%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} %define migtools_version 47 %define ldbm_backend berkeley %define evolution_connector_prefix %{_libdir}/evolution-openldap %define evolution_connector_includedir %{evolution_connector_prefix}/include %define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib} %define __perl_requires %{SOURCE11} %define stable 0 %if %{stable} %define date 20100719 %endif Summary: The configuration files, libraries and documentation for OpenLDAP. Summary(ja): OpenLDAP の設定ファイル,ライブラリ,ドキュメント. Name: openldap Version: 2.4.40 Release: 2%{?_dist_release} License: OpenLDAP Group: System Environment/Libraries URL: http://www.openldap.org/ %if %{stable} Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-stable/openldap-stable-%{date}.tgz %else Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version}.tgz %endif Source1: http://www.padl.com/download/MigrationTools-%{migtools_version}.tar.gz Source2: ldap.init Source3: migration-tools.txt Source4: autofs.schema Source5: rfc822-MailMember.schema Source6: README.upgrading Source7: http://www.OpenLDAP.org/doc/admin/guide.html Source8: README.evolution Source9: README.migration Source10: ldap.sysconfig Source11: filter-requires-openldap.sh # Patches for 2.4 Patch0: openldap-2.4.11-config.patch Patch1: openldap-2.0.11-ldaprc.patch Patch2: openldap-2.4.16-setugid.patch Patch3: openldap-2.4.6-pie.patch Patch4: openldap-2.3.11-toollinks.patch Patch5: openldap-2.4.6-nosql.patch Patch6: openldap-2.3.19-gethostbyXXXX_r.patch Patch9: openldap-2.3.37-smbk5pwd.patch Patch10: openldap-2.4.6-multilib.patch # Patches for the evolution library Patch200: openldap-2.4.16-evolution-ntlm.patch # Patches for the MigrationTools package Patch300: MigrationTools-38-instdir.patch Patch301: MigrationTools-36-mktemp.patch Patch302: MigrationTools-27-simple.patch Patch303: MigrationTools-26-suffix.patch Patch304: MigrationTools-46-schema.patch Patch305: MigrationTools-45-noaliases.patch # Vine Patches # security fixes # CVE-2015-1545 Patch1000: its8027.patch # CVE-2015-1546 Patch1001: its8046.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: autoconf, automake, libtool >= 2.2.6a BuildRequires: cyrus-sasl-devel, gdbm-devel, openssl-devel, perl BuildRequires: libdb-devel, pam-devel, pkgconfig, tcp_wrappers BuildRequires: unixODBC-devel, bind-devel, libtool-ltdl-devel >= 2.2.6a BuildRequires: krb5-devel BuildRequires: groff #BuildConflicts: libicu-devel Requires: cyrus-sasl, mktemp, gdbm Vendor: Project Vine Distribution: Vine Linux %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries and documentation for OpenLDAP. %description -l ja OpenLDAPはオープンソースなLDAP (Lightweight Directory Access Protocol)アプリケーションと開発ツール集です。LDAPはディレクトリサービス(電話帳の様な情報や他の情報)にInternelからアクセスするプロトコルであり、DNS(Domain Name System)情報に似た方式でInternetに伝えられます。opanldapパッケージはOpanLDAP用の設定ファイルやライブラリ、ドキュメントを含んでいます。 %package devel Summary: OpenLDAP development libraries and header files. Summary(ja): OpenLDAP の開発用ライブラリおよびヘッダファイル. Group: Development/Libraries Requires: openldap = %{version}-%{release}, cyrus-sasl-devel >= 2.1 Provides: openldap-evolution-devel = %{version}-%{release} %description devel The openldap-devel package includes the development libraries and header files needed for compiling applications that use LDAP (Lightweight Directory Access Protocol) internals. LDAP is a set of protocols for enabling directory services over the Internet. Install this package only if you plan to develop or will need to compile customized LDAP clients. %description devel -l ja openldap-develパッケージはLDAP(Lightweight Directory Access Protocol)を使うためにコンパイルするアプリケーションに必要な開発用ライブラリやヘッダファイルを含んでいます。LDAPはInternet上にディレクトリサービスを可能にするプロトコルです。LDAPクライアントを開発したりカスタマイズする場合には、このパッケージをインストールしてください。 %package servers Summary: OpenLDAP servers and related files. Summary(ja): OpenLDAP サーバおよび関連ファイル. Requires(post): fileutils, make, openldap = %{version}-%{release}, openssl, shadow-utils, chkconfig, coreutils Requires(pre): fileutils, make, openldap = %{version}-%{release}, openssl, shadow-utils, chkconfig, coreutils Group: System Environment/Daemons %description servers OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. This package contains the slapd and slurpd servers, migration scripts and related files. %description servers -l ja OpenLDAPはオープンソースなLDAP (Lightweight Directory Access Protocol)アプリケーションと開発ツール集です。LDAPはディレクトリサービス(電話帳の様な情報や他の情報)にInternelからアクセスするプロトコルであり、DNS(Domain Name System)情報に似た\方式でInternetに伝えられます。このパッケージはslapdやslurpdサーバ、移行スクリプトや関連するファイルを含んでいます。 %package servers-sql Summary: OpenLDAP server SQL support module. Summary(ja): SQLサポートモジュールを含んだOpenLDAPサーバ Requires(post): openldap-servers = %{version}-%{release} Group: System Environment/Daemons %description servers-sql OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. This package contains a loadable module which the slapd server can use to read data from an RDBMS. %description servers-sql -l ja OpenLDAPはオープンソースなLDAP (Lightweight Directory Access Protocol)アプリケー ションと開発ツール集です。LDAPはディレクトリサービス(電話帳の様な情報や他の情報 )にInternelからアクセスするプロトコルであり、DNS(Domain Name System)情報に似た 方式でInternetに伝えられます。 このパッケージはslapdサーバがRDBMSからデータを読み込むためのモジュールを含んでいます。 %package clients Summary: Client programs for OpenLDAP. Summary(ja): OpenLDAP のクライアントプログラム. Requires(post): openldap = %{version}-%{release} Group: Applications/Internet %description clients OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap-clients package contains the client programs needed for accessing and modifying OpenLDAP directories. %description clients -l ja OpenLDAPはオープンソースなLDAP (Lightweight Directory Access Protocol)アプリケーションと開発ツール集です。LDAPはディレクトリサービス(電話帳の様な情報や他の情報)にInternelからアクセスするプロトコルであり、DNS(Domain Name System)情報に似た\方式でInternetに伝えられます。openldap-clientsパッケージはOpenLDAPディレクトリにアクセスしたり、修正したりするためのクライアントプログラムを含んでいます。 ## to build compat32 for x86_64 architecture support %package -n compat32-%{name} Summary: libraries for OpenLDAP. Group: System Environment/Libraries %description -n compat32-%{name} OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries and documentation for OpenLDAP. # %package -n compat32-%{name}-servers-sql # Summary: OpenLDAP server SQL support module. # Group: System Environment/Libraries # %description -n compat32-%{name}-servers-sql # OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access # Protocol) applications and development tools. LDAP is a set of # protocols for accessing directory services (usually phone book style # information, but other information is possible) over the Internet, # similar to the way DNS (Domain Name System) information is propagated # over the Internet. This package contains a loadable module which the # slapd server can use to read data from an RDBMS. %package -n compat32-%{name}-devel Summary: OpenLDAP development libraries and header files. Group: Development/Libraries %description -n compat32-%{name}-devel The openldap-devel package includes the development libraries and header files needed for compiling applications that use LDAP (Lightweight Directory Access Protocol) internals. LDAP is a set of protocols for enabling directory services over the Internet. Install this package only if you plan to develop or will need to compile customized LDAP clients. %prep %setup -q -c -a 1 pushd openldap-%{version} libtoolize --force --copy popd pushd openldap-%{version} %patch0 -p1 -b .config %patch1 -p1 -b .ldaprc %patch2 -p1 -b .setugid %patch3 -p1 -b .pie %patch4 -p1 -b .toollinks %patch5 -p1 -b .nosql %patch6 -p1 -b .gethostbyname_r %patch9 -p1 -b .smbk5pwd %patch10 -p1 -b .multilib # security %patch1000 -p1 -b .CVE-2015-1545 %patch1001 -p1 -b .CVE-2015-1546 libtoolize --force --copy popd # Set up a build tree for a static version of libldap with the hooks for the # non-standard NTLM bind type which is needed to connect to Win2k GC servers # (Win2k3 supports SASL with DIGEST-MD5, so this shouldn't be needed for those # servers, though as of version 1.4 the connector doesn't try SASL first). if ! cp -al openldap-%{version} evo-openldap-%{version} ; then rm -fr evo-openldap-%{version} cp -a openldap-%{version} evo-openldap-%{version} fi pushd evo-openldap-%{version} %patch200 -p1 -b .evolution-ntlm popd pushd MigrationTools-%{migtools_version} %patch300 -p1 -b .instdir %patch301 -p1 -b .mktemp %patch302 -p1 -b .simple %patch303 -p1 -b .suffix %patch304 -p1 -b .schema %patch305 -p1 -b .noaliases popd pushd openldap-%{version} for subdir in build-servers build-clients ; do mkdir $subdir ln -s ../configure $subdir done autoconf # build smbk5pwd with other overlays ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd popd %build libtool='%{_bindir}/libtool' tagname=CC; export tagname %ifarch ia64 RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0" %endif # Find OpenSSL's header and library dependencies. if pkg-config openssl ; then OPENSSL_CPPFLAGS=`pkg-config --cflags-only-I openssl` CPPFLAGS="$OPENSSL_CPPFLAGS" ; export CPPFLAGS OPENSSL_LDFLAGS=`pkg-config --libs-only-L openssl` LDFLAGS="$OPENSSL_LDFLAGS" ; export LDFLAGS fi CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS # Build 2.4. CFLAGS="$RPM_OPT_FLAGS -D_REENTRANT -fPIC"; export CFLAGS export CPPFLAGS="-I${dbdir}/include" export CFLAGS="$CPPFLAGS $RPM_OPT_FLAGS -D_REENTRANT -fPIC -D_GNU_SOURCE" export LDFLAGS="-L${dbdir}/%{_lib}" build() { %configure \ --with-threads=posix \ \ --enable-local --enable-rlookups \ \ --with-tls \ --with-cyrus-sasl \ --with-gssapi \ --with-odbc=unixodbc \ \ --enable-wrappers \ \ --enable-passwd \ \ --enable-cleartext \ --enable-crypt \ --enable-spasswd \ --enable-lmpasswd \ --enable-modules \ --disable-sql \ \ --libexecdir=%{_libdir} \ $@ make %{_smp_mflags} LIBTOOL="$libtool" } # Build the servers with Kerberos support (for password checking, mainly). LIBS=-lpthread; export LIBS pushd openldap-%{version}/build-servers build \ --enable-plugins \ --enable-slapd \ --enable-slurpd \ --enable-bdb \ --enable-hdb \ --enable-ldap \ --enable-ldbm \ --enable-ldbm-api=%{ldbm_backend} \ --enable-meta \ --enable-monitor \ --enable-null \ --enable-shell \ --enable-sql=mod \ --disable-perl \ --disable-shared \ --disable-dynamic \ --enable-static unset LIBS popd # Build clients without Kerberos password-checking support, which is only # useful in the server anyway, to avoid stray dependencies. pushd openldap-%{version}/build-clients build \ --disable-slapd \ --disable-slurpd \ --enable-shared \ --enable-dynamic \ --enable-static \ --with-pic popd # Build evolution-specific clients just as we would normal clients, except with # a different installation directory in mind and no shared libraries. pushd evo-openldap-%{version} build \ --disable-slapd \ --disable-slurpd \ --disable-shared \ --disable-dynamic \ --enable-static \ --with-pic \ --includedir=%{evolution_connector_includedir} \ --libdir=%{evolution_connector_libdir} popd %install [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT libtool='%{_bindir}/libtool' tagname=CC; export tagname mkdir -p $RPM_BUILD_ROOT/%{_libdir}/ # Install servers. pushd openldap-%{version}/build-servers make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" popd # Install clients and shared libraries. Install the evo-specific versions # first so that any conflicting files are overwritten by generic versions. pushd evo-openldap-%{version} make install DESTDIR=$RPM_BUILD_ROOT \ includedir=%{evolution_connector_includedir} \ libdir=%{evolution_connector_libdir} \ LIBTOOL="$libtool" install -m644 \ $RPM_SOURCE_DIR/README.evolution \ $RPM_BUILD_ROOT/%{evolution_connector_prefix}/ popd pushd openldap-%{version}/build-clients make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" popd # Create this directory so that authconfig setting TLS_CACERT to # /etc/openldap/cacerts doesn't cause TLS startup of any kind to fail # when the directory doesn't exist. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/openldap/cacerts # make sure the certs directory exists mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs # Touch the dummy slapd.pem to make rpmbuild happy touch $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/slapd.pem # Install the padl.com migration tools. mkdir -p $RPM_BUILD_ROOT%{_datadir}/openldap/migration install -m 755 MigrationTools-%{migtools_version}/migrate_* \ $RPM_BUILD_ROOT%{_datadir}/openldap/migration/ install -m 644 MigrationTools-%{migtools_version}/README \ $RPM_SOURCE_DIR/migration-tools.txt \ $RPM_BUILD_ROOT%{_datadir}/openldap/migration/ cp MigrationTools-%{migtools_version}/README README.migration cp $RPM_SOURCE_DIR/migration-tools.txt TOOLS.migration install -m 644 %SOURCE6 README.upgrading install -m 644 %SOURCE9 README.migration # Create the data directory. mkdir -p $RPM_BUILD_ROOT/var/lib/ldap # Create the new run directory mkdir -p $RPM_BUILD_ROOT/var/run/openldap # Hack the build root out of the default config files. perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.conf # Get the buildroot out of the man pages. perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/*/*.* # We don't need the default files -- RPM handles changes. rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.default rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/*.default # Install an init script for the servers. mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d install -m 755 $RPM_SOURCE_DIR/ldap.init $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/ldap # Install syconfig/ldap mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig install -m 644 %SOURCE10 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ldap # Add some more schema for the sake of migration scripts. install -d -m755 $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/vine install -m644 \ $RPM_SOURCE_DIR/autofs.schema \ $RPM_SOURCE_DIR/rfc822-MailMember.schema \ $RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/vine/ # Move slapd and slurpd out of _libdir mv $RPM_BUILD_ROOT/%{_libdir}/slapd $RPM_BUILD_ROOT/%{_sbindir}/ rm -f $RPM_BUILD_ROOT/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test} rm -f $RPM_BUILD_ROOT/%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test} for X in acl add auth cat dn index passwd test; do ln -s slapd $RPM_BUILD_ROOT/%{_sbindir}/slap$X ; done # Tweak permissions on the libraries to make sure they're correct. chmod 755 $RPM_BUILD_ROOT/%{_libdir}/lib*.so* chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a # Remove files which we don't want packaged. rm -f $RPM_BUILD_ROOT/%{_datadir}/openldap/migration/*.{instdir,simple,schema,mktemp,suffix,noaliases} #rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la #rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.la #rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.so* #rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.a #rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.so rm -f $RPM_BUILD_ROOT/var/openldap-data/DB_CONFIG.example rmdir $RPM_BUILD_ROOT/var/openldap-data %clean rm -rf $RPM_BUILD_ROOT %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %pre servers # Take care to only do ownership-changing if we're adding the user. if /usr/sbin/useradd -c "LDAP User" -u 55 \ -s /bin/false -r -d /var/lib/ldap ldap 2> /dev/null ; then if [ -d /var/lib/ldap ] ; then for dbfile in /var/lib/ldap/* ; do if [ -f $dbfile ] ; then chown ldap.ldap $dbfile fi done fi fi if [ "$1" = "2" ]; then # guess, if database upgrade is necessary OLD_SLAPD_VERSION=$( rpm -q --qf "%{VERSION}" openldap-servers | sed 's/\.[0-9]*$//' ) NEW_SLAPD_VERSION=$( echo %{version} | sed 's/\.[0-9]*$//' ) if [ "$OLD_SLAPD_VERSION" != "$NEW_SLAPD_VERSION" ]; then # Minor version number has changed -> slapcat/slapadd of the BDB database # is necessary. Save an ldif of the database where the "% post servers" # scriptlet can restore it. Also save the database files to a "rpmorig" # directory - Just In Case (TM) # stop the server if /sbin/service ldap status &>/dev/null; then touch /var/lib/ldap/need_start /sbin/service ldap stop &>/dev/null fi files=$(echo /var/lib/ldap/{log.*,__db.*,[a]lock}) if [ "$files" != '/var/lib/ldap/log.* /var/lib/ldap/__db.* /var/lib/ldap/[a]lock' ] ; then if /usr/sbin/slapcat -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1 ; then if [ -f /var/lib/ldap/upgrade.ldif ] ; then /bin/rm -fr /var/lib/ldap/rpmorig > /dev/null 2>&1 || : mkdir /var/lib/ldap/rpmorig mv /var/lib/ldap/{alock,*.bdb,__db.*,log.*} /var/lib/ldap/rpmorig > /dev/null 2>&1 || : cp -f /var/lib/ldap/DB_CONFIG /var/lib/ldap/rpmorig > /dev/null 2>&1 || : else /bin/rm -f /var/lib/ldap/upgrade.ldif fi fi fi fi fi exit 0 %post servers /sbin/ldconfig /sbin/chkconfig --add ldap # If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it. # It was created by the % pre above. if [ -f /var/lib/ldap/upgrade.ldif ] ; then /sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1 rm -f /var/lib/ldap/upgrade.ldif fi exec > /dev/null 2> /dev/null if [ ! -f %{_sysconfdir}/pki/tls/certs/slapd.pem ] ; then pushd %{_sysconfdir}/pki/tls/certs umask 077 cat << EOF | make slapd.pem -- SomeState SomeCity SomeOrganization SomeOrganizationalUnit localhost.localdomain root@localhost.localdomain EOF chown root:ldap slapd.pem chmod 640 slapd.pem popd fi if [ $1 -ge 1 ] ; then /sbin/service ldap condrestart &>/dev/null /sbin/service ldap status &>/dev/null if [ "$?" != "0" -a -f /var/lib/ldap/need_start ]; then /sbin/service ldap start &>/dev/null rm -f /var/lib/ldap/need_start &>/dev/null fi fi exit 0 %preun servers if [ "$1" = "0" ] ; then /sbin/service ldap stop > /dev/null 2>&1 || : /sbin/chkconfig --del ldap # Openldap-servers are being removed from system. # Do not touch the database! Older versions of this # package attempted to store database in LDIF format, so # it can be restored later - but it's up to the administrator # to save the database, if he/she wants so. fi %postun servers /sbin/ldconfig if [ $1 -ge 1 ] ; then /sbin/service ldap condrestart > /dev/null 2>&1 || : fi %post devel -p /sbin/ldconfig %postun devel -p /sbin/ldconfig %files %defattr(-,root,root) %doc openldap-%{version}/{ANNOUNCEMENT,CHANGES,COPYRIGHT,LICENSE,README,doc/rfc} %attr(0755,root,root) %dir %{_sysconfdir}/openldap %attr(0755,root,root) %dir %{_sysconfdir}/openldap/cacerts %attr(0644,root,root) %config %{_sysconfdir}/openldap/ldap*.conf %attr(0755,root,root) %{_libdir}/libl*-2.4*.so.* %attr(0644,root,root) %{_mandir}/man5/ldif.5* %attr(0644,root,root) %{_mandir}/man5/ldap.conf.5* %files servers %defattr(-,root,root) %doc README.migration TOOLS.migration %doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/guide.html %doc README.upgrading %doc openldap-%{version}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd %doc openldap-%{version}/doc/guide/admin/*.html %doc openldap-%{version}/doc/guide/admin/*.png %ghost %config %{_sysconfdir}/pki/tls/certs/slapd.pem %attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/ldap %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap*.conf %attr(0640,root,ldap) %config(noreplace) %{_sysconfdir}/openldap/slapd.conf %attr(0640,root,ldap) %{_sysconfdir}/openldap/DB_CONFIG.example %attr(0755,root,root) %dir %{_sysconfdir}/openldap/schema %attr(0644,root,root) %{_sysconfdir}/openldap/schema/README* %attr(0644,root,root) %config %{_sysconfdir}/sysconfig/ldap %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/*.schema* %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/schema/*.ldif %attr(0755,root,root) %dir %{_sysconfdir}/openldap/schema/vine %attr(0644,root,root) %config %{_sysconfdir}/openldap/schema/vine/*.schema* %attr(0755,root,root) %{_sbindir}/sl* %attr(0644,root,root) %{_mandir}/man8/* %attr(0644,root,root) %{_mandir}/man5/slapd*.5* %attr(0644,root,root) %{_mandir}/man5/slapo-*.5* %attr(0755,root,root) %dir %{_datadir}/openldap %attr(0755,root,root) %dir %{_datadir}/openldap/migration %attr(0644,root,root) %{_datadir}/openldap/migration/README %attr(0644,root,root) %config(noreplace) %{_datadir}/openldap/migration/*.ph %attr(0755,root,root) %{_datadir}/openldap/migration/*.pl %attr(0755,root,root) %{_datadir}/openldap/migration/*.sh %attr(0644,root,root) %{_datadir}/openldap/migration/*.txt %attr(0700,ldap,ldap) %dir /var/lib/ldap %attr(0755,ldap,ldap) %dir /var/run/openldap %attr(0755,root,root) %dir %{_libdir}/openldap %attr(0755,root,root) %{_libdir}/openldap/[^b]* %files servers-sql %defattr(-,root,root) %doc openldap-%{version}/servers/slapd/back-sql/docs/* %doc openldap-%{version}/servers/slapd/back-sql/rdbms_depend %attr(0755,root,root) %{_libdir}/openldap/back_sql.la %attr(0755,root,root) %{_libdir}/openldap/back_sql*.so.* %files clients %defattr(-,root,root) %attr(0755,root,root) %{_bindir}/* %attr(0644,root,root) %{_mandir}/man1/* %files devel %defattr(-,root,root) %doc openldap-%{version}/doc/drafts openldap-%{version}/doc/rfc %attr(0755,root,root) %{_libdir}/libl*.so %attr(0644,root,root) %{_libdir}/libl*.a %attr(0644,root,root) %{_includedir}/* %attr(0644,root,root) %{_mandir}/man3/* %attr(0755,root,root) %dir %{evolution_connector_prefix} %attr(0644,root,root) %{evolution_connector_prefix}/README* %attr(0755,root,root) %dir %{evolution_connector_includedir} %attr(0644,root,root) %{evolution_connector_includedir}/*.h %attr(0755,root,root) %dir %{evolution_connector_libdir} %attr(0644,root,root) %{evolution_connector_libdir}/*.a %exclude %{_libdir}/*.la #%exclude %{_libdir}/openldap/*.a %exclude %{_libdir}/openldap/*.so %exclude %{evolution_connector_libdir}/*.la %exclude %{evolution_connector_libdir}/*.so* ## to build compat32 for x86_64 architecture support %if %{build_compat32} %files -n compat32-%{name} %defattr(-,root,root) %attr(0755,root,root) %{_libdir}/libl*-2.4*.so.* # %files -n compat32-%{name}-servers-sql # %defattr(-,root,root) # %attr(0755,root,root) %{_libdir}/openldap/back_sql.la # %attr(0755,root,root) %{_libdir}/openldap/back_sql*.so.* %files -n compat32-%{name}-devel %defattr(-,root,root) %attr(0755,root,root) %{_libdir}/libl*.so %attr(0644,root,root) %{_libdir}/libl*.a %attr(0644,root,root) %{_includedir}/* %attr(0755,root,root) %dir %{evolution_connector_prefix} %attr(0644,root,root) %{evolution_connector_prefix}/README* %attr(0755,root,root) %dir %{evolution_connector_includedir} %attr(0644,root,root) %{evolution_connector_includedir}/*.h %attr(0755,root,root) %dir %{evolution_connector_libdir} %attr(0644,root,root) %{evolution_connector_libdir}/*.a %exclude %{_libdir}/*.la #%exclude %{_libdir}/openldap/*.a %exclude %{_libdir}/openldap/*.so %exclude %{evolution_connector_libdir}/*.la %exclude %{evolution_connector_libdir}/*.so* %endif %changelog * Fri Mar 6 2015 Tomohiro "Tomo-p" KATO 2.4.40-2 - added patch1000,1001 to fix CVE-2015-1545,1546. * Sat Feb 28 2015 Tomohiro "Tomo-p" KATO 2.4.40-1 - new upstream release. * Fri Feb 27 2015 Ryoichi INAGAKI 2.4.23-6 - add patch1146 for fix CVE-2013-4449 * Tue Dec 16 2014 Ryoichi INAGAKI 2.4.23-5 - added Patch700 to build with libdb 5.3.28 * Thu Jan 9 2014 IWAI, Masaharu 2.4.23-4 - build with cyrus-sasl 2.1.26 * Sun Dec 9 2012 IWAI, Masaharu 2.4.23-3 - SECURITY FIX, #2501 - patches from CentOS 6.3; openldap 2.4.23-26.el6_3.2 - CVE-2011-1024: add openldap-cve-ppolicy-forward-updates.patch (Patch1112) - CVE-2011-1025: add openldap-cve-ndb-bind-rootdn.patch (Patch1113) - CVE-2012-1164: add openldap-cve-relay-rwm-translucent.patch (Patch1141) - CVE-2012-2668: add openldap-cve-nss-cipher-suite-ignored.patch (Patch1144) - patch based CentOS 6.3; openldap 2.4.23-26.el6_3.2 - CVE-2012-2668: add openldap-cve-nss-default-cipher-suite-always-selected.patch (Patch1145) - fix document file path for servers sub package * Sat Apr 9 2011 Ryoichi INAGAKI 2.4.23-2 - added --with-odbc=unixodbc to configure * Wed Apr 6 2011 IWAI, Masaharu 2.4.23-1 - new upstream release - update MigrationTools 47 * Wed Jan 12 2011 Yoji TOYODA - 2.4.21-5 - change %%define __perl_requires instead of __find_requires * Tue Jan 11 2011 Yoji TOYODA - 2.4.21-4 - rebuild with openssl-1.0.0c * Fri Feb 12 2010 MATSUBAYASHI Kohji - 2.4.21-3 - rebuilt with gcc-4.4.3-3 on ppc * Fri Feb 5 2010 MATSUBAYASHI Kohji - 2.4.21-2 - rebuilt with rpm-4.8.0-3 (on ppc) * Tue Feb 02 2010 Daisuke SUZUKI 2.4.21-1 - new upstream release - rebuild with db4-4.8.0 - use Requires(post/pre) instead of Prereq * Sun Dec 20 2009 Satoshi IWAMOTO 2.4.16-4 - rebuild * Tue Nov 3 2009 Satoshi IWAMOTO 2.4.16-3 - add BuildConflicts: libicu-devel * Mon Nov 2 2009 Satoshi IWAMOTO 2.4.16-2 - add Patch1000 for fix CVE-2009-3767 (openssl null char) - add --with-gssapi into configure - drop --without-kerberos (it is old configure option) * Wed Aug 05 2009 NAKAMURA Kenta 2.4.16-1 - new upstream release * Sun Jul 05 2009 Munehiro Yamamoto 2.4.11-6 - dropped compat32-%%{name}-servers-sql * Sat Jul 04 2009 Munehiro Yamamoto 2.4.11-5 - added compat32 subpackages * Wed Apr 15 2009 Daisuke SUZUKI 2.4.11-4 - rebuild with libtool-2.2.6a * Sat Apr 04 2009 NAKAMURA Kenta 2.4.11-3 - use filter-requires-openldap.sh instead of find-requires * Wed Apr 01 2009 NAKAMURA Kenta 2.4.11-2 - reverted a scriptlet that dropped in 2.3.24-0vl4 * Sun Mar 01 2009 NAKAMURA Kenta 2.4.11-1 - new upstream release - applied patches from fedora's package (openldap-2.4.12-1) * Sun Mar 30 2008 Ryoichi INAGAKI 2.3.41-1vl5 - updated to 2.3.41 (Patch10 and 11 were merged into upstream) * Fri May 18 2007 Daisuke SUZUKI 2.3.27-0vl5 - rebuild with new openssl * Sat May 12 2007 Ryoichi INAGAKI 2.3.27-0vl4 - rebuilt with new toolchain/bdb 4.3 * Tue Dec 26 2006 Ryoichi INAGAKI 2.3.27-0vl3 - rebuilt for VineSeed * Thu Dec 21 2006 Satoshi IWAMOTO 2.3.27-0vl2.3 - add Vendor/Distribution tag * Wed Dec 13 2006 Satoshi IWAMOTO 2.3.27-0vl2.2 - add patch11 for fix krbv4_ldap_auth issue * Fri Nov 24 2006 Satoshi IWAMOTO 2.3.27-0vl2.1 - add patch10 for fix CVE-2006-5779 * Sun Sep 03 2006 NAKAMURA Kenta 2.3.27-0vl2 - use filter-requires-openldap.sh instead of find-requires * Sun Aug 27 2006 NAKAMURA Kenta 2.3.27-0vl1 - new upstream release * Sat Aug 26 2006 NAKAMURA Kenta 2.3.24-0vl4 - restored rfc822-MailMember.schema - update config.patch - removed a scriptlet that save and restore the database * Sat Aug 19 2006 NAKAMURA Kenta 2.3.24-0vl3 - removed internal bdb - removed autoconf-2.13.1 and automake-1.4a * Tue Jul 11 2006 NAKAMURA Kenta 2.3.24-0vl2 - removed compat-openldap subpackage * Sun Jul 02 2006 Satoshi MACHINO 2.3.24-0vl1 - New upstream release - merged to fedora's package(openldap-2.3.24-2) -- build sql backend as a loadable module -- move ucdata to the -servers subpackage where it belongs -- add compat-openldap subpackage -- update administrator guide -- build a separate, static set of libraries for openldap-devel with the non-standard ntlm bind patch applied, for use by the evolution-connector package (#125579), and installing them under %%{evolution_connector_prefix} (%{evolution_connector_prefix}) -- add libtool-ltdl-devel buildprereqs -- Upgrade internal bdb to db-4.4.20. For a clean upgrade, this will require that users slapcat their databases into a temp file, move /var/lib/ldap someplace safe, upgrade the openldap rpms, then slapadd the temp file. -- fix ldap.init -- add two upstream patches for db-4.4.20 * Wed Nov 2 2005 Ryoichi INAGAKI 2.1.30-0vl2 - rebuild for VineSeed Plus - added Japanese summary * Sat Apr 17 2004 Satoshi MACHINO 2.1.30-0vl1 - new upstream version (openldap-2.1.30) -- Fixed slapd userdb checkpass bub (ITS#3048) -- Fixed back-ldbm IDL delete bug (ITS#3048) -- Fixed libldap schema parsing bug (ITS#2920, ITS#3065) -- Fixed liblutil NS MTA MD5 passwd len bug (ITS#2899) -- Removed lint (ITS#3086) -- Documentation updated slapd.conf(5) manpage (ITS#2525) * Thu Apr 08 2004 Satoshi MACHINO 2.1.29-0vl2 - fixed ldap.ini * Sun Mar 28 2004 Satoshi MACHINO 2.1.29-0vl1 - new upstream version (openldap-2.1.29) * Wed Mar 24 2004 Satoshi MACHINO 2.1.28-0vl1 - new upstream version (openldap-2.1.28) * Mon Mar 22 2004 Satoshi MACHINO 2.1.27-0vl1 - new upstream version (openldap-2.1.27) * Sat Jan 24 2004 Satoshi MACHINO 2.1.26-0vl1 - new upstream version (openldap-2.1.26) - don't use libtool in make * Sun Oct 26 2003 Satoshi MACHINO 2.1.23-0vl1 - new upstream version (openldap-2.1.23) - updated migration tools to version 45 - used libtool * Sun Jul 20 2003 Satoshi MACHINO 2.1.22-0vl2 - for VineSeedPlus - fixed BuildPreReq * Sat Jul 19 2003 Satoshi MACHINO 2.1.22-0vl1 - for VinePlus - new upstream version (openldap-2.1.22) * Thu May 29 2003 Satoshi MACHINO 2.1.21-0vl1 - new upstream version (openldap-2.1.21) * Tue May 20 2003 Satoshi MACHINO 2.1.20-0vl1 - new upstream version * Thu May 15 2003 Satoshi MACHINO 2.1.19-1vl1 - new upstream version - merged spec file to 2.1.19-1 -- switch to db with crypto -- install the db utils for the bundled libdb as %%{_sbindir}/slapd_db_* -- install slapcat/slapadd from 2.0.x for migration purposes * Mon Jan 27 2003 Satoshi MACHINO 2.1.12-0vl1 - updated to openldap-2.1.12 -- dropped ldapfriendly * Fri Sep 06 2002 Satoshi MACHINO 2.1.4-0vl1 - updated to openldap-2.1.4 - updated guide.html * Fri Sep 06 2002 Satoshi MACHINO 2.1.3-4vl1 - updated to openldap-2.1.3 - added db-4.0.14 - updated migration tools to version 44 - merged openldap-2.1.3-4 -- updated patch0, patch1, patch3 and patch6 -- dropped patch7 and patch10 -- enable the ldbm/berkeley backend as well -- use an ldbm/berkeley database as the default -- don't install slapadd-gdbm -- allow ldapv2 binds by default -- set TLS_CACERTFILE in the default ldap.conf file * Tue Jun 11 2002 Satoshi MACHINO 2.0.25-0vl1 - updated to openldap-2.0.25 * Mon Jun 10 2002 Satoshi MACHINO 2.0.24-0vl1 - updated to openldap-2.0.24 - updated migration tools to version 40 - dropped autoconf source - dropped some patches * Sat Feb 16 2002 Satoshi MACHINO 2.0.23-0vl1 - updated openldap-2.0.23 * Wed Feb 06 2002 Satoshi MACHINO 2.0.22-0vl1 - updated openldap-2.0.22 * Mon Jan 21 2002 Satoshi MACHINO 2.0.21-0vl1 - updated openldap-2.0.21 * Wed Nov 07 2001 Satoshi MACHINO 2.0.18-0vl1 - updated openldap-2.0.18 * Sun Oct 14 2001 Satoshi MACHINO 2.0.17-0vl1 - updated openldap-2.0.17 - updated MigrationTools-38-instdir.patch - updated openldap-2.0.17-config.patch - removed openldap-2.0.3-krb5-1.1.patch * Sat Sep 22 2001 Satoshi MACHINO 2.0.14-1vl1 - update to migration tools 39 - removed patch libtool.patch and linkage.patch * Wed Sep 19 2001 Satoshi MACHINO 2.0.14-0vl0 - updated openldap-2.0.14 * Mon Jul 16 2001 MATSUBAYASHI 'Shaolin' Kohji - 2.0.11-0vl2 - rebuilt with openssl-0.9.6b * Sun May 27 2001 Satoshi MACHINO 2.0.11-0vl1 - updated * Thu Apr 12 2001 Akira TAGOH 2.0.7-14vl3 - Fixed resolve libraries path. * Wed Apr 11 2001 Satoshi MACHINO 2.0.7-14vl2 - added openldap-2.0.7-config-vine.patch - removed openldap-2.0.7-config.patch * Tue Apr 10 2001 Satoshi MACHINO 2.0.7-14vl1 - merged Rawhide's OpenLDAP Package back out pidfile patches, which interact weirdly with Linux threads mark non-standard schema as such by moving them to a different directory update to MigrationTools 36, adds netgroup support fix thinko in that last patch try to work around some buffering problems gettextize the init script move the RFCs to the base package (#21701) add support for additional OPTIONS, SLAPD_OPTIONS, and SLURPD_OPTIONS in a /etc/sysconfig/ldap file (#23549) change automount object OID from 1.3.6.1.1.1.2.9 to 1.3.6.1.1.1.2.13, per mail from the ldap-nis mailing list force -fPIC so that shared libraries don't fall over add Norbert Klasen's patch (via Del) to fix searches using ldaps URLs (OpenLDAP ITS #889) add "-h ldaps:///" to server init when TLS is enabled, in order to support ldaps in addition to the regular STARTTLS (suggested by Del) correct mismatched-dn-cn bug in migrate_automount.pl update to the correct OIDs for automount and automountInformation add notes on upgrading * Sat Nov 25 2000 Satoshi MACHINO 2.0.7-1vl2 - fixed VersionedDependencies to used _noVersionedDependencies 1 in .rpmmacros * Sat Nov 18 2000 MACHINO, satoshi 2.0.7-1vl1 - build for Vine Linux - removed kerberos - fixed config dir - fixed _sysconfdir * Tue Nov 7 2000 Nalin Dahyabhai - update to 2.0.7 - drop chdir patch (went mainstream) * Thu Nov 2 2000 Nalin Dahyabhai - change automount object classes from auxiliary to structural * Tue Oct 31 2000 Nalin Dahyabhai - update to Migration Tools 27 - change the sense of the last simple patch * Wed Oct 25 2000 Nalin Dahyabhai - reorganize the patch list to separate MigrationTools and OpenLDAP patches - switch to Luke Howard's rfc822MailMember schema instead of the aliases.schema - configure slapd to run as the non-root user "ldap" (#19370) - chdir() before chroot() (we don't use chroot, though) (#19369) - disable saving of the pid file because the parent thread which saves it and the child thread which listens have different pids * Wed Oct 11 2000 Nalin Dahyabhai - add missing required attributes to conversion scripts to comply with schema - add schema for mail aliases, autofs, and kerberosSecurityObject rooted in our own OID tree to define attributes and classes migration scripts expect - tweak automounter migration script * Mon Oct 9 2000 Nalin Dahyabhai - try adding the suffix first when doing online migrations - force ldapadd to use simple authentication in migration scripts - add indexing of a few attributes to the default configuration - add commented-out section on using TLS to default configuration * Thu Oct 5 2000 Nalin Dahyabhai - update to 2.0.6 - add buildprereq on cyrus-sasl-devel, krb5-devel, openssl-devel - take the -s flag off of slapadd invocations in migration tools - add the cosine.schema to the default server config, needed by inetorgperson * Wed Oct 4 2000 Nalin Dahyabhai - add the nis.schema and inetorgperson.schema to the default server config - make ldapadd a hard link to ldapmodify because they're identical binaries * Fri Sep 22 2000 Nalin Dahyabhai - update to 2.0.4 * Fri Sep 15 2000 Nalin Dahyabhai - remove prereq on /etc/init.d (#17531) - update to 2.0.3 - add saucer to the included clients * Wed Sep 6 2000 Nalin Dahyabhai - update to 2.0.1 * Fri Sep 1 2000 Nalin Dahyabhai - update to 2.0.0 - patch to build against MIT Kerberos 1.1 and later instead of 1.0.x * Tue Aug 22 2000 Nalin Dahyabhai - remove that pesky default password - change "Copyright:" to "License:" * Sun Aug 13 2000 Nalin Dahyabhai - adjust permissions in files lists - move libexecdir from %%{_prefix}/sbin to %%{_sbindir} * Fri Aug 11 2000 Nalin Dahyabhai - add migrate_automount.pl to the migration scripts set * Tue Aug 8 2000 Nalin Dahyabhai - build a semistatic slurpd with threads, everything else without - disable reverse lookups, per email on OpenLDAP mailing lists - make sure the execute bits are set on the shared libraries * Mon Jul 31 2000 Nalin Dahyabhai - change logging facility used from local4 to daemon (#11047) * Thu Jul 27 2000 Nalin Dahyabhai - split off clients and servers to shrink down the package and remove the base package's dependency on Perl - make certain that the binaries have sane permissions * Mon Jul 17 2000 Nalin Dahyabhai - move the init script back * Thu Jul 13 2000 Nalin Dahyabhai - tweak the init script to only source /etc/sysconfig/network if it's found * Wed Jul 12 2000 Prospector - automatic rebuild * Mon Jul 10 2000 Nalin Dahyabhai - switch to gdbm; I'm getting off the db merry-go-round - tweak the init script some more - add instdir to @INC in migration scripts * Thu Jul 6 2000 Nalin Dahyabhai - tweak init script to return error codes properly - change initscripts dependency to one on /etc/init.d * Tue Jul 4 2000 Nalin Dahyabhai - prereq initscripts - make migration scripts use mktemp * Tue Jun 27 2000 Nalin Dahyabhai - do condrestart in post and stop in preun - move init script to /etc/init.d * Fri Jun 16 2000 Nalin Dahyabhai - update to 1.2.11 - add condrestart logic to init script - munge migration scripts so that you don't have to be /usr/share/openldap/migration to run them - add code to create pid files in /var/run * Mon Jun 5 2000 Nalin Dahyabhai - FHS tweaks - fix for compiling with libdb2 * Thu May 4 2000 Bill Nottingham - minor tweak so it builds on ia64 * Wed May 3 2000 Nalin Dahyabhai - more minimalistic fix for bug #11111 after consultation with OpenLDAP team - backport replacement for the ldapuser patch * Tue May 2 2000 Nalin Dahyabhai - fix segfaults from queries with commas in them in in.xfingerd (bug #11111) * Tue Apr 25 2000 Nalin Dahyabhai - update to 1.2.10 - add revamped version of patch from kos@bastard.net to allow execution as any non-root user - remove test suite from %%build because of weirdness in the build system * Wed Apr 12 2000 Nalin Dahyabhai - move the defaults for databases and whatnot to /var/lib/ldap (bug #10714) - fix some possible string-handling problems * Mon Feb 14 2000 Bill Nottingham - start earlier, stop later. * Thu Feb 3 2000 Nalin Dahyabhai - auto rebuild in new environment (release 4) * Tue Feb 1 2000 Nalin Dahyabhai - add -D_REENTRANT to make threaded stuff more stable, even though it looks like the sources define it, too - mark *.ph files in migration tools as config files * Fri Jan 21 2000 Nalin Dahyabhai - update to 1.2.9 * Mon Sep 13 1999 Bill Nottingham - strip files * Sat Sep 11 1999 Bill Nottingham - update to 1.2.7 - fix some bugs from bugzilla (#4885, #4887, #4888, #4967) - take include files out of base package * Fri Aug 27 1999 Jeff Johnson - missing ;; in init script reload) (#4734). * Tue Aug 24 1999 Cristian Gafton - move stuff from /usr/libexec to /usr/sbin - relocate config dirs to /etc/openldap * Mon Aug 16 1999 Bill Nottingham - initscript munging * Wed Aug 11 1999 Cristian Gafton - add the migration tools to the package * Fri Aug 06 1999 Cristian Gafton - upgrade to 1.2.6 - add rc.d script - split -devel package * Sun Feb 07 1999 Preston Brown - upgrade to latest stable (1.1.4), it now uses configure macro. * Fri Jan 15 1999 Bill Nottingham - build on arm, glibc2.1 * Wed Oct 28 1998 Preston Brown - initial cut. - patches for signal handling on the alpha