forked from pool/openldap2
Accepting request 358048 from home:stroeder:branches:network:ldap
update to 2.4.44 (successfully tested on Tumbleweed x86_64) OBS-URL: https://build.opensuse.org/request/show/358048 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=150
This commit is contained in:
parent
d3fab28acb
commit
f74d513b91
@ -1,63 +1,38 @@
|
||||
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
|
||||
index 4938b85..b9bec75 100644
|
||||
index b225fe5..e22e7f2 100644
|
||||
--- a/servers/slapd/slapd.conf
|
||||
+++ b/servers/slapd/slapd.conf
|
||||
@@ -2,7 +2,11 @@
|
||||
# See slapd.conf(5) for details on configuration options.
|
||||
@@ -3,6 +3,10 @@
|
||||
# This file should NOT be world readable.
|
||||
#
|
||||
-include %SYSCONFDIR%/schema/core.schema
|
||||
+include /etc/openldap/schema/core.schema
|
||||
+include /etc/openldap/schema/cosine.schema
|
||||
+include /etc/openldap/schema/inetorgperson.schema
|
||||
+include /etc/openldap/schema/rfc2307bis.schema
|
||||
+include /etc/openldap/schema/yast.schema
|
||||
include %SYSCONFDIR%/schema/core.schema
|
||||
+include %SYSCONFDIR%/schema/cosine.schema
|
||||
+include %SYSCONFDIR%/schema/inetorgperson.schema
|
||||
+include %SYSCONFDIR%/schema/rfc2307bis.schema
|
||||
+include %SYSCONFDIR%/schema/yast.schema
|
||||
|
||||
# Define global ACLs to disable default read access.
|
||||
|
||||
@@ -10,13 +14,13 @@ include %SYSCONFDIR%/schema/core.schema
|
||||
@@ -10,12 +14,12 @@ include %SYSCONFDIR%/schema/core.schema
|
||||
# service AND an understanding of referrals.
|
||||
#referral ldap://root.openldap.org
|
||||
|
||||
-pidfile %LOCALSTATEDIR%/run/slapd.pid
|
||||
-argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||
+pidfile /run/slapd/slapd.pid
|
||||
+argsfile /run/slapd/slapd.args
|
||||
+pidfile %LOCALSTATEDIR%/slapd.pid
|
||||
+argsfile %LOCALSTATEDIR%/slapd.args
|
||||
|
||||
# Load dynamic backend modules:
|
||||
-# modulepath %MODULEDIR%
|
||||
+# modulepath /usr/lib/openldap
|
||||
# moduleload back_bdb.la
|
||||
-# moduleload back_hdb.la
|
||||
+moduleload back_hdb.la
|
||||
# modulepath %MODULEDIR%
|
||||
-# moduleload back_mdb.la
|
||||
+moduleload back_mdb.la
|
||||
# moduleload back_ldap.la
|
||||
|
||||
# Sample security restrictions
|
||||
@@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||
# security ssf=1 update_ssf=112 simple_bind=64
|
||||
@@ -45,6 +49,23 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||
#
|
||||
# rootdn can always read and write EVERYTHING!
|
||||
|
||||
# Sample access control policy:
|
||||
-# Root DSE: allow anyone to read it
|
||||
-# Subschema (sub)entry DSE: allow anyone to read it
|
||||
-# Other DSEs:
|
||||
-# Allow self write access
|
||||
-# Allow authenticated users read access
|
||||
-# Allow anonymous users to authenticate
|
||||
-# Directives needed to implement policy:
|
||||
-# access to dn.base="" by * read
|
||||
-# access to dn.base="cn=Subschema" by * read
|
||||
-# access to *
|
||||
-# by self write
|
||||
-# by users read
|
||||
-# by anonymous auth
|
||||
-#
|
||||
+# Root DSE: allow anyone to read it
|
||||
+# Subschema (sub)entry DSE: allow anyone to read it
|
||||
+# Other DSEs:
|
||||
+# Allow self write access to user password
|
||||
+# Allow anonymous users to authenticate
|
||||
+# Allow read access to everything else
|
||||
+# Directives needed to implement policy:
|
||||
+access to dn.base=""
|
||||
+ by * read
|
||||
+
|
||||
@ -75,22 +50,10 @@ index 4938b85..b9bec75 100644
|
||||
+access to *
|
||||
+ by * read
|
||||
+
|
||||
# if no access controls are present, the default policy
|
||||
# allows anyone and everyone to read anything but restricts
|
||||
# updates to rootdn. (e.g., "access to * by * read")
|
||||
@@ -50,8 +64,10 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||
# BDB database definitions
|
||||
#######################################################################
|
||||
|
||||
-database bdb
|
||||
+database hdb
|
||||
suffix "dc=my-domain,dc=com"
|
||||
+checkpoint 1024 5
|
||||
+cachesize 10000
|
||||
rootdn "cn=Manager,dc=my-domain,dc=com"
|
||||
# Cleartext passwords, especially for the rootdn, should
|
||||
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
|
||||
@@ -60,6 +76,6 @@ rootpw secret
|
||||
# MDB database definitions
|
||||
#######################################################################
|
||||
@@ -60,6 +81,6 @@ rootpw secret
|
||||
# The database directory MUST exist prior to running slapd AND
|
||||
# should only be accessible by the slapd and slap tools.
|
||||
# Mode 700 recommended.
|
||||
|
@ -1,25 +0,0 @@
|
||||
From fd7bfbc0df0ade534bea84914d385ecf2a73f678 Mon Sep 17 00:00:00 2001
|
||||
From: Howard Chu <hyc@openldap.org>
|
||||
Date: Tue, 8 Dec 2015 18:17:24 +0000
|
||||
Subject: ITS#8336 fix page_search_root assert on FreeDB
|
||||
|
||||
Let "illegal" branch pages thru on the FreeDB - the condition
|
||||
is only temporary and will be fixed by the time rebalance finishes.
|
||||
|
||||
diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
|
||||
index fa0c9e5..a624cba 100644
|
||||
--- a/libraries/liblmdb/mdb.c
|
||||
+++ b/libraries/liblmdb/mdb.c
|
||||
@@ -5279,7 +5279,11 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int flags)
|
||||
indx_t i;
|
||||
|
||||
DPRINTF(("branch page %"Z"u has %u keys", mp->mp_pgno, NUMKEYS(mp)));
|
||||
- mdb_cassert(mc, NUMKEYS(mp) > 1);
|
||||
+ /* Don't assert on branch pages in the FreeDB. We can get here
|
||||
+ * while in the process of rebalancing a FreeDB branch page; we must
|
||||
+ * let that proceed. ITS#8336
|
||||
+ */
|
||||
+ mdb_cassert(mc, !mc->mc_dbi || NUMKEYS(mp) > 1);
|
||||
DPRINTF(("found index 0 to page %"Z"u", NODEPGNO(NODEPTR(mp, 0))));
|
||||
|
||||
if (flags & (MDB_PS_FIRST|MDB_PS_LAST)) {
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:34d78e5598a2b0360d26a9050fcdbbe198c65493b013bb607839d5598b6978c8
|
||||
size 5654057
|
3
openldap-2.4.44.tgz
Normal file
3
openldap-2.4.44.tgz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400
|
||||
size 5658830
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com
|
||||
|
||||
- Upgrade to upstream 2.4.44 release with accumulated bug fixes.
|
||||
- Specify source with FTP URL
|
||||
- Removed obsolete 0012-openldap-re24-its8336.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
%define run_test_suite 0
|
||||
%define version_main 2.4.43
|
||||
%define version_main 2.4.44
|
||||
|
||||
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
||||
%define _rundir /run/slapd
|
||||
@ -32,7 +32,7 @@ Group: Productivity/Networking/LDAP/Clients
|
||||
Version: %{version_main}
|
||||
Release: 0
|
||||
Url: http://www.openldap.org
|
||||
Source: openldap-%{version_main}.tgz
|
||||
Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
|
||||
Source3: DB_CONFIG
|
||||
Source4: sasl-slapd.conf
|
||||
Source5: README.module-loading
|
||||
@ -55,7 +55,6 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
|
||||
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
||||
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
||||
Patch11: 0011-openldap-re24-its7796.patch
|
||||
Patch12: 0012-openldap-re24-its8336.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: groff
|
||||
@ -219,7 +218,6 @@ This package contains the OpenLDAP client libraries.
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
cp %{SOURCE5} .
|
||||
|
||||
%build
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com
|
||||
|
||||
- Upgrade to upstream 2.4.44 release with accumulated bug fixes.
|
||||
- Specify source with FTP URL
|
||||
- Removed obsolete 0012-openldap-re24-its8336.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
%define run_test_suite 0
|
||||
%define version_main 2.4.43
|
||||
%define version_main 2.4.44
|
||||
|
||||
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
||||
%define _rundir /run/slapd
|
||||
@ -32,7 +32,7 @@ Group: Productivity/Networking/LDAP/Clients
|
||||
Version: %{version_main}
|
||||
Release: 0
|
||||
Url: http://www.openldap.org
|
||||
Source: openldap-%{version_main}.tgz
|
||||
Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
|
||||
Source3: DB_CONFIG
|
||||
Source4: sasl-slapd.conf
|
||||
Source5: README.module-loading
|
||||
@ -55,7 +55,6 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
|
||||
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
||||
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
||||
Patch11: 0011-openldap-re24-its7796.patch
|
||||
Patch12: 0012-openldap-re24-its8336.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: groff
|
||||
@ -219,7 +218,6 @@ This package contains the OpenLDAP client libraries.
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
cp %{SOURCE5} .
|
||||
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user