- Add systemd style service definition

- FATE#315028 remove memory limit for slapd
- FATE#315415: LDAP compat packages required for older SLES versions
  For this reson following patches were applied:
   openldap-2.3.37-libldap-suid.diff
   openldap-2.3.37-libldap-ldapi_url.dif
   openldap-2.3.37-libldap-ntlm.diff
   openldap-2.3.37-libldap-gethostbyname_r.dif
   openldap-2.3.37-libldap-sasl-max-buff-size.dif
   openldap-2.3.37-libldap-utf8-ADcanonical.dif
   openldap-2.3.37-liblber-length-decoding.dif
   openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
   openldap-2.3.37-libldap-tls_chkhost-its6239.dif
   openldap-2.3.37-libldap-ssl.dif

OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=106

openldap-2.3.37-liblber-length-decoding.dif

@@ -0,0 +1,93 @@
+Index: libraries/liblber/io.c
+===================================================================
+--- libraries/liblber/io.c.orig
++++ libraries/liblber/io.c
+@@ -495,14 +495,18 @@ ber_get_next(
+ 	}
+ 
+ 	while (ber->ber_rwptr > (char *)&ber->ber_tag && ber->ber_rwptr <
+-		(char *)&ber->ber_len + LENSIZE*2 -1) {
++		(char *)&ber->ber_len + LENSIZE*2) {
+ 		ber_slen_t sblen;
+ 		char buf[sizeof(ber->ber_len)-1];
+ 		ber_len_t tlen = 0;
+ 
++		/* The tag & len can be at most 9 bytes; we try to read up to 8 here */
+ 		sock_errset(0);
+-		sblen=ber_int_sb_read( sb, ber->ber_rwptr,
+-			((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr);
++		sblen=((char *)&ber->ber_len + LENSIZE*2 - 1)-ber->ber_rwptr;
++		/* Trying to read the last len byte of a 9 byte tag+len */
++		if (sblen<1)
++			sblen = 1;
++		sblen=ber_int_sb_read( sb, ber->ber_rwptr, sblen );
+ 		if (sblen<=0) return LBER_DEFAULT;
+ 		ber->ber_rwptr += sblen;
+ 
+@@ -552,7 +556,7 @@ ber_get_next(
+ 			int i;
+ 			unsigned char *p = (unsigned char *)ber->ber_ptr;
+ 			int llen = *p++ & 0x7f;
+-			if (llen > (int)sizeof(ber_len_t)) {
++			if (llen > LENSIZE) {
+ 				sock_errset(ERANGE);
+ 				return LBER_DEFAULT;
+ 			}
+Index: libraries/libldap/result.c
+===================================================================
+--- libraries/libldap/result.c.orig
++++ libraries/libldap/result.c
+@@ -296,18 +296,20 @@
+ #endif
+ 
+ 		    	if ( !lc_ready ) {
++				int err;
+ 				rc = ldap_int_select( ld, tvp );
+-#ifdef LDAP_DEBUG
+ 				if ( rc == -1 ) {
++					err = sock_errno();
++#ifdef LDAP_DEBUG
+ 					Debug( LDAP_DEBUG_TRACE,
+ 						"ldap_int_select returned -1: errno %d\n",
+-						sock_errno(), 0, 0 );
+-				}
++						err, 0, 0 );
+ #endif
++				}
+ 
+ 				if ( rc == 0 || ( rc == -1 && (
+ 					!LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_RESTART)
+-						|| sock_errno() != EINTR )))
++						|| err != EINTR )))
+ 				{
+ 					ld->ld_errno = (rc == -1 ? LDAP_SERVER_DOWN :
+ 						LDAP_TIMEOUT);
+@@ -410,7 +412,7 @@
+ 	LDAPRequest	*lr, *tmplr;
+ 	LDAPConn	*lc;
+ 	BerElement	tmpber;
+-	int		rc, refer_cnt, hadref, simple_request;
++	int		rc, refer_cnt, hadref, simple_request, err;
+ 	ber_int_t	lderr;
+ 
+ #ifdef LDAP_CONNECTIONLESS
+@@ -469,15 +471,16 @@
+ 	}
+ 	if ( tag != LDAP_TAG_MESSAGE ) {
+ 		if ( tag == LBER_DEFAULT) {
++			err = sock_errno();
+ #ifdef LDAP_DEBUG		   
+ 			Debug( LDAP_DEBUG_CONNS,
+ 				"ber_get_next failed.\n", 0, 0, 0 );
+-#endif		   
++#endif
+ #ifdef EWOULDBLOCK			
+-			if ( sock_errno() == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING;
++			if ( err == EWOULDBLOCK ) return LDAP_MSG_X_KEEP_LOOKING;
+ #endif
+ #ifdef EAGAIN
+-			if ( sock_errno() == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING;
++			if ( err == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING;
+ #endif
+ 			ld->ld_errno = LDAP_SERVER_DOWN;
+ 			return -1;

openldap-2.3.37-libldap-gethostbyname_r.dif

@@ -0,0 +1,20 @@
+--- libraries/libldap/util-int.c	2005/08/23 16:07:09	1.1
++++ libraries/libldap/util-int.c	2005/08/23 16:16:03
+@@ -52,7 +52,7 @@
+ #ifndef LDAP_R_COMPILE
+ # undef HAVE_REENTRANT_FUNCTIONS
+ # undef HAVE_CTIME_R
+-# undef HAVE_GETHOSTBYNAME_R
++/* # undef HAVE_GETHOSTBYNAME_R */
+ # undef HAVE_GETHOSTBYADDR_R
+ 
+ #else
+@@ -110,7 +110,7 @@
+ #define BUFSTART (1024-32)
+ #define BUFMAX (32*1024-32)
+ 
+-#if defined(LDAP_R_COMPILE)
++#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R)
+ static char *safe_realloc( char **buf, int len );
+ 
+ #if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R))

openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif

@@ -0,0 +1,23 @@
+Index: libraries/libldap/request.c
+===================================================================
+--- libraries/libldap/request.c.orig
++++ libraries/libldap/request.c
+@@ -601,6 +601,9 @@ ldap_free_connection( LDAP *ld, LDAPConn
+ 				} else {
+ 				    prevlc->lconn_next = tmplc->lconn_next;
+ 				}
++				if ( ld->ld_defconn == lc ) {
++					ld->ld_defconn = NULL;
++				}
+ 				break;
+ 			}
+ 			prevlc = tmplc;
+@@ -631,6 +634,8 @@ ldap_free_connection( LDAP *ld, LDAPConn
+ 		}
+ 		if ( lc->lconn_sb != ld->ld_sb ) {
+ 			ber_sockbuf_free( lc->lconn_sb );
++		} else {
++			ber_int_sb_close( lc->lconn_sb );
+ 		}
+ 		if ( lc->lconn_rebind_queue != NULL) {
+ 			int i;

openldap-2.3.37-libldap-ldapi_url.dif

@@ -0,0 +1,11 @@
+--- include/ldap_defaults.h	2004/04/14 14:13:27	1.1
++++ include/ldap_defaults.h	2004/04/14 14:14:01
+@@ -39,7 +39,7 @@
+ #define LDAP_ENV_PREFIX "LDAP"
+ 
+ /* default ldapi:// socket */
+-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi"
+ 
+ /*
+  * SLAPD DEFINITIONS

openldap-2.3.37-libldap-ntlm.diff

@@ -0,0 +1,195 @@
+Index: include/ldap.h
+===================================================================
+--- include/ldap.h.orig
++++ include/ldap.h
+@@ -2118,5 +2118,26 @@ LDAP_F( const char * )
+ ldap_passwordpolicy_err2txt LDAP_P(( LDAPPasswordPolicyError ));
+ #endif /* LDAP_CONTROL_PASSWORDPOLICYREQUEST */
+ 
++/*
++ * hacks for NTLM
++ */
++#define LDAP_AUTH_NTLM_REQUEST	((ber_tag_t) 0x8aU)
++#define LDAP_AUTH_NTLM_RESPONSE	((ber_tag_t) 0x8bU)
++LDAP_F( int )
++ldap_ntlm_bind LDAP_P((
++	LDAP		*ld,
++	LDAP_CONST char	*dn,
++	ber_tag_t	tag,
++	struct berval	*cred,
++	LDAPControl	**sctrls,
++	LDAPControl	**cctrls,
++	int		*msgidp ));
++LDAP_F( int )
++ldap_parse_ntlm_bind_result LDAP_P((
++	LDAP		*ld,
++	LDAPMessage	*res,
++	struct berval	*challenge));
++
++
+ LDAP_END_DECL
+ #endif /* _LDAP_H */
+Index: libraries/libldap/Makefile.in
+===================================================================
+--- libraries/libldap/Makefile.in.orig
++++ libraries/libldap/Makefile.in
+@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest
+ SRCS	= bind.c open.c result.c error.c compare.c search.c \
+ 	controls.c messages.c references.c extended.c cyrus.c \
+ 	modify.c add.c modrdn.c delete.c abandon.c \
+-	sasl.c sbind.c kbind.c unbind.c cancel.c  \
++	sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c  \
+ 	filter.c free.c sort.c passwd.c whoami.c \
+ 	getdn.c getentry.c getattr.c getvalues.c addentry.c \
+ 	request.c os-ip.c url.c sortctrl.c vlvctrl.c \
+@@ -31,7 +31,7 @@ SRCS	= bind.c open.c result.c error.c co
+ OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
+ 	controls.lo messages.lo references.lo extended.lo cyrus.lo \
+ 	modify.lo add.lo modrdn.lo delete.lo abandon.lo \
+-	sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
++	sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ 	filter.lo free.lo sort.lo passwd.lo whoami.lo \
+ 	getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
+ 	request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
+Index: libraries/libldap/ntlm.c
+===================================================================
+--- /dev/null
++++ libraries/libldap/ntlm.c
+@@ -0,0 +1,137 @@
++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
++/*
++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
++ */
++
++/* Mostly copied from sasl.c */
++
++#include "portable.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++
++#include <ac/socket.h>
++#include <ac/string.h>
++#include <ac/time.h>
++#include <ac/errno.h>
++
++#include "ldap-int.h"
++
++int
++ldap_ntlm_bind(
++	LDAP		*ld,
++	LDAP_CONST char	*dn,
++	ber_tag_t	tag,
++	struct berval	*cred,
++	LDAPControl	**sctrls,
++	LDAPControl	**cctrls,
++	int		*msgidp )
++{
++	BerElement	*ber;
++	int rc;
++	ber_int_t id;
++
++	Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
++
++	assert( ld != NULL );
++	assert( LDAP_VALID( ld ) );
++	assert( msgidp != NULL );
++
++	if( msgidp == NULL ) {
++		ld->ld_errno = LDAP_PARAM_ERROR;
++		return ld->ld_errno;
++	}
++
++	/* create a message to send */
++	if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
++		ld->ld_errno = LDAP_NO_MEMORY;
++		return ld->ld_errno;
++	}
++
++	assert( LBER_VALID( ber ) );
++
++	LDAP_NEXT_MSGID( ld, id );
++	rc = ber_printf( ber, "{it{istON}" /*}*/,
++			 id, LDAP_REQ_BIND,
++			 ld->ld_version, dn, tag,
++			 cred );
++
++	/* Put Server Controls */
++	if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
++		ber_free( ber, 1 );
++		return ld->ld_errno;
++	}
++
++	if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
++		ld->ld_errno = LDAP_ENCODING_ERROR;
++		ber_free( ber, 1 );
++		return ld->ld_errno;
++	}
++
++	/* send the message */
++	*msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
++
++	if(*msgidp < 0)
++		return ld->ld_errno;
++
++	return LDAP_SUCCESS;
++}
++
++int
++ldap_parse_ntlm_bind_result(
++	LDAP		*ld,
++	LDAPMessage	*res,
++	struct berval	*challenge)
++{
++	ber_int_t	errcode;
++	ber_tag_t	tag;
++	BerElement	*ber;
++	ber_len_t	len;
++
++	Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
++
++	assert( ld != NULL );
++	assert( LDAP_VALID( ld ) );
++	assert( res != NULL );
++
++	if ( ld == NULL || res == NULL ) {
++		return LDAP_PARAM_ERROR;
++	}
++
++	if( res->lm_msgtype != LDAP_RES_BIND ) {
++		ld->ld_errno = LDAP_PARAM_ERROR;
++		return ld->ld_errno;
++	}
++
++	if ( ld->ld_error ) {
++		LDAP_FREE( ld->ld_error );
++		ld->ld_error = NULL;
++	}
++	if ( ld->ld_matched ) {
++		LDAP_FREE( ld->ld_matched );
++		ld->ld_matched = NULL;
++	}
++
++	/* parse results */
++
++	ber = ber_dup( res->lm_ber );
++
++	if( ber == NULL ) {
++		ld->ld_errno = LDAP_NO_MEMORY;
++		return ld->ld_errno;
++	}
++
++	tag = ber_scanf( ber, "{ioa" /*}*/,
++			 &errcode, challenge, &ld->ld_error );
++	ber_free( ber, 0 );
++
++	if( tag == LBER_ERROR ) {
++		ld->ld_errno = LDAP_DECODING_ERROR;
++		return ld->ld_errno;
++	}
++
++	ld->ld_errno = errcode;
++
++	return( ld->ld_errno );
++}

openldap-2.3.37-libldap-sasl-max-buff-size.dif

@@ -0,0 +1,17 @@
+Index: libraries/libldap/cyrus.c
+===================================================================
+RCS file: /repo/OpenLDAP/pkg/ldap/libraries/libldap/cyrus.c,v
+retrieving revision 1.139
+retrieving revision 1.140
+diff -u -r1.139 -r1.140
+--- libraries/libldap/cyrus.c	2 Jan 2007 19:00:58 -0000	1.139
++++ libraries/libldap/cyrus.c	23 Apr 2007 12:21:48 -0000	1.140
+@@ -208,7 +208,7 @@
+ 		| buf[2] << 8
+ 		| buf[3];
+ 
+-	if ( size > SASL_MAX_BUFF_SIZE ) {
++	if ( size >= SASL_MAX_BUFF_SIZE ) {
+ 		/* somebody is trying to mess me up. */
+ 		ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
+ 			"sb_sasl_pkt_length: received illegal packet length "

openldap-2.3.37-libldap-ssl.dif

@@ -0,0 +1,15 @@
+Index: libraries/libldap/tls.c
+===================================================================
+--- libraries/libldap/tls.c	2013-11-12 17:09:55.284965672 +0100
++++ libraries/libldap/tls.c	2013-11-12 17:10:22.829163042 +0100
+@@ -918,10 +918,6 @@
+ {
+ 	/* If peer cert was bad, treat as if no cert was given */
+ 	if (SSL_get_verify_result(s)) {
+-		/* If we can send an alert, do so */
+-		if (SSL_version(s) != SSL2_VERSION) {
+-			ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_BAD_CERTIFICATE);
+-		}
+ 		return NULL;
+ 	}
+ 	return SSL_get_peer_certificate(s);

openldap-2.3.37-libldap-suid.diff

@@ -0,0 +1,18 @@
+Index: libraries/libldap/init.c
+===================================================================
+--- libraries/libldap/init.c.orig
++++ libraries/libldap/init.c
+@@ -579,6 +579,7 @@ void ldap_int_initialize( struct ldapopt
+ #endif
+ 
+ 	openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
++	if( getuid() == geteuid() ){
+ 	openldap_ldap_init_w_userconf(LDAP_USERRC_FILE);
+ 
+ 	{
+@@ -608,4 +609,5 @@ void ldap_int_initialize( struct ldapopt
+ 	}
+ 
+ 	openldap_ldap_init_w_env(gopts, NULL);
++        }
+ }

openldap-2.3.37-libldap-tls_chkhost-its6239.dif

@@ -0,0 +1,121 @@
+Index: openldap-2.3.32/libraries/libldap/tls.c
+===================================================================
+--- openldap-2.3.32.orig/libraries/libldap/tls.c
++++ openldap-2.3.32/libraries/libldap/tls.c
+@@ -981,7 +981,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
+ 	X509 *x;
+ 	const char *name;
+ 	char *ptr;
+-	int ntype = IS_DNS;
++	int ntype = IS_DNS, nlen;
+ #ifdef LDAP_PF_INET6
+ 	struct in6_addr addr;
+ #else
+@@ -995,6 +995,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
+ 	} else {
+ 		name = name_in;
+ 	}
++	nlen = strlen(name);
+ 
+ 	x = tls_get_cert((SSL *)s);
+ 	if (!x) {
+@@ -1028,15 +1029,14 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
+ 		ex = X509_get_ext(x, i);
+ 		alt = X509V3_EXT_d2i(ex);
+ 		if (alt) {
+-			int n, len1 = 0, len2 = 0;
++			int n, len2 = 0;
+ 			char *domain = NULL;
+ 			GENERAL_NAME *gn;
+ 
+ 			if (ntype == IS_DNS) {
+-				len1 = strlen(name);
+ 				domain = strchr(name, '.');
+ 				if (domain) {
+-					len2 = len1 - (domain-name);
++					len2 = nlen - (domain-name);
+ 				}
+ 			}
+ 			n = sk_GENERAL_NAME_num(alt);
+@@ -1054,7 +1054,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
+ 					if (sl == 0) continue;
+ 
+ 					/* Is this an exact match? */
+-					if ((len1 == sl) && !strncasecmp(name, sn, len1)) {
++					if ((nlen == sl) && !strncasecmp(name, sn, nlen)) {
+ 						break;
+ 					}
+ 
+@@ -1094,13 +1094,27 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
+ 
+ 	if (ret != LDAP_SUCCESS) {
+ 		X509_NAME *xn;
+-		char buf[2048];
+-		buf[0] = '\0';
++		X509_NAME_ENTRY *ne;
++		ASN1_OBJECT *obj;
++		ASN1_STRING *cn = NULL;
++		int navas;
++
++		/* find the last CN */
++		obj = OBJ_nid2obj( NID_commonName );
++		if ( !obj ) goto no_cn; /* should never happen */
+ 
+ 		xn = X509_get_subject_name(x);
+-		if( X509_NAME_get_text_by_NID( xn, NID_commonName,
+-			buf, sizeof(buf)) == -1)
+-		{
++		navas = X509_NAME_entry_count( xn );
++		for ( i=navas-1; i>=0; i-- ) {
++			ne = X509_NAME_get_entry( xn, i );
++			if ( !OBJ_cmp( ne->object, obj )) {
++				cn = X509_NAME_ENTRY_get_data( ne );
++				break;
++			}
++		}
++		
++		if( !cn ){
++no_cn:
+ 			Debug( LDAP_DEBUG_ANY,
+ 				"TLS: unable to get common name from peer certificate.\n",
+ 				0, 0, 0 );
+@@ -1111,21 +1125,20 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
+ 			ld->ld_error = LDAP_STRDUP(
+ 				_("TLS: unable to get CN from peer certificate"));
+ 
+-		} else if (strcasecmp(name, buf) == 0 ) {
++		} else if ( cn->length == nlen &&
++			strncasecmp( name, (char *) cn->data, nlen ) == 0 ) {
+ 			ret = LDAP_SUCCESS;
+ 
+-		} else if (( buf[0] == '*' ) && ( buf[1] == '.' )) {
++		} else if (( cn->data[0] == '*' ) && ( cn->data[1] == '.' )) {
+ 			char *domain = strchr(name, '.');
+ 			if( domain ) {
+-				size_t dlen = 0;
+-				size_t sl;
++				size_t dlen;
+ 
+-				sl = strlen(name);
+-				dlen = sl - (domain-name);
+-				sl = strlen(buf);
++				dlen = nlen - (domain-name);
+ 
+ 				/* Is this a wildcard match? */
+-				if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) {
++				if ((dlen == cn->length-1) &&
++					!strncasecmp(domain, (char *) &cn->data[1], dlen)) {
+ 					ret = LDAP_SUCCESS;
+ 				}
+ 			}
+@@ -1133,8 +1146,8 @@ ldap_pvt_tls_check_hostname( LDAP *ld, v
+ 
+ 		if( ret == LDAP_LOCAL_ERROR ) {
+ 			Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
+-				"common name in certificate (%s).\n", 
+-				name, buf, 0 );
++				"common name in certificate (%.*s).\n", 
++				name, cn->length, cn->data );
+ 			ret = LDAP_CONNECT_ERROR;
+ 			if ( ld->ld_error ) {
+ 				LDAP_FREE( ld->ld_error );

openldap-2.3.37-libldap-utf8-ADcanonical.dif

@@ -0,0 +1,107 @@
+Index: libraries/libldap/getdn.c
+===================================================================
+--- libraries/libldap/getdn.c.orig
++++ libraries/libldap/getdn.c
+@@ -2377,12 +2377,12 @@ strval2DCEstr( struct berval *val, char 
+ 
+ /*
+  * Length of the (supposedly) AD canonical string representation, 
+- * accounting for escaped hex of UTF-8 chars
++ * accounting for chars that need to be escaped 
+  */
+ static int
+ strval2ADstrlen( struct berval *val, unsigned flags, ber_len_t *len )
+ {
+-	ber_len_t	l;
++	ber_len_t	l, cl;
+ 	char		*p;
+ 
+ 	assert( val != NULL );
+@@ -2393,37 +2393,31 @@ strval2ADstrlen( struct berval *val, uns
+ 		return( 0 );
+ 	}
+ 
+-	if ( flags & LDAP_AVA_NONPRINTABLE ) {
+-		/* 
+-		 * FIXME: Turn the value into a binary encoded BER?
+-		 */
+-		return( -1 );
+-		
+-	} else {
+-		for ( l = 0, p = val->bv_val; p[ 0 ]; p++ ) {
+-			if ( LDAP_DN_NEEDESCAPE_AD( p[ 0 ] ) ) {
+-				l += 2;
+-
+-			} else {
+-				l++;
+-			}
++	for ( l = 0, p = val->bv_val; p[ 0 ]; p += cl ) {
++		cl = LDAP_UTF8_CHARLEN2( p, cl );
++		if ( cl == 0 ) {
++			/* illegal utf-8 char */
++			return -1;
++		} else if ( (cl == 1) && LDAP_DN_NEEDESCAPE_AD( p[ 0 ] ) ) {
++			l += 2;
++		} else {
++			l += cl;
+ 		}
+ 	}
+ 
+ 	*len = l;
+-	
++
+ 	return( 0 );
+ }
+ 
+ /*
+- * convert to (supposedly) AD string representation, 
+- * escaping with hex the UTF-8 stuff;
++ * convert to (supposedly) AD string representation,
+  * assume the destination has enough room for escaping
+  */
+ static int
+ strval2ADstr( struct berval *val, char *str, unsigned flags, ber_len_t *len )
+ {
+-	ber_len_t	s, d;
++	ber_len_t	s, d, cl;
+ 
+ 	assert( val != NULL );
+ 	assert( str != NULL );
+@@ -2434,24 +2428,20 @@ strval2ADstr( struct berval *val, char *
+ 		return( 0 );
+ 	}
+ 
+-	if ( flags & LDAP_AVA_NONPRINTABLE ) {
+-		/*
+-		 * FIXME: Turn the value into a binary encoded BER?
+-		 */
+-		*len = 0;
+-		return( -1 );
+-		
+-	} else {
+-
+-		/* 
+-		 * we assume the string has enough room for the hex encoding
+-		 * of the value
+-		 */
++	/* 
++	 * we assume the string has enough room for the escaping
++	 * of the value
++	 */
+ 
+-		for ( s = 0, d = 0; s < val->bv_len; ) {
+-			if ( LDAP_DN_NEEDESCAPE_AD( val->bv_val[ s ] ) ) {
+-				str[ d++ ] = '\\';
+-			}
++	for ( s = 0, d = 0; s < val->bv_len; ) {
++		cl = LDAP_UTF8_CHARLEN2( val->bv_val+s, cl );
++		if ( cl == 0 ) {
++			/* illegal utf-8 char */
++			return -1;
++		} else if ( (cl == 1) && LDAP_DN_NEEDESCAPE_AD(val->bv_val[ s ]) ) {
++			str[ d++ ] = '\\';
++		}
++		for (; cl--;) {
+ 			str[ d++ ] = val->bv_val[ s++ ];
+ 		}
+ 	}

openldap-rc.tgz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c8c4eb50b6ab04db5b01e3fa1f37d537b2415d5676560a4d6b435e360f84ebac
-size 4765
+oid sha256:21d21950b2c2dde8601ef4d28a0acd154852d7ec4938400bebddd4da7510a970
+size 4034

openldap2-client.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue Feb 11 08:49:43 UTC 2014 - varkoly@suse.com
+
+- Add systemd style service definition
+- FATE#315028 remove memory limit for slapd
+- FATE#315415: LDAP compat packages required for older SLES versions
+  For this reson following patches were applied:
+   openldap-2.3.37-libldap-suid.diff
+   openldap-2.3.37-libldap-ldapi_url.dif
+   openldap-2.3.37-libldap-ntlm.diff
+   openldap-2.3.37-libldap-gethostbyname_r.dif
+   openldap-2.3.37-libldap-sasl-max-buff-size.dif
+   openldap-2.3.37-libldap-utf8-ADcanonical.dif
+   openldap-2.3.37-liblber-length-decoding.dif
+   openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
+   openldap-2.3.37-libldap-tls_chkhost-its6239.dif
+   openldap-2.3.37-libldap-ssl.dif
+
 -------------------------------------------------------------------
 Wed Dec 11 13:29:51 UTC 2013 - matz@suse.de
 

openldap2-client.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package openldap2-client
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,6 +17,7 @@
 
 
 %define run_test_suite 0
+%define version_main 2.4.38
 
 Name:           openldap2-client
 Summary:        The OpenLDAP commandline client tools
@@ -44,7 +45,7 @@ BuildRequires:  -libdb-4_8-devel
 BuildRequires:  libdb-4_5-devel
 %endif
 Conflicts:      openldap
-Requires:       libldap-2_4-2 = %{version}
+Requires:       libldap-2_4-2 = %{version_main}
 PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
 %else
 %if 0%{?suse_version} >= 1140
@@ -52,9 +53,10 @@ PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/group
 BuildRequires:  krb5-mini
 %endif
 Conflicts:      openldap-client
-Requires:       libldap-2_4-2 = %{version}
+Requires:       libldap-2_4-2 = %{version_main}
+Requires:       systemd
 %endif
-Source:         openldap-%{version}.tgz
+Source:         openldap-%{version_main}.tgz
 Source1:        openldap-rc.tgz
 Source2:        addonschema.tar.gz
 Source3:        DB_CONFIG
@@ -71,6 +73,16 @@ Patch5:         0005-pie-compile.dif
 Patch6:         0006-No-Build-date-and-time-in-binaries.dif
 Patch7:         0007-Recover-on-DB-version-change.dif
 Patch100:       openldap-2.3.37.dif
+Patch101:       openldap-2.3.37-libldap-suid.diff
+Patch102:       openldap-2.3.37-libldap-ldapi_url.dif
+Patch103:       openldap-2.3.37-libldap-ntlm.diff
+Patch104:       openldap-2.3.37-libldap-gethostbyname_r.dif
+Patch105:       openldap-2.3.37-libldap-sasl-max-buff-size.dif
+Patch106:       openldap-2.3.37-libldap-utf8-ADcanonical.dif
+Patch107:       openldap-2.3.37-liblber-length-decoding.dif
+Patch108:       openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
+Patch109:       openldap-2.3.37-libldap-tls_chkhost-its6239.dif
+Patch110:       openldap-2.3.37-libldap-ssl.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if "%{name}" == "openldap2"
 
@@ -82,8 +94,9 @@ service that has an X.500 back-end.
 
 %package      -n openldap2-back-perl
 Summary:        OpenLDAP Perl Back-End
+License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Servers
-Requires:       openldap2 = %{version}
+Requires:       openldap2 = %{version_main}
 Requires:       perl = %{perl_version}
 
 %description -n openldap2-back-perl
@@ -92,8 +105,9 @@ different LDAP operations.
 
 %package      -n openldap2-back-meta
 Summary:        OpenLDAP Meta Back-End
+License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Servers
-Requires:       openldap2 = %{version}
+Requires:       openldap2 = %{version_main}
 Provides:       openldap2:/usr/share/man/man5/slapd-meta.5.gz
 
 %description -n openldap2-back-meta
@@ -104,8 +118,9 @@ Information Tree (DIT).
 
 %package      -n openldap2-back-sql
 Summary:        OpenLDAP SQL Back-End
+License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Servers
-Requires:       openldap2 = %{version}
+Requires:       openldap2 = %{version_main}
 
 %description -n openldap2-back-sql
 The primary purpose of this OpenLDAP backend is to present information
@@ -114,6 +129,7 @@ to do any programming.
 
 %package      -n openldap2-doc
 Summary:        OpenLDAP Documentation
+License:        OLDAP-2.8
 Group:          Documentation/Other
 Provides:       openldap2:/usr/share/doc/packages/openldap2/drafts/README
 %if 0%{?suse_version} > 1110
@@ -123,6 +139,22 @@ BuildArch:      noarch
 %description -n openldap2-doc
 The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
 
+%package      -n compat-libldap-2_3-0
+Summary:        OpenLDAP Client Libraries
+License:        BSD-3-Clause and OLDAP-2.8 and OLDAP-2.8
+Group:          Productivity/Networking/LDAP/Clients
+Version:        2.3.37
+Release:        2.<RELEASE22>
+
+%description -n compat-libldap-2_3-0
+This package contains the OpenLDAP client libraries.
+
+
+
+Authors:
+--------
+    The OpenLDAP Project <project@openldap.org>
+
 %else
 
 %description
@@ -130,6 +162,7 @@ This package contains the OpenLDAP client utilities.
 
 %package      -n openldap2-devel
 Summary:        Libraries, Header Files and Documentation for OpenLDAP
+License:        OLDAP-2.8
 Group:          Development/Libraries/C and C++
 # bug437293
 %ifarch ppc64
@@ -137,7 +170,7 @@ Obsoletes:      openldap2-devel-64bit
 %endif
 #
 Conflicts:      openldap-devel
-Requires:       libldap-2_4-2 = %{version}
+Requires:       libldap-2_4-2 = %{version_main}
 
 %description -n openldap2-devel
 This package provides the OpenLDAP libraries, header files, and
@@ -145,6 +178,7 @@ documentation.
 
 %package -n openldap2-devel-static
 Summary:        Static libraries for the OpenLDAP libraries
+License:        OLDAP-2.8
 Group:          Development/Libraries/C and C++
 Requires:       openldap2-devel = %version
 %if %sles_version == 10
@@ -160,6 +194,7 @@ for development.
 
 %package      -n libldap-2_4-2
 Summary:        OpenLDAP Client Libraries
+License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Clients
 
 %description -n libldap-2_4-2
@@ -168,7 +203,7 @@ This package contains the OpenLDAP client libraries.
 %endif
 
 %prep
-%setup -q -n openldap-%{version} -a1 -a2 -b100
+%setup -q -n openldap-%{version_main} -a1 -a2 -b100
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
@@ -180,6 +215,16 @@ cp %{SOURCE5} .
 cp %{SOURCE6} .
 cd ../openldap-2.3.37
 %patch100
+%patch101
+%patch102
+%patch103
+%patch104
+%patch105
+%patch106
+%patch107
+%patch108
+%patch109 -p1
+%patch110
 
 %build
 %{?suse_update_config:%{suse_update_config -f build}}
@@ -222,7 +267,7 @@ export STRIP=""
 make depend
 make %{?jobs:-j%jobs}
 %if "%{name}" == "openldap2"
-%if %suse_version < 1130
+#%if %suse_version < 1130
 # build a static slapcat binary from the OpenLDAP 2.3 release
 # to be able to update existing databases
 cd ../openldap-2.3.37
@@ -230,18 +275,18 @@ cd ../openldap-2.3.37
 libtoolize --force
 #aclocal -I build
 autoreconf
-export CFLAGS="$RPM_OPT_FLAGS  -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED"
+export CFLAGS="$RPM_OPT_FLAGS  -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS"
 ./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc \
         --localstatedir=/var/run/slapd --libexecdir=/usr/lib/openldap \
         --libdir=%{_libdir} --mandir=%{_mandir} --enable-aci \
         --enable-hdb --enable-bdb --enable-ldbm --enable-crypt \
         --enable-ipv6=no \
         --enable-ldap --enable-monitor --enable-meta --enable-rewrite \
-        --enable-dynamic=no --enable-shared=no
+        --enable-dynamic=no --enable-shared=yes
 make depend
-make %{?jobs:-j%jobs}
+make -C libraries %{?jobs:-j%jobs}
 
-%endif
+#%endif
 %endif
 
 %check
@@ -270,11 +315,12 @@ make SLAPD_DEBUG=0 test
 %endif
 
 %install
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
+mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/
 mkdir -p $RPM_BUILD_ROOT/usr/sbin
+mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/system
 make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
-install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
-ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
+install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start
+install -m 644 slapd.service $RPM_BUILD_ROOT/usr/lib/systemd/system
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
 install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
@@ -319,6 +365,10 @@ mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
 # install 2.3 slapcat
 install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin/openldap-2.3-slapcat
 %endif
+# install sle-10 compat libraries
+pushd ../openldap-2.3.37/libraries
+make DESTDIR=$RPM_BUILD_ROOT install
+popd
 %endif
 rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
@@ -334,21 +384,19 @@ rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.la
 #put filelists into files
 cat >openldap2.filelist <<EOF
 /var/adm/fillup-templates/sysconfig.openldap
-%config /etc/init.d/ldap
 %config /etc/sysconfig/SuSEfirewall2.d/services/openldap
-/usr/sbin/rcldap
 /usr/sbin/slap*
+%dir /etc/sasl2
 %dir /etc/openldap
 %dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d
 %dir /etc/openldap/schema
-%dir %{_sysconfdir}/sasl2
 %config /etc/openldap/schema/*.schema
 %config /etc/openldap/schema/*.ldif
 %config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf
 %config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG
 %config /var/lib/ldap/DB_CONFIG.example
 %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
-%config(noreplace) /%{_sysconfdir}/sasl2/slapd.conf
+%config(noreplace) /etc/sasl2/slapd.conf
 %dir /usr/lib/openldap
 %dir /usr/lib/openldap/modules
 /usr/lib/openldap/modules/accesslog*
@@ -370,6 +418,8 @@ cat >openldap2.filelist <<EOF
 /usr/lib/openldap/modules/unique*
 /usr/lib/openldap/modules/valsort*
 /usr/lib/openldap/slapd
+/usr/lib/openldap/start
+/usr/lib/systemd/system/slapd.service
 %dir %attr(0700, ldap, ldap) /var/lib/ldap
 %dir %attr(0755, ldap, ldap) %ghost /var/run/slapd
 %doc %{_mandir}/man8/sl*
@@ -397,6 +447,11 @@ cat >>openldap2.filelist <<EOF
 /usr/sbin/openldap-2.3-slapcat
 EOF
 %endif
+cat > compat-libldap.filelist <<EOF
+%{_libdir}/liblber*2.3.so.*
+%{_libdir}/libldap*2.3.so.*
+EOF
+#
 #
 cat > openldap2-client.filelist <<EOF
 %dir /etc/openldap
@@ -418,8 +473,8 @@ cat > openldap2-client.filelist <<EOF
 %doc %{_mandir}/man5/ldif.*
 EOF
 cat > libldap.filelist <<EOF
-%{_libdir}/liblber*.so.*
-%{_libdir}/libldap*.so.*
+%{_libdir}/liblber*2.4.so.*
+%{_libdir}/libldap*2.4.so.*
 EOF
 cat > openldap2-devel.filelist <<EOF
 /usr/include/*.h
@@ -462,7 +517,7 @@ cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \
 %else
 cat openldap2.filelist openldap2-back-perl.filelist \
     openldap2-back-meta.filelist openldap2-back-sql.filelist \
-    openldap2-doc.filelist |
+    openldap2-doc.filelist compat-libldap.filelist |
 %endif
   grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
     rm -rf $RPM_BUILD_ROOT$name
@@ -491,7 +546,7 @@ if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
   cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
   cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
 fi
-%{fillup_and_insserv -n openldap ldap}
+%{fillup_only -n openldap ldap}
 %{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
 
 %preun
@@ -499,7 +554,10 @@ fi
 
 %postun
 %restart_on_update ldap
-%insserv_cleanup
+
+%post -n compat-libldap-2_3-0 -p /sbin/ldconfig
+
+%postun -n compat-libldap-2_3-0 -p /sbin/ldconfig
 
 %files -f openldap2.filelist
 %defattr(-,root,root)
@@ -515,6 +573,10 @@ fi
 
 %files -n openldap2-doc -f openldap2-doc.filelist
 %defattr(-,root,root)
+
+%files -n compat-libldap-2_3-0 -f compat-libldap.filelist
+%defattr(-,root,root)
+
 %else
 
 %post -n libldap-2_4-2 -p /sbin/ldconfig

openldap2.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue Feb 11 08:49:43 UTC 2014 - varkoly@suse.com
+
+- Add systemd style service definition
+- FATE#315028 remove memory limit for slapd
+- FATE#315415: LDAP compat packages required for older SLES versions
+  For this reson following patches were applied:
+   openldap-2.3.37-libldap-suid.diff
+   openldap-2.3.37-libldap-ldapi_url.dif
+   openldap-2.3.37-libldap-ntlm.diff
+   openldap-2.3.37-libldap-gethostbyname_r.dif
+   openldap-2.3.37-libldap-sasl-max-buff-size.dif
+   openldap-2.3.37-libldap-utf8-ADcanonical.dif
+   openldap-2.3.37-liblber-length-decoding.dif
+   openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
+   openldap-2.3.37-libldap-tls_chkhost-its6239.dif
+   openldap-2.3.37-libldap-ssl.dif
+
 -------------------------------------------------------------------
 Wed Dec 11 13:29:51 UTC 2013 - matz@suse.de
 

openldap2.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package openldap2
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,6 +17,7 @@
 
 
 %define run_test_suite 0
+%define version_main 2.4.38
 
 Name:           openldap2
 Summary:        The OpenLDAP Server
@@ -44,7 +45,7 @@ BuildRequires:  -libdb-4_8-devel
 BuildRequires:  libdb-4_5-devel
 %endif
 Conflicts:      openldap
-Requires:       libldap-2_4-2 = %{version}
+Requires:       libldap-2_4-2 = %{version_main}
 PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/grep
 %else
 %if 0%{?suse_version} >= 1140
@@ -52,9 +53,10 @@ PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/group
 BuildRequires:  krb5-mini
 %endif
 Conflicts:      openldap-client
-Requires:       libldap-2_4-2 = %{version}
+Requires:       libldap-2_4-2 = %{version_main}
+Requires:       systemd
 %endif
-Source:         openldap-%{version}.tgz
+Source:         openldap-%{version_main}.tgz
 Source1:        openldap-rc.tgz
 Source2:        addonschema.tar.gz
 Source3:        DB_CONFIG
@@ -71,6 +73,16 @@ Patch5:         0005-pie-compile.dif
 Patch6:         0006-No-Build-date-and-time-in-binaries.dif
 Patch7:         0007-Recover-on-DB-version-change.dif
 Patch100:       openldap-2.3.37.dif
+Patch101:       openldap-2.3.37-libldap-suid.diff
+Patch102:       openldap-2.3.37-libldap-ldapi_url.dif
+Patch103:       openldap-2.3.37-libldap-ntlm.diff
+Patch104:       openldap-2.3.37-libldap-gethostbyname_r.dif
+Patch105:       openldap-2.3.37-libldap-sasl-max-buff-size.dif
+Patch106:       openldap-2.3.37-libldap-utf8-ADcanonical.dif
+Patch107:       openldap-2.3.37-liblber-length-decoding.dif
+Patch108:       openldap-2.3.37-libldap-ld_defconn-ldap_free_connection.dif
+Patch109:       openldap-2.3.37-libldap-tls_chkhost-its6239.dif
+Patch110:       openldap-2.3.37-libldap-ssl.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if "%{name}" == "openldap2"
 
@@ -82,8 +94,9 @@ service that has an X.500 back-end.
 
 %package      -n openldap2-back-perl
 Summary:        OpenLDAP Perl Back-End
+License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Servers
-Requires:       openldap2 = %{version}
+Requires:       openldap2 = %{version_main}
 Requires:       perl = %{perl_version}
 
 %description -n openldap2-back-perl
@@ -92,8 +105,9 @@ different LDAP operations.
 
 %package      -n openldap2-back-meta
 Summary:        OpenLDAP Meta Back-End
+License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Servers
-Requires:       openldap2 = %{version}
+Requires:       openldap2 = %{version_main}
 Provides:       openldap2:/usr/share/man/man5/slapd-meta.5.gz
 
 %description -n openldap2-back-meta
@@ -104,8 +118,9 @@ Information Tree (DIT).
 
 %package      -n openldap2-back-sql
 Summary:        OpenLDAP SQL Back-End
+License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Servers
-Requires:       openldap2 = %{version}
+Requires:       openldap2 = %{version_main}
 
 %description -n openldap2-back-sql
 The primary purpose of this OpenLDAP backend is to present information
@@ -114,6 +129,7 @@ to do any programming.
 
 %package      -n openldap2-doc
 Summary:        OpenLDAP Documentation
+License:        OLDAP-2.8
 Group:          Documentation/Other
 Provides:       openldap2:/usr/share/doc/packages/openldap2/drafts/README
 %if 0%{?suse_version} > 1110
@@ -123,6 +139,22 @@ BuildArch:      noarch
 %description -n openldap2-doc
 The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts
 
+%package      -n compat-libldap-2_3-0
+Summary:        OpenLDAP Client Libraries
+License:        BSD-3-Clause and OLDAP-2.8 and OLDAP-2.8
+Group:          Productivity/Networking/LDAP/Clients
+Version:        2.3.37
+Release:        2.<RELEASE22>
+
+%description -n compat-libldap-2_3-0
+This package contains the OpenLDAP client libraries.
+
+
+
+Authors:
+--------
+    The OpenLDAP Project <project@openldap.org>
+
 %else
 
 %description
@@ -130,6 +162,7 @@ This package contains the OpenLDAP client utilities.
 
 %package      -n openldap2-devel
 Summary:        Libraries, Header Files and Documentation for OpenLDAP
+License:        OLDAP-2.8
 Group:          Development/Libraries/C and C++
 # bug437293
 %ifarch ppc64
@@ -137,7 +170,7 @@ Obsoletes:      openldap2-devel-64bit
 %endif
 #
 Conflicts:      openldap-devel
-Requires:       libldap-2_4-2 = %{version}
+Requires:       libldap-2_4-2 = %{version_main}
 
 %description -n openldap2-devel
 This package provides the OpenLDAP libraries, header files, and
@@ -145,6 +178,7 @@ documentation.
 
 %package -n openldap2-devel-static
 Summary:        Static libraries for the OpenLDAP libraries
+License:        OLDAP-2.8
 Group:          Development/Libraries/C and C++
 Requires:       openldap2-devel = %version
 %if %sles_version == 10
@@ -160,6 +194,7 @@ for development.
 
 %package      -n libldap-2_4-2
 Summary:        OpenLDAP Client Libraries
+License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Clients
 
 %description -n libldap-2_4-2
@@ -168,7 +203,7 @@ This package contains the OpenLDAP client libraries.
 %endif
 
 %prep
-%setup -q -n openldap-%{version} -a1 -a2 -b100
+%setup -q -n openldap-%{version_main} -a1 -a2 -b100
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
@@ -180,6 +215,16 @@ cp %{SOURCE5} .
 cp %{SOURCE6} .
 cd ../openldap-2.3.37
 %patch100
+%patch101
+%patch102
+%patch103
+%patch104
+%patch105
+%patch106
+%patch107
+%patch108
+%patch109 -p1
+%patch110
 
 %build
 %{?suse_update_config:%{suse_update_config -f build}}
@@ -222,7 +267,7 @@ export STRIP=""
 make depend
 make %{?jobs:-j%jobs}
 %if "%{name}" == "openldap2"
-%if %suse_version < 1130
+#%if %suse_version < 1130
 # build a static slapcat binary from the OpenLDAP 2.3 release
 # to be able to update existing databases
 cd ../openldap-2.3.37
@@ -230,18 +275,18 @@ cd ../openldap-2.3.37
 libtoolize --force
 #aclocal -I build
 autoreconf
-export CFLAGS="$RPM_OPT_FLAGS  -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED"
+export CFLAGS="$RPM_OPT_FLAGS  -Wno-format-extra-args -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS"
 ./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc \
         --localstatedir=/var/run/slapd --libexecdir=/usr/lib/openldap \
         --libdir=%{_libdir} --mandir=%{_mandir} --enable-aci \
         --enable-hdb --enable-bdb --enable-ldbm --enable-crypt \
         --enable-ipv6=no \
         --enable-ldap --enable-monitor --enable-meta --enable-rewrite \
-        --enable-dynamic=no --enable-shared=no
+        --enable-dynamic=no --enable-shared=yes
 make depend
-make %{?jobs:-j%jobs}
+make -C libraries %{?jobs:-j%jobs}
 
-%endif
+#%endif
 %endif
 
 %check
@@ -270,11 +315,12 @@ make SLAPD_DEBUG=0 test
 %endif
 
 %install
-mkdir -p $RPM_BUILD_ROOT/etc/init.d
+mkdir -p $RPM_BUILD_ROOT/usr/lib/openldap/
 mkdir -p $RPM_BUILD_ROOT/usr/sbin
+mkdir -p $RPM_BUILD_ROOT/usr/lib/systemd/system
 make STRIP="" DESTDIR=$RPM_BUILD_ROOT install
-install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
-ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
+install -m 755 start $RPM_BUILD_ROOT/usr/lib/openldap/start
+install -m 644 slapd.service $RPM_BUILD_ROOT/usr/lib/systemd/system
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2
 install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf
@@ -319,6 +365,10 @@ mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples
 # install 2.3 slapcat
 install -m 755 ../openldap-2.3.37/servers/slapd/slapcat $RPM_BUILD_ROOT/usr/sbin/openldap-2.3-slapcat
 %endif
+# install sle-10 compat libraries
+pushd ../openldap-2.3.37/libraries
+make DESTDIR=$RPM_BUILD_ROOT install
+popd
 %endif
 rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
 rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
@@ -334,21 +384,19 @@ rm -f  $RPM_BUILD_ROOT%{_libdir}/lib*.la
 #put filelists into files
 cat >openldap2.filelist <<EOF
 /var/adm/fillup-templates/sysconfig.openldap
-%config /etc/init.d/ldap
 %config /etc/sysconfig/SuSEfirewall2.d/services/openldap
-/usr/sbin/rcldap
 /usr/sbin/slap*
+%dir /etc/sasl2
 %dir /etc/openldap
 %dir %attr(0770, ldap, ldap) /etc/openldap/slapd.d
 %dir /etc/openldap/schema
-%dir %{_sysconfdir}/sasl2
 %config /etc/openldap/schema/*.schema
 %config /etc/openldap/schema/*.ldif
 %config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf
 %config(noreplace) %attr(640, ldap, ldap) /var/lib/ldap/DB_CONFIG
 %config /var/lib/ldap/DB_CONFIG.example
 %attr(640, root, ldap) /%{_sysconfdir}/openldap/slapd.conf.default
-%config(noreplace) /%{_sysconfdir}/sasl2/slapd.conf
+%config(noreplace) /etc/sasl2/slapd.conf
 %dir /usr/lib/openldap
 %dir /usr/lib/openldap/modules
 /usr/lib/openldap/modules/accesslog*
@@ -370,6 +418,8 @@ cat >openldap2.filelist <<EOF
 /usr/lib/openldap/modules/unique*
 /usr/lib/openldap/modules/valsort*
 /usr/lib/openldap/slapd
+/usr/lib/openldap/start
+/usr/lib/systemd/system/slapd.service
 %dir %attr(0700, ldap, ldap) /var/lib/ldap
 %dir %attr(0755, ldap, ldap) %ghost /var/run/slapd
 %doc %{_mandir}/man8/sl*
@@ -397,6 +447,11 @@ cat >>openldap2.filelist <<EOF
 /usr/sbin/openldap-2.3-slapcat
 EOF
 %endif
+cat > compat-libldap.filelist <<EOF
+%{_libdir}/liblber*2.3.so.*
+%{_libdir}/libldap*2.3.so.*
+EOF
+#
 #
 cat > openldap2-client.filelist <<EOF
 %dir /etc/openldap
@@ -418,8 +473,8 @@ cat > openldap2-client.filelist <<EOF
 %doc %{_mandir}/man5/ldif.*
 EOF
 cat > libldap.filelist <<EOF
-%{_libdir}/liblber*.so.*
-%{_libdir}/libldap*.so.*
+%{_libdir}/liblber*2.4.so.*
+%{_libdir}/libldap*2.4.so.*
 EOF
 cat > openldap2-devel.filelist <<EOF
 /usr/include/*.h
@@ -462,7 +517,7 @@ cat openldap2-client.filelist libldap.filelist openldap2-devel.filelist \
 %else
 cat openldap2.filelist openldap2-back-perl.filelist \
     openldap2-back-meta.filelist openldap2-back-sql.filelist \
-    openldap2-doc.filelist |
+    openldap2-doc.filelist compat-libldap.filelist |
 %endif
   grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
     rm -rf $RPM_BUILD_ROOT$name
@@ -491,7 +546,7 @@ if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
   cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
   cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
 fi
-%{fillup_and_insserv -n openldap ldap}
+%{fillup_only -n openldap ldap}
 %{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
 
 %preun
@@ -499,7 +554,10 @@ fi
 
 %postun
 %restart_on_update ldap
-%insserv_cleanup
+
+%post -n compat-libldap-2_3-0 -p /sbin/ldconfig
+
+%postun -n compat-libldap-2_3-0 -p /sbin/ldconfig
 
 %files -f openldap2.filelist
 %defattr(-,root,root)
@@ -515,6 +573,10 @@ fi
 
 %files -n openldap2-doc -f openldap2-doc.filelist
 %defattr(-,root,root)
+
+%files -n compat-libldap-2_3-0 -f compat-libldap.filelist
+%defattr(-,root,root)
+
 %else
 
 %post -n libldap-2_4-2 -p /sbin/ldconfig