forked from pool/openldap2
Accepting request 358048 from home:stroeder:branches:network:ldap
update to 2.4.44 (successfully tested on Tumbleweed x86_64) OBS-URL: https://build.opensuse.org/request/show/358048 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=150
This commit is contained in:
parent
d3fab28acb
commit
f74d513b91
@ -1,63 +1,38 @@
|
|||||||
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
|
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
|
||||||
index 4938b85..b9bec75 100644
|
index b225fe5..e22e7f2 100644
|
||||||
--- a/servers/slapd/slapd.conf
|
--- a/servers/slapd/slapd.conf
|
||||||
+++ b/servers/slapd/slapd.conf
|
+++ b/servers/slapd/slapd.conf
|
||||||
@@ -2,7 +2,11 @@
|
@@ -3,6 +3,10 @@
|
||||||
# See slapd.conf(5) for details on configuration options.
|
|
||||||
# This file should NOT be world readable.
|
# This file should NOT be world readable.
|
||||||
#
|
#
|
||||||
-include %SYSCONFDIR%/schema/core.schema
|
include %SYSCONFDIR%/schema/core.schema
|
||||||
+include /etc/openldap/schema/core.schema
|
+include %SYSCONFDIR%/schema/cosine.schema
|
||||||
+include /etc/openldap/schema/cosine.schema
|
+include %SYSCONFDIR%/schema/inetorgperson.schema
|
||||||
+include /etc/openldap/schema/inetorgperson.schema
|
+include %SYSCONFDIR%/schema/rfc2307bis.schema
|
||||||
+include /etc/openldap/schema/rfc2307bis.schema
|
+include %SYSCONFDIR%/schema/yast.schema
|
||||||
+include /etc/openldap/schema/yast.schema
|
|
||||||
|
|
||||||
# Define global ACLs to disable default read access.
|
# Define global ACLs to disable default read access.
|
||||||
|
|
||||||
@@ -10,13 +14,13 @@ include %SYSCONFDIR%/schema/core.schema
|
@@ -10,12 +14,12 @@ include %SYSCONFDIR%/schema/core.schema
|
||||||
# service AND an understanding of referrals.
|
# service AND an understanding of referrals.
|
||||||
#referral ldap://root.openldap.org
|
#referral ldap://root.openldap.org
|
||||||
|
|
||||||
-pidfile %LOCALSTATEDIR%/run/slapd.pid
|
-pidfile %LOCALSTATEDIR%/run/slapd.pid
|
||||||
-argsfile %LOCALSTATEDIR%/run/slapd.args
|
-argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||||
+pidfile /run/slapd/slapd.pid
|
+pidfile %LOCALSTATEDIR%/slapd.pid
|
||||||
+argsfile /run/slapd/slapd.args
|
+argsfile %LOCALSTATEDIR%/slapd.args
|
||||||
|
|
||||||
# Load dynamic backend modules:
|
# Load dynamic backend modules:
|
||||||
-# modulepath %MODULEDIR%
|
# modulepath %MODULEDIR%
|
||||||
+# modulepath /usr/lib/openldap
|
-# moduleload back_mdb.la
|
||||||
# moduleload back_bdb.la
|
+moduleload back_mdb.la
|
||||||
-# moduleload back_hdb.la
|
|
||||||
+moduleload back_hdb.la
|
|
||||||
# moduleload back_ldap.la
|
# moduleload back_ldap.la
|
||||||
|
|
||||||
# Sample security restrictions
|
# Sample security restrictions
|
||||||
@@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
|
@@ -45,6 +49,23 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
|
||||||
# security ssf=1 update_ssf=112 simple_bind=64
|
#
|
||||||
|
# rootdn can always read and write EVERYTHING!
|
||||||
|
|
||||||
# Sample access control policy:
|
|
||||||
-# Root DSE: allow anyone to read it
|
|
||||||
-# Subschema (sub)entry DSE: allow anyone to read it
|
|
||||||
-# Other DSEs:
|
|
||||||
-# Allow self write access
|
|
||||||
-# Allow authenticated users read access
|
|
||||||
-# Allow anonymous users to authenticate
|
|
||||||
-# Directives needed to implement policy:
|
|
||||||
-# access to dn.base="" by * read
|
|
||||||
-# access to dn.base="cn=Subschema" by * read
|
|
||||||
-# access to *
|
|
||||||
-# by self write
|
|
||||||
-# by users read
|
|
||||||
-# by anonymous auth
|
|
||||||
-#
|
|
||||||
+# Root DSE: allow anyone to read it
|
|
||||||
+# Subschema (sub)entry DSE: allow anyone to read it
|
|
||||||
+# Other DSEs:
|
|
||||||
+# Allow self write access to user password
|
|
||||||
+# Allow anonymous users to authenticate
|
|
||||||
+# Allow read access to everything else
|
|
||||||
+# Directives needed to implement policy:
|
|
||||||
+access to dn.base=""
|
+access to dn.base=""
|
||||||
+ by * read
|
+ by * read
|
||||||
+
|
+
|
||||||
@ -75,22 +50,10 @@ index 4938b85..b9bec75 100644
|
|||||||
+access to *
|
+access to *
|
||||||
+ by * read
|
+ by * read
|
||||||
+
|
+
|
||||||
# if no access controls are present, the default policy
|
|
||||||
# allows anyone and everyone to read anything but restricts
|
|
||||||
# updates to rootdn. (e.g., "access to * by * read")
|
|
||||||
@@ -50,8 +64,10 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
|
|
||||||
# BDB database definitions
|
|
||||||
#######################################################################
|
#######################################################################
|
||||||
|
# MDB database definitions
|
||||||
-database bdb
|
#######################################################################
|
||||||
+database hdb
|
@@ -60,6 +81,6 @@ rootpw secret
|
||||||
suffix "dc=my-domain,dc=com"
|
|
||||||
+checkpoint 1024 5
|
|
||||||
+cachesize 10000
|
|
||||||
rootdn "cn=Manager,dc=my-domain,dc=com"
|
|
||||||
# Cleartext passwords, especially for the rootdn, should
|
|
||||||
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
|
|
||||||
@@ -60,6 +76,6 @@ rootpw secret
|
|
||||||
# The database directory MUST exist prior to running slapd AND
|
# The database directory MUST exist prior to running slapd AND
|
||||||
# should only be accessible by the slapd and slap tools.
|
# should only be accessible by the slapd and slap tools.
|
||||||
# Mode 700 recommended.
|
# Mode 700 recommended.
|
||||||
|
@ -1,25 +0,0 @@
|
|||||||
From fd7bfbc0df0ade534bea84914d385ecf2a73f678 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Howard Chu <hyc@openldap.org>
|
|
||||||
Date: Tue, 8 Dec 2015 18:17:24 +0000
|
|
||||||
Subject: ITS#8336 fix page_search_root assert on FreeDB
|
|
||||||
|
|
||||||
Let "illegal" branch pages thru on the FreeDB - the condition
|
|
||||||
is only temporary and will be fixed by the time rebalance finishes.
|
|
||||||
|
|
||||||
diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
|
|
||||||
index fa0c9e5..a624cba 100644
|
|
||||||
--- a/libraries/liblmdb/mdb.c
|
|
||||||
+++ b/libraries/liblmdb/mdb.c
|
|
||||||
@@ -5279,7 +5279,11 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int flags)
|
|
||||||
indx_t i;
|
|
||||||
|
|
||||||
DPRINTF(("branch page %"Z"u has %u keys", mp->mp_pgno, NUMKEYS(mp)));
|
|
||||||
- mdb_cassert(mc, NUMKEYS(mp) > 1);
|
|
||||||
+ /* Don't assert on branch pages in the FreeDB. We can get here
|
|
||||||
+ * while in the process of rebalancing a FreeDB branch page; we must
|
|
||||||
+ * let that proceed. ITS#8336
|
|
||||||
+ */
|
|
||||||
+ mdb_cassert(mc, !mc->mc_dbi || NUMKEYS(mp) > 1);
|
|
||||||
DPRINTF(("found index 0 to page %"Z"u", NODEPGNO(NODEPTR(mp, 0))));
|
|
||||||
|
|
||||||
if (flags & (MDB_PS_FIRST|MDB_PS_LAST)) {
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:34d78e5598a2b0360d26a9050fcdbbe198c65493b013bb607839d5598b6978c8
|
|
||||||
size 5654057
|
|
3
openldap-2.4.44.tgz
Normal file
3
openldap-2.4.44.tgz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400
|
||||||
|
size 5658830
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com
|
||||||
|
|
||||||
|
- Upgrade to upstream 2.4.44 release with accumulated bug fixes.
|
||||||
|
- Specify source with FTP URL
|
||||||
|
- Removed obsolete 0012-openldap-re24-its8336.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
|
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
%define run_test_suite 0
|
%define run_test_suite 0
|
||||||
%define version_main 2.4.43
|
%define version_main 2.4.44
|
||||||
|
|
||||||
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
||||||
%define _rundir /run/slapd
|
%define _rundir /run/slapd
|
||||||
@ -32,7 +32,7 @@ Group: Productivity/Networking/LDAP/Clients
|
|||||||
Version: %{version_main}
|
Version: %{version_main}
|
||||||
Release: 0
|
Release: 0
|
||||||
Url: http://www.openldap.org
|
Url: http://www.openldap.org
|
||||||
Source: openldap-%{version_main}.tgz
|
Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
|
||||||
Source3: DB_CONFIG
|
Source3: DB_CONFIG
|
||||||
Source4: sasl-slapd.conf
|
Source4: sasl-slapd.conf
|
||||||
Source5: README.module-loading
|
Source5: README.module-loading
|
||||||
@ -55,7 +55,6 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
|
|||||||
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
||||||
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
||||||
Patch11: 0011-openldap-re24-its7796.patch
|
Patch11: 0011-openldap-re24-its7796.patch
|
||||||
Patch12: 0012-openldap-re24-its8336.patch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: cyrus-sasl-devel
|
BuildRequires: cyrus-sasl-devel
|
||||||
BuildRequires: groff
|
BuildRequires: groff
|
||||||
@ -219,7 +218,6 @@ This package contains the OpenLDAP client libraries.
|
|||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
%patch12 -p1
|
|
||||||
cp %{SOURCE5} .
|
cp %{SOURCE5} .
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com
|
||||||
|
|
||||||
|
- Upgrade to upstream 2.4.44 release with accumulated bug fixes.
|
||||||
|
- Specify source with FTP URL
|
||||||
|
- Removed obsolete 0012-openldap-re24-its8336.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
|
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
%define run_test_suite 0
|
%define run_test_suite 0
|
||||||
%define version_main 2.4.43
|
%define version_main 2.4.44
|
||||||
|
|
||||||
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
%if %{suse_version} >= 1310 && %{suse_version} != 1315
|
||||||
%define _rundir /run/slapd
|
%define _rundir /run/slapd
|
||||||
@ -32,7 +32,7 @@ Group: Productivity/Networking/LDAP/Clients
|
|||||||
Version: %{version_main}
|
Version: %{version_main}
|
||||||
Release: 0
|
Release: 0
|
||||||
Url: http://www.openldap.org
|
Url: http://www.openldap.org
|
||||||
Source: openldap-%{version_main}.tgz
|
Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
|
||||||
Source3: DB_CONFIG
|
Source3: DB_CONFIG
|
||||||
Source4: sasl-slapd.conf
|
Source4: sasl-slapd.conf
|
||||||
Source5: README.module-loading
|
Source5: README.module-loading
|
||||||
@ -55,7 +55,6 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
|
|||||||
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
|
||||||
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
|
||||||
Patch11: 0011-openldap-re24-its7796.patch
|
Patch11: 0011-openldap-re24-its7796.patch
|
||||||
Patch12: 0012-openldap-re24-its8336.patch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: cyrus-sasl-devel
|
BuildRequires: cyrus-sasl-devel
|
||||||
BuildRequires: groff
|
BuildRequires: groff
|
||||||
@ -219,7 +218,6 @@ This package contains the OpenLDAP client libraries.
|
|||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
%patch12 -p1
|
|
||||||
cp %{SOURCE5} .
|
cp %{SOURCE5} .
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
Loading…
Reference in New Issue
Block a user