From 7ed736ced1158ed63427e6260fa0ed924ed44ec0844b9ba78d6190694b582f2d Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Thu, 18 Feb 2016 13:35:22 +0000 Subject: [PATCH 1/4] Accepting request 360134 from home:lmuelle:branches:network:ldap Maybe this '-n openldap2-' has or had some value. - Remove redundant -n openldap2- package name prefix. OBS-URL: https://build.opensuse.org/request/show/360134 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=154 --- openldap2.changes | 259 +++++++++++++++++++++++----------------------- openldap2.spec | 64 ++++++------ 2 files changed, 164 insertions(+), 159 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index 940b116..031cf0e 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 18 12:18:13 UTC 2016 - lmuelle@suse.com + +- Remove redundant -n openldap2- package name prefix. + ------------------------------------------------------------------- Mon Feb 8 14:40:32 UTC 2016 - hguo@suse.com @@ -22,7 +27,7 @@ Mon Feb 8 14:40:32 UTC 2016 - hguo@suse.com ------------------------------------------------------------------- Mon Feb 8 13:24:49 UTC 2016 - mpluskal@suse.com - + - Use optflags when building ------------------------------------------------------------------- @@ -155,7 +160,7 @@ Wed Sep 10 10:26:02 UTC 2014 - varkoly@suse.com ------------------------------------------------------------------- Wed Sep 3 01:49:12 CEST 2014 - ro@suse.de -- sanitize release line in specfile +- sanitize release line in specfile ------------------------------------------------------------------- Wed Jul 16 15:56:11 UTC 2014 - ckornacker@suse.com @@ -176,7 +181,7 @@ Tue May 13 15:20:40 UTC 2014 - coolo@suse.com ------------------------------------------------------------------- Wed Apr 23 20:51:14 UTC 2014 - dmueller@suse.com -- move systemd requires to server package +- move systemd requires to server package ------------------------------------------------------------------- Tue Feb 18 14:39:07 UTC 2014 - ckornacker@suse.com @@ -186,7 +191,7 @@ Tue Feb 18 14:39:07 UTC 2014 - ckornacker@suse.com ------------------------------------------------------------------- Sun Feb 16 18:55:40 CET 2014 - ro@suse.de -- use configure macro also for building the 2.3.37 version +- use configure macro also for building the 2.3.37 version ------------------------------------------------------------------- Wed Feb 12 11:24:08 UTC 2014 - varkoly@suse.com @@ -211,13 +216,13 @@ Wed Feb 12 11:24:08 UTC 2014 - varkoly@suse.com * Build Environment Test suite: Use $(MAKE) for tests (ITS#7753) * Documentation - admin24 fix TLSDHParamFile to be correct (ITS#7684) + admin24 fix TLSDHParamFile to be correct (ITS#7684) ------------------------------------------------------------------- Tue Feb 11 08:49:43 UTC 2014 - varkoly@suse.com - Add systemd style service definition -- FATE#315028 remove memory limit for slapd +- FATE#315028 remove memory limit for slapd - FATE#315415: LDAP compat packages required for older SLES versions For this reson following patches were applied: openldap-2.3.37-libldap-suid.diff @@ -363,7 +368,7 @@ Mon Mar 25 16:08:21 UTC 2013 - jengelh@inai.de ------------------------------------------------------------------- Sat Nov 17 12:06:23 CET 2012 - ro@suse.de -- fix check-build.sh for kernel > 3.0 +- fix check-build.sh for kernel > 3.0 ------------------------------------------------------------------- Fri Nov 16 09:52:42 UTC 2012 - rhafer@suse.com @@ -449,7 +454,7 @@ Thu May 10 09:22:52 UTC 2012 - rhafer@suse.de ------------------------------------------------------------------- Mon Apr 23 07:08:13 UTC 2012 - rhafer@suse.de -- Disabled testsuite for now. Causes problems in the buildserivce +- Disabled testsuite for now. Causes problems in the buildserivce ------------------------------------------------------------------- Tue Mar 6 12:23:35 UTC 2012 - rhafer@suse.de @@ -664,7 +669,7 @@ Tue Feb 1 10:08:06 UTC 2011 - rhafer@suse.de ------------------------------------------------------------------- Wed Jan 19 15:05:27 UTC 2011 - rhafer@suse.de -- Install the correct schema2ldif script (bnc#665530) +- Install the correct schema2ldif script (bnc#665530) ------------------------------------------------------------------- Wed Jan 5 15:48:27 UTC 2011 - rhafer@novell.com @@ -696,7 +701,7 @@ Tue Oct 5 14:39:46 UTC 2010 - rhafer@novell.com Sun Oct 3 22:55:34 UTC 2010 - cristian.rodriguez@opensuse.org - Do not include Build date and time in binaries, this - avoids build-compare failures and unhelpful rebuilds/republishes + avoids build-compare failures and unhelpful rebuilds/republishes ------------------------------------------------------------------- Wed Sep 29 09:21:52 UTC 2010 - rhafer@novell.com @@ -709,8 +714,8 @@ Wed Sep 29 09:21:52 UTC 2010 - rhafer@novell.com ------------------------------------------------------------------- Thu Aug 26 14:04:06 UTC 2010 - rhafer@novell.com -- Fix listener URIs in init script to make SLP registration work - again (bnc#620389) +- Fix listener URIs in init script to make SLP registration work + again (bnc#620389) ------------------------------------------------------------------- Fri Jul 23 07:49:40 UTC 2010 - rhafer@novell.com @@ -726,7 +731,7 @@ Thu Jul 1 13:02:13 UTC 2010 - rhafer@novell.com * Fixed liblutil off-by-one with delta (ITS#6541) * Fixed slapd acls with glued databases (ITS#6468) * Fixed slapd syncrepl rid logging (ITS#6533) - * Fixed slapd modrdn handling of invalid values (bnc#612430, + * Fixed slapd modrdn handling of invalid values (bnc#612430, ITS#6570) * Fixed slapd-bdb hasSubordinates computation (ITS#6549) * Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474) @@ -740,7 +745,7 @@ Thu Jul 1 13:02:13 UTC 2010 - rhafer@novell.com ITS#6555) * Fixed slapo-valsort to use Debug (ITS#6566) * Fixed contrib/nssov network.c missing patch (ITS#6562) -- New subpackage openldap2-back-sql. Contains the SQL backend +- New subpackage openldap2-back-sql. Contains the SQL backend module plus some documentation (bnc#395719) - generate Patches from git tree (resulted in all patches being renamed) @@ -756,14 +761,14 @@ Thu Jul 1 12:48:18 UTC 2010 - rhafer@novell.com - LDAP clients could crash the server by submitting a specially crafted LDAP ModRDN operation. (bnc#612430, ITS#6570) -- Delete Operations happening during the "Refresh" phase of +- Delete Operations happening during the "Refresh" phase of "refreshAndPersist" replication failed to replicate under - certain circumstances (bnc#606294, ITS#6555) + certain circumstances (bnc#606294, ITS#6555) ------------------------------------------------------------------- Mon May 10 13:35:59 UTC 2010 - rhafer@novell.com -- Create /var/run/slapd on demand. /var/run might be mounted on +- Create /var/run/slapd on demand. /var/run might be mounted on tmpfs. ------------------------------------------------------------------- @@ -781,7 +786,7 @@ Wed Mar 17 13:06:12 UTC 2010 - rhafer@novell.com Tue Mar 16 10:01:39 UTC 2010 - rhafer@novell.com - Removed obsolete hunk from openldap2.dif -- Remove ldap.conf patch to use saner default for Certificate +- Remove ldap.conf patch to use saner default for Certificate verification (bnc#575146) ------------------------------------------------------------------- @@ -817,7 +822,7 @@ Thu Dec 10 15:41:11 UTC 2009 - rhafer@novell.com "demand" as documented even if other tls_ options are absent (bnc#558397, ITS#6319) - apply changes to the global size and timelimits to all database - that don't specify limits themself. (bnc#562184, ITS#6428) + that don't specify limits themself. (bnc#562184, ITS#6428) ------------------------------------------------------------------- Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com @@ -842,7 +847,7 @@ Mon Nov 30 16:09:22 UTC 2009 - rhafer@novell.com * Fixed slapo-syncprov checkpoint conversion (ITS#6370) * Fixed slapo-syncprov deadlock (ITS#6335) * Fixed slapo-syncprov out of order changes (ITS#6346) -- Added switch to enable/disable testsuite (%run_test_suite) +- Added switch to enable/disable testsuite (%run_test_suite) ------------------------------------------------------------------- Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com @@ -852,8 +857,8 @@ Tue Nov 3 19:13:32 UTC 2009 - coolo@novell.com ------------------------------------------------------------------- Mon Sep 28 13:59:18 UTC 2009 - rhafer@novell.com -- Added schema2ldif tool to openldap2-client subpackage - (bnc#541819) +- Added schema2ldif tool to openldap2-client subpackage + (bnc#541819) ------------------------------------------------------------------- Wed Sep 23 15:35:13 UTC 2009 - rhafer@novell.com @@ -916,23 +921,23 @@ Tue Jul 14 14:02:11 CEST 2009 - rhafer@novell.com ------------------------------------------------------------------- Mon Jun 29 14:24:56 CEST 2009 - rhafer@novell.com -- Fixed Summary/Description for -client subpackage +- Fixed Summary/Description for -client subpackage ------------------------------------------------------------------- Thu Jun 25 17:29:03 CEST 2009 - rhafer@novell.com -- Improved connection check in init script (bnc#510295) +- Improved connection check in init script (bnc#510295) ------------------------------------------------------------------- Mon Jun 15 12:12:17 CEST 2009 - rhafer@novell.com -- Fixed complilation with newer glibc (2.3.X release needs +- Fixed complilation with newer glibc (2.3.X release needs GNU_SOURCE defined as well in getpeerid.c) ------------------------------------------------------------------- Wed Apr 29 17:07:33 CEST 2009 - rhafer@novell.com -- gcc 4.4 fixes +- gcc 4.4 fixes ------------------------------------------------------------------- Mon Apr 6 15:41:05 CEST 2009 - rhafer@suse.de @@ -958,7 +963,7 @@ Mon Apr 6 15:41:05 CEST 2009 - rhafer@suse.de * Fixed slapd-ldap/meta with invalid attrs again (ITS#5959) * Fixed slapo-accesslog interaction with ppolicy (ITS#5979) * Fixed slapo-dynlist conversion to cn=config (ITS#6002) - * Fixed various slapo-syncprov issues (ITS#5972, ITS#6020, + * Fixed various slapo-syncprov issues (ITS#5972, ITS#6020, ITS#5985, ITS#5999, ITS#5973, ITS#6045, ITS#6024, ITS#5988) - Fix building on older openSUSE releases @@ -994,7 +999,7 @@ Fri Mar 20 14:00:20 CET 2009 - rhafer@suse.de * Fixed slapd epoll handling (ITS#5886) * Fixed slapd glue with MMR (ITS#5925) * Fixed slapd listener comparison (ITS#5613) - * Fixed various syncrepl issues (ITS#5809,ITS#5850, ITS#5843, + * Fixed various syncrepl issues (ITS#5809,ITS#5850, ITS#5843, ITS#5866, ITS#5901, ITS#5881, ITS#5935, ITS#5710, ITS#5781, ITS#5809, ITS#5798, ITS#5826) * Fixed slapd-bdb/hdb dncachesize handling (ITS#5860) @@ -1009,7 +1014,7 @@ Wed Jan 7 12:34:56 CET 2009 - olh@suse.de ------------------------------------------------------------------- Fri Dec 12 14:45:07 CET 2008 - rhafer@suse.de -- Fixed openldap2-devel dependencies (bnc#457989) +- Fixed openldap2-devel dependencies (bnc#457989) ------------------------------------------------------------------- Tue Dec 9 11:11:38 CET 2008 - rhafer@suse.de @@ -1021,7 +1026,7 @@ Tue Dec 9 11:11:38 CET 2008 - rhafer@suse.de ------------------------------------------------------------------- Fri Nov 28 14:08:16 CET 2008 - rhafer@suse.de -- Disable the slapadd trickle-task it cause performance issues +- Disable the slapadd trickle-task it cause performance issues when using libdb-4.5 (bnc#449641) - removed obsolete configure option (ldbm backend does not exist in OpenLDAP 2.4) @@ -1044,8 +1049,8 @@ Tue Nov 4 14:10:24 CET 2008 - rhafer@suse.de ------------------------------------------------------------------- Thu Oct 23 12:59:08 CEST 2008 - rhafer@suse.de -- the helper function to create various LDAP controls returned - wrong error codes under certain circumstances +- the helper function to create various LDAP controls returned + wrong error codes under certain circumstances (bnc#429064, ITS#5762) - Fixed referral chasing in chain-overlay (bnc#438088, ITS#5742) - Fixed back-config integration of overlays with private instances @@ -1089,8 +1094,8 @@ Sun Oct 12 23:51:09 CEST 2008 - rhafer@suse.de ------------------------------------------------------------------- Mon Oct 6 10:49:23 CEST 2008 - rhafer@suse.de -- remove some problematic test-cases, that cause a lot of - unreproducable buildfailures +- remove some problematic test-cases, that cause a lot of + unreproducable buildfailures - check for exisitence of /etc/openldap/slapd.conf in init-script assume back-config usage if it isn't present (bnc#428168) @@ -1124,14 +1129,14 @@ Fri Sep 12 10:09:28 CEST 2008 - rhafer@suse.de ------------------------------------------------------------------- Tue Sep 9 17:22:18 CEST 2008 - rhafer@suse.de -- Removed getaddrinfo workaround. Recent glibc doesn't need it +- Removed getaddrinfo workaround. Recent glibc doesn't need it anymore (bnc#288879, ITS#5251) - Server requires libldap of the same version. ------------------------------------------------------------------- Mon Sep 8 16:07:47 CEST 2008 - rhafer@suse.de -- Import back-config support for deleting databases from CVS HEAD +- Import back-config support for deleting databases from CVS HEAD ------------------------------------------------------------------- Tue Sep 2 09:18:05 CEST 2008 - rhafer@suse.de @@ -1141,9 +1146,9 @@ Tue Sep 2 09:18:05 CEST 2008 - rhafer@suse.de ------------------------------------------------------------------- Thu Aug 28 11:46:08 CEST 2008 - rhafer@suse.de -- added ldapns.schema , to allow to use pam_ldap's "check_host_attr" +- added ldapns.schema , to allow to use pam_ldap's "check_host_attr" and "check_service_attr" features (bnc#419984) -- backport overlay_register_control fix from HEAD (bnc#420016, +- backport overlay_register_control fix from HEAD (bnc#420016, ITS#5649) ------------------------------------------------------------------- @@ -1160,14 +1165,14 @@ Mon Aug 18 11:00:13 CEST 2008 - rhafer@suse.de Wed Aug 13 17:25:25 CEST 2008 - ro@suse.de - try to fix build for buildservice - (BUILD_INCARNATION can be empty) + (BUILD_INCARNATION can be empty) ------------------------------------------------------------------- Mon Aug 11 11:06:08 CEST 2008 - rhafer@suse.de -- /usr/lib/sasl2/slapd.conf was moved to /etc/sasl2/slapd.conf +- /usr/lib/sasl2/slapd.conf was moved to /etc/sasl2/slapd.conf (bnc#412652) -- adjust ownerships of database directories even when using +- adjust ownerships of database directories even when using back-config ------------------------------------------------------------------- @@ -1226,13 +1231,13 @@ Tue Jun 24 11:08:00 CEST 2008 - rhafer@suse.de Wed Jun 11 13:03:29 CEST 2008 - rhafer@suse.de - Update to Version 2.4.10. Most important changes: - * Fixed libldap ld_defconn cleanup if it was freed (ITS#5518, + * Fixed libldap ld_defconn cleanup if it was freed (ITS#5518, ITS#5525) * Fixed libldap msgid handling (ITS#5318) * Fixed libldap t61 infinite loop (ITS#5542) * Fixed libldap_r missing stubs (ITS#5519) * Fixed slapd initialization of sr_msgid, rs->sr_tag (ITS#5461) - * Fixed slapd missing termination of integerFilter keys + * Fixed slapd missing termination of integerFilter keys (ITS#5503) * Fixed slapd multiple attrs in URI (ITS#5516) * Fixed slapd sasl_ssf retrieval (ITS#5403) @@ -1256,7 +1261,7 @@ Wed Jun 11 13:03:29 CEST 2008 - rhafer@suse.de ------------------------------------------------------------------- Fri May 16 13:24:11 CEST 2008 - rhafer@suse.de -- Support update from 2.3 releases (bnc#390247) +- Support update from 2.3 releases (bnc#390247) ------------------------------------------------------------------- Thu May 8 08:55:00 CEST 2008 - rhafer@suse.de @@ -1287,8 +1292,8 @@ Thu May 8 08:55:00 CEST 2008 - rhafer@suse.de * Fixed slapd-meta crash on search (ITS#5481) * Various syncrepl fixes (ITS#5407, ITS#5413, ITS#5426, ITS#5430, ITS#5432, ITS#5454, ITS#5397, ITS#5470) - * Various slapo-syncprov fixes (ITS#5401, ITS#5405, ITS#5418, - ITS#5486, ITS#5433, ITS#5434, ITS#5437, ITS#5444, ITS#5445, + * Various slapo-syncprov fixes (ITS#5401, ITS#5405, ITS#5418, + ITS#5486, ITS#5433, ITS#5434, ITS#5437, ITS#5444, ITS#5445, ITS#5484, ITS#5451) ------------------------------------------------------------------- @@ -1316,7 +1321,7 @@ Thu Apr 3 14:26:12 CEST 2008 - rhafer@suse.de Mon Mar 3 08:50:18 CET 2008 - rhafer@suse.de - revert last change and make libldap_r available again as some - packages seem to directly rely on libldap_r. Assume they know + packages seem to directly rely on libldap_r. Assume they know of the libldap_r's limitations. ------------------------------------------------------------------- @@ -1324,7 +1329,7 @@ Wed Feb 27 11:21:39 CET 2008 - rhafer@suse.de - Moved libldap_r from -client subpackage to the main server package as it is only meant to be used by slapd. -- Removed static libldap_r.a library and libldap_r.so link from +- Removed static libldap_r.a library and libldap_r.so link from -devel subpackage. External programs should only use the "normal" libldap library. @@ -1343,7 +1348,7 @@ Wed Feb 20 09:49:30 CET 2008 - rhafer@suse.de * Fixed slapd modrdn check for valid new DN (ITS#5344) * Fixed slapd multi-step SASL binds (ITS#5298) * Fixed slapd overlay ordering when moving to slapd.d (ITS#5284) - * Fixed slapd NULL printf (ITS#5264) + * Fixed slapd NULL printf (ITS#5264) * Fixed slapd NULL set values (ITS#5286) * Fixed slapd timestamp race condition (ITS#5370) * Fixed slapd cn=config crash on delete (ITS#5343) @@ -1367,12 +1372,12 @@ Wed Feb 20 09:49:30 CET 2008 - rhafer@suse.de ------------------------------------------------------------------- Thu Jan 10 15:06:12 CET 2008 - rhafer@suse.de -- Removed bogus debugging output from slapd_getaddrinfo_dupl.dif +- Removed bogus debugging output from slapd_getaddrinfo_dupl.dif ------------------------------------------------------------------- Wed Jan 9 13:29:33 CET 2008 - rhafer@suse.de -- Fixed allocation for paged results cookie (Bug #352255, ITS#5315) +- Fixed allocation for paged results cookie (Bug #352255, ITS#5315) ------------------------------------------------------------------- Fri Dec 14 13:53:33 CET 2007 - rhafer@suse.de @@ -1555,7 +1560,7 @@ Tue Mar 20 17:08:37 CET 2007 - rguenther@suse.de ------------------------------------------------------------------- Thu Mar 15 14:29:22 CET 2007 - rhafer@suse.de -- added Service definitions for SuSEfirewall2 (Bug #251654) +- added Service definitions for SuSEfirewall2 (Bug #251654) ------------------------------------------------------------------- Thu Feb 22 16:50:18 CET 2007 - rhafer@suse.de @@ -1567,12 +1572,12 @@ Thu Feb 22 16:50:18 CET 2007 - rhafer@suse.de * Fixed slapd libltdl link ordering (ITS#4830) * Fixed slapd syncrepl memory leaks (ITS#4805) * Fixed slapd dynacl/ACI compatibility with 2.1 - * Fixed slapd-bdb/hdb be_entry_get with aliases/referrals + * Fixed slapd-bdb/hdb be_entry_get with aliases/referrals (ITS#4810) * Fixed slapd-ldap more response handling bugs (ITS#4782) * Fixed slapd-ldap C-API code tests (ITS#4808) * Fixed slapd-monitor NULL printf (ITS#4811) - * Fixed slapo-chain spurious additional info in response + * Fixed slapo-chain spurious additional info in response (ITS#4828) * Fixed slapo-syncprov presence list (ITS#4813) * Fixed slapo-syncprov contextCSN checkpoint again (ITS#4720) @@ -1584,15 +1589,15 @@ Fri Jan 26 14:26:51 CET 2007 - rhafer@suse.de - Updated to Version 2.3.33. Most important changes: * Fixed slapd-ldap chase-referrals switch (ITS#4557) - * Fixed slapd-ldap bind behavior when idassert is always used + * Fixed slapd-ldap bind behavior when idassert is always used (ITS#4781) * Fixed slapd-ldap response handling bugs (ITS#4782) * Fixed slapd-ldap idassert mode=self anonymous ops (ITS#4798) - * Fixed slapd-ldap/meta privileged connections handling + * Fixed slapd-ldap/meta privileged connections handling (ITS#4791) * Fixed slapd-meta retrying (ITS#4594, 4762) * Fixed slapo-chain referral DN use (ITS#4776) - * Fixed slapo-dynlist dangling pointer after entry free + * Fixed slapo-dynlist dangling pointer after entry free (ITS#4801) * Fixed libldap ldap_pvt_put_filter syntax checks (ITS#4648) @@ -1606,7 +1611,7 @@ Fri Jan 12 11:04:22 CET 2007 - rhafer@suse.de * Fixed slapd connections_shutdown assert * Fixed slapd add redundant duplicate value check (ITS#4600) * Fixed slapd ACL set memleak (ITS#4780) - * Fixed slapd syncrepl shutdown hang (ITS#4790) + * Fixed slapd syncrepl shutdown hang (ITS#4790) ------------------------------------------------------------------- Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de @@ -1614,33 +1619,33 @@ Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de - Fix for a flaw in libldap's strval2strlen() function when processing the authcid string of certain Bind Requests, which could allow attackers to cause an affected application to crash (especially the OpenLDAP Server), - creating a denial of service condition (Bug#221154,ITS#4740) + creating a denial of service condition (Bug#221154,ITS#4740) ------------------------------------------------------------------- Tue Nov 14 16:18:34 CET 2006 - rhafer@suse.de -- Additional back-perl fixes from CVS. The first revision of the +- Additional back-perl fixes from CVS. The first revision of the patch did not fix the problem completely (Bug#207618, ITS#4751) ------------------------------------------------------------------- Fri Oct 27 16:46:43 CEST 2006 - rhafer@suse.de -- cyrus-sasl configuration moved from %{_libdir}/sasl2 to +- cyrus-sasl configuration moved from %{_libdir}/sasl2 to /etc/sasl2/ (Bug: #206414) ------------------------------------------------------------------- Wed Oct 4 15:56:11 CEST 2006 - rhafer@suse.de -- Add $network to Should-Start/Should-Stop in init scripts +- Add $network to Should-Start/Should-Stop in init scripts (Bug: #206823) -- Imported latest back-perl changes from CVS, to fix back-perl +- Imported latest back-perl changes from CVS, to fix back-perl initialization (Bug: #207618) ------------------------------------------------------------------- Tue Aug 22 16:27:25 CEST 2006 - rhafer@suse.de - Updated to Version 2.3.27 - * Fixed libldap dnssrv bug with "not present" positive statement + * Fixed libldap dnssrv bug with "not present" positive statement (ITS#4610) * Fixed libldap dangling pointer issue (ITS#4405) * Fixed slapd incorrect rebuilding of replica URI (ITS#4633) @@ -1671,7 +1676,7 @@ Wed Aug 2 11:08:23 CEST 2006 - rhafer@suse.de Mon Jun 26 16:36:16 CEST 2006 - rhafer@suse.de - Updated to Version 2.3.24 - * Fixed slapd syncrepl timestamp bug (delta-sync/cascade) + * Fixed slapd syncrepl timestamp bug (delta-sync/cascade) (ITS#4567) * Fixed slapd-bdb/hdb non-root users adding suffix/root entries (ITS#4552) @@ -1691,7 +1696,7 @@ Thu Jun 22 14:46:58 CEST 2006 - schwab@suse.de Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de - Updated to Version 2.3.23 - * obsoletes the patches: libldap_ads-sasl-gssapi.dif, + * obsoletes the patches: libldap_ads-sasl-gssapi.dif, slapd-epollerr.dif * Fixed slapd-ldap improper free bug (ITS#4550) * Fixed libldap referral input destroy issue (ITS#4533) @@ -1709,15 +1714,15 @@ Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de ------------------------------------------------------------------- Wed May 10 10:20:16 CEST 2006 - rhafer@suse.de -- Really apply the patch for Bug#160566 -- slapd could crash while processing queries with pre-/postread +- Really apply the patch for Bug#160566 +- slapd could crash while processing queries with pre-/postread controls (Bug#173877, ITS#4532) ------------------------------------------------------------------- Fri Mar 24 13:48:52 CET 2006 - rhafer@suse.de -- Backported fix from CVS for occasional crashes in referral - chasing code (as used in e.g. back-meta/back-ldap). +- Backported fix from CVS for occasional crashes in referral + chasing code (as used in e.g. back-meta/back-ldap). (Bug: #160566, ITS: #4448) ------------------------------------------------------------------- @@ -1729,7 +1734,7 @@ Mon Mar 13 16:23:32 CET 2006 - rhafer@suse.de ------------------------------------------------------------------- Fri Feb 17 12:58:13 CET 2006 - rhafer@suse.de -- Add "external" to the list of supported SASL mechanisms +- Add "external" to the list of supported SASL mechanisms (Bug: #151771) ------------------------------------------------------------------- @@ -1741,7 +1746,7 @@ Thu Feb 16 11:45:20 CET 2006 - rhafer@suse.de ------------------------------------------------------------------- Mon Feb 13 14:45:43 CET 2006 - rhafer@suse.de -- Don't ignore non-read/write epoll events (Bug: #149993, +- Don't ignore non-read/write epoll events (Bug: #149993, ITS: #4395) - Added update message to /usr/share/update-messages/en/ and enable it, when update did not succeed. @@ -1763,7 +1768,7 @@ Fri Feb 3 11:32:27 CET 2006 - rhafer@suse.de ------------------------------------------------------------------- Fri Jan 27 09:15:33 CET 2006 - rhafer@suse.de -- Updated to 2.3.19 (Bug #144371) +- Updated to 2.3.19 (Bug #144371) ------------------------------------------------------------------- Fri Jan 27 02:16:56 CET 2006 - mls@suse.de @@ -1773,8 +1778,8 @@ Fri Jan 27 02:16:56 CET 2006 - mls@suse.de ------------------------------------------------------------------- Wed Jan 25 18:17:51 CET 2006 - rhafer@suse.de -- Updated Admin Guide to latest version -- build slapcat from openldap-2.2.24 and install it to +- Updated Admin Guide to latest version +- build slapcat from openldap-2.2.24 and install it to /usr/sbin/openldap-2.2-slapcat to be able to migrate from OpenLDAP 2.2. - removed slapd-backbdb-dbupgrade which is no longer needed @@ -1799,24 +1804,24 @@ Wed Jan 11 10:13:52 CET 2006 - rhafer@suse.de ------------------------------------------------------------------- Mon Jan 9 11:48:10 CET 2006 - rhafer@suse.de -- Updated to 2.3.16 +- Updated to 2.3.16 ------------------------------------------------------------------- Mon Dec 19 13:55:35 CET 2005 - rhafer@suse.de -- Fixed filelist (slapd-hdb man-page was missing) +- Fixed filelist (slapd-hdb man-page was missing) ------------------------------------------------------------------- Fri Dec 9 10:04:28 CET 2005 - rhafer@suse.de -- Fixed build on x86_64 +- Fixed build on x86_64 ------------------------------------------------------------------- Wed Dec 7 10:48:57 CET 2005 - rhafer@suse.de -- Merged -back-ldap and -back-monitor subpackages into the main +- Merged -back-ldap and -back-monitor subpackages into the main package and don't build them as dynamic modules anymore. -- updated to OpenLDAP 2.3.13 +- updated to OpenLDAP 2.3.13 ------------------------------------------------------------------- Mon Nov 28 16:56:21 CET 2005 - rhafer@suse.de @@ -1837,7 +1842,7 @@ Mon Sep 26 09:51:11 CEST 2005 - rhafer@suse.de ------------------------------------------------------------------- Fri Sep 23 14:41:14 CEST 2005 - rhafer@suse.de -- updated to OpenLDAP 2.3.7 +- updated to OpenLDAP 2.3.7 ------------------------------------------------------------------- Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de @@ -1847,13 +1852,13 @@ Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de ------------------------------------------------------------------- Mon Jul 4 11:42:08 CEST 2005 - rhafer@suse.de -- devel-subpackage requires openldap2-client of the same version +- devel-subpackage requires openldap2-client of the same version (Bugzilla: #93579) ------------------------------------------------------------------- Thu Jun 30 17:55:22 CEST 2005 - uli@suse.de -- build with -fPIE (not -fpie) to avoid GOT overflow on s390* +- build with -fPIE (not -fpie) to avoid GOT overflow on s390* ------------------------------------------------------------------- Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de @@ -1863,12 +1868,12 @@ Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de ------------------------------------------------------------------- Wed Jun 15 16:43:25 CEST 2005 - rhafer@suse.de -- updated to 2.2.27 +- updated to 2.2.27 ------------------------------------------------------------------- Wed May 25 13:58:57 CEST 2005 - rhafer@suse.de -- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of +- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of gethostbyname in libldap. Should fix host lookups through nss_ldap (Bugzilla: #76173) @@ -1881,21 +1886,21 @@ Fri May 13 12:27:05 CEST 2005 - rhafer@suse.de ------------------------------------------------------------------- Thu Apr 28 09:42:30 CEST 2005 - rhafer@suse.de -- Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about +- Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about unconfigured OTP mechanism (Bugzilla: #80588) ------------------------------------------------------------------- Tue Apr 12 15:02:24 CEST 2005 - rhafer@suse.de -- added minimal timeout to startproc in init-script to let it - report the "failed" status correctly in case of misconfiguration +- added minimal timeout to startproc in init-script to let it + report the "failed" status correctly in case of misconfiguration (Bugzilla: #76393) ------------------------------------------------------------------- Mon Apr 4 16:41:32 CEST 2005 - rhafer@suse.de - crl-check.dif: Implements CRL checking on client and server side -- use different base ports for differnt values of BUILD_INCARNATION +- use different base ports for differnt values of BUILD_INCARNATION (/.buildenv) to allow parallel runs of the test-suite on a single machine @@ -1919,7 +1924,7 @@ Tue Mar 29 14:21:50 CEST 2005 - rhafer@suse.de Wed Mar 2 13:44:23 CET 2005 - rhafer@suse.de - syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928) -- libldap-reinit-fdset.dif: Re-init fd_sets when select is +- libldap-reinit-fdset.dif: Re-init fd_sets when select is interupted (Bugzilla #50076, ITS: #3524) ------------------------------------------------------------------- @@ -1931,7 +1936,7 @@ Thu Feb 17 14:28:02 CET 2005 - rhafer@suse.de ------------------------------------------------------------------- Tue Feb 1 14:30:13 CET 2005 - rhafer@suse.de -- Cleanup back-bdb databases in %post, db-4.3 changed the +- Cleanup back-bdb databases in %post, db-4.3 changed the transaction log format again. - cosmetic fixes in init script @@ -1969,7 +1974,7 @@ Fri Sep 24 17:55:10 CEST 2004 - ro@suse.de ------------------------------------------------------------------- Fri Sep 24 13:59:40 CEST 2004 - rhafer@suse.de -- Added pre_checkin.sh to generate a separate openldap2-client +- Added pre_checkin.sh to generate a separate openldap2-client spec-file from which the openldap2-client and openldap2-devel subpackages are built. Should reduce build time for libldap as the test-suite is only executed in openldap2.spec. @@ -1990,15 +1995,15 @@ Mon Aug 9 23:43:18 CEST 2004 - dobey@suse.de Tue Aug 3 14:48:25 CEST 2004 - rhafer@suse.de - updated to 2.2.16 -- Updated ACLs in slapd_conf.dif to disable default read access +- Updated ACLs in slapd_conf.dif to disable default read access to the "userPKCS12" Attribute -- rc-check-conn.diff: When starting slapd wait until is accepts +- rc-check-conn.diff: When starting slapd wait until is accepts connections, or 10 seconds at maximum (Bugzilla #41354) - Backported -o slp={on|off} feature from OpenLDAP Head and added new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able to switch SLP registration on and off. (Bugzilla #39865) - removed unneeded README.update - + ------------------------------------------------------------------- Fri Apr 30 16:46:50 CEST 2004 - rhafer@suse.de @@ -2017,22 +2022,22 @@ Thu Apr 29 15:13:31 CEST 2004 - coolo@suse.de ------------------------------------------------------------------- Mon Apr 19 12:13:41 CEST 2004 - rhafer@suse.de -- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and +- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and args-file (Bugzilla #38790) - ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059, Bugzilla #38915) -- modify_check_duplicates.dif: check for duplicate attribute +- modify_check_duplicates.dif: check for duplicate attribute values in modify requests (ITS #3066/#3097, Bugzilla #38607) -- updated and renamed yast2userconfig.schema to yast.schema as it +- updated and renamed yast2userconfig.schema to yast.schema as it contains more that only user configuration now - syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056) -- test_syncrepl_timeout: increased sleep timeout in syncrepl +- test_syncrepl_timeout: increased sleep timeout in syncrepl testsuite ------------------------------------------------------------------- Thu Apr 1 15:05:15 CEST 2004 - rhafer@suse.de -- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make +- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make START_TLS work without access to the CA Certificate. (Bugzilla: #37393) @@ -2065,7 +2070,7 @@ Tue Mar 16 16:15:49 CET 2004 - schwab@suse.de Tue Mar 2 19:50:18 CET 2004 - rhafer@suse.de - updated to 2.2.6 -- build a openldap-2.1-slapcat from 2.1.25 sources to be able to +- build a openldap-2.1-slapcat from 2.1.25 sources to be able to migrate from SLES8 and SL 9.0 ------------------------------------------------------------------- @@ -2076,8 +2081,8 @@ Thu Feb 19 17:25:12 CET 2004 - ro@suse.de ------------------------------------------------------------------- Thu Feb 5 17:38:52 CET 2004 - rhafer@suse.de -- updated to 2.2.5 -- adjusted rfc2307bis.schema to support UTF-8 values in most +- updated to 2.2.5 +- adjusted rfc2307bis.schema to support UTF-8 values in most attributes - enabled proxycache-overlay (wiht fix to work with back-ldbm) @@ -2102,7 +2107,7 @@ Mon Dec 8 16:46:03 CET 2003 - rhafer@suse.de ------------------------------------------------------------------- Tue Nov 11 15:20:05 CET 2003 - rhafer@suse.de -- enabled SLP-support +- enabled SLP-support ------------------------------------------------------------------- Fri Oct 17 22:14:24 CEST 2003 - kukuk@suse.de @@ -2150,23 +2155,23 @@ Tue Jul 1 15:42:03 CEST 2003 - rhafer@suse.de ------------------------------------------------------------------- Mon Jun 16 16:29:03 CEST 2003 - rhafer@suse.de -- updated to 2.1.21 +- updated to 2.1.21 ------------------------------------------------------------------- Wed Jun 11 17:08:11 CEST 2003 - ro@suse.de -- fixed requires lines +- fixed requires lines ------------------------------------------------------------------- Mon May 26 16:00:43 CEST 2003 - rhafer@suse.de -- don't link back-ldap against librewrite.a, it's already linked +- don't link back-ldap against librewrite.a, it's already linked into slapd (package should build on non-i386 Archs again) ------------------------------------------------------------------- Fri May 23 14:35:49 CEST 2003 - rhafer@suse.de -- fixed dynamic build of back-ldap +- fixed dynamic build of back-ldap - new subpackage back-ldap ------------------------------------------------------------------- @@ -2185,12 +2190,12 @@ Fri May 9 14:23:45 CEST 2003 - rhafer@suse.de ------------------------------------------------------------------- Wed Apr 16 00:34:31 CEST 2003 - ro@suse.de -- fixed requires for devel-package ... +- fixed requires for devel-package ... ------------------------------------------------------------------- Tue Apr 15 10:18:11 CEST 2003 - ro@suse.de -- fixed neededforbuild +- fixed neededforbuild ------------------------------------------------------------------- Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de @@ -2200,17 +2205,17 @@ Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de ------------------------------------------------------------------- Tue Feb 11 19:02:14 CET 2003 - rhafer@suse.de -- added /etc/openldap to filelist +- added /etc/openldap to filelist ------------------------------------------------------------------- Mon Feb 3 16:42:47 CET 2003 - rhafer@suse.de -- switch default backend to ldbm +- switch default backend to ldbm ------------------------------------------------------------------- Sun Feb 2 23:58:34 CET 2003 - ro@suse.de -- fixed requires for devel package (cyrus-sasl2-devel) +- fixed requires for devel package (cyrus-sasl2-devel) ------------------------------------------------------------------- Fri Jan 31 08:58:39 CET 2003 - rhafer@suse.de @@ -2246,7 +2251,7 @@ Fri Sep 6 11:11:07 CEST 2002 - rhafer@suse.de ------------------------------------------------------------------- Mon Sep 2 18:02:03 CEST 2002 - rhafer@suse.de -- removed damoenstart_ipv6.diff and disabled IPv6 support due to +- removed damoenstart_ipv6.diff and disabled IPv6 support due to massive problems with nss_ldap ------------------------------------------------------------------- @@ -2269,7 +2274,7 @@ Fri Aug 23 13:54:15 CEST 2002 - rhafer@suse.de ------------------------------------------------------------------- Thu Aug 15 15:56:09 CEST 2002 - rhafer@suse.de -- removed termcap and readline from neededforbuild +- removed termcap and readline from neededforbuild ------------------------------------------------------------------- Thu Aug 8 11:21:36 CEST 2002 - rhafer@suse.de @@ -2290,12 +2295,12 @@ Fri Jul 19 11:28:28 CEST 2002 - rhafer@suse.de ------------------------------------------------------------------- Fri Jul 5 13:26:17 CEST 2002 - kukuk@suse.de -- fix openldap2-devel requires +- fix openldap2-devel requires ------------------------------------------------------------------- Thu Jul 4 10:29:03 CEST 2002 - rhafer@suse.de -- switched back from cyrus-sasl2 to cyrus-sasl +- switched back from cyrus-sasl2 to cyrus-sasl ------------------------------------------------------------------- Wed Jul 3 13:30:23 CEST 2002 - rhafer@suse.de @@ -2318,19 +2323,19 @@ Wed Jun 5 18:25:51 CEST 2002 - rhafer@suse.de ------------------------------------------------------------------- Thu Mar 7 16:27:15 CET 2002 - rhafer@suse.de -- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel +- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel to the "Requires" Section of the -devel subpackage) ------------------------------------------------------------------- Mon Feb 18 13:06:10 CET 2002 - rhafer@suse.de -- updated to the latest STABLE release (2.0.23) which fixes some +- updated to the latest STABLE release (2.0.23) which fixes some nasty bugs see ITS #1562,#1582,#1577,#1578 ------------------------------------------------------------------- Thu Feb 7 14:13:25 CET 2002 - rhafer@suse.de -- updated to the latest release (which fixes a index corruption +- updated to the latest release (which fixes a index corruption bug) - cleanup in neededforbuild - small fixes for the init-scripts @@ -2348,17 +2353,17 @@ Wed Jan 16 18:36:12 CET 2002 - egmont@suselinux.hu ------------------------------------------------------------------- Tue Jan 15 15:31:09 CET 2002 - rhafer@suse.de -- updated to v2.0.20 (which fixes a security hole in ACL - processing) +- updated to v2.0.20 (which fixes a security hole in ACL + processing) ------------------------------------------------------------------- Fri Jan 11 15:54:51 CET 2002 - rhafer@suse.de - converted archive to bzip2 - makes use of %{_libdir} now -- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise +- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise the test suite fails on these archs -- changed slapd.conf to store the database under /var/lib/ldap +- changed slapd.conf to store the database under /var/lib/ldap (this patch was missing in the last versions by accident) ------------------------------------------------------------------- @@ -2419,7 +2424,7 @@ Mon Jul 2 10:52:22 CEST 2001 - choeger@suse.de ------------------------------------------------------------------- Tue Jun 19 16:18:54 CEST 2001 - ro@suse.de -- fixed for autoconf again +- fixed for autoconf again ------------------------------------------------------------------- Fri Jun 15 10:23:24 CEST 2001 - choeger@suse.de @@ -2495,12 +2500,12 @@ Thu Dec 7 15:01:53 CET 2000 - choeger@suse.de ------------------------------------------------------------------- Fri Dec 1 15:23:45 CET 2000 - ro@suse.de -- hacked configure for apparently broken pthread +- hacked configure for apparently broken pthread ------------------------------------------------------------------- Fri Dec 1 02:28:54 CET 2000 - ro@suse.de -- fixed spec +- fixed spec ------------------------------------------------------------------- Thu Nov 23 11:27:07 CET 2000 - choeger@suse.de diff --git a/openldap2.spec b/openldap2.spec index 32f5f3e..30ea2df 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -86,75 +86,75 @@ Lightweight Directory Access Protocol v3 (LDAPv3). The server provides several database backends and overlays. -%package -n openldap2-back-perl +%package back-perl Summary: OpenLDAP Perl Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version_main} Requires: perl = %{perl_version} -%description -n openldap2-back-perl +%description back-perl The OpenLDAP Perl back-end allows you to execute Perl code specific to different LDAP operations. -%package -n openldap2-back-sock +%package back-sock Summary: OpenLDAP Socket Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version_main} Provides: openldap2:/usr/share/man/man5/slapd-sock.5.gz -%description -n openldap2-back-sock +%description back-sock The OpenLDAP socket back-end allows you to handle LDAP requests and results with an external process listening on a Unix domain socket. -%package -n openldap2-back-meta +%package back-meta Summary: OpenLDAP Meta Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version_main} Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz -%description -n openldap2-back-meta +%description back-meta The OpenLDAP Meta back-end is able to perform basic LDAP proxying with respect to a set of remote LDAP servers. The information contained in these servers can be presented as belonging to a single Directory Information Tree (DIT). -%package -n openldap2-back-sql +%package back-sql Summary: OpenLDAP SQL Back-End Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version_main} -%description -n openldap2-back-sql +%description back-sql The primary purpose of this OpenLDAP backend is to present information stored in a Relational (SQL) Database as an LDAP subtree without the need to do any programming. -%package -n openldap2-contrib +%package contrib Summary: OpenLDAP Contrib Modules Group: Productivity/Networking/LDAP/Servers Requires: openldap2 = %{version_main} -%description -n openldap2-contrib +%description contrib Various overlays found in contrib/: -allop +allop allowed Generates attributes indicating access rights -autogroup -cloak -denyop +autogroup +cloak +denyop lastbind writes last bind timestamp to entry noopsrch handles no-op search control -nops +nops pw-sha2 generates/validates SHA-2 password hashes pw-pbkdf2 generates/validates PBKDF2 password hashes smbk5pwd generates Samba3 password hashes (heimdal krb disabled) -%package -n openldap2-doc +%package doc Summary: OpenLDAP Documentation Group: Documentation/Other Provides: openldap2:/usr/share/doc/packages/openldap2/drafts/README %if 0%{?suse_version} > 1110 BuildArch: noarch %endif -%description -n openldap2-doc +%description doc The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts. Authors: @@ -162,15 +162,15 @@ Authors: The OpenLDAP Project -%package -n openldap2-client +%package client Summary: OpenLDAP client utilities Group: Productivity/Networking/LDAP/Clients Requires: libldap-2_4-2 = %{version_main} -%description -n openldap2-client +%description client OpenLDAP client utilities such as ldapadd, ldapsearch, ldapmodify. -%package -n openldap2-devel +%package devel Summary: Libraries, Header Files and Documentation for OpenLDAP Group: Development/Libraries/C and C++ # bug437293 @@ -182,18 +182,18 @@ Conflicts: openldap-devel Requires: libldap-2_4-2 = %{version_main} Recommends: cyrus-sasl-devel -%description -n openldap2-devel +%description devel This package provides the OpenLDAP libraries, header files, and documentation. -%package -n openldap2-devel-static +%package devel-static Summary: Static libraries for the OpenLDAP libraries Group: Development/Libraries/C and C++ Requires: cyrus-sasl-devel Requires: libopenssl-devel Requires: openldap2-devel = %version -%description -n openldap2-devel-static +%description devel-static This package provides the static versions of the OpenLDAP libraries for development. @@ -471,22 +471,22 @@ fi %doc %{DOCDIR}/CHANGES %doc %{DOCDIR}/slapd.ldif.default -%files -n openldap2-back-perl +%files back-perl %defattr(-,root,root) %{_libdir}/openldap/back_perl* %doc %{_mandir}/man5/slapd-perl.* -%files -n openldap2-back-sock +%files back-sock %defattr(-,root,root) %{_libdir}/openldap/back_sock* %doc %{_mandir}/man5/slapd-sock.* -%files -n openldap2-back-meta +%files back-meta %defattr(-,root,root) %{_libdir}/openldap/back_meta* %doc %{_mandir}/man5/slapd-meta.* -%files -n openldap2-back-sql +%files back-sql %defattr(-,root,root) %{_libdir}/openldap/back_sql* %doc %{_mandir}/man5/slapd-sql.* @@ -494,14 +494,14 @@ fi %doc servers/slapd/back-sql/docs/bugs %doc servers/slapd/back-sql/docs/install -%files -n openldap2-doc +%files doc %defattr(-,root,root) %dir %{DOCDIR} %doc %{DOCDIR}/drafts %doc %{DOCDIR}/adminguide %doc %{DOCDIR}/images -%files -n openldap2-contrib +%files contrib %defattr(-,root,root) %{_libdir}/openldap/allowed.* %{_libdir}/openldap/allop.* @@ -515,7 +515,7 @@ fi %{_libdir}/openldap/cloak.* %{_libdir}/openldap/smbk5pwd.* -%files -n openldap2-client +%files client %defattr(-,root,root) %doc %{_mandir}/man1/ldap* %doc %{_mandir}/man5/ldif.* @@ -540,7 +540,7 @@ fi %{_libdir}/liblber*2.4.so.* %{_libdir}/libldap*2.4.so.* -%files -n openldap2-devel +%files devel %defattr(-,root,root) %doc %{_mandir}/man3/ber* %doc %{_mandir}/man3/lber* @@ -550,7 +550,7 @@ fi %{_libdir}/liblber.so %{_libdir}/libldap*.so -%files -n openldap2-devel-static +%files devel-static %defattr(-,root,root) %_libdir/liblber.a %_libdir/libldap*.a From 7ecd27d5886bb0c09b09d1128bb5ba1f15bf6d392fe5ade42b24fb2e3f0fecc6 Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Thu, 18 Feb 2016 15:54:30 +0000 Subject: [PATCH 2/4] - Build password strength enforcer as an implementation of ppolicy password checker, introducing: ppolicy-check-password-1.2.tar.gz ppolicy-check-password.Makefile ppolicy-check-password.conf ppolicy-check-password.5 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch (Implements fate#319461) OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=155 --- ...lculation-of-consecutive-number-of-c.patch | 130 +++++++++++++ openldap2.changes | 12 ++ openldap2.spec | 63 +++++- ppolicy-check-password-1.2.tar.gz | 3 + ppolicy-check-password.5 | 182 ++++++++++++++++++ ppolicy-check-password.Makefile | 43 +++++ ppolicy-check-password.conf | 7 + 7 files changed, 439 insertions(+), 1 deletion(-) create mode 100644 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch create mode 100644 ppolicy-check-password-1.2.tar.gz create mode 100644 ppolicy-check-password.5 create mode 100644 ppolicy-check-password.Makefile create mode 100644 ppolicy-check-password.conf diff --git a/0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch b/0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch new file mode 100644 index 0000000..be2a3df --- /dev/null +++ b/0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch @@ -0,0 +1,130 @@ +From b026c9236e6b11c158e69572a28eb0efb174234b Mon Sep 17 00:00:00 2001 +From: HouzuoGuo +Date: Wed, 17 Feb 2016 16:10:05 +0100 +Subject: [PATCH] Fix incorrect calculation of consecutive number of characters + in a class, when the input is shorter than 6 chars or consecutive chars + appear at the beginning of input + + +diff --git a/check_password.c b/check_password.c +index 0d9f901..acf8eda 100644 +--- a/check_password.c ++++ b/check_password.c +@@ -355,18 +355,7 @@ check_password (char *pPasswd, char **ppErrStr, Entry *pEntry) + int min_quality = DEFAULT_QUALITY; + int use_cracklib = DEFAULT_CRACKLIB; + +- /** bail out early as cracklib will reject passwords shorter +- * than 6 characters +- */ +- + nLen = strlen (pPasswd); +- if ( nLen < 6) { +- mem_len = realloc_error_message(&szErrStr, mem_len, +- strlen(PASSWORD_TOO_SHORT_SZ) + +- strlen(pEntry->e_name.bv_val) + 1); +- sprintf (szErrStr, PASSWORD_TOO_SHORT_SZ, pEntry->e_name.bv_val, nLen); +- goto fail; +- } + + if (read_config_file() == -1) { + syslog(LOG_ERR, "Warning: Could not read values from config file %s. Using defaults.", CONFIG_FILE); +@@ -392,46 +381,38 @@ check_password (char *pPasswd, char **ppErrStr, Entry *pEntry) + */ + + if ( max_consecutive_per_class != 0 ) { +- int consec_chars = 1; +- char type[10] = "unkown"; +- char prev_type[10] = "unknown"; ++ char prev_type = '\0'; ++ char this_type = ' '; ++ i = 0; ++ int consec_chars = 0; + for ( i = 0; i < nLen; i++ ) { +- + if ( islower(pPasswd[i]) ) { +- strncpy(type,"lower",10); ++ this_type = 'l'; + } + else if ( isupper(pPasswd[i]) ) { +- strncpy(type,"upper",10); ++ this_type = 'u'; + } + else if ( isdigit(pPasswd[i]) ) { +- strncpy(type,"digit",10); ++ this_type = 'd'; + } + else if ( ispunct(pPasswd[i]) ) { +- strncpy(type,"punct",10); ++ this_type = 'p'; + } + else { +- strncpy(type,"unknown",10); +- } +- +- if ( consec_chars > max_consecutive_per_class ) { +- mem_len = realloc_error_message(&szErrStr, mem_len, +- strlen(CONSEC_FAIL_SZ) + +- strlen(pEntry->e_name.bv_val)); +- sprintf (szErrStr, CONSEC_FAIL_SZ, pEntry->e_name.bv_val); +- goto fail; ++ this_type = ' '; + } +- +- if ( strncmp(type,prev_type,10) == 0 ) { +- consec_chars++; ++ if (this_type == prev_type) { ++ ++consec_chars; ++ } else if (i > 0) { ++ consec_chars = 0; + } +- else { +- if (strncmp("unknown",prev_type,8) != 0) { +- consec_chars = 1; +- } +- else { +- consec_chars++; +- } +- strncpy(prev_type,type,10); ++ prev_type = this_type; ++ if ( consec_chars >= max_consecutive_per_class ) { ++ mem_len = realloc_error_message(&szErrStr, mem_len, ++ strlen(CONSEC_FAIL_SZ) + ++ strlen(pEntry->e_name.bv_val)); ++ sprintf (szErrStr, CONSEC_FAIL_SZ, pEntry->e_name.bv_val); ++ goto fail; + } + } + } +diff --git a/check_password_test.c b/check_password_test.c +index 626d719..d33bd80 100644 +--- a/check_password_test.c ++++ b/check_password_test.c +@@ -90,7 +90,6 @@ void setconf( + } + + int main(void) { +- + // Empty Config, equiv to: + // 5,3,1,0,0,0,0 + setconf(-1,-1,-1,-1,-1,-1,-1); +@@ -109,5 +108,16 @@ int main(void) { + testpass("Test 2.1", "Simp1e", 1); + testpass("Test 2.2", "SimPle", 1); + testpass("Test 2.1", "Simp1e!", 0); ++ ++ setconf(1,0,0,0,0,0,0); ++ testpass("a", "Ab1,", 0); ++ testpass("a", "AAb1,", 1); ++ testpass("a", "Abb1,", 1); ++ ++ setconf(3,0,0,0,0,0,0); ++ testpass("a", "AAAbbb111,,,", 0); ++ testpass("a", "AAAAbbb111,,,,", 1); ++ testpass("a", "AAAbbbb111,,,", 1); ++ + return 0; + } +-- +2.7.1 + diff --git a/openldap2.changes b/openldap2.changes index 031cf0e..8feae47 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Feb 18 14:45:30 UTC 2016 - hguo@suse.com + +- Build password strength enforcer as an implementation of ppolicy + password checker, introducing: + ppolicy-check-password-1.2.tar.gz + ppolicy-check-password.Makefile + ppolicy-check-password.conf + ppolicy-check-password.5 + 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch + (Implements fate#319461) + ------------------------------------------------------------------- Thu Feb 18 12:18:13 UTC 2016 - lmuelle@suse.com diff --git a/openldap2.spec b/openldap2.spec index 30ea2df..ea15cec 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -25,6 +25,10 @@ %define _rundir /var/run/slapd %endif +%define name_ppolicy_check_module ppolicy-check-password +%define version_ppolicy_check_module 1.2 +%define ppolicy_docdir %{_docdir}/openldap-%{name_ppolicy_check_module}-%{version_ppolicy_check_module} + Name: openldap2 Summary: An open source implementation of the Lightweight Directory Access Protocol License: OLDAP-2.8 @@ -59,6 +63,12 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch Patch11: 0011-openldap-re24-its7796.patch +Source200: %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz +Source201: %{name_ppolicy_check_module}.Makefile +Source202: %{name_ppolicy_check_module}.conf +Source203: %{name_ppolicy_check_module}.5 +Patch200: 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cyrus-sasl-devel BuildRequires: db-devel @@ -204,7 +214,31 @@ Group: Productivity/Networking/LDAP/Clients %description -n libldap-2_4-2 This package contains the OpenLDAP client libraries. +%package ppolicy-check-password +Version: %{version_ppolicy_check_module} +Release: 0 +Summary: Password quality check module for OpenLDAP +Group: Productivity/Networking/LDAP/Servers +Url: https://github.com/onyxpoint/ppolicy-check-password +BuildRequires: cracklib-devel +Requires: openldap2 = %version_main +Recommends: cracklib cracklib-dict-full + +%description ppolicy-check-password +An implementation of password quality check module, based on the original +work done by LDAP Toolbox Project (https://ltd-project.org), that works +together with OpenLDAP password policy overlay (ppolicy), to enforce +password strength policies. + %prep +# Unpack ppolicy check module +%setup -b 200 -q -n %{name_ppolicy_check_module}-%{version_ppolicy_check_module} +%patch200 -p1 +cd .. +# Compress the manual page of ppolicy check module +gzip -k %{S:203} + +# Unpack and patch OpenLDAP 2.4 %setup -q -n openldap-%{version_main} %patch3 -p1 %patch5 -p1 @@ -216,6 +250,10 @@ This package contains the OpenLDAP client libraries. %patch11 -p1 cp %{SOURCE5} . +# Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/ +mv ../%{name_ppolicy_check_module}-%{version_ppolicy_check_module} contrib/slapd-modules/%{name_ppolicy_check_module} +cp %{S:201} contrib/slapd-modules/%{name_ppolicy_check_module}/Makefile + %build export CFLAGS="%{optflags} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES" export STRIP="" @@ -264,6 +302,9 @@ done # slapo-smbk5pwd only for Samba password hashes make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB="" +# Build ppolicy-check-password module +make -C contrib/slapd-modules/%{name_ppolicy_check_module} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" + %check %if %run_test_suite # calculate the base port to be use in the test-suite @@ -315,6 +356,18 @@ chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so* chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap.so* install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif +# Install ppolicy check module +make -C contrib/slapd-modules/ppolicy-check-password STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libexecdir}" install +install -m 0644 %{S:202} %{buildroot}%{_sysconfdir}/openldap/check_password.conf +# Install ppolicy check module's doc files +pushd contrib/slapd-modules/%{name_ppolicy_check_module} +mkdir -p "%{buildroot}%ppolicy_docdir" +install -m 0644 README "%{buildroot}%ppolicy_docdir" +install -m 0644 LICENSE "%{buildroot}%ppolicy_docdir" +popd +# Install ppolicy check module's manual page +install -m 0644 %{S:203}.gz %{buildroot}%{_mandir}/man5/ + mkdir -p ${RPM_BUILD_ROOT}/var/adm/fillup-templates install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.openldap install -m 644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_sysconfdir}/openldap/schema @@ -436,7 +489,8 @@ fi %{_libdir}/openldap/dynlist* %{_libdir}/openldap/memberof* %{_libdir}/openldap/pcache* -%{_libdir}/openldap/ppolicy* +%{_libdir}/openldap/ppolicy-2.4.* +%{_libdir}/openldap/ppolicy.* %{_libdir}/openldap/refint* %{_libdir}/openldap/retcode* %{_libdir}/openldap/rwm* @@ -555,4 +609,11 @@ fi %_libdir/liblber.a %_libdir/libldap*.a +%files ppolicy-check-password +%defattr(-,root,root) +%doc %{ppolicy_docdir}/ +%config(noreplace) /etc/openldap/check_password.conf +%{_libdir}/openldap/ppolicy-check-password.* +%{_mandir}/man5/ppolicy-check-password.* + %changelog diff --git a/ppolicy-check-password-1.2.tar.gz b/ppolicy-check-password-1.2.tar.gz new file mode 100644 index 0000000..529f122 --- /dev/null +++ b/ppolicy-check-password-1.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:840517adc7fa60cb45050ba203437e29458542d9d7f23e906520e0b2fca56fe9 +size 10354 diff --git a/ppolicy-check-password.5 b/ppolicy-check-password.5 new file mode 100644 index 0000000..e817350 --- /dev/null +++ b/ppolicy-check-password.5 @@ -0,0 +1,182 @@ +.\"/* +.\" * All rights reserved +.\" * Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +.\" * Authors: Howard Guo +.\" * +.\" * This program is free software; you can redistribute it and/or +.\" * modify it under the terms of the GNU General Public License +.\" * as published by the Free Software Foundation; either version 2 +.\" * of the License, or (at your option) any later version. +.\" * +.\" * This program is distributed in the hope that it will be useful, +.\" * but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" * GNU General Public License for more details. +.\" */ +.\" +.TH PPOLICY-CHECK-PASSWORD 5 "2016/02/18" "OpenLDAP password quality check" +.SH NAME +ppolicy\-check\-password \- Password quality checker for OpenLDAP ppolicy overlay +.SH SYNOPSIS +pwdCheckModule ppolicy-check-password.so +.SH DESCRIPTION +ppolicy\-check\-password is an implementation of password quality check module, it can be plugged into OpenLDAP +.BR slapo\-ppolicy (5) +overlay to enforce organisational password strength policies for password-change operations. + +.SH PREREQUISITES +In order to use the module, you should enable and configure +.BR slapo\-ppolicy (5) +overlay on the OpenLDAP server. You may use the following example to enable ppolicy overlay: +.HP 4 +Enable ppolicy overlay + +To enable ppolicy overlay on the server using static configuration file +.BR slapd.conf (5) +, first enable ppolicy schema by adding line: + +.br +include /etc/openldap/schema/ppolicy.schema + +and then append the following lines to the database definition in which password policy should be enforced: + +.br +overlay ppolicy +.br +ppolicy_default "cn=PolicyContainer,dc=my-domain,dc=com" + +Save slapd.conf and (re)start OpenLDAP server. + +If you use cn=config (online configuration) instead of static configuration file, add the schema /etc/openldap/schema/ppolicy.ldif to cn=schema,cn=config, then enable ppolicy overlay in olcDatabase. +.LP + +.HP 4 +Create ppolicy container entry + +The ppolicy container entry stores attributes that describe the password policy in detail, create the entry with + +.BR ldapadd (1) +: + +.br +dn: cn=PolicyContainer,dc=my-domain,dc=com +.br +cn: PolicyContainer +.br +objectClass: pwdPolicy +.br +objectClass: person +.br +objectClass: top +.br +pwdAllowUserChange: TRUE +.br +pwdAttribute: userPassword +.br +pwdCheckQuality: 2 +.br +pwdExpireWarning: 600 +.br +pwdFailureCountInterval: +.br +pwdGraceAuthNLimit: 5 +.br +pwdInHistory: 5 +.br +pwdLockout: TRUE +.br +pwdLockoutDuration: 0 +.br +pwdMaxAge: 0 +.br +pwdMaxFailure: +.br +pwdMinAge: 0 +.br +pwdMinLength: 5 +.br +pwdMustChange: FALSE +.br +pwdSafeModify: FALSE +.br +sn: dummy value +.br + +The password policy becomes effective immediately, there is no need to restart OpenLDAP server. +.LP + +.HP 4 +Enable ppolicy-check-password.so module + +Modify the ppolicy container entry with +.BR ldapmodify (1) +: + +.br +dn: cn=PolicyContainer,dc=my-domain,dc=com +.br +changeType: modify +.br +add: objectClass +.br +objectClass: pwdPolicyChecker +.br +\- +.br +add: pwdCheckModule +.br +pwdCheckModule: ppolicy-check-password.so + +The password check module becomes effective immediately, there is no need to restart OpenLDAP server. +.LP + +.SH CONFIGURATION + +The password check module reads configuration parameters from +.B /etc/openldap/check_password.conf + +Edits made to the configuration file become effective immediately, there is no need to restart OpenLDAP server. + +List of parameters: +.TP +.BI use_cracklib \ 1|0 +CrackLib is a library for checking that a password is not easily crackable, making sure that the password is not based on simple patterns or dictionary words. If the parameter is set to 1, cracklib will be involved and new passwords must pass cracklib quality check in addition to all other policies such as min_points +.TP +.BI min_points \ +The parameter holds an integer value in between 0 and 4. The value denotes "quality points" that a password must acquire in order to pass the check. Usage of each character class awards one quality point. If the parameeter is set to 0, the check is disabled. + +The character classes are: upper case letters, lower case letters, numeric digits, punctuations. +.TP +.BI min_upper \ +The minimal number of upper case characters a password must contain. If the parameter is set to 0, the check is disabled. +.TP +.BI min_lower \ +The minimal number of lower case characters a password must contain. If the parameter is set to 0, the check is disabled. +.TP +.BI min_digit \ +The minimal number of numeric digit characters a password must contain. If the parameter is set to 0, the check is disabled. +.TP +.BI min_punct \ +The minimal number of punctuation characters a password must contain. If the parameter is set to 0, the check is disabled. +.TP +.BI max_consecutive_per_class \ +The maximum number of characters from each character class that may appear consecutively. If the parameter is set to 0, the check is disabled. + +.SH USAGE +After the module is enabled, the OpenLDAP server will invoke the password checker module on every user password change, the new user password must pass all quality checks before it is accepted. If the new password does not pass quality checks, the detailed reason will be logged on the OpenLDAP server, and the client will receive a Constraint Violation and a generic error message "Password fails quality checking policy" \- the lack of details is by design. + +If the password change is carried out by RootDN, password checker module will not enforce the quality checks, and any password is acceptable. + +.SH FILES +.TP +/etc/openldap/check_password.conf +Define the password strength policy. +.SH SEE ALSO +.BR slapd.conf (5), +.BR slapd\-config (5), +.BR slapd (8), +.BR slapo\-ppolicy (5) + +.SH ACKNOWLEDGEMENTS +.P +The module was originally authored by LTB-project (ltb\-project.org), and further maintained by Onyx Point (onyxpoint.com). diff --git a/ppolicy-check-password.Makefile b/ppolicy-check-password.Makefile new file mode 100644 index 0000000..afdfd3f --- /dev/null +++ b/ppolicy-check-password.Makefile @@ -0,0 +1,43 @@ +LDAP_SRC = ../../.. +LDAP_BUILD = $(LDAP_SRC) +LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd +LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ + $(LDAP_BUILD)/libraries/liblber/liblber.la + +LIBTOOL = $(LDAP_BUILD)/libtool +CC = gcc +OPT = -g -O2 -Wall -fpic -DHAVE_CRACKLIB -DCRACKLIB_DICTPATH="\"/usr/share/cracklib/pw_dict\"" -DCONFIG_FILE="\"/etc/openldap/check_password.conf\"" -lcrack +INCS = $(LDAP_INC) +LIBS = $(LDAP_LIB) + +PROGRAMS = ppolicy-check-password.la +LTVER = 0:0:0 + +prefix=/usr/local +exec_prefix=$(prefix) +ldap_subdir=/openldap + +libdir=$(exec_prefix)/lib64 +libexecdir=$(exec_prefix)/libexec +moduledir=$(libdir)$(ldap_subdir) + +.SUFFIXES: .c .o .lo + +.c.lo: + $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< + +all: $(PROGRAMS) + +ppolicy-check-password.la: check_password.lo + $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + +clean: + rm -rf *.o *.lo *.la .libs + +install: $(PROGRAMS) + mkdir -p $(DESTDIR)$(moduledir) + for p in $(PROGRAMS) ; do \ + $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \ + done + diff --git a/ppolicy-check-password.conf b/ppolicy-check-password.conf new file mode 100644 index 0000000..26786c5 --- /dev/null +++ b/ppolicy-check-password.conf @@ -0,0 +1,7 @@ +use_cracklib 1 +min_points 3 +min_upper 0 +min_lower 0 +min_digit 0 +min_punct 0 +max_consecutive_per_class 5 From b3d4825a3298e69b0b691fa7260b6bf9d4267b01531f2d0a80b2333a8f0a2abf Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Tue, 23 Feb 2016 09:47:44 +0000 Subject: [PATCH 3/4] Accepting request 360818 from home:jengelh:branches:network:ldap with recommends and new name OBS-URL: https://build.opensuse.org/request/show/360818 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=156 --- openldap2.changes | 6 ++++++ openldap2.spec | 24 +++++++++++++++++++++--- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index 8feae47..fa4a511 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sun Feb 21 23:04:38 UTC 2016 - jengelh@inai.de + +- Move ldap.conf out of shlib package again, they are not allowed + there for obvious reasons (conflict with future package). + ------------------------------------------------------------------- Thu Feb 18 14:45:30 UTC 2016 - hguo@suse.com diff --git a/openldap2.spec b/openldap2.spec index ea15cec..6d538fb 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -138,6 +138,20 @@ The primary purpose of this OpenLDAP backend is to present information stored in a Relational (SQL) Database as an LDAP subtree without the need to do any programming. +%package client-config +Summary: Example configuration skeleton for libldap +Group: Productivity/Networking/LDAP +%if 0%{?suse_version} != 1110 +BuildArch: noarch +%endif + +%description client-config +This subpackage contains an example configuration file for libldap. +You can write your own configuration file (which is short in any +case) without needing this package; conversely, if you install this, +rpm may create and nag you with /etc/openldap/ldap.conf.rpmnew files +whenever the template happens to get changed. + %package contrib Summary: OpenLDAP Contrib Modules Group: Productivity/Networking/LDAP/Servers @@ -210,6 +224,7 @@ for development. %package -n libldap-2_4-2 Summary: OpenLDAP Client Libraries Group: Productivity/Networking/LDAP/Clients +Recommends: openldap2-client-config %description -n libldap-2_4-2 This package contains the OpenLDAP client libraries. @@ -548,6 +563,12 @@ fi %doc servers/slapd/back-sql/docs/bugs %doc servers/slapd/back-sql/docs/install +%files client-config +%defattr(-,root,root) +%config(noreplace) %{_sysconfdir}/openldap/ldap.conf +%doc %{_mandir}/man5/ldap.conf* +%{_sysconfdir}/openldap/ldap.conf.default + %files doc %defattr(-,root,root) %dir %{DOCDIR} @@ -588,9 +609,6 @@ fi %files -n libldap-2_4-2 %defattr(-,root,root) -%config(noreplace) %{_sysconfdir}/openldap/ldap.conf -%doc %{_mandir}/man5/ldap.conf* -%{_sysconfdir}/openldap/ldap.conf.default %{_libdir}/liblber*2.4.so.* %{_libdir}/libldap*2.4.so.* From 91dfaea86ed10736d5c583bc0efa9c113813c8364402f07d60ac7fe40351958b Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Thu, 25 Feb 2016 12:10:13 +0000 Subject: [PATCH 4/4] - Move ldap.conf into libldap-data package, per convention. OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=157 --- openldap2.changes | 5 +++++ openldap2.spec | 17 +++++++---------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index fa4a511..cfdbf1a 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 25 11:06:12 UTC 2016 - hguo@suse.com + +- Move ldap.conf into libldap-data package, per convention. + ------------------------------------------------------------------- Sun Feb 21 23:04:38 UTC 2016 - jengelh@inai.de diff --git a/openldap2.spec b/openldap2.spec index 6d538fb..e291383 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -138,19 +138,16 @@ The primary purpose of this OpenLDAP backend is to present information stored in a Relational (SQL) Database as an LDAP subtree without the need to do any programming. -%package client-config -Summary: Example configuration skeleton for libldap +%package -n libldap-data +Summary: Configuration file for system-wide defaults for all usages of libldap. Group: Productivity/Networking/LDAP %if 0%{?suse_version} != 1110 BuildArch: noarch %endif -%description client-config -This subpackage contains an example configuration file for libldap. -You can write your own configuration file (which is short in any -case) without needing this package; conversely, if you install this, -rpm may create and nag you with /etc/openldap/ldap.conf.rpmnew files -whenever the template happens to get changed. +%description -n libldap-data +The subpackage contains a configuration file used to set system-wide defaults +to be applied with all usages of libldap. %package contrib Summary: OpenLDAP Contrib Modules @@ -224,7 +221,7 @@ for development. %package -n libldap-2_4-2 Summary: OpenLDAP Client Libraries Group: Productivity/Networking/LDAP/Clients -Recommends: openldap2-client-config +Recommends: libldap-data >= %{version_main} %description -n libldap-2_4-2 This package contains the OpenLDAP client libraries. @@ -563,7 +560,7 @@ fi %doc servers/slapd/back-sql/docs/bugs %doc servers/slapd/back-sql/docs/install -%files client-config +%files -n libldap-data %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap.conf %doc %{_mandir}/man5/ldap.conf*