move openldap

git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/mds@2988 6952d904-891a-0410-993b-d76249ca496b
This commit is contained in:
geos_one 2011-07-30 06:43:30 +00:00
parent 4e6256c448
commit d426c948bf
27 changed files with 5075 additions and 0 deletions

View File

@ -2,9 +2,13 @@ AUX mmc-agent.initd 438 RMD160 d7dc64366782ab0d6fe4347d6a169b88a4e03a49 SHA1 e4a
AUX mmc-core-3.0.0-install-target-1.patch 3093 RMD160 962349bf319836e3b261197f75e98203ba598a81 SHA1 f38c257806bea19b5d44a6f4f55fa92787f529f1 SHA256 35d615fb32f59a327eb6a3ecce57def0636deabd4f4faea6fe3ab10897194dec
AUX mmc-core-3.0.0-kerberos-1.patch 17278 RMD160 109db7abedd6467045492f0d2bacbc009b707dfb SHA1 14682a3eb5fee83bcbd74528d4d03284f60d8ad8 SHA256 179f0a4d7ad37005679f7dfdb3461ea13b0777f7631c1525dc891f1f751097cf
AUX mmc-core-3.0.1-install-target-1.patch 3228 RMD160 804a4244b021728712561b12a7e9e87aa7831475 SHA1 8de2d7f90a636459cb0cd9996cf932b95bcf117a SHA256 2a403074b39371acd3e0195f07ae702e602a20732a83b3ea76eaa88a4afaa3cf
AUX mmc-core-3.0.2-gentoo-1.patch 1136 RMD160 c5028596cc64c23d2fa26b9077875a2063227434 SHA1 a62bacdaa54c807c6553a7164d8a926ea15992a3 SHA256 685b53657028624340437329c436eb3ba880dc8c7ee82336e23abc8e5607864d
AUX mmc-core-3.0.2-kerberos-1.patch 18536 RMD160 9c5152efad153a14f8042eb30657bdec46d0d12e SHA1 c97abbc4dcd48b68fc46b73d55b0f6b343a89803 SHA256 6bd14e059802144dba16e4f7ac5fff6d627592665b4d921ee79ab3f44c3a4c4b
DIST mmc-core-3.0.0.tar.gz 645109 RMD160 ca519b20ebf011ce78533ce0faec61dd48af35cf SHA1 927f4a8a1e335d97d3af86bb528c7c15960db8c3 SHA256 6aa9a8020ed352cb3c4f6e9c808802e1959fd6d6415d3b66e77453edc4ad9f49
DIST mmc-core-3.0.1.tar.gz 655442 RMD160 deebc610b6bd628b8cdeb4b211da572fb450596c SHA1 9134edf1ec5f9ff6329432216b582afff01f749f SHA256 f983dcc2fdbf47171f3023435cc0f011938ab8288e424f4665bf885a743cbbb6
DIST mmc-core-3.0.2.tar.gz 1003526 RMD160 4e04ed7f7388b060dacd662dc837172f6ba29e15 SHA1 d6b0e8305b65b62f1d7e93ea547bf690684da7d3 SHA256 6ec685bb7247226e5973e40c6e1889674a5a453e97a584e39cf8b8e76a99266a
EBUILD mmc-core-3.0.0.ebuild 1234 RMD160 d63bd5b2219df6402e7e7410ae37ea61a3685257 SHA1 dc334ba3e426e2021864d2d126ad753de42d1e1a SHA256 84c47e990f71860b50d8aa106a23811f9c2018a165b46d757c47e3e38955ec8d
EBUILD mmc-core-3.0.1.ebuild 1234 RMD160 4c97c95f578f7f9714a764b81c9df9860f07184a SHA1 22bd0b06c73576df0ce2b7e682749032a85b6b5f SHA256 91e1cd0abfeac1f779ebe0e1ad184c595c574d38ba736aa54407324bd113d9ec
EBUILD mmc-core-3.0.2.ebuild 1360 RMD160 6ca92f9e3ddd17a76ab6b5b1f23c903b5e3b8f6d SHA1 bf8b4b2dbfe37b1ee0af598f3d779f9ae506ea9c SHA256 c89acb55af2a368fa547f28106553662ce9e1cd65193e8051c1dadeb8ef7787d
MISC ChangeLog 3328 RMD160 772283f0589057030836b8a2b53138a2ce804c0b SHA1 3d0fd4f0973b485143b63093f40fa5a1923f8e13 SHA256 f67da60b29076724ae16d538ae6ede2825fc16dd5f524a6dd3011fceaa911d6b
MISC metadata.xml 226 RMD160 bebcbe7a5e3d2be83c25e006192f71ebf45abb14 SHA1 ec2b713fc2363b8c51e9c164d0802eeb59d9d296 SHA256 a9d3f7df2362a9a7ddcbe05c5d97d726eeb4bab135b21643508149a08bf6a2b2

1755
net-nds/openldap/ChangeLog Normal file

File diff suppressed because it is too large Load Diff

29
net-nds/openldap/Manifest Normal file
View File

@ -0,0 +1,29 @@
AUX DB_CONFIG.fast.example 746 RMD160 03d179d1c58d695c442eb5e3e69c245f3c2f2358 SHA1 c76a2a9f346a733ed6617d42229b434ce723c59e SHA256 69fc9aa6e4f0b888bc02d3f75642fe1ebf9345c685257a5c1236b2e79ed56e0b
AUX openldap-2.2.14-perlthreadsfix.patch 614 RMD160 6e868aa5a5cc4e80c0340af25d18d010b342ed15 SHA1 3bb05c7ed511e8464331619ce23064d236a5fe82 SHA256 bb719cc1fed47ff0f111c960f3295781ae6f0d9e98b4266a87751044b4bb3175
AUX openldap-2.2.6-ntlm.patch 5011 RMD160 317f4b6dc9589826739a14a8ad7200ed287c87be SHA1 29b8e9c4835235c976f026cd5883228b77581083 SHA256 1f7e766bcafb412ec336aad7e07295d6d62d2e2a62b6804b07b06a5056102243
AUX openldap-2.3.21-ppolicy.patch 402 RMD160 72da1c4a886a329607608f8fa07857874ea8973a SHA1 0c6fe313ad06ccee5a96402fc116cf243d37146b SHA256 97feaaff03e839aaad402024082ba62fb2cbe0c721664a85af8674ebb28d7dbd
AUX openldap-2.3.24-contrib-smbk5pwd.patch 1631 RMD160 01e394da82c2ca8493d0dc15c400675545f463bb SHA1 33781455168d2041f3ec00bbaf2da4ffbe411396 SHA256 277990c6bc9e00c29bc5123d5074e1a741a224e884f92651b301375b02edc70e
AUX openldap-2.3.34-slapd-conf 2067 RMD160 40be06ab9188480f9ae9d5e639b8f5c5787942f1 SHA1 ef8693eb4f13843261945460259ebab184f80210 SHA256 f7611233b83fa70dac313b4e734041dfe1ddac07c804bdb12a775d7cf88c36a1
AUX openldap-2.3.37-libldap_r.patch 862 RMD160 1ab42b2cdc6f3d9d412ccdfa7a7a288c29733231 SHA1 c2f997f2e28b7452a3ef981db9c6d527342ad400 SHA256 82471cc13806a9260e441aea90c8dfe9ce21b6d3edabb71766a2afcff6f80dfb
AUX openldap-2.3.XY-gcc44.patch 1169 RMD160 51be41a0a3440e00507c540171fdcc4bf2eddd57 SHA1 ac2891193493415960509083dd78dd3ea422ef75 SHA256 c799ad2adde0e0801bfd641c1a43860180121a04897b8e2a01ad000ea31e2a8d
AUX openldap-2.4.11-libldap_r.patch 515 RMD160 aa778bad59d498601bab84e215b2bcb6d125cf00 SHA1 e2c52828e719c137802966879f8da93a196cfde3 SHA256 3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e
AUX openldap-2.4.15-ppolicy.patch 418 RMD160 5b32da96fbc6002a2d464ea765ad72ebf23727f5 SHA1 cdd7c2bdfb0011561965a39f99e46cbb9f266aba SHA256 98269fa1e8a1a0e62dad9acd36fd9a33614fca9a5830d6e7e606db8eb7f85de5
AUX openldap-2.4.17-contrib-smbk5pwd.patch 2046 RMD160 8e3834159767183535efa2144631e4cdfcd04a11 SHA1 6af3ca3f212414411e05c8766297b74573c103bc SHA256 81c146b2ee96ef03c169665f366ac25ebf93e2f1abb8ff41dc8741cb0927b813
AUX openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch 3542 RMD160 7e17304b2b85e2dec12e0bc49b82e35443cc703e SHA1 7a25d0002581ae6f78ffe498c3e05eef0119f7a6 SHA256 31e816eb9f3b52f5f9d183f82adebff75892e45e764187e579a92204c90889cb
AUX openldap-2.4.17-gcc44.patch 509 RMD160 07c1b8400e1b24cb8f20f2647b1354d2b28f653d SHA1 5df5a165acec74667f5989f291aedd958be56358 SHA256 33345882f601050ecaa6bb3dd7458e6b5f8e3684345847f7a53d4a1b0f514bda
AUX openldap-2.4.19-contrib-smbk5pwd.patch 1555 RMD160 ce8f5caafa4b3d89dc11537f0045335b25c59404 SHA1 372906228b2ab6be13a689f895e173abb4862f2e SHA256 8e08af4235529cbc0c4541a28d5cf7e8cf3f41f7504af41527e993e1399fee92
AUX openldap-2.4.22.ebuild.diff 1335 RMD160 4cdf9167dd8b241af196a4f72f276356d3d31684 SHA1 34c5ef793a78d70111a58ef7904c006c83ec86fc SHA256 751433d2cd2ca82ad05bbf29a95d92444612aa535aa35ba8f3e798b6500c0842
AUX slapd-confd 436 RMD160 764d5e2915d9af33fd1db2489ceac6d953750984 SHA1 a16b4674b45ac1e1c8a8f9e84ad0de519c81aa11 SHA256 1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d
AUX slapd-initd 609 RMD160 3e1daa2bbbbec78aad265a1c4190098730a4234d SHA1 56d5f1d1f59e37bbcef2399847328c7963694f0a SHA256 840f984031b1fc84d4c6ba59c5ba0de5794be596215f0089c7739dba88d610d5
AUX slapd-initd2 622 RMD160 750d7c59d1b7e47b0b21b96d301244c3ec3e28bf SHA1 a438adef50bfb925cc7550156b6dbefd68dcb856 SHA256 abd3ab5c58b18845f6946bbf93c987d833c8a94b88841c587ce453faf738cefa
AUX slurpd-initd 494 RMD160 9f3a06bcab2e4ce8e66783af506d26595bbbdcd2 SHA1 8ab66a984510fa91755cbcbac29883cea1435db7 SHA256 b23e010f701620ec34c39cd215891c7c0afc773341392a1e762e84166d9863ff
DIST openldap-2.4.22.tgz 5179727 RMD160 4edf1a822fcb34a06d18a28ce2f50cd040946453 SHA1 dd506b461c1fccd55dfff123b87aa6d07c899136 SHA256 c29b34031305616cf2c847d30706e2d2cdfc2cf91431e0bddab5d483395a40c1
DIST openldap-2.4.23.tgz 5182440 RMD160 d2268e8fb894680d1d9926fedca736f195e0a0be SHA1 26027e7020256c5f47e17787f17ee8b31af42378 SHA256 5a5ede91d5e8ab3c7f637620aa29a3b96eb34318a8b26c8eef2d2c789fc055e3
DIST openldap-2.4.24.tgz 5240643 RMD160 b9df6a5a562b83fe4ad92f8779909b36fab65c52 SHA1 a4baad3d45ae5810ba5fee48603210697c70d52f SHA256 fdcecb64082a0d8e124f13b31fccf4765901e29decaf4224b28d4cff90a14614
DIST openldap-2.4.25.tgz 5250595 RMD160 31217119f9a82712240bee10c2a350c8f35e0b8e SHA1 56efaf3656cc68d3b5be66422c0c89f0104d7183 SHA256 615acc9970ae2f612bae7e8012d63f3194ef02a2a638bc1fd9ca7f31d85c1075
EBUILD openldap-2.4.22.ebuild 20379 RMD160 b7c7defdfcf7aa14b80064219326af823c7b7631 SHA1 4d331c21e40fea26fab163c50843fac897f5f64c SHA256 b2e5bb9586925bb1dc8bff7a9a8850812639bcaa4f2fb89c6efa03882f5e7644
EBUILD openldap-2.4.23.ebuild 20369 RMD160 90599a947a238edca12b340c4b3dc3df166224dd SHA1 dbbef8fec1c19ea027f1fcb41b957e4e59ab7185 SHA256 b8802afd821e4f6231971317269c4f07adf76bdfcd71b46238938c04bd9eddff
EBUILD openldap-2.4.24.ebuild 20370 RMD160 e4b2bbc628bbf1aa583761ecd02721ac372b581a SHA1 318542d35e508e0042891b6beb818d7bc49d8e6f SHA256 6d910b576ac589796c28e00c27ca9806d861073a0ec54232d69de2bc885cefa1
EBUILD openldap-2.4.25.ebuild 20381 RMD160 e35f0167d804e4ad887d7f658f7c1eeca28dc8db SHA1 ed23ba4722ae7d087d283ed38c55a3a07a80b09a SHA256 b3820ffd1d978ee8f65ab6c90b861942f6de7e1db1e9ad8f195b2669e89af0e4
MISC ChangeLog 65586 RMD160 a41c639872efa4024cd8e6f85ad113929fb6ba6f SHA1 7f90043be19090ea63351a50f6ad636421bf54e7 SHA256 cf4a8591c4b426f5569447bf44e2f418a4b05a9f6c3fae2bdc3f3b9c171a1f05
MISC metadata.xml 609 RMD160 03c8cbd053db76231f859b1c55c5c98a81ab93b4 SHA1 94aa8548d9d70c345694d34e95bdc79716aa7816 SHA256 9ce8d5f8cb31fc99d3d156e453a4e5bf8d7e4546bbe818bb1cb729653b776bff

View File

@ -0,0 +1,25 @@
# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1 2004/06/18 02:49:08 kurt Exp $
# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
#
# See Sleepycat Berkeley DB documentation
# <http://www.sleepycat.com/docs/ref/env/db_config.html>
# for detail description of DB_CONFIG syntax and semantics.
#
# Hints can also be found in the OpenLDAP Software FAQ
# <http://www.openldap.org/faq/index.cgi?file=2>
# one 0.25 GB cache
set_cachesize 0 16777216 0
# Data Directory
#set_data_dir db
# Transaction Log settings
set_lg_regionmax 262144
set_lg_bsize 524288
#set_lg_dir logs
# When using (and only when using) slapadd(8) or slapindex(8),
# the following flags may be useful:
#set_flags DB_TXN_NOSYNC
#set_flags DB_TXN_NOT_DURABLE

View File

@ -0,0 +1,12 @@
diff -ur openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in openldap-2.2.14/servers/slapd/back-perl/Makefile.in
--- openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in 2004-04-12 11:20:14.000000000 -0700
+++ openldap-2.2.14/servers/slapd/back-perl/Makefile.in 2004-06-20 18:43:41.000000000 -0700
@@ -31,7 +31,7 @@
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
-UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) `perl -MExtUtils::Embed -e ldopts`
LIBBASE = back_perl

View File

@ -0,0 +1,199 @@
(Note that this patch is not useful on its own... it just adds some
hooks to work with the LDAP authentication process at a lower level
than the API otherwise allows. The code that calls these hooks and
actually drives the NTLM authentication process is in
lib/e2k-global-catalog.c, and the code that actually implements the
NTLM algorithms is in xntlm/.)
This is a patch against OpenLDAP 2.2.6. Apply with -p0
--- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500
+++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400
@@ -1753,5 +1753,26 @@
LDAPControl **cctrls ));
+/*
+ * hacks for NTLM
+ */
+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
+LDAP_F( int )
+ldap_ntlm_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+LDAP_F( int )
+ldap_parse_ntlm_bind_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge));
+
+
LDAP_END_DECL
#endif /* _LDAP_H */
--- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500
+++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400
@@ -20,7 +20,7 @@
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c sbind.c kbind.c unbind.c cancel.c \
+ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
@@ -29,7 +29,7 @@
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
--- /dev/null 2004-06-30 15:04:37.000000000 -0400
+++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400
@@ -0,0 +1,137 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
+/*
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+/* Mostly copied from sasl.c */
+
+#include "portable.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+
+#include "ldap-int.h"
+
+int
+ldap_ntlm_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ if( msgidp == NULL ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ assert( LBER_VALID( ber ) );
+
+ LDAP_NEXT_MSGID( ld, id );
+ rc = ber_printf( ber, "{it{istON}" /*}*/,
+ id, LDAP_REQ_BIND,
+ ld->ld_version, dn, tag,
+ cred );
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_parse_ntlm_bind_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge)
+{
+ ber_int_t errcode;
+ ber_tag_t tag;
+ BerElement *ber;
+ ber_len_t len;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ if ( ld == NULL || res == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_BIND ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( res->lm_ber );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ tag = ber_scanf( ber, "{ioa" /*}*/,
+ &errcode, challenge, &ld->ld_error );
+ ber_free( ber, 0 );
+
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ ld->ld_errno = errcode;
+
+ return( ld->ld_errno );
+}

View File

@ -0,0 +1,13 @@
--- clients.orig/tools/common.c 2006-05-05 00:24:01.000000000 -0700
+++ clients/tools/common.c 2006-05-05 00:24:13.000000000 -0700
@@ -904,8 +904,8 @@
tool_bind( LDAP *ld )
{
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
- if ( ppolicy ) {
LDAPControl *ctrls[2], c;
+ if ( ppolicy ) {
c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
c.ldctl_value.bv_val = NULL;
c.ldctl_value.bv_len = 0;

View File

@ -0,0 +1,53 @@
--- contrib/slapd-modules/smbk5pwd/Makefile.ORIG 2006-05-17 13:11:57.194660019 +0300
+++ contrib/slapd-modules/smbk5pwd/Makefile 2006-05-17 13:11:14.503082288 +0300
@@ -9,29 +9,39 @@
# top-level directory of the distribution or, alternatively, at
# <http://www.OpenLDAP.org/license.html>.
+#libexecdir=/usr/lib/openldap
+moduledir=$(libexecdir)/openldap
LIBTOOL=../../../libtool
-OPT=-g -O2
+#OPT=
CC=gcc
# Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
-DEFS=-DDO_KRB5 -DDO_SAMBA
+#DEFS=
-HEIMDAL_INC=-I/usr/heimdal/include
+#KRB5_INC=
SSL_INC=
LDAP_INC=-I../../../include -I../../../servers/slapd
-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC)
-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
+KRB5_LIB=-lkrb5 -lkadm5srv
SSL_LIB=-lcrypto
-LDAP_LIB=-lldap_r -llber
-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
-
+LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber
+ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
+ LIBS=$(LDAP_LIB) $(SSL_LIB)
+else
+ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
+endif
+
all: smbk5pwd.la
smbk5pwd.lo: smbk5pwd.c
- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $?
smbk5pwd.la: smbk5pwd.lo
- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
- -rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS)
+ $(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+install-mod:
+ $(LIBTOOL) --mode=install ../../../build/shtool install -c \
+ -m 755 smbk5pwd.la $(DESTDIR)$(moduledir)

View File

@ -0,0 +1,64 @@
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
###INSERTDYNAMICMODULESHERE###
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database hdb
suffix "dc=my-domain,dc=com"
# <kbyte> <min>
checkpoint 32 30
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Indices to maintain
index objectClass eq

View File

@ -0,0 +1,21 @@
--- libraries/libldap_r/Makefile.in.old 2007-01-02 22:43:50.000000000 +0100
+++ libraries/libldap_r/Makefile.in 2007-08-22 13:32:20.000000000 +0200
@@ -56,7 +56,7 @@
XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
XXXLIBS = $(LTHREAD_LIBS)
NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS)
.links : Makefile
@for i in $(XXSRCS); do \
--- servers/slapd/slapi/Makefile.in.old 2007-01-02 22:44:10.000000000 +0100
+++ servers/slapd/slapi/Makefile.in 2007-08-22 14:58:51.000000000 +0200
@@ -37,6 +37,7 @@
XLIBS = $(LIBRARY)
XXLIBS =
NT_LINK_LIBS = $(AC_LIBS)
+UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
XINCPATH = -I$(srcdir)/.. -I$(srcdir)
XDEFS = $(MODULES_CPPFLAGS)

View File

@ -0,0 +1,30 @@
--- include/ldap_pvt_thread.h 2009-04-03 08:51:30.000000000 -0400
+++ include/ldap_pvt_thread.h 2009-04-03 08:56:36.000000000 -0400
@@ -57,12 +57,12 @@
#ifndef LDAP_PVT_THREAD_H_DONE
#define LDAP_PVT_THREAD_SET_STACK_SIZE
-#ifndef LDAP_PVT_THREAD_STACK_SIZE
- /* LARGE stack. Will be twice as large on 64 bit machine. */
-#define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) )
/* May be explicitly defined to zero to disable it */
-#elif LDAP_PVT_THREAD_STACK_SIZE == 0
+#if defined( LDAP_PVT_THREAD_STACK_SIZE ) && LDAP_PVT_THREAD_STACK_SIZE == 0
#undef LDAP_PVT_THREAD_SET_STACK_SIZE
+#elif !defined(LDAP_PVT_THREAD_STACK_SIZE)
+ /* LARGE stack. Will be twice as large on 64 bit machine. */
+#define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) )
#endif
#endif /* !LDAP_PVT_THREAD_H_DONE */
--- libraries/libldap/os-ip.c 2009-04-03 08:51:30.000000000 -0400
+++ libraries/libldap/os-ip.c 2009-04-03 08:54:47.000000000 -0400
@@ -652,7 +652,7 @@
char *herr;
#ifdef NI_MAXHOST
char hbuf[NI_MAXHOST];
-#elif defined( MAXHOSTNAMELEN
+#elif defined( MAXHOSTNAMELEN )
char hbuf[MAXHOSTNAMELEN];
#else
char hbuf[256];

View File

@ -0,0 +1,11 @@
diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in
--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800
+++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700
@@ -37,6 +37,7 @@
XLIBS = $(LIBRARY)
XXLIBS =
NT_LINK_LIBS = $(AC_LIBS)
+UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
XINCPATH = -I$(srcdir)/.. -I$(srcdir)
XDEFS = $(MODULES_CPPFLAGS)

View File

@ -0,0 +1,12 @@
--- openldap-2.4.15/clients/tools/common.c.orig 2009-02-05 15:05:03.000000000 -0800
+++ openldap-2.4.15/clients/tools/common.c 2009-03-21 01:45:14.000000000 -0700
@@ -1315,8 +1315,8 @@
int nsctrls = 0;
#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+ LDAPControl c;
if ( ppolicy ) {
- LDAPControl c;
c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
c.ldctl_value.bv_val = NULL;
c.ldctl_value.bv_len = 0;

View File

@ -0,0 +1,61 @@
diff -Nuar --exclude 'openldap-2.4*' --exclude p -I '$OpenLDAP' openldap-2.4.17.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.17/contrib/slapd-modules/smbk5pwd/Makefile
--- openldap-2.4.17.orig/contrib/slapd-modules/smbk5pwd/Makefile 2009-04-27 16:36:57.000000000 -0700
+++ openldap-2.4.17/contrib/slapd-modules/smbk5pwd/Makefile 2009-07-27 15:00:37.097428029 -0700
@@ -9,37 +9,43 @@
# top-level directory of the distribution or, alternatively, at
# <http://www.OpenLDAP.org/license.html>.
+#libexecdir=/usr/lib/openldap
+moduledir=$(libexecdir)
LIBTOOL=../../../libtool
-OPT=-g -O2
+#OPT=
CC=gcc
# Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
-DEFS=-DDO_KRB5 -DDO_SAMBA
+#DEFS=
-HEIMDAL_INC=-I/usr/heimdal/include
+#KRB5_INC=
SSL_INC=
LDAP_INC=-I../../../include -I../../../servers/slapd
-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC)
-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
+KRB5_LIB=-lkrb5 -lkadm5srv
SSL_LIB=-lcrypto
-LDAP_LIB=-lldap_r -llber
-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
-
+LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber
+ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
+ LIBS=$(LDAP_LIB) $(SSL_LIB)
+else
+ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
+endif
+
all: smbk5pwd.la
smbk5pwd.lo: smbk5pwd.c
- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $?
smbk5pwd.la: smbk5pwd.lo
- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
- -rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
+ $(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
clean:
rm -f smbk5pwd.lo smbk5pwd.la
install: smbk5pwd.la
- mkdir -p $(PREFIX)/lib/openldap
- $(LIBTOOL) --mode=install cp smbk5pwd.la $(PREFIX)/lib/openldap
- $(LIBTOOL) --finish $(PREFIX)/lib
+ mkdir -p $(DESTDIR)$(moduledir)
+ $(LIBTOOL) --mode=install cp smbk5pwd.la $(DESTDIR)$(moduledir)
+ $(LIBTOOL) --finish $(DESTDIR)$(libexecdir)

View File

@ -0,0 +1,109 @@
If GnuTLS is used, the lmpasswd module for USE=samba does not compile.
Forward-port an old Debian patch that upstream never applied.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Signed-off-by: Steffen Hau <steffen@hauihau.de>
X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633
X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997
X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341
--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700
+++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700
@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8];
typedef PK11Context *des_context[1];
#define DES_ENCRYPT CKA_ENCRYPT
+#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+# include <gcrypt.h>
+static int gcrypt_init = 0;
+
+typedef const void* des_key;
+typedef unsigned char des_cblock[8];
+typedef des_cblock des_data_block;
+typedef int des_key_schedule; /* unused */
+typedef des_key_schedule des_context; /* unused */
+#define des_failed(encrypted) 0
+#define des_finish(key, schedule)
+
+#define des_set_key_unchecked( key, key_sched ) \
+ gcry_cipher_setkey( hd, key, 8 )
+
+#define des_ecb_encrypt( input, output, key_sched, enc ) \
+ gcry_cipher_encrypt( hd, *output, 8, *input, 8 )
+
+#define des_set_odd_parity( key ) do {} while(0)
+
#endif
#endif /* SLAPD_LMHASH */
@@ -651,7 +671,7 @@ static int chk_md5(
#ifdef SLAPD_LMHASH
-#if defined(HAVE_OPENSSL)
+#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H)
/*
* abstract away setting the parity.
@@ -841,6 +861,19 @@ static int chk_lanman(
des_data_block StdText = "KGS!@#$%";
des_data_block PasswordHash1, PasswordHash2;
char PasswordHash[33], storedPasswordHash[33];
+
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+ gcry_cipher_hd_t hd;
+
+ if ( !gcrypt_init ) {
+ gcry_check_version( GCRYPT_VERSION );
+ gcrypt_init = 1;
+ }
+
+ schedule = schedule; /* unused - avoid warning */
+
+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
for( i=0; i<cred->bv_len; i++) {
if(cred->bv_val[i] == '\0') {
@@ -883,6 +916,10 @@ static int chk_lanman(
strncpy( storedPasswordHash, passwd->bv_val, 32 );
storedPasswordHash[32] = '\0';
ldap_pvt_str2lower( storedPasswordHash );
+
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+ gcry_cipher_close( hd );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
}
@@ -1138,6 +1175,19 @@ static int hash_lanman(
des_data_block PasswordHash1, PasswordHash2;
char PasswordHash[33];
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+ gcry_cipher_hd_t hd;
+
+ if ( !gcrypt_init ) {
+ gcry_check_version( GCRYPT_VERSION );
+ gcrypt_init = 1;
+ }
+
+ schedule = schedule; /* unused - avoid warning */
+
+ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
+
for( i=0; i<passwd->bv_len; i++) {
if(passwd->bv_val[i] == '\0') {
return LUTIL_PASSWD_ERR; /* NUL character in password */
@@ -1168,6 +1218,10 @@ static int hash_lanman(
hash->bv_val = PasswordHash;
hash->bv_len = 32;
+
+#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT)
+ gcry_cipher_close( hd );
+#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */
return pw_string( scheme, hash );
}

View File

@ -0,0 +1,11 @@
diff -ur openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp
--- openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp 2008-04-15 02:09:26.000000000 +0300
+++ openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp 2009-08-10 13:21:24.000000000 +0300
@@ -13,6 +13,7 @@
#include <termios.h>
#endif
+#include <stdio.h>
#include <string.h>
#include "SaslInteractionHandler.h"
#include "SaslInteraction.h"

View File

@ -0,0 +1,51 @@
diff -Nuar openldap-2.4.19.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.19/contrib/slapd-modules/smbk5pwd/Makefile
--- openldap-2.4.19.orig/contrib/slapd-modules/smbk5pwd/Makefile 2009-10-02 21:16:53.000000000 +0000
+++ openldap-2.4.19/contrib/slapd-modules/smbk5pwd/Makefile 2009-11-03 21:01:41.199550611 +0000
@@ -13,22 +13,26 @@
# <http://www.OpenLDAP.org/license.html>.
LIBTOOL=../../../libtool
-OPT=-g -O2
+#OPT=
CC=gcc
# Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
-DEFS=-DDO_KRB5 -DDO_SAMBA
+#DEFS=
-HEIMDAL_INC=-I/usr/heimdal/include
+#KRB5_INC=
SSL_INC=
LDAP_INC=-I../../../include -I../../../servers/slapd
-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC)
-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
+KRB5_LIB=-lkrb5 -lkadm5srv
SSL_LIB=-lcrypto
-LDAP_LIB=-lldap_r -llber
-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
-
+LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber
+ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
+ LIBS=$(LDAP_LIB) $(SSL_LIB)
+else
+ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
+endif
+
prefix=/usr/local
exec_prefix=$(prefix)
ldap_subdir=/openldap
@@ -41,10 +45,10 @@
smbk5pwd.lo: smbk5pwd.c
- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
+ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $?
smbk5pwd.la: smbk5pwd.lo
- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
+ $(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \
-rpath $(moduledir) -module -o $@ $? $(LIBS)
clean:

View File

@ -0,0 +1,41 @@
--- /usr/portage/net-nds/openldap/openldap-2.4.21.ebuild 2010-04-11 17:14:48.000000000 +0200
+++ openldap-2.4.25.ebuild 2010-06-03 05:27:07.963282627 +0200
@@ -17,7 +17,7 @@
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux"
-IUSE_CONTRIB="smbkrb5passwd kerberos"
+IUSE_CONTRIB="smbkrb5passwd kerberos samba4"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
@@ -412,6 +412,15 @@
|| die "emake smbk5pwd failed"
fi
+ if use samba4 ; then
+ einfo "Building contrib-module: samba4"
+ cd "${S}/contrib/slapd-modules/samba4"
+
+ emake \
+ CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
+ || die "emake samba4 failed"
+ fi
+
if use kerberos ; then
cd "${S}/contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
@@ -543,6 +552,13 @@
newdoc README smbk5pwd-README
fi
+ if use samba4 ; then
+ einfo "Install the samba4 module"
+ cd "${S}/contrib/slapd-modules/samba4"
+ emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install samba4 failed"
+ newdoc README samba4-README
+ fi
+
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules"
for l in */*.la; do

View File

@ -0,0 +1,9 @@
# conf.d file for openldap
#
# To enable both the standard unciphered server and the ssl encrypted
# one uncomment this line or set any other server starting options
# you may desire.
#
# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
# Uncomment the below to use the new slapd configuration for openldap 2.3
#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"

View File

@ -0,0 +1,21 @@
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd,v 1.3 2009/07/28 21:28:25 robbat2 Exp $
depend() {
need net
before dbus hald avahi-daemon
}
start() {
ebegin "Starting ldap-server"
eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
eend $?
}
stop() {
ebegin "Stopping ldap-server"
start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid
eend $?
}

View File

@ -0,0 +1,22 @@
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd2,v 1.1 2010/04/11 15:14:48 jokey Exp $
depend() {
need net
before dbus hald avahi-daemon
provide ldap
}
start() {
ebegin "Starting ldap-server"
eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
eend $?
}
stop() {
ebegin "Stopping ldap-server"
start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid
eend $?
}

View File

@ -0,0 +1,22 @@
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slurpd-initd,v 1.1 2007/01/16 23:22:02 jokey Exp $
depend() {
need net
}
start() {
ebegin "Starting slurpd"
start-stop-daemon --start --quiet \
--exec /usr/lib/openldap/slurpd
eend $?
}
stop() {
ebegin "Stopping slurpd"
start-stop-daemon --stop --quiet \
--exec /usr/lib/openldap/slurpd
eend $?
}

View File

@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>ldap</herd>
<maintainer>
<email>ldap-bugs@gentoo.org</email>
</maintainer>
<use>
<flag name='experimental'>Enable experimental backend options</flag>
<flag name='odbc'>Enable ODBC and SQL backend options</flag>
<flag name='overlays'>Enable contributed OpenLDAP overlays</flag>
<flag name='overlays'>Enable Samba4 support</flag>
<flag name='smbkrb5passwd'>Enable overlay for syncing ldap, unix and
lanman passwords</flag>
</use>
</pkgmetadata>

View File

@ -0,0 +1,621 @@
# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.21.ebuild,v 1.1 2010/04/11 15:14:48 jokey Exp $
EAPI="2"
inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="http://www.OpenLDAP.org/"
SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
LICENSE="OPENLDAP"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux"
IUSE_CONTRIB="smbkrb5passwd kerberos samba4"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
# openssl is needed to generate lanman-passwords required by samba
RDEPEND="sys-libs/ncurses
icu? ( dev-libs/icu )
tcpd? ( sys-apps/tcp-wrappers )
ssl? ( !gnutls? ( dev-libs/openssl )
gnutls? ( net-libs/gnutls ) )
sasl? ( dev-libs/cyrus-sasl )
!minimal? (
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
slp? ( net-libs/openslp )
perl? ( dev-lang/perl[-build] )
samba? ( dev-libs/openssl )
berkdb? ( sys-libs/db )
smbkrb5passwd? (
dev-libs/openssl
app-crypt/heimdal )
kerberos? ( virtual/krb5 )
cxx? ( dev-libs/cyrus-sasl )
)
selinux? ( sec-policy/selinux-openldap )"
DEPEND="${RDEPEND}"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
openldap_datadirs=""
if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then
openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
fi
openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs}; do
CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
einfo "- Checking ${each}..."
if [ -r ${CURRENT_TAG} ] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source ${CURRENT_TAG}
if [ "${OLDPF}" == "" ] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
[ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
# are we on the same branch?
if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
SLAPD_PATH=${ROOT}/usr/$(get_libdir)/openldap/slapd
if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
NEWVER="$(use berkdb && db_findver sys-libs/db)"
local fail=0
if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
:
# Nothing wrong here.
elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [ "${OLDVER}" != "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[ "${fail}" == "1" ] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror
if [ "${FORCE_UPGRADE}" != "1" ]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
einfo
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
einfo
else
openldap_find_versiontags
fi
enewgroup ldap 439
enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
}
src_prepare() {
# ensure correct SLAPI path by default
sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
"${S}"/include/ldap_defaults.h
epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
epatch \
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
# bug #116045 - still present in 2.4.19
epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch
# bug #189817
epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
cd "${S}"/build
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
# wrong assumption that /bin/sh is /bin/bash
sed -i \
-e 's|/bin/sh|/bin/bash|g' \
"${S}"/tests/scripts/* || die "sed failed"
}
build_contrib_module() {
lt="${S}/libtool"
# <dir> <sources> <outputname>
cd "${S}/contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
}
src_configure() {
local myconf
#Fix for glibc-2.8 and ucred. Bug 228457.
append-flags -D_GNU_SOURCE
use debug && myconf="${myconf} $(use_enable debug)"
# ICU usage is not configurable
export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)"
if ! use minimal ; then
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf="${myconf} --enable-ldap"
# backends
myconf="${myconf} --enable-slapd"
if use berkdb ; then
einfo "Using Berkeley DB for local backend"
myconf="${myconf} --enable-bdb --enable-hdb"
# We need to include the slotted db.h dir for FreeBSD
append-cppflags -I$(db_includedir)
else
ewarn
ewarn "Note: if you disable berkdb, you can only use remote-backends!"
ewarn
ebeep 5
myconf="${myconf} --disable-bdb --disable-hdb"
fi
for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
myconf="${myconf} --enable-${backend}=mod"
done
myconf="${myconf} $(use_enable perl perl mod)"
myconf="${myconf} $(use_enable odbc sql mod)"
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I/usr/include/iodbc
fi
myconf="${myconf} --with-odbc=${odbc_lib}"
fi
# slapd options
myconf="${myconf} $(use_enable crypt) $(use_enable slp)"
myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)"
if use experimental ; then
myconf="${myconf} --enable-dynacl"
myconf="${myconf} --enable-aci=mod"
fi
for option in aci cleartext modules rewrite rlookups slapi; do
myconf="${myconf} --enable-${option}"
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf="${myconf} --enable-syncprov=yes"
use overlays && myconf="${myconf} --enable-overlays=mod"
else
myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb"
myconf="${myconf} --disable-overlays --disable-syslog"
fi
# basic functionality stuff
myconf="${myconf} $(use_enable ipv6)"
myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)"
myconf="${myconf} $(use_enable tcpd wrappers)"
local ssl_lib="no"
if use ssl || ( use ! minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
fi
myconf="${myconf} --with-tls=${ssl_lib}"
for basicflag in dynamic local proctitle shared static; do
myconf="${myconf} --enable-${basicflag}"
done
tc-export CC AR CXX
STRIP=/bin/true \
econf \
--libexecdir=/usr/$(get_libdir)/openldap \
${myconf} || die "econf failed"
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
if ! use minimal ; then
if use cxx ; then
local myconf_ldapcpp
myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include"
cd "${S}/contrib/ldapc++"
OLD_LDFLAGS="$LDFLAGS"
OLD_CPPFLAGS="$CPPFLAGS"
append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs
append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs
append-cppflags -I../../../include
econf ${myconf_ldapcpp} \
CC="${CC}" \
CXX="${CXX}" \
|| die "econf ldapc++ failed"
CPPFLAGS="$OLD_CPPFLAGS"
LDFLAGS="${OLD_LDFLAGS}"
fi
fi
}
src_compile() {
emake depend || die "emake depend failed"
emake CC="${CC}" AR="${AR}" || die "emake failed"
lt="${S}/libtool"
export echo="echo"
if ! use minimal ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
cd "${S}/contrib/ldapc++"
emake \
CC="${CC}" CXX="${CXX}" \
|| die "emake ldapc++ failed"
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
cd "${S}/contrib/slapd-modules/smbk5pwd"
emake \
DEFS="-DDO_SAMBA -DDO_KRB5" \
KRB5_INC="$(krb5-config --cflags)" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
|| die "emake smbk5pwd failed"
fi
if use samba4 ; then
einfo "Building contrib-module: samba4"
cd "${S}/contrib/slapd-modules/samba4"
emake \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
|| die "emake samba4 failed"
fi
if use kerberos ; then
cd "${S}/contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
fi
# We could build pw-radius if GNURadius would install radlib.h
cd "${S}/contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "nops" "nops.c" "nops-overlay"
build_contrib_module "trace" "trace.c" "trace"
# build slapi-plugins
cd "${S}/contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
-I../../../include \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
fi
}
src_test() {
cd tests ; make tests || die "make tests failed"
}
src_install() {
lt="${S}/libtool"
emake DESTDIR="${D}" install || die "make install failed"
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
docinto rfc ; dodoc doc/rfc/*.txt
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# change slapd.pid location in configuration file
keepdir /var/run/openldap
fowners ldap:ldap /var/run/openldap
fperms 0755 /var/run/openldap
if ! use minimal; then
# use our config
rm "${D}"etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
configfile="${D}"etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
elog "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default
eend
# install our own init scripts
newinitd "${FILESDIR}"/slapd-initd2 slapd
newconfd "${FILESDIR}"/slapd-confd slapd
if [ $(get_libdir) != lib ]; then
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd
fi
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${S}/contrib/ldapc++"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed"
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed"
newdoc README smbk5pwd-README
fi
if use samba4 ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install samba4 failed"
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules"
for l in */*.la; do
"${lt}" --mode=install cp ${l} \
"${D}"usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
docinto contrib
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
doman allop/slapo-allop.5
newdoc autogroup/README autogroup-README
newdoc denyop/denyop.c denyop-denyop.c
newdoc dsaschema/README dsaschema-README
doman lastmod/slapo-lastmod.5
doman nops/slapo-nops.5
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins"
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
fi
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib usr/$(get_libdir)/{libldap,libldap_r,liblber}-2.3.so.0
}
pkg_postinst() {
if ! use minimal ; then
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT never' if you want to use them."
fi
# These lines force the permissions of various content to be correct
chown ldap:ldap "${ROOT}"var/run/openldap
chmod 0755 "${ROOT}"var/run/openldap
chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default}
chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default}
chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm}
fi
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0
}

View File

@ -0,0 +1,621 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.23.ebuild,v 1.7 2010/09/12 04:34:43 josejx Exp $
EAPI="2"
inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="http://www.OpenLDAP.org/"
SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
LICENSE="OPENLDAP"
SLOT="0"
KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux"
IUSE_CONTRIB="smbkrb5passwd kerberos samba4"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
# openssl is needed to generate lanman-passwords required by samba
RDEPEND="sys-libs/ncurses
icu? ( dev-libs/icu )
tcpd? ( sys-apps/tcp-wrappers )
ssl? ( !gnutls? ( dev-libs/openssl )
gnutls? ( net-libs/gnutls ) )
sasl? ( dev-libs/cyrus-sasl )
!minimal? (
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
slp? ( net-libs/openslp )
perl? ( dev-lang/perl[-build] )
samba? ( dev-libs/openssl )
berkdb? ( sys-libs/db )
smbkrb5passwd? (
dev-libs/openssl
app-crypt/heimdal )
kerberos? ( virtual/krb5 )
cxx? ( dev-libs/cyrus-sasl )
)
selinux? ( sec-policy/selinux-openldap )"
DEPEND="${RDEPEND}"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
openldap_datadirs=""
if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then
openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
fi
openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs}; do
CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
einfo "- Checking ${each}..."
if [ -r ${CURRENT_TAG} ] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source ${CURRENT_TAG}
if [ "${OLDPF}" == "" ] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
[ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
# are we on the same branch?
if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
SLAPD_PATH=${ROOT}/usr/$(get_libdir)/openldap/slapd
if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
NEWVER="$(use berkdb && db_findver sys-libs/db)"
local fail=0
if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
:
# Nothing wrong here.
elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [ "${OLDVER}" != "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[ "${fail}" == "1" ] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror
if [ "${FORCE_UPGRADE}" != "1" ]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
einfo
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
einfo
else
openldap_find_versiontags
fi
enewgroup ldap 439
enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
}
src_prepare() {
# ensure correct SLAPI path by default
sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
"${S}"/include/ldap_defaults.h
epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
epatch \
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
# bug #116045 - still present in 2.4.19
epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch
# bug #189817
epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
cd "${S}"/build
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
# wrong assumption that /bin/sh is /bin/bash
sed -i \
-e 's|/bin/sh|/bin/bash|g' \
"${S}"/tests/scripts/* || die "sed failed"
}
build_contrib_module() {
lt="${S}/libtool"
# <dir> <sources> <outputname>
cd "${S}/contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
}
src_configure() {
local myconf
#Fix for glibc-2.8 and ucred. Bug 228457.
append-flags -D_GNU_SOURCE
use debug && myconf="${myconf} $(use_enable debug)"
# ICU usage is not configurable
export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)"
if ! use minimal ; then
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf="${myconf} --enable-ldap"
# backends
myconf="${myconf} --enable-slapd"
if use berkdb ; then
einfo "Using Berkeley DB for local backend"
myconf="${myconf} --enable-bdb --enable-hdb"
# We need to include the slotted db.h dir for FreeBSD
append-cppflags -I$(db_includedir)
else
ewarn
ewarn "Note: if you disable berkdb, you can only use remote-backends!"
ewarn
ebeep 5
myconf="${myconf} --disable-bdb --disable-hdb"
fi
for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
myconf="${myconf} --enable-${backend}=mod"
done
myconf="${myconf} $(use_enable perl perl mod)"
myconf="${myconf} $(use_enable odbc sql mod)"
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I/usr/include/iodbc
fi
myconf="${myconf} --with-odbc=${odbc_lib}"
fi
# slapd options
myconf="${myconf} $(use_enable crypt) $(use_enable slp)"
myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)"
if use experimental ; then
myconf="${myconf} --enable-dynacl"
myconf="${myconf} --enable-aci=mod"
fi
for option in aci cleartext modules rewrite rlookups slapi; do
myconf="${myconf} --enable-${option}"
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf="${myconf} --enable-syncprov=yes"
use overlays && myconf="${myconf} --enable-overlays=mod"
else
myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb"
myconf="${myconf} --disable-overlays --disable-syslog"
fi
# basic functionality stuff
myconf="${myconf} $(use_enable ipv6)"
myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)"
myconf="${myconf} $(use_enable tcpd wrappers)"
local ssl_lib="no"
if use ssl || ( use ! minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
fi
myconf="${myconf} --with-tls=${ssl_lib}"
for basicflag in dynamic local proctitle shared static; do
myconf="${myconf} --enable-${basicflag}"
done
tc-export CC AR CXX
STRIP=/bin/true \
econf \
--libexecdir=/usr/$(get_libdir)/openldap \
${myconf} || die "econf failed"
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
if ! use minimal ; then
if use cxx ; then
local myconf_ldapcpp
myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include"
cd "${S}/contrib/ldapc++"
OLD_LDFLAGS="$LDFLAGS"
OLD_CPPFLAGS="$CPPFLAGS"
append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs
append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs
append-cppflags -I../../../include
econf ${myconf_ldapcpp} \
CC="${CC}" \
CXX="${CXX}" \
|| die "econf ldapc++ failed"
CPPFLAGS="$OLD_CPPFLAGS"
LDFLAGS="${OLD_LDFLAGS}"
fi
fi
}
src_compile() {
emake depend || die "emake depend failed"
emake CC="${CC}" AR="${AR}" || die "emake failed"
lt="${S}/libtool"
export echo="echo"
if ! use minimal ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
cd "${S}/contrib/ldapc++"
emake \
CC="${CC}" CXX="${CXX}" \
|| die "emake ldapc++ failed"
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
cd "${S}/contrib/slapd-modules/smbk5pwd"
emake \
DEFS="-DDO_SAMBA -DDO_KRB5" \
KRB5_INC="$(krb5-config --cflags)" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
|| die "emake smbk5pwd failed"
fi
if use samba4 ; then
einfo "Building contrib-module: samba4"
cd "${S}/contrib/slapd-modules/samba4"
emake \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
|| die "emake samba4 failed"
fi
if use kerberos ; then
cd "${S}/contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
fi
# We could build pw-radius if GNURadius would install radlib.h
cd "${S}/contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "nops" "nops.c" "nops-overlay"
build_contrib_module "trace" "trace.c" "trace"
# build slapi-plugins
cd "${S}/contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
-I../../../include \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
fi
}
src_test() {
cd tests ; make tests || die "make tests failed"
}
src_install() {
lt="${S}/libtool"
emake DESTDIR="${D}" install || die "make install failed"
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
docinto rfc ; dodoc doc/rfc/*.txt
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# change slapd.pid location in configuration file
keepdir /var/run/openldap
fowners ldap:ldap /var/run/openldap
fperms 0755 /var/run/openldap
if ! use minimal; then
# use our config
rm "${D}"etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
configfile="${D}"etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
elog "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default
eend
# install our own init scripts
newinitd "${FILESDIR}"/slapd-initd2 slapd
newconfd "${FILESDIR}"/slapd-confd slapd
if [ $(get_libdir) != lib ]; then
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd
fi
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${S}/contrib/ldapc++"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed"
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed"
newdoc README smbk5pwd-README
fi
if use samba4 ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install samba4 failed"
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules"
for l in */*.la; do
"${lt}" --mode=install cp ${l} \
"${D}"usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
docinto contrib
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
doman allop/slapo-allop.5
newdoc autogroup/README autogroup-README
newdoc denyop/denyop.c denyop-denyop.c
newdoc dsaschema/README dsaschema-README
doman lastmod/slapo-lastmod.5
doman nops/slapo-nops.5
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins"
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
fi
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib usr/$(get_libdir)/{libldap,libldap_r,liblber}-2.3.so.0
}
pkg_postinst() {
if ! use minimal ; then
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT never' if you want to use them."
fi
# These lines force the permissions of various content to be correct
chown ldap:ldap "${ROOT}"var/run/openldap
chmod 0755 "${ROOT}"var/run/openldap
chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default}
chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default}
chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm}
fi
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0
}

View File

@ -0,0 +1,621 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.24.ebuild,v 1.6 2011/02/26 16:44:43 armin76 Exp $
EAPI="2"
inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="http://www.OpenLDAP.org/"
SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
LICENSE="OPENLDAP"
SLOT="0"
KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux"
IUSE_CONTRIB="smbkrb5passwd kerberos samba4"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
# openssl is needed to generate lanman-passwords required by samba
RDEPEND="sys-libs/ncurses
icu? ( dev-libs/icu )
tcpd? ( sys-apps/tcp-wrappers )
ssl? ( !gnutls? ( dev-libs/openssl )
gnutls? ( net-libs/gnutls ) )
sasl? ( dev-libs/cyrus-sasl )
!minimal? (
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
slp? ( net-libs/openslp )
perl? ( dev-lang/perl[-build] )
samba? ( dev-libs/openssl )
berkdb? ( sys-libs/db )
smbkrb5passwd? (
dev-libs/openssl
app-crypt/heimdal )
kerberos? ( virtual/krb5 )
cxx? ( dev-libs/cyrus-sasl )
)
selinux? ( sec-policy/selinux-openldap )"
DEPEND="${RDEPEND}"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
openldap_datadirs=""
if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then
openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
fi
openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs}; do
CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
einfo "- Checking ${each}..."
if [ -r ${CURRENT_TAG} ] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source ${CURRENT_TAG}
if [ "${OLDPF}" == "" ] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
[ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
# are we on the same branch?
if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
SLAPD_PATH=${ROOT}/usr/$(get_libdir)/openldap/slapd
if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
NEWVER="$(use berkdb && db_findver sys-libs/db)"
local fail=0
if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
:
# Nothing wrong here.
elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [ "${OLDVER}" != "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[ "${fail}" == "1" ] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror
if [ "${FORCE_UPGRADE}" != "1" ]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
einfo
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
einfo
else
openldap_find_versiontags
fi
enewgroup ldap 439
enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
}
src_prepare() {
# ensure correct SLAPI path by default
sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
"${S}"/include/ldap_defaults.h
epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
epatch \
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
# bug #116045 - still present in 2.4.19
epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch
# bug #189817
epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
cd "${S}"/build
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
# wrong assumption that /bin/sh is /bin/bash
sed -i \
-e 's|/bin/sh|/bin/bash|g' \
"${S}"/tests/scripts/* || die "sed failed"
}
build_contrib_module() {
lt="${S}/libtool"
# <dir> <sources> <outputname>
cd "${S}/contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
}
src_configure() {
local myconf
#Fix for glibc-2.8 and ucred. Bug 228457.
append-flags -D_GNU_SOURCE
use debug && myconf="${myconf} $(use_enable debug)"
# ICU usage is not configurable
export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)"
if ! use minimal ; then
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf="${myconf} --enable-ldap"
# backends
myconf="${myconf} --enable-slapd"
if use berkdb ; then
einfo "Using Berkeley DB for local backend"
myconf="${myconf} --enable-bdb --enable-hdb"
# We need to include the slotted db.h dir for FreeBSD
append-cppflags -I$(db_includedir)
else
ewarn
ewarn "Note: if you disable berkdb, you can only use remote-backends!"
ewarn
ebeep 5
myconf="${myconf} --disable-bdb --disable-hdb"
fi
for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
myconf="${myconf} --enable-${backend}=mod"
done
myconf="${myconf} $(use_enable perl perl mod)"
myconf="${myconf} $(use_enable odbc sql mod)"
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I/usr/include/iodbc
fi
myconf="${myconf} --with-odbc=${odbc_lib}"
fi
# slapd options
myconf="${myconf} $(use_enable crypt) $(use_enable slp)"
myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)"
if use experimental ; then
myconf="${myconf} --enable-dynacl"
myconf="${myconf} --enable-aci=mod"
fi
for option in aci cleartext modules rewrite rlookups slapi; do
myconf="${myconf} --enable-${option}"
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf="${myconf} --enable-syncprov=yes"
use overlays && myconf="${myconf} --enable-overlays=mod"
else
myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb"
myconf="${myconf} --disable-overlays --disable-syslog"
fi
# basic functionality stuff
myconf="${myconf} $(use_enable ipv6)"
myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)"
myconf="${myconf} $(use_enable tcpd wrappers)"
local ssl_lib="no"
if use ssl || ( use ! minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
fi
myconf="${myconf} --with-tls=${ssl_lib}"
for basicflag in dynamic local proctitle shared static; do
myconf="${myconf} --enable-${basicflag}"
done
tc-export CC AR CXX
STRIP=/bin/true \
econf \
--libexecdir=/usr/$(get_libdir)/openldap \
${myconf} || die "econf failed"
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
if ! use minimal ; then
if use cxx ; then
local myconf_ldapcpp
myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include"
cd "${S}/contrib/ldapc++"
OLD_LDFLAGS="$LDFLAGS"
OLD_CPPFLAGS="$CPPFLAGS"
append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs
append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs
append-cppflags -I../../../include
econf ${myconf_ldapcpp} \
CC="${CC}" \
CXX="${CXX}" \
|| die "econf ldapc++ failed"
CPPFLAGS="$OLD_CPPFLAGS"
LDFLAGS="${OLD_LDFLAGS}"
fi
fi
}
src_compile() {
emake depend || die "emake depend failed"
emake CC="${CC}" AR="${AR}" || die "emake failed"
lt="${S}/libtool"
export echo="echo"
if ! use minimal ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
cd "${S}/contrib/ldapc++"
emake \
CC="${CC}" CXX="${CXX}" \
|| die "emake ldapc++ failed"
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
cd "${S}/contrib/slapd-modules/smbk5pwd"
emake \
DEFS="-DDO_SAMBA -DDO_KRB5" \
KRB5_INC="$(krb5-config --cflags)" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
|| die "emake smbk5pwd failed"
fi
if use samba4 ; then
einfo "Building contrib-module: samba4"
cd "${S}/contrib/slapd-modules/samba4"
emake \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
|| die "emake samba4 failed"
fi
if use kerberos ; then
cd "${S}/contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
fi
# We could build pw-radius if GNURadius would install radlib.h
cd "${S}/contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "nops" "nops.c" "nops-overlay"
build_contrib_module "trace" "trace.c" "trace"
# build slapi-plugins
cd "${S}/contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
-I../../../include \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
fi
}
src_test() {
cd tests ; make tests || die "make tests failed"
}
src_install() {
lt="${S}/libtool"
emake DESTDIR="${D}" install || die "make install failed"
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
docinto rfc ; dodoc doc/rfc/*.txt
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# change slapd.pid location in configuration file
keepdir /var/run/openldap
fowners ldap:ldap /var/run/openldap
fperms 0755 /var/run/openldap
if ! use minimal; then
# use our config
rm "${D}"etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
configfile="${D}"etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
elog "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default
eend
# install our own init scripts
newinitd "${FILESDIR}"/slapd-initd2 slapd
newconfd "${FILESDIR}"/slapd-confd slapd
if [ $(get_libdir) != lib ]; then
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd
fi
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${S}/contrib/ldapc++"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed"
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed"
newdoc README smbk5pwd-README
fi
if use samba4 ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install samba4 failed"
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules"
for l in */*.la; do
"${lt}" --mode=install cp ${l} \
"${D}"usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
docinto contrib
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
doman allop/slapo-allop.5
newdoc autogroup/README autogroup-README
newdoc denyop/denyop.c denyop-denyop.c
newdoc dsaschema/README dsaschema-README
doman lastmod/slapo-lastmod.5
doman nops/slapo-nops.5
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins"
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
fi
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib usr/$(get_libdir)/{libldap,libldap_r,liblber}-2.3.so.0
}
pkg_postinst() {
if ! use minimal ; then
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT never' if you want to use them."
fi
# These lines force the permissions of various content to be correct
chown ldap:ldap "${ROOT}"var/run/openldap
chmod 0755 "${ROOT}"var/run/openldap
chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default}
chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default}
chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm}
fi
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0
}

View File

@ -0,0 +1,621 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.25.ebuild,v 1.1 2011/05/06 15:45:59 robbat2 Exp $
EAPI="2"
inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs
DESCRIPTION="LDAP suite of application and development tools"
HOMEPAGE="http://www.OpenLDAP.org/"
SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
LICENSE="OPENLDAP"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
IUSE_BACKEND="+berkdb"
IUSE_OVERLAY="overlays perl"
IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux"
IUSE_CONTRIB="smbkrb5passwd kerberos samba4"
IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
# openssl is needed to generate lanman-passwords required by samba
RDEPEND="sys-libs/ncurses
icu? ( dev-libs/icu )
tcpd? ( sys-apps/tcp-wrappers )
ssl? ( !gnutls? ( dev-libs/openssl )
gnutls? ( net-libs/gnutls ) )
sasl? ( dev-libs/cyrus-sasl )
!minimal? (
odbc? ( !iodbc? ( dev-db/unixODBC )
iodbc? ( dev-db/libiodbc ) )
slp? ( net-libs/openslp )
perl? ( dev-lang/perl[-build] )
samba? ( dev-libs/openssl )
berkdb? ( sys-libs/db )
smbkrb5passwd? (
dev-libs/openssl
app-crypt/heimdal )
kerberos? ( virtual/krb5 )
cxx? ( dev-libs/cyrus-sasl )
)
selinux? ( sec-policy/selinux-openldap )"
DEPEND="${RDEPEND}"
# for tracking versions
OPENLDAP_VERSIONTAG=".version-tag"
OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
openldap_filecount() {
local dir="$1"
find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l
}
openldap_find_versiontags() {
# scan for all datadirs
openldap_datadirs=""
if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then
openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
fi
openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
einfo
einfo "Scanning datadir(s) from slapd.conf and"
einfo "the default installdir for Versiontags"
einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
einfo
# scan datadirs if we have a version tag
openldap_found_tag=0
have_files=0
for each in ${openldap_datadirs}; do
CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
einfo "- Checking ${each}..."
if [ -r ${CURRENT_TAG} ] ; then
# yey, we have one :)
einfo " Found Versiontag in ${each}"
source ${CURRENT_TAG}
if [ "${OLDPF}" == "" ] ; then
eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
eerror "Please delete it"
eerror
die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
fi
OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
[ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
# are we on the same branch?
if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
ewarn " Versiontag doesn't match current major release!"
if [[ "${have_files}" == "1" ]] ; then
eerror " Versiontag says other major and you (probably) have datafiles!"
echo
openldap_upgrade_howto
else
einfo " No real problem, seems there's no database."
fi
else
einfo " Versiontag is fine here :)"
fi
else
einfo " Non-tagged dir ${each}"
[ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
if [[ "${have_files}" == "1" ]] ; then
einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
echo
eerror
eerror "Your OpenLDAP Installation has a non tagged datadir that"
eerror "possibly contains a database at ${CURRENT_TAGDIR}"
eerror
eerror "Please export data if any entered and empty or remove"
eerror "the directory, installation has been stopped so you"
eerror "can take required action"
eerror
eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
eerror
die "Please move the datadir ${CURRENT_TAGDIR} away"
fi
fi
einfo
fi
done
[ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
# Now we must check for the major version of sys-libs/db linked against.
SLAPD_PATH=${ROOT}/usr/$(get_libdir)/openldap/slapd
if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
NEWVER="$(use berkdb && db_findver sys-libs/db)"
local fail=0
if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
:
# Nothing wrong here.
elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was not built against"
eerror " any version of sys-libs/db, but the new one will build"
eerror " against ${NEWVER} and your database may be inaccessible."
echo
fail=1
elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will not be"
eerror " built against any version and your database may be"
eerror " inaccessible."
echo
fail=1
elif [ "${OLDVER}" != "${NEWVER}" ]; then
eerror " Your existing version of OpenLDAP was built against"
eerror " sys-libs/db:${OLDVER}, but the new one will build against"
eerror " ${NEWVER} and your database would be inaccessible."
echo
fail=1
fi
[ "${fail}" == "1" ] && openldap_upgrade_howto
fi
echo
einfo
einfo "All datadirs are fine, proceeding with merge now..."
einfo
}
openldap_upgrade_howto() {
eerror
eerror "A (possible old) installation of OpenLDAP was detected,"
eerror "installation will not proceed for now."
eerror
eerror "As major version upgrades can corrupt your database,"
eerror "you need to dump your database and re-create it afterwards."
eerror
eerror "Additionally, rebuilding against different major versions of the"
eerror "sys-libs/db libraries will cause your database to be inaccessible."
eerror ""
d="$(date -u +%s)"
l="/root/ldapdump.${d}"
i="${l}.raw"
eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
eerror " 2. slapcat -l ${i}"
eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
eerror " 5. emerge --update \=net-nds/${PF}"
eerror " 6. etc-update, and ensure that you apply the changes"
eerror " 7. slapadd -l ${l}"
eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
eerror " 9. /etc/init.d/slapd start"
eerror "10. check that your data is intact."
eerror "11. set up the new replication system."
eerror
if [ "${FORCE_UPGRADE}" != "1" ]; then
die "You need to upgrade your database first"
else
eerror "You have the magical FORCE_UPGRADE=1 in place."
eerror "Don't say you weren't warned about data loss."
fi
}
pkg_setup() {
if ! use sasl && use cxx ; then
die "To build the ldapc++ library you must emerge openldap with sasl support"
fi
if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
einfo
einfo "Skipping scan for previous datadirs as requested by minimal useflag"
einfo
else
openldap_find_versiontags
fi
enewgroup ldap 439
enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
}
src_prepare() {
# ensure correct SLAPI path by default
sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
"${S}"/include/ldap_defaults.h
epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
epatch \
"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
# bug #116045 - still present in 2.4.19
epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch
# bug #189817
epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
# bug #233633
epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
cd "${S}"/build
einfo "Making sure upstream build strip does not do stripping too early"
sed -i.orig \
-e '/^STRIP/s,-s,,g' \
top.mk || die "Failed to block stripping"
# wrong assumption that /bin/sh is /bin/bash
sed -i \
-e 's|/bin/sh|/bin/bash|g' \
"${S}"/tests/scripts/* || die "sed failed"
}
build_contrib_module() {
lt="${S}/libtool"
# <dir> <sources> <outputname>
cd "${S}/contrib/slapd-modules/$1"
einfo "Compiling contrib-module: $3"
# Make sure it's uppercase
local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-D${define_name}=SLAPD_MOD_DYNAMIC \
-I../../../include -I../../../servers/slapd ${CFLAGS} \
-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
einfo "Linking contrib-module: $3"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o $3.la ${2%.c}.lo || die "linking $3 failed"
}
src_configure() {
local myconf
#Fix for glibc-2.8 and ucred. Bug 228457.
append-flags -D_GNU_SOURCE
use debug && myconf="${myconf} $(use_enable debug)"
# ICU usage is not configurable
export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)"
if ! use minimal ; then
# re-enable serverside overlay chains per bug #296567
# see ldap docs chaper 12.3.1 for details
myconf="${myconf} --enable-ldap"
# backends
myconf="${myconf} --enable-slapd"
if use berkdb ; then
einfo "Using Berkeley DB for local backend"
myconf="${myconf} --enable-bdb --enable-hdb"
# We need to include the slotted db.h dir for FreeBSD
append-cppflags -I$(db_includedir)
else
ewarn
ewarn "Note: if you disable berkdb, you can only use remote-backends!"
ewarn
ebeep 5
myconf="${myconf} --disable-bdb --disable-hdb"
fi
for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
myconf="${myconf} --enable-${backend}=mod"
done
myconf="${myconf} $(use_enable perl perl mod)"
myconf="${myconf} $(use_enable odbc sql mod)"
if use odbc ; then
local odbc_lib="unixodbc"
if use iodbc ; then
odbc_lib="iodbc"
append-cppflags -I/usr/include/iodbc
fi
myconf="${myconf} --with-odbc=${odbc_lib}"
fi
# slapd options
myconf="${myconf} $(use_enable crypt) $(use_enable slp)"
myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)"
if use experimental ; then
myconf="${myconf} --enable-dynacl"
myconf="${myconf} --enable-aci=mod"
fi
for option in aci cleartext modules rewrite rlookups slapi; do
myconf="${myconf} --enable-${option}"
done
# slapd overlay options
# Compile-in the syncprov, the others as module
myconf="${myconf} --enable-syncprov=yes"
use overlays && myconf="${myconf} --enable-overlays=mod"
else
myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb"
myconf="${myconf} --disable-overlays --disable-syslog"
fi
# basic functionality stuff
myconf="${myconf} $(use_enable ipv6)"
myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)"
myconf="${myconf} $(use_enable tcpd wrappers)"
local ssl_lib="no"
if use ssl || ( use ! minimal && use samba ) ; then
ssl_lib="openssl"
use gnutls && ssl_lib="gnutls"
fi
myconf="${myconf} --with-tls=${ssl_lib}"
for basicflag in dynamic local proctitle shared static; do
myconf="${myconf} --enable-${basicflag}"
done
tc-export CC AR CXX
STRIP=/bin/true \
econf \
--libexecdir=/usr/$(get_libdir)/openldap \
${myconf} || die "econf failed"
}
src_configure_cxx() {
# This needs the libraries built by the first build run.
# So we have to run it AFTER the main build, not just after the main
# configure.
if ! use minimal ; then
if use cxx ; then
local myconf_ldapcpp
myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include"
cd "${S}/contrib/ldapc++"
OLD_LDFLAGS="$LDFLAGS"
OLD_CPPFLAGS="$CPPFLAGS"
append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs
append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs
append-cppflags -I../../../include
econf ${myconf_ldapcpp} \
CC="${CC}" \
CXX="${CXX}" \
|| die "econf ldapc++ failed"
CPPFLAGS="$OLD_CPPFLAGS"
LDFLAGS="${OLD_LDFLAGS}"
fi
fi
}
src_compile() {
emake depend || die "emake depend failed"
emake CC="${CC}" AR="${AR}" || die "emake failed"
lt="${S}/libtool"
export echo="echo"
if ! use minimal ; then
if use cxx ; then
einfo "Building contrib library: ldapc++"
src_configure_cxx
cd "${S}/contrib/ldapc++"
emake \
CC="${CC}" CXX="${CXX}" \
|| die "emake ldapc++ failed"
fi
if use smbkrb5passwd ; then
einfo "Building contrib-module: smbk5pwd"
cd "${S}/contrib/slapd-modules/smbk5pwd"
emake \
DEFS="-DDO_SAMBA -DDO_KRB5" \
KRB5_INC="$(krb5-config --cflags)" \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
|| die "emake smbk5pwd failed"
fi
if use samba4 ; then
einfo "Building contrib-module: samba4"
cd "${S}/contrib/slapd-modules/samba4"
emake \
CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
|| die "emake samba4 failed"
fi
if use kerberos ; then
cd "${S}/contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-kerberos"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I../../../include \
${CFLAGS} \
$(krb5-config --cflags) \
-DHAVE_KRB5 \
-o kerberos.lo \
-c kerberos.c || die "compiling pw-kerberos failed"
einfo "Linking contrib-module: pw-kerberos"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o pw-kerberos.la \
kerberos.lo || die "linking pw-kerberos failed"
fi
# We could build pw-radius if GNURadius would install radlib.h
cd "${S}/contrib/slapd-modules/passwd"
einfo "Compiling contrib-module: pw-netscape"
"${lt}" --mode=compile --tag=CC \
"${CC}" \
-I../../../include \
${CFLAGS} \
-o netscape.lo \
-c netscape.c || die "compiling pw-netscape failed"
einfo "Linking contrib-module: pw-netscape"
"${lt}" --mode=link --tag=CC \
"${CC}" -module \
${CFLAGS} \
${LDFLAGS} \
-rpath /usr/$(get_libdir)/openldap/openldap \
-o pw-netscape.la \
netscape.lo || die "linking pw-netscape failed"
build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
build_contrib_module "allop" "allop.c" "overlay-allop"
build_contrib_module "allowed" "allowed.c" "allowed"
build_contrib_module "autogroup" "autogroup.c" "autogroup"
build_contrib_module "denyop" "denyop.c" "denyop-overlay"
build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
# lastmod may not play well with other overlays
build_contrib_module "lastmod" "lastmod.c" "lastmod"
build_contrib_module "nops" "nops.c" "nops-overlay"
build_contrib_module "trace" "trace.c" "trace"
# build slapi-plugins
cd "${S}/contrib/slapi-plugins/addrdnvalues"
einfo "Building contrib-module: addrdnvalues plugin"
"${CC}" -shared \
-I../../../include \
${CFLAGS} \
-fPIC \
${LDFLAGS} \
-o libaddrdnvalues-plugin.so \
addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
fi
}
src_test() {
cd tests ; make tests || die "make tests failed"
}
src_install() {
lt="${S}/libtool"
emake DESTDIR="${D}" install || die "make install failed"
dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
docinto rfc ; dodoc doc/rfc/*.txt
# openldap modules go here
# TODO: write some code to populate slapd.conf with moduleload statements
keepdir /usr/$(get_libdir)/openldap/openldap/
# initial data storage dir
keepdir /var/lib/openldap-data
fowners ldap:ldap /var/lib/openldap-data
fperms 0700 /var/lib/openldap-data
echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
# change slapd.pid location in configuration file
keepdir /var/run/openldap
fowners ldap:ldap /var/run/openldap
fperms 0755 /var/run/openldap
if ! use minimal; then
# use our config
rm "${D}"etc/openldap/slapd.conf
insinto /etc/openldap
newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
configfile="${D}"etc/openldap/slapd.conf
# populate with built backends
ebegin "populate config with built backends"
for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
elog "Adding $(basename ${x})"
sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
done
sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
fowners root:ldap /etc/openldap/slapd.conf
fperms 0640 /etc/openldap/slapd.conf
cp "${configfile}" "${configfile}".default
eend
# install our own init scripts
newinitd "${FILESDIR}"/slapd-initd2 slapd
newconfd "${FILESDIR}"/slapd-confd slapd
if [ $(get_libdir) != lib ]; then
sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd
fi
if use cxx ; then
einfo "Install the ldapc++ library"
cd "${S}/contrib/ldapc++"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed"
newdoc README ldapc++-README
fi
if use smbkrb5passwd ; then
einfo "Install the smbk5pwd module"
cd "${S}/contrib/slapd-modules/smbk5pwd"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed"
newdoc README smbk5pwd-README
fi
if use samba4 ; then
einfo "Install the samba4 module"
cd "${S}/contrib/slapd-modules/samba4"
emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install samba4 failed"
newdoc README samba4-README
fi
einfo "Installing contrib modules"
cd "${S}/contrib/slapd-modules"
for l in */*.la; do
"${lt}" --mode=install cp ${l} \
"${D}"usr/$(get_libdir)/openldap/openldap || \
die "installing ${l} failed"
done
docinto contrib
newdoc addpartial/README addpartial-README
newdoc allop/README allop-README
doman allop/slapo-allop.5
newdoc autogroup/README autogroup-README
newdoc denyop/denyop.c denyop-denyop.c
newdoc dsaschema/README dsaschema-README
doman lastmod/slapo-lastmod.5
doman nops/slapo-nops.5
newdoc passwd/README passwd-README
cd "${S}/contrib/slapi-plugins"
insinto /usr/$(get_libdir)/openldap/openldap
doins */*.so
docinto contrib
newdoc addrdnvalues/README addrdnvalues-README
fi
}
pkg_preinst() {
# keep old libs if any
preserve_old_lib usr/$(get_libdir)/{libldap,libldap_r,liblber}-2.3.so.0
}
pkg_postinst() {
if ! use minimal ; then
# You cannot build SSL certificates during src_install that will make
# binary packages containing your SSL key, which is both a security risk
# and a misconfiguration if multiple machines use the same key and cert.
if use ssl; then
install_cert /etc/openldap/ssl/ldap
chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.*
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
ewarn "add 'TLS_REQCERT never' if you want to use them."
fi
# These lines force the permissions of various content to be correct
chown ldap:ldap "${ROOT}"var/run/openldap
chmod 0755 "${ROOT}"var/run/openldap
chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default}
chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default}
chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm}
fi
elog "Getting started using OpenLDAP? There is some documentation available:"
elog "Gentoo Guide to OpenLDAP Authentication"
elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
elog "---"
elog "An example file for tuning BDB backends with openldap is"
elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0
}