From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- net-nds/openldap/files/DB_CONFIG.fast.example | 25 +++ .../files/openldap-2.2.14-perlthreadsfix.patch | 12 ++ net-nds/openldap/files/openldap-2.2.6-ntlm.patch | 199 +++++++++++++++++++++ .../openldap/files/openldap-2.3.21-ppolicy.patch | 13 ++ .../files/openldap-2.3.24-contrib-smbk5pwd.patch | 53 ++++++ net-nds/openldap/files/openldap-2.3.34-slapd-conf | 64 +++++++ .../openldap/files/openldap-2.3.37-libldap_r.patch | 21 +++ .../openldap/files/openldap-2.3.43-fix-hang.patch | 19 ++ net-nds/openldap/files/openldap-2.3.XY-gcc44.patch | 30 ++++ .../openldap/files/openldap-2.4.11-libldap_r.patch | 11 ++ .../openldap/files/openldap-2.4.15-ppolicy.patch | 12 ++ ...enldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch | 109 +++++++++++ net-nds/openldap/files/openldap-2.4.17-gcc44.patch | 11 ++ .../openldap/files/openldap-2.4.28-fix-dash.patch | 26 +++ .../files/openldap-2.4.28-gnutls-gcrypt.patch | 11 ++ net-nds/openldap/files/openldap-2.4.31-gcc47.patch | 16 ++ .../files/openldap-2.4.35-contrib-samba4.patch | 38 ++++ .../files/openldap-2.4.35-contrib-smbk5pwd.patch | 48 +++++ net-nds/openldap/files/openldap-2.4.40-slapd-conf | 64 +++++++ .../files/openldap-2.4.42-mdb-unbundle.patch | 136 ++++++++++++++ ...enldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch | 109 +++++++++++ .../openldap/files/openldap-2.4.45-libressl.patch | 65 +++++++ .../files/openldap-2.4.6-evolution-ntlm.patch | 192 ++++++++++++++++++++ net-nds/openldap/files/slapd-confd | 14 ++ net-nds/openldap/files/slapd-confd-2.4.28-r1 | 26 +++ net-nds/openldap/files/slapd-initd | 29 +++ net-nds/openldap/files/slapd-initd-2.4.40-r2 | 64 +++++++ net-nds/openldap/files/slapd.service | 12 ++ net-nds/openldap/files/slapd.service.conf | 12 ++ net-nds/openldap/files/slapd.tmpfilesd | 2 + net-nds/openldap/files/slurpd-initd | 21 +++ 31 files changed, 1464 insertions(+) create mode 100644 net-nds/openldap/files/DB_CONFIG.fast.example create mode 100644 net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch create mode 100644 net-nds/openldap/files/openldap-2.2.6-ntlm.patch create mode 100644 net-nds/openldap/files/openldap-2.3.21-ppolicy.patch create mode 100644 net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch create mode 100644 net-nds/openldap/files/openldap-2.3.34-slapd-conf create mode 100644 net-nds/openldap/files/openldap-2.3.37-libldap_r.patch create mode 100644 net-nds/openldap/files/openldap-2.3.43-fix-hang.patch create mode 100644 net-nds/openldap/files/openldap-2.3.XY-gcc44.patch create mode 100644 net-nds/openldap/files/openldap-2.4.11-libldap_r.patch create mode 100644 net-nds/openldap/files/openldap-2.4.15-ppolicy.patch create mode 100644 net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch create mode 100644 net-nds/openldap/files/openldap-2.4.17-gcc44.patch create mode 100644 net-nds/openldap/files/openldap-2.4.28-fix-dash.patch create mode 100644 net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch create mode 100644 net-nds/openldap/files/openldap-2.4.31-gcc47.patch create mode 100644 net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch create mode 100644 net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch create mode 100644 net-nds/openldap/files/openldap-2.4.40-slapd-conf create mode 100644 net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch create mode 100644 net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch create mode 100644 net-nds/openldap/files/openldap-2.4.45-libressl.patch create mode 100644 net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch create mode 100644 net-nds/openldap/files/slapd-confd create mode 100644 net-nds/openldap/files/slapd-confd-2.4.28-r1 create mode 100644 net-nds/openldap/files/slapd-initd create mode 100644 net-nds/openldap/files/slapd-initd-2.4.40-r2 create mode 100644 net-nds/openldap/files/slapd.service create mode 100644 net-nds/openldap/files/slapd.service.conf create mode 100644 net-nds/openldap/files/slapd.tmpfilesd create mode 100644 net-nds/openldap/files/slurpd-initd (limited to 'net-nds/openldap/files') diff --git a/net-nds/openldap/files/DB_CONFIG.fast.example b/net-nds/openldap/files/DB_CONFIG.fast.example new file mode 100644 index 000000000000..8b52062c9c22 --- /dev/null +++ b/net-nds/openldap/files/DB_CONFIG.fast.example @@ -0,0 +1,25 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1 2004/06/18 02:49:08 kurt Exp $ +# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. +# +# See Sleepycat Berkeley DB documentation +# +# for detail description of DB_CONFIG syntax and semantics. +# +# Hints can also be found in the OpenLDAP Software FAQ +# + +# one 0.25 GB cache +set_cachesize 0 16777216 0 + +# Data Directory +#set_data_dir db + +# Transaction Log settings +set_lg_regionmax 262144 +set_lg_bsize 524288 +#set_lg_dir logs + +# When using (and only when using) slapadd(8) or slapindex(8), +# the following flags may be useful: +#set_flags DB_TXN_NOSYNC +#set_flags DB_TXN_NOT_DURABLE diff --git a/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch b/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch new file mode 100644 index 000000000000..ddb6672a5fa7 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.2.14-perlthreadsfix.patch @@ -0,0 +1,12 @@ +diff -ur openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in openldap-2.2.14/servers/slapd/back-perl/Makefile.in +--- openldap-2.2.14.orig/servers/slapd/back-perl/Makefile.in 2004-04-12 11:20:14.000000000 -0700 ++++ openldap-2.2.14/servers/slapd/back-perl/Makefile.in 2004-06-20 18:43:41.000000000 -0700 +@@ -31,7 +31,7 @@ + + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) +-UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ++UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) `perl -MExtUtils::Embed -e ldopts` + + LIBBASE = back_perl + diff --git a/net-nds/openldap/files/openldap-2.2.6-ntlm.patch b/net-nds/openldap/files/openldap-2.2.6-ntlm.patch new file mode 100644 index 000000000000..1e52f99f1988 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.2.6-ntlm.patch @@ -0,0 +1,199 @@ +(Note that this patch is not useful on its own... it just adds some +hooks to work with the LDAP authentication process at a lower level +than the API otherwise allows. The code that calls these hooks and +actually drives the NTLM authentication process is in +lib/e2k-global-catalog.c, and the code that actually implements the +NTLM algorithms is in xntlm/.) + +This is a patch against OpenLDAP 2.2.6. Apply with -p0 + + +--- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500 ++++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400 +@@ -1753,5 +1753,26 @@ + LDAPControl **cctrls )); + + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +--- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500 ++++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400 +@@ -20,7 +20,7 @@ + SRCS = bind.c open.c result.c error.c compare.c search.c \ + controls.c messages.c references.c extended.c cyrus.c \ + modify.c add.c modrdn.c delete.c abandon.c \ +- sasl.c sbind.c kbind.c unbind.c cancel.c \ ++ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \ + filter.c free.c sort.c passwd.c whoami.c \ + getdn.c getentry.c getattr.c getvalues.c addentry.c \ + request.c os-ip.c url.c sortctrl.c vlvctrl.c \ +@@ -29,7 +29,7 @@ + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ + controls.lo messages.lo references.lo extended.lo cyrus.lo \ + modify.lo add.lo modrdn.lo delete.lo abandon.lo \ +- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \ ++ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \ + filter.lo free.lo sort.lo passwd.lo whoami.lo \ + getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ + request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \ +--- /dev/null 2004-06-30 15:04:37.000000000 -0400 ++++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400 +@@ -0,0 +1,137 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include ++#include ++ ++#include ++#include ++#include ++#include ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ber_int_t id; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ LDAP_NEXT_MSGID( ld, id ); ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ id, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} diff --git a/net-nds/openldap/files/openldap-2.3.21-ppolicy.patch b/net-nds/openldap/files/openldap-2.3.21-ppolicy.patch new file mode 100644 index 000000000000..06bbee86f1c9 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.21-ppolicy.patch @@ -0,0 +1,13 @@ +--- clients.orig/tools/common.c 2006-05-05 00:24:01.000000000 -0700 ++++ clients/tools/common.c 2006-05-05 00:24:13.000000000 -0700 +@@ -904,8 +904,8 @@ + tool_bind( LDAP *ld ) + { + #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST +- if ( ppolicy ) { + LDAPControl *ctrls[2], c; ++ if ( ppolicy ) { + c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; + diff --git a/net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch b/net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch new file mode 100644 index 000000000000..091ff26a17b0 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch @@ -0,0 +1,53 @@ +--- contrib/slapd-modules/smbk5pwd/Makefile.ORIG 2006-05-17 13:11:57.194660019 +0300 ++++ contrib/slapd-modules/smbk5pwd/Makefile 2006-05-17 13:11:14.503082288 +0300 +@@ -9,29 +9,39 @@ + # top-level directory of the distribution or, alternatively, at + # . + ++#libexecdir=/usr/lib/openldap ++moduledir=$(libexecdir)/openldap + LIBTOOL=../../../libtool +-OPT=-g -O2 ++#OPT= + CC=gcc + + # Omit DO_KRB5 or DO_SAMBA if you don't want to support it. +-DEFS=-DDO_KRB5 -DDO_SAMBA ++#DEFS= + +-HEIMDAL_INC=-I/usr/heimdal/include ++#KRB5_INC= + SSL_INC= + LDAP_INC=-I../../../include -I../../../servers/slapd +-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) ++INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC) + +-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv ++KRB5_LIB=-lkrb5 -lkadm5srv + SSL_LIB=-lcrypto +-LDAP_LIB=-lldap_r -llber +-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB) +- ++LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber ++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS))) ++ LIBS=$(LDAP_LIB) $(SSL_LIB) ++else ++ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB) ++endif ++ + all: smbk5pwd.la + + + smbk5pwd.lo: smbk5pwd.c +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $? ++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $? + + smbk5pwd.la: smbk5pwd.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \ +- -rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS) ++ $(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \ ++ -rpath $(moduledir) -module -o $@ $? $(LIBS) ++ ++install-mod: ++ $(LIBTOOL) --mode=install ../../../build/shtool install -c \ ++ -m 755 smbk5pwd.la $(DESTDIR)$(moduledir) diff --git a/net-nds/openldap/files/openldap-2.3.34-slapd-conf b/net-nds/openldap/files/openldap-2.3.34-slapd-conf new file mode 100644 index 000000000000..ad767cfdeb7c --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.34-slapd-conf @@ -0,0 +1,64 @@ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include /etc/openldap/schema/core.schema + +# Define global ACLs to disable default read access. + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /var/run/openldap/slapd.pid +argsfile /var/run/openldap/slapd.args + +# Load dynamic backend modules: +###INSERTDYNAMICMODULESHERE### + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! + +####################################################################### +# BDB database definitions +####################################################################### + +database hdb +suffix "dc=my-domain,dc=com" +# +checkpoint 32 30 +rootdn "cn=Manager,dc=my-domain,dc=com" +# Cleartext passwords, especially for the rootdn, should +# be avoid. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +rootpw secret +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/openldap-data +# Indices to maintain +index objectClass eq diff --git a/net-nds/openldap/files/openldap-2.3.37-libldap_r.patch b/net-nds/openldap/files/openldap-2.3.37-libldap_r.patch new file mode 100644 index 000000000000..d015bda2abbe --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.37-libldap_r.patch @@ -0,0 +1,21 @@ +--- libraries/libldap_r/Makefile.in.old 2007-01-02 22:43:50.000000000 +0100 ++++ libraries/libldap_r/Makefile.in 2007-08-22 13:32:20.000000000 +0200 +@@ -56,7 +56,7 @@ + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) + XXXLIBS = $(LTHREAD_LIBS) + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) +-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) ++UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) + + .links : Makefile + @for i in $(XXSRCS); do \ +--- servers/slapd/slapi/Makefile.in.old 2007-01-02 22:44:10.000000000 +0100 ++++ servers/slapd/slapi/Makefile.in 2007-08-22 14:58:51.000000000 +0200 +@@ -37,6 +37,7 @@ + XLIBS = $(LIBRARY) + XXLIBS = + NT_LINK_LIBS = $(AC_LIBS) ++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS) + + XINCPATH = -I$(srcdir)/.. -I$(srcdir) + XDEFS = $(MODULES_CPPFLAGS) diff --git a/net-nds/openldap/files/openldap-2.3.43-fix-hang.patch b/net-nds/openldap/files/openldap-2.3.43-fix-hang.patch new file mode 100644 index 000000000000..7e1f4457bd94 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.43-fix-hang.patch @@ -0,0 +1,19 @@ +commit a3f40e5601c0c522f2bda418374fb415bdcbd75c +Author: Quanah Gibson-Mount +Date: Thu Mar 24 02:25:49 2011 +0000 + + sl_busy is used as a boolean so just set it, don't increment it + +diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c +index 2a7a48e..df6d096 100644 +--- a/servers/slapd/daemon.c ++++ b/servers/slapd/daemon.c +@@ -2098,7 +2098,7 @@ slap_listener_activate( + Debug( LDAP_DEBUG_TRACE, "slap_listener_activate(%d): %s\n", + sl->sl_sd, sl->sl_busy ? "busy" : "", 0 ); + +- sl->sl_busy++; ++ sl->sl_busy = 1; + + rc = ldap_pvt_thread_pool_submit( &connection_pool, + slap_listener_thread, (void *) sl ); diff --git a/net-nds/openldap/files/openldap-2.3.XY-gcc44.patch b/net-nds/openldap/files/openldap-2.3.XY-gcc44.patch new file mode 100644 index 000000000000..0213d81dc85c --- /dev/null +++ b/net-nds/openldap/files/openldap-2.3.XY-gcc44.patch @@ -0,0 +1,30 @@ +--- include/ldap_pvt_thread.h 2009-04-03 08:51:30.000000000 -0400 ++++ include/ldap_pvt_thread.h 2009-04-03 08:56:36.000000000 -0400 +@@ -57,12 +57,12 @@ + + #ifndef LDAP_PVT_THREAD_H_DONE + #define LDAP_PVT_THREAD_SET_STACK_SIZE +-#ifndef LDAP_PVT_THREAD_STACK_SIZE +- /* LARGE stack. Will be twice as large on 64 bit machine. */ +-#define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) ) + /* May be explicitly defined to zero to disable it */ +-#elif LDAP_PVT_THREAD_STACK_SIZE == 0 ++#if defined( LDAP_PVT_THREAD_STACK_SIZE ) && LDAP_PVT_THREAD_STACK_SIZE == 0 + #undef LDAP_PVT_THREAD_SET_STACK_SIZE ++#elif !defined(LDAP_PVT_THREAD_STACK_SIZE) ++ /* LARGE stack. Will be twice as large on 64 bit machine. */ ++#define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) ) + #endif + #endif /* !LDAP_PVT_THREAD_H_DONE */ + +--- libraries/libldap/os-ip.c 2009-04-03 08:51:30.000000000 -0400 ++++ libraries/libldap/os-ip.c 2009-04-03 08:54:47.000000000 -0400 +@@ -652,7 +652,7 @@ + char *herr; + #ifdef NI_MAXHOST + char hbuf[NI_MAXHOST]; +-#elif defined( MAXHOSTNAMELEN ++#elif defined( MAXHOSTNAMELEN ) + char hbuf[MAXHOSTNAMELEN]; + #else + char hbuf[256]; diff --git a/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch b/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch new file mode 100644 index 000000000000..448249a3b583 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.11-libldap_r.patch @@ -0,0 +1,11 @@ +diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in +--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800 ++++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700 +@@ -37,6 +37,7 @@ + XLIBS = $(LIBRARY) + XXLIBS = + NT_LINK_LIBS = $(AC_LIBS) ++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS) + + XINCPATH = -I$(srcdir)/.. -I$(srcdir) + XDEFS = $(MODULES_CPPFLAGS) diff --git a/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch new file mode 100644 index 000000000000..3195ee550f68 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.15-ppolicy.patch @@ -0,0 +1,12 @@ +--- openldap-2.4.15/clients/tools/common.c.orig 2009-02-05 15:05:03.000000000 -0800 ++++ openldap-2.4.15/clients/tools/common.c 2009-03-21 01:45:14.000000000 -0700 +@@ -1315,8 +1315,8 @@ + int nsctrls = 0; + + #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST ++ LDAPControl c; + if ( ppolicy ) { +- LDAPControl c; + c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; diff --git a/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch new file mode 100644 index 000000000000..e5117468f809 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch @@ -0,0 +1,109 @@ +If GnuTLS is used, the lmpasswd module for USE=samba does not compile. +Forward-port an old Debian patch that upstream never applied. + +Signed-off-by: Robin H. Johnson +Signed-off-by: Steffen Hau +X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633 +X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997 +X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341 + +--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700 ++++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700 +@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8]; + typedef PK11Context *des_context[1]; + #define DES_ENCRYPT CKA_ENCRYPT + ++#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++# include ++static int gcrypt_init = 0; ++ ++typedef const void* des_key; ++typedef unsigned char des_cblock[8]; ++typedef des_cblock des_data_block; ++typedef int des_key_schedule; /* unused */ ++typedef des_key_schedule des_context; /* unused */ ++#define des_failed(encrypted) 0 ++#define des_finish(key, schedule) ++ ++#define des_set_key_unchecked( key, key_sched ) \ ++ gcry_cipher_setkey( hd, key, 8 ) ++ ++#define des_ecb_encrypt( input, output, key_sched, enc ) \ ++ gcry_cipher_encrypt( hd, *output, 8, *input, 8 ) ++ ++#define des_set_odd_parity( key ) do {} while(0) ++ + #endif + + #endif /* SLAPD_LMHASH */ +@@ -651,7 +671,7 @@ static int chk_md5( + + #ifdef SLAPD_LMHASH + +-#if defined(HAVE_OPENSSL) ++#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H) + + /* + * abstract away setting the parity. +@@ -841,6 +861,19 @@ static int chk_lanman( + des_data_block StdText = "KGS!@#$%"; + des_data_block PasswordHash1, PasswordHash2; + char PasswordHash[33], storedPasswordHash[33]; ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_hd_t hd; ++ ++ if ( !gcrypt_init ) { ++ gcry_check_version( GCRYPT_VERSION ); ++ gcrypt_init = 1; ++ } ++ ++ schedule = schedule; /* unused - avoid warning */ ++ ++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + for( i=0; ibv_len; i++) { + if(cred->bv_val[i] == '\0') { +@@ -883,6 +916,10 @@ static int chk_lanman( + strncpy( storedPasswordHash, passwd->bv_val, 32 ); + storedPasswordHash[32] = '\0'; + ldap_pvt_str2lower( storedPasswordHash ); ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_close( hd ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; + } +@@ -1138,6 +1175,19 @@ static int hash_lanman( + des_data_block PasswordHash1, PasswordHash2; + char PasswordHash[33]; + ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_hd_t hd; ++ ++ if ( !gcrypt_init ) { ++ gcry_check_version( GCRYPT_VERSION ); ++ gcrypt_init = 1; ++ } ++ ++ schedule = schedule; /* unused - avoid warning */ ++ ++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ ++ + for( i=0; ibv_len; i++) { + if(passwd->bv_val[i] == '\0') { + return LUTIL_PASSWD_ERR; /* NUL character in password */ +@@ -1168,6 +1218,10 @@ static int hash_lanman( + + hash->bv_val = PasswordHash; + hash->bv_len = 32; ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_close( hd ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + return pw_string( scheme, hash ); + } diff --git a/net-nds/openldap/files/openldap-2.4.17-gcc44.patch b/net-nds/openldap/files/openldap-2.4.17-gcc44.patch new file mode 100644 index 000000000000..aa7fe7ac35f6 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.17-gcc44.patch @@ -0,0 +1,11 @@ +diff -ur openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp +--- openldap-2.4.17.orig/contrib/ldapc++/src/SaslInteractionHandler.cpp 2008-04-15 02:09:26.000000000 +0300 ++++ openldap-2.4.17/contrib/ldapc++/src/SaslInteractionHandler.cpp 2009-08-10 13:21:24.000000000 +0300 +@@ -13,6 +13,7 @@ + #include + #endif + ++#include + #include + #include "SaslInteractionHandler.h" + #include "SaslInteraction.h" diff --git a/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch b/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch new file mode 100644 index 000000000000..d15c3d2231f4 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.28-fix-dash.patch @@ -0,0 +1,26 @@ +Our libtool needs bash to work properly. +Patch unbreaks build when /bin/sh points to dash: + + Entering subdirectory liblber + /bin/sh ../../libtool --mode=compile x86_64-pc-linux-gnu-gcc -O0 -D_GNU_SOURCE -I../../include -I../../include -I/usr/include/db4.8 -DLDAP_CONNECTIONLESS -DLBER_LIBRARY -c assert.c + ../../build/mkversion -v "2.4.28" liblber.la > version.c + /bin/sh ../../libtool --mode=compile x86_64-pc-linux-gnu-gcc -O0 -D_GNU_SOURCE -I../../include -I../../include -I/usr/include/db4.8 -DLDAP_CONNECTIONLESS -DLBER_LIBRARY -c decode.c + eval: 1: base_compile+= x86_64-pc-linux-gnu-gcc: not found + eval: 1: base_compile+= -O0: not found + eval: 1: base_compile+= -D_GNU_SOURCE: not found + eval: 1: base_compile+= x86_64-pc-linux-gnu-gcc: not found + ... + make[2]: *** [decode.lo] Error 1 +diff --git a/build/top.mk b/build/top.mk +index 6fea488..ea324e3 100644 +--- a/build/top.mk ++++ b/build/top.mk +@@ -20,7 +20,7 @@ VERSION= @VERSION@ + RELEASEDATE= @OPENLDAP_RELEASE_DATE@ + + @SET_MAKE@ +-SHELL = /bin/sh ++SHELL = @SHELL@ + + top_builddir = @top_builddir@ + diff --git a/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch b/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch new file mode 100644 index 000000000000..aeecb0f40132 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.28-gnutls-gcrypt.patch @@ -0,0 +1,11 @@ +--- openldap-2.4.28/configure.in.orig 2012-02-11 22:40:36.004360795 +0000 ++++ openldap-2.4.28/configure.in 2012-02-11 22:40:13.410986851 +0000 +@@ -1214,7 +1214,7 @@ + ol_with_tls=gnutls + ol_link_tls=yes + +- TLS_LIBS="-lgnutls" ++ TLS_LIBS="-lgnutls -lgcrypt" + + AC_DEFINE(HAVE_GNUTLS, 1, + [define if you have GNUtls]) diff --git a/net-nds/openldap/files/openldap-2.4.31-gcc47.patch b/net-nds/openldap/files/openldap-2.4.31-gcc47.patch new file mode 100644 index 000000000000..5b6af4b29564 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.31-gcc47.patch @@ -0,0 +1,16 @@ +Fix building with gcc-4.7 + +https://bugs.gentoo.org/show_bug.cgi?id=420959 +http://www.openldap.org/its/index.cgi/Incoming?id=7304;page=16 #ITS 7304 + +Patch written by Kacper Kowalik +--- a/contrib/ldapc++/src/SaslInteractionHandler.cpp ++++ b/contrib/ldapc++/src/SaslInteractionHandler.cpp +@@ -16,6 +16,7 @@ + + #include + #include ++#include + #include "SaslInteractionHandler.h" + #include "SaslInteraction.h" + #include "debug.h" diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch new file mode 100644 index 000000000000..4312dc7c55ea --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.35-contrib-samba4.patch @@ -0,0 +1,38 @@ +diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile openldap-2.4.35/contrib/slapd-modules/samba4/Makefile +--- openldap-2.4.35.orig/contrib/slapd-modules/samba4/Makefile 2013-03-28 15:41:51.000000000 +0000 ++++ openldap-2.4.35/contrib/slapd-modules/samba4/Makefile 2013-04-16 02:16:40.651868432 +0000 +@@ -20,7 +20,8 @@ + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 -Wall ++#OPT = -g -O2 -Wall ++OPT = -Wall + DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \ + -DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \ + -DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC +@@ -41,20 +42,20 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + pguid.la: pguid.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + rdnval.la: rdnval.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + vernum.la: vernum.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: diff --git a/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch new file mode 100644 index 000000000000..4383802a0ead --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.35-contrib-smbk5pwd.patch @@ -0,0 +1,48 @@ +diff -Nuar openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile +--- openldap-2.4.35.orig/contrib/slapd-modules/smbk5pwd/Makefile 2013-03-28 15:41:51.000000000 +0000 ++++ openldap-2.4.35/contrib/slapd-modules/smbk5pwd/Makefile 2013-04-16 02:13:38.939913119 +0000 +@@ -21,16 +21,23 @@ + SSL_INC = + SSL_LIB = -lcrypto + +-HEIMDAL_INC = -I/usr/heimdal/include +-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++#HEIMDAL_INC = -I/usr/heimdal/include ++#HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++KRB5_INC = $(HEIMDAL_INC) ++KRB5_LIB = $(HEIMDAL_LIB) -lkrb5 -lkadm5srv + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +-OPT = -g -O2 -Wall ++#OPT = -g -O2 -Wall ++OPT = -Wall + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. +-DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW +-INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) +-LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB) ++#DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW ++INCS = $(LDAP_INC) $(KRB5_INC) $(SSL_INC) ++ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS))) ++ LIBS=$(LDAP_LIB) $(SSL_LIB) ++else ++ LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB) ++endif + + PROGRAMS = smbk5pwd.la + LTVER = 0:0:0 +@@ -46,12 +53,12 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(CFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + smbk5pwd.la: smbk5pwd.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(OPT) $(CFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: diff --git a/net-nds/openldap/files/openldap-2.4.40-slapd-conf b/net-nds/openldap/files/openldap-2.4.40-slapd-conf new file mode 100644 index 000000000000..8ecc732b9672 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.40-slapd-conf @@ -0,0 +1,64 @@ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include /etc/openldap/schema/core.schema + +# Define global ACLs to disable default read access. + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /run/openldap/slapd.pid +argsfile /run/openldap/slapd.args + +# Load dynamic backend modules: +###INSERTDYNAMICMODULESHERE### + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! + +####################################################################### +# BDB database definitions +####################################################################### + +database hdb +suffix "dc=my-domain,dc=com" +# +checkpoint 32 30 +rootdn "cn=Manager,dc=my-domain,dc=com" +# Cleartext passwords, especially for the rootdn, should +# be avoid. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +rootpw secret +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/openldap-data +# Indices to maintain +index objectClass eq diff --git a/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch new file mode 100644 index 000000000000..9265a01701ab --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.42-mdb-unbundle.patch @@ -0,0 +1,136 @@ +--- ./build/top.mk.orig 2014-10-24 14:34:59.260827298 +0200 ++++ ./build/top.mk 2014-10-24 14:35:25.281168893 +0200 +@@ -160,6 +160,7 @@ + LTHREAD_LIBS = @LTHREAD_LIBS@ + + BDB_LIBS = @BDB_LIBS@ ++MDB_LIBS = @MDB_LIBS@ + SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@ + + LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la +--- ./build/openldap.m4.orig 2014-10-24 10:52:02.837221734 +0200 ++++ ./build/openldap.m4 2014-10-24 11:31:02.748087966 +0200 +@@ -563,6 +563,38 @@ + ], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])]) + ]) + ++dnl -------------------------------------------------------------------- ++dnl Check for version compatility with back-mdb ++AC_DEFUN([OL_MDB_COMPAT], ++[AC_CACHE_CHECK([if LMDB version supported by MDB backends], [ol_cv_mdb_compat],[ ++ AC_EGREP_CPP(__mdb_version_compat,[ ++#include ++ ++/* require 0.9.14 or later */ ++#if MDB_VERSION_FULL >= 0x00000009000E ++ __mdb_version_compat ++#endif ++ ], [ol_cv_mdb_compat=yes], [ol_cv_mdb_compat=no])]) ++]) ++ ++dnl ++dnl -------------------------------------------------------------------- ++dnl Find any MDB ++AC_DEFUN([OL_MDB], ++[ol_cv_mdb=no ++AC_CHECK_HEADERS(lmdb.h) ++if test $ac_cv_header_lmdb_h = yes; then ++ OL_MDB_COMPAT ++ ++ if test $ol_cv_mdb_compat != yes ; then ++ AC_MSG_ERROR([LMDB version incompatible with MDB backends]) ++ fi ++ ++ ol_cv_lib_mdb=-llmdb ++ ol_cv_mdb=yes ++fi ++]) ++ + dnl + dnl ==================================================================== + dnl Check POSIX Thread version +--- ./servers/slapd/back-mdb/Makefile.in.orig 2014-10-24 10:31:30.860931076 +0200 ++++ ./servers/slapd/back-mdb/Makefile.in 2014-10-24 14:33:33.803705424 +0200 +@@ -25,11 +25,10 @@ + extended.lo operational.lo \ + attr.lo index.lo key.lo filterindex.lo \ + dn2entry.lo dn2id.lo id2entry.lo idl.lo \ +- nextid.lo monitor.lo mdb.lo midl.lo ++ nextid.lo monitor.lo + + LDAP_INCDIR= ../../../include + LDAP_LIBDIR= ../../../libraries +-MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb + + BUILD_OPT = "--enable-mdb" + BUILD_MOD = @BUILD_MDB@ +@@ -44,7 +43,7 @@ + + LIBBASE = back_mdb + +-XINCPATH = -I.. -I$(srcdir)/.. -I$(MDB_SUBDIR) ++XINCPATH = -I.. -I$(srcdir)/.. + XDEFS = $(MODULES_CPPFLAGS) + + all-local-lib: ../.backend +@@ -52,11 +51,5 @@ + ../.backend: lib$(LIBBASE).a + @touch $@ + +-mdb.lo: $(MDB_SUBDIR)/mdb.c +- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/mdb.c +- +-midl.lo: $(MDB_SUBDIR)/midl.c +- $(LTCOMPILE_MOD) $(MDB_SUBDIR)/midl.c +- + veryclean-local-lib: FORCE + $(RM) $(XXHEADERS) $(XXSRCS) .links +--- ./configure.in.orig 2014-10-24 10:46:53.289139847 +0200 ++++ ./configure.in 2014-10-24 10:51:34.372846374 +0200 +@@ -519,6 +519,7 @@ + dnl Initialize vars + LDAP_LIBS= + BDB_LIBS= ++MDB_LIBS= + SLAPD_NDB_LIBS= + SLAPD_NDB_INCS= + LTHREAD_LIBS= +@@ -1905,6 +1906,30 @@ + fi + + dnl ---------------------------------------------------------------- ++ol_link_mdb=no ++ ++if test $ol_enable_mdb != no; then ++ OL_MDB ++ ++ if test $ol_cv_mdb = no ; then ++ AC_MSG_ERROR(MDB: LMDB not available) ++ fi ++ ++ AC_DEFINE(HAVE_MDB,1, ++ [define this if LMDB is available]) ++ ++ dnl $ol_cv_lib_mdb should be yes or -llmdb ++ dnl (it could be no, but that would be an error ++ if test $ol_cv_lib_mdb != yes ; then ++ MDB_LIBS="$MDB_LIBS $ol_cv_lib_mdb" ++ fi ++ ++ SLAPD_LIBS="$SLAPD_LIBS \$(MDB_LIBS)" ++ ++ ol_link_mdb=yes ++fi ++ ++dnl ---------------------------------------------------------------- + + if test $ol_enable_dynamic = yes && test $enable_shared = yes ; then + BUILD_LIBS_DYNAMIC=shared +@@ -3133,6 +3158,7 @@ + AC_SUBST(LDAP_LIBS) + AC_SUBST(SLAPD_LIBS) + AC_SUBST(BDB_LIBS) ++AC_SUBST(MDB_LIBS) + AC_SUBST(SLAPD_NDB_LIBS) + AC_SUBST(SLAPD_NDB_INCS) + AC_SUBST(LTHREAD_LIBS) diff --git a/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch new file mode 100644 index 000000000000..29688fcb14c8 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.45-fix-lmpasswd-gnutls-symbols.patch @@ -0,0 +1,109 @@ +If GnuTLS is used, the lmpasswd module for USE=samba does not compile. +Forward-port an old Debian patch that upstream never applied. + +Signed-off-by: Robin H. Johnson +Signed-off-by: Steffen Hau +X-Gentoo-Bug: http://bugs.gentoo.org/show_bug.cgi?id=233633 +X-Upstream-Bug: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4997 +X-Debian-Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=245341 + +--- openldap-2.4.17.orig/libraries/liblutil/passwd.c 2009-07-27 18:59:19.635995474 -0700 ++++ openldap-2.4.17/libraries/liblutil/passwd.c 2009-07-27 19:01:13.588069010 -0700 +@@ -51,6 +51,26 @@ typedef unsigned char des_data_block[8]; + typedef PK11Context *des_context[1]; + #define DES_ENCRYPT CKA_ENCRYPT + ++#elif defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++# include ++static int gcrypt_init = 0; ++ ++typedef const void* des_key; ++typedef unsigned char DES_cblock[8]; ++typedef DES_cblock des_data_block; ++typedef int DES_key_schedule; /* unused */ ++typedef DES_key_schedule des_context; /* unused */ ++#define des_failed(encrypted) 0 ++#define des_finish(key, schedule) ++ ++#define DES_set_key_unchecked( key, key_sched ) \ ++ gcry_cipher_setkey( hd, key, 8 ) ++ ++#define DES_ecb_encrypt( input, output, key_sched, enc ) \ ++ gcry_cipher_encrypt( hd, *output, 8, *input, 8 ) ++ ++#define DES_set_odd_parity( key ) do {} while(0) ++ + #endif + + #endif /* SLAPD_LMHASH */ +@@ -651,7 +671,7 @@ static int chk_md5( + + #ifdef SLAPD_LMHASH + +-#if defined(HAVE_OPENSSL) ++#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS_GNUTLS_H) + + /* + * abstract away setting the parity. +@@ -841,6 +861,19 @@ static int chk_lanman( + des_data_block StdText = "KGS!@#$%"; + des_data_block PasswordHash1, PasswordHash2; + char PasswordHash[33], storedPasswordHash[33]; ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_hd_t hd; ++ ++ if ( !gcrypt_init ) { ++ gcry_check_version( GCRYPT_VERSION ); ++ gcrypt_init = 1; ++ } ++ ++ schedule = schedule; /* unused - avoid warning */ ++ ++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + for( i=0; ibv_len; i++) { + if(cred->bv_val[i] == '\0') { +@@ -883,6 +916,10 @@ static int chk_lanman( + strncpy( storedPasswordHash, passwd->bv_val, 32 ); + storedPasswordHash[32] = '\0'; + ldap_pvt_str2lower( storedPasswordHash ); ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_close( hd ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + return memcmp( PasswordHash, storedPasswordHash, 32) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; + } +@@ -1138,6 +1175,19 @@ static int hash_lanman( + des_data_block PasswordHash1, PasswordHash2; + char PasswordHash[33]; + ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_hd_t hd; ++ ++ if ( !gcrypt_init ) { ++ gcry_check_version( GCRYPT_VERSION ); ++ gcrypt_init = 1; ++ } ++ ++ schedule = schedule; /* unused - avoid warning */ ++ ++ gcry_cipher_open( &hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0 ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ ++ + for( i=0; ibv_len; i++) { + if(passwd->bv_val[i] == '\0') { + return LUTIL_PASSWD_ERR; /* NUL character in password */ +@@ -1168,6 +1218,10 @@ static int hash_lanman( + + hash->bv_val = PasswordHash; + hash->bv_len = 32; ++ ++#if defined(HAVE_GNUTLS_GNUTLS_H) && !defined(DES_ENCRYPT) ++ gcry_cipher_close( hd ); ++#endif /* HAVE_GNUTLS_GNUTLS_H && !DES_ENCRYPT */ + + return pw_string( scheme, hash ); + } diff --git a/net-nds/openldap/files/openldap-2.4.45-libressl.patch b/net-nds/openldap/files/openldap-2.4.45-libressl.patch new file mode 100644 index 000000000000..20a65a4e0fd1 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.45-libressl.patch @@ -0,0 +1,65 @@ +--- libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC ++++ libraries/libldap/tls_o.c +@@ -47,7 +47,7 @@ + #include + #endif + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) + #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) + #endif + +@@ -157,7 +157,7 @@ tlso_init( void ) + (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_digests(); +@@ -205,7 +205,7 @@ static void + tlso_ctx_ref( tls_ctx *ctx ) + { + tlso_ctx *c = (tlso_ctx *)ctx; +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX ) + #endif + SSL_CTX_up_ref( c ); +@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval * + if (!x) return LDAP_INVALID_CREDENTIALS; + + xn = X509_get_subject_name(x); +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + der_dn->bv_len = i2d_X509_NAME( xn, NULL ); + der_dn->bv_val = xn->bytes->data; + #else +@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval + return LDAP_INVALID_CREDENTIALS; + + xn = X509_get_subject_name(x); +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + der_dn->bv_len = i2d_X509_NAME( xn, NULL ); + der_dn->bv_val = xn->bytes->data; + #else +@@ -721,7 +721,7 @@ struct tls_data { + Sockbuf_IO_Desc *sbiod; + }; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + #define BIO_set_init(b, x) b->init = x + #define BIO_set_data(b, x) b->ptr = x + #define BIO_clear_flags(b, x) b->flags &= ~(x) +@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str ) + return tlso_bio_write( b, str, strlen( str ) ); + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) + struct bio_method_st { + int type; + const char *name; diff --git a/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch b/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch new file mode 100644 index 000000000000..33ff29e0aed2 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.4.6-evolution-ntlm.patch @@ -0,0 +1,192 @@ +diff -up evo-openldap-2.4.14/include/ldap.h.evolution-ntlm evo-openldap-2.4.14/include/ldap.h +--- evo-openldap-2.4.14/include/ldap.h.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100 ++++ evo-openldap-2.4.14/include/ldap.h 2009-02-17 10:10:00.000000000 +0100 +@@ -2461,5 +2461,26 @@ ldap_parse_deref_control LDAP_P(( + LDAPControl **ctrls, + LDAPDerefRes **drp )); + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +diff -up evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.14/libraries/libldap/Makefile.in +--- evo-openldap-2.4.14/libraries/libldap/Makefile.in.evolution-ntlm 2009-01-27 00:29:53.000000000 +0100 ++++ evo-openldap-2.4.14/libraries/libldap/Makefile.in 2009-02-17 10:10:00.000000000 +0100 +@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur + SRCS = bind.c open.c result.c error.c compare.c search.c \ + controls.c messages.c references.c extended.c cyrus.c \ + modify.c add.c modrdn.c delete.c abandon.c \ +- sasl.c gssapi.c sbind.c unbind.c cancel.c \ ++ sasl.c ntlm.c gssapi.c sbind.c unbind.c cancel.c \ + filter.c free.c sort.c passwd.c whoami.c \ + getdn.c getentry.c getattr.c getvalues.c addentry.c \ + request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \ +@@ -33,7 +33,7 @@ SRCS = bind.c open.c result.c error.c co + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ + controls.lo messages.lo references.lo extended.lo cyrus.lo \ + modify.lo add.lo modrdn.lo delete.lo abandon.lo \ +- sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ ++ sasl.lo ntlm.lo gssapi.lo sbind.lo unbind.lo cancel.lo \ + filter.lo free.lo sort.lo passwd.lo whoami.lo \ + getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ + request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \ +diff -up /dev/null evo-openldap-2.4.14/libraries/libldap/ntlm.c +--- /dev/null 2009-02-17 09:19:52.829004420 +0100 ++++ evo-openldap-2.4.14/libraries/libldap/ntlm.c 2009-02-17 10:10:00.000000000 +0100 +@@ -0,0 +1,137 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include ++#include ++ ++#include ++#include ++#include ++#include ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ber_int_t id; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ LDAP_NEXT_MSGID( ld, id ); ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ id, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} diff --git a/net-nds/openldap/files/slapd-confd b/net-nds/openldap/files/slapd-confd new file mode 100644 index 000000000000..28e9d23520b7 --- /dev/null +++ b/net-nds/openldap/files/slapd-confd @@ -0,0 +1,14 @@ +# conf.d file for openldap +# +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. +# +# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Uncomment the below to use the new slapd configuration for openldap 2.3 +#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# +# If you change the above listen statement to bind on a specific IP for +# listening, you should ensure that interface is up here (change eth0 as +# needed). +#rc_need="net.eth0" diff --git a/net-nds/openldap/files/slapd-confd-2.4.28-r1 b/net-nds/openldap/files/slapd-confd-2.4.28-r1 new file mode 100644 index 000000000000..ef19899a3796 --- /dev/null +++ b/net-nds/openldap/files/slapd-confd-2.4.28-r1 @@ -0,0 +1,26 @@ +# conf.d file for openldap +# +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. + +# If you have multiple slapd instances per #376699, this will provide a default config +INSTANCE="openldap${SVCNAME#slapd}" + +# If you use the classical configuration file: +OPTS_CONF="-f /etc/${INSTANCE}/slapd.conf" +# Uncomment this instead to use the new slapd.d configuration directory for openldap 2.3 +#OPTS_CONF="-F /etc/${INSTANCE}/slapd.d" +# (the OPTS_CONF variable is also passed to slaptest during startup) + +OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" +# Optional connectionless LDAP: +#OPTS="${OPTS_CONF} -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock cldap://'" + +# If you change the above listen statement to bind on a specific IP for +# listening, you should ensure that interface is up here (change eth0 as +# needed). +#rc_need="net.eth0" + +# Specify the kerberos keytab file +#KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/net-nds/openldap/files/slapd-initd b/net-nds/openldap/files/slapd-initd new file mode 100644 index 000000000000..ecd8f650a217 --- /dev/null +++ b/net-nds/openldap/files/slapd-initd @@ -0,0 +1,29 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net.lo + before hald avahi-daemon +} + +start() { + checkpath -q -d /var/run/openldap/ -o ldap:ldap + if ! checkconfig ; then + eerror "There is a problem with your slapd.conf!" + return 1 + fi + ebegin "Starting ldap-server" + eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}" + eend $? +} + +stop() { + ebegin "Stopping ldap-server" + start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid + eend $? +} + +checkconfig() { + /usr/sbin/slaptest -u "$@" ${OPTS_CONF} +} diff --git a/net-nds/openldap/files/slapd-initd-2.4.40-r2 b/net-nds/openldap/files/slapd-initd-2.4.40-r2 new file mode 100644 index 000000000000..722b6c20de79 --- /dev/null +++ b/net-nds/openldap/files/slapd-initd-2.4.40-r2 @@ -0,0 +1,64 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="checkconfig" + +[ -z "$INSTANCE" ] && INSTANCE="openldap${SVCNAME#slapd}" +PIDDIR=/run/openldap +PIDFILE=$PIDDIR/$SVCNAME.pid + +depend() { + need net + before dbus hald avahi-daemon + provide ldap +} + +start() { + checkpath -q -d ${PIDDIR} -o ldap:ldap + if ! checkconfig -Q ; then + eerror "There is a problem with your slapd.conf!" + return 1 + fi + ebegin "Starting ldap-server" + [ -n "$KRB5_KTNAME" ] && export KRB5_KTNAME + eval start-stop-daemon --start --pidfile ${PIDFILE} --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}" + eend $? +} + +stop() { + ebegin "Stopping ldap-server" + start-stop-daemon --stop --signal 2 --quiet --pidfile ${PIDFILE} + eend $? +} + +checkconfig() { + # checks requested by bug #502948 + # Step 1: extract the last valid config file or config dir + set -- $OPTS + while [ -n "$*" ]; do + opt=$1 ; shift + if [ "$opt" = "-f" -o "$opt" = "-F" ] ; then + CONF=$1 + shift + fi + done + set -- + # Fallback + CONF=${CONF-/etc/openldap/slapd.conf} + [ -d $CONF ] && CONF=${CONF}/* + DBDIRS=`eval awk '"/^(directory|olcDbDirectory:)/{print \\$2}"' $CONF` + for d in $DBDIRS; do + if [ ! -d $d ]; then + eerror "Directory $d in config does not exist!" + return 1 + fi + /usr/bin/find $d ! -name DB_CONFIG ! -user ldap -o ! -group ldap |grep -sq . + if [ $? -ne 0 ]; then + ewarn "You have files in $d not owned by the ldap user, you must ensure they are accessible to the slapd instance!" + fi + [ ! -e $d/DB_CONFIG ] && ewarn "$d/DB_CONFIG does not exist, slapd performance may be sub-optimal" + done + # now test the config fully + /usr/sbin/slaptest -u "$@" ${OPTS_CONF} +} diff --git a/net-nds/openldap/files/slapd.service b/net-nds/openldap/files/slapd.service new file mode 100644 index 000000000000..3427b87e936e --- /dev/null +++ b/net-nds/openldap/files/slapd.service @@ -0,0 +1,12 @@ +[Unit] +Description=OpenLDAP Server Daemon +After=network.target + +[Service] +Type=forking +PIDFile=/run/openldap/slapd.pid +ExecStartPre=/usr/sbin/slaptest -Q -u $SLAPD_OPTIONS +ExecStart=/usr/lib/openldap/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/net-nds/openldap/files/slapd.service.conf b/net-nds/openldap/files/slapd.service.conf new file mode 100644 index 000000000000..812ea68ed475 --- /dev/null +++ b/net-nds/openldap/files/slapd.service.conf @@ -0,0 +1,12 @@ +[Service] +# Use the classical configuration file: +#Environment="SLAPD_OPTIONS=-f /etc/openldap/slapd.conf" +# Use the slapd configuration directory: +#Environment="SLAPD_OPTIONS=-F /etc/openldap/slapd.d" + +Environment="SLAPD_URLS=ldaps:/// ldap:/// ldapi:///" +# Other examples: +#Environment="SLAPD_URLS=ldap://127.0.0.1/ ldap://10.0.0.1:1389/ cldap:///" + +# Specify the kerberos keytab file +#Environment=KRB5_KTNAME=/etc/openldap/krb5-ldap.keytab diff --git a/net-nds/openldap/files/slapd.tmpfilesd b/net-nds/openldap/files/slapd.tmpfilesd new file mode 100644 index 000000000000..634cea1642a9 --- /dev/null +++ b/net-nds/openldap/files/slapd.tmpfilesd @@ -0,0 +1,2 @@ +# openldap runtime directory for slapd.arg and slapd.pid +d /run/openldap 0755 ldap ldap - diff --git a/net-nds/openldap/files/slurpd-initd b/net-nds/openldap/files/slurpd-initd new file mode 100644 index 000000000000..bb1b50dbb122 --- /dev/null +++ b/net-nds/openldap/files/slurpd-initd @@ -0,0 +1,21 @@ +#!/sbin/openrc-run +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net +} + +start() { + ebegin "Starting slurpd" + start-stop-daemon --start --quiet \ + --exec /usr/lib/openldap/slurpd + eend $? +} + +stop() { + ebegin "Stopping slurpd" + start-stop-daemon --stop --quiet \ + --exec /usr/lib/openldap/slurpd + eend $? +} -- cgit v1.2.3