CVE-2006-5779, bug #154349. Please note that all revision sets (both stable and unstable features) have been bumped. See the bug for the stability target matrix.

Package-Manager: portage-2.1.2_rc1-r7
author: Robin H. Johnson <robbat2@gentoo.org> 2006-11-21 10:06:39 +0000
committer: Robin H. Johnson <robbat2@gentoo.org> 2006-11-21 10:06:39 +0000
commit: eb504fcd777b993411cbc66e491618301d47ddf2 (patch)
tree: d5ae4ab1ccaaab6b518c6f1f91121c15178d0e3e /net-nds
parent: we dont need the watch patch again. (diff)
download: historical-eb504fcd777b993411cbc66e491618301d47ddf2.tar.gz
historical-eb504fcd777b993411cbc66e491618301d47ddf2.tar.bz2
historical-eb504fcd777b993411cbc66e491618301d47ddf2.zip
13 files changed, 2044 insertions, 5 deletions
diff --git a/net-nds/openldap/ChangeLog b/net-nds/openldap/ChangeLog
index 66910964793b..fcde6f8e732f 100644
--- a/net-nds/openldap/ChangeLog
+++ b/net-nds/openldap/ChangeLog
@@ -1,6 +1,20 @@
 # ChangeLog for net-nds/openldap
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.219 2006/10/19 12:50:23 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.220 2006/11/21 10:06:39 robbat2 Exp $
+
+*openldap-2.3.27-r3 (21 Nov 2006)
+*openldap-2.2.28-r6 (21 Nov 2006)
+*openldap-2.2.28-r5 (21 Nov 2006)
+*openldap-2.1.30-r9 (21 Nov 2006)
+*openldap-2.1.30-r8 (21 Nov 2006)
+
+  21 Nov 2006; Robin H. Johnson <robbat2@gentoo.org>
+  +files/openldap-2.3.27-CVE-2006-5779.patch, +openldap-2.1.30-r8.ebuild,
+  +openldap-2.1.30-r9.ebuild, +openldap-2.2.28-r5.ebuild,
+  +openldap-2.2.28-r6.ebuild, +openldap-2.3.27-r3.ebuild:
+  CVE-2006-5779, bug #154349. Please note that all revision sets (both stable
+  and unstable features) have been bumped. See the bug for the stability
+  target matrix.
 
   19 Oct 2006; Aron Griffis <agriffis@gentoo.org> openldap-2.3.27-r2.ebuild:
   Mark 2.3.27-r2 stable on ia64. #144862
diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest
index 62687247a9d2..8697f5f653a0 100644
--- a/net-nds/openldap/Manifest
+++ b/net-nds/openldap/Manifest
@@ -110,6 +110,10 @@ AUX openldap-2.3.24-contrib-smbk5pwd.patch 1631 RMD160 01e394da82c2ca8493d0dc15c
 MD5 c3eaf17d4936f6793f9c6486c51ef677 files/openldap-2.3.24-contrib-smbk5pwd.patch 1631
 RMD160 01e394da82c2ca8493d0dc15c400675545f463bb files/openldap-2.3.24-contrib-smbk5pwd.patch 1631
 SHA256 277990c6bc9e00c29bc5123d5074e1a741a224e884f92651b301375b02edc70e files/openldap-2.3.24-contrib-smbk5pwd.patch 1631
+AUX openldap-2.3.27-CVE-2006-5779.patch 1197 RMD160 9f97d7022eb74b0cb659a80153c022c7286102f9 SHA1 dd8da7102f77ace7add69fc3ab62880ebbd2cdcf SHA256 be408486602937511326edcdc8dad7a4e4de052ff1cac8b7d23bcf58bb5c41b6
+MD5 9aca314fefd4479767946b6c2b5ca38c files/openldap-2.3.27-CVE-2006-5779.patch 1197
+RMD160 9f97d7022eb74b0cb659a80153c022c7286102f9 files/openldap-2.3.27-CVE-2006-5779.patch 1197
+SHA256 be408486602937511326edcdc8dad7a4e4de052ff1cac8b7d23bcf58bb5c41b6 files/openldap-2.3.27-CVE-2006-5779.patch 1197
 DIST openldap-2.1.30.tgz 2044673 RMD160 431aa798c6197530c17611b931f0169d7a53e831 SHA1 c036f88abbafc16cb64c4e00ccc1c65563864755 SHA256 7fcefd45dfc82038cf0875e36b86a67d3af44b6a734e0127bae9ff2582ae8b25
 DIST openldap-2.2.28.tgz 2630427 RMD160 ca3f5aff42e6afc6b7c0a62beb8c13d4ff43d44c SHA1 0b3a3b9b61f6f033685218957fb84ba1d58887de SHA256 05c75b719305578dec799f05eaddae6b77eb51857abc6284e47b6abc4317dfba
 DIST openldap-2.3.24.tgz 3756405 RMD160 8b4be685de2c2a7ace1debe97d5bda2354b57a06 SHA1 e00f7a017d9223708b77b0df3a612d236789b380 SHA256 e5247204dc0a41fa9b14ec1110fd2c179210b2288b27ebdee0a465b9e8e100cf
@@ -122,6 +126,14 @@ EBUILD openldap-2.1.30-r7.ebuild 8932 RMD160 cef414707aea66c2b9161020087e2b1fbca
 MD5 7e336278947df5aac46b8bbff0eb29b8 openldap-2.1.30-r7.ebuild 8932
 RMD160 cef414707aea66c2b9161020087e2b1fbca31377 openldap-2.1.30-r7.ebuild 8932
 SHA256 72af57c54696c77c32e6c0b75674feff6bb313035fad8c83d00220aef973d20e openldap-2.1.30-r7.ebuild 8932
+EBUILD openldap-2.1.30-r8.ebuild 8299 RMD160 8bf8ac05fd02727eabe8d9e9b6b5a3ee5babbff3 SHA1 993e182ba5c2c0283052f66392ddd1faab32bd17 SHA256 7009b5b80744303e89ed90f1337257d9769954a3603a80352764ddfffa8936b8
+MD5 9261c9b7282b6b591a2ae33b6b7bb028 openldap-2.1.30-r8.ebuild 8299
+RMD160 8bf8ac05fd02727eabe8d9e9b6b5a3ee5babbff3 openldap-2.1.30-r8.ebuild 8299
+SHA256 7009b5b80744303e89ed90f1337257d9769954a3603a80352764ddfffa8936b8 openldap-2.1.30-r8.ebuild 8299
+EBUILD openldap-2.1.30-r9.ebuild 9044 RMD160 df07f5f73d2889a22d6f6f5093023a1afa9ec2aa SHA1 b65afd79b9fe96ed8d377a741e3d2ed0573477d1 SHA256 261b9625a036e04b16c4e311dc32ea65b1d97e94f6663be09f4a9213f5c7b4c8
+MD5 d613df3636750dd3df690ea2ab76e945 openldap-2.1.30-r9.ebuild 9044
+RMD160 df07f5f73d2889a22d6f6f5093023a1afa9ec2aa openldap-2.1.30-r9.ebuild 9044
+SHA256 261b9625a036e04b16c4e311dc32ea65b1d97e94f6663be09f4a9213f5c7b4c8 openldap-2.1.30-r9.ebuild 9044
 EBUILD openldap-2.2.28-r3.ebuild 13759 RMD160 45424c3b76cd0071c45afcd13d6cde0f19844b25 SHA1 097980f1f29cbb8eec2d657a5074e99759f75261 SHA256 10bf91774089fd4552d7dbaa108b6aaa290e3a49fb72a2290fcf555859f6e596
 MD5 6d7a94de921228452b007a3052055528 openldap-2.2.28-r3.ebuild 13759
 RMD160 45424c3b76cd0071c45afcd13d6cde0f19844b25 openldap-2.2.28-r3.ebuild 13759
@@ -130,6 +142,14 @@ EBUILD openldap-2.2.28-r4.ebuild 15070 RMD160 5dd533cbad58ca63cf74e615d3e57e5cb6
 MD5 b4774b3a30167a67b0b6f69fabfa4c33 openldap-2.2.28-r4.ebuild 15070
 RMD160 5dd533cbad58ca63cf74e615d3e57e5cb6430ef1 openldap-2.2.28-r4.ebuild 15070
 SHA256 3acdadb055a0a3128e347a4026aea869abed1151389f646e55af516dc3d5fdaa openldap-2.2.28-r4.ebuild 15070
+EBUILD openldap-2.2.28-r5.ebuild 13882 RMD160 fcd9ac3ca024e1b7103699820ba713cbe1c52b25 SHA1 e0f167f7e30d77079469c0ef4a3811ee52a1d9d6 SHA256 dcdbc2a056186b2554c9cba6ebd6266edaa8e80b28e3616bd3f0342ccf6ce09d
+MD5 1befd813a3e05880167973cc26bcd158 openldap-2.2.28-r5.ebuild 13882
+RMD160 fcd9ac3ca024e1b7103699820ba713cbe1c52b25 openldap-2.2.28-r5.ebuild 13882
+SHA256 dcdbc2a056186b2554c9cba6ebd6266edaa8e80b28e3616bd3f0342ccf6ce09d openldap-2.2.28-r5.ebuild 13882
+EBUILD openldap-2.2.28-r6.ebuild 15182 RMD160 6c89460e2bbdd2b103b75b35fa5a330f7eacfcc8 SHA1 af995cefb935a943d1aeeb5e42e7f89caaaa714a SHA256 accfbb8bff6545b52437d290700c5f52fc949ad527daaacee37e30b6f9ea36f5
+MD5 128c38b707eebe22b9a18f83a48eb21c openldap-2.2.28-r6.ebuild 15182
+RMD160 6c89460e2bbdd2b103b75b35fa5a330f7eacfcc8 openldap-2.2.28-r6.ebuild 15182
+SHA256 accfbb8bff6545b52437d290700c5f52fc949ad527daaacee37e30b6f9ea36f5 openldap-2.2.28-r6.ebuild 15182
 EBUILD openldap-2.3.24-r1.ebuild 14268 RMD160 b5f01fb5ffc7eb1232bca4bb717d5de3d9d6cf02 SHA1 159add9ffaea974e73cc15edfde3cd48dd1ea31c SHA256 7568e3e249db5b4045a9326c40bcdf356649e70fe49de3ca15a8dab77b7f0e42
 MD5 de5dd9e1c32a1488d167678c67afbaa4 openldap-2.3.24-r1.ebuild 14268
 RMD160 b5f01fb5ffc7eb1232bca4bb717d5de3d9d6cf02 openldap-2.3.24-r1.ebuild 14268
@@ -146,14 +166,18 @@ EBUILD openldap-2.3.27-r2.ebuild 17748 RMD160 bbf6fd8b11b1f5bfabb92708fa691ae6d3
 MD5 09b76d174fad339d6ba0ec0ae193eaad openldap-2.3.27-r2.ebuild 17748
 RMD160 bbf6fd8b11b1f5bfabb92708fa691ae6d3d7ef08 openldap-2.3.27-r2.ebuild 17748
 SHA256 218abbd2adee5838c72a7488af8335e9fd18f8e8278d58876c7132e7cbfd5c00 openldap-2.3.27-r2.ebuild 17748
+EBUILD openldap-2.3.27-r3.ebuild 17926 RMD160 905888d142b3a9832961f02abdbde3e80f60991c SHA1 1d8deaab368390e491b31b5c8de6fc8a7ad81291 SHA256 4af43e3ae847b799c1f6396de55fdb91daa155bff7147c77979a9cd1cb38970d
+MD5 dc8aa1f12644b15966b6086c268b55fa openldap-2.3.27-r3.ebuild 17926
+RMD160 905888d142b3a9832961f02abdbde3e80f60991c openldap-2.3.27-r3.ebuild 17926
+SHA256 4af43e3ae847b799c1f6396de55fdb91daa155bff7147c77979a9cd1cb38970d openldap-2.3.27-r3.ebuild 17926
 EBUILD openldap-2.3.27.ebuild 17369 RMD160 859df9b9b8573504279e6ef77e3a2d22f3c9878f SHA1 12fcf326e2104aaa3668cb4eff99600a5999f9b0 SHA256 2f562d8dc4e20f8717361e1c50190038e8226ce7652f33857a82bc724e0ec67a
 MD5 73b37e4d08c002487a4bafa2722492ca openldap-2.3.27.ebuild 17369
 RMD160 859df9b9b8573504279e6ef77e3a2d22f3c9878f openldap-2.3.27.ebuild 17369
 SHA256 2f562d8dc4e20f8717361e1c50190038e8226ce7652f33857a82bc724e0ec67a openldap-2.3.27.ebuild 17369
-MISC ChangeLog 37555 RMD160 ae1bcaa96ce129bfb38ee6a1b32b1f516fb0f9f5 SHA1 25dc6b733bcb68cc72ef13f365091a7d70122bdf SHA256 2e75b5dfa2e65c4e5b01e8f56f6567d5aa5030151afc033fbdf050059eddad13
-MD5 c77cdace83e4cbf5a3d56a03576675f9 ChangeLog 37555
-RMD160 ae1bcaa96ce129bfb38ee6a1b32b1f516fb0f9f5 ChangeLog 37555
-SHA256 2e75b5dfa2e65c4e5b01e8f56f6567d5aa5030151afc033fbdf050059eddad13 ChangeLog 37555
+MISC ChangeLog 38137 RMD160 11bf0cf46c94c8f4f94183164c306015b95b5d4b SHA1 ba711e899765bafcfc4d8a959125554f01c27087 SHA256 34f6bdcc996d05f85c7313353e507964f4e2255aa7b287ea39d3d3e6b13d8ca4
+MD5 cad588797e15a1cd4d646951c0bc6235 ChangeLog 38137
+RMD160 11bf0cf46c94c8f4f94183164c306015b95b5d4b ChangeLog 38137
+SHA256 34f6bdcc996d05f85c7313353e507964f4e2255aa7b287ea39d3d3e6b13d8ca4 ChangeLog 38137
 MISC metadata.xml 240 RMD160 3dfef965b1bac3faa4abfec78fb98b0ed5a9ddaf SHA1 21c64f9ef102b6649bccfca61f06d7b328ef1727 SHA256 fecb6db825d33099fa9f18392db0b7a5ab89a4895ac6ca0f8a2313f348dfaaa6
 MD5 9a8efd7efb44b06913bf1d906d493407 metadata.xml 240
 RMD160 3dfef965b1bac3faa4abfec78fb98b0ed5a9ddaf metadata.xml 240
@@ -164,12 +188,24 @@ SHA256 93bf80b5f142956ebcafc98f71500106ffddbf3e1bfd5986c3573a6567e61b54 files/di
 MD5 c9e269ba9c43c4aefb19e6cce36405a6 files/digest-openldap-2.1.30-r7 241
 RMD160 41352ebe2a161b8683f2706cb6c460c4ba4e1fee files/digest-openldap-2.1.30-r7 241
 SHA256 93bf80b5f142956ebcafc98f71500106ffddbf3e1bfd5986c3573a6567e61b54 files/digest-openldap-2.1.30-r7 241
+MD5 c9e269ba9c43c4aefb19e6cce36405a6 files/digest-openldap-2.1.30-r8 241
+RMD160 41352ebe2a161b8683f2706cb6c460c4ba4e1fee files/digest-openldap-2.1.30-r8 241
+SHA256 93bf80b5f142956ebcafc98f71500106ffddbf3e1bfd5986c3573a6567e61b54 files/digest-openldap-2.1.30-r8 241
+MD5 c9e269ba9c43c4aefb19e6cce36405a6 files/digest-openldap-2.1.30-r9 241
+RMD160 41352ebe2a161b8683f2706cb6c460c4ba4e1fee files/digest-openldap-2.1.30-r9 241
+SHA256 93bf80b5f142956ebcafc98f71500106ffddbf3e1bfd5986c3573a6567e61b54 files/digest-openldap-2.1.30-r9 241
 MD5 7e4e22b26b4b86007460dcf3252bc08c files/digest-openldap-2.2.28-r3 482
 RMD160 f24d179480f1f0d0b0138beb7675e2d99dcb2419 files/digest-openldap-2.2.28-r3 482
 SHA256 f158ecb35b525da1bd32b3d0742f83a05ae925d77d71fcf9268584c06e07de63 files/digest-openldap-2.2.28-r3 482
 MD5 7e4e22b26b4b86007460dcf3252bc08c files/digest-openldap-2.2.28-r4 482
 RMD160 f24d179480f1f0d0b0138beb7675e2d99dcb2419 files/digest-openldap-2.2.28-r4 482
 SHA256 f158ecb35b525da1bd32b3d0742f83a05ae925d77d71fcf9268584c06e07de63 files/digest-openldap-2.2.28-r4 482
+MD5 7e4e22b26b4b86007460dcf3252bc08c files/digest-openldap-2.2.28-r5 482
+RMD160 f24d179480f1f0d0b0138beb7675e2d99dcb2419 files/digest-openldap-2.2.28-r5 482
+SHA256 f158ecb35b525da1bd32b3d0742f83a05ae925d77d71fcf9268584c06e07de63 files/digest-openldap-2.2.28-r5 482
+MD5 7e4e22b26b4b86007460dcf3252bc08c files/digest-openldap-2.2.28-r6 482
+RMD160 f24d179480f1f0d0b0138beb7675e2d99dcb2419 files/digest-openldap-2.2.28-r6 482
+SHA256 f158ecb35b525da1bd32b3d0742f83a05ae925d77d71fcf9268584c06e07de63 files/digest-openldap-2.2.28-r6 482
 MD5 90715e5ebf5339aaaa881c3ed3b46b3c files/digest-openldap-2.3.24-r1 241
 RMD160 13c05b3ac61d04c0b78a7788823a866477e2eb16 files/digest-openldap-2.3.24-r1 241
 SHA256 1421251aff6fc052097eddf5d854cd3001eaa984555a64343b705d18325b7ece files/digest-openldap-2.3.24-r1 241
@@ -185,3 +221,6 @@ SHA256 5647879ba591b3ec35a04e87326cf4526f35239aa4c30434e4dc4b055fba7154 files/di
 MD5 11da1511848af420c24e05af22af0d36 files/digest-openldap-2.3.27-r2 241
 RMD160 6d2cb0114f4d36e4ab6901507bc8d2c075392344 files/digest-openldap-2.3.27-r2 241
 SHA256 5647879ba591b3ec35a04e87326cf4526f35239aa4c30434e4dc4b055fba7154 files/digest-openldap-2.3.27-r2 241
+MD5 11da1511848af420c24e05af22af0d36 files/digest-openldap-2.3.27-r3 241
+RMD160 6d2cb0114f4d36e4ab6901507bc8d2c075392344 files/digest-openldap-2.3.27-r3 241
+SHA256 5647879ba591b3ec35a04e87326cf4526f35239aa4c30434e4dc4b055fba7154 files/digest-openldap-2.3.27-r3 241
diff --git a/net-nds/openldap/files/digest-openldap-2.1.30-r8 b/net-nds/openldap/files/digest-openldap-2.1.30-r8
new file mode 100644
index 000000000000..afc64cb183fd
--- /dev/null
+++ b/net-nds/openldap/files/digest-openldap-2.1.30-r8
@@ -0,0 +1,3 @@
+MD5 e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz 2044673
+RMD160 431aa798c6197530c17611b931f0169d7a53e831 openldap-2.1.30.tgz 2044673
+SHA256 7fcefd45dfc82038cf0875e36b86a67d3af44b6a734e0127bae9ff2582ae8b25 openldap-2.1.30.tgz 2044673
diff --git a/net-nds/openldap/files/digest-openldap-2.1.30-r9 b/net-nds/openldap/files/digest-openldap-2.1.30-r9
new file mode 100644
index 000000000000..afc64cb183fd
--- /dev/null
+++ b/net-nds/openldap/files/digest-openldap-2.1.30-r9
@@ -0,0 +1,3 @@
+MD5 e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz 2044673
+RMD160 431aa798c6197530c17611b931f0169d7a53e831 openldap-2.1.30.tgz 2044673
+SHA256 7fcefd45dfc82038cf0875e36b86a67d3af44b6a734e0127bae9ff2582ae8b25 openldap-2.1.30.tgz 2044673
diff --git a/net-nds/openldap/files/digest-openldap-2.2.28-r5 b/net-nds/openldap/files/digest-openldap-2.2.28-r5
new file mode 100644
index 000000000000..7f47e31dd5fd
--- /dev/null
+++ b/net-nds/openldap/files/digest-openldap-2.2.28-r5
@@ -0,0 +1,6 @@
+MD5 e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz 2044673
+RMD160 431aa798c6197530c17611b931f0169d7a53e831 openldap-2.1.30.tgz 2044673
+SHA256 7fcefd45dfc82038cf0875e36b86a67d3af44b6a734e0127bae9ff2582ae8b25 openldap-2.1.30.tgz 2044673
+MD5 b51db7328430b9cbe527696da726f1fb openldap-2.2.28.tgz 2630427
+RMD160 ca3f5aff42e6afc6b7c0a62beb8c13d4ff43d44c openldap-2.2.28.tgz 2630427
+SHA256 05c75b719305578dec799f05eaddae6b77eb51857abc6284e47b6abc4317dfba openldap-2.2.28.tgz 2630427
diff --git a/net-nds/openldap/files/digest-openldap-2.2.28-r6 b/net-nds/openldap/files/digest-openldap-2.2.28-r6
new file mode 100644
index 000000000000..7f47e31dd5fd
--- /dev/null
+++ b/net-nds/openldap/files/digest-openldap-2.2.28-r6
@@ -0,0 +1,6 @@
+MD5 e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz 2044673
+RMD160 431aa798c6197530c17611b931f0169d7a53e831 openldap-2.1.30.tgz 2044673
+SHA256 7fcefd45dfc82038cf0875e36b86a67d3af44b6a734e0127bae9ff2582ae8b25 openldap-2.1.30.tgz 2044673
+MD5 b51db7328430b9cbe527696da726f1fb openldap-2.2.28.tgz 2630427
+RMD160 ca3f5aff42e6afc6b7c0a62beb8c13d4ff43d44c openldap-2.2.28.tgz 2630427
+SHA256 05c75b719305578dec799f05eaddae6b77eb51857abc6284e47b6abc4317dfba openldap-2.2.28.tgz 2630427
diff --git a/net-nds/openldap/files/digest-openldap-2.3.27-r3 b/net-nds/openldap/files/digest-openldap-2.3.27-r3
new file mode 100644
index 000000000000..3b74e66a0d3f
--- /dev/null
+++ b/net-nds/openldap/files/digest-openldap-2.3.27-r3
@@ -0,0 +1,3 @@
+MD5 0fbae4e9279aaa586adcd9f19b66a5ed openldap-2.3.27.tgz 3757519
+RMD160 8c25c39689daa515f14e88611490ae6d8df0911c openldap-2.3.27.tgz 3757519
+SHA256 6ddf211d65aa62bb2165a612f96545d5dc8baf01d269e0f7945ebe066c282ed7 openldap-2.3.27.tgz 3757519
diff --git a/net-nds/openldap/files/openldap-2.3.27-CVE-2006-5779.patch b/net-nds/openldap/files/openldap-2.3.27-CVE-2006-5779.patch
new file mode 100644
index 000000000000..194ceb9bad58
--- /dev/null
+++ b/net-nds/openldap/files/openldap-2.3.27-CVE-2006-5779.patch
@@ -0,0 +1,36 @@
+Patch from upstream repository.
+
+RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/getdn.c,v
+retrieving revision 1.133
+retrieving revision 1.134
+diff -u -r1.133 -r1.134
+--- libraries/libldap/getdn.c	2006/10/28 02:47:58	1.133
++++ libraries/libldap/getdn.c	2006/11/08 22:57:02	1.134
+@@ -2016,7 +2016,7 @@
+ strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
+ {
+ 	ber_len_t	l, cl = 1;
+-	char		*p;
++	char		*p, *end;
+ 	int		escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3;
+ #ifdef PRETTY_ESCAPE
+ 	int		escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3;
+@@ -2030,7 +2030,8 @@
+ 		return( 0 );
+ 	}
+ 
+-	for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) {
++	end = val->bv_val + val->bv_len - 1;
++	for ( l = 0, p = val->bv_val; p <= end; p += cl ) {
+ 
+ 		/* 
+ 		 * escape '%x00' 
+@@ -2059,7 +2060,7 @@
+ 		} else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
+ 				|| LDAP_DN_SHOULDESCAPE( p[ 0 ] )
+ 				|| ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
+-				|| ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
++				|| ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+ #ifdef PRETTY_ESCAPE
+ #if 0
+ 			if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) {
diff --git a/net-nds/openldap/openldap-2.1.30-r8.ebuild b/net-nds/openldap/openldap-2.1.30-r8.ebuild
new file mode 100644
index 000000000000..b6eeb0f1f6c3
--- /dev/null
+++ b/net-nds/openldap/openldap-2.1.30-r8.ebuild
@@ -0,0 +1,262 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.1.30-r8.ebuild,v 1.1 2006/11/21 10:06:39 robbat2 Exp $
+
+inherit eutils
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
+
+LICENSE="OPENLDAP"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="berkdb crypt debug gdbm ipv6 odbc perl readline samba sasl slp ssl tcpd selinux"
+
+DEPEND=">=sys-libs/ncurses-5.1
+	>=sys-apps/sed-4
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	ssl? ( >=dev-libs/openssl-0.9.6 )
+	readline? ( >=sys-libs/readline-4.1 )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.7-r3 )
+	odbc? ( dev-db/unixODBC )
+	slp? ( >=net-libs/openslp-1.0 )
+	perl? ( >=dev-lang/perl-5.6 )
+	samba? ( >=dev-libs/openssl-0.9.6 )"
+
+# note that the 'samba' USE flag pulling in OpenSSL is NOT an error.  OpenLDAP
+# uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like
+# mine at work)!
+# Robin H. Johnson <robbat2@gentoo.org> March 8, 2004
+
+# if USE=berkdb
+#	pull in sys-libs/db
+# else if USE=gdbm
+#	pull in sys-libs/gdbm
+# else
+#	pull in sys-libs/db
+DEPEND="${DEPEND}
+	berkdb? ( >=sys-libs/db-4.1.25_p1-r3 )
+	!berkdb? (
+		gdbm? ( >=sys-libs/gdbm-1.8.0 )
+		!gdbm? ( >=sys-libs/db-4.1.25_p1-r3 )
+	)"
+
+RDEPEND="
+	${DEPEND}
+	selinux? ( sec-policy/selinux-openldap )"
+
+pkg_preinst() {
+	enewgroup ldap 439
+	enewuser ldap 439 -1 /usr/lib/openldap ldap
+}
+
+pkg_setup() {
+	if has_version "<=dev-lang/perl-5.8.8_rc1" && built_with_use dev-lang/perl minimal ; then
+		die "You must have a complete (USE='-minimal') Perl install to use the perl backend!"
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+
+	# According to MDK, the link order needs to be changed so that
+	# on systems w/ MD5 passwords the system crypt library is used
+	# (the net result is that "passwd" can be used to change ldap passwords w/
+	#  proper pam support)
+	sed -ie 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \
+		${S}/servers/slapd/Makefile.in
+
+	# Fix up DB-4.0 linking problem
+	# remember to autoconf! this expands configure by 500 lines (4 lines to m4
+	# stuff).
+	epatch ${FILESDIR}/${PN}-2.1.30-db40.patch
+	epatch ${FILESDIR}/${PN}-2.1.30-tls-activedirectory-hang-fix.patch
+
+	# Security bug #96767
+	# http://bugzilla.padl.com/show_bug.cgi?id=210
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.26-tls-fix-connection-test.patch
+
+	# supersedes old fix for bug #31202
+	cd ${S}
+	epatch ${FILESDIR}/${PN}-2.1.27-perlthreadsfix.patch
+
+	# fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't
+	# do it perfectly.
+	cd ${S}/build
+	ln -s shtool install
+	ln -s shtool install.sh
+
+	# ximian connector 1.4.7 ntlm patch
+	cd ${S}
+	epatch ${FILESDIR}/${PN}-2.1.30-ximian_connector.patch
+
+	export WANT_AUTOMAKE="1.9"
+	export WANT_AUTOCONF="2.5"
+	#make files ready for new autoconf
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf25.patch
+
+	# CVE-2006-5779, bug #154349
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.3.27-CVE-2006-5779.patch
+
+	# reconf compat and current for RPATH solve
+	cd ${WORKDIR}/${S}
+	einfo "Running libtoolize on ${S}"
+	libtoolize --copy --force
+	einfo "Running aclocal on ${S}"
+	aclocal || die "aclocal failed"
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-rpath.patch
+	einfo "Running autoconf on ${S}"
+	autoconf || die "autoconf failed"
+}
+
+src_compile() {
+	local myconf
+
+	# enable debugging to syslog
+	use debug && myconf="${myconf} --enable-debug"
+	myconf="${myconf} --enable-syslog"
+
+	# enable slapd/slurpd servers
+	myconf="${myconf} --enable-ldap"
+	myconf="${myconf} --enable-slapd --enable-slurpd"
+
+	myconf="${myconf} `use_enable crypt`"
+	myconf="${myconf} `use_enable ipv6`"
+	myconf="${myconf} `use_with sasl cyrus-sasl` `use_enable sasl spasswd`"
+	myconf="${myconf} `use_with readline`"
+	myconf="${myconf} `use_with ssl tls` `use_with samba lmpasswd`"
+	myconf="${myconf} `use_enable tcpd wrappers`"
+	myconf="${myconf} `use_enable odbc sql`"
+	myconf="${myconf} `use_enable perl`"
+	myconf="${myconf} `use_enable slp`"
+
+	myconf="${myconf} --enable-ldbm"
+	myconf_berkdb='--enable-bdb --with-ldbm-api=berkeley'
+	myconf_gdbm='--disable-bdb --with-ldbm-api=gdbm'
+	if use berkdb; then
+		einfo "Using Berkeley DB for local backend"
+		myconf="${myconf} ${myconf_berkdb}"
+	elif use gdbm; then
+		einfo "Using GDBM for local backend"
+		myconf="${myconf} ${myconf_gdbm}"
+	else
+		ewarn "Neither gdbm or berkdb USE flags present, falling back to"
+		ewarn "Berkeley DB for local backend"
+		myconf="${myconf} ${myconf_berkdb}"
+	fi
+
+	# alas, for BSD only
+	#myconf="${myconf} --with-fetch"
+
+	myconf="${myconf} --enable-dynamic --enable-modules"
+	myconf="${myconf} --enable-rewrite --enable-rlookups"
+	myconf="${myconf} --enable-passwd --enable-phonetic"
+	myconf="${myconf} --enable-dnssrv --enable-ldap"
+	myconf="${myconf} --enable-meta --enable-monitor"
+	myconf="${myconf} --enable-null --enable-shell"
+	myconf="${myconf} --enable-local --enable-proctitle"
+
+	# disabled options
+	# --with-bdb-module=dynamic
+	# --enable-dnsserv --with-dnsserv-module=dynamic
+
+	econf \
+		--enable-static \
+		--enable-shared \
+		--libexecdir=/usr/lib/openldap \
+		${myconf} || die "configure failed"
+
+	make depend || die "make depend failed"
+	make || die "make failed"
+
+}
+
+src_test() {
+	einfo "Doing tests"
+	cd tests ; make tests || die "make tests failed"
+}
+
+src_install() {
+	make DESTDIR=${D} install || die "make install failed"
+
+	dodoc ANNOUNCEMENT CHANGES COPYRIGHT README LICENSE
+	docinto rfc ; dodoc doc/rfc/*.txt
+
+	# make state directories
+	for x in data slurp ldbm; do
+		keepdir /var/lib/openldap-${x}
+		fowners ldap:ldap /var/lib/openldap-${x}
+		fperms 0700 /var/lib/openldap-${x}
+	done
+
+	# manually remove /var/tmp references in .la
+	# because it is packaged with an ancient libtool
+	for x in ${D}/usr/lib/lib*.la; do
+		sed -i -e "s:-L${S}[/]*libraries::" ${x}
+	done
+
+	# change slapd.pid location in configuration file
+	keepdir /var/run/openldap
+	fowners ldap:ldap /var/run/openldap
+	fperms 0755 /var/run/openldap
+	for f in /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default; do
+		sed -e "s:/var/lib/slapd.:/var/run/openldap/slapd.:" -i ${D}/${f}
+		sed -e "/database\tbdb$/acheckpoint	32	30 # <kbyte> <min>" -i ${D}/${f}
+		fowners root:ldap ${f}
+		fperms 0640 ${f}
+	done
+
+	# install our own init scripts
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/2.0/slapd slapd
+	newexe ${FILESDIR}/2.0/slurpd slurpd
+	insinto /etc/conf.d
+	newins ${FILESDIR}/2.0/slapd.conf slapd
+
+	# install MDK's ssl cert script
+	if use ssl || use samba; then
+		dodir /etc/openldap/ssl
+		exeinto /etc/openldap/ssl
+		doexe ${FILESDIR}/gencert.sh
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		# make a self-signed ssl cert (if there isn't one there already)
+		if [ ! -e /etc/openldap/ssl/ldap.pem ]
+		then
+			cd /etc/openldap/ssl
+			yes "" | sh gencert.sh
+			chmod 640 ldap.pem
+			chown root:ldap ldap.pem
+		else
+			einfo "An LDAP cert already appears to exist, no creating"
+		fi
+	fi
+
+	# Since moving to running openldap as user ldap there are some
+	# permissions problems with directories and files.
+	# Let's make sure these permissions are correct.
+	chown ldap:ldap /var/run/openldap
+	chmod 0755 /var/run/openldap
+	chown root:ldap /etc/openldap/slapd.conf
+	chmod 0640 /etc/openldap/slapd.conf
+	chown root:ldap /etc/openldap/slapd.conf.default
+	chmod 0640 /etc/openldap/slapd.conf.default
+	chown ldap:ldap /var/lib/openldap-{data,ldbm,slurp}
+
+	# notes from bug #41297, bug #41039
+	ewarn "If you are upgrading from OpenLDAP 2.0, major changes have occured:"
+	ewarn "- bind_anon_dn is now disabled by default for security"
+	ewarn "  add 'allow bind_anon_dn' to your config for the old behavior."
+	ewarn "- Default schemas have changed, you should slapcat your entire DB to"
+	ewarn "  a file, delete your DB, and then slapadd it again. Alternatively"
+	ewarn "  you can try slapindex which should work in almost all cases. Be"
+	ewarn "  sure to check the permissions on the database files afterwards!"
+	if use ssl; then
+		ewarn "- Self-signed SSL certificates are treated harshly by OpenLDAP 2.1"
+		ewarn "  add 'TLS_REQCERT never' if you want to use them."
+	fi
+}
diff --git a/net-nds/openldap/openldap-2.1.30-r9.ebuild b/net-nds/openldap/openldap-2.1.30-r9.ebuild
new file mode 100644
index 000000000000..173c59ef6172
--- /dev/null
+++ b/net-nds/openldap/openldap-2.1.30-r9.ebuild
@@ -0,0 +1,283 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.1.30-r9.ebuild,v 1.1 2006/11/21 10:06:39 robbat2 Exp $
+
+inherit eutils
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
+
+LICENSE="OPENLDAP"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="berkdb crypt debug gdbm ipv6 odbc perl readline samba sasl slp ssl tcpd selinux"
+
+DEPEND=">=sys-libs/ncurses-5.1
+	>=sys-apps/sed-4
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	ssl? ( >=dev-libs/openssl-0.9.6 )
+	readline? ( >=sys-libs/readline-4.1 )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.7-r3 )
+	odbc? ( dev-db/unixODBC )
+	slp? ( >=net-libs/openslp-1.0 )
+	perl? ( >=dev-lang/perl-5.6 )
+	samba? ( >=dev-libs/openssl-0.9.6 )"
+
+# note that the 'samba' USE flag pulling in OpenSSL is NOT an error.  OpenLDAP
+# uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like
+# mine at work)!
+# Robin H. Johnson <robbat2@gentoo.org> March 8, 2004
+
+# if USE=berkdb
+#	pull in sys-libs/db
+# else if USE=gdbm
+#	pull in sys-libs/gdbm
+# else
+#	pull in sys-libs/db
+DEPEND="${DEPEND}
+	berkdb? ( >=sys-libs/db-4.1.25_p1-r3 )
+	!berkdb? (
+		gdbm? ( >=sys-libs/gdbm-1.8.0 )
+		!gdbm? ( >=sys-libs/db-4.1.25_p1-r3 )
+	)"
+
+RDEPEND="
+	${DEPEND}
+	selinux? ( sec-policy/selinux-openldap )"
+
+pkg_preinst() {
+	enewgroup ldap 439
+	enewuser ldap 439 -1 /usr/lib/openldap ldap
+}
+
+pkg_setup() {
+	if has_version "<=dev-lang/perl-5.8.8_rc1" && built_with_use dev-lang/perl minimal ; then
+		die "You must have a complete (USE='-minimal') Perl install to use the perl backend!"
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+
+	# According to MDK, the link order needs to be changed so that
+	# on systems w/ MD5 passwords the system crypt library is used
+	# (the net result is that "passwd" can be used to change ldap passwords w/
+	#  proper pam support)
+	sed -ie 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \
+		${S}/servers/slapd/Makefile.in
+
+	# Fix up DB-4.0 linking problem
+	# remember to autoconf! this expands configure by 500 lines (4 lines to m4
+	# stuff).
+	epatch ${FILESDIR}/${PN}-2.1.30-db40.patch
+	epatch ${FILESDIR}/${PN}-2.1.30-tls-activedirectory-hang-fix.patch
+
+	# Security bug #96767
+	# http://bugzilla.padl.com/show_bug.cgi?id=210
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.26-tls-fix-connection-test.patch
+
+	# supersedes old fix for bug #31202
+	cd ${S}
+	epatch ${FILESDIR}/${PN}-2.1.27-perlthreadsfix.patch
+
+	# fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't
+	# do it perfectly.
+	cd ${S}/build
+	ln -s shtool install
+	ln -s shtool install.sh
+
+	# ximian connector 1.4.7 ntlm patch
+	cd ${S}
+	epatch ${FILESDIR}/${PN}-2.1.30-ximian_connector.patch
+
+	export WANT_AUTOMAKE="1.9"
+	export WANT_AUTOCONF="2.5"
+
+	#make files ready for new autoconf
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf25.patch
+
+	# fix AC calls bug #114544
+	EPATCH_OPTS="-p0 -d ${S}/build" epatch ${FILESDIR}/${PN}-2.1.30-m4_underquoted.patch
+
+	# make tests rpath ready
+	EPATCH_OPTS="-p0 -d ${S}/tests" epatch ${FILESDIR}/${PN}-2.1.30-tests.patch
+
+	# make autoconf-archive compatible
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf-archived-fix.patch
+
+	# CVE-2006-5779, bug #154349
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.3.27-CVE-2006-5779.patch
+
+	# reconf compat and current for RPATH solve
+	cd ${S}
+	einfo "Running libtoolize on ${S}"
+	libtoolize --copy --force
+	einfo "Running aclocal on ${S}"
+	aclocal || die "aclocal failed"
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-rpath.patch
+	einfo "Running autoconf on ${S}"
+	autoconf || die "autoconf failed"
+}
+
+src_compile() {
+	local myconf
+
+	# enable debugging to syslog
+	use debug && myconf="${myconf} --enable-debug"
+	myconf="${myconf} --enable-syslog"
+
+	# enable slapd/slurpd servers
+	myconf="${myconf} --enable-ldap"
+	myconf="${myconf} --enable-slapd --enable-slurpd"
+
+	myconf="${myconf} `use_enable crypt`"
+	myconf="${myconf} `use_enable ipv6`"
+	myconf="${myconf} `use_with sasl cyrus-sasl` `use_enable sasl spasswd`"
+	myconf="${myconf} `use_with readline`"
+	myconf="${myconf} `use_with ssl tls` `use_with samba lmpasswd`"
+	myconf="${myconf} `use_enable tcpd wrappers`"
+	myconf="${myconf} `use_enable odbc sql`"
+	myconf="${myconf} `use_enable perl`"
+	myconf="${myconf} `use_enable slp`"
+
+	myconf="${myconf} --enable-ldbm"
+	myconf_berkdb='--enable-bdb --with-ldbm-api=berkeley'
+	myconf_gdbm='--disable-bdb --with-ldbm-api=gdbm'
+	if use berkdb; then
+		einfo "Using Berkeley DB for local backend"
+		myconf="${myconf} ${myconf_berkdb}"
+	elif use gdbm; then
+		einfo "Using GDBM for local backend"
+		myconf="${myconf} ${myconf_gdbm}"
+	else
+		ewarn "Neither gdbm or berkdb USE flags present, falling back to"
+		ewarn "Berkeley DB for local backend"
+		myconf="${myconf} ${myconf_berkdb}"
+	fi
+
+	# alas, for BSD only
+	#myconf="${myconf} --with-fetch"
+
+	myconf="${myconf} --enable-dynamic --enable-modules"
+	myconf="${myconf} --enable-rewrite --enable-rlookups"
+	myconf="${myconf} --enable-passwd --enable-phonetic"
+	myconf="${myconf} --enable-dnssrv --enable-ldap"
+	myconf="${myconf} --enable-meta --enable-monitor"
+	myconf="${myconf} --enable-null --enable-shell"
+	myconf="${myconf} --enable-local --enable-proctitle"
+
+	# disabled options
+	# --with-bdb-module=dynamic
+	# --enable-dnsserv --with-dnsserv-module=dynamic
+
+	econf \
+		--enable-static \
+		--enable-shared \
+		--libexecdir=/usr/lib/openldap \
+		${myconf} || die "configure failed"
+
+	make depend || die "make depend failed"
+	make || die "make failed"
+
+}
+
+src_test() {
+	einfo "Doing tests"
+	cd tests ; make tests || die "make tests failed"
+}
+
+src_install() {
+	make DESTDIR=${D} install || die "make install failed"
+
+	dodoc ANNOUNCEMENT CHANGES COPYRIGHT README LICENSE ${FILESDIR}/DB_CONFIG.fast.example
+	docinto rfc ; dodoc doc/rfc/*.txt
+
+	# make state directories
+	for x in data slurp ldbm; do
+		keepdir /var/lib/openldap-${x}
+		fowners ldap:ldap /var/lib/openldap-${x}
+		fperms 0700 /var/lib/openldap-${x}
+	done
+
+	# manually remove /var/tmp references in .la
+	# because it is packaged with an ancient libtool
+	for x in ${D}/usr/lib/lib*.la; do
+		sed -i -e "s:-L${S}[/]*libraries::" ${x}
+	done
+
+	# change slapd.pid location in configuration file
+	keepdir /var/run/openldap
+	fowners ldap:ldap /var/run/openldap
+	fperms 0755 /var/run/openldap
+	for f in /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default; do
+		sed -e "s:/var/lib/slapd.:/var/run/openldap/slapd.:" -i ${D}/${f}
+		sed -e "/database\tbdb$/acheckpoint	32	30 # <kbyte> <min>" -i ${D}/${f}
+		fowners root:ldap ${f}
+		fperms 0640 ${f}
+	done
+
+	# install our own init scripts
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/2.0/slapd slapd
+	newexe ${FILESDIR}/2.0/slurpd slurpd
+	insinto /etc/conf.d
+	newins ${FILESDIR}/2.0/slapd.conf slapd
+
+	# install MDK's ssl cert script
+	if use ssl || use samba; then
+		dodir /etc/openldap/ssl
+		exeinto /etc/openldap/ssl
+		doexe ${FILESDIR}/gencert.sh
+	fi
+}
+
+pkg_postinst() {
+	if use ssl; then
+		# make a self-signed ssl cert (if there isn't one there already)
+		if [ ! -e /etc/openldap/ssl/ldap.pem ]
+		then
+			cd /etc/openldap/ssl
+			yes "" | sh gencert.sh
+			chmod 640 ldap.pem
+			chown root:ldap ldap.pem
+		else
+			einfo "An LDAP cert already appears to exist, no creating"
+		fi
+	fi
+
+	# Since moving to running openldap as user ldap there are some
+	# permissions problems with directories and files.
+	# Let's make sure these permissions are correct.
+	chown ldap:ldap /var/run/openldap
+	chmod 0755 /var/run/openldap
+	chown root:ldap /etc/openldap/slapd.conf
+	chmod 0640 /etc/openldap/slapd.conf
+	chown root:ldap /etc/openldap/slapd.conf.default
+	chmod 0640 /etc/openldap/slapd.conf.default
+	chown ldap:ldap /var/lib/openldap-{data,ldbm,slurp}
+
+	# notes from bug #41297, bug #41039
+	ewarn "If you are upgrading from OpenLDAP 2.0, major changes have occured:"
+	ewarn "- bind_anon_dn is now disabled by default for security"
+	ewarn "  add 'allow bind_anon_dn' to your config for the old behavior."
+	ewarn "- Default schemas have changed, you should slapcat your entire DB to"
+	ewarn "  a file, delete your DB, and then slapadd it again. Alternatively"
+	ewarn "  you can try slapindex which should work in almost all cases. Be"
+	ewarn "  sure to check the permissions on the database files afterwards!"
+	if use ssl; then
+		ewarn "- Self-signed SSL certificates are treated harshly by OpenLDAP 2.1"
+		ewarn "  add 'TLS_REQCERT never' if you want to use them."
+	fi
+
+	# Reference inclusion bug #77330
+	echo
+	einfo "Getting started using OpenLDAP? There is some documentation available:"
+	einfo "Gentoo Guide to OpenLDAP Authentication"
+	einfo "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
+
+	# note to bug #110412
+	echo
+	einfo "An example file for tuning BDB backends with openldap is:"
+	einfo "/usr/share/doc/${P}/DB_CONFIG.fast.example.gz"
+}
diff --git a/net-nds/openldap/openldap-2.2.28-r5.ebuild b/net-nds/openldap/openldap-2.2.28-r5.ebuild
new file mode 100644
index 000000000000..9547188a4a59
--- /dev/null
+++ b/net-nds/openldap/openldap-2.2.28-r5.ebuild
@@ -0,0 +1,398 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.2.28-r5.ebuild,v 1.1 2006/11/21 10:06:39 robbat2 Exp $
+
+inherit flag-o-matic toolchain-funcs eutils multilib
+
+OLD_PV="2.1.30"
+OLD_P="${PN}-${OLD_PV}"
+OLD_S="${WORKDIR}/${OLD_P}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+SRC_URI="mirror://openldap/openldap-release/${P}.tgz
+	mirror://openldap/openldap-release/${OLD_P}.tgz"
+
+LICENSE="OPENLDAP"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="berkdb crypt debug gdbm ipv6 kerberos minimal odbc perl readline samba sasl slp ssl tcpd selinux"
+
+RDEPEND=">=sys-libs/ncurses-5.1
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	ssl? ( >=dev-libs/openssl-0.9.6 )
+	readline? ( >=sys-libs/readline-4.1 )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.7-r3 )
+	odbc? ( dev-db/unixODBC )
+	slp? ( >=net-libs/openslp-1.0 )
+	perl? ( >=dev-lang/perl-5.6 )
+	samba? ( >=dev-libs/openssl-0.9.6 )
+	kerberos? ( virtual/krb5 )"
+
+# note that the 'samba' USE flag pulling in OpenSSL is NOT an error.  OpenLDAP
+# uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like
+# mine at work)!
+# Robin H. Johnson <robbat2@gentoo.org> March 8, 2004
+
+# if USE=berkdb
+#	pull in sys-libs/db
+# else if USE=gdbm
+#	pull in sys-libs/gdbm
+# else
+#	pull in sys-libs/db
+RDEPEND_BERKDB=">=sys-libs/db-4.2.52_p2-r1"
+RDEPEND_GDBM=">=sys-libs/gdbm-1.8.0"
+RDEPEND="${RDEPEND}
+	berkdb? ( ${RDEPEND_BERKDB} )
+	!berkdb? (
+		gdbm? ( ${RDEPEND_GDBM} )
+		!gdbm? ( ${RDEPEND_BERKDB} )
+	)
+	selinux? ( sec-policy/selinux-openldap )"
+
+DEPEND="${RDEPEND}
+		>=sys-devel/libtool-1.5.18-r1
+		>=sys-apps/sed-4"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG="/var/lib/openldap-data/.version-tag"
+
+#DEPEND="${DEPEND} !<net-nds/openldap-2.2"
+
+openldap_upgrade_warning() {
+	ewarn "If you are upgrading from OpenLDAP-2.1, and run slapd on this"
+	ewarn "machine please see the ebuild for upgrade instructions, otherwise"
+	ewarn "you may corrupt your database!"
+	echo
+	ewarn "Part of the configuration file syntax has changed:"
+	ewarn "'access to attribute=' is now 'access to attrs='"
+	echo
+	ewarn "You must also run revdep-rebuild after upgrading from 2.1 to 2.2:"
+	ewarn "# revdep-rebuild --library liblber.so.2"
+	ewarn "# revdep-rebuild --library libldap.so.2"
+	ewarn "# revdep-rebuild --library libldap_r.so.2"
+}
+
+pkg_setup() {
+	# grab lines
+	openldap_datadirs=""
+	if [ -f ${ROOT}/etc/openldap/slapd.conf ]; then
+		openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
+	fi
+	datafiles=""
+	for d in $openldap_datadirs; do
+		datafiles="${datafiles} $(ls $d/*db* 2>/dev/null)"
+	done
+	# remove extra spaces
+	datafiles="$(echo ${datafiles// })"
+	# TODO: read OPENLDAP_VERSIONTAG instead in future
+	if has_version '<net-nds/openldap-2.2' && [ -n "$datafiles" ]; then
+		eerror "A possible old installation of OpenLDAP was detected"
+		eerror "As major version upgrades to 2.2 can corrupt your database"
+		eerror "You need to dump your database and re-create it afterwards."
+		eerror ""
+		d="$(date -u +%s)"
+		l="/root/ldapdump.${d}"
+		i="${l}.raw"
+		eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+		eerror " 2. slapcat -l ${i}"
+		eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
+		eerror " 4. emerge unmerge '<=net-nds/openldap-2.1*'"
+		eerror " 5. mv /var/lib/openldap-data/ /var/lib/openldap-data,2.1/"
+		eerror " 6. emerge '>=net-nds/openldap-2.2'"
+		eerror " 7. etc-update, and ensure that you apply the changes"
+		eerror " 8. slapadd -l ${l}"
+		eerror " 9. chown ldap:ldap /var/lib/openldap-data/*"
+		eerror "10. /etc/init.d/slapd start"
+		eerror "11. check that your data is intact."
+		eerror "12. set up the new replication system."
+		eerror ""
+		eerror "This install will not proceed until your old data directory"
+		eerror "is at least moved out of the way."
+		#exit 1
+		die "Warning direct upgrade unsafe!"
+	fi
+	openldap_upgrade_warning
+	if has_version "<=dev-lang/perl-5.8.8_rc1" && built_with_use dev-lang/perl minimal ; then
+		die "You must have a complete (USE='-minimal') Perl install to use the perl backend!"
+	fi
+}
+
+pkg_preinst() {
+	openldap_upgrade_warning
+	enewgroup ldap 439
+	enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+}
+
+src_unpack() {
+	unpack ${A}
+
+	# According to MDK, the link order needs to be changed so that
+	# on systems w/ MD5 passwords the system crypt library is used
+	# (the net result is that "passwd" can be used to change ldap passwords w/
+	#  proper pam support)
+	sed -i -e 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \
+		${S}/servers/slapd/Makefile.in
+
+	# Fix up DB-4.0 linking problem
+	# remember to autoconf! this expands configure by 500 lines (4 lines to m4
+	# stuff).
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.14-db40.patch
+
+	# supersedes old fix for bug #31202
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.14-perlthreadsfix.patch
+
+	# Security bug #96767
+	# http://bugzilla.padl.com/show_bug.cgi?id=210
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.26-tls-fix-connection-test.patch
+
+	# ensure correct SLAPI path by default
+	sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
+		${S}/include/ldap_defaults.h
+
+	# fix up some automake stuff
+	#sed -i -e 's,^AC_CONFIG_HEADER,AM_CONFIG_HEADER,' ${S}/configure.in
+
+	# ximian connector 1.4.7 ntlm patch
+	#EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.28-ximian_connector.patch
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.6-ntlm.patch
+
+	# fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't
+	# do it perfectly.
+	cd ${S}/build
+	ln -s shtool install
+	ln -s shtool install.sh
+
+	export WANT_AUTOMAKE="1.9"
+	export WANT_AUTOCONF="2.5"
+
+	# make files ready for new autoconf
+	EPATCH_OPTS="-p0 -d ${WORKDIR}/${OLD_P}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf25.patch
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf25.patch
+
+	# CVE-2006-5779, bug #154349
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.3.27-CVE-2006-5779.patch
+
+	# reconf compat and current for RPATH solve
+	cd ${WORKDIR}/${OLD_P}
+	einfo "Running libtoolize on ${OLD_P}"
+	libtoolize --copy --force
+	einfo "Running aclocal on ${OLD_P}"
+	aclocal || die "aclocal failed"
+	EPATCH_OPTS="-p0 -d ${WORKDIR}/${OLD_P}" epatch ${FILESDIR}/${PN}-2.1.30-rpath.patch
+	einfo "Running autoconf on ${OLD_P}"
+	autoconf || die "autoconf failed"
+
+	cd ${S}
+	einfo "Running libtoolize on ${P}"
+	libtoolize --copy --force
+	einfo "Running aclocal on ${P}"
+	aclocal || die "aclocal failed"
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-rpath.patch
+	einfo "Running autoconf on ${P}"
+	autoconf || die "autoconf failed"
+}
+
+src_compile() {
+	local myconf
+
+	# HDB is only available with BerkDB
+	myconf_berkdb='--enable-bdb --with-ldbm-api=berkeley --enable-hdb=mod'
+	myconf_gdbm='--disable-bdb --with-ldbm-api=gdbm --disable-hdb'
+
+	use debug && myconf="${myconf} --enable-debug" # there is no disable-debug
+
+	# enable slapd/slurpd servers if not doing a minimal build
+	if ! use minimal; then
+		myconf="${myconf} --enable-slapd --enable-slurpd"
+		# base backend stuff
+		myconf="${myconf} --enable-ldbm"
+		if use berkdb; then
+			einfo "Using Berkeley DB for local backend"
+			myconf="${myconf} ${myconf_berkdb}"
+		elif use gdbm; then
+			einfo "Using GDBM for local backend"
+			myconf="${myconf} ${myconf_gdbm}"
+		else
+			ewarn "Neither gdbm or berkdb USE flags present, falling back to"
+			ewarn "Berkeley DB for local backend"
+			myconf="${myconf} ${myconf_berkdb}"
+		fi
+		# extra backend stuff
+		myconf="${myconf} --enable-passwd=mod --enable-phonetic=mod"
+		myconf="${myconf} --enable-dnssrv=mod --enable-ldap"
+		myconf="${myconf} --enable-meta=mod --enable-monitor=mod"
+		myconf="${myconf} --enable-null=mod --enable-shell=mod"
+		myconf="${myconf} `use_enable perl perl mod`"
+		myconf="${myconf} `use_enable odbc sql mod`"
+		# slapd options
+		myconf="${myconf} `use_enable crypt` `use_enable slp`"
+		myconf="${myconf} --enable-rewrite --enable-rlookups"
+		myconf="${myconf} --enable-aci --enable-modules"
+		myconf="${myconf} --enable-cleartext --enable-slapi"
+		myconf="${myconf} `use_with samba lmpasswd`"
+		# disabled options:
+		# --with-bdb-module=dynamic
+		# alas, for BSD only:
+		# --with-fetch
+		# slapd overlay options
+		myconf="${myconf} --enable-dyngroup --enable-proxycache"
+	else
+		myconf="${myconf} --disable-slapd --disable-slurpd"
+		myconf="${myconf} --disable-bdb --disable-monitor"
+		myconf="${myconf} --disable-slurpd"
+	fi
+	# basic functionality stuff
+	myconf="${myconf} --enable-syslog --enable-dynamic"
+	myconf="${myconf} --enable-local --enable-proctitle"
+
+	myconf="${myconf} `use_enable ipv6` `use_enable readline`"
+	myconf="${myconf} `use_with sasl cyrus-sasl` `use_enable sasl spasswd`"
+	myconf="${myconf} `use_enable tcpd wrappers` `use_with ssl tls`"
+
+	if [ $(get_libdir) != "lib" ] ; then
+		append-ldflags -L/usr/$(get_libdir)
+	fi
+
+	econf \
+		--enable-static \
+		--enable-shared \
+		--libexecdir=/usr/$(get_libdir)/openldap \
+		${myconf} || die "configure failed"
+
+	make depend || die "make depend failed"
+	make || die "make failed"
+
+	# special kerberos stuff
+	tc-export CC
+	if ! use minimal && use kerberos ; then
+		cd ${S}/contrib/slapd-modules/passwd/ && \
+		${CC} -shared -I../../../include ${CFLAGS} -fPIC \
+		-DHAVE_KRB5 -o pw-kerberos.so kerberos.c || \
+		die "failed to compile kerberos module"
+	fi
+
+	# now build old compat lib
+	cd ${OLD_S} && \
+	econf \
+		--disable-static --enable-shared \
+		--libexecdir=/usr/$(get_libdir)/openldap \
+		--disable-slapd --disable-aci --disable-cleartext --disable-crypt \
+		--disable-lmpasswd --disable-spasswd --enable-modules \
+		--disable-phonetic --disable-rewrite --disable-rlookups --disable-slp \
+		--disable-wrappers --disable-bdb --disable-dnssrv --disable-ldap \
+		--disable-ldbm --disable-meta --disable-monitor --disable-null \
+		--disable-passwd --disable-perl --disable-shell --disable-sql \
+		--disable-slurpd || die "configure-2.1 failed"
+	make depend || die "make-2.1 depend failed"
+	cd ${OLD_S}/libraries/liblber && make liblber.la || die "make-2.1 liblber.la failed"
+	cd ${OLD_S}/libraries/libldap && make libldap.la || die "make-2.1 libldap.la failed"
+	cd ${OLD_S}/libraries/libldap_r && make libldap_r.la || die "make-2.1 libldap_r.la failed"
+}
+
+src_test() {
+	einfo "Doing tests"
+	cd tests ; make tests || die "make tests failed"
+}
+
+src_install() {
+	make DESTDIR=${D} install || die "make install failed"
+
+	dodoc ANNOUNCEMENT CHANGES COPYRIGHT README LICENSE
+	docinto rfc ; dodoc doc/rfc/*.txt
+
+	# openldap modules go here
+	# TODO: write some code to populate slapd.conf with moduleload statements
+	keepdir /usr/$(get_libdir)/openldap/openldap/
+
+	# make state directories
+	for x in data slurp ldbm; do
+		keepdir /var/lib/openldap-${x}
+		fowners ldap:ldap /var/lib/openldap-${x}
+		fperms 0700 /var/lib/openldap-${x}
+	done
+
+	echo "OLDPF='${PF}'" >${D}${OPENLDAP_VERSIONTAG}
+	echo "# do NOT delete this. it is used" >>${D}${OPENLDAP_VERSIONTAG}
+	echo "# to track versions for upgrading." >>${D}${OPENLDAP_VERSIONTAG}
+
+	# manually remove /var/tmp references in .la
+	# because it is packaged with an ancient libtool
+	for x in ${D}/usr/$(get_libdir)/lib*.la; do
+		sed -i -e "s:-L${S}[/]*libraries::" ${x}
+	done
+
+	# change slapd.pid location in configuration file
+	keepdir /var/run/openldap
+	fowners ldap:ldap /var/run/openldap
+	fperms 0755 /var/run/openldap
+
+	if ! use minimal; then
+		# config modifications
+		for f in /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default; do
+			sed -e "s:/var/lib/run/slapd.:/var/run/openldap/slapd.:" -i ${D}/${f}
+			sed -e "/database\tbdb$/acheckpoint	32	30 # <kbyte> <min>" -i ${D}/${f}
+			fowners root:ldap ${f}
+			fperms 0640 ${f}
+		done
+		# install our own init scripts
+		exeinto /etc/init.d
+		newexe ${FILESDIR}/2.0/slapd slapd
+		newexe ${FILESDIR}/2.0/slurpd slurpd
+		if [ $(get_libdir) != lib ]; then
+			sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i ${D}/etc/init.d/{slapd,slurpd}
+		fi
+		insinto /etc/conf.d
+		newins ${FILESDIR}/2.0/slapd.conf slapd
+		if use kerberos && [ -f ${S}/contrib/slapd-modules/passwd/pw-kerberos.so ]; then
+			insinto /usr/$(get_libdir)/openldap/openldap
+			doins ${S}/contrib/slapd-modules/passwd/pw-kerberos.so || \
+			die "failed to install kerberos passwd module"
+		fi
+	fi
+
+	# install MDK's ssl cert script
+	if use ssl || use samba; then
+		dodir /etc/openldap/ssl
+		exeinto /etc/openldap/ssl
+		#newexe ${FILESDIR}/gencert.sh-2.2.27 gencert.sh
+		doexe ${FILESDIR}/gencert.sh
+	fi
+
+	dolib.so ${OLD_S}/libraries/liblber/.libs/liblber.so.2.0.130 || \
+	die "failed to install old liblber"
+	dolib.so ${OLD_S}/libraries/libldap/.libs/libldap.so.2.0.130 || \
+	die "failed to install old libldap"
+	dolib.so ${OLD_S}/libraries/libldap_r/.libs/libldap_r.so.2.0.130 || \
+	die "failed to install old libldap_r"
+}
+
+pkg_postinst() {
+	if use ssl; then
+		# make a self-signed ssl cert (if there isn't one there already)
+		if [ ! -e /etc/openldap/ssl/ldap.pem ]
+		then
+			cd /etc/openldap/ssl
+			yes "" | sh gencert.sh
+			chmod 640 ldap.pem
+			chown root:ldap ldap.pem
+		else
+			einfo "An LDAP cert already appears to exist, no creating"
+		fi
+	fi
+
+	# Since moving to running openldap as user ldap there are some
+	# permissions problems with directories and files.
+	# Let's make sure these permissions are correct.
+	chown ldap:ldap /var/run/openldap
+	chmod 0755 /var/run/openldap
+	chown root:ldap /etc/openldap/slapd.conf{,.default}
+	chmod 0640 /etc/openldap/slapd.conf{,.default}
+	chown ldap:ldap /var/lib/openldap-{data,ldbm,slurp}
+
+	if use ssl; then
+		ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+		ewarn "add 'TLS_REQCERT never' if you want to use them."
+	fi
+	openldap_upgrade_warning
+}
diff --git a/net-nds/openldap/openldap-2.2.28-r6.ebuild b/net-nds/openldap/openldap-2.2.28-r6.ebuild
new file mode 100644
index 000000000000..39f005e1b284
--- /dev/null
+++ b/net-nds/openldap/openldap-2.2.28-r6.ebuild
@@ -0,0 +1,429 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.2.28-r6.ebuild,v 1.1 2006/11/21 10:06:39 robbat2 Exp $
+
+inherit flag-o-matic toolchain-funcs eutils multilib libtool
+
+OLD_PV="2.1.30"
+OLD_P="${PN}-${OLD_PV}"
+OLD_S="${WORKDIR}/${OLD_P}"
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+SRC_URI="mirror://openldap/openldap-release/${P}.tgz
+	mirror://openldap/openldap-release/${OLD_P}.tgz"
+
+LICENSE="OPENLDAP"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="berkdb crypt debug gdbm ipv6 kerberos minimal odbc perl readline samba sasl slp ssl tcpd selinux"
+
+RDEPEND=">=sys-libs/ncurses-5.1
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	ssl? ( >=dev-libs/openssl-0.9.6 )
+	readline? ( >=sys-libs/readline-4.1 )
+	sasl? ( >=dev-libs/cyrus-sasl-2.1.7-r3 )
+	odbc? ( dev-db/unixODBC )
+	slp? ( >=net-libs/openslp-1.0 )
+	perl? ( >=dev-lang/perl-5.6 )
+	samba? ( >=dev-libs/openssl-0.9.6 )
+	kerberos? ( virtual/krb5 )"
+
+# note that the 'samba' USE flag pulling in OpenSSL is NOT an error.  OpenLDAP
+# uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like
+# mine at work)!
+# Robin H. Johnson <robbat2@gentoo.org> March 8, 2004
+
+# if USE=berkdb
+#	pull in sys-libs/db
+# else if USE=gdbm
+#	pull in sys-libs/gdbm
+# else
+#	pull in sys-libs/db
+RDEPEND_BERKDB=">=sys-libs/db-4.2.52_p2-r1"
+RDEPEND_GDBM=">=sys-libs/gdbm-1.8.0"
+RDEPEND="${RDEPEND}
+	berkdb? ( ${RDEPEND_BERKDB} )
+	!berkdb? (
+		gdbm? ( ${RDEPEND_GDBM} )
+		!gdbm? ( ${RDEPEND_BERKDB} )
+	)
+	selinux? ( sec-policy/selinux-openldap )"
+
+DEPEND="${RDEPEND}
+		>=sys-devel/libtool-1.5.18-r1
+		>=sys-apps/sed-4"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG="/var/lib/openldap-data/.version-tag"
+
+#DEPEND="${DEPEND} !<net-nds/openldap-2.2"
+
+openldap_upgrade_warning() {
+	ewarn "If you are upgrading from OpenLDAP-2.1, and run slapd on this"
+	ewarn "machine please see the ebuild for upgrade instructions, otherwise"
+	ewarn "you may corrupt your database!"
+	echo
+	ewarn "Part of the configuration file syntax has changed:"
+	ewarn "'access to attribute=' is now 'access to attrs='"
+	echo
+	ewarn "You must also run revdep-rebuild after upgrading from 2.1 to 2.2:"
+	ewarn "# revdep-rebuild --library liblber.so.2"
+	ewarn "# revdep-rebuild --library libldap.so.2"
+	ewarn "# revdep-rebuild --library libldap_r.so.2"
+}
+
+pkg_setup() {
+	# grab lines
+	openldap_datadirs=""
+	if [ -f ${ROOT}/etc/openldap/slapd.conf ]; then
+		openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
+	fi
+	datafiles=""
+	for d in $openldap_datadirs; do
+		datafiles="${datafiles} $(ls $d/*db* 2>/dev/null)"
+	done
+	# remove extra spaces
+	datafiles="$(echo ${datafiles// })"
+	# TODO: read OPENLDAP_VERSIONTAG instead in future
+	if has_version '<net-nds/openldap-2.2' && [ -n "$datafiles" ]; then
+		eerror "A possible old installation of OpenLDAP was detected"
+		eerror "As major version upgrades to 2.2 can corrupt your database"
+		eerror "You need to dump your database and re-create it afterwards."
+		eerror ""
+		d="$(date -u +%s)"
+		l="/root/ldapdump.${d}"
+		i="${l}.raw"
+		eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+		eerror " 2. slapcat -l ${i}"
+		eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
+		eerror " 4. emerge unmerge '<=net-nds/openldap-2.1*'"
+		eerror " 5. mv /var/lib/openldap-data/ /var/lib/openldap-data,2.1/"
+		eerror " 6. emerge '>=net-nds/openldap-2.2'"
+		eerror " 7. etc-update, and ensure that you apply the changes"
+		eerror " 8. slapadd -l ${l}"
+		eerror " 9. chown ldap:ldap /var/lib/openldap-data/*"
+		eerror "10. /etc/init.d/slapd start"
+		eerror "11. check that your data is intact."
+		eerror "12. set up the new replication system."
+		eerror ""
+		eerror "This install will not proceed until your old data directory"
+		eerror "is at least moved out of the way."
+		#exit 1
+		die "Warning direct upgrade unsafe!"
+	fi
+	openldap_upgrade_warning
+	if has_version "<=dev-lang/perl-5.8.8_rc1" && built_with_use dev-lang/perl minimal ; then
+		die "You must have a complete (USE='-minimal') Perl install to use the perl backend!"
+	fi
+}
+
+pkg_preinst() {
+	openldap_upgrade_warning
+	enewgroup ldap 439
+	enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+}
+
+src_unpack() {
+	unpack ${A}
+
+	# According to MDK, the link order needs to be changed so that
+	# on systems w/ MD5 passwords the system crypt library is used
+	# (the net result is that "passwd" can be used to change ldap passwords w/
+	#  proper pam support)
+	sed -i -e 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \
+		${S}/servers/slapd/Makefile.in
+
+	# Fix up DB-4.0 linking problem
+	# remember to autoconf! this expands configure by 500 lines (4 lines to m4
+	# stuff).
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.14-db40.patch
+
+	# supersedes old fix for bug #31202
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.14-perlthreadsfix.patch
+
+	# Security bug #96767
+	# http://bugzilla.padl.com/show_bug.cgi?id=210
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.26-tls-fix-connection-test.patch
+
+	# ensure correct SLAPI path by default
+	sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
+		${S}/include/ldap_defaults.h
+
+	# fix up some automake stuff
+	#sed -i -e 's,^AC_CONFIG_HEADER,AM_CONFIG_HEADER,' ${S}/configure.in
+
+	# ximian connector 1.4.7 ntlm patch
+	#EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.28-ximian_connector.patch
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.6-ntlm.patch
+
+	# fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't
+	# do it perfectly.
+	cd ${S}/build
+	ln -s shtool install
+	ln -s shtool install.sh
+
+	export WANT_AUTOMAKE="1.9"
+	export WANT_AUTOCONF="2.5"
+
+	# make files ready for new autoconf
+	EPATCH_OPTS="-p0 -d ${OLD_S}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf25.patch
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf25.patch
+
+	# fix AC calls bug #114544
+	EPATCH_OPTS="-p0 -d ${OLD_S}/build" epatch ${FILESDIR}/${PN}-2.1.30-m4_underquoted.patch
+	EPATCH_OPTS="-p0 -d ${S}/build" epatch ${FILESDIR}/${PN}-2.1.30-m4_underquoted.patch
+
+	# make tests rpath ready
+	EPATCH_OPTS="-p0 -d ${S}/tests" epatch ${FILESDIR}/${PN}-2.2.28-tests.patch
+
+	# make autoconf-archive compatible
+	EPATCH_OPTS="-p0 -d ${OLD_S}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf-archived-fix.patch
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.28-autoconf-archived-fix.patch
+
+	# make autoconf-archive compatible
+	EPATCH_OPTS="-p1 -d ${OLD_S}" epatch ${FILESDIR}/${PN}-2.1.30-glibc24.patch
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-glibc24.patch
+
+	# add cleartext passwords backport bug #112554
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.28-cleartext-passwords.patch
+
+	# CVE-2006-5779, bug #154349
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.3.27-CVE-2006-5779.patch
+
+	# reconf compat and current for RPATH solve
+	cd ${WORKDIR}/${OLD_P}
+	einfo "Running libtoolize on ${OLD_P}"
+	libtoolize --copy --force --automake
+	einfo "Running aclocal on ${OLD_P}"
+	aclocal || die "aclocal failed"
+	EPATCH_OPTS="-p0 -d ${WORKDIR}/${OLD_P}" epatch ${FILESDIR}/${PN}-2.1.30-rpath.patch
+	einfo "Running autoconf on ${OLD_P}"
+	autoconf || die "autoconf failed"
+
+	cd ${S}
+	einfo "Running libtoolize on ${P}"
+	libtoolize --copy --force --automake
+	einfo "Running aclocal on ${P}"
+	aclocal || die "aclocal failed"
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.1.30-rpath.patch
+	einfo "Running autoconf on ${P}"
+	autoconf || die "autoconf failed"
+
+	elibtoolize
+}
+
+src_compile() {
+	local myconf
+
+	# HDB is only available with BerkDB
+	myconf_berkdb='--enable-bdb --with-ldbm-api=berkeley --enable-hdb=mod'
+	myconf_gdbm='--disable-bdb --with-ldbm-api=gdbm --disable-hdb'
+
+	use debug && myconf="${myconf} --enable-debug" # there is no disable-debug
+
+	# enable slapd/slurpd servers if not doing a minimal build
+	if ! use minimal; then
+		myconf="${myconf} --enable-slapd --enable-slurpd"
+		# base backend stuff
+		myconf="${myconf} --enable-ldbm"
+		if use berkdb; then
+			einfo "Using Berkeley DB for local backend"
+			myconf="${myconf} ${myconf_berkdb}"
+		elif use gdbm; then
+			einfo "Using GDBM for local backend"
+			myconf="${myconf} ${myconf_gdbm}"
+		else
+			ewarn "Neither gdbm or berkdb USE flags present, falling back to"
+			ewarn "Berkeley DB for local backend"
+			myconf="${myconf} ${myconf_berkdb}"
+		fi
+		# extra backend stuff
+		myconf="${myconf} --enable-passwd=mod --enable-phonetic=mod"
+		myconf="${myconf} --enable-dnssrv=mod --enable-ldap"
+		myconf="${myconf} --enable-meta=mod --enable-monitor=mod"
+		myconf="${myconf} --enable-null=mod --enable-shell=mod"
+		myconf="${myconf} `use_enable perl perl mod`"
+		myconf="${myconf} `use_enable odbc sql mod`"
+		# slapd options
+		myconf="${myconf} `use_enable crypt` `use_enable slp`"
+		myconf="${myconf} --enable-rewrite --enable-rlookups"
+		myconf="${myconf} --enable-aci --enable-modules"
+		myconf="${myconf} --enable-cleartext --enable-slapi"
+		myconf="${myconf} `use_with samba lmpasswd`"
+		# disabled options:
+		# --with-bdb-module=dynamic
+		# alas, for BSD only:
+		# --with-fetch
+		# slapd overlay options
+		myconf="${myconf} --enable-dyngroup --enable-proxycache"
+	else
+		myconf="${myconf} --disable-slapd --disable-slurpd"
+		myconf="${myconf} --disable-bdb --disable-monitor"
+		myconf="${myconf} --disable-slurpd"
+	fi
+	# basic functionality stuff
+	myconf="${myconf} --enable-syslog --enable-dynamic"
+	myconf="${myconf} --enable-local --enable-proctitle"
+
+	myconf="${myconf} `use_enable ipv6` `use_enable readline`"
+	myconf="${myconf} `use_with sasl cyrus-sasl` `use_enable sasl spasswd`"
+	myconf="${myconf} `use_enable tcpd wrappers` `use_with ssl tls`"
+
+	if [ $(get_libdir) != "lib" ] ; then
+		append-ldflags -L/usr/$(get_libdir)
+	fi
+
+	econf \
+		--enable-static \
+		--enable-shared \
+		--libexecdir=/usr/$(get_libdir)/openldap \
+		${myconf} || die "configure failed"
+
+	make depend || die "make depend failed"
+	make || die "make failed"
+
+	# special kerberos stuff
+	tc-export CC
+	if ! use minimal && use kerberos ; then
+		cd ${S}/contrib/slapd-modules/passwd/ && \
+		${CC} -shared -I../../../include ${CFLAGS} -fPIC \
+		-DHAVE_KRB5 -o pw-kerberos.so kerberos.c || \
+		die "failed to compile kerberos module"
+	fi
+
+	# now build old compat lib
+	cd ${OLD_S} && \
+	econf \
+		--disable-static --enable-shared \
+		--libexecdir=/usr/$(get_libdir)/openldap \
+		--disable-slapd --disable-aci --disable-cleartext --disable-crypt \
+		--disable-lmpasswd --disable-spasswd --enable-modules \
+		--disable-phonetic --disable-rewrite --disable-rlookups --disable-slp \
+		--disable-wrappers --disable-bdb --disable-dnssrv --disable-ldap \
+		--disable-ldbm --disable-meta --disable-monitor --disable-null \
+		--disable-passwd --disable-perl --disable-shell --disable-sql \
+		--disable-slurpd || die "configure-2.1 failed"
+	make depend || die "make-2.1 depend failed"
+	cd ${OLD_S}/libraries/liblber && make liblber.la || die "make-2.1 liblber.la failed"
+	cd ${OLD_S}/libraries/libldap && make libldap.la || die "make-2.1 libldap.la failed"
+	cd ${OLD_S}/libraries/libldap_r && make libldap_r.la || die "make-2.1 libldap_r.la failed"
+}
+
+src_test() {
+	einfo "Doing tests"
+	cd tests ; make tests || die "make tests failed"
+}
+
+src_install() {
+	make DESTDIR=${D} install || die "make install failed"
+
+	dodoc ANNOUNCEMENT CHANGES COPYRIGHT README LICENSE ${FILESDIR}/DB_CONFIG.fast.example
+	docinto rfc ; dodoc doc/rfc/*.txt
+
+	# openldap modules go here
+	# TODO: write some code to populate slapd.conf with moduleload statements
+	keepdir /usr/$(get_libdir)/openldap/openldap/
+
+	# make state directories
+	for x in data slurp ldbm; do
+		keepdir /var/lib/openldap-${x}
+		fowners ldap:ldap /var/lib/openldap-${x}
+		fperms 0700 /var/lib/openldap-${x}
+	done
+
+	echo "OLDPF='${PF}'" >${D}${OPENLDAP_VERSIONTAG}
+	echo "# do NOT delete this. it is used" >>${D}${OPENLDAP_VERSIONTAG}
+	echo "# to track versions for upgrading." >>${D}${OPENLDAP_VERSIONTAG}
+
+	# manually remove /var/tmp references in .la
+	# because it is packaged with an ancient libtool
+	for x in ${D}/usr/$(get_libdir)/lib*.la; do
+		sed -i -e "s:-L${S}[/]*libraries::" ${x}
+	done
+
+	# change slapd.pid location in configuration file
+	keepdir /var/run/openldap
+	fowners ldap:ldap /var/run/openldap
+	fperms 0755 /var/run/openldap
+
+	if ! use minimal; then
+		# config modifications
+		for f in /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default; do
+			sed -e "s:/var/lib/run/slapd.:/var/run/openldap/slapd.:" -i ${D}/${f}
+			sed -e "/database\tbdb$/acheckpoint	32	30 # <kbyte> <min>" -i ${D}/${f}
+			fowners root:ldap ${f}
+			fperms 0640 ${f}
+		done
+		# install our own init scripts
+		exeinto /etc/init.d
+		newexe ${FILESDIR}/2.0/slapd slapd
+		newexe ${FILESDIR}/2.0/slurpd slurpd
+		if [ $(get_libdir) != lib ]; then
+			sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i ${D}/etc/init.d/{slapd,slurpd}
+		fi
+		insinto /etc/conf.d
+		newins ${FILESDIR}/2.0/slapd.conf slapd
+		if use kerberos && [ -f ${S}/contrib/slapd-modules/passwd/pw-kerberos.so ]; then
+			insinto /usr/$(get_libdir)/openldap/openldap
+			doins ${S}/contrib/slapd-modules/passwd/pw-kerberos.so || \
+			die "failed to install kerberos passwd module"
+		fi
+	fi
+
+	# install MDK's ssl cert script
+	if use ssl || use samba; then
+		dodir /etc/openldap/ssl
+		exeinto /etc/openldap/ssl
+		#newexe ${FILESDIR}/gencert.sh-2.2.27 gencert.sh
+		doexe ${FILESDIR}/gencert.sh
+	fi
+
+	dolib.so ${OLD_S}/libraries/liblber/.libs/liblber.so.2.0.130 || \
+	die "failed to install old liblber"
+	dolib.so ${OLD_S}/libraries/libldap/.libs/libldap.so.2.0.130 || \
+	die "failed to install old libldap"
+	dolib.so ${OLD_S}/libraries/libldap_r/.libs/libldap_r.so.2.0.130 || \
+	die "failed to install old libldap_r"
+}
+
+pkg_postinst() {
+	if use ssl; then
+		# make a self-signed ssl cert (if there isn't one there already)
+		if [ ! -e /etc/openldap/ssl/ldap.pem ]
+		then
+			cd /etc/openldap/ssl
+			yes "" | sh gencert.sh
+			chmod 640 ldap.pem
+			chown root:ldap ldap.pem
+		else
+			einfo "An LDAP cert already appears to exist, no creating"
+		fi
+	fi
+
+	# Since moving to running openldap as user ldap there are some
+	# permissions problems with directories and files.
+	# Let's make sure these permissions are correct.
+	chown ldap:ldap /var/run/openldap
+	chmod 0755 /var/run/openldap
+	chown root:ldap /etc/openldap/slapd.conf{,.default}
+	chmod 0640 /etc/openldap/slapd.conf{,.default}
+	chown ldap:ldap /var/lib/openldap-{data,ldbm,slurp}
+
+	if use ssl; then
+		ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+		ewarn "add 'TLS_REQCERT never' if you want to use them."
+	fi
+	openldap_upgrade_warning
+
+	# Reference inclusion bug #77330
+	echo
+	einfo "Getting started using OpenLDAP? There is some documentation available:"
+	einfo "Gentoo Guide to OpenLDAP Authentication"
+	einfo "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
+
+	# note to bug #110412
+	echo
+	einfo "An example file for tuning BDB backends with openldap is:"
+	einfo "/usr/share/doc/${P}/DB_CONFIG.fast.example.gz"
+}
diff --git a/net-nds/openldap/openldap-2.3.27-r3.ebuild b/net-nds/openldap/openldap-2.3.27-r3.ebuild
new file mode 100644
index 000000000000..8bfd4a5f715e
--- /dev/null
+++ b/net-nds/openldap/openldap-2.3.27-r3.ebuild
@@ -0,0 +1,557 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.3.27-r3.ebuild,v 1.1 2006/11/21 10:06:39 robbat2 Exp $
+
+inherit autotools eutils flag-o-matic multilib toolchain-funcs versionator
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
+
+LICENSE="OPENLDAP"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~s390 ~sh ~x86-fbsd ~mips"
+IUSE="berkdb crypt debug gdbm ipv6 kerberos minimal odbc overlays perl readline
+samba sasl slp smbkrb5passwd ssl tcpd selinux"
+
+# note that the 'samba' USE flag pulling in OpenSSL is NOT an error.  OpenLDAP
+# uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like
+# mine at work)!
+# Robin H. Johnson <robbat2@gentoo.org> March 8, 2004
+
+RDEPEND_BERKDB=">=sys-libs/db-4.2.52_p2-r1"
+RDEPEND="sys-libs/ncurses
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? ( dev-libs/openssl )
+	readline? ( sys-libs/readline )
+	sasl? ( dev-libs/cyrus-sasl )
+	!minimal? (
+		odbc? ( dev-db/unixODBC )
+		slp? ( net-libs/openslp )
+		perl? ( dev-lang/perl )
+		samba? ( dev-libs/openssl )
+		kerberos? ( virtual/krb5 )
+		berkdb? ( ${RDEPEND_BERKDB} )
+		!berkdb? (
+			gdbm? ( sys-libs/gdbm )
+			!gdbm? ( ${RDEPEND_BERKDB} )
+		)
+		smbkrb5passwd? (
+			dev-libs/openssl
+			app-crypt/heimdal
+		)
+	)
+	selinux? ( sec-policy/selinux-openldap )"
+
+DEPEND="${RDEPEND}
+		>=sys-devel/libtool-1.5.18-r1
+		>=sys-apps/sed-4"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+openldap_upgrade_howto() {
+	eerror
+	eerror "A (possible old) installation of OpenLDAP was detected,"
+	eerror "installation will not proceed for now."
+	eerror
+	eerror "As major version upgrades can corrupt your database,"
+	eerror "you need to dump your database and re-create it afterwards."
+	eerror ""
+	d="$(date -u +%s)"
+	l="/root/ldapdump.${d}"
+	i="${l}.raw"
+	eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+	eerror " 2. slapcat -l ${i}"
+	eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
+	eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+	eerror " 5. emerge --update \=net-nds/${PF}"
+	eerror " 6. etc-update, and ensure that you apply the changes"
+	eerror " 7. slapadd -l ${l}"
+	eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+	eerror " 9. /etc/init.d/slapd start"
+	eerror "10. check that your data is intact."
+	eerror "11. set up the new replication system."
+	eerror
+	die "You need to upgrade your database first"
+}
+
+openldap_find_versiontags() {
+	# scan for all datadirs 
+	openldap_datadirs=""
+	if [ -f ${ROOT}/etc/openldap/slapd.conf ]; then
+		openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
+	fi
+	openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+	einfo
+	einfo "Scanning datadir(s) from slapd.conf and"
+	einfo "the default installdir for Versiontags"
+	einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+	einfo
+
+	# scan datadirs if we have a version tag
+	openldap_found_tag=0
+	for each in ${openldap_datadirs}; do
+		CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+		CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+		if [ -d ${CURRENT_TAGDIR} ] &&  [ ${openldap_found_tag} == 0 ] ; then
+			einfo "- Checking ${each}..."
+			if [ -r ${CURRENT_TAG} ] ; then
+				# yey, we have one :)
+				einfo "   Found Versiontag in ${each}"
+				source ${CURRENT_TAG}
+				if [ "${OLDPF}" == "" ] ; then
+					eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+					eerror "Please delete it"
+					eerror
+					die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+				fi
+
+				OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+				# are we on the same branch?
+				if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+					ewarn "   Versiontag doesn't match current major release!"
+					if [[ `ls -a ${CURRENT_TAGDIR} | wc -l` -gt 5 ]] ; then
+						eerror "   Versiontag says other major and you (probably) have datafiles!"
+						echo
+						openldap_upgrade_howto
+					else
+						einfo "   No real problem, seems there's no database."
+					fi
+				else
+					einfo "   Versiontag is fine here :)"
+				fi
+			else
+				einfo "   Non-tagged dir ${each}"
+				if [[ `ls -a ${each} | wc -l` > 5 ]] ; then
+					einfo "   EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+					echo
+
+					eerror
+					eerror "Your OpenLDAP Installation has a non tagged datadir that"
+					eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+					eerror
+					eerror "Please export data if any entered and empty or remove"
+					eerror "the directory, installation has been stopped so you"
+					eerror "can take required action"
+					eerror
+					eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+					eerror
+					die "Please move the datadir ${CURRENT_TAGDIR} away"
+				fi
+			fi
+			einfo
+		fi
+	done
+
+	echo
+	einfo
+	einfo "All datadirs are fine, proceeding with merge now..."
+	einfo
+
+}
+
+pkg_setup() {
+	if has_version "<=dev-lang/perl-5.8.8_rc1" && built_with_use dev-lang/perl minimal ; then
+		die "You must have a complete (USE='-minimal') Perl install to use the perl backend!"
+	fi
+
+	if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+	    einfo
+	    einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+	    einfo
+	else
+	    openldap_find_versiontags
+	fi
+
+}
+
+pkg_preinst() {
+	enewgroup ldap 439
+	enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+}
+
+src_unpack() {
+	unpack ${A}
+
+	# According to MDK, the link order needs to be changed so that
+	# on systems w/ MD5 passwords the system crypt library is used
+	# (the net result is that "passwd" can be used to change ldap passwords w/
+	#  proper pam support)
+	sed -i -e 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \
+		${S}/servers/slapd/Makefile.in
+
+	# supersedes old fix for bug #31202
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.14-perlthreadsfix.patch
+
+	# ensure correct SLAPI path by default
+	sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
+		${S}/include/ldap_defaults.h
+
+	EPATCH_OPTS="-p0 -d ${S}"
+
+	# ximian connector 1.4.7 ntlm patch
+	epatch ${FILESDIR}/${PN}-2.2.6-ntlm.patch
+
+	# bug #132263
+	if use overlays ; then
+		epatch ${FILESDIR}/${PN}-2.3.21-ppolicy.patch
+	fi
+
+	# CVE-2006-5779, bug #154349
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.3.27-CVE-2006-5779.patch
+
+	# fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't
+	# do it perfectly.
+	cd ${S}/build
+	ln -s shtool install
+	ln -s shtool install.sh
+	einfo "Making sure upstream build strip does not do stripping too early"
+	sed -i.orig \
+		-e '/^STRIP/s,-s,,g' \
+		top.mk || die "Failed to block stripping"
+
+	# bug #116045
+	# patch contrib modules
+	if ! use minimal ; then
+	    cd ${S}/contrib
+	    epatch ${FILESDIR}/${PN}-2.3.24-contrib-smbk5pwd.patch
+	fi
+}
+
+src_compile() {
+	local myconf
+
+	# HDB is only available with BerkDB
+	myconf_berkdb='--enable-bdb --enable-ldbm-api=berkeley --enable-hdb=mod'
+	myconf_gdbm='--disable-bdb --enable-ldbm-api=gdbm --disable-hdb'
+
+	use debug && myconf="${myconf} --enable-debug" # there is no disable-debug
+
+	# enable slapd/slurpd servers if not doing a minimal build
+	if ! use minimal ; then
+		myconf="${myconf} --enable-slapd --enable-slurpd"
+		# base backend stuff
+		myconf="${myconf} --enable-ldbm"
+		if use berkdb ; then
+			einfo "Using Berkeley DB for local backend"
+			myconf="${myconf} ${myconf_berkdb}"
+		elif use gdbm ; then
+			einfo "Using GDBM for local backend"
+			myconf="${myconf} ${myconf_gdbm}"
+		else
+			ewarn "Neither gdbm or berkdb USE flags present, falling back to"
+			ewarn "Berkeley DB for local backend"
+			myconf="${myconf} ${myconf_berkdb}"
+		fi
+		# extra backend stuff
+		myconf="${myconf} --enable-passwd=mod --enable-phonetic=mod"
+		myconf="${myconf} --enable-dnssrv=mod --enable-ldap"
+		myconf="${myconf} --enable-meta=mod --enable-monitor=mod"
+		myconf="${myconf} --enable-null=mod --enable-shell=mod"
+		myconf="${myconf} --enable-relay=mod"
+		myconf="${myconf} `use_enable perl perl mod`"
+		myconf="${myconf} `use_enable odbc sql mod`"
+		# slapd options
+		myconf="${myconf} `use_enable crypt` `use_enable slp`"
+		myconf="${myconf} --enable-rewrite --enable-rlookups"
+		myconf="${myconf} --enable-aci --enable-modules"
+		myconf="${myconf} --enable-cleartext --enable-slapi"
+		myconf="${myconf} `use_with samba lmpasswd`"
+		# slapd overlay options
+		myconf="${myconf} --enable-dyngroup --enable-proxycache"
+		myconf="${myconf} `use_enable overlays overlays mod`"
+	else
+		myconf="${myconf} --disable-slapd --disable-slurpd"
+		myconf="${myconf} --disable-bdb --disable-ldbm"
+		myconf="${myconf} --disable-hdb --disable-monitor"
+		myconf="${myconf} --disable-slurpd --disable-overlays"
+		myconf="${myconf} --disable-relay"
+	fi
+
+	# basic functionality stuff
+	myconf="${myconf} --enable-syslog --enable-dynamic"
+	myconf="${myconf} --enable-local --enable-proctitle"
+
+	myconf="${myconf} `use_enable ipv6` `use_enable readline`"
+	myconf="${myconf} `use_with sasl cyrus-sasl` `use_enable sasl spasswd`"
+	myconf="${myconf} `use_enable tcpd wrappers` `use_with ssl tls`"
+
+	if [ $(get_libdir) != "lib" ] ; then
+		append-ldflags -L/usr/$(get_libdir)
+	fi
+
+	STRIP=/bin/true \
+	econf \
+		--enable-static \
+		--enable-shared \
+		--libexecdir=/usr/$(get_libdir)/openldap \
+		${myconf} || die "configure failed"
+
+	make depend || die "make depend failed"
+	make || die "make failed"
+
+	# openldap/contrib
+	tc-export CC
+	if ! use minimal ; then
+		# dsaschema
+			einfo "Building contributed dsaschema"
+			cd ${S}/contrib/slapd-modules/dsaschema
+			${CC} -shared -I../../../include ${CFLAGS} -fPIC \
+			-Wall -o libdsaschema-plugin.so dsaschema.c || \
+			die "failed to compile dsaschema module"
+		# kerberos passwd
+		if use kerberos ; then
+			einfo "Building contributed pw-kerberos"
+			cd ${S}/contrib/slapd-modules/passwd/ && \
+			${CC} -shared -I../../../include ${CFLAGS} -fPIC \
+			-DHAVE_KRB5 -o pw-kerberos.so kerberos.c || \
+			die "failed to compile kerberos password module"
+		fi
+		# netscape mta-md5 password
+			einfo "Building contributed pw-netscape"
+			cd ${S}/contrib/slapd-modules/passwd/ && \
+			${CC} -shared -I../../../include ${CFLAGS} -fPIC \
+			-o pw-netscape.so netscape.c || \
+			die "failed to compile netscape password module"
+		# smbk5pwd overlay
+		# Note: this modules builds, but may not work with
+		#   Gentoo's MIT-Kerberos.  It was designed for Heimdal
+		#   Kerberos.
+		if use smbkrb5passwd ; then
+			einfo "Building contributed smbk5pwd"
+			local mydef
+			local mykrb5inc
+			mydef="-DDO_SAMBA -DDO_KRB5"
+			mykrb5inc="-I/usr/include/heimdal/"
+			cd ${S}/contrib/slapd-modules/smbk5pwd && \
+			libexecdir="/usr/$(get_libdir)/openldap" \
+			DEFS="${mydef}" KRB5_INC="${mykrb5inc}" emake || \
+			die "failed to compile smbk5pwd module"
+		fi
+		# addrdnvalues
+			einfo "Building contributed addrdnvalues"
+			cd ${S}/contrib/slapi-plugins/addrdnvalues/ && \
+			${CC} -shared -I../../../include ${CFLAGS} -fPIC \
+			-o libaddrdnvalues-plugin.so addrdnvalues.c || \
+			die "failed to compile addrdnvalues plugin"
+	fi
+}
+
+src_test() {
+	einfo
+	einfo "Doing tests"
+	einfo
+	cd tests ; make tests || die "make tests failed"
+}
+
+src_install() {
+	make DESTDIR="${D}" install || die "make install failed"
+
+	dodoc ANNOUNCEMENT CHANGES COPYRIGHT README LICENSE ${FILESDIR}/DB_CONFIG.fast.example
+	docinto rfc ; dodoc doc/rfc/*.txt
+
+	# openldap modules go here
+	# TODO: write some code to populate slapd.conf with moduleload statements
+	keepdir /usr/$(get_libdir)/openldap/openldap/
+
+	# make state directories
+	local dirlist="data"
+	if ! use minimal; then
+		dirlist="${dirlist} slurp ldbm"
+	fi
+	for x in ${dirlist}; do
+		keepdir /var/lib/openldap-${x}
+		fowners ldap:ldap /var/lib/openldap-${x}
+		fperms 0700 /var/lib/openldap-${x}
+	done
+
+	echo "OLDPF='${PF}'" >${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}
+	echo "# do NOT delete this. it is used" >>${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}
+	echo "# to track versions for upgrading." >>${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}
+
+	# manually remove /var/tmp references in .la
+	# because it is packaged with an ancient libtool
+	for x in ${D}/usr/$(get_libdir)/lib*.la; do
+		sed -i -e "s:-L${S}[/]*libraries::" ${x}
+	done
+
+	# change slapd.pid location in configuration file
+	keepdir /var/run/openldap
+	fowners ldap:ldap /var/run/openldap
+	fperms 0755 /var/run/openldap
+
+	if ! use minimal; then
+		# config modifications
+		for f in /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default; do
+			sed -e "s:/var/lib/run/slapd.:/var/run/openldap/slapd.:" -i ${D}/${f}
+			sed -e "/database\tbdb$/acheckpoint	32	30 # <kbyte> <min>" -i ${D}/${f}
+			fowners root:ldap ${f}
+			fperms 0640 ${f}
+		done
+		# install our own init scripts
+		exeinto /etc/init.d
+		newexe ${FILESDIR}/2.0/slapd slapd
+		newexe ${FILESDIR}/2.0/slurpd slurpd
+		if [ $(get_libdir) != lib ]; then
+			sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i ${D}/etc/init.d/{slapd,slurpd}
+		fi
+		insinto /etc/conf.d
+		newins ${FILESDIR}/2.0/slapd.conf slapd
+		# install contributed modules
+		docinto /
+		if [ -e ${S}/contrib/slapd-modules/dsaschema/libdsaschema-plugin.so ];
+		then
+			cd ${S}/contrib/slapd-modules/dsaschema/
+			newdoc README README.contrib.dsaschema
+			exeinto /usr/$(get_libdir)/openldap/openldap
+			doexe libdsaschema-plugin.so || \
+			die "failed to install dsaschema module"
+		fi
+		if [ -e ${S}/contrib/slapd-modules/passwd/pw-kerberos.so ]; then
+			cd ${S}/contrib/slapd-modules/passwd/
+			newdoc README README.contrib.passwd
+			exeinto /usr/$(get_libdir)/openldap/openldap
+			doexe pw-kerberos.so || \
+			die "failed to install kerberos passwd module"
+		fi
+		if [ -e ${S}/contrib/slapd-modules/passwd/pw-netscape.so ]; then
+			cd ${S}/contrib/slapd-modules/passwd/
+			newdoc README README.contrib.passwd
+			exeinto /usr/$(get_libdir)/openldap/openldap
+			doexe ${S}/contrib/slapd-modules/passwd/pw-netscape.so || \
+			die "failed to install Netscape MTA-MD5 passwd module"
+		fi
+		if [ -e ${S}/contrib/slapd-modules/smbk5pwd/.libs/smbk5pwd.so ]; then
+			cd ${S}/contrib/slapd-modules/smbk5pwd
+			newdoc README.contrib.smbk5pwd
+			libexecdir="/usr/$(get_libdir)/openldap" \
+			DESTDIR="${D}" make install-mod || \
+			die "failed to install smbk5pwd overlay module"
+		fi
+		if [ -e ${S}/contrib/slapd-tools/statslog ]; then
+			cd ${S}/contrib/slapd-tools
+			exeinto /usr/bin
+			newexe statslog ldapstatslog || \
+			die "failed to install ldapstatslog script"
+		fi
+		if [ -e ${S}/contrib/slapi-plugins/addrdnvalues/libaddrdnvalues-plugin.so ];
+		then
+			cd ${S}/contrib/slapi-plugins/addrdnvalues
+			newdoc README README.contrib.addrdnvalues
+			exeinto /usr/$(get_libdir)/openldap/openldap
+			doexe libaddrdnvalues-plugin.so || \
+			die "failed to install addrdnvalues plugin"
+		fi
+
+	fi
+
+	# install MDK's ssl cert script
+	if use ssl || use samba; then
+		dodir /etc/openldap/ssl
+		exeinto /etc/openldap/ssl
+		doexe ${FILESDIR}/gencert.sh
+	fi
+
+	# keep old libs if any
+	# from 2.1
+	for each in ${ROOT}usr/$(get_libdir)/liblber.so.2.0.1* ; do
+		preserve_old_lib ${each}
+	done
+	for each in ${ROOT}usr/$(get_libdir)/libldap.so.2.0.1* ; do
+		preserve_old_lib ${each}
+	done
+	for each in ${ROOT}usr/$(get_libdir)/libldap_r.so.2.0.1* ; do
+		preserve_old_lib ${each}
+	done
+	# from 2.2
+	for each in ${ROOT}usr/$(get_libdir)/liblber-2.2* ; do
+		preserve_old_lib ${each}
+	done
+	for each in ${ROOT}usr/$(get_libdir)/libldap-2.2* ; do
+		preserve_old_lib ${each}
+	done
+	for each in ${ROOT}usr/$(get_libdir)/libldap_r-2.2* ; do
+		preserve_old_lib ${each}
+	done
+}
+
+pkg_postinst() {
+	# keep old libs if any
+	# from 2.1
+	for each in ${ROOT}usr/$(get_libdir)/liblber.so.2.0.1* ; do
+		preserve_old_lib_notify ${each}
+	done
+	for each in ${ROOT}usr/$(get_libdir)/libldap.so.2.0.1* ; do
+		preserve_old_lib_notify ${each}
+	done
+	for each in ${ROOT}usr/$(get_libdir)/libldap_r.so.2.0.1* ; do
+		preserve_old_lib_notify ${each}
+	done
+	# from 2.2
+	for each in ${ROOT}usr/$(get_libdir)/liblber-2.2* ; do
+		preserve_old_lib_notify ${each}
+	done
+	for each in ${ROOT}usr/$(get_libdir)/libldap-2.2* ; do
+		preserve_old_lib_notify ${each}
+	done
+	for each in ${ROOT}usr/$(get_libdir)/libldap_r-2.2* ; do
+		preserve_old_lib_notify ${each}
+	done
+
+	if use ssl; then
+		# make a self-signed ssl cert (if there isn't one there already)
+		if [ ! -e /etc/openldap/ssl/ldap.pem ]
+		then
+			cd /etc/openldap/ssl
+			yes "" | sh gencert.sh
+			chmod 640 ldap.pem
+			chown root:ldap ldap.pem
+		else
+			einfo
+			einfo "An LDAP cert already appears to exist, no creating"
+			einfo
+		fi
+	fi
+
+	# Since moving to running openldap as user ldap there are some
+	# permissions problems with directories and files.
+	# Let's make sure these permissions are correct.
+	chown ldap:ldap /var/run/openldap
+	chmod 0755 /var/run/openldap
+	chown root:ldap /etc/openldap/slapd.conf{,.default}
+	chmod 0640 /etc/openldap/slapd.conf{,.default}
+	chown ldap:ldap /var/lib/openldap-{data,ldbm,slurp}
+
+	if use ssl; then
+		ewarn
+		ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+		ewarn "add 'TLS_REQCERT never' if you want to use them."
+		ewarn
+	fi
+
+	# Reference inclusion bug #77330
+	echo
+	einfo
+	einfo "Getting started using OpenLDAP? There is some documentation available:"
+	einfo "Gentoo Guide to OpenLDAP Authentication"
+	einfo "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
+	einfo
+
+	# note to bug #110412
+	echo
+	einfo
+	einfo "An example file for tuning BDB backends with openldap is:"
+	einfo "/usr/share/doc/${P}/DB_CONFIG.fast.example.gz"
+	einfo
+
+	if has_version "<net-nds/openldap-2.3" ; then
+		echo
+		einfo
+		einfo "*** Remember to run revdep-rebuild to update your packages ***"
+		einfo
+	fi
+}
author	Robin H. Johnson <robbat2@gentoo.org>	2006-11-21 10:06:39 +0000
committer	Robin H. Johnson <robbat2@gentoo.org>	2006-11-21 10:06:39 +0000
commit	eb504fcd777b993411cbc66e491618301d47ddf2 (patch)
tree	d5ae4ab1ccaaab6b518c6f1f91121c15178d0e3e /net-nds
parent	we dont need the watch patch again. (diff)
download	historical-eb504fcd777b993411cbc66e491618301d47ddf2.tar.gz historical-eb504fcd777b993411cbc66e491618301d47ddf2.tar.bz2 historical-eb504fcd777b993411cbc66e491618301d47ddf2.zip