import CS openldap-2.6.8-4.el9

2025-03-11 07:53:45 +00:00 · 2025-03-11 07:53:45 +00:00 · ca6944a374
commit ca6944a374
parent 8c4c77dfeb
7 changed files with 396 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/openldap-2.6.6.tgz
+SOURCES/openldap-2.6.8.tgz
 SOURCES/openldap-ppolicy-check-password-1.1.tar.gz
--- a/.openldap.metadata
+++ b/.openldap.metadata
@ -1,2 +1,2 @@
-633bc0ce9b5d91852c1fe38c720763f32d18390f SOURCES/openldap-2.6.6.tgz
+6fd946938df37e2133e043c422039d3a71bd90d4 SOURCES/openldap-2.6.8.tgz
 d9f2c30aa3ec5760d4eb5923f461ca8eed92703d SOURCES/openldap-ppolicy-check-password-1.1.tar.gz
--- a/SOURCES/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch
+++ b/SOURCES/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch
@ -0,0 +1,139 @@
 From 25db869956b0f8edaa3a688a4b3dc92c2d9832f5 Mon Sep 17 00:00:00 2001
 From: Simon Pichugin <spichugi@redhat.com>
 Date: Thu, 12 Dec 2024 19:58:37 -0800
 Subject: [PATCH] Revert "ITS#9917 Remove 'h' and 'p' from options[] in client
 tools"
 This reverts commit a8f7fd00043e2c63b6216aeb3ba69b0d0485311b.
 ---
 clients/tools/ldapcompare.c | 2 +-
 clients/tools/ldapdelete.c  | 2 +-
 clients/tools/ldapexop.c    | 2 +-
 clients/tools/ldapmodify.c  | 2 +-
 clients/tools/ldapmodrdn.c  | 2 +-
 clients/tools/ldappasswd.c  | 2 +-
 clients/tools/ldapsearch.c  | 2 +-
 clients/tools/ldapvc.c      | 2 +-
 clients/tools/ldapwhoami.c  | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)
 diff --git a/clients/tools/ldapcompare.c b/clients/tools/ldapcompare.c
 index e571600f35..39b7b80aec 100644
 --- a/clients/tools/ldapcompare.c
 +++ b/clients/tools/ldapcompare.c
@@ -104,7 +104,7 @@ static int docompare LDAP_P((
 const char options[] = "z"
 -	"Cd:D:e:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z";
 +	"Cd:D:e:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
 #ifdef LDAP_CONTROL_DONTUSECOPY
 int dontUseCopy = 0;
 diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c
 index f31e5bb3f8..b3676faaa7 100644
 --- a/clients/tools/ldapdelete.c
 +++ b/clients/tools/ldapdelete.c
@@ -82,7 +82,7 @@ usage( void )
 const char options[] = "r"
 -	"cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:z:Z";
 +	"cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z";
 int
 handle_private_option( int i )
 diff --git a/clients/tools/ldapexop.c b/clients/tools/ldapexop.c
 index d66f2cfb1f..10fe910dc3 100644
 --- a/clients/tools/ldapexop.c
 +++ b/clients/tools/ldapexop.c
@@ -52,7 +52,7 @@ usage( void )
 const char options[] = ""
 -	"d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z";
 +	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
 int
 handle_private_option( int i )
 diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c
 index 032e4e1479..d33b092308 100644
 --- a/clients/tools/ldapmodify.c
 +++ b/clients/tools/ldapmodify.c
@@ -127,7 +127,7 @@ usage( void )
 const char options[] = "aE:rS:"
 -	"cd:D:e:f:H:Ij:MnNO:o:P:QR:U:vVw:WxX:y:Y:Z";
 +	"cd:D:e:f:h:H:Ij:MnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
 int
 handle_private_option( int i )
 diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c
 index 1197d3813f..6ea8b66380 100644
 --- a/clients/tools/ldapmodrdn.c
 +++ b/clients/tools/ldapmodrdn.c
@@ -95,7 +95,7 @@ usage( void )
 const char options[] = "rs:"
 -	"cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z";
 +	"cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
 int
 handle_private_option( int i )
 diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c
 index cd0650e914..e34d897c7b 100644
 --- a/clients/tools/ldappasswd.c
 +++ b/clients/tools/ldappasswd.c
@@ -83,7 +83,7 @@ usage( void )
 const char options[] = "Ea:As:St:T:"
 -	"d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z";
 +	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
 int
 handle_private_option( int i )
 diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c
 index 3755a937d2..ab9308f593 100644
 --- a/clients/tools/ldapsearch.c
 +++ b/clients/tools/ldapsearch.c
@@ -363,7 +363,7 @@ parse_vlv(char *cvalue)
 }
 const char options[] = "a:Ab:cE:F:l:Ls:S:tT:uz:"
 -	"Cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z";
 +	"Cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
 int
 handle_private_option( int i )
 diff --git a/clients/tools/ldapvc.c b/clients/tools/ldapvc.c
 index e359611882..a59595b56e 100644
 --- a/clients/tools/ldapvc.c
 +++ b/clients/tools/ldapvc.c
@@ -86,7 +86,7 @@ usage( void )
 const char options[] = "abE:"
 -	"d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z";
 +	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
 int
 handle_private_option( int i )
 diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c
 index be1f81300a..ac6197b061 100644
 --- a/clients/tools/ldapwhoami.c
 +++ b/clients/tools/ldapwhoami.c
@@ -62,7 +62,7 @@ usage( void )
 const char options[] = ""
 -	"d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z";
 +	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
 int
 handle_private_option( int i )
 -- 
 2.47.1
--- a/SOURCES/openldap-fix-TLS-connection-timeout-handling.patch
+++ b/SOURCES/openldap-fix-TLS-connection-timeout-handling.patch
@ -0,0 +1,100 @@
 From 5645e37044e77c72f8868ecf62b6c7983c0afc2b Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
 Date: Mon, 21 Oct 2024 11:50:11 +0100
 Subject: [PATCH 1/6] ITS#8047 Fix TLS connection timeout handling
 The test for async in ldap_int_tls_start was inverted, we already
 support calling ldap_int_tls_connect repeatedly. And so long as
 LBER_SB_OPT_NEEDS_* are managed correctly, the application should be
 able to do the right thing.
 Might require a new result code rather than reporposing
 LDAP_X_CONNECTING for this.
 ---
 libraries/libldap/ldap-int.h |  1 +
 libraries/libldap/tls2.c     | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
 index 3ef17643b1..7e754775e8 100644
 --- a/libraries/libldap/ldap-int.h
 +++ b/libraries/libldap/ldap-int.h
@@ -368,6 +368,7 @@ typedef struct ldap_conn {
 #define LDAP_CONNST_NEEDSOCKET		1
 #define LDAP_CONNST_CONNECTING		2
 #define LDAP_CONNST_CONNECTED		3
 +#define LDAP_CONNST_TLS_INPROGRESS	4
 	LDAPURLDesc		*lconn_server;
 	BerElement		*lconn_ber;	/* ber receiving on this conn. */
 diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
 index dea46de0ad..cf6f4dcf9a 100644
 --- a/libraries/libldap/tls2.c
 +++ b/libraries/libldap/tls2.c
@@ -383,6 +383,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
 		if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb !=
 			ld->ld_options.ldo_tls_connect_cb )
 			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
 +		conn->lconn_status = LDAP_CONNST_TLS_INPROGRESS;
 	}
 	/* pass hostname for SNI, but only if it's an actual name
@@ -441,9 +442,11 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
 		ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
 			LBER_SBIOD_LEVEL_TRANSPORT );
 #endif
 +		conn->lconn_status = LDAP_CONNST_CONNECTED;
 		return -1;
 	}
 +	conn->lconn_status = LDAP_CONNST_CONNECTED;
 	return 0;
 }
@@ -516,8 +519,9 @@ int
 ldap_tls_inplace( LDAP *ld )
 {
 	Sockbuf		*sb = NULL;
 +	LDAPConn	*lc = ld->ld_defconn;
 -	if ( ld->ld_defconn && ld->ld_defconn->lconn_sb ) {
 +	if ( lc && lc->lconn_sb ) {
 		sb = ld->ld_defconn->lconn_sb;
 	} else if ( ld->ld_sb ) {
@@ -527,6 +531,10 @@ ldap_tls_inplace( LDAP *ld )
 		return 0;
 	}
 +	if ( lc && lc->lconn_status == LDAP_CONNST_TLS_INPROGRESS ) {
 +		return 0;
 +	}
 +
 	return ldap_pvt_tls_inplace( sb );
 }
@@ -1159,6 +1167,9 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
 	  */
 	while ( ret > 0 ) {
 		if ( async ) {
 +			ld->ld_errno = LDAP_X_CONNECTING;
 +			return (ld->ld_errno);
 +		} else {
 			struct timeval curr_time_tv, delta_tv;
 			int wr=0;
@@ -1217,6 +1228,11 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
 		ret = ldap_int_tls_connect( ld, conn, host );
 	}
 +	if ( !async && ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
 +		/* Restore original sb status */
 +		ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)0 );
 +	}
 +
 	if ( ret < 0 ) {
 		if ( ld->ld_errno == LDAP_SUCCESS )
 			ld->ld_errno = LDAP_CONNECT_ERROR;
 -- 
 2.47.1
--- a/SOURCES/openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch
+++ b/SOURCES/openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch
@ -0,0 +1,92 @@
 From 5f4569f0605a73eb1a282ee5251ead073ed3b26e Mon Sep 17 00:00:00 2001
 From: Simon Pichugin <spichugi@redhat.com>
 Date: Tue, 26 Nov 2024 12:32:07 -0800
 Subject: [PATCH] libldap: avoid SSL context cleanup during library destruction
 Given that libldap can be pulled into random applications and applications
 are allowed to call OPENSSL_cleanup() before exiting, the only sane thing
 to do is to avoid trying to touch SSL context in ldap destructors, and just
 let them leak if the application does not explicitly free the ldap context.
 Add ldap_int_tls_destroy_safe() which skips SSL context cleanup while
 maintaining all other cleanup operations, and use it in the library
 destructor path.
 Fixes: https://bugs.openldap.org/show_bug.cgi?id=9952
 ---
 libraries/libldap/init.c     |  2 +-
 libraries/libldap/ldap-int.h |  1 +
 libraries/libldap/tls2.c     | 25 +++++++++++++++++++++----
 3 files changed, 23 insertions(+), 5 deletions(-)
 diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c
 index 213276b4b5..aa017f4128 100644
 --- a/libraries/libldap/init.c
 +++ b/libraries/libldap/init.c
@@ -545,7 +545,7 @@ ldap_int_destroy_global_options(void)
 	}
 #endif
 #ifdef HAVE_TLS
 -	ldap_int_tls_destroy( gopts );
 +	ldap_int_tls_destroy_safe( gopts );
 #endif
 }
 diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
 index 7e754775e8..b73097ccc7 100644
 --- a/libraries/libldap/ldap-int.h
 +++ b/libraries/libldap/ldap-int.h
@@ -914,6 +914,7 @@ LDAP_F (int) ldap_int_tls_start LDAP_P(( LDAP *ld,
 	LDAPConn *conn, LDAPURLDesc *srv ));
 LDAP_F (void) ldap_int_tls_destroy LDAP_P(( struct ldapoptions *lo ));
 +LDAP_F (void) ldap_int_tls_destroy_safe LDAP_P(( struct ldapoptions *lo ));
 /*
  *	in getvalues.c
 diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
 index 0841005a59..82f8573602 100644
 --- a/libraries/libldap/tls2.c
 +++ b/libraries/libldap/tls2.c
@@ -97,10 +97,14 @@ tls_ctx_ref( tls_ctx *ctx )
 static ldap_pvt_thread_mutex_t tls_def_ctx_mutex;
 #endif
 -void
 -ldap_int_tls_destroy( struct ldapoptions *lo )
 -{
 -	if ( lo->ldo_tls_ctx ) {
 +/*
 + * Implementation function that handles all cleanup.
 + * skip_ctx_cleanup: 1 when called from destructor, 0 for normal operation
 + */
 +static void
 +ldap_int_tls_destroy_impl( struct ldapoptions *lo, int skip_ctx_cleanup )
 + {
 +	if ( lo->ldo_tls_ctx && !skip_ctx_cleanup ) {
 		ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
 		lo->ldo_tls_ctx = NULL;
 	}
@@ -147,6 +151,19 @@ ldap_int_tls_destroy( struct ldapoptions *lo )
 	BER_BVZERO( &lo->ldo_tls_pin );
 }
 +
 +void
 +ldap_int_tls_destroy( struct ldapoptions *lo )
 +{
 +	ldap_int_tls_destroy_impl(lo, 0);
 +}
 +
 +/* Safe version for destructor use */
 +void ldap_int_tls_destroy_safe( struct ldapoptions *lo )
 +{
 +	ldap_int_tls_destroy_impl(lo, 1);
 +}
 +
 /*
  * Tear down the TLS subsystem. Should only be called once.
  */
 -- 
 2.47.0
--- a/SOURCES/openldap.sysusers
+++ b/SOURCES/openldap.sysusers
@ -0,0 +1,3 @@
 #Type Name     ID             GECOS                   Home directory  Shell
 g     ldap     55
 u     ldap     55:55          "OpenLDAP server"       /var/lib/ldap   /sbin/nologin
--- a/SPECS/openldap.spec
+++ b/SPECS/openldap.spec
@ -15,10 +15,10 @@
 %global __brp_remove_la_files %nil
 Name: openldap
-Version: 2.6.6
+Version: 2.6.8
-Release: 1%{?dist}
+Release: 4%{?dist}
 Summary: LDAP support libraries
-License: OpenLDAP
+License: OLDAP-2.8
 URL: http://www.openldap.org/
 Source0: https://openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz
@ -27,6 +27,7 @@ Source2: slapd.tmpfiles
 Source3: slapd.ldif
 Source4: ldap.conf
 Source5: UPGRADE_INSTRUCTIONS
 Source6: openldap.sysusers
 Source10: https://github.com/ltb-project/openldap-ppolicy-check-password/archive/v%{check_password_version}/openldap-ppolicy-check-password-%{check_password_version}.tar.gz
 Source50: libexec-functions
 Source52: libexec-check-config.sh
@ -49,6 +50,9 @@ Patch6: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
 Patch7: openldap-openssl-manpage-defaultCA.patch
 Patch8: openldap-add-export-symbols-LDAP_CONNECTIONLESS.patch
 Patch9: openldap-Revert-ITS-8618-Remove-deprecated-h-and-p.patch
 Patch10: openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch
 Patch11: openldap-libldap-avoid-SSL-context-cleanup-during-library-des.patch
 Patch12: openldap-fix-TLS-connection-timeout-handling.patch
 # check-password module specific patches
 Patch90: check-password-makefile.patch
@ -71,6 +75,8 @@ BuildRequires: unixODBC-devel
 BuildRequires: systemd
 BuildRequires: libdb-devel
 BuildRequires: cracklib-devel
 BuildRequires: systemd-rpm-macros
 %{?sysusers_requires_compat}
 %description
 OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
@ -153,15 +159,18 @@ programs needed for accessing and modifying OpenLDAP directories.
 %setup -q -c -a 0 -a 10
 pushd openldap-%{version}
-%patch0 -p1
+%patch -P0 -p1
-%patch1 -p1
+%patch -P1 -p1
-%patch3 -p1
+%patch -P3 -p1
-%patch4 -p1
+%patch -P4 -p1
-%patch5 -p1
+%patch -P5 -p1
-%patch6 -p1
+%patch -P6 -p1
-%patch7 -p1
+%patch -P7 -p1
-%patch8 -p1
+%patch -P8 -p1
-%patch9 -p1
+%patch -P9 -p1
 %patch -P10 -p1
 %patch -P11 -p1
 %patch -P12 -p1
 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@ -182,8 +191,8 @@ done
 popd
 pushd openldap-ppolicy-check-password-%{check_password_version}
-%patch90 -p1
+%patch -P90 -p1
-%patch91 -p1
+%patch -P91 -p1
 popd
 %build
@ -191,6 +200,8 @@ popd
 %set_build_flags
 # enable experimental support for LDAP over UDP (LDAP_CONNECTIONLESS)
 export CFLAGS="${CFLAGS} ${LDFLAGS} -Wl,--as-needed -Wl,-z,now -DLDAP_CONNECTIONLESS"
 # disable legacy hash algorithm
 export CFLAGS="${CFLAGS} -DOPENSSL_NO_MD2"
 pushd openldap-%{version}
 %configure \
@ -245,6 +256,9 @@ popd
 %install
 mkdir -p %{buildroot}%{_libdir}/
 %if %{with servers}
 install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/openldap.conf
 %endif
 pushd openldap-%{version}
 %make_install STRIP_OPTS=""
@ -382,10 +396,8 @@ rm %{buildroot}%{_libdir}/*.la  # because we do not want files in %{_libdir}/ope
 %if %{with servers}
 %pre servers
 # create ldap user and group
-getent group ldap &>/dev/null || groupadd -r -g 55 ldap
+# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
-getent passwd ldap &>/dev/null || \
+%sysusers_create_compat %{SOURCE6}
 	useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap
 exit 0
 %post servers
 %systemd_post slapd.service
@ -476,6 +488,7 @@ exit 0
 %{_libdir}/openldap/home*
 %{_libdir}/openldap/lloadd*
 %{_libdir}/openldap/memberof*
 %{_libdir}/openldap/nestgroup*
 %{_libdir}/openldap/otp*
 %{_libdir}/openldap/pcache*
 %{_libdir}/openldap/ppolicy*
@ -498,6 +511,7 @@ exit 0
 %{_mandir}/man5/slapd*.5*
 %{_mandir}/man5/slapo-*.5*
 %{_mandir}/man5/slappw-argon2.5*
 %{_sysusersdir}/openldap.conf
 # obsolete configuration
 %ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf
 %else
@ -541,6 +555,34 @@ exit 0
 %{_libdir}/libslapi-2.4*.so.*
 %changelog
 * Wed Feb 12 2025 Simon Pichugin <spichugi@redhat.com> - 2.6.8-4
 - Fix TLS connection timeout handling (RHEL-78297)
 * Wed Jan 08 2025 Viktor Ashirov <vashirov@redhat.com> - 2.6.8-3
 - Migrate gating tests from STI to FMF (RHEL-71053)
 * Tue Jan 7 2025 Simon Pichugin <spichugi@redhat.com> - 2.6.8-2
 - Replace baseos-ci tests with osci (RHEL-71053)
 * Mon Dec 16 2024 Simon Pichugin <spichugi@redhat.com> - 2.6.8-1
 - Rebase to version 2.6.8 (RHEL-71053)
 - Avoid SSL context cleanup during library destruction (RHEL-56502)
 * Fri Oct 11 2024 Simon Pichugin <spichugi@redhat.com> - 2.6.6-4
 - Disable MD2 hash algorithm
  Resolves: RHEL-59715
 * Fri Feb 9 2024 Simon Pichugin <spichugi@redhat.com> - 2.6.6-3
 - Use systemd-sysusers for ldap user and group
  Replace License with SPDX identifier
  Resolves: RHEL-5140
 * Thu Dec 14 2023 Simon Pichugin <spichugi@redhat.com> - 2.6.6-2
 - The client tools parameters '-h' and '-p' are still deprecated,
  but this release brings back the client tools options that
  were removed during the previous rebase.
  Resolves: RHEL-19384
 * Wed Oct 11 2023 Simon Pichugin <spichugi@redhat.com> - 2.6.6-1
 - Rebase OpenLDAP in RHEL 9.4
  Resolves: RHEL-11306
`@ -1,2 +1,2 @@`
	`SOURCES/openldap-2.6.6.tgz`	`SOURCES/openldap-2.6.8.tgz`
	`SOURCES/openldap-ppolicy-check-password-1.1.tar.gz`	`SOURCES/openldap-ppolicy-check-password-1.1.tar.gz`
`@ -1,2 +1,2 @@`
	`633bc0ce9b5d91852c1fe38c720763f32d18390f SOURCES/openldap-2.6.6.tgz`	`6fd946938df37e2133e043c422039d3a71bd90d4 SOURCES/openldap-2.6.8.tgz`
	`d9f2c30aa3ec5760d4eb5923f461ca8eed92703d SOURCES/openldap-ppolicy-check-password-1.1.tar.gz`	`d9f2c30aa3ec5760d4eb5923f461ca8eed92703d SOURCES/openldap-ppolicy-check-password-1.1.tar.gz`