Use systemd-sysusers for ldap user and group

Bring back removed '-h' and '-p' client tools parameters
The client tools parameters '-h' and '-p' are still deprecated, but this release brings back the client tools options that were removed during the previous rebase. Resolves: RHEL-19384
2024-02-10 03:30:32 +00:00 · 2023-12-14 11:10:10 -08:00
4 changed files with 179 additions and 17 deletions
--- a/.openldap.metadata
+++ b/.openldap.metadata
@ -0,0 +1,2 @@
+d9f2c30aa3ec5760d4eb5923f461ca8eed92703d openldap-ppolicy-check-password-1.1.tar.gz
+633bc0ce9b5d91852c1fe38c720763f32d18390f openldap-2.6.6.tgz
--- a/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch
+++ b/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch
@ -0,0 +1,139 @@
+From aa5c93049d48b7fd1ff98661a00e4e12d7d47324 Mon Sep 17 00:00:00 2001
+From: Simon Pichugin <spichugi@redhat.com>
+Date: Wed, 13 Dec 2023 11:03:20 -0800
+Subject: [PATCH] Revert "ITS#9917 Remove 'h' and 'p' from options[] in client
+ tools"
+
+This reverts commit a8f7fd00043e2c63b6216aeb3ba69b0d0485311b.
+---
+ clients/tools/ldapcompare.c | 2 +-
+ clients/tools/ldapdelete.c  | 2 +-
+ clients/tools/ldapexop.c    | 2 +-
+ clients/tools/ldapmodify.c  | 2 +-
+ clients/tools/ldapmodrdn.c  | 2 +-
+ clients/tools/ldappasswd.c  | 2 +-
+ clients/tools/ldapsearch.c  | 2 +-
+ clients/tools/ldapvc.c      | 2 +-
+ clients/tools/ldapwhoami.c  | 2 +-
+ 9 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/clients/tools/ldapcompare.c b/clients/tools/ldapcompare.c
+index 63c30408f..a83c8d4ac 100644
+--- a/clients/tools/ldapcompare.c
+++ b/clients/tools/ldapcompare.c
+@@ -104,7 +104,7 @@ static int docompare LDAP_P((
+ 
+ 
+ const char options[] = "z"
+-	"Cd:D:e:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z";
+	"Cd:D:e:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+ 
+ #ifdef LDAP_CONTROL_DONTUSECOPY
+ int dontUseCopy = 0;
+diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c
+index a66900d48..53f6e0278 100644
+--- a/clients/tools/ldapdelete.c
+++ b/clients/tools/ldapdelete.c
+@@ -82,7 +82,7 @@ usage( void )
+ 
+ 
+ const char options[] = "r"
+-	"cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:z:Z";
+	"cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z";
+ 
+ int
+ handle_private_option( int i )
+diff --git a/clients/tools/ldapexop.c b/clients/tools/ldapexop.c
+index bfe6e4eac..bd6e02979 100644
+--- a/clients/tools/ldapexop.c
+++ b/clients/tools/ldapexop.c
+@@ -52,7 +52,7 @@ usage( void )
+ 
+ 
+ const char options[] = ""
+-	"d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z";
+	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
+ 
+ int
+ handle_private_option( int i )
+diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c
+index 33b723bda..c94c11a3a 100644
+--- a/clients/tools/ldapmodify.c
+++ b/clients/tools/ldapmodify.c
+@@ -125,7 +125,7 @@ usage( void )
+ 
+ 
+ const char options[] = "aE:rS:"
+-	"cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z";
+	"cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+ 
+ int
+ handle_private_option( int i )
+diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c
+index 40a482f5d..d5cf43f7a 100644
+--- a/clients/tools/ldapmodrdn.c
+++ b/clients/tools/ldapmodrdn.c
+@@ -95,7 +95,7 @@ usage( void )
+ 
+ 
+ const char options[] = "rs:"
+-	"cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z";
+	"cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+ 
+ int
+ handle_private_option( int i )
+diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c
+index 9a48aabf3..1958a30f6 100644
+--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
+@@ -83,7 +83,7 @@ usage( void )
+ 
+ 
+ const char options[] = "Ea:As:St:T:"
+-	"d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z";
+	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
+ 
+ int
+ handle_private_option( int i )
+diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c
+index 69e172c6c..48793314b 100644
+--- a/clients/tools/ldapsearch.c
+++ b/clients/tools/ldapsearch.c
+@@ -363,7 +363,7 @@ parse_vlv(char *cvalue)
+ }
+ 
+ const char options[] = "a:Ab:cE:F:l:Ls:S:tT:uz:"
+-	"Cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z";
+	"Cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+ 
+ int
+ handle_private_option( int i )
+diff --git a/clients/tools/ldapvc.c b/clients/tools/ldapvc.c
+index 4f35025ec..846561847 100644
+--- a/clients/tools/ldapvc.c
+++ b/clients/tools/ldapvc.c
+@@ -86,7 +86,7 @@ usage( void )
+ 
+ 
+ const char options[] = "abE:"
+-	"d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z";
+	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
+ 
+ int
+ handle_private_option( int i )
+diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c
+index e8ac4b34b..45d32f5d9 100644
+--- a/clients/tools/ldapwhoami.c
+++ b/clients/tools/ldapwhoami.c
+@@ -62,7 +62,7 @@ usage( void )
+ 
+ 
+ const char options[] = ""
+-	"d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z";
+	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
+ 
+ int
+ handle_private_option( int i )
+-- 
+2.43.0
+
--- a/openldap.spec
+++ b/openldap.spec
@ -16,9 +16,9 @@

 Name: openldap
 Version: 2.6.6
-Release: 1%{?dist}
+Release: 3%{?dist}
 Summary: LDAP support libraries
-License: OpenLDAP
+License: OLDAP-2.8
 URL: http://www.openldap.org/

 Source0: https://openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz
@ -27,6 +27,7 @@ Source2: slapd.tmpfiles
 Source3: slapd.ldif
 Source4: ldap.conf
 Source5: UPGRADE_INSTRUCTIONS
+Source6: openldap.sysusers
 Source10: https://github.com/ltb-project/openldap-ppolicy-check-password/archive/v%{check_password_version}/openldap-ppolicy-check-password-%{check_password_version}.tar.gz
 Source50: libexec-functions
 Source52: libexec-check-config.sh
@ -49,6 +50,7 @@ Patch6: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
 Patch7: openldap-openssl-manpage-defaultCA.patch
 Patch8: openldap-add-export-symbols-LDAP_CONNECTIONLESS.patch
 Patch9: openldap-Revert-ITS-8618-Remove-deprecated-h-and-p.patch
+Patch10: openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch

 # check-password module specific patches
 Patch90: check-password-makefile.patch
@ -71,6 +73,8 @@ BuildRequires: unixODBC-devel
 BuildRequires: systemd
 BuildRequires: libdb-devel
 BuildRequires: cracklib-devel
+BuildRequires: systemd-rpm-macros
+%{?sysusers_requires_compat}

 %description
 OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
@ -153,15 +157,16 @@ programs needed for accessing and modifying OpenLDAP directories.
 %setup -q -c -a 0 -a 10

 pushd openldap-%{version}
-%patch0 -p1
-%patch1 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
+%patch -P0 -p1
+%patch -P1 -p1
+%patch -P3 -p1
+%patch -P4 -p1
+%patch -P5 -p1
+%patch -P6 -p1
+%patch -P7 -p1
+%patch -P8 -p1
+%patch -P9 -p1
+%patch -P10 -p1

 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
@ -182,8 +187,8 @@ done
 popd

 pushd openldap-ppolicy-check-password-%{check_password_version}
-%patch90 -p1
-%patch91 -p1
+%patch -P90 -p1
+%patch -P91 -p1
 popd

 %build
@ -245,6 +250,9 @@ popd
 %install

 mkdir -p %{buildroot}%{_libdir}/
+%if %{with servers}
+install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/openldap.conf
+%endif

 pushd openldap-%{version}
 %make_install STRIP_OPTS=""
@ -382,10 +390,8 @@ rm %{buildroot}%{_libdir}/*.la  # because we do not want files in %{_libdir}/ope
 %if %{with servers}
 %pre servers
 # create ldap user and group
-getent group ldap &>/dev/null || groupadd -r -g 55 ldap
-getent passwd ldap &>/dev/null || \
-	useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap
-exit 0
+# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
+%sysusers_create_compat %{SOURCE6}

 %post servers
 %systemd_post slapd.service
@ -498,6 +504,7 @@ exit 0
 %{_mandir}/man5/slapd*.5*
 %{_mandir}/man5/slapo-*.5*
 %{_mandir}/man5/slappw-argon2.5*
+%{_sysusersdir}/openldap.conf
 # obsolete configuration
 %ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf
 %else
@ -541,6 +548,17 @@ exit 0
 %{_libdir}/libslapi-2.4*.so.*

 %changelog
+* Fri Feb 9 2024 Simon Pichugin <spichugi@redhat.com> - 2.6.6-3
+- Use systemd-sysusers for ldap user and group
+  Replace License with SPDX identifier
+  Resolves: RHEL-5140
+
+* Thu Dec 14 2023 Simon Pichugin <spichugi@redhat.com> - 2.6.6-2
+- The client tools parameters '-h' and '-p' are still deprecated,
+  but this release brings back the client tools options that
+  were removed during the previous rebase.
+  Resolves: RHEL-19384
+
 * Wed Oct 11 2023 Simon Pichugin <spichugi@redhat.com> - 2.6.6-1
 - Rebase OpenLDAP in RHEL 9.4
  Resolves: RHEL-11306
--- a/openldap.sysusers
+++ b/openldap.sysusers
@ -0,0 +1,3 @@
+#Type Name     ID             GECOS                   Home directory  Shell
+g     ldap     55
+u     ldap     55:55          "OpenLDAP server"       /var/lib/ldap   /sbin/nologin
Author	SHA1	Message	Date
Simon Pichugin	92cf4ffd32	Use systemd-sysusers for ldap user and group	2024-02-10 03:30:32 +00:00
Simon Pichugin	ee624ac9c5	Bring back removed '-h' and '-p' client tools parameters The client tools parameters '-h' and '-p' are still deprecated, but this release brings back the client tools options that were removed during the previous rebase. Resolves: RHEL-19384	2023-12-14 11:10:10 -08:00