diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2005-09-08 01:11:01 +0000 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2005-09-08 01:11:01 +0000 |
| commit | 58401b5aa6ba552e7a677e0cfd8f1967ab5c46b5 (patch) | |
| tree | a777048686d4153eb4474c0c3e9bdfb11e164475 /net-nds | |
| parent | Version bump. Supports asterisk-1.0.x and 1.2.0. (diff) | |
| download | historical-58401b5aa6ba552e7a677e0cfd8f1967ab5c46b5.tar.gz historical-58401b5aa6ba552e7a677e0cfd8f1967ab5c46b5.tar.bz2 historical-58401b5aa6ba552e7a677e0cfd8f1967ab5c46b5.zip | |
Bug #105144, patch for NTLM support, candidate for quick move to stable.
Package-Manager: portage-2.0.51.22-r2
Diffstat (limited to 'net-nds')
| -rw-r--r-- | net-nds/openldap/ChangeLog | 8 | ||||
| -rw-r--r-- | net-nds/openldap/Manifest | 5 | ||||
| -rw-r--r-- | net-nds/openldap/files/digest-openldap-2.2.28-r1 | 2 | ||||
| -rw-r--r-- | net-nds/openldap/files/openldap-2.2.28-ximian_connector.patch | 205 | ||||
| -rw-r--r-- | net-nds/openldap/openldap-2.2.28-r1.ebuild | 380 |
5 files changed, 598 insertions, 2 deletions
diff --git a/net-nds/openldap/ChangeLog b/net-nds/openldap/ChangeLog index e70201ce6fd6..0914d4025442 100644 --- a/net-nds/openldap/ChangeLog +++ b/net-nds/openldap/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-nds/openldap # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.134 2005/09/07 07:18:37 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.135 2005/09/08 01:11:00 robbat2 Exp $ + +*openldap-2.2.28-r1 (07 Sep 2005) + + 07 Sep 2005; Robin H. Johnson <robbat2@gentoo.org> + +files/openldap-2.2.28-ximian_connector.patch, +openldap-2.2.28-r1.ebuild: + Bug #105144, patch for NTLM support, candidate for quick move to stable. 07 Sep 2005; Robin H. Johnson <robbat2@gentoo.org> openldap-2.2.28.ebuild: Force upgrade to die. diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest index d387b3d23526..af8fb9d40214 100644 --- a/net-nds/openldap/Manifest +++ b/net-nds/openldap/Manifest @@ -3,6 +3,7 @@ MD5 eccf7065578fd1850586d204d1037294 openldap-2.2.27.ebuild 12433 MD5 570c1e6ab54dcb7231e23c733356095a openldap-2.1.30-r5.ebuild 7637 MD5 5bd89548fb8de6b4f0fdca12617e4e0c openldap-2.2.24.ebuild 9516 MD5 7147b6711fd08405e22461185a531b7e openldap-2.1.27.ebuild 7058 +MD5 53c7a12068dafab672603af10d9c95f3 openldap-2.2.28-r1.ebuild 13026 MD5 652065b4b1af04d11846fcdab7807ff8 openldap-2.1.30-r2.ebuild 7491 MD5 8ca33d2e9e42040d47ae4119384c34fe openldap-2.2.26-r2.ebuild 11641 MD5 47247dbac20cbf48c08404fca5b51b7f openldap-2.2.26.ebuild 9741 @@ -16,7 +17,7 @@ MD5 231a7a229c627e9ce2bdccb29c1a55e9 openldap-2.2.14.ebuild 7255 MD5 89c1b232c5c53b96513eaf580cc4f5c2 openldap-2.1.30.ebuild 7368 MD5 c11fbc4ba7824ae4f171eee66dc52e85 openldap-2.1.26.ebuild 7096 MD5 d03b4b8965dada31e3357108cce8e0a2 openldap-2.1.30-r1.ebuild 7382 -MD5 3318ce99cd4aa613d62877c05a177a6f ChangeLog 24401 +MD5 ba25b0e5a16111dedc0d0fa8c19fd2eb ChangeLog 24642 MD5 b0d485ea1a51fb83c70daedef2599272 metadata.xml 279 MD5 7901f04890caac3b418942143b60b284 openldap-2.1.27-r1.ebuild 7452 MD5 b230f9445ab2e9b4ae10beb130d329db openldap-2.2.26-r1.ebuild 10639 @@ -36,6 +37,7 @@ MD5 fa0a0dfbb9f3984fb2907c020e02ec73 files/digest-openldap-2.2.23-r1 65 MD5 f1e72154e299a0b90a1157c7ed171daf files/digest-openldap-2.2.26-r1 130 MD5 f1e72154e299a0b90a1157c7ed171daf files/digest-openldap-2.2.26-r2 130 MD5 919632051f7ddeeed29b011f163d17f0 files/digest-openldap-2.2.27-r1 130 +MD5 a8e7c88a9f6b88fb9b88d4e66fae5d92 files/digest-openldap-2.2.28-r1 130 MD5 95a998755d69f0f30cb64b9cb8eeab15 files/openldap-2.2.14-perlthreadsfix.patch 614 MD5 ca2c43219df88502aafeab9db9eda4d5 files/openldap-2.1.27-perlthreadsfix.patch 967 MD5 30ef1dc504563809f990b72ffe2be6c0 files/digest-openldap-2.1.26 65 @@ -50,6 +52,7 @@ MD5 919632051f7ddeeed29b011f163d17f0 files/digest-openldap-2.2.27 130 MD5 a8e7c88a9f6b88fb9b88d4e66fae5d92 files/digest-openldap-2.2.28 130 MD5 b10517f0e7be829d47bb8096d86fb519 files/openldap-2.1.27-db40.patch 718 MD5 2e6d3f7cf49a1d85468befdff2bfc1d8 files/openldap-2.1.30-ximian_connector.patch 6435 +MD5 f940f4e9ac544ed0a0f28b87df5cd2c8 files/openldap-2.2.28-ximian_connector.patch 5669 MD5 1a7084c17a74e59db33578c0833e4099 files/2.0/slapd 584 MD5 50257f7d6b63c8e9778b6407c7d2dddb files/2.0/slapd.conf 277 MD5 d68ba97d9f54b8455c1e2d93c352d24a files/2.0/slurpd 495 diff --git a/net-nds/openldap/files/digest-openldap-2.2.28-r1 b/net-nds/openldap/files/digest-openldap-2.2.28-r1 new file mode 100644 index 000000000000..b8b0d4ec0302 --- /dev/null +++ b/net-nds/openldap/files/digest-openldap-2.2.28-r1 @@ -0,0 +1,2 @@ +MD5 b51db7328430b9cbe527696da726f1fb openldap-2.2.28.tgz 2630427 +MD5 e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz 2044673 diff --git a/net-nds/openldap/files/openldap-2.2.28-ximian_connector.patch b/net-nds/openldap/files/openldap-2.2.28-ximian_connector.patch new file mode 100644 index 000000000000..78ff799fe7a0 --- /dev/null +++ b/net-nds/openldap/files/openldap-2.2.28-ximian_connector.patch @@ -0,0 +1,205 @@ +(Note that this patch is not useful on its own... it just adds some +hooks to work with the LDAP authentication process at a lower level +than the API otherwise allows. The code that calls these hooks and +actually drives the NTLM authentication process is in +lib/e2k-global-catalog.c, and the code that actually implements the +NTLM algorithms is in xntlm/.) + +Forward ported for 2.2.28 by Robin H. Johnson <robbat2@gentoo.org> + +diff -Nuar --exclude='*.orig' --exclude='*.rej' /dev/shm/portage/openldap-2.2.28/work/openldap-2.2.28/include/ldap.h tmp.new/include/ldap.h +--- openldap-2.2.28/include/ldap.h 2005-08-12 12:28:56.000000000 -0700 ++++ tmp.new/include/ldap.h 2005-09-07 08:33:25.000000000 -0700 +@@ -1769,5 +1769,26 @@ + LDAPControl **sctrls, + LDAPControl **cctrls )); + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +diff -Nuar --exclude='*.orig' --exclude='*.rej' /dev/shm/portage/openldap-2.2.28/work/openldap-2.2.28/libraries/libldap/Makefile.in tmp.new/libraries/libldap/Makefile.in +--- openldap-2.2.28/libraries/libldap/Makefile.in 2005-01-20 09:01:01.000000000 -0800 ++++ tmp.new/libraries/libldap/Makefile.in 2005-09-07 08:34:19.000000000 -0700 +@@ -20,7 +20,7 @@ + SRCS = bind.c open.c result.c error.c compare.c search.c \ + controls.c messages.c references.c extended.c cyrus.c \ + modify.c add.c modrdn.c delete.c abandon.c \ +- sasl.c sbind.c kbind.c unbind.c cancel.c \ ++ sasl.c sbind.c kbind.c ntlm.c unbind.c cancel.c \ + filter.c free.c sort.c passwd.c whoami.c \ + getdn.c getentry.c getattr.c getvalues.c addentry.c \ + request.c os-ip.c url.c sortctrl.c vlvctrl.c \ +@@ -29,7 +29,7 @@ + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ + controls.lo messages.lo references.lo extended.lo cyrus.lo \ + modify.lo add.lo modrdn.lo delete.lo abandon.lo \ +- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \ ++ sasl.lo sbind.lo kbind.lo ntlm.lo unbind.lo cancel.lo \ + filter.lo free.lo sort.lo passwd.lo whoami.lo \ + getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ + request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \ +diff -Nuar --exclude='*.orig' --exclude='*.rej' /dev/shm/portage/openldap-2.2.28/work/openldap-2.2.28/libraries/libldap/ntlm.c tmp.new/libraries/libldap/ntlm.c +--- openldap-2.2.28/libraries/libldap/ntlm.c 1969-12-31 16:00:00.000000000 -0800 ++++ tmp.new/libraries/libldap/ntlm.c 2005-09-07 08:33:25.000000000 -0700 +@@ -0,0 +1,141 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include <stdlib.h> ++#include <stdio.h> ++ ++#include <ac/socket.h> ++#include <ac/string.h> ++#include <ac/time.h> ++#include <ac/errno.h> ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ ++ld->ld_msgid, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++#ifndef LDAP_NOCACHE ++ if ( ld->ld_cache != NULL ) { ++ ldap_flush_cache( ld ); ++ } ++#endif /* !LDAP_NOCACHE */ ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} diff --git a/net-nds/openldap/openldap-2.2.28-r1.ebuild b/net-nds/openldap/openldap-2.2.28-r1.ebuild new file mode 100644 index 000000000000..67dbc6f9c8b2 --- /dev/null +++ b/net-nds/openldap/openldap-2.2.28-r1.ebuild @@ -0,0 +1,380 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.2.28-r1.ebuild,v 1.1 2005/09/08 01:11:01 robbat2 Exp $ + +inherit flag-o-matic toolchain-funcs eutils multilib + +OLD_PV="2.1.30" +OLD_P="${PN}-${OLD_PV}" +OLD_S="${WORKDIR}/${OLD_P}" + +DESCRIPTION="LDAP suite of application and development tools" +HOMEPAGE="http://www.OpenLDAP.org/" +SRC_URI="mirror://openldap/openldap-release/${P}.tgz + mirror://openldap/openldap-release/${OLD_P}.tgz" + +LICENSE="OPENLDAP" +SLOT="0" +IUSE="berkdb crypt debug gdbm ipv6 kerberos minimal odbc perl readline samba sasl slp ssl tcpd" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +RDEPEND=">=sys-libs/ncurses-5.1 + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + ssl? ( >=dev-libs/openssl-0.9.6 ) + readline? ( >=sys-libs/readline-4.1 ) + sasl? ( >=dev-libs/cyrus-sasl-2.1.7-r3 ) + odbc? ( dev-db/unixODBC ) + slp? ( >=net-libs/openslp-1.0 ) + perl? ( >=dev-lang/perl-5.6 ) + samba? ( >=dev-libs/openssl-0.9.6 ) + kerberos? ( virtual/krb5 )" + +# note that the 'samba' USE flag pulling in OpenSSL is NOT an error. OpenLDAP +# uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like +# mine at work)! +# Robin H. Johnson <robbat2@gentoo.org> March 8, 2004 + +# if USE=berkdb +# pull in sys-libs/db +# else if USE=gdbm +# pull in sys-libs/gdbm +# else +# pull in sys-libs/db +RDEPEND_BERKDB=">=sys-libs/db-4.2.52_p1" +RDEPEND_GDBM=">=sys-libs/gdbm-1.8.0" +RDEPEND="${RDEPEND} + berkdb? ( ${RDEPEND_BERKDB} ) + !berkdb? ( + gdbm? ( ${RDEPEND_GDBM} ) + !gdbm? ( ${RDEPEND_BERKDB} ) + )" + +DEPEND="${RDEPEND} + >=sys-devel/libtool-1.5.18-r1 + >=sys-apps/sed-4" + +# for tracking versions +OPENLDAP_VERSIONTAG="/var/lib/openldap-data/.version-tag" + +#DEPEND="${DEPEND} !<net-nds/openldap-2.2" + +openldap_upgrade_warning() { + ewarn "If you are upgrading from OpenLDAP-2.1, and run slapd on this" + ewarn "machine please see the ebuild for upgrade instructions, otherwise" + ewarn "you may corrupt your database!" + echo + ewarn "Part of the configuration file syntax has changed:" + ewarn "'access to attribute=' is now 'access to attrs='" + echo + ewarn "You must also run revdep-rebuild after upgrading from 2.1 to 2.2:" + ewarn "# revdep-rebuild --soname liblber.so.2" + ewarn "# revdep-rebuild --soname libldap.so.2" + ewarn "# revdep-rebuild --soname libldap_r.so.2" +} + +pkg_setup() { + # grab lines + openldap_datadirs="" + if [ -f ${ROOT}/etc/openldap/slapd.conf ]; then + openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)" + fi + datafiles="" + for d in $openldap_datadirs; do + datafiles="${datafiles} $(ls $d/*db*} 2>/dev/null)" + done + # remove extra spaces + datafiles="$(echo ${datafiles// })" + # TODO: read OPENLDAP_VERSIONTAG instead in future + if has_version '<net-nds/openldap-2.2' && [ -n "$datafiles" ]; then + eerror "A possible old installation of OpenLDAP was detected" + eerror "As major version upgrades to 2.2 can corrupt your database" + eerror "You need to dump your database and re-create it afterwards." + eerror "" + d="$(date -u +%s)" + l="/root/ldapdump.${d}" + i="${l}.raw" + eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop" + eerror " 2. slapcat -l ${i}" + eerror " 3. egrep -v '^entryCSN:' <${i} >${l}" + eerror " 4. emerge unmerge '<=net-nds/openldap-2.1*'" + eerror " 5. mv /var/lib/openldap-data/ /var/lib/openldap-data,2.1/" + eerror " 6. emerge '>=net-nds/openldap-2.2'" + eerror " 7. etc-update, and ensure that you apply the changes" + eerror " 8. slapadd -l ${l}" + eerror " 9. chown ldap:ldap /var/lib/openldap-data/*" + eerror "10. /etc/init.d/slapd start" + eerror "11. check that your data is intact." + eerror "12. set up the new replication system." + eerror "" + eerror "This install will not proceed until your old data directory" + eerror "is at least moved out of the way." + #exit 1 + die "Warning direct upgrade unsafe!" + fi + openldap_upgrade_warning + if built_with_use dev-lang/perl minimal ; then + die "You must have a complete (USE='-minimal') Perl install to use the perl backend!" + fi +} + +pkg_preinst() { + openldap_upgrade_warning + enewgroup ldap 439 + enewuser ldap 439 /bin/false /usr/$(get_libdir)/openldap ldap +} + +src_unpack() { + unpack ${A} + + # According to MDK, the link order needs to be changed so that + # on systems w/ MD5 passwords the system crypt library is used + # (the net result is that "passwd" can be used to change ldap passwords w/ + # proper pam support) + sed -i -e 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \ + ${S}/servers/slapd/Makefile.in + + # Fix up DB-4.0 linking problem + # remember to autoconf! this expands configure by 500 lines (4 lines to m4 + # stuff). + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.14-db40.patch + + # supersedes old fix for bug #31202 + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.14-perlthreadsfix.patch + + # Security bug #96767 + # http://bugzilla.padl.com/show_bug.cgi?id=210 + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.26-tls-fix-connection-test.patch + + # ensure correct SLAPI path by default + sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \ + ${S}/include/ldap_defaults.h + + # fix up some automake stuff + #sed -i -e 's,^AC_CONFIG_HEADER,AM_CONFIG_HEADER,' ${S}/configure.in + + # ximian connector 1.4.7 ntlm patch + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.28-ximian_connector.patch + + # fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't + # do it perfectly. + cd ${S}/build + ln -s shtool install + ln -s shtool install.sh + + # reconf for db40 fixes. + cd ${S} + export WANT_AUTOMAKE="1.4" + export WANT_AUTOCONF="2.1" + einfo "Running libtoolize" + libtoolize --copy --force + #einfo "Running automake" + #automake --add-missing || die "automake failed" + #einfo "Running aclocal" + #aclocal || die "aclocal failed" + einfo "Running autoconf" + autoconf || die "autoconf failed" +} + +src_compile() { + local myconf + + # HDB is only available with BerkDB + myconf_berkdb='--enable-bdb --with-ldbm-api=berkeley --enable-hdb=mod' + myconf_gdbm='--disable-bdb --with-ldbm-api=gdbm --disable-hdb' + + use debug && myconf="${myconf} --enable-debug" # there is no disable-debug + + # enable slapd/slurpd servers if not doing a minimal build + if ! use minimal; then + myconf="${myconf} --enable-slapd --enable-slurpd" + # base backend stuff + myconf="${myconf} --enable-ldbm" + if use berkdb; then + einfo "Using Berkeley DB for local backend" + myconf="${myconf} ${myconf_berkdb}" + elif use gdbm; then + einfo "Using GDBM for local backend" + myconf="${myconf} ${myconf_gdbm}" + else + ewarn "Neither gdbm or berkdb USE flags present, falling back to" + ewarn "Berkeley DB for local backend" + myconf="${myconf} ${myconf_berkdb}" + fi + # extra backend stuff + myconf="${myconf} --enable-passwd=mod --enable-phonetic=mod" + myconf="${myconf} --enable-dnssrv=mod --enable-ldap" + myconf="${myconf} --enable-meta=mod --enable-monitor=mod" + myconf="${myconf} --enable-null=mod --enable-shell=mod" + myconf="${myconf} `use_enable perl perl mod`" + myconf="${myconf} `use_enable odbc sql mod`" + # slapd options + myconf="${myconf} `use_enable crypt` `use_enable slp`" + myconf="${myconf} --enable-rewrite --enable-rlookups" + myconf="${myconf} --enable-aci --enable-modules" + myconf="${myconf} --enable-cleartext --enable-slapi" + myconf="${myconf} `use_with samba lmpasswd`" + # disabled options: + # --with-bdb-module=dynamic + # alas, for BSD only: + # --with-fetch + # slapd overlay options + myconf="${myconf} --enable-dyngroup --enable-proxycache" + else + myconf="${myconf} --disable-slapd --disable-slurpd" + myconf="${myconf} --disable-bdb --disable-monitor" + myconf="${myconf} --disable-slurpd" + fi + # basic functionality stuff + myconf="${myconf} --enable-syslog --enable-dynamic" + myconf="${myconf} --enable-local --enable-proctitle" + + myconf="${myconf} `use_enable ipv6` `use_enable readline`" + myconf="${myconf} `use_with sasl cyrus-sasl` `use_enable sasl spasswd`" + myconf="${myconf} `use_enable tcpd wrappers` `use_with ssl tls`" + + if [ $(get_libdir) != "lib" ] ; then + append-ldflags -L/usr/$(get_libdir) + fi + + econf \ + --enable-static \ + --enable-shared \ + --libexecdir=/usr/$(get_libdir)/openldap \ + ${myconf} || die "configure failed" + + make depend || die "make depend failed" + make || die "make failed" + + # special kerberos stuff + tc-export CC + if ! use minimal && use kerberos ; then + cd ${S}/contrib/slapd-modules/passwd/ && \ + ${CC} -shared -I../../../include ${CFLAGS} -fPIC \ + -DHAVE_KRB5 -o pw-kerberos.so kerberos.c || \ + die "failed to compile kerberos module" + fi + + # now build old compat lib + cd ${OLD_S} && \ + econf \ + --disable-static --enable-shared \ + --libexecdir=/usr/$(get_libdir)/openldap \ + --disable-slapd --disable-aci --disable-cleartext --disable-crypt \ + --disable-lmpasswd --disable-spasswd --enable-modules \ + --disable-phonetic --disable-rewrite --disable-rlookups --disable-slp \ + --disable-wrappers --disable-bdb --disable-dnssrv --disable-ldap \ + --disable-ldbm --disable-meta --disable-monitor --disable-null \ + --disable-passwd --disable-perl --disable-shell --disable-sql \ + --disable-slurpd || die "configure-2.1 failed" + make depend || die "make-2.1 depend failed" + cd ${OLD_S}/libraries/liblber && make liblber.la || die "make-2.1 liblber.la failed" + cd ${OLD_S}/libraries/libldap && make libldap.la || die "make-2.1 libldap.la failed" + cd ${OLD_S}/libraries/libldap_r && make libldap_r.la || die "make-2.1 libldap_r.la failed" +} + +src_test() { + einfo "Doing tests" + cd tests ; make tests || die "make tests failed" +} + +src_install() { + make DESTDIR=${D} install || die "make install failed" + + dodoc ANNOUNCEMENT CHANGES COPYRIGHT README LICENSE + docinto rfc ; dodoc doc/rfc/*.txt + + # openldap modules go here + # TODO: write some code to populate slapd.conf with moduleload statements + keepdir /usr/$(get_libdir)/openldap/openldap/ + + # make state directories + for x in data slurp ldbm; do + keepdir /var/lib/openldap-${x} + fowners ldap:ldap /var/lib/openldap-${x} + fperms 0700 /var/lib/openldap-${x} + done + + echo "OLDPF='${PF}'" >${D}${OPENLDAP_VERSIONTAG} + echo "# do NOT delete this. it is used" >>${D}${OPENLDAP_VERSIONTAG} + echo "# to track versions for upgrading." >>${D}${OPENLDAP_VERSIONTAG} + + # manually remove /var/tmp references in .la + # because it is packaged with an ancient libtool + for x in ${D}/usr/$(get_libdir)/lib*.la; do + sed -i -e "s:-L${S}[/]*libraries::" ${x} + done + + # change slapd.pid location in configuration file + keepdir /var/run/openldap + fowners ldap:ldap /var/run/openldap + fperms 0755 /var/run/openldap + + if ! use minimal; then + # config modifications + for f in /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default; do + sed -e "s:/var/lib/run/slapd.:/var/run/openldap/slapd.:" -i ${D}/${f} + sed -e "/database\tbdb$/acheckpoint 32 30 # <kbyte> <min>" -i ${D}/${f} + fowners root:ldap ${f} + fperms 0640 ${f} + done + # install our own init scripts + exeinto /etc/init.d + newexe ${FILESDIR}/2.0/slapd slapd + newexe ${FILESDIR}/2.0/slurpd slurpd + if [ $(get_libdir) != lib ]; then + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i ${D}/etc/init.d/{slapd,slurpd} + fi + insinto /etc/conf.d + newins ${FILESDIR}/2.0/slapd.conf slapd + if use kerberos && [ -f ${S}/contrib/slapd-modules/passwd/pw-kerberos.so ]; then + insinto /usr/$(get_libdir)/openldap/openldap + doins ${S}/contrib/slapd-modules/passwd/pw-kerberos.so || \ + die "failed to install kerberos passwd module" + fi + fi + + # install MDK's ssl cert script + if use ssl || use samba; then + dodir /etc/openldap/ssl + exeinto /etc/openldap/ssl + #newexe ${FILESDIR}/gencert.sh-2.2.27 gencert.sh + doexe ${FILESDIR}/gencert.sh + fi + + dolib.so ${OLD_S}/libraries/liblber/.libs/liblber.so.2.0.130 || \ + die "failed to install old liblber" + dolib.so ${OLD_S}/libraries/libldap/.libs/libldap.so.2.0.130 || \ + die "failed to install old libldap" + dolib.so ${OLD_S}/libraries/libldap_r/.libs/libldap_r.so.2.0.130 || \ + die "failed to install old libldap_r" +} + +pkg_postinst() { + if use ssl; then + # make a self-signed ssl cert (if there isn't one there already) + if [ ! -e /etc/openldap/ssl/ldap.pem ] + then + cd /etc/openldap/ssl + yes "" | sh gencert.sh + chmod 640 ldap.pem + chown root:ldap ldap.pem + else + einfo "An LDAP cert already appears to exist, no creating" + fi + fi + + # Since moving to running openldap as user ldap there are some + # permissions problems with directories and files. + # Let's make sure these permissions are correct. + chown ldap:ldap /var/run/openldap + chmod 0755 /var/run/openldap + chown root:ldap /etc/openldap/slapd.conf{,.default} + chmod 0640 /etc/openldap/slapd.conf{,.default} + chown ldap:ldap /var/lib/openldap-{data,ldbm,slurp} + + if use ssl; then + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "add 'TLS_REQCERT never' if you want to use them." + fi + openldap_upgrade_warning +} |