openldap-2.4.46-1

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@11833 ec354946-7b23-47d6-9f5a-488ba84defc7

o/openldap/openldap-vl.spec

@@ -1,64 +1,50 @@
+%bcond_with sql
+%define _unpackaged_files_terminate_build 1
 %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
-
-%define migtools_version 47
-%define ldbm_backend berkeley
-%define evolution_connector_prefix %{_libdir}/evolution-openldap
-%define evolution_connector_includedir %{evolution_connector_prefix}/include
-%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
 %define __perl_requires %{SOURCE11}
 
-%define stable 0
-%if %{stable}
-%define date 20100719
-%endif
+%global check_password_version 1.1
 
 Summary: The configuration files, libraries and documentation for OpenLDAP.
 Summary(ja): OpenLDAP の設定ファイル，ライブラリ，ドキュメント.
 Name: openldap
-Version: 2.4.44
+Version: 2.4.46
 Release: 1%{?_dist_release}
 License: OpenLDAP
 Group: System Environment/Libraries
 URL: http://www.openldap.org/
 
-%if %{stable}
-Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-stable/openldap-stable-%{date}.tgz
-%else
 Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz
-%endif
-Source1: http://www.padl.com/download/MigrationTools-%{migtools_version}.tar.gz
 Source2: ldap.init
-Source3: migration-tools.txt
-Source4: autofs.schema
-Source5: rfc822-MailMember.schema
-Source6: README.upgrading
-Source7: http://www.OpenLDAP.org/doc/admin/guide.html
-Source8: README.evolution
-Source9: README.migration
+Source4: slapd.ldif
+Source5: ldap.conf
 Source10: ldap.sysconfig
 Source11: filter-requires-openldap.sh
+Source12: ltb-project-openldap-ppolicy-check-password-%{check_password_version}.tar.gz
+Source50: libexec-functions
+Source52: libexec-check-config.sh
+Source53: libexec-upgrade-db.sh
 
 # Patches for 2.4
-Patch0: openldap-2.4.44-config.patch
-Patch1: openldap-2.0.11-ldaprc.patch
-Patch2: openldap-2.4.16-setugid.patch
-Patch3: openldap-2.4.6-pie.patch
-Patch4: openldap-2.3.11-toollinks.patch
-Patch5: openldap-2.4.6-nosql.patch
-Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
-Patch9: openldap-2.3.37-smbk5pwd.patch
-Patch10: openldap-2.4.6-multilib.patch
-
-# Patches for the evolution library
-Patch200: openldap-2.4.16-evolution-ntlm.patch
-
-# Patches for the MigrationTools package
-Patch300: MigrationTools-38-instdir.patch
-Patch301: MigrationTools-36-mktemp.patch
-Patch302: MigrationTools-27-simple.patch
-Patch303: MigrationTools-26-suffix.patch
-Patch304: MigrationTools-46-schema.patch
-Patch305: MigrationTools-45-noaliases.patch
+Patch0: openldap-manpages.patch
+Patch2: openldap-reentrant-gethostby.patch
+Patch3: openldap-smbk5pwd-overlay.patch
+Patch5: openldap-ai-addrconfig.patch
+Patch17: openldap-allop-overlay.patch
+
+# fix back_perl problems with lt_dlopen()
+# might cause crashes because of symbol collisions
+# the proper fix is to link all perl modules against libperl
+# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327585
+Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
+# ldapi sasl fix pending upstream inclusion
+Patch20: openldap-ldapi-sasl.patch
+Patch22: openldap-openssl-ITS7595-Add-EC-support-1.patch
+Patch23: openldap-openssl-ITS7595-Add-EC-support-2.patch
+
+# check-password module specific patches
+Patch90: check-password-makefile.patch
+Patch91: check-password.patch
 
 # Vine Patches
 
@@ -131,6 +117,7 @@ migration scripts and related files.
 OpenLDAPはオープンソースなLDAP (Lightweight Directory Access Protocol)アプリケーションと開発ツール集です。LDAPはディレクトリサービス（電話帳の様な情報や他の情報）にInternelからアクセスするプロトコルであり、DNS(Domain Name System)情報に似た\方式でInternetに伝えられます。このパッケージはslapdやslurpdサーバ、移行スクリプトや関連するファイルを含んでいます。
 
 
+%if %{with sql}
 %package servers-sql
 Summary: OpenLDAP server SQL support module.
 Summary(ja): SQLサポートモジュールを含んだOpenLDAPサーバ
@@ -152,6 +139,7 @@ OpenLDAPはオープンソースなLDAP (Lightweight Directory Access Protocol)
 ）にInternelからアクセスするプロトコルであり、DNS(Domain Name System)情報に似た
 方式でInternetに伝えられます。
 このパッケージはslapdサーバがRDBMSからデータを読み込むためのモジュールを含んでいます。
+%endif
 
 %package clients
 Summary: Client programs for OpenLDAP.
@@ -212,361 +200,271 @@ customized LDAP clients.
 
 
 %prep
-%setup -q -c -a 1
+%setup -q -c -a 0 -a 12
 
 pushd openldap-%{version}
-libtoolize --force --copy
-popd
 
-pushd openldap-%{version}
-%patch0 -p1 -b .config
-%patch1 -p1 -b .ldaprc
-%patch2 -p1 -b .setugid
-%patch3 -p1 -b .pie
-%patch4 -p1 -b .toollinks
-%patch5 -p1 -b .nosql
-%patch6 -p1 -b .gethostbyname_r
-%patch9 -p1 -b .smbk5pwd
-%patch10 -p1 -b .multilib
+AUTOMAKE=/bin/true autoreconf -fi
+
+%patch0 -p1
+%patch2 -p1
+%patch3 -p1
+%patch5 -p1
+%patch17 -p1
+%patch19 -p1
+%patch20 -p1
+%patch22 -p1
+%patch23 -p1
 
 # security
 # %patch1000 -p1 -b .CVE-2015-1545
 # %patch1001 -p1 -b .CVE-2015-1546
 
-
-libtoolize --force --copy
-popd
-
-# Set up a build tree for a static version of libldap with the hooks for the
-# non-standard NTLM bind type which is needed to connect to Win2k GC servers
-# (Win2k3 supports SASL with DIGEST-MD5, so this shouldn't be needed for those
-# servers, though as of version 1.4 the connector doesn't try SASL first).
-if ! cp -al openldap-%{version} evo-openldap-%{version} ; then
-     rm -fr evo-openldap-%{version}
-     cp -a  openldap-%{version} evo-openldap-%{version}
-fi
-pushd evo-openldap-%{version}
-%patch200 -p1 -b .evolution-ntlm
-popd
-
-pushd MigrationTools-%{migtools_version}
-%patch300 -p1 -b .instdir
-%patch301 -p1 -b .mktemp
-%patch302 -p1 -b .simple
-%patch303 -p1 -b .suffix
-%patch304 -p1 -b .schema
-%patch305 -p1 -b .noaliases
-popd
-
-pushd openldap-%{version}
-        for subdir in build-servers build-clients ; do
-	        mkdir $subdir
-	        ln -s ../configure $subdir
-	done
-autoconf
 # build smbk5pwd with other overlays
 ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
 mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd
-popd
+# build allop with other overlays
+ln -s ../../../contrib/slapd-modules/allop/allop.c servers/slapd/overlays
+mv contrib/slapd-modules/allop/README contrib/slapd-modules/allop/README.allop
+mv contrib/slapd-modules/allop/slapo-allop.5 doc/man/man5/slapo-allop.5
 
-%build
-libtool='%{_bindir}/libtool'
-tagname=CC; export tagname
+mv servers/slapd/back-perl/README{,.back_perl}
 
-%ifarch ia64
-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
-%endif
+# fix documentation encoding
+for filename in doc/drafts/draft-ietf-ldapext-acl-model-xx.txt; do
+	iconv -f iso-8859-1 -t utf-8 "$filename" > "$filename.utf8"
+	mv "$filename.utf8" "$filename"
+done
 
-# Find OpenSSL's header and library dependencies.
-if pkg-config openssl ; then
-        OPENSSL_CPPFLAGS=`pkg-config --cflags-only-I openssl`
-        CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS
-        OPENSSL_LDFLAGS=`pkg-config --libs-only-L openssl`
-        LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS
-fi
-CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
+popd
 
-# Build 2.4.
-CFLAGS="$RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS
-export CPPFLAGS="-I${dbdir}/include"
-export CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC -D_GNU_SOURCE"
-export LDFLAGS="-L${dbdir}/%{_lib}"
+pushd ltb-project-openldap-ppolicy-check-password-%{check_password_version}
+%patch90 -p1
+%patch91 -p1
+popd
 
+%build
+export CFLAGS="-fpie %{optflags} -Wl,-z,relro,-z,now,--as-needed -DLDAP_CONNECTIONLESS"
+export LDFLAGS="-pie"
 
-build() {
+pushd openldap-%{version}
 %configure \
-        --with-threads=posix \
-        \
-        --enable-local --enable-rlookups \
-        \
-        --with-tls \
-        --with-cyrus-sasl \
-        --with-gssapi \
-        --with-odbc=unixodbc \
-        \
-        --enable-wrappers \
-        \
-        --enable-passwd \
-        \
-        --enable-cleartext \
-        --enable-crypt \
-        --enable-spasswd \
-        --enable-lmpasswd \
-        --enable-modules \
-        --disable-sql \
-        \
-        --libexecdir=%{_libdir} \
-        $@
-make %{_smp_mflags} LIBTOOL="$libtool"
-}
-
-# Build the servers with Kerberos support (for password checking, mainly).
-LIBS=-lpthread; export LIBS
-
-pushd openldap-%{version}/build-servers
-build \
-       --enable-plugins \
-       --enable-slapd \
-       --enable-slurpd \
-       --enable-bdb \
-       --enable-hdb \
-       --enable-ldap \
-       --enable-ldbm \
-       --enable-ldbm-api=%{ldbm_backend} \
-       --enable-meta \
-       --enable-monitor \
-       --enable-null \
-       --enable-shell \
-       --enable-sql=mod \
-       --disable-perl \
-       --disable-shared \
-       --disable-dynamic \
-       --enable-static
-unset LIBS
-popd
+	--enable-debug \
+	--enable-dynamic \
+	\
+	--enable-dynacl \
+	--enable-cleartext \
+	--enable-crypt \
+	--enable-lmpasswd \
+	--enable-spasswd \
+	--enable-modules \
+	--enable-rewrite \
+	--enable-rlookups \
+	--enable-slapi \
+	--disable-slp \
+	\
+	--enable-backends=mod \
+	--enable-bdb=yes \
+	--enable-hdb=yes \
+	--enable-mdb=yes \
+	--enable-monitor=yes \
+	--disable-ndb \
+%if %{with sql}
+	--enable-sql=yes \
+%else
+	--disable-sql \
+%endif
+	\
+	--enable-overlays=mod \
+	\
+	--disable-static \
+	\
+	--with-cyrus-sasl \
+	--without-fetch \
+	--with-threads \
+	--with-pic \
+	--with-gnu-ld \
+	\
+	--libexecdir=%{_libdir}
 
-# Build clients without Kerberos password-checking support, which is only
-# useful in the server anyway, to avoid stray dependencies.
-pushd openldap-%{version}/build-clients
-build \
-	--disable-slapd \
-        --disable-slurpd \
-        --enable-shared \
-        --enable-dynamic \
-        --enable-static \
-        --with-pic
+make %{_smp_mflags}
 popd
 
-# Build evolution-specific clients just as we would normal clients, except with
-# a different installation directory in mind and no shared libraries.
-pushd evo-openldap-%{version}
-build \
-        --disable-slapd \
-	--disable-slurpd \
-	--disable-shared \
-	--disable-dynamic \
-	--enable-static \
-	--with-pic \
-	--includedir=%{evolution_connector_includedir} \
-	--libdir=%{evolution_connector_libdir}
+pushd ltb-project-openldap-ppolicy-check-password-%{check_password_version}
+make LDAP_INC="-I../openldap-%{version}/include \
+ -I../openldap-%{version}/servers/slapd \
+ -I../openldap-%{version}/build-servers/include"
 popd
 
 %install
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
-libtool='%{_bindir}/libtool'
-tagname=CC; export tagname
 
-mkdir -p $RPM_BUILD_ROOT/%{_libdir}/
+mkdir -p %{buildroot}%{_libdir}/
 
-# Install servers.
-pushd openldap-%{version}/build-servers
-make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool"
+pushd openldap-%{version}
+make install DESTDIR=%{buildroot} STRIP=""
 popd
 
-# Install clients and shared libraries.  Install the evo-specific versions
-# first so that any conflicting files are overwritten by generic versions.
-pushd evo-openldap-%{version}
-make install DESTDIR=$RPM_BUILD_ROOT \
-        includedir=%{evolution_connector_includedir} \
-        libdir=%{evolution_connector_libdir} \
-        LIBTOOL="$libtool"
-install -m644 \
-        $RPM_SOURCE_DIR/README.evolution \
-        $RPM_BUILD_ROOT/%{evolution_connector_prefix}/
-popd
-pushd openldap-%{version}/build-clients
-make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool"
+# install check_password module
+pushd ltb-project-openldap-ppolicy-check-password-%{check_password_version}
+mv check_password.so check_password.so.%{check_password_version}
+ln -s check_password.so.%{check_password_version} %{buildroot}%{_libdir}/openldap/check_password.so
+install -m 755 check_password.so.%{check_password_version} %{buildroot}%{_libdir}/openldap/
+# install -m 644 README %{buildroot}%{_libdir}/openldap
+install -d -m 755 %{buildroot}%{_sysconfdir}/openldap
+cat > %{buildroot}%{_sysconfdir}/openldap/check_password.conf <<EOF
+# OpenLDAP pwdChecker library configuration
+
+#useCracklib 1
+#minPoints 3
+#minUpper 0
+#minLower 0
+#minDigit 0
+#minPunct 0
+EOF
+mv README{,.check_pwd}
 popd
 
-# Create this directory so that authconfig setting TLS_CACERT to
-# /etc/openldap/cacerts doesn't cause TLS startup of any kind to fail
-# when the directory doesn't exist.
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/openldap/cacerts
-# make sure the certs directory exists
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
-# Touch the dummy slapd.pem to make rpmbuild happy
-touch $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/slapd.pem
-
-# Install the padl.com migration tools.
-mkdir -p $RPM_BUILD_ROOT%{_datadir}/openldap/migration
-install -m 755 MigrationTools-%{migtools_version}/migrate_* \
-        $RPM_BUILD_ROOT%{_datadir}/openldap/migration/
-install -m 644 MigrationTools-%{migtools_version}/README \
-        $RPM_SOURCE_DIR/migration-tools.txt \
-        $RPM_BUILD_ROOT%{_datadir}/openldap/migration/
-cp MigrationTools-%{migtools_version}/README README.migration
-cp $RPM_SOURCE_DIR/migration-tools.txt TOOLS.migration
-
-install -m 644 %SOURCE6 README.upgrading
-install -m 644 %SOURCE9 README.migration
+# setup directories for TLS certificates
+mkdir -p %{buildroot}%{_sysconfdir}/openldap/certs
 
 # Create the data directory.
-mkdir -p $RPM_BUILD_ROOT/var/lib/ldap
+install -m 0700 -d $RPM_BUILD_ROOT/var/lib/ldap
 # Create the new run directory
-mkdir -p $RPM_BUILD_ROOT/var/run/openldap
+install -m 0755 -d $RPM_BUILD_ROOT/var/run/openldap
+
+# install default ldap.conf (customized)
+rm -f %{buildroot}%{_sysconfdir}/openldap/ldap.conf
+install -m 0644 %SOURCE5 %{buildroot}%{_sysconfdir}/openldap/ldap.conf
 
-# Hack the build root out of the default config files.
-perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.conf
+# setup maintainance scripts
+mkdir -p %{buildroot}%{_libexecdir}
+install -m 0755 -d %{buildroot}%{_libexecdir}/openldap
+install -m 0644 %SOURCE50 %{buildroot}%{_libexecdir}/openldap/functions
+install -m 0755 %SOURCE52 %{buildroot}%{_libexecdir}/openldap/check-config.sh
+install -m 0755 %SOURCE53 %{buildroot}%{_libexecdir}/openldap/upgrade-db.sh
 
-# Get the buildroot out of the man pages.
-perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/*/*.*
+# remove build root from config files and manual pages
+perl -pi -e "s|%{buildroot}||g" %{buildroot}%{_sysconfdir}/openldap/*.conf
+perl -pi -e "s|%{buildroot}||g" %{buildroot}%{_mandir}/*/*.*
 
-# We don't need the default files -- RPM handles changes.
-rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.default
-rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/*.default
+# we don't need the default files -- RPM handles changes
+rm -f %{buildroot}%{_sysconfdir}/openldap/*.default
+rm -f %{buildroot}%{_sysconfdir}/openldap/schema/*.default
 
 # Install an init script for the servers.
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d
 install -m 755 $RPM_SOURCE_DIR/ldap.init $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/ldap
 
-# Install syconfig/ldap
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
-install -m 644 %SOURCE10 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ldap
-
-# Add some more schema for the sake of migration scripts.
-install -d -m755 $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/vine
-install -m644 \
-        $RPM_SOURCE_DIR/autofs.schema \
-        $RPM_SOURCE_DIR/rfc822-MailMember.schema \
-        $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/vine/
-
-# Move slapd and slurpd out of _libdir
-mv $RPM_BUILD_ROOT/%{_libdir}/slapd $RPM_BUILD_ROOT/%{_sbindir}/
-rm -f $RPM_BUILD_ROOT/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test}
-rm -f $RPM_BUILD_ROOT/%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test}
-for X in acl add auth cat dn index passwd test; do ln -s slapd $RPM_BUILD_ROOT/%{_sbindir}/slap$X ; done
-
-# Tweak permissions on the libraries to make sure they're correct.
-chmod 755 $RPM_BUILD_ROOT/%{_libdir}/lib*.so*
-chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a
-
-# Remove files which we don't want packaged.
-rm -f $RPM_BUILD_ROOT/%{_datadir}/openldap/migration/*.{instdir,simple,schema,mktemp,suffix,noaliases}
-#rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
-#rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.la
-#rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.so*
-#rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.a
-#rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.so
-
-rm -f $RPM_BUILD_ROOT/var/openldap-data/DB_CONFIG.example
-rmdir $RPM_BUILD_ROOT/var/openldap-data
+# install syconfig/ldap
+mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
+install -m 644 %SOURCE2 %{buildroot}%{_sysconfdir}/sysconfig/slapd
+
+# move slapd out of _libdir
+mv %{buildroot}%{_libdir}/slapd %{buildroot}%{_sbindir}/
+
+# setup tools as symlinks to slapd
+rm -f %{buildroot}%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
+rm -f %{buildroot}%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test,schema}
+for X in acl add auth cat dn index passwd test schema; do ln -s slapd %{buildroot}%{_sbindir}/slap$X ; done
+
+# tweak permissions on the libraries to make sure they're correct
+chmod 0755 %{buildroot}%{_libdir}/lib*.so*
+chmod 0644 %{buildroot}%{_libdir}/lib*.*a
+
+# slapd.conf(5) is obsoleted since 2.3, see slapd-config(5)
+# new configuration will be generated in %%post
+mkdir -p %{buildroot}%{_datadir}
+install -m 0755 -d %{buildroot}%{_datadir}/openldap-servers
+install -m 0644 %SOURCE4 %{buildroot}%{_datadir}/openldap-servers/slapd.ldif
+install -m 0750 -d %{buildroot}%{_sysconfdir}/openldap/slapd.d
+rm -f %{buildroot}%{_sysconfdir}/openldap/slapd.conf
+rm -f %{buildroot}%{_sysconfdir}/openldap/slapd.ldif
+
+# move doc files out of _sysconfdir
+mv %{buildroot}%{_sysconfdir}/openldap/schema/README README.schema
+mv %{buildroot}%{_sysconfdir}/openldap/DB_CONFIG.example %{buildroot}%{_datadir}/openldap-servers/DB_CONFIG.example
+chmod 0644 openldap-%{version}/servers/slapd/back-sql/rdbms_depend/timesten/*.sh
+chmod 0644 %{buildroot}%{_datadir}/openldap-servers/DB_CONFIG.example
+
+# remove files which we don't want packaged
+rm -f %{buildroot}%{_libdir}/*.la  # because we do not want files in %{_libdir}/openldap/ removed, yet
+
+rm -f %{buildroot}%{_localstatedir}/openldap-data/DB_CONFIG.example
+rmdir %{buildroot}%{_localstatedir}/openldap-data
 
 %clean 
 rm -rf $RPM_BUILD_ROOT
 
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
+%post
+/sbin/ldconfig
 
+%postun
+#update only on package erase
+if [ $1 == 0 ]; then
+    /sbin/ldconfig
+fi
 
 %pre servers
-# Take care to only do ownership-changing if we're adding the user.
-if /usr/sbin/useradd -c "LDAP User" -u 55 \
-	-s /bin/false -r -d /var/lib/ldap ldap 2> /dev/null ; then
-	if [ -d /var/lib/ldap ] ; then
-		for dbfile in /var/lib/ldap/* ; do
-			if [ -f $dbfile ] ; then
-				chown ldap.ldap $dbfile
-			fi
-		done
+
+# create ldap user and group
+getent group ldap &>/dev/null || groupadd -r -g 55 ldap
+getent passwd ldap &>/dev/null || \
+	useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap
+
+if [ $1 -eq 2 ]; then
+	# package upgrade
+
+	old_version=$(rpm -q --qf=%%{version} openldap-servers)
+	new_version=%{version}
+
+	if [ "$old_version" != "$new_version" ]; then
+		touch %{_sharedstatedir}/ldap/rpm_upgrade_openldap &>/dev/null
 	fi
 fi
 
-if [ "$1" = "2" ]; then
-    # guess, if database upgrade is necessary
-    OLD_SLAPD_VERSION=$( rpm -q --qf "%{VERSION}" openldap-servers | sed 's/\.[0-9]*$//' )
-    NEW_SLAPD_VERSION=$( echo %{version} | sed 's/\.[0-9]*$//' )
-
-    if [ "$OLD_SLAPD_VERSION" != "$NEW_SLAPD_VERSION" ]; then
-        # Minor version number has changed -> slapcat/slapadd of the BDB database 
-        # is necessary. Save an ldif of the database where the "% post servers" 
-        # scriptlet can restore it.  Also save the database files to a "rpmorig" 
-        # directory - Just In Case (TM)
-
-        # stop the server
-        if /sbin/service ldap status &>/dev/null; then 
-            touch /var/lib/ldap/need_start
-            /sbin/service ldap stop &>/dev/null
-        fi
-
-        files=$(echo /var/lib/ldap/{log.*,__db.*,[a]lock})
-        if [ "$files" != '/var/lib/ldap/log.* /var/lib/ldap/__db.* /var/lib/ldap/[a]lock' ] ; then
-            if /usr/sbin/slapcat -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1 ; then
-                if [ -f /var/lib/ldap/upgrade.ldif ] ; then
-                    /bin/rm -fr /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
-                    mkdir /var/lib/ldap/rpmorig
-                    mv /var/lib/ldap/{alock,*.bdb,__db.*,log.*} /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
-                    cp -f /var/lib/ldap/DB_CONFIG /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
-                else
-                    /bin/rm -f /var/lib/ldap/upgrade.ldif
-                fi
-            fi
-        fi
-    fi
-fi
 exit 0
 
-
 %post servers
-/sbin/ldconfig
-/sbin/chkconfig --add ldap
-# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
-# It was created by the % pre above.
-if [ -f /var/lib/ldap/upgrade.ldif ] ; then
-    /sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1
-    rm -f /var/lib/ldap/upgrade.ldif
+
+/sbin/ldconfig -n %{_libdir}/openldap
+
+# generate configuration if necessary
+if [[ ! -f %{_sysconfdir}/openldap/slapd.d/cn=config.ldif && \
+      ! -f %{_sysconfdir}/openldap/slapd.conf
+   ]]; then
+      # if there is no configuration available, generate one from the defaults
+      mkdir -p %{_sysconfdir}/openldap/slapd.d/ &>/dev/null || :
+      /usr/sbin/slapadd -F %{_sysconfdir}/openldap/slapd.d/ -n0 -l %{_datadir}/openldap-servers/slapd.ldif
+      chown -R ldap:ldap %{_sysconfdir}/openldap/slapd.d/
+      /sbin/service ldap condrestart > /dev/null 2>&1 || :
 fi
 
-exec > /dev/null 2> /dev/null
-if [ ! -f %{_sysconfdir}/pki/tls/certs/slapd.pem ] ; then
-pushd %{_sysconfdir}/pki/tls/certs
-umask 077
-cat << EOF | make slapd.pem
---
-SomeState
-SomeCity
-SomeOrganization
-SomeOrganizationalUnit
-localhost.localdomain
-root@localhost.localdomain
-EOF
-chown root:ldap slapd.pem
-chmod 640 slapd.pem
-popd
+start_slapd=0
+
+# upgrade the database
+running=`/sbin/service ldap status >/dev/null; echo $?`
+if [ -f %{_sharedstatedir}/ldap/rpm_upgrade_openldap ]; then
+	if [ $running -eq 0 ]; then
+		/sbin/service ldap stop > /dev/null 2>&1 || :
+		start_slapd=1
+	fi
+
+	%{_libexecdir}/openldap/upgrade-db.sh &>/dev/null
+	rm -f %{_sharedstatedir}/ldap/rpm_upgrade_openldap
 fi
 
-if [ $1 -ge 1 ] ; then
-    /sbin/service ldap condrestart &>/dev/null
-    /sbin/service ldap status &>/dev/null
-    if [ "$?" != "0" -a -f /var/lib/ldap/need_start ]; then
-        /sbin/service ldap start &>/dev/null
-        rm -f /var/lib/ldap/need_start &>/dev/null 
-    fi
+# restart after upgrade
+if [ $1 -ge 1 ]; then
+	if [ $start_slapd -eq 1 ]; then
+		/sbin/service ldap start > /dev/null 2>&1 || :
+	else
+		/sbin/service ldap condrestart > /dev/null 2>&1 || :
+	fi
 fi
 
 exit 0
 
-
 %preun servers
 if [ "$1" = "0" ] ; then
 	/sbin/service ldap stop > /dev/null 2>&1 || :
@@ -579,7 +477,8 @@ if [ "$1" = "0" ] ; then
 fi
 
 %postun servers
-/sbin/ldconfig
+/sbin/ldconfig ${_libdir}/openldap
+
 if [ $1 -ge 1 ] ; then
 	/sbin/service ldap condrestart > /dev/null 2>&1 || :
 fi
@@ -588,90 +487,141 @@ fi
 
 %postun devel -p /sbin/ldconfig
 
+%triggerin servers -- libdb
+
+# libdb upgrade (setup for %%triggerun)
+if [ $2 -eq 2 ]; then
+	# we are interested in minor version changes (both versions of libdb are installed at this moment)
+	if [ "$(rpm -q --qf="%%{version}\n" libdb | sed 's/\.[0-9]*$//' | sort -u | wc -l)" != "1" ]; then
+		touch %{_sharedstatedir}/ldap/rpm_upgrade_libdb
+	else
+		rm -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb
+	fi
+fi
+
+exit 0
+
+
+%triggerun servers -- libdb
+
+# libdb upgrade (finish %%triggerin)
+running=`/sbin/service ldap status >/dev/null; echo $?`
+
+if [ -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb ]; then
+	if [ $running -eq 0 ]; then
+		/sbin/service ldap stop > /dev/null 2>&1 || :
+		start=1
+	else
+		start=0
+	fi
+
+	%{_libexecdir}/openldap/upgrade-db.sh &>/dev/null
+	rm -f %{_sharedstatedir}/ldap/rpm_upgrade_libdb
+
+	[ $start -eq 1 ] && /sbin/service ldap condrestart > /dev/null 2>&1 || :
+fi
+
+exit 0
+
 %files
 %defattr(-,root,root)
-%doc openldap-%{version}/{ANNOUNCEMENT,CHANGES,COPYRIGHT,LICENSE,README,doc/rfc}
-%attr(0755,root,root) %dir %{_sysconfdir}/openldap
-%attr(0755,root,root) %dir %{_sysconfdir}/openldap/cacerts
-%attr(0644,root,root) %config %{_sysconfdir}/openldap/ldap*.conf
-%attr(0755,root,root) %{_libdir}/libl*-2.4*.so.*
-%attr(0644,root,root) %{_mandir}/man5/ldif.5*
-%attr(0644,root,root) %{_mandir}/man5/ldap.conf.5*
+%doc openldap-%{version}/{ANNOUNCEMENT,CHANGES,COPYRIGHT,LICENSE,README}
+%dir %{_sysconfdir}/openldap
+%dir %{_sysconfdir}/openldap/certs
+%config(noreplace) %{_sysconfdir}/openldap/ldap.conf
+%dir %{_libexecdir}/openldap/
+%{_libdir}/liblber-2.4*.so.*
+%{_libdir}/libldap-2.4*.so.*
+%{_libdir}/libldap_r-2.4*.so.*
+%{_libdir}/libslapi-2.4*.so.*
+%{_mandir}/man5/ldif.5*
+%{_mandir}/man5/ldap.conf.5*
 
 %files servers
 %defattr(-,root,root)
-%doc README.migration TOOLS.migration
-%doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/guide.html
-%doc README.upgrading
 %doc openldap-%{version}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
 %doc openldap-%{version}/doc/guide/admin/*.html
 %doc openldap-%{version}/doc/guide/admin/*.png
-%ghost %config %{_sysconfdir}/pki/tls/certs/slapd.pem
+%doc openldap-%{version}/servers/slapd/back-perl/SampleLDAP.pm
+%doc openldap-%{version}/servers/slapd/back-perl/README.back_perl
+%doc openldap-%{version}/servers/slapd/back-perl/README.back_perl
+%doc ltb-project-openldap-ppolicy-check-password-%{check_password_version}/README.check_pwd
+%doc README.schema
+%config(noreplace) %dir %attr(0750,ldap,ldap) %{_sysconfdir}/openldap/slapd.d
+%config(noreplace) %{_sysconfdir}/openldap/schema
+%config(noreplace) %{_sysconfdir}/sysconfig/slapd
+%config(noreplace) %{_sysconfdir}/openldap/check_password.conf
 %attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/ldap
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap*.conf
-%attr(0640,root,ldap) %config(noreplace) %{_sysconfdir}/openldap/slapd.conf
-%attr(0640,root,ldap) %{_sysconfdir}/openldap/DB_CONFIG.example
-%attr(0755,root,root) %dir %{_sysconfdir}/openldap/schema
-%attr(0644,root,root) %{_sysconfdir}/openldap/schema/README*
-%attr(0644,root,root) %config %{_sysconfdir}/sysconfig/ldap
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/*.schema*
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/*.ldif
-%attr(0755,root,root) %dir %{_sysconfdir}/openldap/schema/vine
-%attr(0644,root,root) %config %{_sysconfdir}/openldap/schema/vine/*.schema*
-%attr(0755,root,root) %{_sbindir}/sl*
-%attr(0644,root,root) %{_mandir}/man8/*
-%attr(0644,root,root) %{_mandir}/man5/slapd*.5*
-%attr(0644,root,root) %{_mandir}/man5/slapo-*.5*
-%attr(0755,root,root) %dir %{_datadir}/openldap
-%attr(0755,root,root) %dir %{_datadir}/openldap/migration
-%attr(0644,root,root) %{_datadir}/openldap/migration/README
-%attr(0644,root,root) %config(noreplace) %{_datadir}/openldap/migration/*.ph
-%attr(0755,root,root) %{_datadir}/openldap/migration/*.pl
-%attr(0755,root,root) %{_datadir}/openldap/migration/*.sh
-%attr(0644,root,root) %{_datadir}/openldap/migration/*.txt
 %attr(0700,ldap,ldap) %dir /var/lib/ldap
 %attr(0755,ldap,ldap) %dir /var/run/openldap
-%attr(0755,root,root) %dir %{_libdir}/openldap
-%attr(0755,root,root) %{_libdir}/openldap/[^b]*
-
+%{_datadir}/openldap-servers/
+%{_libdir}/openldap/accesslog*
+%{_libdir}/openldap/auditlog*
+%{_libdir}/openldap/allop*
+%{_libdir}/openldap/back_dnssrv*
+%{_libdir}/openldap/back_ldap*
+%{_libdir}/openldap/back_meta*
+%{_libdir}/openldap/back_null*
+%{_libdir}/openldap/back_passwd*
+%{_libdir}/openldap/back_relay*
+%{_libdir}/openldap/back_shell*
+%{_libdir}/openldap/back_sock*
+%{_libdir}/openldap/back_perl*
+%{_libdir}/openldap/collect*
+%{_libdir}/openldap/constraint*
+%{_libdir}/openldap/dds*
+%{_libdir}/openldap/deref*
+%{_libdir}/openldap/dyngroup*
+%{_libdir}/openldap/dynlist*
+%{_libdir}/openldap/memberof*
+%{_libdir}/openldap/pcache*
+%{_libdir}/openldap/ppolicy*
+%{_libdir}/openldap/refint*
+%{_libdir}/openldap/retcode*
+%{_libdir}/openldap/rwm*
+%{_libdir}/openldap/seqmod*
+%{_libdir}/openldap/smbk5pwd*
+%{_libdir}/openldap/sssvlv*
+%{_libdir}/openldap/syncprov*
+%{_libdir}/openldap/translucent*
+%{_libdir}/openldap/unique*
+%{_libdir}/openldap/valsort*
+%{_libdir}/openldap/check_password*
+%{_libexecdir}/openldap/functions
+%{_libexecdir}/openldap/check-config.sh
+%{_libexecdir}/openldap/upgrade-db.sh
+%{_sbindir}/sl*
+%{_mandir}/man8/*
+%{_mandir}/man5/slapd*.5*
+%{_mandir}/man5/slapo-*.5*
+# obsolete configuration
+%ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf
+
+%if %{with sql}
 %files servers-sql
 %defattr(-,root,root)
 %doc openldap-%{version}/servers/slapd/back-sql/docs/*
 %doc openldap-%{version}/servers/slapd/back-sql/rdbms_depend
-%attr(0755,root,root) %{_libdir}/openldap/back_sql.la
-%attr(0755,root,root) %{_libdir}/openldap/back_sql*.so.*
+%{_libdir}/openldap/back_sql*
+%endif
 
 %files clients
 %defattr(-,root,root)
-%attr(0755,root,root) %{_bindir}/*
-%attr(0644,root,root) %{_mandir}/man1/*
+%{_bindir}/*
+%{_mandir}/man1/*
 
 %files devel
 %defattr(-,root,root)
 %doc openldap-%{version}/doc/drafts openldap-%{version}/doc/rfc
-%attr(0755,root,root) %{_libdir}/libl*.so
-%attr(0644,root,root) %{_libdir}/libl*.a
-%attr(0644,root,root) %{_includedir}/*
-%attr(0644,root,root) %{_mandir}/man3/*
-%attr(0755,root,root) %dir %{evolution_connector_prefix}
-%attr(0644,root,root)      %{evolution_connector_prefix}/README*
-%attr(0755,root,root) %dir %{evolution_connector_includedir}
-%attr(0644,root,root)      %{evolution_connector_includedir}/*.h
-%attr(0755,root,root) %dir %{evolution_connector_libdir}
-%attr(0644,root,root)      %{evolution_connector_libdir}/*.a
-
-%exclude %{_libdir}/*.la
-#%exclude %{_libdir}/openldap/*.a
-%exclude %{_libdir}/openldap/*.so
-%exclude %{evolution_connector_libdir}/*.la
-%exclude %{evolution_connector_libdir}/*.so*
-
+%{_libdir}/lib*.so
+%{_includedir}/*
+%{_mandir}/man3/*
 
 ## to build compat32 for x86_64 architecture support
 %if %{build_compat32}
 %files -n compat32-%{name}
 %defattr(-,root,root)
-%attr(0755,root,root) %{_libdir}/libl*-2.4*.so.*
+%{_libdir}/libl*-2.4*.so.*
 
 # %files -n compat32-%{name}-servers-sql
 # %defattr(-,root,root)
@@ -680,25 +630,18 @@ fi
 
 %files -n compat32-%{name}-devel
 %defattr(-,root,root)
-%attr(0755,root,root) %{_libdir}/libl*.so
-%attr(0644,root,root) %{_libdir}/libl*.a
-%attr(0644,root,root) %{_includedir}/*
-%attr(0755,root,root) %dir %{evolution_connector_prefix}
-%attr(0644,root,root)      %{evolution_connector_prefix}/README*
-%attr(0755,root,root) %dir %{evolution_connector_includedir}
-%attr(0644,root,root)      %{evolution_connector_includedir}/*.h
-%attr(0755,root,root) %dir %{evolution_connector_libdir}
-%attr(0644,root,root)      %{evolution_connector_libdir}/*.a
-
-%exclude %{_libdir}/*.la
-#%exclude %{_libdir}/openldap/*.a
-%exclude %{_libdir}/openldap/*.so
-%exclude %{evolution_connector_libdir}/*.la
-%exclude %{evolution_connector_libdir}/*.so*
+%{_libdir}/lib*.so
+
 %endif
 
 
 %changelog
+* Fri Nov 02 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2.4.46-1
+- new upstream release.
+- rebuilt with openssl-1.1.1.
+- dropped too old MigrationTools.
+- dropped all patches and imported from rawhide.
+
 * Mon Mar 14 2016 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.4.44-1
 - new upstream release and built with openssl 1.0.2g
 - update patch0