Upgrade to openldap-2.4

2007-11-21 12:12:15 +00:00 · 2007-11-21 12:12:15 +00:00 · d5ef856e1c
commit d5ef856e1c
parent a94f82a469
11 changed files with 5133 additions and 1014 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -9,4 +9,5 @@ openldap-2.3.34.tgz
 openldap-2.3.37.tgz
 db-4.6.18.tar.gz
 openldap-2.3.38.tgz
+openldap-2.4.6.tgz
 openldap-2.3.39.tgz
--- a/guide.html
+++ b/guide.html
--- a/ldap.init
+++ b/ldap.init
@ -1,7 +1,7 @@
 #!/bin/bash
 #
 # ldap	This shell script takes care of starting and stopping
-#	ldap servers (slapd and slurpd).
+#	ldap servers (slapd).
 #
 # chkconfig: - 27 73
 # description: LDAP stands for Lightweight Directory Access Protocol, used \
@ -23,7 +23,7 @@ fi
 SLAPD_LDAP="yes"
 SLAPD_LDAPI="no"
 SLAPD_LDAPS="no"
-# OPTIONS, SLAPD_OPTIONS, SLURPD_OPTIONS and KTB5_KTNAME are not defined
+# OPTIONS, SLAPD_OPTIONS and KTB5_KTNAME are not defined

 # Source an auxiliary options file if we have one
 if [ -r /etc/sysconfig/ldap ] ; then
@ -31,10 +31,8 @@ if [ -r /etc/sysconfig/ldap ] ; then
 fi

 slapd=/usr/sbin/slapd
-slurpd=/usr/sbin/slurpd
 slaptest=/usr/sbin/slaptest
 [ -x ${slapd} ] || exit 1
-[ -x ${slurpd} ] || exit 1

 RETVAL=0

@ -99,7 +97,7 @@ function configtest() {
 	prog=`basename ${slapd}`
 	ldapuid=`id -u $user`
 	# Unaccessible database files.
-	slaptestflags=
+	slaptestflags=""
 	for dbdir in `LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' /etc/openldap/slapd.conf | sed s,^directory,,` ; do
 		for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do
 			echo -n $"$file is not owned by \"$user\"" ; warning ; echo
@ -107,7 +105,7 @@ function configtest() {
 		if ! test -s ${dbdir}/id2entry.dbb ; then
 			if ! test -s ${dbdir}/id2entry.gdbm ; then
 				if ! test -s ${dbdir}/id2entry.bdb ; then
-					slaptestflags=-u
+					slaptestflags="-u"
 				fi
 			fi
 		fi
@ -167,28 +165,6 @@ function start() {
 	echo -n $"Starting $prog: "
 	daemon --check=$prog ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS 
 	RETVAL=$?
-	echo
-	if [ $RETVAL -eq 0 ]; then
-	    if grep -q "^replogfile" /etc/openldap/slapd.conf; then
-		prog=`basename ${slurpd}`
-		i=1;
-		for replogfile in `grep  "^replogfile" /etc/openldap/slapd.conf`
-		do
-		    if [ "$replogfile" != "replogfile" ]
-		    then
-			echo -n $"Starting $prog: "
-			daemon ${slurpd} -r $replogfile -n $i $SLURPD_OPTIONS
-			# make the return value nozero if any of the slurpd failed
-			RET=$?
-			if [ $RET -ne 0 ] ; then
-			    RETVAL=$RET
-			fi
-			i=$[i+1]
-			echo
-		    fi
-		done
-	    fi
-	fi
 	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
 	return $RETVAL
 }
@ -199,16 +175,6 @@ function stop() {
 	echo -n $"Stopping $prog: "
 	killproc ${slapd}
 	RETVAL=$?
-	echo
-	if [ $RETVAL -eq 0 ]; then
-	    if grep -q "^replogfile" /etc/openldap/slapd.conf; then
-		prog=`basename ${slurpd}`
-		echo -n $"Stopping $prog: "
-		killproc ${slurpd}
-		RETVAL=$?
-		echo
-	    fi
-	fi
 	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
 	return $RETVAL
 }
@ -229,13 +195,6 @@ case "$1" in
    status)
 	status ${slapd}
 	RETVAL=$?
-	if grep -q "^replogfile" /etc/openldap/slapd.conf ; then
-	    status ${slurpd}
-	    RET=$?
-	    if [ $RET -ne 0 ] ; then
-		RETVAL=$RET;
-	    fi
-	fi
 	;;
    restart)
 	stop
--- a/openldap-2.3.34-quiet-slaptest.patch
+++ b/openldap-2.3.34-quiet-slaptest.patch
@ -1,15 +0,0 @@
-Force slaptest to be quiet when no problem is found. Use -v to display "success" message.
-Patch sent upstream (ITS#4930: slaptest should be quiet on success)
-
--- openldap-2.3.34/servers/slapd/slaptest.c.orig	2007-01-02 22:43:59.000000000 +0100
-+++ openldap-2.3.34/servers/slapd/slaptest.c	2007-04-17 10:54:36.000000000 +0200
-@@ -103,7 +103,8 @@
- 		}
- 	}
- 
-	fprintf( stderr, "config file testing succeeded\n");
-+	if (verbose)
-+		fprintf( stderr, "config file testing succeeded\n");
- 
- 	slap_tool_destroy();
- 
--- a/openldap-2.4.6-config.patch
+++ b/openldap-2.4.6-config.patch
@ -0,0 +1,117 @@
+diff -up openldap-2.4.6/servers/slapd/slapd.conf.old openldap-2.4.6/servers/slapd/slapd.conf
+--- openldap-2.4.6/servers/slapd/slapd.conf.old	2007-11-20 16:02:19.000000000 +0100
+++ openldap-2.4.6/servers/slapd/slapd.conf	2007-11-20 16:02:26.000000000 +0100
+@@ -2,22 +2,57 @@
+ # See slapd.conf(5) for details on configuration options.
+ # This file should NOT be world readable.
+ #
+-include		%SYSCONFDIR%/schema/core.schema
+ 
+-# Define global ACLs to disable default read access.
+include		/etc/openldap/schema/corba.schema
+include		/etc/openldap/schema/core.schema
+include		/etc/openldap/schema/cosine.schema
+include		/etc/openldap/schema/duaconf.schema
+include		/etc/openldap/schema/dyngroup.schema
+include		/etc/openldap/schema/inetorgperson.schema
+include		/etc/openldap/schema/java.schema
+include		/etc/openldap/schema/misc.schema
+include		/etc/openldap/schema/nis.schema
+include		/etc/openldap/schema/openldap.schema
+include		/etc/openldap/schema/ppolicy.schema
+include		/etc/openldap/schema/collective.schema
+
+# Allow LDAPv2 client connections.  This is NOT the default.
+allow bind_v2
+ 
+ # Do not enable referrals until AFTER you have a working directory
+ # service AND an understanding of referrals.
+ #referral	ldap://root.openldap.org
+ 
+-pidfile		%LOCALSTATEDIR%/run/slapd.pid
+-argsfile	%LOCALSTATEDIR%/run/slapd.args
+pidfile		/var/run/openldap/slapd.pid
+argsfile	/var/run/openldap/slapd.args
+ 
+ # Load dynamic backend modules:
+-# modulepath	%MODULEDIR%
+-# moduleload	back_bdb.la
+-# moduleload	back_hdb.la
+-# moduleload	back_ldap.la
+# modulepath	/usr/lib/openldap # or /usr/lib64/openldap
+# moduleload accesslog.la
+# moduleload auditlog.la
+# moduleload back_sql.la
+# moduleload denyop.la
+# moduleload dyngroup.la
+# moduleload dynlist.la
+# moduleload lastmod.la
+# moduleload pcache.la
+# moduleload ppolicy.la
+# moduleload refint.la
+# moduleload retcode.la
+# moduleload rwm.la
+# moduleload syncprov.la
+# moduleload translucent.la
+# moduleload unique.la
+# moduleload valsort.la
+
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it.  Your client software
+# may balk at self-signed certificates, however.
+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
+ 
+ # Sample security restrictions
+ #	Require integrity protection (prevent hijacking)
+@@ -47,19 +83,41 @@ argsfile	%LOCALSTATEDIR%/run/slapd.args
+ # rootdn can always read and write EVERYTHING!
+ 
+ #######################################################################
+-# BDB database definitions
+# ldbm and/or bdb database definitions
+ #######################################################################
+ 
+ database	bdb
+ suffix		"dc=my-domain,dc=com"
+ rootdn		"cn=Manager,dc=my-domain,dc=com"
+ # Cleartext passwords, especially for the rootdn, should
+-# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
+ # Use of strong authentication encouraged.
+-rootpw		secret
+# rootpw		secret
+# rootpw		{crypt}ijFYNcSNctBYg
+
+ # The database directory MUST exist prior to running slapd AND 
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-directory	%LOCALSTATEDIR%/openldap-data
+-# Indices to maintain
+-index	objectClass	eq
+directory	/var/lib/ldap
+
+# Indices to maintain for this database
+index objectClass                       eq,pres
+index ou,cn,mail,surname,givenname      eq,pres,sub
+index uidNumber,gidNumber,loginShell    eq,pres
+index uid,memberUid                     eq,pres,sub
+index nisMapName,nisMapEntry            eq,pres,sub
+
+# Replicas of this database
+#replogfile /var/lib/ldap/openldap-master-replog
+#replica host=ldap-1.example.com:389 starttls=critical
+#     bindmethod=sasl saslmech=GSSAPI
+#     authcId=host/ldap-master.example.com@EXAMPLE.COM
+
+
+# enable monitoring
+database monitor
+
+# allow onlu rootdn to read the monitor
+access to *
+        by dn.exact="cn=Manager,dc=my-domain,dc=com" read
+        by * none
--- a/openldap-2.4.6-evolution-ntlm.patch
+++ b/openldap-2.4.6-evolution-ntlm.patch
@ -1,18 +1,9 @@
-(Note that this patch is not useful on its own... it just adds some
-hooks to work with the LDAP authentication process at a lower level
-than the API otherwise allows. The code that calls these hooks and
-actually drives the NTLM authentication process is in
-lib/e2k-global-catalog.c, and the code that actually implements the
-NTLM algorithms is in xntlm/.)
-
-This is a patch against OpenLDAP 2.2.6. Apply with -p0
-
-
--- include/ldap.h.orig	2004-01-01 13:16:28.000000000 -0500
-+++ include/ldap.h	2004-07-14 11:58:49.000000000 -0400
-@@ -1753,5 +1753,26 @@
- 	LDAPControl **cctrls ));
+diff -up evo-openldap-2.4.6/include/ldap.h.evolution-ntlm evo-openldap-2.4.6/include/ldap.h
+--- evo-openldap-2.4.6/include/ldap.h.evolution-ntlm	2007-09-01 01:13:53.000000000 +0200
+++ evo-openldap-2.4.6/include/ldap.h	2007-11-02 15:22:49.000000000 +0100
+@@ -2343,5 +2343,26 @@ ldap_parse_session_tracking_control LDAP
 
+ #endif /* LDAP_CONTROL_X_SESSION_TRACKING */
 
 +/*
 + * hacks for NTLM
@ -37,28 +28,30 @@ This is a patch against OpenLDAP 2.2.6. Apply with -p0
 +
 LDAP_END_DECL
 #endif /* _LDAP_H */
--- libraries/libldap/Makefile.in.orig	2004-01-01 13:16:29.000000000 -0500
-+++ libraries/libldap/Makefile.in	2004-07-14 13:37:23.000000000 -0400
-@@ -20,7 +20,7 @@
+diff -up evo-openldap-2.4.6/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.6/libraries/libldap/Makefile.in
+--- evo-openldap-2.4.6/libraries/libldap/Makefile.in.evolution-ntlm	2007-09-01 01:13:54.000000000 +0200
+++ evo-openldap-2.4.6/libraries/libldap/Makefile.in	2007-11-02 15:24:24.000000000 +0100
+@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur
 SRCS	= bind.c open.c result.c error.c compare.c search.c \
 	controls.c messages.c references.c extended.c cyrus.c \
 	modify.c add.c modrdn.c delete.c abandon.c \
-	sasl.c sbind.c kbind.c unbind.c cancel.c  \
-+	sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c  \
+-	sasl.c sbind.c unbind.c cancel.c  \
+	sasl.c ntlm.c sbind.c unbind.c cancel.c  \
 	filter.c free.c sort.c passwd.c whoami.c \
 	getdn.c getentry.c getattr.c getvalues.c addentry.c \
- 	request.c os-ip.c url.c sortctrl.c vlvctrl.c \
-@@ -29,7 +29,7 @@
+ 	request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
+@@ -31,7 +31,7 @@ SRCS	= bind.c open.c result.c error.c co
 OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
 	controls.lo messages.lo references.lo extended.lo cyrus.lo \
 	modify.lo add.lo modrdn.lo delete.lo abandon.lo \
-	sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
-+	sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+-	sasl.lo sbind.lo unbind.lo cancel.lo \
+	sasl.lo ntlm.lo sbind.lo unbind.lo cancel.lo \
 	filter.lo free.lo sort.lo passwd.lo whoami.lo \
 	getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
- 	request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
--- /dev/null	2004-06-30 15:04:37.000000000 -0400
-+++ libraries/libldap/ntlm.c	2004-07-14 13:44:18.000000000 -0400
+ 	request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
+diff -up /dev/null evo-openldap-2.4.6/libraries/libldap/ntlm.c
+--- /dev/null	2007-11-02 11:28:37.758699524 +0100
+++ evo-openldap-2.4.6/libraries/libldap/ntlm.c	2007-11-02 15:22:49.000000000 +0100
@@ -0,0 +1,137 @@
 +/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
 +/*
--- a/openldap-2.3.38-multilib.patch
+++ b/openldap-2.3.38-multilib.patch
@ -1,33 +1,3 @@
-diff -up openldap-2.3.38/doc/man/man8/slurpd.8.orig openldap-2.3.38/doc/man/man8/slurpd.8
--- openldap-2.3.38/doc/man/man8/slurpd.8.orig	2007-01-02 22:43:46.000000000 +0100
-+++ openldap-2.3.38/doc/man/man8/slurpd.8	2007-10-23 15:03:25.000000000 +0200
-@@ -5,7 +5,7 @@
- .SH NAME
- slurpd \- Standalone LDAP Update Replication Daemon
- .SH SYNOPSIS
-.B LIBEXECDIR/slurpd [\-d debug\-level]
-+.B slurpd [\-d debug\-level]
- .B [\-f slapd\-config\-file] [\-r slapd\-replog\-file]
- .B [\-t temp\-dir] [\-o]
- .B 
-@@ -131,7 +131,7 @@ just type:
- .LP
- .nf
- .ft tt
-	LIBEXECDIR/slurpd
-+	slurpd
- .ft
- .fi
- .LP
-@@ -144,7 +144,7 @@ on voluminous debugging which will be pr
- .LP
- .nf
- .ft tt
-	LIBEXECDIR/slurpd -f ETCDIR/slapd.conf -d 255
-+	slurpd -f ETCDIR/slapd.conf -d 255
- .ft
- .fi
- .LP
 diff -up openldap-2.3.38/doc/man/man8/slapd.8.orig openldap-2.3.38/doc/man/man8/slapd.8
 --- openldap-2.3.38/doc/man/man8/slapd.8.orig	2007-01-02 22:43:46.000000000 +0100
 +++ openldap-2.3.38/doc/man/man8/slapd.8	2007-10-23 15:03:13.000000000 +0200
--- a/openldap-2.4.6-nosql.patch
+++ b/openldap-2.4.6-nosql.patch
@ -0,0 +1,12 @@
+diff -up openldap-2.4.6/build/top.mk.nosql openldap-2.4.6/build/top.mk
+--- openldap-2.4.6/build/top.mk.nosql	2007-09-01 01:13:50.000000000 +0200
+++ openldap-2.4.6/build/top.mk	2007-11-02 14:55:23.000000000 +0100
+@@ -199,7 +199,7 @@ SLAPD_SQL_LDFLAGS = @SLAPD_SQL_LDFLAGS@
+ SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
+ SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@
+ 
+-SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
+SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_SLP_LIBS@ $(ICU_LIBS)
+ 
+ # Our Defaults
+ CC = $(AC_CC)
--- a/openldap-2.4.6-pie.patch
+++ b/openldap-2.4.6-pie.patch
@ -0,0 +1,15 @@
+Build both slapd as position-independent executables.  This really
+should be threaded into the various autotools, but I guess this is what we have
+until that happens, if it happens.
+
+--- openldap-2.2.13/servers/slapd/Makefile.in	2004-04-12 14:07:40.000000000 -0400
+++ openldap-2.2.13/servers/slapd/Makefile.in	2004-06-15 13:45:45.000000000 -0400
+@@ -255,7 +255,7 @@
+ 	cp slapi/.libs/libslapi.a .
+ 
+ slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
+-	$(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \
+	$(LTLINK) -pie -Wl,-z,defs -o $@ $(SLAPD_OBJECTS) $(LIBS) \
+ 		$(WRAP_LIBS)
+ 	rm -f $(SLAPTOOLS)
+ 	for i in $(SLAPTOOLS); do \
--- a/openldap.spec
+++ b/openldap.spec
@ -1,22 +1,22 @@
 %define migtools_version 47
 %define db_version 4.4.20
 %define ldbm_backend berkeley
-%define version_22 2.2.29
 %define version_23 2.3.39
+%define version_24 2.4.6
 %define evolution_connector_prefix %{_libdir}/evolution-openldap
 %define evolution_connector_includedir %{evolution_connector_prefix}/include
 %define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
-# For Fedora Core 5, we want 2.2 compatibility.
-%define compat_version %{version_22}
+# For Fedora 9, we want 2.3 compatibility.
+%define compat_version %{version_23}

 Summary: The configuration files, libraries, and documentation for OpenLDAP
 Name: openldap
-Version: %{version_23}
+Version: %{version_24}
 Release: 1%{?dist}
 License: OpenLDAP
 Group: System Environment/Daemons
-Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
-Source1: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_22}.tgz
+Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_24}.tgz
+Source1: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
 Source2: http://download.oracle.com/berkeley-db/db-%{db_version}.tar.gz
 Source3: ftp://ftp.padl.com/pub/MigrationTools-%{migtools_version}.tar.gz
 Source4: ldap.init
@ -27,26 +27,24 @@ Source8: http://www.OpenLDAP.org/doc/admin/guide.html
 Source9: README.evolution
 Source10: ldap.sysconfig

-# Patches that are still valid for 2.3
-Patch0: openldap-2.3.34-config.patch
+# Patches for 2.4
+Patch0: openldap-2.4.6-config.patch
 Patch1: openldap-2.0.11-ldaprc.patch
 Patch2: openldap-2.2.13-setugid.patch
-Patch3: openldap-2.2.13-pie.patch
+Patch3: openldap-2.4.6-pie.patch
 Patch4: openldap-2.3.11-toollinks.patch
-Patch5: openldap-2.3.11-nosql.patch
+Patch5: openldap-2.4.6-nosql.patch
 Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
-Patch7: openldap-2.3.34-quiet-slaptest.patch
 Patch8: openldap-2.3.34-pthread.patch
 Patch9: openldap-2.3.37-smbk5pwd.patch
-Patch10: openldap-2.3.38-multilib.patch
+Patch10: openldap-2.4.6-multilib.patch

-# Patches for 2.2.29 for the compat-openldap package.
-Patch100: openldap-2.2.13-tls-fix-connection-test.patch
-Patch101: openldap-2.2.23-resolv.patch
-Patch102: openldap-2.2.29-ads.patch
+# Patches for 2.3.39
+Patch100: openldap-2.2.13-pie.patch
+Patch101: openldap-2.3.11-nosql.patch

 # Patches for the evolution library
-Patch200: openldap-ntlm.diff
+Patch200: openldap-2.4.6-evolution-ntlm.patch

 # Patches for the MigrationTools package
 Patch300: MigrationTools-38-instdir.patch
@ -63,10 +61,10 @@ Patch400: db-4.4.20-1.patch
 Patch401: db-4.4.20-2.patch

 URL: http://www.openldap.org/
-BuildRoot: %{_tmppath}/%{name}-%{version_23}-root
+BuildRoot: %{_tmppath}/%{name}-%{version_24}-root
 BuildRequires: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel
 BuildRequires: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers-devel,
-BuildRequires: unixODBC-devel, libtool-ltdl-devel
+BuildRequires: unixODBC-devel, libtool-ltdl-devel, groff
 Requires: glibc >= 2.2.3-48, mktemp

 %description
@ -81,8 +79,8 @@ libraries, and documentation for OpenLDAP.
 %package devel
 Summary: OpenLDAP development libraries and header files.
 Group: Development/Libraries
-Requires: openldap = %{version_23}-%{release}, cyrus-sasl-devel >= 2.1
-Provides: openldap-evolution-devel = %{version_23}-%{release}
+Requires: openldap = %{version_24}-%{release}, cyrus-sasl-devel >= 2.1
+Provides: openldap-evolution-devel = %{version_24}-%{release}

 %description devel
 The openldap-devel package includes the development libraries and
@ -96,7 +94,7 @@ customized LDAP clients.
 Summary: OpenLDAP servers and related files.
 # OpenLDAP server includes Berkeley DB library, which is licensed under Sleepycat and BSD licenses)
 License: OpenLDAP and (Sleepycat and BSD)
-Requires: fileutils, make, openldap = %{version_23}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig, /sbin/runuser
+Requires: fileutils, make, openldap = %{version_24}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig, /sbin/runuser
 Group: System Environment/Daemons

 %description servers
@ -105,12 +103,12 @@ Protocol) applications and development tools. LDAP is a set of
 protocols for accessing directory services (usually phone book style
 information, but other information is possible) over the Internet,
 similar to the way DNS (Domain Name System) information is propagated
-over the Internet. This package contains the slapd and slurpd servers,
+over the Internet. This package contains the slapd server,
 migration scripts, and related files.

 %package servers-sql
 Summary: OpenLDAP server SQL support module.
-Requires: openldap-servers = %{version_23}-%{release}
+Requires: openldap-servers = %{version_24}-%{release}
 Group: System Environment/Daemons

 %description servers-sql
@ -124,7 +122,7 @@ slapd server can use to read data from an RDBMS.

 %package clients
 Summary: Client programs for OpenLDAP.
-Requires: openldap = %{version_23}-%{release}
+Requires: openldap = %{version_24}-%{release}
 Group: Applications/Internet

 %description clients
@ -143,10 +141,10 @@ Summary: OpenLDAP compatibility shared libraries.
 Group: System Environment/Libraries
 # Require the current OpenLDAP libraries package in an attempt to ensure that
 # we have a /etc/openldap/ldap.conf file on the system.
-Requires: openldap = %{version_23}-%{release}
+Requires: openldap = %{version_24}-%{release}
 # Why this weirdo version number?  We want to ensure that version comparisons
 # for this package always sort in the same order as the main openldap package.
-Version: %{version_23}_%{compat_version}
+Version: %{version_24}_%{compat_version}

 %description -n compat-openldap
 OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
@ -162,7 +160,7 @@ pushd db-%{db_version}
 %patch401 -b .patch2
 popd

-pushd openldap-%{version_23}
+pushd openldap-%{version_24}
 %patch0 -p1 -b .config
 %patch1 -p1 -b .ldaprc
 %patch2 -p1 -b .setugid
@ -170,7 +168,6 @@ pushd openldap-%{version_23}
 %patch4 -p1 -b .toollinks
 %patch5 -p1 -b .nosql
 %patch6 -p1 -b .gethostbyname_r
-%patch7 -p1 -b .quiet-slaptest
 %patch8 -p1 -b .pthread
 %patch9 -p1 -b .smbk5pwd
 %patch10 -p1 -b .multilib
@ -182,12 +179,12 @@ popd
 # non-standard NTLM bind type which is needed to connect to Win2k GC servers
 # (Win2k3 supports SASL with DIGEST-MD5, so this shouldn't be needed for those
 # servers, though as of version 1.4 the connector doesn't try SASL first).
-if ! cp -al openldap-%{version_23} evo-openldap-%{version_23} ; then
-     rm -fr evo-openldap-%{version_23}
-     cp -a  openldap-%{version_23} evo-openldap-%{version_23}
+if ! cp -al openldap-%{version_24} evo-openldap-%{version_24} ; then
+     rm -fr evo-openldap-%{version_24}
+     cp -a  openldap-%{version_24} evo-openldap-%{version_24}
 fi
-pushd evo-openldap-%{version_23}
-%patch200 -p0 -b .evolution-ntlm
+pushd evo-openldap-%{version_24}
+%patch200 -p1 -b .evolution-ntlm
 popd

 pushd MigrationTools-%{migtools_version}
@ -201,17 +198,16 @@ pushd MigrationTools-%{migtools_version}
 %patch307 -p1
 popd

-pushd openldap-%{version_22}
-%patch100 -p1 -b .resolv
-%patch101 -p1 -b .CAN-2005-2069
-%patch102 -p1 -b .ads
+pushd openldap-%{version_23}
+%patch100 -p1 
+%patch101 -p1 
        for subdir in build-servers build-compat ; do
                mkdir $subdir
                ln -s ../configure $subdir
        done
 popd

-pushd openldap-%{version_23}
+pushd openldap-%{version_24}
 	for subdir in build-servers build-clients ; do
 		mkdir $subdir
 		ln -s ../configure $subdir
@ -306,11 +302,10 @@ make %{_smp_mflags} LIBTOOL="$libtool"
 # Build the servers with Kerberos support (for password checking, mainly).
 LIBS=-lpthread; export LIBS
 LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}; export LD_LIBRARY_PATH
-pushd openldap-%{version_23}/build-servers
+pushd openldap-%{version_24}/build-servers
 build \
 	--enable-plugins \
 	--enable-slapd \
-	--enable-slurpd \
 	--enable-multimaster \
 	--enable-bdb \
 	--enable-hdb \
@ -335,10 +330,9 @@ popd

 # Build clients without Kerberos password-checking support, which is only
 # useful in the server anyway, to avoid stray dependencies.
-pushd openldap-%{version_23}/build-clients
+pushd openldap-%{version_24}/build-clients
 build \
 	--disable-slapd \
-	--disable-slurpd \
 	--enable-shared \
 	--enable-dynamic \
 	--enable-static \
@ -348,10 +342,9 @@ popd

 # Build evolution-specific clients just as we would normal clients, except with
 # a different installation directory in mind and no shared libraries.
-pushd evo-openldap-%{version_23}
+pushd evo-openldap-%{version_24}
 build \
 	--disable-slapd \
-	--disable-slurpd \
 	--disable-shared \
 	--disable-dynamic \
 	--enable-static \
@ -390,7 +383,7 @@ pushd db-%{db_version}
 mv LICENSE LICENSE.bdb-backend
 popd

-pushd openldap-%{version_23}/build-servers
+pushd openldap-%{version_24}/build-servers
 make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" STRIP=""
 popd

@ -403,7 +396,7 @@ popd

 # Install clients and shared libraries.  Install the evo-specific versions
 # first so that any conflicting files are overwritten by generic versions.
-pushd evo-openldap-%{version_23}
+pushd evo-openldap-%{version_24}
 make install DESTDIR=$RPM_BUILD_ROOT \
 	includedir=%{evolution_connector_includedir} \
 	libdir=%{evolution_connector_libdir} \
@ -414,7 +407,7 @@ install -m644 \
 	$RPM_SOURCE_DIR/README.evolution \
 	$RPM_BUILD_ROOT/%{evolution_connector_prefix}/
 popd
-pushd openldap-%{version_23}/build-clients
+pushd openldap-%{version_24}/build-clients
 make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" STRIP=""
 popd

@ -467,7 +460,7 @@ install -m644 \
 	$RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat/

 # Move slapd and slurpd out of _libdir
-mv $RPM_BUILD_ROOT/%{_libdir}/sl{apd,urpd} $RPM_BUILD_ROOT/%{_sbindir}/
+mv $RPM_BUILD_ROOT/%{_libdir}/slapd $RPM_BUILD_ROOT/%{_sbindir}/
 rm -f $RPM_BUILD_ROOT/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test}
 rm -f $RPM_BUILD_ROOT/%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test}
 for X in acl add auth cat dn index passwd test; do ln -s slapd $RPM_BUILD_ROOT/%{_sbindir}/slap$X ; done
@ -485,7 +478,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.a
 rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.so

 rm -f $RPM_BUILD_ROOT%{_localstatedir}/openldap-data/DB_CONFIG.example
-rmdir $RPM_BUILD_ROOT%{_localstatedir}/openldap-slurp $RPM_BUILD_ROOT%{_localstatedir}/openldap-data
+rmdir $RPM_BUILD_ROOT%{_localstatedir}/openldap-data

 %clean 
 rm -rf $RPM_BUILD_ROOT
@ -584,17 +577,17 @@ fi

 %files
 %defattr(-,root,root)
-%doc openldap-%{version_23}/ANNOUNCEMENT
-%doc openldap-%{version_23}/CHANGES
-%doc openldap-%{version_23}/COPYRIGHT
-%doc openldap-%{version_23}/LICENSE
-%doc openldap-%{version_23}/README
+%doc openldap-%{version_24}/ANNOUNCEMENT
+%doc openldap-%{version_24}/CHANGES
+%doc openldap-%{version_24}/COPYRIGHT
+%doc openldap-%{version_24}/LICENSE
+%doc openldap-%{version_24}/README
 %attr(0755,root,root) %dir %{_sysconfdir}/openldap
 %attr(0755,root,root) %dir %{_sysconfdir}/openldap/cacerts
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap*.conf
-%attr(0755,root,root) %{_libdir}/liblber-2.3*.so.*
-%attr(0755,root,root) %{_libdir}/libldap-2.3*.so.*
-%attr(0755,root,root) %{_libdir}/libldap_r-2.3*.so.*
+%attr(0755,root,root) %{_libdir}/liblber-2.4*.so.*
+%attr(0755,root,root) %{_libdir}/libldap-2.4*.so.*
+%attr(0755,root,root) %{_libdir}/libldap_r-2.4*.so.*
 %attr(0644,root,root) %{_mandir}/man5/ldif.5*
 %attr(0644,root,root) %{_mandir}/man5/ldap.conf.5*
 %attr(0755,root,root) %dir %{_datadir}/openldap
@ -604,9 +597,9 @@ fi
 %doc openldap-%{compat_version}/ANNOUNCEMENT
 %doc openldap-%{compat_version}/COPYRIGHT
 %doc openldap-%{compat_version}/LICENSE
-%attr(0755,root,root) %{_libdir}/liblber-2.2.so.*
-%attr(0755,root,root) %{_libdir}/libldap-2.2.so.*
-%attr(0755,root,root) %{_libdir}/libldap_r-2.2.so.*
+%attr(0755,root,root) %{_libdir}/liblber-2.3.so.*
+%attr(0755,root,root) %{_libdir}/libldap-2.3.so.*
+%attr(0755,root,root) %{_libdir}/libldap_r-2.3.so.*
 %attr(0755,ldap,ldap) %dir %{_libdir}/compat-openldap
 %attr(0755,root,root) %{_libdir}/compat-openldap/slapcat

@ -617,8 +610,8 @@ fi
 %doc TOOLS.migration
 %doc db-%{db_version}/LICENSE.bdb-backend
 %doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/guide.html
-%doc openldap-%{version_23}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
-%doc openldap-%{version_23}/doc/guide/admin/*.gif
+%doc openldap-%{version_24}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
+%doc openldap-%{version_24}/doc/guide/admin/*.gif
 %ghost %config %{_sysconfdir}/pki/tls/certs/slapd.pem
 %attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/ldap
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap*.conf
@ -641,8 +634,6 @@ fi
 %attr(0755,root,root) %{_datadir}/openldap/migration/*.pl
 %attr(0755,root,root) %{_datadir}/openldap/migration/*.sh
 %attr(0644,root,root) %{_datadir}/openldap/migration/*.txt
-%attr(0755,root,root) %dir %{_datadir}/openldap/ucdata
-%attr(0644,root,root) %dir %{_datadir}/openldap/ucdata/*
 %attr(0700,ldap,ldap) %dir /var/lib/ldap
 %attr(0755,ldap,ldap) %dir /var/run/openldap
 %attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
@ -651,8 +642,8 @@ fi

 %files servers-sql
 %defattr(-,root,root)
-%doc openldap-%{version_23}/servers/slapd/back-sql/docs/*
-%doc openldap-%{version_23}/servers/slapd/back-sql/rdbms_depend
+%doc openldap-%{version_24}/servers/slapd/back-sql/docs/*
+%doc openldap-%{version_24}/servers/slapd/back-sql/rdbms_depend
 %attr(0755,root,root) %{_libdir}/openldap/back_sql.la
 %attr(0755,root,root) %{_libdir}/openldap/back_sql*.so.*

@ -663,7 +654,7 @@ fi

 %files devel
 %defattr(-,root,root)
-%doc openldap-%{version_23}/doc/drafts openldap-%{version_23}/doc/rfc
+%doc openldap-%{version_24}/doc/drafts openldap-%{version_24}/doc/rfc
 %attr(0755,root,root) %{_libdir}/libl*.so
 %attr(0644,root,root) %{_libdir}/libl*.a
 %attr(0644,root,root) %{_includedir}/*
@ -676,6 +667,9 @@ fi
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a

 %changelog
+* Fri Nov  2 2007 Jan Safranek <jsafranek@redhat.com> 2.4.6-1%{?dist}
+- new upstream version (openldap-2.4)
+
 * Mon Nov  5 2007 Jan Safranek <jsafranek@redhat.com> 2.3.39-1%{?dist}
 - new upstream release

--- a/4
+++ b/4
@ -1,4 +1,4 @@
-6c4c72a1336aa45b463e738034c078d6  openldap-2.2.29.tgz
+e3fec2953c948f6990ccdc3af7bf7f18  openldap-2.3.39.tgz
 3faf83eb8482e55979bda47f1d1e6501  MigrationTools-47.tar.gz
 33851f01b455cca48aa601956de93c6f  db-4.4.20.tar.gz
-e3fec2953c948f6990ccdc3af7bf7f18  openldap-2.3.39.tgz
+4418da48649297587a3d07c987808a5e  openldap-2.4.6.tgz