- reject non-file keyfiles in TLS_CACERTDIR (#652315)
- TLS_CACERTDIR precedence over TLS_CACERT (#652304)
- accept only files in hash.0 format in TLS_CACERTDIR (#650288)
- improve SSL/TLS trace messages (#652818)
- add support for multiple prefixed Mozilla NSS database files in TLS_CACERTDIR
Resolves: #652315#652304#650288#652818
- package rebased
- removed embeded db4
- removed patches merged by upstream
- removed no longer required patches
- merged patches doing manpage changes
- merged patches exporting ldif API
- reapplied patches and added description to each one
- removed unnecessary BuildRequires
- cleaned %config, %build and %install sections
- updated database upgrade process:
- database is exported (slapcat) and reimported (slapadd) when minor
version of openldap changes (safe and recomended way)
- database is upgraded (db4) when minor version of db4 package changes
(this is not done in %post anymore, as the database is not embeded,
but using triggers)
Resolved: #624616 Bogus links in "SEE ALSO" part of several man-pages
Resolved: #625740 openldap-2.4.23 is available
- /etc/openldap/ldap.conf removed from files owned by openldap-servers
- minor changes in spec file to supress warnings
- some changes in init script, so it would be possible to use it when
using old configuration style
- the last buffer overflow patch replaced with the one from upstream
- added /etc/openldap/slapd.d and /etc/openldap/slapd.conf.bak
to files owned by openldap-servers
bz#185821: adding slapd_multimaster to the configure options
- Upgade guide.html to the correct one for openladp-2.3.27, closing
bz#190383: openldap 2.3 packages contain the administrator's guide for 2.2
- Remove the quotes from around the slaptestflags in ldap.init
This closes one part of
bz#204593: service ldap fails after having added entries to ldap
- include __db.* in the list of files to check ownership of in
ldap.init, as suggested in
bz#199322: RFE: perform cleanup in ldap.init
- Modify the -config.patch, ldap.init, and this spec file to put the
pid file and args file in an ldap-owned openldap subdirectory under
/var/run.
- Move back_sql* out of %{_sbindir}/openldap , which requires
hand-moving slapd and slurpd to _sbindir, and recreating symlinks
by hand.
- Retire openldap-2.3.11-ads.patch, which went upstream.
- Update the ldap.init script to run slaptest as the ldap user rather
than as root. This solves
bz#150172 Startup failure after database problem
- Add to the servers post and preun scriptlets so that on preun, the
database is slapcatted to /var/lib/ldap/upgrade.ldif and the
database files are saved to /var/lib/ldap/rpmorig. On post, if
/var/lib/ldap/upgrade.ldif exists, it is slapadded. This means that
on upgrades from 2.3.16-2 to higher versions, the database files may
be automatically upgraded. Unfortunatly, because of the changes to
the preun scriptlet, users have to do the slapcat, etc by hand when
upgrading to 2.3.16-2. Also note that the /var/lib/ldap/rpmorig
files need to be removed by hand because automatically removing your
emergency fallback files is a bad idea.
- Upgrade internal bdb to db-4.4.20. For a clean upgrade, this will
require that users slapcat their databases into a temp file, move
/var/lib/ldap someplace safe, upgrade the openldap rpms, then
slapadd the temp file.
- Upgrade to nev upstream version. This makes the 2.2.*-hop patch obsolete.
* Mon Aug 22 2005 Jay Fenlason <fenlason@redhat.com> 2.2.26-2
- Move the slapd.pem file to /etc/pki/tls/certs
and edit the -config patch to match to close
bz#143393 Creates certificates + keys at an insecure/bad place
- also use _sysconfdir instead of hard-coding /etc
* Thu Aug 11 2005 Jay Fenlason <fenlason@redhat.com>
- Add the tls-fix-connection-test patch to close
bz#161991 openldap password disclosure issue
- add the hop patches to prevent infinite looping when chasing referrals.
OpenLDAP ITS #3578
TLS_CACERTDIR path in /etc/openldap/ldap.conf now
- use a temporary wrapper script to launch slapd, in case we have arguments
with embedded whitespace (#158111)
- update notes on upgrading from earlier versions
- drop slapcat variations for 2.0/2.1, which choke on 2.2's config files
- warn about unreadable krb5 keytab files containing "ldap" keys
- warn about unreadable TLS-related files
- own a ref to subdirectories which we create under %%{_libdir}/tls
- move nptl libraries into arch-specific subdirectories on %%{ix86} boxes
- require a newer glibc which can provide nptl libpthread on i486/i586
- move slapd startup to earlier in the boot sequence (#103160)
- change version number on compat-openldap to include the non-compat version
from which it's compiled, otherwise would have to start 2.2.17 at release 3
so that it upgrades correctly so that version compare would sort correctly
* Thu Aug 19 2004 Nalin Dahyabhai <nalin@redhat.com> 2.2.13-2
- build a separate, static set of libraries for openldap-devel with the
non-standard ntlm bind patch applied, for use by the evolution-connector
package (#125579), and installing them under
%{evolution_connector_prefix} (/usr/lib/evolution-openldap)
- provide openldap-evolution-devel = %{version}-%{release} in openldap-devel
so that evolution-connector's source package can require a version of
openldap-devel which provides what it wants
* Mon Jul 26 2004 Nalin Dahyabhai <nalin@redhat.com>
- update administrator guide
* Thu May 13 2004 Thomas Woerner <twoerner@redhat.com> 2.1.29-3
- removed rpath
- added pie patch: slapd and slurpd are now pie
- requires libtool >= 1.5.6-2 (PIC libltdl.a)
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Mon Feb 23 2004 Tim Waugh <twaugh@redhat.com>
- Use ':' instead of '.' as separator for chown.
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Tue Feb 10 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-4
- remove 'reload' from the init script -- it never worked as intended (#115310)
* Wed Feb 04 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-3
- commit that last fix correctly this time
* Tue Feb 03 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-2
- fix incorrect use of find when attempting to detect a common permissions
error in the init script (#114866)
* Fri Jan 16 2004 Nalin Dahyabhai <nalin@redhat.com>
- add bug fix patch for DB 4.2.52
* Thu Jan 08 2004 Nalin Dahyabhai <nalin@redhat.com> 2.1.25-1
- change logging facility used from daemon to local4 (#112730, reversing #11047)
BEHAVIOR CHANGE - SHOULD BE MENTIONED IN THE RELEASE NOTES.
* Wed Jan 07 2004 Nalin Dahyabhai <nalin@redhat.com>
- incorporate fix for logic quasi-bug in slapd's SASL auxprop code (Dave Jones)
* Thu Dec 18 2003 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.1.25, now marked STABLE
* Thu Dec 11 2003 Jeff Johnson <jbj@jbj.org> 2.1.22-9
- update to db-4.2.52.
* Thu Oct 23 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-8
- add another section to the ABI note for the TLS libdb so that it's marked as
not needing an executable stack (from Arjan Van de Ven)
* Thu Oct 16 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-7
- force bundled libdb to not use O_DIRECT by making it forget that we have it
* Wed Oct 15 2003 Nalin Dahyabhai <nalin@redhat.com>
- build bundled libdb for slapd dynamically to make the package smaller,
among other things
- on tls-capable arches, build libdb both with and without shared posix
mutexes, otherwise just without
- disable posix mutexes unconditionally for db 4.0, which shouldn't need
them for the migration cases where it's used
- update to MigrationTools 45
* Fri Sep 12 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-6
- drop rfc822-MailMember.schema, merged into upstream misc.schema at some point
* Wed Aug 27 2003 Nalin Dahyabhai <nalin@redhat.com>
- actually require newer libtool, as was intended back in 2.1.22-0, noted as
missed by Jim Richardson
* Fri Jul 25 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-5
- enable rlookups, they don't cost anything unless also enabled in slapd's
configuration file
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-4
- rebuild
* Thu Jul 17 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-3
- rebuild
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-2
- rebuild
* Tue Jul 15 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-1
- build
* Mon Jul 14 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.22-0
- 2.1.22 now badged stable
- be more aggressive in what we index by default
- use/require libtool 1.5
* Mon Jun 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.1.22
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Tue Jun 03 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.21-1
- update to 2.1.21
- enable ldap, meta, monitor, null, rewrite in slapd
* Mon May 19 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.20-1
- update to 2.1.20
* Thu May 08 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.19-1
- update to 2.1.19
* Mon May 05 2003 Nalin Dahyabhai <nalin@redhat.com> 2.1.17-1
- switch to db with crypto
* Fri May 02 2003 Nalin Dahyabhai <nalin@redhat.com>
- install the db utils for the bundled libdb as %{_sbindir}/slapd_db_*
- install slapcat/slapadd from 2.0.x for migration purposes
* Wed Apr 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.1.17
- disable the shell backend, not expected to work well with threads
- drop the kerberosSecurityObject schema, the krbName attribute it
contains is only used if slapd is built with v2 kbind support