net-nds/openldap: bump and add samba4 overlay

git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@2251 6952d904-891a-0410-993b-d76249ca496b

net-nds/openldap/Manifest

@@ -0,0 +1,14 @@
+AUX DB_CONFIG.fast.example 746 RMD160 03d179d1c58d695c442eb5e3e69c245f3c2f2358 SHA1 c76a2a9f346a733ed6617d42229b434ce723c59e SHA256 69fc9aa6e4f0b888bc02d3f75642fe1ebf9345c685257a5c1236b2e79ed56e0b
+AUX openldap-2.2.14-perlthreadsfix.patch 614 RMD160 6e868aa5a5cc4e80c0340af25d18d010b342ed15 SHA1 3bb05c7ed511e8464331619ce23064d236a5fe82 SHA256 bb719cc1fed47ff0f111c960f3295781ae6f0d9e98b4266a87751044b4bb3175
+AUX openldap-2.4.11-libldap_r.patch 515 RMD160 aa778bad59d498601bab84e215b2bcb6d125cf00 SHA1 e2c52828e719c137802966879f8da93a196cfde3 SHA256 3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e
+AUX openldap-2.4.15-ppolicy.patch 418 RMD160 5b32da96fbc6002a2d464ea765ad72ebf23727f5 SHA1 cdd7c2bdfb0011561965a39f99e46cbb9f266aba SHA256 98269fa1e8a1a0e62dad9acd36fd9a33614fca9a5830d6e7e606db8eb7f85de5
+AUX openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch 3542 RMD160 7e17304b2b85e2dec12e0bc49b82e35443cc703e SHA1 7a25d0002581ae6f78ffe498c3e05eef0119f7a6 SHA256 31e816eb9f3b52f5f9d183f82adebff75892e45e764187e579a92204c90889cb
+AUX openldap-2.4.17-gcc44.patch 509 RMD160 07c1b8400e1b24cb8f20f2647b1354d2b28f653d SHA1 5df5a165acec74667f5989f291aedd958be56358 SHA256 33345882f601050ecaa6bb3dd7458e6b5f8e3684345847f7a53d4a1b0f514bda
+AUX openldap-2.4.19-contrib-smbk5pwd.patch 1555 RMD160 ce8f5caafa4b3d89dc11537f0045335b25c59404 SHA1 372906228b2ab6be13a689f895e173abb4862f2e SHA256 8e08af4235529cbc0c4541a28d5cf7e8cf3f41f7504af41527e993e1399fee92
+AUX slapd-confd 436 RMD160 764d5e2915d9af33fd1db2489ceac6d953750984 SHA1 a16b4674b45ac1e1c8a8f9e84ad0de519c81aa11 SHA256 1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d
+AUX slapd-initd2 622 RMD160 750d7c59d1b7e47b0b21b96d301244c3ec3e28bf SHA1 a438adef50bfb925cc7550156b6dbefd68dcb856 SHA256 abd3ab5c58b18845f6946bbf93c987d833c8a94b88841c587ce453faf738cefa
+AUX slurpd-initd 494 RMD160 9f3a06bcab2e4ce8e66783af506d26595bbbdcd2 SHA1 8ab66a984510fa91755cbcbac29883cea1435db7 SHA256 b23e010f701620ec34c39cd215891c7c0afc773341392a1e762e84166d9863ff
+DIST openldap-2.4.22.tgz 5179727 RMD160 4edf1a822fcb34a06d18a28ce2f50cd040946453 SHA1 dd506b461c1fccd55dfff123b87aa6d07c899136 SHA256 c29b34031305616cf2c847d30706e2d2cdfc2cf91431e0bddab5d483395a40c1
+EBUILD openldap-2.4.22.ebuild 20379 RMD160 b7c7defdfcf7aa14b80064219326af823c7b7631 SHA1 4d331c21e40fea26fab163c50843fac897f5f64c SHA256 b2e5bb9586925bb1dc8bff7a9a8850812639bcaa4f2fb89c6efa03882f5e7644
+MISC ChangeLog 64473 RMD160 3e471a4137aba2d0a59555986c73afd13a9fc1f5 SHA1 f10e6d51cef6ebf3e5ab76075ed8e658b3476e07 SHA256 bf610c52f67cfb55a4f54b02da2a58bd4c8af73c01d5c988c785127485155873
+MISC metadata.xml 556 RMD160 14eae07812da4eecd05e467d1dccf841e6e16be6 SHA1 fa4c8d1aa03dd6bb9c27a7758fbaba5355cfe590 SHA256 405d4cd6f15d8495d0c7365f7b7d6bda9b82775d7e157339f3a6e92d46eed2c8

net-nds/openldap/files/DB_CONFIG.fast.example

@@ -0,0 +1,25 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1 2004/06/18 02:49:08 kurt Exp $
+# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
+#
+# See Sleepycat Berkeley DB documentation
+#   <http://www.sleepycat.com/docs/ref/env/db_config.html>
+# for detail description of DB_CONFIG syntax and semantics.
+#
+# Hints can also be found in the OpenLDAP Software FAQ
+#	<http://www.openldap.org/faq/index.cgi?file=2>
+
+# one 0.25 GB cache
+set_cachesize 0 16777216 0
+
+# Data Directory
+#set_data_dir db
+
+# Transaction Log settings
+set_lg_regionmax 262144
+set_lg_bsize 524288
+#set_lg_dir logs
+
+# When using (and only when using) slapadd(8) or slapindex(8),
+# the following flags may be useful:
+#set_flags DB_TXN_NOSYNC
+#set_flags DB_TXN_NOT_DURABLE

net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch

@@ -0,0 +1,12 @@
+diff -ur openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in openldap-2.2.14/servers/slapd/back-perl/Makefile.in
+--- openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in	2004-04-12 11:20:14.000000000 -0700
++++ openldap-2.2.14/servers/slapd/back-perl/Makefile.in	2004-06-20 18:43:41.000000000 -0700
+@@ -31,7 +31,7 @@
+ 
+ shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+ NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
+-UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
++UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) `perl -MExtUtils::Embed -e ldopts`
+ 
+ LIBBASE = back_perl
+ 

net-nds/openldap/files/openldap-2.4.11-libldap_r.patch

@@ -0,0 +1,11 @@
+diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in
+--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in	2008-02-11 15:26:49.000000000 -0800
++++ openldap-2.4.11/servers/slapd/slapi/Makefile.in	2008-10-14 02:10:18.402799262 -0700
+@@ -37,6 +37,7 @@
+ XLIBS = $(LIBRARY)
+ XXLIBS = 
+ NT_LINK_LIBS = $(AC_LIBS)
++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
+ 
+ XINCPATH = -I$(srcdir)/.. -I$(srcdir)
+ XDEFS = $(MODULES_CPPFLAGS)

net-nds/openldap/files/openldap-2.4.15-ppolicy.patch

@@ -0,0 +1,12 @@
+--- openldap-2.4.15/clients/tools/common.c.orig	2009-02-05 15:05:03.000000000 -0800
++++ openldap-2.4.15/clients/tools/common.c	2009-03-21 01:45:14.000000000 -0700
+@@ -1315,8 +1315,8 @@
+ 	int		nsctrls = 0;
+ 
+ #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
++	LDAPControl c;
+ 	if ( ppolicy ) {
+-		LDAPControl c;
+ 		c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+ 		c.ldctl_value.bv_val = NULL;
+ 		c.ldctl_value.bv_len = 0;

net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch

@@ -0,0 +1,109 @@
+If GnuTLS is used, the lmpasswd module for USE=samba does not compile.
+Forward-port an old Debian patch that upstream never applied.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+Signed-off-by: Steffen Hau <steffen@hauihau.de>
+X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
+X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
+X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
+
+--- openldap-2.4.17.orig/libraries/liblutil/passwd.c	2009-07-27 18:59:19.635995474 -0700
++++ openldap-2.4.17/libraries/liblutil/passwd.c	2009-07-27 19:01:13.588069010 -0700
+@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
+ typedef PK11Context *des_context[1];
+ #define DES_ENCRYPT CKA_ENCRYPT
+ 
++#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++#	include <gcrypt.h>
++static int gcrypt_init = 0;
++
++typedef const void* des_key;
++typedef unsigned char des_cblock[8];
++typedef des_cblock des_data_block;
++typedef int des_key_schedule; /* unused */
++typedef des_key_schedule des_context; /* unused */
++#define des_failed(encrypted) 0
++#define des_finish(key, schedule) 
++
++#define des_set_key_unchecked( key, key_sched ) \
++  gcry_cipher_setkey( hd, key, 8 )
++
++#define des_ecb_encrypt( input, output, key_sched, enc ) \
++  gcry_cipher_encrypt( hd, *output, 8, *input, 8 )
++
++#define des_set_odd_parity( key ) do {} while(0)
++
+ #endif
+ 
+ #endif /* SLAPD_LMHASH */
+@@ -651,7 +671,7 @@ static int chk_md5(
+ 
+ #ifdef SLAPD_LMHASH
+ 
+-#if defined(HAVE_OPENSSL)
++#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H)
+ 
+ /*
+  * abstract away setting the parity.
+@@ -841,6 +861,19 @@ static int chk_lanman(
+ 	des_data_block StdText = "KGS!@#$%";
+ 	des_data_block PasswordHash1, PasswordHash2;
+ 	char PasswordHash[33], storedPasswordHash[33];
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++	gcry_cipher_hd_t hd;
++
++	if ( !gcrypt_init ) {
++	  gcry_check_version( GCRYPT_VERSION );
++	  gcrypt_init = 1;
++	}
++
++	schedule = schedule; /* unused - avoid warning */
++
++	gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+ 	
+ 	for( i=0; i<cred->bv_len; i++) {
+ 		if(cred->bv_val[i] == '\0') {
+@@ -883,6 +916,10 @@ static int chk_lanman(
+ 	strncpy( storedPasswordHash, passwd->bv_val, 32 );
+ 	storedPasswordHash[32] = '\0';
+ 	ldap_pvt_str2lower( storedPasswordHash );
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++	gcry_cipher_close( hd );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+ 	
+ 	return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+ }
+@@ -1138,6 +1175,19 @@ static int hash_lanman(
+ 	des_data_block PasswordHash1, PasswordHash2;
+ 	char PasswordHash[33];
+ 	
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++	gcry_cipher_hd_t hd;
++
++	if ( !gcrypt_init ) {
++	  gcry_check_version( GCRYPT_VERSION );
++	  gcrypt_init = 1;
++	}
++
++	schedule = schedule; /* unused - avoid warning */
++
++	gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
++
+ 	for( i=0; i<passwd->bv_len; i++) {
+ 		if(passwd->bv_val[i] == '\0') {
+ 			return LUTIL_PASSWD_ERR;	/* NUL character in password */
+@@ -1168,6 +1218,10 @@ static int hash_lanman(
+ 	
+ 	hash->bv_val = PasswordHash;
+ 	hash->bv_len = 32;
++
++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
++	gcry_cipher_close( hd );
++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+ 	
+ 	return pw_string( scheme, hash );
+ }

net-nds/openldap/files/openldap-2.4.17-gcc44.patch

@@ -0,0 +1,11 @@
+diff -ur openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp
+--- openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp	2008-04-15 02:09:26.000000000 +0300
++++ openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp	2009-08-10 13:21:24.000000000 +0300
+@@ -13,6 +13,7 @@
+ #include <termios.h>
+ #endif
+ 
++#include <stdio.h>
+ #include <string.h>
+ #include "SaslInteractionHandler.h"
+ #include "SaslInteraction.h"

net-nds/openldap/files/openldap-2.4.19-contrib-smbk5pwd.patch

@@ -0,0 +1,51 @@
+diff -Nuar openldap-2.4.19.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.19/contrib/slapd-modules/smbk5pwd/Makefile
+--- openldap-2.4.19.orig/contrib/slapd-modules/smbk5pwd/Makefile	2009-10-02 21:16:53.000000000 +0000
++++ openldap-2.4.19/contrib/slapd-modules/smbk5pwd/Makefile	2009-11-03 21:01:41.199550611 +0000
+@@ -13,22 +13,26 @@
+ # <http://www.OpenLDAP.org/license.html>.
+ 
+ LIBTOOL=../../../libtool
+-OPT=-g -O2
++#OPT=
+ CC=gcc
+ 
+ # Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
+-DEFS=-DDO_KRB5 -DDO_SAMBA
++#DEFS=
+ 
+-HEIMDAL_INC=-I/usr/heimdal/include
++#KRB5_INC=
+ SSL_INC=
+ LDAP_INC=-I../../../include -I../../../servers/slapd
+-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
++INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC)
+ 
+-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
++KRB5_LIB=-lkrb5 -lkadm5srv
+ SSL_LIB=-lcrypto
+-LDAP_LIB=-lldap_r -llber
+-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
+-
++LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber
++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
++	LIBS=$(LDAP_LIB) $(SSL_LIB)
++else
++	LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
++endif
++	
+ prefix=/usr/local
+ exec_prefix=$(prefix)
+ ldap_subdir=/openldap
+@@ -41,10 +45,10 @@
+ 
+ 
+ smbk5pwd.lo:	smbk5pwd.c
+-	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
++	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $?
+ 
+ smbk5pwd.la:	smbk5pwd.lo
+-	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
++	$(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \
+ 	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+ 
+ clean:

net-nds/openldap/files/slapd-confd

@@ -0,0 +1,9 @@
+# conf.d file for openldap
+#
+# To enable both the standard unciphered server and the ssl encrypted
+# one uncomment this line or set any other server starting options
+# you may desire.
+#
+# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+# Uncomment the below to use the new slapd configuration for openldap 2.3
+#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"

net-nds/openldap/files/slapd-initd2

@@ -0,0 +1,22 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd2,v 1.1 2010/04/11 15:14:48 jokey Exp $
+
+depend() {
+	need net
+	before dbus hald avahi-daemon
+	provide ldap
+}
+
+start() {
+	ebegin "Starting ldap-server"
+	eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ldap-server"
+	start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid 
+	eend $?
+}

net-nds/openldap/files/slurpd-initd

@@ -0,0 +1,22 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slurpd-initd,v 1.1 2007/01/16 23:22:02 jokey Exp $
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting slurpd"
+	start-stop-daemon --start --quiet \
+	--exec /usr/lib/openldap/slurpd 
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping slurpd"
+	start-stop-daemon --stop --quiet \
+	--exec /usr/lib/openldap/slurpd 
+	eend $?
+}

net-nds/openldap/metadata.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+    <herd>ldap</herd>
+    <maintainer>
+        <email>ldap-bugs@gentoo.org</email>
+    </maintainer>
+	<use> 
+		<flag name='experimental'>Enable experimental backend options</flag>
+		<flag name='odbc'>Enable ODBC and SQL backend options</flag>
+		<flag name='overlays'>Enable contributed OpenLDAP overlays</flag>
+		<flag name='smbkrb5passwd'>Enable overlay for syncing ldap, unix and
+			lanman passwords</flag>
+	</use>
+</pkgmetadata>

net-nds/openldap/openldap-2.4.22.ebuild

@@ -0,0 +1,621 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.21.ebuild,v 1.1 2010/04/11 15:14:48 jokey Exp $
+
+EAPI="2"
+inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
+
+LICENSE="OPENLDAP"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux"
+IUSE_CONTRIB="smbkrb5passwd kerberos samba4"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+# openssl is needed to generate lanman-passwords required by samba
+RDEPEND="sys-libs/ncurses
+	icu? ( dev-libs/icu )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? ( !gnutls? ( dev-libs/openssl )
+		gnutls? ( net-libs/gnutls ) )
+	sasl? ( dev-libs/cyrus-sasl )
+	!minimal? (
+		odbc? ( !iodbc? ( dev-db/unixODBC )
+			iodbc? ( dev-db/libiodbc ) )
+		slp? ( net-libs/openslp )
+		perl? ( dev-lang/perl[-build] )
+		samba? ( dev-libs/openssl )
+		berkdb? ( sys-libs/db )
+		smbkrb5passwd? (
+			dev-libs/openssl
+			app-crypt/heimdal )
+		kerberos? ( virtual/krb5 )
+		cxx? ( dev-libs/cyrus-sasl )
+	)
+	selinux? ( sec-policy/selinux-openldap )"
+DEPEND="${RDEPEND}"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+openldap_filecount() {
+	local dir="$1"
+	find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l
+}
+
+openldap_find_versiontags() {
+	# scan for all datadirs
+	openldap_datadirs=""
+	if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then
+		openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
+	fi
+	openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+	einfo
+	einfo "Scanning datadir(s) from slapd.conf and"
+	einfo "the default installdir for Versiontags"
+	einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+	einfo
+
+	# scan datadirs if we have a version tag
+	openldap_found_tag=0
+	have_files=0
+	for each in ${openldap_datadirs}; do
+		CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+		CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+		if [ -d ${CURRENT_TAGDIR} ] &&	[ ${openldap_found_tag} == 0 ] ; then
+			einfo "- Checking ${each}..."
+			if [ -r ${CURRENT_TAG} ] ; then
+				# yey, we have one :)
+				einfo "   Found Versiontag in ${each}"
+				source ${CURRENT_TAG}
+				if [ "${OLDPF}" == "" ] ; then
+					eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+					eerror "Please delete it"
+					eerror
+					die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+				fi
+
+				OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+				[ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+				# are we on the same branch?
+				if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+					ewarn "   Versiontag doesn't match current major release!"
+					if [[ "${have_files}" == "1" ]] ; then
+						eerror "   Versiontag says other major and you (probably) have datafiles!"
+						echo
+						openldap_upgrade_howto
+					else
+						einfo "   No real problem, seems there's no database."
+					fi
+				else
+					einfo "   Versiontag is fine here :)"
+				fi
+			else
+				einfo "   Non-tagged dir ${each}"
+				[ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+				if [[ "${have_files}" == "1" ]] ; then
+					einfo "   EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+					echo
+
+					eerror
+					eerror "Your OpenLDAP Installation has a non tagged datadir that"
+					eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+					eerror
+					eerror "Please export data if any entered and empty or remove"
+					eerror "the directory, installation has been stopped so you"
+					eerror "can take required action"
+					eerror
+					eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+					eerror
+					die "Please move the datadir ${CURRENT_TAGDIR} away"
+				fi
+			fi
+			einfo
+		fi
+	done
+	[ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+	# Now we must check for the major version of sys-libs/db linked against.
+	SLAPD_PATH=${ROOT}/usr/$(get_libdir)/openldap/slapd
+	if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+		OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+			| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+		NEWVER="$(use berkdb && db_findver sys-libs/db)"
+		local fail=0
+		if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+			:
+			# Nothing wrong here.
+		elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+			eerror "	Your existing version of OpenLDAP was not built against"
+			eerror "	any version of sys-libs/db, but the new one will build"
+			eerror "	against	${NEWVER} and your database may be inaccessible."
+			echo
+			fail=1
+		elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+			eerror "	Your existing version of OpenLDAP was built against"
+			eerror "	sys-libs/db:${OLDVER}, but the new one will not be"
+			eerror "	built against any version and your database may be"
+			eerror "	inaccessible."
+			echo
+			fail=1
+		elif [ "${OLDVER}" != "${NEWVER}" ]; then
+			eerror "	Your existing version of OpenLDAP was built against"
+			eerror "	sys-libs/db:${OLDVER}, but the new one will build against"
+			eerror "	${NEWVER} and your database would be inaccessible."
+			echo
+			fail=1
+		fi
+		[ "${fail}" == "1" ] && openldap_upgrade_howto
+	fi
+
+	echo
+	einfo
+	einfo "All datadirs are fine, proceeding with merge now..."
+	einfo
+}
+
+openldap_upgrade_howto() {
+	eerror
+	eerror "A (possible old) installation of OpenLDAP was detected,"
+	eerror "installation will not proceed for now."
+	eerror
+	eerror "As major version upgrades can corrupt your database,"
+	eerror "you need to dump your database and re-create it afterwards."
+	eerror
+	eerror "Additionally, rebuilding against different major versions of the"
+	eerror "sys-libs/db libraries will cause your database to be inaccessible."
+	eerror ""
+	d="$(date -u +%s)"
+	l="/root/ldapdump.${d}"
+	i="${l}.raw"
+	eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+	eerror " 2. slapcat -l ${i}"
+	eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
+	eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+	eerror " 5. emerge --update \=net-nds/${PF}"
+	eerror " 6. etc-update, and ensure that you apply the changes"
+	eerror " 7. slapadd -l ${l}"
+	eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+	eerror " 9. /etc/init.d/slapd start"
+	eerror "10. check that your data is intact."
+	eerror "11. set up the new replication system."
+	eerror
+	if [ "${FORCE_UPGRADE}" != "1" ]; then
+		die "You need to upgrade your database first"
+	else
+		eerror "You have the magical FORCE_UPGRADE=1 in place."
+		eerror "Don't say you weren't warned about data loss."
+	fi
+}
+
+pkg_setup() {
+	if ! use sasl && use cxx ; then
+		die "To build the ldapc++ library you must emerge openldap with sasl support"
+	fi
+	if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+		einfo
+		einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+		einfo
+	else
+		openldap_find_versiontags
+	fi
+
+	enewgroup ldap 439
+	enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+}
+
+src_prepare() {
+	# ensure correct SLAPI path by default
+	sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
+		"${S}"/include/ldap_defaults.h
+
+	epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+	epatch \
+		"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+		"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+	# bug #116045 - still present in 2.4.19
+	epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch
+
+	# bug #189817
+	epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+	# bug #233633
+	epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+	cd "${S}"/build
+	einfo "Making sure upstream build strip does not do stripping too early"
+	sed -i.orig \
+		-e '/^STRIP/s,-s,,g' \
+		top.mk || die "Failed to block stripping"
+
+	# wrong assumption that /bin/sh is /bin/bash
+	sed -i \
+		-e 's|/bin/sh|/bin/bash|g' \
+		"${S}"/tests/scripts/* || die "sed failed"
+}
+
+build_contrib_module() {
+	lt="${S}/libtool"
+	# <dir> <sources> <outputname>
+	cd "${S}/contrib/slapd-modules/$1"
+	einfo "Compiling contrib-module: $3"
+	# Make sure it's uppercase
+	local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+	"${lt}" --mode=compile --tag=CC \
+		"${CC}" \
+		-D${define_name}=SLAPD_MOD_DYNAMIC \
+		-I../../../include -I../../../servers/slapd ${CFLAGS} \
+		-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+	einfo "Linking contrib-module: $3"
+	"${lt}" --mode=link --tag=CC \
+		"${CC}" -module \
+		${CFLAGS} \
+		${LDFLAGS} \
+		-rpath /usr/$(get_libdir)/openldap/openldap \
+		-o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+	local myconf
+
+	#Fix for glibc-2.8 and ucred. Bug 228457.
+	append-flags -D_GNU_SOURCE
+
+	use debug && myconf="${myconf} $(use_enable debug)"
+
+	# ICU usage is not configurable
+	export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)"
+
+	if ! use minimal ; then
+		# re-enable serverside overlay chains per bug #296567
+		# see ldap docs chaper 12.3.1 for details
+		myconf="${myconf} --enable-ldap"
+
+		# backends
+		myconf="${myconf} --enable-slapd"
+		if use berkdb ; then
+			einfo "Using Berkeley DB for local backend"
+			myconf="${myconf} --enable-bdb --enable-hdb"
+			# We need to include the slotted db.h dir for FreeBSD
+			append-cppflags -I$(db_includedir)
+		else
+			ewarn
+			ewarn "Note: if you disable berkdb, you can only use remote-backends!"
+			ewarn
+			ebeep 5
+			myconf="${myconf} --disable-bdb --disable-hdb"
+		fi
+		for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
+			myconf="${myconf} --enable-${backend}=mod"
+		done
+
+		myconf="${myconf} $(use_enable perl perl mod)"
+
+		myconf="${myconf} $(use_enable odbc sql mod)"
+		if use odbc ; then
+			local odbc_lib="unixodbc"
+			if use iodbc ; then
+				odbc_lib="iodbc"
+				append-cppflags -I/usr/include/iodbc
+			fi
+			myconf="${myconf} --with-odbc=${odbc_lib}"
+		fi
+
+		# slapd options
+		myconf="${myconf} $(use_enable crypt) $(use_enable slp)"
+		myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)"
+		if use experimental ; then
+			myconf="${myconf} --enable-dynacl"
+			myconf="${myconf} --enable-aci=mod"
+		fi
+		for option in aci cleartext modules rewrite rlookups slapi; do
+			myconf="${myconf} --enable-${option}"
+		done
+
+		# slapd overlay options
+		# Compile-in the syncprov, the others as module
+		myconf="${myconf} --enable-syncprov=yes"
+		use overlays && myconf="${myconf} --enable-overlays=mod"
+
+	else
+		myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb"
+		myconf="${myconf} --disable-overlays --disable-syslog"
+	fi
+
+	# basic functionality stuff
+	myconf="${myconf} $(use_enable ipv6)"
+	myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)"
+	myconf="${myconf} $(use_enable tcpd wrappers)"
+
+	local ssl_lib="no"
+	if use ssl || ( use ! minimal && use samba ) ; then
+		ssl_lib="openssl"
+		use gnutls && ssl_lib="gnutls"
+	fi
+
+	myconf="${myconf} --with-tls=${ssl_lib}"
+
+	for basicflag in dynamic local proctitle shared static; do
+		myconf="${myconf} --enable-${basicflag}"
+	done
+
+	tc-export CC AR CXX
+	STRIP=/bin/true \
+	econf \
+		--libexecdir=/usr/$(get_libdir)/openldap \
+		${myconf} || die "econf failed"
+}
+
+src_configure_cxx() {
+	# This needs the libraries built by the first build run.
+	# So we have to run it AFTER the main build, not just after the main
+	# configure.
+	if ! use minimal ; then
+		 if use cxx ; then
+		 	local myconf_ldapcpp
+		 	myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include"
+		 	cd "${S}/contrib/ldapc++"
+		 	OLD_LDFLAGS="$LDFLAGS"
+		 	OLD_CPPFLAGS="$CPPFLAGS"
+		 	append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs
+		 	append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs
+		 	append-cppflags -I../../../include
+		 	econf ${myconf_ldapcpp} \
+		 		CC="${CC}" \
+		 		CXX="${CXX}" \
+		 		|| die "econf ldapc++ failed"
+		 	CPPFLAGS="$OLD_CPPFLAGS"
+			LDFLAGS="${OLD_LDFLAGS}"
+		 fi
+	fi
+}
+
+src_compile() {
+	emake depend || die "emake depend failed"
+	emake CC="${CC}" AR="${AR}" || die "emake failed"
+	lt="${S}/libtool"
+	export echo="echo"
+
+	if ! use minimal ; then
+		 if use cxx ; then
+		 	einfo "Building contrib library: ldapc++"
+			src_configure_cxx
+		 	cd "${S}/contrib/ldapc++"
+		 	emake \
+		 		CC="${CC}" CXX="${CXX}" \
+		 		|| die "emake ldapc++ failed"
+		 fi
+
+		if use smbkrb5passwd ; then
+			einfo "Building contrib-module: smbk5pwd"
+			cd "${S}/contrib/slapd-modules/smbk5pwd"
+
+			emake \
+				DEFS="-DDO_SAMBA -DDO_KRB5" \
+				KRB5_INC="$(krb5-config --cflags)" \
+				CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
+				|| die "emake smbk5pwd failed"
+		fi
+
+		if use samba4 ; then
+			einfo "Building contrib-module: samba4"
+			cd "${S}/contrib/slapd-modules/samba4"
+
+			emake \
+				CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
+				|| die "emake samba4 failed"
+		fi
+
+		if use kerberos ; then
+			cd "${S}/contrib/slapd-modules/passwd"
+			einfo "Compiling contrib-module: pw-kerberos"
+			"${lt}" --mode=compile --tag=CC \
+				"${CC}" \
+				-I../../../include \
+				${CFLAGS} \
+				$(krb5-config --cflags) \
+				-DHAVE_KRB5 \
+				-o kerberos.lo \
+				-c kerberos.c || die "compiling pw-kerberos failed"
+			einfo "Linking contrib-module: pw-kerberos"
+			"${lt}" --mode=link --tag=CC \
+				"${CC}" -module \
+				${CFLAGS} \
+				${LDFLAGS} \
+				-rpath /usr/$(get_libdir)/openldap/openldap \
+				-o pw-kerberos.la \
+				kerberos.lo || die "linking pw-kerberos failed"
+		fi
+		# We could build pw-radius if GNURadius would install radlib.h
+		cd "${S}/contrib/slapd-modules/passwd"
+		einfo "Compiling contrib-module: pw-netscape"
+		"${lt}" --mode=compile --tag=CC \
+			"${CC}" \
+			-I../../../include \
+			${CFLAGS} \
+			-o netscape.lo \
+			-c netscape.c || die "compiling pw-netscape failed"
+		einfo "Linking contrib-module: pw-netscape"
+		"${lt}" --mode=link --tag=CC \
+			"${CC}" -module \
+			${CFLAGS} \
+			${LDFLAGS} \
+			-rpath /usr/$(get_libdir)/openldap/openldap \
+			-o pw-netscape.la \
+			netscape.lo || die "linking pw-netscape failed"
+
+		build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+		build_contrib_module "allop" "allop.c" "overlay-allop"
+		build_contrib_module "allowed" "allowed.c" "allowed"
+		build_contrib_module "autogroup" "autogroup.c" "autogroup"
+		build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+		build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+		# lastmod may not play well with other overlays
+		build_contrib_module "lastmod" "lastmod.c" "lastmod"
+		build_contrib_module "nops" "nops.c" "nops-overlay"
+	    build_contrib_module "trace" "trace.c" "trace"
+		# build slapi-plugins
+		cd "${S}/contrib/slapi-plugins/addrdnvalues"
+		einfo "Building contrib-module: addrdnvalues plugin"
+		"${CC}" -shared \
+			-I../../../include \
+			${CFLAGS} \
+			-fPIC \
+			${LDFLAGS} \
+			-o libaddrdnvalues-plugin.so \
+			addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+	fi
+}
+
+src_test() {
+	cd tests ; make tests || die "make tests failed"
+}
+
+src_install() {
+	lt="${S}/libtool"
+	emake DESTDIR="${D}" install || die "make install failed"
+
+	dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
+	docinto rfc ; dodoc doc/rfc/*.txt
+
+	# openldap modules go here
+	# TODO: write some code to populate slapd.conf with moduleload statements
+	keepdir /usr/$(get_libdir)/openldap/openldap/
+
+	# initial data storage dir
+	keepdir /var/lib/openldap-data
+	fowners ldap:ldap /var/lib/openldap-data
+	fperms 0700 /var/lib/openldap-data
+
+	echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+	echo "# do NOT delete this. it is used"	>> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+	echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+	# change slapd.pid location in configuration file
+	keepdir /var/run/openldap
+	fowners ldap:ldap /var/run/openldap
+	fperms 0755 /var/run/openldap
+
+	if ! use minimal; then
+		# use our config
+		rm "${D}"etc/openldap/slapd.conf
+		insinto /etc/openldap
+		newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
+		configfile="${D}"etc/openldap/slapd.conf
+
+		# populate with built backends
+		ebegin "populate config with built backends"
+		for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+			elog "Adding $(basename ${x})"
+			sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+		done
+		sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+		fowners root:ldap /etc/openldap/slapd.conf
+		fperms 0640 /etc/openldap/slapd.conf
+		cp "${configfile}" "${configfile}".default
+		eend
+
+		# install our own init scripts
+		newinitd "${FILESDIR}"/slapd-initd2 slapd
+		newconfd "${FILESDIR}"/slapd-confd slapd
+		if [ $(get_libdir) != lib ]; then
+			sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd
+		fi
+
+		 if use cxx ; then
+		 	einfo "Install the ldapc++ library"
+		 	cd "${S}/contrib/ldapc++"
+		 	emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed"
+		 	newdoc README ldapc++-README
+		 fi
+
+		if use smbkrb5passwd ; then
+			einfo "Install the smbk5pwd module"
+			cd "${S}/contrib/slapd-modules/smbk5pwd"
+			emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed"
+			newdoc README smbk5pwd-README
+		fi
+
+		if use samba4 ; then
+			einfo "Install the samba4 module"
+			cd "${S}/contrib/slapd-modules/samba4"
+			emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install samba4 failed"
+			newdoc README samba4-README
+		fi
+
+		einfo "Installing contrib modules"
+		cd "${S}/contrib/slapd-modules"
+		for l in */*.la; do
+			"${lt}" --mode=install cp ${l} \
+				"${D}"usr/$(get_libdir)/openldap/openldap || \
+				die "installing ${l} failed"
+		done
+		docinto contrib
+		newdoc addpartial/README addpartial-README
+		newdoc allop/README allop-README
+		doman allop/slapo-allop.5
+		newdoc autogroup/README autogroup-README
+		newdoc denyop/denyop.c denyop-denyop.c
+		newdoc dsaschema/README dsaschema-README
+		doman lastmod/slapo-lastmod.5
+		doman nops/slapo-nops.5
+		newdoc passwd/README passwd-README
+		cd "${S}/contrib/slapi-plugins"
+		insinto /usr/$(get_libdir)/openldap/openldap
+		doins  */*.so
+		docinto contrib
+		newdoc addrdnvalues/README addrdnvalues-README
+	fi
+}
+
+pkg_preinst() {
+	# keep old libs if any
+	preserve_old_lib usr/$(get_libdir)/{libldap,libldap_r,liblber}-2.3.so.0
+}
+
+pkg_postinst() {
+	if ! use minimal ; then
+		# You cannot build SSL certificates during src_install that will make
+		# binary packages containing your SSL key, which is both a security risk
+		# and a misconfiguration if multiple machines use the same key and cert.
+		if use ssl; then
+			install_cert /etc/openldap/ssl/ldap
+			chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.*
+			ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+			ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+			ewarn "add 'TLS_REQCERT never' if you want to use them."
+		fi
+
+		# These lines force the permissions of various content to be correct
+		chown ldap:ldap "${ROOT}"var/run/openldap
+		chmod 0755 "${ROOT}"var/run/openldap
+		chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default}
+		chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default}
+		chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm}
+	fi
+
+	elog "Getting started using OpenLDAP? There is some documentation available:"
+	elog "Gentoo Guide to OpenLDAP Authentication"
+	elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
+	elog "---"
+	elog "An example file for tuning BDB backends with openldap is"
+	elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+
+	preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0
+}