- upstream changes:
- server: support for delta-syncrepl in multi master replication
- server: add experimental backend - MDB
- server: dynamic configuration for passwd, perl, shell, sock,
and sql backends
- server: support passwords in APR1
- library: support for Wahl (draft)
- a lot of bugfixes
- remove patches which were merged upstream
This is required by systemd, as variable expansion works there different
than in shell. Empty SLAPD_OPTIONS in environment file would not work.
(The patch is Fedora specific.)
- %defattr is not needed since Fedora 14
- permissions are taken from installed files
(removed chmod and added install where possible)
- %attr was left only on places, where non-root owner is needed
- removed slashes between: %{buildroot}%{_somedir}
- files reordered by type
- merged "%dir dir" and "dir/files*"
- reject non-file keyfiles in TLS_CACERTDIR (#652315)
- TLS_CACERTDIR precedence over TLS_CACERT (#652304)
- accept only files in hash.0 format in TLS_CACERTDIR (#650288)
- improve SSL/TLS trace messages (#652818)
- add support for multiple prefixed Mozilla NSS database files in TLS_CACERTDIR
Resolves: #652315#652304#650288#652818
- package rebased
- removed embeded db4
- removed patches merged by upstream
- removed no longer required patches
- merged patches doing manpage changes
- merged patches exporting ldif API
- reapplied patches and added description to each one
- removed unnecessary BuildRequires
- cleaned %config, %build and %install sections
- updated database upgrade process:
- database is exported (slapcat) and reimported (slapadd) when minor
version of openldap changes (safe and recomended way)
- database is upgraded (db4) when minor version of db4 package changes
(this is not done in %post anymore, as the database is not embeded,
but using triggers)
Resolved: #624616 Bogus links in "SEE ALSO" part of several man-pages
Resolved: #625740 openldap-2.4.23 is available
- /etc/openldap/ldap.conf removed from files owned by openldap-servers
- minor changes in spec file to supress warnings
- some changes in init script, so it would be possible to use it when
using old configuration style
- the last buffer overflow patch replaced with the one from upstream
- added /etc/openldap/slapd.d and /etc/openldap/slapd.conf.bak
to files owned by openldap-servers
bz#185821: adding slapd_multimaster to the configure options
- Upgade guide.html to the correct one for openladp-2.3.27, closing
bz#190383: openldap 2.3 packages contain the administrator's guide for 2.2
- Remove the quotes from around the slaptestflags in ldap.init
This closes one part of
bz#204593: service ldap fails after having added entries to ldap
- include __db.* in the list of files to check ownership of in
ldap.init, as suggested in
bz#199322: RFE: perform cleanup in ldap.init
- Modify the -config.patch, ldap.init, and this spec file to put the
pid file and args file in an ldap-owned openldap subdirectory under
/var/run.
- Move back_sql* out of %{_sbindir}/openldap , which requires
hand-moving slapd and slurpd to _sbindir, and recreating symlinks
by hand.
- Retire openldap-2.3.11-ads.patch, which went upstream.
- Update the ldap.init script to run slaptest as the ldap user rather
than as root. This solves
bz#150172 Startup failure after database problem
- Add to the servers post and preun scriptlets so that on preun, the
database is slapcatted to /var/lib/ldap/upgrade.ldif and the
database files are saved to /var/lib/ldap/rpmorig. On post, if
/var/lib/ldap/upgrade.ldif exists, it is slapadded. This means that
on upgrades from 2.3.16-2 to higher versions, the database files may
be automatically upgraded. Unfortunatly, because of the changes to
the preun scriptlet, users have to do the slapcat, etc by hand when
upgrading to 2.3.16-2. Also note that the /var/lib/ldap/rpmorig
files need to be removed by hand because automatically removing your
emergency fallback files is a bad idea.
- Upgrade internal bdb to db-4.4.20. For a clean upgrade, this will
require that users slapcat their databases into a temp file, move
/var/lib/ldap someplace safe, upgrade the openldap rpms, then
slapadd the temp file.
- Upgrade to nev upstream version. This makes the 2.2.*-hop patch obsolete.
* Mon Aug 22 2005 Jay Fenlason <fenlason@redhat.com> 2.2.26-2
- Move the slapd.pem file to /etc/pki/tls/certs
and edit the -config patch to match to close
bz#143393 Creates certificates + keys at an insecure/bad place
- also use _sysconfdir instead of hard-coding /etc
* Thu Aug 11 2005 Jay Fenlason <fenlason@redhat.com>
- Add the tls-fix-connection-test patch to close
bz#161991 openldap password disclosure issue
- add the hop patches to prevent infinite looping when chasing referrals.
OpenLDAP ITS #3578
TLS_CACERTDIR path in /etc/openldap/ldap.conf now
- use a temporary wrapper script to launch slapd, in case we have arguments
with embedded whitespace (#158111)
- update notes on upgrading from earlier versions
- drop slapcat variations for 2.0/2.1, which choke on 2.2's config files
- warn about unreadable krb5 keytab files containing "ldap" keys
- warn about unreadable TLS-related files
- own a ref to subdirectories which we create under %%{_libdir}/tls
- move nptl libraries into arch-specific subdirectories on %%{ix86} boxes
- require a newer glibc which can provide nptl libpthread on i486/i586
- move slapd startup to earlier in the boot sequence (#103160)
- change version number on compat-openldap to include the non-compat version
from which it's compiled, otherwise would have to start 2.2.17 at release 3
so that it upgrades correctly so that version compare would sort correctly
* Thu Aug 19 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.13-2
- build a separate, static set of libraries for openldap-devel with the
non-standard ntlm bind patch applied, for use by the evolution-connector
package (#125579), and installing them under
%{evolution_connector_prefix} (/usr/lib/evolution-openldap)
- provide openldap-evolution-devel = %{version}-%{release} in openldap-devel
so that evolution-connector's source package can require a version of
openldap-devel which provides what it wants
* Mon Jul 26 2004 Nalin Dahyabhai <nalin@redhat.com>
- update administrator guide
* Thu May 13 2004 Thomas Woerner <twoerner@redhat.com> 2.1.29-3
- removed rpath
- added pie patch: slapd and slurpd are now pie
- requires libtool >= 1.5.6-2 (PIC libltdl.a)
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Mon Feb 23 2004 Tim Waugh <twaugh@redhat.com>
- Use ':' instead of '.' as separator for chown.
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Tue Feb 10 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-4
- remove 'reload' from the init script -- it never worked as intended (#115310)
* Wed Feb 04 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-3
- commit that last fix correctly this time
* Tue Feb 03 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-2
- fix incorrect use of find when attempting to detect a common permissions
error in the init script (#114866)
* Fri Jan 16 2004 Nalin Dahyabhai <nalin@redhat.com>
- add bug fix patch for DB 4.2.52
* Thu Jan 08 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-1
- change logging facility used from daemon to local4 (#112730, reversing #11047)
BEHAVIOR CHANGE - SHOULD BE MENTIONED IN THE RELEASE NOTES.
* Wed Jan 07 2004 Nalin Dahyabhai <nalin@redhat.com>
- incorporate fix for logic quasi-bug in slapd's SASL auxprop code (Dave Jones)
* Thu Dec 18 2003 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.1.25, now marked STABLE
* Thu Dec 11 2003 Jeff Johnson <jbj@jbj.org> 2.1.22-9
- update to db-4.2.52.
* Thu Oct 23 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-8
- add another section to the ABI note for the TLS libdb so that it's marked as
not needing an executable stack (from Arjan Van de Ven)
* Thu Oct 16 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-7
- force bundled libdb to not use O_DIRECT by making it forget that we have it
* Wed Oct 15 2003 Nalin Dahyabhai <nalin@redhat.com>
- build bundled libdb for slapd dynamically to make the package smaller,
among other things
- on tls-capable arches, build libdb both with and without shared posix
mutexes, otherwise just without
- disable posix mutexes unconditionally for db 4.0, which shouldn't need
them for the migration cases where it's used
- update to MigrationTools 45
* Fri Sep 12 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-6
- drop rfc822-MailMember.schema, merged into upstream misc.schema at some point
* Wed Aug 27 2003 Nalin Dahyabhai <nalin@redhat.com>
- actually require newer libtool, as was intended back in 2.1.22-0, noted as
missed by Jim Richardson
* Fri Jul 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-5
- enable rlookups, they don't cost anything unless also enabled in slapd's
configuration file
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-4
- rebuild
* Thu Jul 17 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-3
- rebuild
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-2
- rebuild
* Tue Jul 15 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-1
- build
* Mon Jul 14 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-0
- 2.1.22 now badged stable
- be more aggressive in what we index by default
- use/require libtool 1.5
* Mon Jun 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.1.22
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Tue Jun 03 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.21-1
- update to 2.1.21
- enable ldap, meta, monitor, null, rewrite in slapd
* Mon May 19 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.20-1
- update to 2.1.20
* Thu May 08 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.19-1
- update to 2.1.19
* Mon May 05 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.17-1
- switch to db with crypto
* Fri May 02 2003 Nalin Dahyabhai <nalin@redhat.com>
- install the db utils for the bundled libdb as %{_sbindir}/slapd_db_*
- install slapcat/slapadd from 2.0.x for migration purposes
* Wed Apr 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.1.17
- disable the shell backend, not expected to work well with threads
- drop the kerberosSecurityObject schema, the krbName attribute it
contains is only used if slapd is built with v2 kbind support
* Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
* Thu Feb 08 2001 Nalin Dahyabhai <nalin@redhat.com>
- back out pidfile patches, which interact weirdly with Linux threads
- mark non-standard schema as such by moving them to a different directory
* Mon Feb 05 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to MigrationTools 36, adds netgroup support
* Mon Jan 29 2001 Nalin Dahyabhai <nalin@redhat.com>
- fix thinko in that last patch
* Thu Jan 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- try to work around some buffering problems
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- gettextize the init script
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
- gettextize the init script
* Fri Jan 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- move the RFCs to the base package (#21701)
- update to MigrationTools 34
* Wed Jan 10 2001 Nalin Dahyabhai <nalin@redhat.com>
- add support for additional OPTIONS, SLAPD_OPTIONS, and SLURPD_OPTIONS in
a /etc/sysconfig/ldap file (#23549)
* Fri Dec 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- change automount object OID from 1.3.6.1.1.1.2.9 to 1.3.6.1.1.1.2.13,
per mail from the ldap-nis mailing list
* Tue Dec 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- force -fPIC so that shared libraries don't fall over
* Mon Dec 04 2000 Nalin Dahyabhai <nalin@redhat.com>
- add Norbert Klasen's patch (via Del) to fix searches using ldaps URLs
(OpenLDAP ITS #889)
- add "-h ldaps:///" to server init when TLS is enabled, in order to support
ldaps in addition to the regular STARTTLS (suggested by Del)
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- correct mismatched-dn-cn bug in migrate_automount.pl
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to the correct OIDs for automount and automountInformation
- add notes on upgrading
* Tue Nov 07 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.0.7
- drop chdir patch (went mainstream)
* Thu Nov 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- change automount object classes from auxiliary to structural
* Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to Migration Tools 27
- change the sense of the last simple patch
* Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- reorganize the patch list to separate MigrationTools and OpenLDAP patches
- switch to Luke Howard's rfc822MailMember schema instead of the aliases.schema
- configure slapd to run as the non-root user "ldap" (#19370)
- chdir() before chroot() (we don't use chroot, though) (#19369)
- disable saving of the pid file because the parent thread which saves it and
the child thread which listens have different pids
* Tue Aug 22 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove that pesky default password
- change "Copyright:" to "License:"
* Sun Aug 13 2000 Nalin Dahyabhai <nalin@redhat.com>
- adjust permissions in files lists
- move libexecdir from /usr/sbin to /usr/sbin
* Fri Aug 11 2000 Nalin Dahyabhai <nalin@redhat.com>
- add migrate_automount.pl to the migration scripts set
* Tue Aug 08 2000 Nalin Dahyabhai <nalin@redhat.com>
- build a semistatic slurpd with threads, everything else without
- disable reverse lookups, per email on OpenLDAP mailing lists
- make sure the execute bits are set on the shared libraries
* Mon Jul 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- change logging facility used from local4 to daemon (#11047)
* Thu Jul 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- split off clients and servers to shrink down the package and remove the
base package's dependency on Perl
- make certain that the binaries have sane permissions
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- move the init script back
* Thu Jul 13 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak the init script to only source /etc/sysconfig/network if it's found
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
* Mon Jul 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- switch to gdbm; I'm getting off the db merry-go-round
- tweak the init script some more
- add instdir to @INC in migration scripts
* Thu Jul 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak init script to return error codes properly
- change initscripts dependency to one on /etc/init.d
* Tue Jul 04 2000 Nalin Dahyabhai <nalin@redhat.com>
- prereq initscripts
- make migration scripts use mktemp
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- do condrestart in post and stop in preun
- move init script to /etc/init.d
* Fri Jun 16 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 1.2.11
- add condrestart logic to init script
- munge migration scripts so that you don't have to be
/usr/share/openldap/migration to run them
- add code to create pid files in /var/run
* Mon Jun 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- FHS tweaks
- fix for compiling with libdb2
* Thu May 04 2000 Bill Nottingham <notting@redhat.com>
- minor tweak so it builds on ia64
* Wed May 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- more minimalistic fix for bug #11111 after consultation with OpenLDAP team
- backport replacement for the ldapuser patch
* Tue May 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix segfaults from queries with commas in them in in.xfingerd (bug #11111)
* Tue Apr 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 1.2.10
- add revamped version of patch from kos@bastard.net to allow execution as
any non-root user
- remove test suite from %build because of weirdness in the build system
* Wed Apr 12 2000 Nalin Dahyabhai <nalin@redhat.com>
- move the defaults for databases and whatnot to /var/lib/ldap (bug #10714)
- fix some possible string-handling problems
* Mon Feb 14 2000 Bill Nottingham <notting@redhat.com>
- start earlier, stop later.
* Thu Feb 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- auto rebuild in new environment (release 4)
* Tue Feb 01 2000 Nalin Dahyabhai <nalin@redhat.com>
- add -D_REENTRANT to make threaded stuff more stable, even though it looks
like the sources define it, too
- mark *.ph files in migration tools as config files
* Fri Jan 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 1.2.9
* Mon Sep 13 1999 Bill Nottingham <notting@redhat.com>
- strip files
* Sat Sep 11 1999 Bill Nottingham <notting@redhat.com>
- update to 1.2.7
- fix some bugs from bugzilla (#4885, #4887, #4888, #4967)
- take include files out of base package
* Fri Aug 27 1999 Jeff Johnson <jbj@redhat.com>
- missing ;; in init script reload) (#4734).
* Tue Aug 24 1999 Cristian Gafton <gafton@redhat.com>
- move stuff from /usr/libexec to /usr/sbin
- relocate config dirs to /etc/openldap
* Mon Aug 16 1999 Bill Nottingham <notting@redhat.com>
- initscript munging
* Wed Aug 11 1999 Cristian Gafton <gafton@redhat.com>
- add the migration tools to the package
* Fri Aug 06 1999 Cristian Gafton <gafton@redhat.com>
- upgrade to 1.2.6
- add rc.d script
- split -devel package
* Sun Feb 07 1999 Preston Brown <pbrown@redhat.com>
- upgrade to latest stable (1.1.4), it now uses configure macro.
* Fri Jan 15 1999 Bill Nottingham <notting@redhat.com>
- build on arm, glibc2.1
* Wed Oct 28 1998 Preston Brown <pbrown@redhat.com>
- initial cut.
- patches for signal handling on the alpha