044e77c72f8868ecf62b6c7983c0afc2b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= +Date: Mon, 21 Oct 2024 11:50:11 +0100 +Subject: [PATCH 1/6] ITS#8047 Fix TLS connection timeout handling + +The test for async in ldap_int_tls_start was inverted, we already +support calling ldap_int_tls_connect repeatedly. And so long as +LBER_SB_OPT_NEEDS_* are managed correctly, the application should be +able to do the right thing. + +Might require a new result code rather than reporposing +LDAP_X_CONNECTING for this. +--- + libraries/libldap/ldap-int.h | 1 + + libraries/libldap/tls2.c | 18 +++++++++++++++++- + 2 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h +index 3ef17643b1..7e754775e8 100644 +--- a/libraries/libldap/ldap-int.h ++++ b/libraries/libldap/ldap-int.h +@@ -368,6 +368,7 @@ typedef struct ldap_conn { + #define LDAP_CONNST_NEEDSOCKET 1 + #define LDAP_CONNST_CONNECTING 2 + #define LDAP_CONNST_CONNECTED 3 ++#define LDAP_CONNST_TLS_INPROGRESS 4 + LDAPURLDesc *lconn_server; + BerElement *lconn_ber; /* ber receiving on this conn. */ + +diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c +index dea46de0ad..cf6f4dcf9a 100644 +--- a/libraries/libldap/tls2.c ++++ b/libraries/libldap/tls2.c +@@ -383,6 +383,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host ) + if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb != + ld->ld_options.ldo_tls_connect_cb ) + lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg ); ++ conn->lconn_status = LDAP_CONNST_TLS_INPROGRESS; + } + + /* pass hostname for SNI, but only if it's an actual name +@@ -441,9 +442,11 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host ) + ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug, + LBER_SBIOD_LEVEL_TRANSPORT ); + #endif ++ conn->lconn_status = LDAP_CONNST_CONNECTED; + return -1; + } + ++ conn->lconn_status = LDAP_CONNST_CONNECTED; + return 0; + } + +@@ -516,8 +519,9 @@ int + ldap_tls_inplace( LDAP *ld ) + { + Sockbuf *sb = NULL; ++ LDAPConn *lc = ld->ld_defconn; + +- if ( ld->ld_defconn && ld->ld_defconn->lconn_sb ) { ++ if ( lc && lc->lconn_sb ) { + sb = ld->ld_defconn->lconn_sb; + + } else if ( ld->ld_sb ) { +@@ -527,6 +531,10 @@ ldap_tls_inplace( LDAP *ld ) + return 0; + } + ++ if ( lc && lc->lconn_status == LDAP_CONNST_TLS_INPROGRESS ) { ++ return 0; ++ } ++ + return ldap_pvt_tls_inplace( sb ); + } + +@@ -1159,6 +1167,9 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv ) + */ + while ( ret > 0 ) { + if ( async ) { ++ ld->ld_errno = LDAP_X_CONNECTING; ++ return (ld->ld_errno); ++ } else { + struct timeval curr_time_tv, delta_tv; + int wr=0; + +@@ -1217,6 +1228,11 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv ) + ret = ldap_int_tls_connect( ld, conn, host ); + } + ++ if ( !async && ld->ld_options.ldo_tm_net.tv_sec >= 0 ) { ++ /* Restore original sb status */ ++ ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)0 ); ++ } ++ + if ( ret < 0 ) { + if ( ld->ld_errno == LDAP_SUCCESS ) + ld->ld_errno = LDAP_CONNECT_ERROR; +-- +2.47.1 + diff --git a/SOURCES/openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch b/SOURCES/openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch new file mode 100644 index 0000000..3663f3f --- /dev/null +++ b/SOURCES/openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch @@ -0,0 +1,92 @@ +From 5f4569f0605a73eb1a282ee5251ead073ed3b26e Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Tue, 26 Nov 2024 12:32:07 -0800 +Subject: [PATCH] libldap: avoid SSL context cleanup during library destruction + +Given that libldap can be pulled into random applications and applications +are allowed to call OPENSSL_cleanup() before exiting, the only sane thing +to do is to avoid trying to touch SSL context in ldap destructors, and just +let them leak if the application does not explicitly free the ldap context. + +Add ldap_int_tls_destroy_safe() which skips SSL context cleanup while +maintaining all other cleanup operations, and use it in the library +destructor path. + +Fixes: https://bugs.openldap.org/show_bug.cgi?id=9952 +--- + libraries/libldap/init.c | 2 +- + libraries/libldap/ldap-int.h | 1 + + libraries/libldap/tls2.c | 25 +++++++++++++++++++++---- + 3 files changed, 23 insertions(+), 5 deletions(-) + +diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c +index 213276b4b5..aa017f4128 100644 +--- a/libraries/libldap/init.c ++++ b/libraries/libldap/init.c +@@ -545,7 +545,7 @@ ldap_int_destroy_global_options(void) + } + #endif + #ifdef HAVE_TLS +- ldap_int_tls_destroy( gopts ); ++ ldap_int_tls_destroy_safe( gopts ); + #endif + } + +diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h +index 7e754775e8..b73097ccc7 100644 +--- a/libraries/libldap/ldap-int.h ++++ b/libraries/libldap/ldap-int.h +@@ -914,6 +914,7 @@ LDAP_F (int) ldap_int_tls_start LDAP_P(( LDAP *ld, + LDAPConn *conn, LDAPURLDesc *srv )); + + LDAP_F (void) ldap_int_tls_destroy LDAP_P(( struct ldapoptions *lo )); ++LDAP_F (void) ldap_int_tls_destroy_safe LDAP_P(( struct ldapoptions *lo )); + + /* + * in getvalues.c +diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c +index 0841005a59..82f8573602 100644 +--- a/libraries/libldap/tls2.c ++++ b/libraries/libldap/tls2.c +@@ -97,10 +97,14 @@ tls_ctx_ref( tls_ctx *ctx ) + static ldap_pvt_thread_mutex_t tls_def_ctx_mutex; + #endif + +-void +-ldap_int_tls_destroy( struct ldapoptions *lo ) +-{ +- if ( lo->ldo_tls_ctx ) { ++/* ++ * Implementation function that handles all cleanup. ++ * skip_ctx_cleanup: 1 when called from destructor, 0 for normal operation ++ */ ++static void ++ldap_int_tls_destroy_impl( struct ldapoptions *lo, int skip_ctx_cleanup ) ++ { ++ if ( lo->ldo_tls_ctx && !skip_ctx_cleanup ) { + ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx ); + lo->ldo_tls_ctx = NULL; + } +@@ -147,6 +151,19 @@ ldap_int_tls_destroy( struct ldapoptions *lo ) + BER_BVZERO( &lo->ldo_tls_pin ); + } + ++ ++void ++ldap_int_tls_destroy( struct ldapoptions *lo ) ++{ ++ ldap_int_tls_destroy_impl(lo, 0); ++} ++ ++/* Safe version for destructor use */ ++void ldap_int_tls_destroy_safe( struct ldapoptions *lo ) ++{ ++ ldap_int_tls_destroy_impl(lo, 1); ++} ++ + /* + * Tear down the TLS subsystem. Should only be called once. + */ +-- +2.47.0 + diff --git a/SOURCES/openldap.sysusers b/SOURCES/openldap.sysusers new file mode 100644 index 0000000..37ef083 --- /dev/null +++ b/SOURCES/openldap.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g ldap 55 +u ldap 55:55 "OpenLDAP server" /var/lib/ldap /sbin/nologin diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec index 6acb5fb..19e07e2 100644 --- a/SPECS/openldap.spec +++ b/SPECS/openldap.spec @@ -15,10 +15,10 @@ %global __brp_remove_la_files %nil Name: openldap -Version: 2.6.6 -Release: 1%{?dist} +Version: 2.6.8 +Release: 4%{?dist} Summary: LDAP support libraries -License: OpenLDAP +License: OLDAP-2.8 URL: http://www.openldap.org/ Source0: https://openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz @@ -27,6 +27,7 @@ Source2: slapd.tmpfiles Source3: slapd.ldif Source4: ldap.conf Source5: UPGRADE_INSTRUCTIONS +Source6: openldap.sysusers Source10: https://github.com/ltb-project/openldap-ppolicy-check-password/archive/v%{check_password_version}/openldap-ppolicy-check-password-%{check_password_version}.tar.gz Source50: libexec-functions Source52: libexec-check-config.sh @@ -49,6 +50,9 @@ Patch6: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch Patch7: openldap-openssl-manpage-defaultCA.patch Patch8: openldap-add-export-symbols-LDAP_CONNECTIONLESS.patch Patch9: openldap-Revert-ITS-8618-Remove-deprecated-h-and-p.patch +Patch10: openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch +Patch11: openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch +Patch12: openldap-fix-TLS-connection-timeout-handling.patch # check-password module specific patches Patch90: check-password-makefile.patch @@ -71,6 +75,8 @@ BuildRequires: unixODBC-devel BuildRequires: systemd BuildRequires: libdb-devel BuildRequires: cracklib-devel +BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access @@ -153,15 +159,18 @@ programs needed for accessing and modifying OpenLDAP directories. %setup -q -c -a 0 -a 10 pushd openldap-%{version} -%patch0 -p1 -%patch1 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 +%patch -P0 -p1 +%patch -P1 -p1 +%patch -P3 -p1 +%patch -P4 -p1 +%patch -P5 -p1 +%patch -P6 -p1 +%patch -P7 -p1 +%patch -P8 -p1 +%patch -P9 -p1 +%patch -P10 -p1 +%patch -P11 -p1 +%patch -P12 -p1 # build smbk5pwd with other overlays ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays @@ -182,8 +191,8 @@ done popd pushd openldap-ppolicy-check-password-%{check_password_version} -%patch90 -p1 -%patch91 -p1 +%patch -P90 -p1 +%patch -P91 -p1 popd %build @@ -191,6 +200,8 @@ popd %set_build_flags # enable experimental support for LDAP over UDP (LDAP_CONNECTIONLESS) export CFLAGS="${CFLAGS} ${LDFLAGS} -Wl,--as-needed -Wl,-z,now -DLDAP_CONNECTIONLESS" +# disable legacy hash algorithm +export CFLAGS="${CFLAGS} -DOPENSSL_NO_MD2" pushd openldap-%{version} %configure \ @@ -245,6 +256,9 @@ popd %install mkdir -p %{buildroot}%{_libdir}/ +%if %{with servers} +install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/openldap.conf +%endif pushd openldap-%{version} %make_install STRIP_OPTS="" @@ -382,10 +396,8 @@ rm %{buildroot}%{_libdir}/*.la # because we do not want files in %{_libdir}/ope %if %{with servers} %pre servers # create ldap user and group -getent group ldap &>/dev/null || groupadd -r -g 55 ldap -getent passwd ldap &>/dev/null || \ - useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap -exit 0 +# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format +%sysusers_create_compat %{SOURCE6} %post servers %systemd_post slapd.service @@ -476,6 +488,7 @@ exit 0 %{_libdir}/openldap/home* %{_libdir}/openldap/lloadd* %{_libdir}/openldap/memberof* +%{_libdir}/openldap/nestgroup* %{_libdir}/openldap/otp* %{_libdir}/openldap/pcache* %{_libdir}/openldap/ppolicy* @@ -498,6 +511,7 @@ exit 0 %{_mandir}/man5/slapd*.5* %{_mandir}/man5/slapo-*.5* %{_mandir}/man5/slappw-argon2.5* +%{_sysusersdir}/openldap.conf # obsolete configuration %ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf %else @@ -541,6 +555,34 @@ exit 0 %{_libdir}/libslapi-2.4*.so.* %changelog +* Wed Feb 12 2025 Simon Pichugin - 2.6.8-4 +- Fix TLS connection timeout handling (RHEL-78297) + +* Wed Jan 08 2025 Viktor Ashirov - 2.6.8-3 +- Migrate gating tests from STI to FMF (RHEL-71053) + +* Tue Jan 7 2025 Simon Pichugin - 2.6.8-2 +- Replace baseos-ci tests with osci (RHEL-71053) + +* Mon Dec 16 2024 Simon Pichugin - 2.6.8-1 +- Rebase to version 2.6.8 (RHEL-71053) +- Avoid SSL context cleanup during library destruction (RHEL-56502) + +* Fri Oct 11 2024 Simon Pichugin - 2.6.6-4 +- Disable MD2 hash algorithm + Resolves: RHEL-59715 + +* Fri Feb 9 2024 Simon Pichugin - 2.6.6-3 +- Use systemd-sysusers for ldap user and group + Replace License with SPDX identifier + Resolves: RHEL-5140 + +* Thu Dec 14 2023 Simon Pichugin - 2.6.6-2 +- The client tools parameters '-h' and '-p' are still deprecated, + but this release brings back the client tools options that + were removed during the previous rebase. + Resolves: RHEL-19384 + * Wed Oct 11 2023 Simon Pichugin - 2.6.6-1 - Rebase OpenLDAP in RHEL 9.4 Resolves: RHEL-11306