rpms/openldap/F-7 MigrationTools-46-ddp.patch, NONE, 1.1 MigrationTools-46-unique-hosts.patch, NONE, 1.1 openldap-2.3.34-config.patch, NONE, 1.1 openldap-2.3.34-smbk5pwd.patch, NONE, 1.1 ldap.init, 1.20, 1.21 openldap.spec, 1.67, 1.68 openldap-2.3.11-config.patch, 1.2, NONE
Jan Šafránek (jsafrane)
fedora-extras-commits at redhat.com
Fri Jul 13 20:00:59 UTC 2007
- Previous message (by thread): rpms/bigboard/devel .cvsignore, 1.14, 1.15 bigboard.spec, 1.22, 1.23 sources, 1.15, 1.16
- Next message (by thread): rpms/sugar-artwork/OLPC-2 .cvsignore, 1.7, 1.8 sources, 1.7, 1.8 sugar-artwork.spec, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jsafrane
Update of /cvs/pkgs/rpms/openldap/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16480
Modified Files:
ldap.init openldap.spec
Added Files:
MigrationTools-46-ddp.patch
MigrationTools-46-unique-hosts.patch
openldap-2.3.34-config.patch openldap-2.3.34-smbk5pwd.patch
Removed Files:
openldap-2.3.11-config.patch
Log Message:
Sync with devel:
- Fix initscript return codes (#242667)
- Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895)
- Add available modules to config file
- do not create script in /tmp on startup (bz#188298)
- add compat-slapcat to openldap-compat (bz#179378)
- do not import ddp services with migrate_services.pl
(bz#201183)
- sort the hosts by address, preventing duplicities
in migrate*nis*.pl (bz#201540)
- start slupd for each replicated database (bz#210155)
- add ldconfig to devel post/postun (bz#240253)
- include misc.schema in default slapd.conf (bz#147805)
MigrationTools-46-ddp.patch:
--- NEW FILE MigrationTools-46-ddp.patch ---
--- MigrationTools-46/migrate_services.pl.orig 2007-05-23 14:41:22.000000000 +0200
+++ MigrationTools-46/migrate_services.pl 2007-05-23 14:42:55.000000000 +0200
@@ -102,6 +102,12 @@
my ($servicename, $portproto, @aliases) = split(m/\s+/o, $card);
my ($rawport, $proto) = split(m#[/,]#o, $portproto);
+ # do not generate ddp services - it's AppleTalk, not IP
+ if ($proto eq "ddp") {
+ print STDERR "Skipping non-IP service '$servicename $portproto'\n";
+ next;
+ }
+
# Find services specifying a port range (e.g. X11.)
my $loport = '';
my $hiport = '';
MigrationTools-46-unique-hosts.patch:
--- NEW FILE MigrationTools-46-unique-hosts.patch ---
Prevent duplicities in hosts, which are read from NIS.
--- MigrationTools-46/migrate_all_nis_online.sh.orig 2007-05-24 11:21:54.000000000 +0200
+++ MigrationTools-46/migrate_all_nis_online.sh 2007-05-24 11:26:30.000000000 +0200
@@ -67,7 +67,7 @@
ypcat $DOMFLAG protocols > $ETC_PROTOCOLS
touch $ETC_FSTAB
ypcat $DOMFLAG rpc.byname > $ETC_RPC
-ypcat $DOMFLAG hosts > $ETC_HOSTS
+ypcat $DOMFLAG hosts.byaddr > $ETC_HOSTS
ypcat $DOMFLAG networks > $ETC_NETWORKS
#ypcat $DOMFLAG -k aliases > $ETC_ALIASES
--- MigrationTools-46/migrate_all_nis_offline.sh.orig 2007-05-24 11:21:54.000000000 +0200
+++ MigrationTools-46/migrate_all_nis_offline.sh 2007-05-24 11:26:13.000000000 +0200
@@ -67,7 +67,7 @@
ypcat $DOMFLAG protocols > $ETC_PROTOCOLS
touch $ETC_FSTAB
ypcat $DOMFLAG rpc.byname > $ETC_RPC
-ypcat $DOMFLAG hosts > $ETC_HOSTS
+ypcat $DOMFLAG hosts.byaddr > $ETC_HOSTS
ypcat $DOMFLAG networks > $ETC_NETWORKS
#ypcat $DOMFLAG -k aliases > $ETC_ALIASES
openldap-2.3.34-config.patch:
--- NEW FILE openldap-2.3.34-config.patch ---
--- openldap-2.3.34/servers/slapd/slapd.conf.orig 2007-06-29 09:01:50.000000000 +0200
+++ openldap-2.3.34/servers/slapd/slapd.conf 2007-06-29 09:03:50.000000000 +0200
@@ -3,23 +3,48 @@
# This file should NOT be world readable.
#
include %SYSCONFDIR%/schema/core.schema
+include %SYSCONFDIR%/schema/cosine.schema
+include %SYSCONFDIR%/schema/inetorgperson.schema
+include %SYSCONFDIR%/schema/nis.schema
+include %SYSCONFDIR%/schema/misc.schema
-# Define global ACLs to disable default read access.
+# Allow LDAPv2 client connections. This is NOT the default.
+allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
-pidfile %LOCALSTATEDIR%/run/slapd.pid
-argsfile %LOCALSTATEDIR%/run/slapd.args
+pidfile %LOCALSTATEDIR%/run/openldap/slapd.pid
+argsfile %LOCALSTATEDIR%/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath %MODULEDIR%
-# moduleload back_bdb.la
-# moduleload back_ldap.la
-# moduleload back_ldbm.la
-# moduleload back_passwd.la
-# moduleload back_shell.la
+# moduleload accesslog.la
+# moduleload auditlog.la
+# moduleload back_sql.la
+# moduleload denyop.la
+# moduleload dyngroup.la
+# moduleload dynlist.la
+# moduleload lastmod.la
+# moduleload pcache.la
+# moduleload ppolicy.la
+# moduleload refint.la
+# moduleload retcode.la
+# moduleload rwm.la
+# moduleload syncprov.la
+# moduleload translucent.la
+# moduleload unique.la
+# moduleload valsort.la
+
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it. Your client software
+# may balk at self-signed certificates, however.
+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
@@ -49,19 +74,32 @@
# rootdn can always read and write EVERYTHING!
#######################################################################
-# BDB database definitions
+# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
-# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
-rootpw secret
+# rootpw secret
+# rootpw {crypt}ijFYNcSNctBYg
+
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
-directory %LOCALSTATEDIR%/openldap-data
-# Indices to maintain
-index objectClass eq
+directory /var/lib/ldap
+
+# Indices to maintain for this database
+index objectClass eq,pres
+index ou,cn,mail,surname,givenname eq,pres,sub
+index uidNumber,gidNumber,loginShell eq,pres
+index uid,memberUid eq,pres,sub
+index nisMapName,nisMapEntry eq,pres,sub
+
+# Replicas of this database
+#replogfile /var/lib/ldap/openldap-master-replog
+#replica host=ldap-1.example.com:389 starttls=critical
+# bindmethod=sasl saslmech=GSSAPI
+# authcId=host/ldap-master.example.com at EXAMPLE.COM
openldap-2.3.34-smbk5pwd.patch:
--- NEW FILE openldap-2.3.34-smbk5pwd.patch ---
--- openldap-2.3.34/servers/slapd/overlays/Makefile.in.smbk5pwd 2007-01-02 22:44:08.000000000 +0100
+++ openldap-2.3.34/servers/slapd/overlays/Makefile.in 2007-06-29 16:59:32.000000000 +0200
@@ -28,7 +28,8 @@
syncprov.c \
translucent.c \
unique.c \
- valsort.c
+ valsort.c \
+ smbk5pwd.c
OBJS = overlays.o \
statover.o \
@SLAPD_STATIC_OVERLAYS@
@@ -41,14 +42,14 @@
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
-MOD_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = -DSLAPD_IMPORT -DDO_SAMBA
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
LIBRARY = ../liboverlays.a
-PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@
+PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@ smbk5pwd.la
XINCPATH = -I.. -I$(srcdir)/..
XDEFS = $(MODULES_CPPFLAGS)
@@ -105,6 +106,9 @@
valsort.la : valsort.lo
$(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS)
+smbk5pwd.la : smbk5pwd.lo
+ $(LTLINK_MOD) -module -o $@ smbk5pwd.lo version.lo $(LINK_LIBS)
+
install-local: $(PROGRAMS)
@if test -n "$?" ; then \
$(MKDIR) $(DESTDIR)$(moduledir); \
--- openldap-2.3.34/contrib/slapd-modules/smbk5pwd/README.smbk5pwd 2005-11-14 19:06:04.000000000 +0100
+++ openldap-2.3.34/contrib/slapd-modules/smbk5pwd/README 2007-07-09 09:44:43.000000000 +0200
@@ -1,3 +1,8 @@
+***************************************************************
+Red Hat note: Kerberos support is NOT compiled into
+this version of smbk5pwd because we do not use Heimdall.
+***************************************************************
+
Copyright 2004-2005 Howard Chu, Symas Corp. All rights reserved.
Redistribution and use in source and binary forms, with or without
Index: ldap.init
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/F-7/ldap.init,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- ldap.init 24 Apr 2007 09:12:34 -0000 1.20
+++ ldap.init 13 Jul 2007 20:00:26 -0000 1.21
@@ -16,7 +16,7 @@
# Source networking configuration and check that networking is up.
if [ -r /etc/sysconfig/network ] ; then
. /etc/sysconfig/network
- [ ${NETWORKING} = "no" ] && exit 0
+ [ ${NETWORKING} = "no" ] && exit 1
fi
# Source an auxiliary options file if we have one, and pick up OPTIONS,
@@ -29,8 +29,8 @@
slapd=/usr/sbin/slapd
slurpd=/usr/sbin/slurpd
slaptest=/usr/sbin/slaptest
-[ -x ${slapd} ] || exit 0
-[ -x ${slurpd} ] || exit 0
+[ -x ${slapd} ] || exit 1
+[ -x ${slurpd} ] || exit 1
RETVAL=0
@@ -97,7 +97,7 @@
# Unaccessible database files.
slaptestflags=
for dbdir in `LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' /etc/openldap/slapd.conf | sed s,^directory,,` ; do
- for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" \)` ; do
+ for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do
echo -n $"$file is not owned by \"$user\"" ; warning ; echo
done
if ! test -s ${dbdir}/id2entry.dbb ; then
@@ -149,10 +149,6 @@
# Define a couple of local variables which we'll need. Maybe.
user=ldap
prog=`basename ${slapd}`
- # Build a wrapper script to exec slapd with the right arguments, to
- # avoid being tripped out by changes or weirdness in how daemon()
- # handles quoted arguments.
- wrapper=`mktemp ${TMP:-/tmp}/start-slapd.XXXXXX`
harg="ldap:///"
if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then
harg="$harg ldaps:///"
@@ -160,26 +156,30 @@
if test x$SLAPD_LDAPI = xyes ; then
harg="$harg ldapi:///"
fi
- if test -z "$wrapper" ; then
- return 1
- fi
- cat >> $wrapper <<- EOF
- exec ${slapd} -h "$harg" -u ${user} $OPTIONS $SLAPD_OPTIONS
- EOF
- chmod u+x $wrapper
- trap "rm -f $wrapper" EXIT
# Start daemons.
echo -n $"Starting $prog: "
- daemon --check=$prog $wrapper
+ daemon --check=$prog ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
if grep -q "^replogfile" /etc/openldap/slapd.conf; then
prog=`basename ${slurpd}`
- echo -n $"Starting $prog: "
- daemon ${slurpd} $OPTIONS $SLURPD_OPTIONS
- RETVAL=$?
- echo
+ i=1;
+ for replogfile in `grep "^replogfile" /etc/openldap/slapd.conf`
+ do
+ if [ "$replogfile" != "replogfile" ]
+ then
+ echo -n $"Starting $prog: "
+ daemon ${slurpd} -r $replogfile -n $i
+ # make the return value nozero if any of the slurpd failed
+ RET=$?
+ if [ $RET -ne 0 ] ; then
+ RETVAL=$RET
+ fi
+ i=$[i+1]
+ echo
+ fi
+ done
fi
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
@@ -213,24 +213,33 @@
;;
start)
start
+ RETVAL=$?
;;
stop)
stop
+ RETVAL=$?
;;
status)
status ${slapd}
+ RETVAL=$?
if grep -q "^replogfile" /etc/openldap/slapd.conf ; then
status ${slurpd}
+ RET=$?
+ if [ $RET -ne 0 ] ; then
+ RETVAL=$RET;
+ fi
fi
;;
restart)
stop
start
+ RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/ldap ] ; then
stop
start
+ RETVAL=$?
fi
;;
*)
Index: openldap.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/F-7/openldap.spec,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- openldap.spec 24 Apr 2007 11:24:28 -0000 1.67
+++ openldap.spec 13 Jul 2007 20:00:26 -0000 1.68
@@ -13,7 +13,7 @@
Summary: The configuration files, libraries, and documentation for OpenLDAP
Name: openldap
Version: %{version_23}
-Release: 2%{?dist}
+Release: 3%{?dist}
License: OpenLDAP
Group: System Environment/Daemons
Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
@@ -31,7 +31,7 @@
Source12: README.evolution
# Patches that are still valid for 2.3
-Patch0: openldap-2.3.11-config.patch
+Patch0: openldap-2.3.34-config.patch
Patch1: openldap-1.2.11-cldap.patch
Patch2: openldap-2.0.11-ldaprc.patch
Patch3: openldap-2.2.13-setugid.patch
@@ -42,6 +42,7 @@
Patch8: openldap-2.3.19-gethostbyXXXX_r.patch
Patch9: openldap-2.3.34-quiet-slaptest.patch
Patch10: openldap-2.3.34-pthread.patch
+Patch11: openldap-2.3.34-smbk5pwd.patch
# Patches for 2.2.29 for the compat-openldap package.
Patch100: openldap-2.2.13-tls-fix-connection-test.patch
@@ -59,6 +60,8 @@
Patch303: MigrationTools-26-suffix.patch
Patch304: MigrationTools-46-schema.patch
Patch305: MigrationTools-45-noaliases.patch
+Patch306: MigrationTools-46-ddp.patch
+Patch307: MigrationTools-46-unique-hosts.patch
Patch400: db-4.4.20-1.patch
Patch401: db-4.4.20-2.patch
@@ -178,6 +181,8 @@
%patch8 -p1 -b .gethostbyname_r
%patch9 -p1 -b .quiet-slaptest
%patch10 -p1 -b .pthread
+%patch11 -p1 -b .smbk5pwd
+
cp %{_datadir}/libtool/config.{sub,guess} build/
popd
@@ -200,6 +205,8 @@
%patch303 -p1 -b .suffix
%patch304 -p1 -b .schema
%patch305 -p1 -b .noaliases
+%patch306 -p1
+%patch307 -p1
popd
autodir=`pwd`/auto-instroot
@@ -229,6 +236,9 @@
mkdir $subdir
ln -s ../configure $subdir
done
+# build smbk5pwd with other overlays
+ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
+mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
autoconf
popd
@@ -317,7 +327,7 @@
# Build the client libraries for the compat package.
pushd openldap-%{compat_version}/build-compat
%configure \
- --disable-slapd --disable-slurpd \
+ --enable-slapd --disable-slurpd \
--with-threads=posix --enable-static --enable-shared --enable-dynamic \
--enable-local --with-tls --with-cyrus-sasl --without-kerberos
make %{_smp_mflags}
@@ -368,11 +378,14 @@
--enable-null \
--enable-shell \
--enable-sql=mod \
+ --enable-passwd \
--disable-perl \
+ --enable-relay \
--disable-shared \
--disable-dynamic \
--enable-static \
- --with-kerberos=k5only
+ --with-kerberos=k5only \
+ --enable-overlays=mod
unset LIBS
popd
@@ -419,6 +432,11 @@
rm $RPM_BUILD_ROOT/%{_libdir}/*.so
popd
+mkdir -p $RPM_BUILD_ROOT/%{_libdir}/compat-openldap
+pushd openldap-%{compat_version}/build-compat/servers/slapd
+ $libtool --mode=install /usr/bin/install -c -s -m 755 slapd $RPM_BUILD_ROOT/%{_libdir}/compat-openldap/slapcat
+popd
+
# Install servers.
%ifarch %{nptl_arches}
case %{_target_platform} in
@@ -625,6 +643,12 @@
/sbin/service ldap condrestart > /dev/null 2>&1 || :
fi
+%post devel
+/sbin/ldconfig
+
+%postun devel
+/sbin/ldconfig
+
%files
%defattr(-,root,root)
%doc openldap-%{version_23}/ANNOUNCEMENT
@@ -650,12 +674,16 @@
%attr(0755,root,root) %{_libdir}/liblber-2.2.so.*
%attr(0755,root,root) %{_libdir}/libldap-2.2.so.*
%attr(0755,root,root) %{_libdir}/libldap_r-2.2.so.*
+%attr(0755,ldap,ldap) %dir %{_libdir}/compat-openldap
+%attr(0755,root,root) %{_libdir}/compat-openldap/slapcat
+
%files servers
%defattr(-,root,root)
%doc README.migration
%doc TOOLS.migration
%doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/guide.html
+%doc openldap-%{version_23}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
%ghost %config %{_sysconfdir}/pki/tls/certs/slapd.pem
%attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/ldap
%attr(0640,root,ldap) %config(noreplace) %{_sysconfdir}/openldap/slapd.conf
@@ -681,6 +709,8 @@
%attr(0700,ldap,ldap) %dir /var/lib/ldap
%attr(0755,ldap,ldap) %dir /var/run/openldap
%attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
+%attr(0755,root,root) %dir %{_libdir}/openldap
+%attr(0755,root,root) %{_libdir}/openldap/[^b]*
%ifarch %{nptl_arches}
%ifnarch %{ix86}
%attr(0755,root,root) %{_libdir}/tls/libslapd_db-*.*.so
@@ -694,7 +724,6 @@
%defattr(-,root,root)
%doc openldap-%{version_23}/servers/slapd/back-sql/docs/*
%doc openldap-%{version_23}/servers/slapd/back-sql/rdbms_depend
-%attr(0755,root,root) %{_libdir}/openldap
%attr(0755,root,root) %{_libdir}/openldap/back_sql.la
%attr(0755,root,root) %{_libdir}/openldap/back_sql*.so.*
@@ -718,6 +747,20 @@
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
+* Fri Jul 13 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-3%{?dist}
+- Fix initscript return codes (#242667)
+- Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895)
+- Add available modules to config file
+- do not create script in /tmp on startup (bz#188298)
+- add compat-slapcat to openldap-compat (bz#179378)
+- do not import ddp services with migrate_services.pl
+ (bz#201183)
+- sort the hosts by address, preventing duplicities
+ in migrate*nis*.pl (bz#201540)
+- start slupd for each replicated database (bz#210155)
+- add ldconfig to devel post/postun (bz#240253)
+- include misc.schema in default slapd.conf (bz#147805)
+
* Mon Apr 23 2007 Jan Safranek <jsafranek at redhat.com> 2.3.34-2%{?dist}
- slapadd during package update is now quiet (bz#224581)
- use _localstatedir instead of var/ during build (bz#220970)
--- openldap-2.3.11-config.patch DELETED ---
- Previous message (by thread): rpms/bigboard/devel .cvsignore, 1.14, 1.15 bigboard.spec, 1.22, 1.23 sources, 1.15, 1.16
- Next message (by thread): rpms/sugar-artwork/OLPC-2 .cvsignore, 1.7, 1.8 sources, 1.7, 1.8 sugar-artwork.spec, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list