rpms/openldap/FC-3 MigrationTools-45-noaliases.patch, NONE, 1.1 README.nss_ldap, NONE, 1.1 openldap-2.0.27-hop.patch, NONE, 1.1 openldap-2.0.27-resolv.patch, NONE, 1.1 openldap-2.1.30-hop.patch, NONE, 1.1 openldap-2.1.30-libdir.patch, NONE, 1.1 openldap-2.1.30-resolv.patch, NONE, 1.1 openldap-2.2.13-tls-fix-connection-test.patch, NONE, 1.1 openldap-2.2.15-config.patch, NONE, 1.1 openldap-2.2.15-toollinks.patch, NONE, 1.1 openldap-2.2.23-resolv.patch, NONE, 1.1 openldap-2.2.23-start_tls-async.patch, NONE, 1.1 README.evolution, 1.1, 1.2 README.upgrading, 1.2, 1.3 ldap.init, 1.8, 1.9 openldap-2.2.13-pie.patch, 1.1, 1.2 openldap.spec, 1.23, 1.24 sources, 1.14, 1.15
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Oct 7 20:55:46 UTC 2005
- Previous message (by thread): rpms/kernel/FC-4/configs config-generic, 1.37, 1.37.4.1 config-ia64-generic, 1.4, 1.4.6.1 config-x86-generic, 1.11, 1.11.6.1 config-x86_64-generic, 1.11, 1.11.6.1
- Next message (by thread): rpms/kernel/FC-4 kernel-2.6.spec,1.1470.2.2,1.1470.2.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: fenlason
Update of /cvs/dist/rpms/openldap/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv6692
Modified Files:
README.evolution README.upgrading ldap.init
openldap-2.2.13-pie.patch openldap.spec sources
Added Files:
MigrationTools-45-noaliases.patch README.nss_ldap
openldap-2.0.27-hop.patch openldap-2.0.27-resolv.patch
openldap-2.1.30-hop.patch openldap-2.1.30-libdir.patch
openldap-2.1.30-resolv.patch
openldap-2.2.13-tls-fix-connection-test.patch
openldap-2.2.15-config.patch openldap-2.2.15-toollinks.patch
openldap-2.2.23-resolv.patch
openldap-2.2.23-start_tls-async.patch
Log Message:
Upgrade to match Rawhide and incidentally fix
bz#161991 openldap password disclosure issue
bz#143393 Creates certificates + keys at an insecure/bad place
MigrationTools-45-noaliases.patch:
migrate_all_offline.sh | 10 +++++-----
migrate_all_online.sh | 10 +++++-----
2 files changed, 10 insertions(+), 10 deletions(-)
--- NEW FILE MigrationTools-45-noaliases.patch ---
Don't migrate aliases by default, the schema used is no longer included in the
default server configuration.
--- MigrationTools-45/migrate_all_offline.sh 2004-10-05 17:36:58.000000000 -0400
+++ MigrationTools-45/migrate_all_offline.sh 2004-10-05 17:37:03.000000000 -0400
@@ -44,9 +44,9 @@
INSTDIR=/usr/share/openldap/migration/
DB=`mktemp /tmp/nis.ldif.XXXXXX`
-if [ "X$ETC_ALIASES" = "X" ]; then
- ETC_ALIASES=/etc/aliases
-fi
+#if [ "X$ETC_ALIASES" = "X" ]; then
+# ETC_ALIASES=/etc/aliases
+#fi
#if [ "X$ETC_FSTAB" = "X" ]; then
# ETC_FSTAB=/etc/fstab
#fi
@@ -110,8 +110,8 @@
echo "Creating naming context entries..."
$PERL -I${INSTDIR} ${INSTDIR}migrate_base.pl > $DB
-echo "Migrating aliases..."
-$PERL -I${INSTDIR} ${INSTDIR}migrate_aliases.pl $ETC_ALIASES >> $DB
+#echo "Migrating aliases..."
+#$PERL -I${INSTDIR} ${INSTDIR}migrate_aliases.pl $ETC_ALIASES >> $DB
#echo "Migrating fstab..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_fstab.pl $ETC_FSTAB >> $DB
echo "Migrating groups..."
--- MigrationTools-45/migrate_all_online.sh 2004-10-05 17:37:11.000000000 -0400
+++ MigrationTools-45/migrate_all_online.sh 2004-10-05 17:37:26.000000000 -0400
@@ -42,9 +42,9 @@
DB=`mktemp /tmp/nis.ldif.XXXXXX`
-if [ "X$ETC_ALIASES" = "X" ]; then
- ETC_ALIASES=/etc/aliases
-fi
+#if [ "X$ETC_ALIASES" = "X" ]; then
+# ETC_ALIASES=/etc/aliases
+#fi
#if [ "X$ETC_FSTAB" = "X" ]; then
# ETC_FSTAB=/etc/fstab
#fi
@@ -167,8 +167,8 @@
echo "Creating DUAConfigProfile entry..."
$PERL -I${INSTDIR} ${INSTDIR}migrate_profile.pl "$LDAPHOST" >> $DB
fi
-echo "Migrating aliases..."
-$PERL -I${INSTDIR} ${INSTDIR}migrate_aliases.pl $ETC_ALIASES >> $DB
+#echo "Migrating aliases..."
+#$PERL -I${INSTDIR} ${INSTDIR}migrate_aliases.pl $ETC_ALIASES >> $DB
#echo "Migrating fstab..."
#$PERL -I${INSTDIR} ${INSTDIR}migrate_fstab.pl $ETC_FSTAB >> $DB
echo "Migrating groups..."
--- NEW FILE README.nss_ldap ---
These files are here specifically for use in building the nss_ldap package,
and should not be used for any other purpose.
They contain a backported patch which adds two functions which nss_ldap can
use to avoid blocking in one particular use case, but which are not included
in the 2.2 branch of OpenLDAP.
When the openldap package updates to 2.3, these libraries will simply
disappear.
openldap-2.0.27-hop.patch:
ldap-int.h | 2 +-
request.c | 12 ++++++++----
url.c | 2 +-
3 files changed, 10 insertions(+), 6 deletions(-)
--- NEW FILE openldap-2.0.27-hop.patch ---
OpenLDAP ITS #3578
When chasing v3 referrals, we need to keep track of how deep the stack
of referrals is, but we actually mark the depth of all searches as the
depth of the top search (0) plus one, which never increases. The result
is an infinite loop if we don't keep track of what's actually going on.
--- openldap/libraries/libldap/request.c
+++ openldap/libraries/libldap/request.c
@@ -107,7 +107,7 @@
servers = NULL;
}
- rc = ldap_send_server_request( ld, ber, ld->ld_msgid, NULL,
+ rc = ldap_send_server_request( ld, ber, ld->ld_msgid, NULL, -1,
servers, NULL, NULL );
if (servers)
ldap_free_urllist(servers);
@@ -122,6 +122,7 @@
BerElement *ber,
ber_int_t msgid,
LDAPRequest *parentreq,
+ int parentcnt,
LDAPURLDesc *srvlist,
LDAPConn *lc,
LDAPreqinfo *bind )
@@ -185,7 +186,10 @@
++parentreq->lr_outrefcnt;
}
lr->lr_origid = parentreq->lr_origid;
- lr->lr_parentcnt = parentreq->lr_parentcnt + 1;
+ if ( parentcnt < 0 ) {
+ parentcnt = lr->lr_parentcnt;
+ }
+ lr->lr_parentcnt = parentcnt + 1;
lr->lr_parent = parentreq;
lr->lr_refnext = parentreq->lr_child;
parentreq->lr_child = lr;
@@ -726,7 +730,7 @@
rinfo.ri_msgid = origreq->lr_origid;
rinfo.ri_url = refarray[i];
if ( (rc = ldap_send_server_request( ld, ber, ld->ld_msgid,
- origreq, srv, NULL, &rinfo )) < 0 ) {
+ origreq, lr->lr_parentcnt, srv, NULL, &rinfo )) < 0 ) {
/* Failure, try next referral in the list */
Debug( LDAP_DEBUG_ANY, "Unable to chase referral \"%s\" (%s)\n",
refarray[i], ldap_err2string( ld->ld_errno ), 0);
@@ -886,7 +890,7 @@
rinfo.ri_msgid = origreq->lr_origid;
rc = ldap_send_server_request( ld, ber, ld->ld_msgid,
- lr, srv, NULL, &rinfo );
+ lr, -1, srv, NULL, &rinfo );
LDAP_FREE( rinfo.ri_url );
--- openldap/libraries/libldap/ldap-int.h
+++ openldap/libraries/libldap/ldap-int.h
@@ -436,7 +436,7 @@
LDAP_F (BerElement *) ldap_alloc_ber_with_options( LDAP *ld );
LDAP_F (void) ldap_set_ber_options( LDAP *ld, BerElement *ber );
-LDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, LDAPreqinfo *bind );
+LDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, int parentcnt, LDAPURLDesc *srvlist, LDAPConn *lc, LDAPreqinfo *bind );
LDAP_F (LDAPConn *) ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, int connect, LDAPreqinfo *bind );
LDAP_F (LDAPRequest *) ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid );
LDAP_F (void) ldap_free_request( LDAP *ld, LDAPRequest *lr );
--- openldap/libraries/libldap/url.c
+++ openldap/libraries/libldap/url.c
@@ -927,7 +927,7 @@
bind.ri_msgid = ld->ld_msgid;
bind.ri_url = (char *)url;
err = ldap_send_server_request(
- ld, ber, ld->ld_msgid, NULL,
+ ld, ber, ld->ld_msgid, NULL, -1,
ludp->lud_host ? ludp : NULL, NULL, &bind );
}
openldap-2.0.27-resolv.patch:
configure.in | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
--- NEW FILE openldap-2.0.27-resolv.patch ---
Check for __res_query in libresolv before we check for it in libbind.
--- openldap-2.0.27/configure.in 2005-03-01 19:56:29.344752963 -0500
+++ openldap-2.0.27/configure.in 2005-03-01 19:56:31.938414251 -0500
@@ -718,23 +718,23 @@
fi
if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(bind, res_query)
- ac_cv_func_res_query=$ac_cv_lib_bind_res_query
+ AC_CHECK_LIB(resolv, res_query)
+ ac_cv_func_res_query=$ac_cv_lib_resolv_res_query
fi
if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(bind, __res_query)
- ac_cv_func_res_query=$ac_cv_lib_bind___res_query
+ AC_CHECK_LIB(resolv, __res_query)
+ ac_cv_func_res_query=$ac_cv_lib_resolv___res_query
fi
if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(resolv, res_query)
- ac_cv_func_res_query=$ac_cv_lib_resolv_res_query
+ AC_CHECK_LIB(bind, res_query)
+ ac_cv_func_res_query=$ac_cv_lib_bind_res_query
fi
if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(resolv, __res_query)
- ac_cv_func_res_query=$ac_cv_lib_resolv___res_query
+ AC_CHECK_LIB(bind, __res_query)
+ ac_cv_func_res_query=$ac_cv_lib_bind___res_query
fi
if test "$ac_cv_func_res_query" = yes ; then
openldap-2.1.30-hop.patch:
openldap-2.1.30/libraries/libldap/request.c | 12 ++++++++----
openldap/libraries/libldap/ldap-int.h | 2 +-
2 files changed, 9 insertions(+), 5 deletions(-)
--- NEW FILE openldap-2.1.30-hop.patch ---
OpenLDAP ITS #3578
When chasing v3 referrals, we need to keep track of how deep the stack
of referrals is, but we actually mark the depth of all searches as the
depth of the top search (0) plus one, which never increases. The result
is an infinite loop if we don't keep track of what's actually going on.
--- openldap-2.1.30/libraries/libldap/request.c.hop 2003-03-03 12:10:05.000000000 -0500
+++ openldap-2.1.30/libraries/libldap/request.c 2005-07-13 16:18:51.000000000 -0400
@@ -133,7 +133,7 @@
return LDAP_PARAM_ERROR;
}
#endif
- rc = ldap_send_server_request( ld, ber, ld->ld_msgid, NULL,
+ rc = ldap_send_server_request( ld, ber, ld->ld_msgid, NULL, -1,
servers, NULL, NULL );
if (servers)
ldap_free_urllist(servers);
@@ -181,6 +181,7 @@
BerElement *ber,
ber_int_t msgid,
LDAPRequest *parentreq,
+ int parentcnt,
LDAPURLDesc *srvlist,
LDAPConn *lc,
LDAPreqinfo *bind )
@@ -260,7 +261,10 @@
++parentreq->lr_outrefcnt;
}
lr->lr_origid = parentreq->lr_origid;
- lr->lr_parentcnt = parentreq->lr_parentcnt + 1;
+ if ( parentcnt < 0 ) {
+ parentcnt = lr->lr_parentcnt;
+ }
+ lr->lr_parentcnt = parentcnt + 1;
lr->lr_parent = parentreq;
lr->lr_refnext = parentreq->lr_child;
parentreq->lr_child = lr;
@@ -849,7 +853,7 @@
rinfo.ri_msgid = origreq->lr_origid;
rinfo.ri_url = refarray[i];
if ( (rc = ldap_send_server_request( ld, ber, ld->ld_msgid,
- origreq, srv, NULL, &rinfo )) < 0 ) {
+ origreq, lr->lr_parentcnt, srv, NULL, &rinfo )) < 0 ) {
/* Failure, try next referral in the list */
#ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR,
@@ -1037,7 +1041,7 @@
rinfo.ri_msgid = origreq->lr_origid;
rc = ldap_send_server_request( ld, ber, ld->ld_msgid,
- lr, srv, NULL, &rinfo );
+ lr, -1, srv, NULL, &rinfo );
LDAP_FREE( rinfo.ri_url );
--- openldap/libraries/libldap/ldap-int.h
+++ openldap/libraries/libldap/ldap-int.h
@@ -436,7 +436,7 @@
LDAP_F (BerElement *) ldap_alloc_ber_with_options( LDAP *ld );
LDAP_F (void) ldap_set_ber_options( LDAP *ld, BerElement *ber );
-LDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, LDAPURLDesc *srvlist, LDAPConn *lc, LDAPreqinfo *bind );
+LDAP_F (int) ldap_send_server_request( LDAP *ld, BerElement *ber, ber_int_t msgid, LDAPRequest *parentreq, int parentcnt, LDAPURLDesc *srvlist, LDAPConn *lc, LDAPreqinfo *bind );
LDAP_F (LDAPConn *) ldap_new_connection( LDAP *ld, LDAPURLDesc *srvlist, int use_ldsb, int connect, LDAPreqinfo *bind );
LDAP_F (LDAPRequest *) ldap_find_request_by_msgid( LDAP *ld, ber_int_t msgid );
LDAP_F (void) ldap_free_request( LDAP *ld, LDAPRequest *lr );
openldap-2.1.30-libdir.patch:
ltmain.sh | 16 ++++++++++++++--
1 files changed, 14 insertions(+), 2 deletions(-)
--- NEW FILE openldap-2.1.30-libdir.patch ---
If we're building a library which will be installed into one of the default
search directories, don't add that directory to the linker search list, in case
we're linking with a dependent library which we're also installing to the same
location using a non-empty $DESTDIR.
--- openldap/build/ltmain.sh 2004-09-08 14:35:12.000000000 -0400
+++ openldap/build/ltmain.sh 2004-09-08 14:35:04.000000000 -0400
@@ -1908,8 +1908,20 @@
add="-l$name"
else
# We cannot seem to hardcode it, guess we'll fake it.
- add_dir="-L$libdir"
- test -d "$ladir/.libs" && add_dir="-L$ladir/.libs $add_dir"
+ add_dir=
+ if test -n "$sys_lib_search_path_spec" ; then
+ for searchdir in $sys_lib_search_path_spec ; do
+ if test "$searchdir" = "$libdir" ; then
+ break
+ fi
+ if test -z "$searchdir" ; then
+ add_dir="-L$libdir"
+ fi
+ done
+ else
+ add_dir="-L$libdir"
+ fi
+ test -d "$ladir/.libs" && add_dir="-L$ladir/.libs $add_dir"
add="-l$name"
fi
openldap-2.1.30-resolv.patch:
configure.in | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
--- NEW FILE openldap-2.1.30-resolv.patch ---
Check for __res_query in libresolv before we check for it in libbind.
--- openldap-2.1.30/configure.in 2005-03-01 19:56:44.084828023 -0500
+++ openldap-2.1.30/configure.in 2005-03-01 19:57:06.124949754 -0500
@@ -966,23 +966,23 @@
fi
if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(bind, res_query)
- ac_cv_func_res_query=$ac_cv_lib_bind_res_query
+ AC_CHECK_LIB(resolv, res_query)
+ ac_cv_func_res_query=$ac_cv_lib_resolv_res_query
fi
if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(bind, __res_query)
- ac_cv_func_res_query=$ac_cv_lib_bind___res_query
+ AC_CHECK_LIB(resolv, __res_query)
+ ac_cv_func_res_query=$ac_cv_lib_resolv___res_query
fi
if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(resolv, res_query)
- ac_cv_func_res_query=$ac_cv_lib_resolv_res_query
+ AC_CHECK_LIB(bind, res_query)
+ ac_cv_func_res_query=$ac_cv_lib_bind_res_query
fi
if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(resolv, __res_query)
- ac_cv_func_res_query=$ac_cv_lib_resolv___res_query
+ AC_CHECK_LIB(bind, __res_query)
+ ac_cv_func_res_query=$ac_cv_lib_bind___res_query
fi
if test "$ac_cv_func_res_query" = yes ; then
openldap-2.2.13-tls-fix-connection-test.patch:
tls.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletion(-)
--- NEW FILE openldap-2.2.13-tls-fix-connection-test.patch ---
--- openldap-2.2.13/libraries/libldap/#tls.c~ 2005-07-06 13:14:00.000000000 -0400
+++ openldap-2.2.13/libraries/libldap/tls.c 2005-07-06 13:14:00.000000000 -0400
@@ -1736,7 +1736,8 @@
/* XXYYZ: this initiates operation only on default connection! */
- if ( ld->ld_sb != NULL && ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) {
+ if ( ( ld->ld_defconn != NULL ) ? ( ld->ld_defconn->lconn_sb != NULL && ldap_pvt_tls_inplace( ld->ld_defconn->lconn_sb ) != 0 )
+ : ( ld->ld_sb != NULL && ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) ) {
return LDAP_LOCAL_ERROR;
}
openldap-2.2.15-config.patch:
doc/man/man8/slurpd.8 | 2 +-
servers/slapd/slapd.conf | 40 +++++++++++++++++++++++++++++++++-------
servers/slurpd/slurp.h | 4 ++--
3 files changed, 36 insertions(+), 10 deletions(-)
--- NEW FILE openldap-2.2.15-config.patch ---
Force the default db directory to /var/lib/ldap, default to including
nis.schema and its prerequisites, allow LDAPv2 clients, increase the set of
indexed attributes for the default database.
--- openldap-2.2.13/doc/man/man8/slurpd.8 2004-01-01 13:16:27.000000000 -0500
+++ openldap-2.2.13/doc/man/man8/slurpd.8 2004-06-15 11:40:04.000000000 -0400
@@ -120,7 +120,7 @@
temporary files may contain sensitive information.
This option allows you to specify the location of these temporary files.
The default is
-.BR LOCALSTATEDIR/openldap-slurp .
+.BR /var/lib/ldap .
.TP
.BI \-k " srvtab\-file"
Specify the location of the kerberos srvtab file which contains keys
--- openldap-2.2.13/servers/slapd/slapd.conf 2003-12-29 13:10:40.000000000 -0500
+++ openldap-2.2.13/servers/slapd/slapd.conf 2004-06-15 11:44:23.000000000 -0400
@@ -3,8 +3,12 @@
# This file should NOT be world readable.
#
include %SYSCONFDIR%/schema/core.schema
+include %SYSCONFDIR%/schema/cosine.schema
+include %SYSCONFDIR%/schema/inetorgperson.schema
+include %SYSCONFDIR%/schema/nis.schema
-# Define global ACLs to disable default read access.
+# Allow LDAPv2 client connections. This is NOT the default.
+allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
@@ -21,6 +25,15 @@
# moduleload back_passwd.la
# moduleload back_shell.la
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it. Your client software
+# may balk at self-signed certificates, however.
+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
+
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
@@ -49,19 +62,32 @@
# rootdn can always read and write EVERYTHING!
#######################################################################
-# BDB database definitions
+# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
-# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
-rootpw secret
+# rootpw secret
+# rootpw {crypt}ijFYNcSNctBYg
+
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
-directory %LOCALSTATEDIR%/openldap-data
+directory /var/lib/ldap
+
-# Indices to maintain
-index objectClass eq
+# Indices to maintain for this database
+index objectClass eq,pres
+index ou,cn,mail,surname,givenname eq,pres,sub
+index uidNumber,gidNumber,loginShell eq,pres
+index uid,memberUid eq,pres,sub
+index nisMapName,nisMapEntry eq,pres,sub
+
+# Replicas of this database
+#replogfile /var/lib/ldap/openldap-master-replog
+#replica host=ldap-1.example.com:389 starttls=critical
+# bindmethod=sasl saslmech=GSSAPI
+# authcId=host/ldap-master.example.com at EXAMPLE.COM
--- openldap-2.2.13/servers/slurpd/slurp.h 2004-01-01 13:16:42.000000000 -0500
+++ openldap-2.2.13/servers/slurpd/slurp.h 2004-06-15 11:40:04.000000000 -0400
@@ -66,7 +66,7 @@
#define SERVICE_NAME OPENLDAP_PACKAGE "-slurpd"
/* Default directory for slurpd's private copy of replication logs */
-#define DEFAULT_SLURPD_REPLICA_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-slurp"
+#define DEFAULT_SLURPD_REPLICA_DIR "/var/lib/ldap"
/* Default name for slurpd's private copy of the replication log */
#define DEFAULT_SLURPD_REPLOGFILE "slurpd.replog"
@@ -75,7 +75,7 @@
#define DEFAULT_SLURPD_STATUS_FILE "slurpd.status"
/* slurpd dump file - contents of rq struct are written here (debugging) */
-#define SLURPD_DUMPFILE LDAP_TMPDIR LDAP_DIRSEP "slurpd.dump"
+#define SLURPD_DUMPFILE DEFAULT_SLURPD_REPLICA_DIR "/slurpd.dump"
/* Amount of time to sleep if no more work to do */
#define DEFAULT_NO_WORK_INTERVAL 3
openldap-2.2.15-toollinks.patch:
Makefile.in | 6 +++++-
1 files changed, 5 insertions(+), 1 deletion(-)
--- NEW FILE openldap-2.2.15-toollinks.patch ---
If libexecdir and sbindir are the same, avoid making an absolute symlink.
--- openldap-2.2.13/servers/slapd/Makefile.in 2004-06-15 17:51:33.000000000 -0400
+++ openldap-2.2.13/servers/slapd/Makefile.in 2004-06-15 17:51:27.000000000 -0400
@@ -421,6 +421,10 @@
cd $(DESTDIR)$(sbindir); \
rm -f $(SLAPTOOLS); \
for i in $(SLAPTOOLS); do \
- $(LN_S) $(libexecdir)/slapd$(EXEEXT) $$i$(EXEEXT); \
+ if test $(libexecdir) != $(sbindir) ; then \
+ $(LN_S) $(libexecdir)/slapd$(EXEEXT) $$i$(EXEEXT); \
+ else \
+ $(LN_S) slapd$(EXEEXT) $$i$(EXEEXT); \
+ fi \
done
openldap-2.2.23-resolv.patch:
configure.in | 20 ++++++++++----------
1 files changed, 10 insertions(+), 10 deletions(-)
--- NEW FILE openldap-2.2.23-resolv.patch ---
Check for __res_query in libresolv before we check for it in libbind.
--- openldap-2.2.23/configure.in 2005-03-01 19:57:10.053436724 -0500
+++ openldap-2.2.23/configure.in 2005-03-01 19:57:27.663137034 -0500
@@ -873,16 +873,6 @@
fi
if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(bind, res_query)
- ac_cv_func_res_query=$ac_cv_lib_bind_res_query
-fi
-
-if test $ac_cv_func_res_query = no ; then
- AC_CHECK_LIB(bind, __res_query)
- ac_cv_func_res_query=$ac_cv_lib_bind___res_query
-fi
-
-if test $ac_cv_func_res_query = no ; then
AC_CHECK_LIB(resolv, res_query)
ac_cv_func_res_query=$ac_cv_lib_resolv_res_query
fi
@@ -897,6 +887,16 @@
ac_cv_func_res_query=$ac_cv_lib_resolv_res_9_query
fi
+if test $ac_cv_func_res_query = no ; then
+ AC_CHECK_LIB(bind, res_query)
+ ac_cv_func_res_query=$ac_cv_lib_bind_res_query
+fi
+
+if test $ac_cv_func_res_query = no ; then
+ AC_CHECK_LIB(bind, __res_query)
+ ac_cv_func_res_query=$ac_cv_lib_bind___res_query
+fi
+
if test "$ac_cv_func_res_query" = yes ; then
AC_DEFINE(HAVE_RES_QUERY,1,
[define if you have res_query()])
openldap-2.2.23-start_tls-async.patch:
include/ldap.h | 15 +++++++++++++++
libraries/libldap/tls.c | 33 ++++++++++++++++++++++++++++-----
2 files changed, 43 insertions(+), 5 deletions(-)
--- NEW FILE openldap-2.2.23-start_tls-async.patch ---
Pulled from HEAD, this lets the client wait for a specified period of time
for an okay from the server instead of waiting indefinitely.
Index: include/ldap.h
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/include/ldap.h,v
retrieving revision 1.270
retrieving revision 1.271
diff -u -r1.270 -r1.271
--- include/ldap.h 25 Jan 2005 15:11:26 -0000 1.270
+++ include/ldap.h 1 Feb 2005 22:53:17 -0000 1.271
@@ -1304,6 +1304,21 @@
LDAP **ldp,
LDAP_CONST char *url ));
+/*
+ * in tls.c
+ */
+
+LDAP_F( int )
+ldap_start_tls LDAP_P((
+ LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_install_tls LDAP_P((
+ LDAP *ld ));
+
LDAP_F( int )
ldap_start_tls_s LDAP_P((
LDAP *ld,
Ident string hunk removed to allow the patch to apply.
Index: libraries/libldap/tls.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/tls.c,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -r1.119 -r1.120
--- libraries/libldap/tls.c 1 Jan 2005 19:49:45 -0000 1.119
+++ libraries/libldap/tls.c 1 Feb 2005 22:53:17 -0000 1.120
@@ -1652,13 +1652,38 @@
}
int
+ldap_start_tls( LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp )
+{
+ return ldap_extended_operation( ld, LDAP_EXOP_START_TLS,
+ NULL, serverctrls, clientctrls, msgidp );
+}
+
+int
+ldap_install_tls( LDAP *ld )
+{
+#ifndef HAVE_TLS
+ return LDAP_NOT_SUPPORTED;
+#else
+ if ( ld->ld_sb != NULL && ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+ return ldap_int_tls_start( ld, ld->ld_defconn, NULL );
+#endif
+}
+
+int
ldap_start_tls_s ( LDAP *ld,
LDAPControl **serverctrls,
LDAPControl **clientctrls )
{
+#ifndef HAVE_TLS
+ return LDAP_NOT_SUPPORTED;
+#else
int rc;
-
-#ifdef HAVE_TLS
char *rspoid = NULL;
struct berval *rspdata = NULL;
@@ -1683,9 +1708,7 @@
rc = ldap_int_tls_start( ld, ld->ld_defconn, NULL );
}
-#else
- rc = LDAP_NOT_SUPPORTED;
-#endif
return rc;
+#endif
}
Index: README.evolution
===================================================================
RCS file: /cvs/dist/rpms/openldap/FC-3/README.evolution,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- README.evolution 9 Sep 2004 09:43:01 -0000 1.1
+++ README.evolution 7 Oct 2005 20:55:41 -0000 1.2
@@ -1,5 +1,5 @@
These files are here specifically for use in building the evolution-connector
-package.
+package, and should not be used for any other purpose.
In order to authenticate to older servers, an LDAP client must perform an
ntlm_bind operation instead of a simple or SASL bind. The ntlm_bind is not the
Index: README.upgrading
===================================================================
RCS file: /cvs/dist/rpms/openldap/FC-3/README.upgrading,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- README.upgrading 9 Sep 2004 09:39:22 -0000 1.2
+++ README.upgrading 7 Oct 2005 20:55:41 -0000 1.3
@@ -1,10 +1,68 @@
-The OpenLDAP on-disk format has changed between the 2.0.x and 2.1.x releases.
+Before upgrading from OpenLDAP 2.0 or 2.1 to OpenLDAP 2.2, the system
+administrator should dump out the contents of the the directory server's
+databases using the 'slapcat' utility included in the openldap-servers package
+and save the LDIF files which it produces.
-If you are upgrading a server from OpenLDAP 2.0.x, you will very need to dump
-out your directory to a text file using "slapcat -n" before upgrading and
-re-import the entries into the new format using "slapadd" after the upgrade.
-
-Because schema checking is now more restrictive, some entries may not import
-cleanly. In particular, if you have used previous versions of the migration
-scripts, some of the entries (particularly oncRpc objects) may be missing
-"description" attributes which are now required by the schema.
+After the upgrade is complete, the data can be re-imported using the 'slapadd'
+utility. Some data which was exported from an OpenLDAP 2.0 server may not
+import directly into an OpenLDAP 2.2 server. If this happens, check for these
+common problems:
+
+ * Missing parent entries.
+ Entries in the directory are no longer allowed to be children of entries
+ which are not present in the directory. For example, earlier releases
+ would allow an entry with distinguished name (DN)
+ "cn=foo,dc=devel,dc=example,dc=com" to be imported into a database for
+ suffix "dc=example,dc=com" which contained neither an entry for
+ "dc=devel,dc=example,dc=com" nor an entry for "dc=example,dc=com".
+
+ * Deprecated objectclasses and attribute types.
+ Entries of these classes should be replaced by entries of a different
+ class.
+ * the automountMap objectclass
+ Use the nisMap objectclass instead, replacing these old attributes
+ with new attributes:
+ +====================================+
+ | old attribute new attribute |
+ |------------------------------------|
+ | ou nisMapName |
+ +====================================+
+ * the automount objectclass
+ Use the nisObject objectclass instead, replacing these old attributes
+ with new attributes:
+ +====================================+
+ | old attribute new attribute |
+ |------------------------------------|
+ | cn cn |
+ | automountInformation nisMapEntry |
+ | (no counterpart) nisMapName |
+ +====================================+
+
+ * Missing objectclass definitions.
+ Some objectclasses are no longer defined because they are no longer used.
+ Remove the objectclass from the entry's list of objectclasses, and
+ remove any values for attributes which are unique to that objectclass.
+ These include:
+ * the "kerberosSecurityObject" objectclass and the "krbName" attribute
+ * the "dynamicObject" objectclass
+ * the "LDAPsubEntry" objectclass
+
+ * Missing attribute values.
+ Some objectclass definitions mark a given attribute as both optional (MAY)
+ and required (MUST). While such attributes may have been treated as
+ optional before, they are now treated as required. Some examples:
+ * the "ipProtocol" object class and its "description" attribute
+ * the "rpcService" object class and its "description" attribute
+ * the "oncRpc" object class and its "description" attribute
+ * the "residentialPerson" object class and its "localityName" attribute
+
+ * Structural vs. auxiliary objectclasses.
+ The set of objectclasses which any entry lists should include exactly one
+ STRUCTURAL class. This requirement may not have been enforced in previous
+ releases.
+
+ * The entry does not contain its own RDN as an attribute-value pair.
+ The naming attribute and value used as the entry's relative distinguished
+ name (RDN) must be explicitly defined for the entry. For example, an
+ entry named "cn=contrived,dc=example,dc=com" must include "contrived" as a
+ value for its "cn" attribute.
Index: ldap.init
===================================================================
RCS file: /cvs/dist/rpms/openldap/FC-3/ldap.init,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- ldap.init 9 Sep 2004 09:42:43 -0000 1.8
+++ ldap.init 7 Oct 2005 20:55:41 -0000 1.9
@@ -3,7 +3,7 @@
# ldap This shell script takes care of starting and stopping
# ldap servers (slapd and slurpd).
#
-# chkconfig: - 39 61
+# chkconfig: - 27 73
# description: LDAP stands for Lightweight Directory Access Protocol, used \
# for implementing the industry standard directory services.
# processname: slapd
@@ -20,7 +20,8 @@
fi
# Source an auxiliary options file if we have one, and pick up OPTIONS,
-# SLAPD_OPTIONS, and SLURPD_OPTIONS.
+# SLAPD_OPTIONS, SLURPD_OPTIONS, SLAPD_LDAPS, SLAPD_LDAPI, and maybe
+# KRB5_KTNAME.
if [ -r /etc/sysconfig/ldap ] ; then
. /etc/sysconfig/ldap
fi
@@ -33,52 +34,150 @@
RETVAL=0
-function start() {
- # Check for simple-but-common errors.
+#
+# Pass commands given in $2 and later to "test" run as user given in $1.
+#
+function testasuser() {
+ local user= cmd=
+ user="$1"
+ shift
+ cmd="$@"
+ if test x"$user" != x ; then
+ if test x"$cmd" != x ; then
+ /sbin/runuser -f -m -s /bin/sh -c "test $cmd" -- "$user"
+ else
+ false
+ fi
+ else
+ false
+ fi
+}
+
+#
+# Check for read-access errors for the user given in $1 for a service named $2.
+# If $3 is specified, the command is run if "klist" can't be found.
+#
+function checkkeytab() {
+ local user= service= klist= default=
+ user="$1"
+ service="$2"
+ default="${3:-false}"
+ if test -x /usr/kerberos/bin/klist ; then
+ klist=/usr/kerberos/bin/klist
+ elif test -x /usr/bin/klist ; then
+ klist=/usr/bin/klist
+ fi
+ KRB5_KTNAME="${KRB5_KTNAME:-/etc/krb5.keytab}"
+ export KRB5_KTNAME
+ if test -s "$KRB5_KTNAME" ; then
+ if test x"$klist" != x ; then
+ if LANG=C $klist -k "$KRB5_KTNAME" | tail -n 4 | awk '{print $2}' | grep -q ^"$service"/ ; then
+ if ! testasuser "$user" -r ${KRB5_KTNAME:-/etc/krb5.keytab} ; then
+ true
+ else
+ false
+ fi
+ else
+ false
+ fi
+ else
+ $default
+ fi
+ else
+ false
+ fi
+}
+
+function configtest() {
+ local user= ldapuid= dbdir= file=
+ # Check for simple-but-common errors.
user=ldap
+ prog=`basename ${slapd}`
ldapuid=`id -u $user`
# Unaccessible database files.
- for dbdir in `grep ^directory /etc/openldap/slapd.conf | sed s,^directory,,` ; do
+ slaptestflags=
+ for dbdir in `LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' /etc/openldap/slapd.conf | sed s,^directory,,` ; do
for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" \)` ; do
echo -n $"$file is not owned by \"$user\"" ; warning ; echo
done
+ if ! test -s ${dbdir}/id2entry.dbb ; then
+ if ! test -s ${dbdir}/id2entry.gdbm ; then
+ if ! test -s ${dbdir}/id2entry.bdb ; then
+ slaptestflags=-u
+ fi
+ fi
+ fi
+ done
+ # Unaccessible keytab with an "ldap" key.
+ if checkkeytab $user ldap ; then
+ file=${KRB5_KTNAME:-/etc/krb5.keytab}
+ echo -n $"$file is not readable by \"$user\"" ; warning ; echo
+ fi
+ # Unaccessible TLS configuration files.
+ tlsconfigs=`LANG=C egrep '^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]' /etc/openldap/slapd.conf | awk '{print $2}'`
+ for file in $tlsconfigs ; do
+ if ! testasuser $user -r $file ; then
+ echo -n $"$file is not readable by \"$user\"" ; warning ; echo
+ fi
done
# Check the configuration file.
- echo -n $"Checking configuration files for $prog: "
- $slaptest
- RETVAL=$?
- if test $RETVAL -eq 0 ; then
- success
- else
- failure
- exit 1
+ if ! action $"Checking configuration files for $prog: " $slaptest $slaptestflags ; then
+ if $slaptest -u > /dev/null 2> /dev/null ; then
+ dirs=`LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' /etc/openldap/slapd.conf | awk '{print $2}'`
+ for directory in $dirs ; do
+ if test -r $directory/__db.001 ; then
+ echo -n $"stale lock files may be present in $directory" ; warning ; echo
+ fi
+ done
+ fi
+ exit 1
fi
- # Start daemons.
+}
+
+function start() {
+ configtest
+ # Define a couple of local variables which we'll need. Maybe.
+ user=ldap
prog=`basename ${slapd}`
- echo -n $"Starting $prog: "
- if grep -q ^TLS /etc/openldap/slapd.conf ; then
- daemon ${slapd} -u ldap -h '"ldap:/// ldaps:///"' $OPTIONS $SLAPD_OPTIONS
- RETVAL=$?
- else
- daemon ${slapd} -u ldap -h "ldap:///" $OPTIONS $SLAPD_OPTIONS
- RETVAL=$?
+ # Build a wrapper script to exec slapd with the right arguments, to
+ # avoid being tripped out by changes or weirdness in how daemon()
+ # handles quoted arguments.
+ wrapper=`mktemp ${TMP:-/tmp}/start-slapd.XXXXXX`
+ harg="ldap:///"
+ if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then
+ harg="$harg ldaps:///"
fi
+ if test x$SLAPD_LDAPI = xyes ; then
+ harg="$harg ldapi:///"
+ fi
+ if test -z "$wrapper" ; then
+ return 1
+ fi
+ cat >> $wrapper <<- EOF
+ exec ${slapd} -h "$harg" -u ${user} $OPTIONS $SLAPD_OPTIONS
+ EOF
+ chmod u+x $wrapper
+ trap "rm -f $wrapper" EXIT
+ # Start daemons.
+ echo -n $"Starting $prog: "
+ daemon --check=$prog $wrapper
+ RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
- if grep -q "^replogfile" /etc/openldap/slapd.conf; then
+ if grep -q "^replogfile" /etc/openldap/slapd.conf; then
prog=`basename ${slurpd}`
echo -n $"Starting $prog: "
- daemon ${slurpd} $OPTIONS $SLURPD_OPTIONS
+ daemon ${slurpd} $OPTIONS $SLURPD_OPTIONS
RETVAL=$?
echo
- fi
+ fi
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
return $RETVAL
}
function stop() {
- # Stop daemons.
+ # Stop daemons.
prog=`basename ${slapd}`
echo -n $"Stopping $prog: "
killproc ${slapd}
@@ -93,22 +192,25 @@
echo
fi
fi
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
return $RETVAL
}
# See how we were called.
case "$1" in
+ configtest)
+ configtest
+ ;;
start)
- start
- ;;
+ start
+ ;;
stop)
- stop
- ;;
+ stop
+ ;;
status)
- status ${slapd}
- if grep -q "^replogfile" /etc/openldap/slapd.conf ; then
- status ${slurpd}
+ status ${slapd}
+ if grep -q "^replogfile" /etc/openldap/slapd.conf ; then
+ status ${slurpd}
fi
;;
restart)
@@ -116,10 +218,10 @@
start
;;
condrestart)
- if [ -f /var/lock/subsys/ldap ] ; then
- stop
- start
- fi
+ if [ -f /var/lock/subsys/ldap ] ; then
+ stop
+ start
+ fi
;;
*)
echo $"Usage: $0 {start|stop|restart|status|condrestart}"
openldap-2.2.13-pie.patch:
slapd/Makefile.in | 2 +-
slurpd/Makefile.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Index: openldap-2.2.13-pie.patch
===================================================================
RCS file: /cvs/dist/rpms/openldap/FC-3/openldap-2.2.13-pie.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openldap-2.2.13-pie.patch 9 Sep 2004 09:42:43 -0000 1.1
+++ openldap-2.2.13-pie.patch 7 Oct 2005 20:55:41 -0000 1.2
@@ -9,7 +9,7 @@
slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
- $(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \
-+ $(LTLINK) -pie -o $@ $(SLAPD_OBJECTS) $(LIBS) \
++ $(LTLINK) -pie -Wl,-z,defs -o $@ $(SLAPD_OBJECTS) $(LIBS) \
$(WRAP_LIBS)
rm -f $(SLAPTOOLS)
for i in $(SLAPTOOLS); do \
@@ -20,7 +20,7 @@
slurpd: version.o
- $(LTLINK) -o $@ $(OBJS) version.o $(LIBS)
-+ $(LTLINK) -pie -o $@ $(OBJS) version.o $(LIBS)
++ $(LTLINK) -pie -Wl,-z,defs -o $@ $(OBJS) version.o $(LIBS)
sslurpd: version.o
$(LTLINK) -static -o $@ $(OBJS) version.o $(LIBS)
Index: openldap.spec
===================================================================
RCS file: /cvs/dist/rpms/openldap/FC-3/openldap.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- openldap.spec 9 Sep 2004 09:43:01 -0000 1.23
+++ openldap.spec 7 Oct 2005 20:55:41 -0000 1.24
@@ -1,21 +1,24 @@
%define migtools_version 45
-%define db_version 4.2.52
-%define db_version_40 4.0.14
+%define db_version 4.3.27
%define ldbm_backend berkeley
%define version_20 2.0.27
%define version_21 2.1.30
-%define version_22 2.2.13
+%define version_22 2.2.28
+%define nss_ldap_prefix %{_libdir}/nss_ldap-openldap
+%define nss_ldap_includedir %{nss_ldap_prefix}/include
+%define nss_ldap_libdir %{nss_ldap_prefix}/%{_lib}
%define evolution_connector_prefix %{_libdir}/evolution-openldap
%define evolution_connector_includedir %{evolution_connector_prefix}/include
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
# For Fedora, we want 2.1 compatibility. For RHEL or RHL9, we may want 2.0.
%define compat_version %{version_21}
%define nptl_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 x86_64
+%define nss_ldap_build 0
Summary: The configuration files, libraries, and documentation for OpenLDAP.
Name: openldap
Version: %{version_22}
-Release: 2
+Release: 1.FC3
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_22}.tgz
@@ -23,8 +26,7 @@
Source2: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_21}.tgz
Source3: ftp://ftp.OpenLDAP.org/pub/tools/autoconf-2.13.1.tar.gz
Source4: ftp://ftp.OpenLDAP.org/pub/tools/automake-1.4a.tar.gz
-Source5: http://www.sleepycat.com/update/snapshot/db-%{db_version}.tar.gz
-Source6: http://www.sleepycat.com/update/snapshot/db-%{db_version_40}.tar.gz
+Source5: http://downloads.sleepycat.com/db-%{db_version}.tar.gz
Source7: ldap.init
Source8: ftp://ftp.padl.com/pub/MigrationTools-%{migtools_version}.tar.gz
Source9: migration-tools.txt
@@ -33,15 +35,16 @@
Source12: http://www.OpenLDAP.org/doc/admin/guide.html
Source13: nptl-abi-note.S
Source14: README.evolution
-Patch0: openldap-2.2.13-config.patch
+Source15: README.nss_ldap
+Patch0: openldap-2.2.15-config.patch
Patch2: openldap-1.2.11-cldap.patch
-Patch3: openldap-2.1.17-syslog.patch
Patch4: openldap-2.0.11-ldaprc.patch
Patch5: openldap-2.2.13-setugid.patch
Patch6: openldap-2.2.13-pie.patch
-Patch7: openldap-2.2.13-toollinks.patch
+Patch7: openldap-2.2.15-toollinks.patch
Patch8: openldap-2.2.13-nosql.patch
Patch9: openldap-2.1.30-ldapi.patch
+Patch10: openldap-2.1.30-libdir.patch
Patch12: db-4.0.14-disable-mutex.patch
Patch13: db-4.0.14-libobjs.patch
Patch21: MigrationTools-38-instdir.patch
@@ -49,15 +52,22 @@
Patch23: MigrationTools-27-simple.patch
Patch24: MigrationTools-26-suffix.patch
Patch25: MigrationTools-44-schema.patch
-Patch30: http://www.sleepycat.com/update/4.2.52/patch.4.2.52.1
-Patch31: http://www.sleepycat.com/update/4.2.52/patch.4.2.52.2
+Patch26: MigrationTools-45-noaliases.patch
Patch40: openldap-ntlm.diff
+Patch41: openldap-2.2.23-start_tls-async.patch
+Patch42: openldap-2.2.13-tls-fix-connection-test.patch
+Patch44: openldap-2.1.30-hop.patch
+Patch45: openldap-2.0.27-hop.patch
+Patch50: openldap-2.0.27-resolv.patch
+Patch51: openldap-2.1.30-resolv.patch
+Patch52: openldap-2.2.23-resolv.patch
+
URL: http://www.openldap.org/
BuildRoot: %{_tmppath}/%{name}-%{version_22}-root
BuildPreReq: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel
BuildPreReq: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers,
-BuildPreReq: unixODBC-devel
-Requires: cyrus-sasl, cyrus-sasl-md5, mktemp
+BuildPreReq: unixODBC-devel, bind-libbind-devel
+Requires: cyrus-sasl, cyrus-sasl-md5, glibc >= 2.2.3-48, mktemp
%description
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
@@ -84,7 +94,7 @@
%package servers
Summary: OpenLDAP servers and related files.
-Prereq: fileutils, make, openldap = %{version_22}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig
+Prereq: fileutils, make, openldap = %{version_22}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig, /sbin/runuser
Group: System Environment/Daemons
%description servers
@@ -129,8 +139,12 @@
%package -n compat-openldap
Summary: OpenLDAP compatibility shared libraries.
Group: System Environment/Libraries
+# Require the current OpenLDAP libraries package in an attempt to ensure that
+# we have a /etc/openldap/ldap.conf file on the system.
Requires: openldap = %{version_22}-%{release}, cyrus-sasl >= 2.1
-Version: %{compat_version}
+# Why this weirdo version number? We want to ensure that version comparisons
+# for this package always sort in the same order as the main openldap package.
+Version: %{version_22}_%{compat_version}
%description -n compat-openldap
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
@@ -139,17 +153,18 @@
required by some applications.
%prep
-%setup -q -c -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 8
+%setup -q -c -a 1 -a 2 -a 3 -a 4 -a 5 -a 8
pushd openldap-%{version_22}
%patch0 -p1 -b .config
%patch2 -p1 -b .cldap
-%patch3 -p1 -b .syslog
%patch4 -p1 -b .ldaprc
%patch5 -p1 -b .setugid
%patch6 -p1 -b .pie
%patch7 -p1 -b .toollinks
%patch8 -p1 -b .nosql
+%patch52 -p1 -b .resolv
+%patch42 -p1 -b .CAN-2005-2069
cp %{_datadir}/libtool/config.{sub,guess} build/
popd
@@ -157,22 +172,25 @@
# non-standard NTLM bind type which is needed to connect to Win2k GC servers
# (Win2k3 supports SASL with DIGEST-MD5, so this shouldn't be needed for those
# servers, though as of version 1.4 the connector doesn't try SASL first).
-cp -a openldap-%{version_22} evo-openldap-%{version_22}
+if ! cp -al openldap-%{version_22} evo-openldap-%{version_22} ; then
+ rm -fr evo-openldap-%{version_22}
+ cp -a openldap-%{version_22} evo-openldap-%{version_22}
+fi
pushd evo-openldap-%{version_22}
%patch40 -p0 -b .evolution-ntlm
popd
-
-pushd db-%{db_version_40}
-%patch12 -p1 -b .disable-mutex
-%patch13 -p1 -b .libobj
-cd dist
-./s_config
-popd
-
-pushd db-%{db_version}
-%patch30 -b .db-1
-%patch31 -b .db-2
+%if %{nss_ldap_build}
+# Set up a build tree for a static version of libldap with async start_tls
+# support, which nss_ldap can use to avoid blocking if a server is accepting
+# connections but is otherwise unresponsive.
+if ! cp -al openldap-%{version_22} nss_ldap-openldap-%{version_22} ; then
+ rm -fr nss_ldap-openldap-%{version_22}
+ cp -a openldap-%{version_22} nss_ldap-openldap-%{version_22}
+fi
+pushd nss_ldap-openldap-%{version_22}
+%patch41 -p0 -b .start_tls
popd
+%endif
pushd MigrationTools-%{migtools_version}
%patch21 -p1 -b .instdir
@@ -180,21 +198,40 @@
%patch23 -p1 -b .simple
%patch24 -p1 -b .suffix
%patch25 -p1 -b .schema
+%patch26 -p1 -b .noaliases
+popd
+
+autodir=`pwd`/auto-instroot
+pushd autoconf-2.13.1
+./configure --prefix=$autodir
+make all install
+popd
+pushd automake-1.4a
+./configure --prefix=$autodir
+make all install
popd
pushd openldap-%{version_20}
+%patch9 -p1 -b .ldapi
+%patch50 -p1 -b .resolv
+%patch45 -p1 -b .hop
for subdir in build-gdbm build-db build-clients build-compat ; do
mkdir $subdir
ln -s ../configure $subdir
done
+$autodir/bin/autoconf
popd
pushd openldap-%{version_21}
%patch9 -p1 -b .ldapi
+%patch10 -p1 -b .libdir
+%patch51 -p1 -b .resolv
+%patch44 -p1 -b .hop
for subdir in build-servers build-compat ; do
mkdir $subdir
ln -s ../configure $subdir
done
+$autodir/bin/autoconf
popd
pushd openldap-%{version_22}
@@ -202,16 +239,7 @@
mkdir $subdir
ln -s ../configure $subdir
done
-popd
-
-autodir=`pwd`/auto-instroot
-pushd autoconf-2.13.1
-./configure --prefix=$autodir
-make all install
-popd
-pushd automake-1.4a
-./configure --prefix=$autodir
-make all install
+$autodir/bin/autoconf
popd
%build
@@ -230,53 +258,6 @@
# Set CFLAGS to incorporate RPM_OPT_FLAGS.
CFLAGS="$RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
-# Build the 2.0 server tools for dumping out old on-disk databases. This
-# requires Berkeley DB 4.0.x (which we must build) and gdbm.
-pushd db-%{db_version_40}/dist
-./configure -C \
- --with-pic \
- --disable-shared \
- --with-uniquename=_openldap_slapd_rhl_40 \
- --prefix=${dbdir40} \
- --includedir=${dbdir40}/include \
- --libdir=${dbdir40}/%{_lib}
-make %{_smp_mflags}
-make install
-popd
-
-# Set CPPFLAGS/CFLAGS/LDFLAGS to find our just-built DB 4.0.
-CPPFLAGS="-I${dbdir40}/include" ; export CPPFLAGS
-CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
-LDFLAGS="-L${dbdir40}/%{_lib}" ; export LDFLAGS
-
-pushd openldap-%{version_20}/build-gdbm
-%configure \
- --disable-shared \
- --without-cyrus-sasl \
- --without-kerberos \
- --without-threads \
- --without-tls \
- --enable-ldbm \
- --with-ldbm-api=gdbm \
- --program-suffix=-slapd-2.0-gdbm
-make %{_smp_mflags}
-popd
-
-pushd openldap-%{version_20}/build-db
-LIBS=-lpthread; export LIBS
-%configure \
- --disable-shared \
- --without-cyrus-sasl \
- --without-kerberos \
- --without-threads \
- --without-tls \
- --enable-ldbm \
- --with-ldbm-api=berkeley \
- --program-suffix=-slapd-2.0-dbb
-make %{_smp_mflags}
-unset LIBS
-popd
-
# Build Berkeley DB and install it into a temporary area, isolating OpenLDAP
# from any future changes to the system-wide Berkeley DB library. Version 4.2
# or later is required by the BDB backend in OpenLDAP 2.1 and later.
@@ -343,34 +324,14 @@
CPPFLAGS="-I${dbdir}/include $OPENSSL_CPPFLAGS" ; export CPPFLAGS
CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
LDFLAGS="-L${dbdir}/%{_lib} $OPENSSL_LDFLAGS" ; export LDFLAGS
-
-# Build the 2.1 server tools for dumping out old on-disk databases. This
-# requires Berkeley DB 4.2.x.
-pushd openldap-%{version_21}/build-servers
-LIBS=-lpthread; export LIBS
-%configure \
- --disable-shared \
- --disable-dynamic \
- --without-cyrus-sasl \
- --without-kerberos \
- --without-threads \
- --without-tls \
- --enable-slapd --disable-slurpd \
- --enable-bdb \
- --enable-ldbm \
- --with-ldbm-api=%{ldbm_backend} \
- --program-suffix=-slapd-2.1
-make %{_smp_mflags}
-unset LIBS
-popd
+LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}; export LD_LIBRARY_PATH
# Build the client libraries for the compat package.
pushd openldap-%{compat_version}/build-compat
%configure \
--disable-slapd --disable-slurpd \
- --with-threads=posix --disable-static --enable-shared --enable-dynamic \
- --enable-local --enable-rlookups --with-tls --with-cyrus-sasl \
- --without-kerberos
+ --with-threads=posix --enable-static --enable-shared --enable-dynamic \
+ --enable-local --with-tls --with-cyrus-sasl --without-kerberos
make %{_smp_mflags}
popd
@@ -392,6 +353,7 @@
--enable-cleartext \
--enable-crypt \
--enable-spasswd \
+ --enable-lmpasswd \
--enable-modules \
--disable-sql \
\
@@ -402,6 +364,7 @@
# Build the servers with Kerberos support (for password checking, mainly).
LIBS=-lpthread; export LIBS
+LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}; export LD_LIBRARY_PATH
pushd openldap-%{version_22}/build-servers
build \
--enable-plugins \
@@ -453,51 +416,55 @@
--includedir=%{evolution_connector_includedir} \
--libdir=%{evolution_connector_libdir}
popd
+%if %{nss_ldap_build}
+# Build nss_ldap-specific clients just as we would normal clients, except with
+# a different installation directory in mind and no shared libraries.
+pushd nss_ldap-openldap-%{version_22}
+build \
+ --disable-slapd \
+ --disable-slurpd \
+ --disable-shared \
+ --disable-dynamic \
+ --enable-static \
+ --without-kerberos \
+ --with-cyrus-sasl \
+ --with-pic \
+ --includedir=%{nss_ldap_includedir} \
+ --libdir=%{nss_ldap_libdir}
+popd
+%endif
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
libtool='%{_bindir}/libtool'
tagname=CC; export tagname
-# Install the 2.0 server tools for dumping out old on-disk databases.
-mkdir -p $RPM_BUILD_ROOT/%{_sbindir}/
-pushd openldap-%{version_20}
- pushd build-gdbm/servers/slapd/tools
- for bin in slapadd slapcat ; do
- ../../../libtool --mode=install install -m755 $bin $RPM_BUILD_ROOT/%{_sbindir}/$bin-slapd-2.0-gdbm
- done
- popd
-
- pushd build-db/servers/slapd/tools
- for bin in slapadd slapcat ; do
- ../../../libtool --mode=install install -m755 $bin $RPM_BUILD_ROOT/%{_sbindir}/$bin-slapd-2.0-dbb
- done
- popd
-popd
-
# Install the 2.0 or 2.1 shared libraries for compatibility. The two sets of
-# libraries share sonames, so we have to choose one.
+# libraries share sonames, so we have to choose one or the other.
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/
pushd openldap-%{compat_version}/build-compat/libraries
- for lib in libldap libldap_r liblber ; do
- pushd $lib
- ../../libtool --mode=install install -m755 $lib.la $RPM_BUILD_ROOT/%{_libdir}/$lib.la
- popd
- done
-popd
-
-# Install the 2.1 server tools for dumping out old on-disk databases.
-pushd openldap-%{version_21}/build-servers/servers/slapd/tools
- for bin in slapadd slapcat ; do
- ../../../libtool --mode=install install -m755 $bin $RPM_BUILD_ROOT/%{_sbindir}/$bin-slapd-2.1
- done
+ make install DESTDIR=$RPM_BUILD_ROOT
+ rm $RPM_BUILD_ROOT/%{_libdir}/*.a
+ rm $RPM_BUILD_ROOT/%{_libdir}/*.la
+ rm $RPM_BUILD_ROOT/%{_libdir}/*.so
popd
# Install servers.
%ifarch %{nptl_arches}
+case %{_target_platform} in
+ i386*|i486*) archp=i486; arches="i586 i686";;
+ i586*) archp=i586; arches=i686;;
+ i686*) archp=i686; arches=;;
+ athlon*) archp=i686; arches=;;
+ *) archp=; arches=;;
+esac
pushd db-instroot/%{_lib}/tls/
-install -d $RPM_BUILD_ROOT/%{_libdir}/tls/
-install -m755 libslapd_db-*.*.so $RPM_BUILD_ROOT/%{_libdir}/tls/
+install -d $RPM_BUILD_ROOT/%{_libdir}/tls/${archp}/
+install -m755 libslapd_db-*.*.so $RPM_BUILD_ROOT/%{_libdir}/tls/${archp}/
+for arch in $arches ; do
+ install -d $RPM_BUILD_ROOT/%{_libdir}/tls/${arch}/
+ ln $RPM_BUILD_ROOT/%{_libdir}/tls/${archp}/* $RPM_BUILD_ROOT/%{_libdir}/tls/${arch}/
+done
popd
%endif
@@ -528,10 +495,30 @@
$RPM_SOURCE_DIR/README.evolution \
$RPM_BUILD_ROOT/%{evolution_connector_prefix}/
popd
+%if %{nss_ldap_build}
+pushd nss_ldap-openldap-%{version_22}
+make install DESTDIR=$RPM_BUILD_ROOT \
+ includedir=%{nss_ldap_includedir} \
+ libdir=%{nss_ldap_libdir} \
+ LIBTOOL="$libtool"
+install -m644 \
+ $RPM_SOURCE_DIR/README.nss_ldap \
+ $RPM_BUILD_ROOT/%{nss_ldap_prefix}/
+popd
+%endif
pushd openldap-%{version_22}/build-clients
make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool"
popd
+# Create this directory so that authconfig setting TLS_CACERT to
+# /etc/openldap/cacerts doesn't cause TLS startup of any kind to fail
+# when the directory doesn't exist.
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/openldap/cacerts
+# make sure the certs directory exists
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
+# Touch the dummy slapd.pem to make rpmbuild happy
+touch $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/slapd.pem
+
# Install the padl.com migration tools.
mkdir -p $RPM_BUILD_ROOT%{_datadir}/openldap/migration
install -m 755 MigrationTools-%{migtools_version}/migrate_* \
@@ -556,8 +543,8 @@
rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/*.default
# Install an init script for the servers.
-mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-install -m 755 $RPM_SOURCE_DIR/ldap.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ldap
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
+install -m 755 $RPM_SOURCE_DIR/ldap.init $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/ldap
# If ldapadd and ldapmodify are the same binary, make them a hard link
if cmp $RPM_BUILD_ROOT%{_bindir}/ldapadd $RPM_BUILD_ROOT%{_bindir}/ldapmodify ; then
@@ -575,10 +562,14 @@
chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a
# Remove files which we don't want packaged.
-rm -f $RPM_BUILD_ROOT/%{_datadir}/openldap/migration/*.{instdir,simple,schema,mktemp,suffix}
+rm -f $RPM_BUILD_ROOT/%{_datadir}/openldap/migration/*.{instdir,simple,schema,mktemp,suffix,noaliases}
rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.la
rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.so*
+%if %{nss_ldap_build}
+rm -f $RPM_BUILD_ROOT/%{nss_ldap_libdir}/*.la
+rm -f $RPM_BUILD_ROOT/%{nss_ldap_libdir}/*.so*
+%endif
rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.a
rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.so
@@ -606,8 +597,8 @@
/sbin/ldconfig
/sbin/chkconfig --add ldap
exec > /dev/null 2> /dev/null
-if [ ! -f %{_datadir}/ssl/certs/slapd.pem ] ; then
-pushd %{_datadir}/ssl/certs
+if [ ! -f %{_sysconfdir}/pki/tls/certs/slapd.pem ] ; then
+pushd %{_sysconfdir}/pki/tls/certs
umask 077
cat << EOF | make slapd.pem
--
@@ -643,8 +634,9 @@
%doc openldap-%{version_22}/COPYRIGHT
%doc openldap-%{version_22}/LICENSE
%doc openldap-%{version_22}/README
-%attr(0755,root,root) %dir /etc/openldap
-%attr(0644,root,root) %config(noreplace) /etc/openldap/ldap*.conf
+%attr(0755,root,root) %dir %{_sysconfdir}/openldap
+%attr(0755,root,root) %dir %{_sysconfdir}/openldap/cacerts
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap*.conf
%attr(0755,root,root) %{_libdir}/liblber-*.so.*
%attr(0755,root,root) %{_libdir}/libldap-*.so.*
%attr(0755,root,root) %{_libdir}/libldap_r-*.so.*
@@ -660,19 +652,24 @@
%attr(0755,root,root) %{_libdir}/liblber.so.*
%attr(0755,root,root) %{_libdir}/libldap.so.*
%attr(0755,root,root) %{_libdir}/libldap_r.so.*
+%if %( test %{compat_version} = %{version_20} && echo 1 || echo 0 )
+%attr(0755,root,root) %dir %{_datadir}/openldap
+%attr(0644,root,root) %{_datadir}/openldap/ldapfriendly
+%endif
%files servers
%defattr(-,root,root)
%doc README.migration
%doc TOOLS.migration
%doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/guide.html
-%attr(0755,root,root) %config /etc/rc.d/init.d/ldap
-%attr(0640,root,ldap) %config(noreplace) /etc/openldap/slapd.conf
-%attr(0755,root,root) %dir /etc/openldap/schema
-%attr(0644,root,root) %dir /etc/openldap/schema/README*
-%attr(0644,root,root) %config(noreplace) /etc/openldap/schema/*.schema*
-%attr(0755,root,root) %dir /etc/openldap/schema/redhat
-%attr(0644,root,root) %config(noreplace) /etc/openldap/schema/redhat/*.schema*
+%ghost %config %{_sysconfdir}/pki/tls/certs/slapd.pem
+%attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/ldap
+%attr(0640,root,ldap) %config(noreplace) %{_sysconfdir}/openldap/slapd.conf
+%attr(0755,root,root) %dir %{_sysconfdir}/openldap/schema
+%attr(0644,root,root) %dir %{_sysconfdir}/openldap/schema/README*
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/*.schema*
+%attr(0755,root,root) %dir %{_sysconfdir}/openldap/schema/redhat
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/redhat/*.schema*
%attr(0755,root,root) %{_sbindir}/sl*
%attr(0644,root,root) %{_mandir}/man8/*
%attr(0644,root,root) %{_mandir}/man5/slapd*.5*
@@ -687,7 +684,12 @@
%attr(0700,ldap,ldap) %dir /var/lib/ldap
%attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
%ifarch %{nptl_arches}
+%ifnarch %{ix86}
%attr(0755,root,root) %{_libdir}/tls/libslapd_db-*.*.so
+%else
+%dir %attr(0755,root,root) %{_libdir}/tls/*
+%attr(0755,root,root) %{_libdir}/tls/*/libslapd_db-*.*.so
+%endif
%endif
%files servers-sql
@@ -715,8 +717,92 @@
%attr(0644,root,root) %{evolution_connector_includedir}/*.h
%attr(0755,root,root) %dir %{evolution_connector_libdir}
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
+%if %{nss_ldap_build}
+%attr(0755,root,root) %dir %{nss_ldap_prefix}
+%attr(0644,root,root) %{nss_ldap_prefix}/README*
+%attr(0755,root,root) %dir %{nss_ldap_includedir}
+%attr(0644,root,root) %{nss_ldap_includedir}/*.h
+%attr(0755,root,root) %dir %{nss_ldap_libdir}
+%attr(0644,root,root) %{nss_ldap_libdir}/*.a
+%endif
%changelog
+* Thu Sep 29 2005 Jay Fenlason <fenlason at redhat.com> 2.2.28-2
+- Upgrade to nev upstream version. This makes the 2.2.*-hop patch obsolete.
+
+* Mon Aug 22 2005 Jay Fenlason <fenlason at redhat.com> 2.2.26-2
+- Move the slapd.pem file to /etc/pki/tls/certs
+ and edit the -config patch to match to close
+ bz#143393 Creates certificates + keys at an insecure/bad place
+- also use _sysconfdir instead of hard-coding /etc
+
+* Thu Aug 11 2005 Jay Fenlason <fenlason at redhat.com>
+- Add the tls-fix-connection-test patch to close
+ bz#161991 openldap password disclosure issue
+- add the hop patches to prevent infinite looping when chasing referrals.
+ OpenLDAP ITS #3578
+
+* Fri Aug 5 2005 Nalin Dahyabhai <nalin at redhat.com>
+- fix typo in ldap.init (call $klist instead of klist, from Charles Lopes)
+
+* Thu May 19 2005 Nalin Dahyabhai <nalin at redhat.com> 2.2.26-1
+- run slaptest with the -u flag if no id2entry db files are found, because
+ you can't check for read-write access to a non-existent database (#156787)
+- add %{_sysconfdir}/openldap/cacerts, which authconfig sets as the
+ TLS_CACERTDIR path in /etc/openldap/ldap.conf now
+- use a temporary wrapper script to launch slapd, in case we have arguments
+ with embedded whitespace (#158111)
+
+* Wed May 4 2005 Nalin Dahyabhai <nalin at redhat.com>
+- update to 2.2.26 (stable 20050429)
+- enable the lmpasswd scheme
+- print a warning if slaptest fails, slaptest -u succeeds, and one of the
+ directories listed as the storage location for a given suffix in slapd.conf
+ contains a readable file named __db.001 (#118678)
+
+* Tue Apr 26 2005 Nalin Dahyabhai <nalin at redhat.com> 2.2.25-1
+- update to 2.2.25 (release)
+
+* Tue Apr 26 2005 Nalin Dahyabhai <nalin at redhat.com> 2.2.24-1
+- update to 2.2.24 (stable 20050318)
+- export KRB5_KTNAME in the init script, in case it was set in the sysconfig
+ file but not exported
+
+* Tue Mar 1 2005 Nalin Dahyabhai <nalin at redhat.com> 2.2.23-4
+- prefer libresolv to libbind
+
+* Tue Mar 1 2005 Nalin Dahyabhai <nalin at redhat.com> 2.2.23-3
+- add bind-libbind-devel and libtool-ltdl-devel buildprereqs
+
+* Tue Mar 1 2005 Tomas Mraz <tmraz at redhat.com> 2.2.23-2
+- rebuild with openssl-0.9.7e
+
+* Mon Jan 31 2005 Nalin Dahyabhai <nalin at redhat.com> 2.2.23-1
+- update to 2.2.23 (stable-20050125)
+- update notes on upgrading from earlier versions
+- drop slapcat variations for 2.0/2.1, which choke on 2.2's config files
+
+* Tue Jan 4 2005 Nalin Dahyabhai <nalin at redhat.com> 2.2.20-1
+- update to 2.2.20 (stable-20050103)
+- warn about unreadable krb5 keytab files containing "ldap" keys
+- warn about unreadable TLS-related files
+- own a ref to subdirectories which we create under %%{_libdir}/tls
+
+* Tue Nov 2 2004 Nalin Dahyabhai <nalin at redhat.com> 2.2.17-0
+- rebuild
+
+* Thu Sep 30 2004 Nalin Dahyabhai <nalin at redhat.com>
+- update to 2.2.17 (stable-20040923) (#135188)
+- move nptl libraries into arch-specific subdirectories on %%{ix86} boxes
+- require a newer glibc which can provide nptl libpthread on i486/i586
+
+* Tue Aug 24 2004 Nalin Dahyabhai <nalin at redhat.com>
+- move slapd startup to earlier in the boot sequence (#103160)
+- update to 2.2.15 (stable-20040822)
+- change version number on compat-openldap to include the non-compat version
+ from which it's compiled, otherwise would have to start 2.2.15 at release 3
+ so that it upgrades correctly
+
* Thu Aug 19 2004 Nalin Dahyabhai <nalin at redhat.com> 2.2.13-2
- build a separate, static set of libraries for openldap-devel with the
non-standard ntlm bind patch applied, for use by the evolution-connector
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/openldap/FC-3/sources,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- sources 9 Sep 2004 09:42:43 -0000 1.14
+++ sources 7 Oct 2005 20:55:41 -0000 1.15
@@ -1,8 +1,7 @@
2355e54f17a1fdc87b0d56ed9ea3e115 MigrationTools-45.tar.gz
5a9e617c1d5339d3c90c545c93e30949 autoconf-2.13.1.tar.gz
0faee50993f7e4fe00f4b921b640b84d automake-1.4a.tar.gz
-12262c64fcd64b772e7cffad8e4d0ebc db-4.0.14.tar.gz
-cbc77517c9278cdb47613ce8cb55779f db-4.2.52.tar.gz
a1e6508c471dd47205a3492cf57110a6 openldap-2.0.27.tgz
e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz
-5ba3c2d9af0ae614e4a001aa6b16e6e3 openldap-2.2.13.tgz
+fcc481d52c3b80e20a328f8c0cb042bd db-4.3.27.tar.gz
+b51db7328430b9cbe527696da726f1fb openldap-2.2.28.tgz
- Previous message (by thread): rpms/kernel/FC-4/configs config-generic, 1.37, 1.37.4.1 config-ia64-generic, 1.4, 1.4.6.1 config-x86-generic, 1.11, 1.11.6.1 config-x86_64-generic, 1.11, 1.11.6.1
- Next message (by thread): rpms/kernel/FC-4 kernel-2.6.spec,1.1470.2.2,1.1470.2.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list