1
0
forked from jengelh/openldap2
OBS User unknown 2006-12-18 23:17:14 +00:00 committed by Git OBS Bridge
commit 778482e49e
27 changed files with 5518 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

5
DB_CONFIG Normal file
View File

@ -0,0 +1,5 @@
set_cachesize 0 15000000 1
set_lg_regionmax 262144
set_lg_bsize 2097152
set_flags DB_LOG_AUTOREMOVE

3
addonschema.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:15df0033de48dd895e7c01da77f98848e23218fa109ecbedb789229d59dad459
size 3227

146
back-perl-init.dif Normal file
View File

@ -0,0 +1,146 @@
Index: servers/slapd/back-perl/init.c
===================================================================
--- servers/slapd/back-perl/init.c.orig
+++ servers/slapd/back-perl/init.c
@@ -35,7 +35,9 @@ perl_back_initialize(
BackendInfo *bi
)
{
- bi->bi_open = perl_back_open;
+ char *embedding[] = { "", "-e", "0" };
+
+ bi->bi_open = NULL;
bi->bi_config = 0;
bi->bi_close = perl_back_close;
bi->bi_destroy = 0;
@@ -63,16 +65,7 @@ perl_back_initialize(
bi->bi_connection_init = 0;
bi->bi_connection_destroy = 0;
- return 0;
-}
-
-int
-perl_back_open(
- BackendInfo *bi
-)
-{
- char *embedding[] = { "", "-e", "0" };
-
+ /* injecting code from perl_back_open, because using fonction reference (bi->bi_open) is not functional */
Debug( LDAP_DEBUG_TRACE, "perl backend open\n", 0, 0, 0 );
if( PERL_INTERPRETER != NULL ) {
Index: servers/slapd/back-perl/proto-perl.h
===================================================================
--- servers/slapd/back-perl/proto-perl.h.orig
+++ servers/slapd/back-perl/proto-perl.h
@@ -22,7 +22,6 @@ LDAP_BEGIN_DECL
extern BI_init perl_back_initialize;
-extern BI_open perl_back_open;
extern BI_close perl_back_close;
extern BI_db_init perl_back_db_init;
Index: servers/slapd/back-perl/bind.c
===================================================================
--- servers/slapd/back-perl/bind.c.orig
+++ servers/slapd/back-perl/bind.c
@@ -32,7 +32,7 @@ perl_back_bind(
PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
-#ifdef HAVE_WIN32_ASPERL
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
PERL_SET_CONTEXT( PERL_INTERPRETER );
#endif
Index: servers/slapd/back-perl/add.c
===================================================================
--- servers/slapd/back-perl/add.c.orig
+++ servers/slapd/back-perl/add.c
@@ -26,6 +26,10 @@ perl_back_add(
int len;
int count;
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
ldap_pvt_thread_mutex_lock( &entry2str_mutex );
Index: servers/slapd/back-perl/compare.c
===================================================================
--- servers/slapd/back-perl/compare.c.orig
+++ servers/slapd/back-perl/compare.c
@@ -41,6 +41,10 @@ perl_back_compare(
op->orc_ava->aa_desc->ad_cname.bv_val ), "=" ),
op->orc_ava->aa_value.bv_val );
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
{
Index: servers/slapd/back-perl/delete.c
===================================================================
--- servers/slapd/back-perl/delete.c.orig
+++ servers/slapd/back-perl/delete.c
@@ -25,6 +25,10 @@ perl_back_delete(
PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
int count;
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
+
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
{
Index: servers/slapd/back-perl/modify.c
===================================================================
--- servers/slapd/back-perl/modify.c.orig
+++ servers/slapd/back-perl/modify.c
@@ -27,7 +27,9 @@ perl_back_modify(
int count;
int i;
-
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
{
Index: servers/slapd/back-perl/modrdn.c
===================================================================
--- servers/slapd/back-perl/modrdn.c.orig
+++ servers/slapd/back-perl/modrdn.c
@@ -25,6 +25,9 @@ perl_back_modrdn(
PerlBackend *perl_back = (PerlBackend *) op->o_bd->be_private;
int count;
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
{
Index: servers/slapd/back-perl/search.c
===================================================================
--- servers/slapd/back-perl/search.c.orig
+++ servers/slapd/back-perl/search.c
@@ -34,6 +34,9 @@ perl_back_search(
char *buf;
int i;
+#if defined(HAVE_WIN32_ASPERL) || defined(USE_ITHREADS)
+ PERL_SET_CONTEXT( PERL_INTERPRETER );
+#endif
ldap_pvt_thread_mutex_lock( &perl_interpreter_mutex );
{

29
check-build.sh Normal file
View File

@ -0,0 +1,29 @@
#!/bin/bash
# Copyright (c) 2003 SuSE Linux AG, Germany. All rights reserved.
#
# Authors: Thorsten Kukuk <kukuk@suse.de>
#
# this script use the following variable(s):
#
# - $BUILD_DIST
#
case $BUILD_BASENAME in
*axp*|*i386|*i686|*ia64|*ppc|*ppc64|*s390|*s390x|*x86_64)
grep "Linux version 2.[0-5].[0-9][0-9]" /proc/version > /dev/null
if [ $? -ne 1 ]; then
echo "FATAL: kernel too old, need kernel >= 2.6.4 for this package"
exit 1
fi
grep "Linux version 2.6.[0-3]-" /proc/version > /dev/null
if [ $? -eq 0 ]; then
echo "FATAL: kernel too old, need kernel >= 2.6.4 for this package"
exit 1
fi
;;
*)
;;
esac
exit 0

8
ldap_conf.dif Normal file
View File

@ -0,0 +1,8 @@
--- libraries/libldap/ldap.conf 2004/04/01 09:43:12 1.1
+++ libraries/libldap/ldap.conf 2004/04/01 09:50:42
@@ -11,3 +11,5 @@
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
+TLS_REQCERT allow
+

11
ldapi_url.dif Normal file
View File

@ -0,0 +1,11 @@
--- include/ldap_defaults.h 2004/04/14 14:13:27 1.1
+++ include/ldap_defaults.h 2004/04/14 14:14:01
@@ -39,7 +39,7 @@
#define LDAP_ENV_PREFIX "LDAP"
/* default ldapi:// socket */
-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
+#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "ldapi"
/*
* SLAPD DEFINITIONS

View File

@ -0,0 +1,20 @@
--- libraries/libldap/util-int.c 2005/08/23 16:07:09 1.1
+++ libraries/libldap/util-int.c 2005/08/23 16:16:03
@@ -52,7 +52,7 @@
#ifndef LDAP_R_COMPILE
# undef HAVE_REENTRANT_FUNCTIONS
# undef HAVE_CTIME_R
-# undef HAVE_GETHOSTBYNAME_R
+/* # undef HAVE_GETHOSTBYNAME_R */
# undef HAVE_GETHOSTBYADDR_R
#else
@@ -110,7 +110,7 @@
#define BUFSTART (1024-32)
#define BUFMAX (32*1024-32)
-#if defined(LDAP_R_COMPILE)
+#if defined(LDAP_R_COMPILE) || defined(HAVE_GETHOSTBYNAME_R)
static char *safe_realloc( char **buf, int len );
#if !(defined(HAVE_GETHOSTBYNAME_R) && defined(HAVE_GETHOSTBYADDR_R))

994
libldap-manpages.dif Normal file
View File

@ -0,0 +1,994 @@
--- openldap-2.3.19.orig/doc/man/man3/Makefile.in
+++ openldap-2.3.19/doc/man/man3/Makefile.in
@@ -1,16 +1,16 @@
-# man3 Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/man3/Makefile.in,v 1.8.2.4 2006/01/03 22:16:04 kurt Exp $
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2006 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-
-MANSECT=3
+# man3 Makefile.in for OpenLDAP
+# $OpenLDAP: pkg/ldap/doc/man/man3/Makefile.in,v 1.11 2006/01/03 22:12:04 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2006 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+MANSECT=3
Index: openldap-2.3.19/doc/man/man3/lber-decode.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/lber-decode.3
+++ openldap-2.3.19/doc/man/man3/lber-decode.3
@@ -1,5 +1,5 @@
.TH LBER_DECODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.21.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.23 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/lber-encode.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/lber-encode.3
+++ openldap-2.3.19/doc/man/man3/lber-encode.3
@@ -1,5 +1,5 @@
.TH LBER_ENCODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.19.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.21 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/lber-memory.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/lber-memory.3
+++ openldap-2.3.19/doc/man/man3/lber-memory.3
@@ -1,5 +1,5 @@
.TH LBER_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.14 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/lber-types.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/lber-types.3
+++ openldap-2.3.19/doc/man/man3/lber-types.3
@@ -1,5 +1,5 @@
.TH LBER_TYPES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.16.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.19 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap.3
+++ openldap-2.3.19/doc/man/man3/ldap.3
@@ -1,5 +1,5 @@
.TH LDAP 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.34.2.5 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.40 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -39,16 +39,21 @@ created using
and set the protocol version to 3 by calling
.BR ldap_set_option (3).
The underlying session is established first operation is
-issued. This would generally be a Start TLS or Bind operation.
+issued. This would generally be a Start TLS or Bind operation,
+or a Search operation to read attributes of the Root DSE.
A Start TLS operation is performed by calling
.BR ldap_start_tls_s (3).
A LDAP bind operation is performed by calling
.BR ldap_sasl_bind (3)
-or one of its friends. Subsequently, other operations are performed
+or one of its friends.
+A Search operation is performed by calling ldap_search_ext_s(3)
+or one of its friends.
+
+Subsequently, additional operations are performed
by calling one of the synchronous or asynchronous routines (e.g.,
-.BR ldap_search_ext_s (3)
+.BR ldap_compare_ext_s (3)
or
-.BR ldap_search_ext (3)
+.BR ldap_compare_ext (3)
followed by
.BR ldap_result (3)).
Results returned from these routines are interpreted by calling the
Index: openldap-2.3.19/doc/man/man3/ldap_abandon.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_abandon.3
+++ openldap-2.3.19/doc/man/man3/ldap_abandon.3
@@ -1,5 +1,5 @@
.TH LDAP_ABANDON 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.15.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.17 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_add.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_add.3
+++ openldap-2.3.19/doc/man/man3/ldap_add.3
@@ -1,5 +1,5 @@
.TH LDAP_ADD 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.15.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.17 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_bind.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_bind.3
+++ openldap-2.3.19/doc/man/man3/ldap_bind.3
@@ -1,9 +1,9 @@
.TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.16.2.4 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.19 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines
+ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
@@ -58,6 +58,18 @@ OpenLDAP LDAP (libldap, -lldap)
.\" .ft
.\" LDAP *ld;
.\" int (*rebindproc)();
+.LP
+.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[],"
+.RS
+.BI LDAPControl *" cctrls "[]);"
+.RE
+.LP
+.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[],"
+.RS
+.BI LDAPControl *" cctrls "[]);"
+.RE
+.LP
+.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params);"
.SH DESCRIPTION
.LP
These routines provide various interfaces to the LDAP bind operation.
@@ -79,7 +91,6 @@ Both synchronous and asynchronous versio
call are provided. All routines
take \fIld\fP as their first parameter, as returned from
.BR ldap_init (3).
-.LP
.SH SIMPLE AUTHENTICATION
The simplest form of the bind call is
.BR ldap_simple_bind_s() .
@@ -110,6 +121,41 @@ returns the message id of the request it
returns an LDAP error indication.
.SH SASL AUTHENTICATION
Description still under construction...
+.SH REBINDING
+.LP
+The
+.B ldap_set_rebind_proc
+function() sets the process to use for binding when an operation returns a
+referral. This function is used when an application needs to bind to another server
+in order to follow a referral or search continuation reference.
+.LP
+The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP,
+the arbitrary data like state information which the client might need to properly rebind.
+The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries
+to use the rebind function. Use the
+.BR ldap_set_option
+function to set the value.
+.LP
+The rebind function has the following syntax.
+.B int rebind_function (LDAP *ld, const char *url,int request,ber_int_t msgid);
+.LP
+The \fIld\fP parameter must be used by the application when binding to the
+referred server if the application wants the libraries to follow the referral.
+.LP
+The \fIurl\fP parameter points to the URL referral string received from the LDAP server.
+The LDAP application can use the
+.BR ldap_url_parse()
+.LP
+The \fIrequest\fP parameter specifies the request operation that generated the referral.
+function to parse the string into its components.
+.LP
+The \fImsgid\fP parameter specifies the message ID of the request generating the referral.
+.LP
+The LDAP libraries set all the parameters when they call the rebind function. The application
+should not attempt to free either the ld or the url structures in the rebind function.
+.LP
+The application must supply to the rebind function the required authentication information such as,
+user name, password, and certificates. The rebind function must use a synchronous bind method.
.SH UNBINDING
The
.B ldap_unbind()
@@ -154,16 +200,32 @@ both of these calls are synchronous in n
.\" If anything but LDAP_SUCCESS is returned by the first call to
.\" the rebindproc, then referral processing is stopped and that error code
.\" is returned for the original LDAP operation.
+.LP
+The
+.B ldap_unbind_ext()
+and
+.B ldap_unbind_ext_s()
+allows the operations to sepicify controls.
.SH ERRORS
Asynchronous routines will return -1 in case of error, setting the
\fIld_errno\fP parameter of the \fIld\fP structure. Synchronous
routines return whatever \fIld_errno\fP is set to. See
.BR ldap_error (3)
for more information.
+.SH NOTES
+If an anonymous bind is sufficient for the application,the rebind process
+need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option
+set to ON (default value) will automatically follow referrals using an anonymous bind.
+.LP
+If the application needs stronger authentication than an anonymous bind,
+you need to provide a rebind process for that authentication method.
+The bind method must be synchronous.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3),
.BR ldap_open (3),
+.BR ldap_set_option (3),
+.BR ldap_url_parse (3)
.B RFC 2222
(http://www.ietf.org),
.B Cyrus SASL
Index: openldap-2.3.19/doc/man/man3/ldap_bind.3.links
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_bind.3.links
+++ openldap-2.3.19/doc/man/man3/ldap_bind.3.links
@@ -7,3 +7,4 @@ ldap_unbind.3
ldap_unbind_ext.3
ldap_unbind_s.3
ldap_unbind_ext_s.3
+ldap_set_rebind_proc.3
Index: openldap-2.3.19/doc/man/man3/ldap_compare.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_compare.3
+++ openldap-2.3.19/doc/man/man3/ldap_compare.3
@@ -1,9 +1,9 @@
.TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.15 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldap_compare, ldap_compare_s \- Perform an LDAP compare operation
+ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
@@ -22,6 +22,23 @@ int ldap_compare(ld, dn, attr, value)
.ft
LDAP *ld;
char *dn, *attr, *value;
+.LP
+.ft B
+int ldap_compare_ext(ld, dn, attr, bvalue, serverctrls, clientctrls, msgidp)
+.ft
+LDAP *ld;
+char *dn, *attr;
+const struct berval *bvalue;
+LDAPControl **serverctrls, **clientctrls;
+int *msgidp;
+.LP
+.ft B
+int ldap_compare_ext_s(ld, dn, attr, bvalue, serverctrls, clientctrls)
+.ft
+LDAP *ld;
+char *dn, *attr;
+const struct berval *bvalue;
+LDAPControl **serverctrls, **clientctrls;
.SH DESCRIPTION
The
.B ldap_compare_s()
@@ -40,6 +57,20 @@ asynchronously. It takes the same param
but returns the message id of the request it initiated. The result of
the compare can be obtained by a subsequent call to
.BR ldap_result (3).
+.LP
+The
+.B ldap_compare_ext()
+routine allows server and client controls to be
+specified to extend the compare request. This routine is asynchronous like
+ldap_compare(), but its return value is an LDAP error code. It stores the
+message id of the request in the integer pointed to by msgidp.
+.LP
+The
+.B ldap_compare_ext_s()
+routine is the synchronous version of
+.BR ldap_compare_ext().
+It also returns an LDAP error code indicating success
+or failure of the operation.
.SH ERRORS
.B ldap_compare_s()
returns an LDAP error code which can be interpreted
@@ -48,6 +79,12 @@ by calling one of
and friends. ldap_compare() returns
-1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
+.LP
+.B ldap_compare_ext_s()
+and
+.B ldap_compare_ext()
+return some Non-zero value other than 0x05 or 0x06 in case of failure.
+0x05 corresponds to LDAP_COMPARE_FALSE and 0x06 corresponds to LDAP_COMPARE_TRUE.
.SH BUGS
There is no way to compare binary values, but there should be.
.SH SEE ALSO
Index: openldap-2.3.19/doc/man/man3/ldap_delete.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_delete.3
+++ openldap-2.3.19/doc/man/man3/ldap_delete.3
@@ -1,9 +1,9 @@
.TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.15 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldap_delete, ldap_delete_s \- Perform an LDAP delete operation
+ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
@@ -22,22 +22,51 @@ int ldap_delete(ld, dn)
.ft
LDAP *ld;
char *dn;
+.LP
+.ft B
+int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp)
+.ft
+LDAP *ld;
+char *dn;
+LDAPControl **serverctrls, **clientctrls;
+int *msgidp;
+.LP
+.ft B
+int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls)
+.ft
+LDAP *ld;
+char *dn;
+LDAPControl **serverctrls, **clientctrls;
.SH DESCRIPTION
The
.B ldap_delete_s()
routine is used to perform an LDAP delete operation
-synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
+synchronously. It takes \fIdn\fP, the DN of the entry to be deleted.
It returns an LDAP error code, indicating the success or failure of the
operation.
.LP
The
.B ldap_delete()
routine is used to perform an LDAP delete operation
-asynchronously. It takes the same parameters as
-.BR ldap_delete_s() ,
-but returns the message id of the request it initiated. The result of
+asynchronously. It takes the same parameters as
+.BR ldap_delete_s(),
+but returns the message id of the request it initiated. The result of
the delete can be obtained by a subsequent call to
.BR ldap_result (3).
+.LP
+The
+.B ldap_delete_ext()
+routine allows server and client controls to be
+specified to extend the delete request. This routine is asynchronous like
+ldap_delete(), but its return value is an LDAP error code. It stores the
+message id of the request in the integer pointed to by msgidp.
+.LP
+The
+.B ldap_delete_ext_s()
+routine is the synchronous version of
+.BR ldap_delete_ext().
+It also returns an LDAP error code indicating success
+or failure of the operation.
.SH ERRORS
.B ldap_delete_s()
returns an LDAP error code which can be interpreted
@@ -45,8 +74,14 @@ by calling one of
.BR ldap_perror (3)
and friends.
.B ldap_delete()
-returns -1 if something went wrong initiating the request. It returns the
+returns -1 if something went wrong initiating the request. It returns the
non-negative message id of the request if things went ok.
+.LP
+.B ldap_delete_ext()
+and
+.B ldap_delete_ext_s()
+return some Non-zero value if
+something went wrong initiating the request, else return 0.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_error (3)
Index: openldap-2.3.19/doc/man/man3/ldap_error.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_error.3
+++ openldap-2.3.19/doc/man/man3/ldap_error.3
@@ -1,5 +1,5 @@
.TH LDAP_ERROR 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.19.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.21 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_extended_operation.3
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_extended_operation.3
@@ -0,0 +1,64 @@
+.TH LDAP_EXTENDED_OPERATION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_extended_operation.3,v 1.17 2006/01/03 22:12:04 kurt Exp $
+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server.
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_extended_operation( ld, requestoid, requestdata, sctrls[], cctrls[], msgidp );
+.ft
+LDAP *ld;
+const char *requestoid;
+const struct berval *requestdata;
+LDAPControl *sctrls[], *cctrls[];
+int *msgidp;
+.LP
+.ft B
+int ldap_extended_operation_s( ld, requestoid, requestdata, sctrls[], cctrls[], retoidp, retdatap );
+.ft
+LDAP *ld,
+const char *requestoid;
+const struct berval *requestdata;
+LDAPControl *sctrls[], *cctrls[];
+char **retoidp;
+struct berval **retdatap;
+.SH DESCRIPTION
+The
+.B ldap_extended_operation_s
+method is used to synchronously send an extended operation to the server.
+It takes \fIrequestoid\fP, which points to a dotted OID text string identifying
+the extended operation to perform. \fIrequestdata\fP is the data required for the
+operation, \fIseverctrls\fP is an array of LDAPControl structures to use with this
+extended operation,\fIclientctrls\fP is an array of LDAPControl structures that list
+the client controls to use with this extended operation .The input parameter
+\fIretoidp\fP points to a dotted-OID text string returned by the LDAP server.
+The memory used by the string should be freed with the ldap_memfree function.
+retdatap is an output parameter which points to a pointer to a berval structure
+that contains the returned data. If no data is returned, the server set this
+to NULL. The memory used by this structure should be freed with the ber_bvfree
+function.
+.LP
+The
+.B ldap_extended_operation
+works just like ldap_extended_operation_s, but the operation is asynchornous.
+It returns the message id of the request it initiated.
+The result of this operation can be obtained by calling
+.BR ldap_result(3).
+.SH NOTES
+The LDAP server must support the operation; otherwise an
+LDAP_NOT_SUPPORTED error is returned.
+.SH SEE ALSO
+.BR ldap_result (3),
+.BR ldap_parse_extended_result (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Index: openldap-2.3.19/doc/man/man3/ldap_extended_operation.3.links
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_extended_operation.3.links
@@ -0,0 +1,2 @@
+ldap_extended_operation_s.3
+
Index: openldap-2.3.19/doc/man/man3/ldap_first_attribute.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_first_attribute.3
+++ openldap-2.3.19/doc/man/man3/ldap_first_attribute.3
@@ -1,5 +1,5 @@
.TH LDAP_FIRST_ATTRIBUTE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.18.2.5 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.21 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_first_entry.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_first_entry.3
+++ openldap-2.3.19/doc/man/man3/ldap_first_entry.3
@@ -1,5 +1,5 @@
.TH LDAP_FIRST_ENTRY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.14.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.16 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_first_message.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_first_message.3
+++ openldap-2.3.19/doc/man/man3/ldap_first_message.3
@@ -1,5 +1,5 @@
.TH LDAP_FIRST_MESSAGE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.9.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.11 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_first_reference.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_first_reference.3
+++ openldap-2.3.19/doc/man/man3/ldap_first_reference.3
@@ -1,5 +1,5 @@
.TH LDAP_FIRST_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.9.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.11 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_get_dn.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_get_dn.3
+++ openldap-2.3.19/doc/man/man3/ldap_get_dn.3
@@ -1,5 +1,5 @@
.TH LDAP_GET_DN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.25.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.28 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_get_values.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_get_values.3
+++ openldap-2.3.19/doc/man/man3/ldap_get_values.3
@@ -1,5 +1,5 @@
.TH LDAP_GET_VALUES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.15.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.17 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_modify.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_modify.3
+++ openldap-2.3.19/doc/man/man3/ldap_modify.3
@@ -1,5 +1,5 @@
.TH LDAP_MODIFY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.14 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_modrdn.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_modrdn.3
+++ openldap-2.3.19/doc/man/man3/ldap_modrdn.3
@@ -1,5 +1,5 @@
.TH LDAP_MODRDN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.14 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_open.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_open.3
+++ openldap-2.3.19/doc/man/man3/ldap_open.3
@@ -1,5 +1,5 @@
.TH LDAP_OPEN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.15 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_parse_reference.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_parse_reference.3
+++ openldap-2.3.19/doc/man/man3/ldap_parse_reference.3
@@ -1,5 +1,5 @@
.TH LDAP_PARSE_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.10.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.12 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_parse_result.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_parse_result.3
+++ openldap-2.3.19/doc/man/man3/ldap_parse_result.3
@@ -1,5 +1,5 @@
.TH LDAP_PARSE_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.9.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.11 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_parse_sort_control.3
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_parse_sort_control.3
@@ -0,0 +1,44 @@
+.TH LDAP_PARSE_SORT-CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_sort_control.3,v 1.15 2006/01/03 22:12:04 kurt Exp $
+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_parse_sort_control \- Decodes the information returned from a search operation
+that used a server-side sort control.
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_parse_sort_control(ld, ctrls, returnCode, attribute)
+.ft
+LDAP *ld;
+LDAPControl **ctrls;
+unsigned long *returnCode;
+char **attribute;
+.SH DESCRIPTION
+This function is used to parse the results returned in a search operation
+that uses a server-side sort control.
+.LP
+It takes a null terminated array of LDAPControl structures usually obtained
+by a call to the
+.BR ldap_parse_result
+function. A returncode which points to the sort control result code,and an array
+of LDAPControl structures that list the client controls to use with the search.
+The function also takes an out parameter \fIattribute\fP and if the sort operation
+fails, the server may return a string that indicates the first attribute in the
+sortKey list that caused the failure. If this parameter is NULL, no string is
+returned. If a string is returned, the memory should be freed by calling the
+ldap_memfree function.
+.SH NOTES
+.SH SEE ALSO
+.BR ldap_result (3),
+.BR ldap_controls_free (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Index: openldap-2.3.19/doc/man/man3/ldap_parse_vlv_control.3
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_parse_vlv_control.3
@@ -0,0 +1,53 @@
+.TH LDAP_PARSE_VLV_CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_vlv_control.3,v 1.17 2006/01/03 22:12:04 kurt Exp $
+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_parse_vlv_control \- Decodes the information returned from a search operation that
+used a VLV (virtual list view) control.
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_parse_vlv_control( ld, ctrlp, target_posp, list_countp, contextp, errcodep );
+.ft
+LDAP *ld;
+LDAPControl **ctrlp;
+unsigned long *target_posp, *list_countp;
+struct berval **contextp;
+int *errcodep;
+.SH DESCRIPTION
+The
+.B ldap_parse_vlv_control
+is used to decode the information returned from a search operation that used a
+VLV (virtual list view)control. It takes a null terminated array of LDAPControl
+structures, usually obtained by a call to the
+.BR ldap_parse_result function,
+a \fItarget_pos\fP which points to the list index of the target entry. If
+this parameter is NULL, the target position is not returned. The index returned
+is an approximation of the position of the target entry. It is
+not guaranteed to be exact. The parameter \fIlist_countp\fP points to
+the server's estimate of the size of the list. If this parameter is NULL, the
+size is not returned. \fIcontextp\fP is a pointer to the address of a berval
+structure that contains a server-generated context identifier if server returns
+one. If server does not return a context identifier, the server returns a NULL
+in this parameter. If this parameter is set to NULL, the context identifier is
+not returned. You should use this returned context in the next call to
+create a VLV control. When the berval structure is no longer needed, you should
+free the memory by calling the \fIber_bvfree function.e\fP
+\fIerrcodep\fP is an output paremeter, which points to the result code returned
+by the server. If this parameter is NULL, the result code is not returned.
+.LP
+See
+ldap.h for a list of possible return codes.
+.SH SEE ALSO
+.BR ldap_search (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Index: openldap-2.3.19/doc/man/man3/ldap_rename.3
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_rename.3
@@ -0,0 +1,69 @@
+.TH LDAP_RENAME 3 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_rename.3,v 1.17 2006/01/03 22:12:04 kurt Exp $
+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.SH NAME
+ldap_rename, ldap_rename_s \- Renames the specified entry.
+.SH LIBRARY
+OpenLDAP LDAP (libldap, -lldap)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <ldap.h>
+.LP
+.ft B
+int ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[], msgidp );
+.ft
+LDAP *ld;
+const char *dn, *newrdn, *newparent;
+int deleteoldrdn;
+LDAPControl *sctrls[], *cctrls[];
+int *msgidp);
+.LP
+.ft B
+int ldap_rename_s( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[] );
+.ft
+LDAP *ld;
+const char *dn, *newrdn, *newparent;
+int deleteoldrdn;
+LDAPControl *sctrls[], *cctrls[];
+.SH DESCRIPTION
+These routines are used to perform a LDAP rename operation.
+The function changes the leaf component of an entry's distinguished
+name and optionally moves the entry to a new parent container. The
+.B ldap_rename_s
+performs a rename operation synchronously.
+The method takes \fIdn\fP, which points to the distinguished name of
+the entry whose attribute is being compared, \fInewparent\fP,the distinguished
+name of the entry's new parent. If this parameter is NULL, only the RDN is changed.
+The root DN is specified by passing a zero length string, "".
+\fIdeleteoldrdn\fP specifies whether the old RDN should be retained or deleted.
+Zero indicates that the old RDN should be retained. If you choose this option,
+the attribute will contain both names (the old and the new).
+Non-zero indicates that the old RDN should be deleted.
+\fIserverctrls\fP points to an array of LDAPControl structures that list the
+client controls to use with this extended operation. Use NULL to specify
+no client controls. \fIclientctrls\fP points to an array of LDAPControl
+structures that list the client controls to use with the search.
+.LP
+.B ldap_rename
+works just like
+.B ldap_rename_s,
+but the operation is asynchornous. It returns the message id of the request
+it initiated. The result of this operation can be obtained by calling
+.BR ldap_result(3).
+.SH ERRORS
+.B ldap_rename()
+returns -1 in case of error initiating the request, and
+will set the \fIld_errno\fP field in the \fIld\fP parameter to
+indicate the error.
+.BR ldap_rename_s()
+returns the LDAP error code resulting from the rename operation.
+.SH SEE ALSO
+.BR ldap (3),
+.BR ldap_modify (3)
+.SH ACKNOWLEDGEMENTS
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
Index: openldap-2.3.19/doc/man/man3/ldap_rename.3.links
===================================================================
--- /dev/null
+++ openldap-2.3.19/doc/man/man3/ldap_rename.3.links
@@ -0,0 +1,2 @@
+ldap_rename_s.3
+
Index: openldap-2.3.19/doc/man/man3/ldap_result.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_result.3
+++ openldap-2.3.19/doc/man/man3/ldap_result.3
@@ -1,5 +1,5 @@
.TH LDAP_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.16.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.20 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
@@ -72,7 +72,8 @@ all references, all extended partial res
result have been received.
.LP
Upon success, the type of the result received is returned and the
-\fIresult\fP parameter will contain the result of the operation. This
+\fIresult\fP parameter will contain the result of the operation;
+otherwise, the \fIresult\fP parameter is undefined. This
result should be passed to the LDAP parsing routines,
.BR ldap_first_message (3)
and friends, for interpretation.
Index: openldap-2.3.19/doc/man/man3/ldap_schema.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_schema.3
+++ openldap-2.3.19/doc/man/man3/ldap_schema.3
@@ -1,5 +1,5 @@
.TH LDAP_SCHEMA 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.12.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.15 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 2000-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_search.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_search.3
+++ openldap-2.3.19/doc/man/man3/ldap_search.3
@@ -1,9 +1,9 @@
.TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.17.2.5 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.21 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
-ldap_search, ldap_search_s, ldap_search_st \- Perform an LDAP search operation
+ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation
.SH LIBRARY
OpenLDAP LDAP (libldap, -lldap)
.SH SYNOPSIS
@@ -41,6 +41,35 @@ char *filter, *attrs[]
int attrsonly;
struct timeval *timeout;
LDAPMessage **res;
+.LP
+.ft B
+int ldap_search_ext(ld, base, scope, filter, attrs, attrsonly, serverctrls,
+.ft
+clientctrls, timeout, sizelimit, msgidp)
+.ft
+LDAP *ld;
+char *base;
+int scope;
+char *filter, *attrs[]
+int attrsonly;
+LDAPControl **serverctrls, **clientctrls;
+struct timeval *timeout;
+int sizelimit, *msgidp;
+.LP
+.ft B
+int ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls,
+.ft
+clientctrls, timeout, sizelimit, res)
+.ft
+LDAP *ld;
+char *base;
+int scope;
+char *filter, *attrs[]
+int attrsonly;
+LDAPControl **serverctrls, **clientctrls;
+struct timeval *timeout;
+int sizelimit;
+LDAPMessage **res;
.SH DESCRIPTION
These routines are used to perform LDAP search operations.
.B ldap_search_s()
@@ -59,6 +88,7 @@ LDAP_SCOPE_ONELEVEL, to search the objec
or LDAP_SCOPE_SUBTREE, to search the object and all its descendants.
.LP
\fIFilter\fP is a string
+
representation of the filter to apply in the search. Simple filters
can be specified as \fI(attributetype=attributevalue)\fP. More complex
filters are specified using a prefix notation according to the following
@@ -99,8 +129,24 @@ To request no attributes, the type "1.1"
should be listed by itself.
.LP
\fIAttrsonly\fP should be set to 1 if
-only attribute types are wanted. It should be set to 0 if both
+only attribute types are wanted. It should be set to 0 if both
attributes types and attribute values are wanted.
+.LP
+.B ldap_search_ext()
+routine allows server and client controls to be specified to extend
+the search request. This routine is asynchronous like
+.BR ldap_search() ,
+but its return value is an LDAP error code. It stores the message id
+of the request in the integer pointed to
+by
+.IR msgidp .
+.LP
+The
+.B ldap_search_ext_s()
+routine is the synchronous version of
+.BR ldap_search_ext().
+It also returns an LDAP error code indicating success or failure
+of the operation.
.SH ERRORS
.B ldap_search_s()
and
@@ -111,15 +157,28 @@ See
for details.
.B ldap_search()
returns -1 in case of trouble.
+.LP
+.B ldap_search_s(),
+.B ldap_search_ext_s
+and
+.B ldap_search_st()
+will return the LDAP error code resulting from the search operation.
+See
+.BR ldap_error (3)
+for details.
+.B ldap_search()
+and
+.B ldap_search_ext
+returns -1 in case of trouble.
.SH NOTES
Note that both read
and list functionality are subsumed by these routines,
by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to
emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list).
.LP
-These routines may dynamically allocate memory. The caller is
+These routines may dynamically allocate memory. The caller is
responsible for freeing such memory using supplied deallocation
-routines. Return values are contained in <ldap.h>.
+routines. Return values are contained in <ldap.h>.
.SH SEE ALSO
.BR ldap (3),
.BR ldap_result (3),
Index: openldap-2.3.19/doc/man/man3/ldap_sort.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_sort.3
+++ openldap-2.3.19/doc/man/man3/ldap_sort.3
@@ -1,5 +1,5 @@
.TH LDAP_SORT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.13.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.15 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
Index: openldap-2.3.19/doc/man/man3/ldap_url.3
===================================================================
--- openldap-2.3.19.orig/doc/man/man3/ldap_url.3
+++ openldap-2.3.19/doc/man/man3/ldap_url.3
@@ -1,5 +1,5 @@
.TH LDAP_URL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.16.2.3 2006/01/03 22:16:04 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.18 2006/01/03 22:12:04 kurt Exp $
.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME

View File

@ -0,0 +1,56 @@
Full_Name: Howard Chu
Version: all < 2.3.29
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (76.168.84.21)
Submitted by: hyc
Apparently this bug was discovered by Evgeny Legerov but was not previously
reported to anyone on the Project. The bug is now fixed in HEAD and RE23.
Performing a SASL Bind with an authcid longer than 255 characters, with a
space
as the 255th character, will cause the length of the normalized name to be
computed incorrectly, failing to take into account the escaping of the
space
character. (The SASL Bind code truncates all incoming names longer than 255
to
exactly 255 characters.) This triggers an assert in libldap because the
resulting string length doesn't match what we expected it to be.
The fix is in libldap/getdn.c rev 1.134.
The MITRE CVE record for this bug is
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779
--- libraries/libldap/getdn.c 2006/10/28 02:47:58 1.133
+++ libraries/libldap/getdn.c 2006/11/08 22:57:02 1.134
@@ -2016,7 +2016,7 @@
strval2strlen( struct berval *val, unsigned flags, ber_len_t *len )
{
ber_len_t l, cl = 1;
- char *p;
+ char *p, *end;
int escaped_byte_len = LDAP_DN_IS_PRETTY( flags ) ? 1 : 3;
#ifdef PRETTY_ESCAPE
int escaped_ascii_len = LDAP_DN_IS_PRETTY( flags ) ? 2 : 3;
@@ -2030,7 +2030,8 @@
return( 0 );
}
- for ( l = 0, p = val->bv_val; p < val->bv_val + val->bv_len; p += cl ) {
+ end = val->bv_val + val->bv_len - 1;
+ for ( l = 0, p = val->bv_val; p <= end; p += cl ) {
/*
* escape '%x00'
@@ -2059,7 +2060,7 @@
} else if ( LDAP_DN_NEEDESCAPE( p[ 0 ] )
|| LDAP_DN_SHOULDESCAPE( p[ 0 ] )
|| ( p == val->bv_val && LDAP_DN_NEEDESCAPE_LEAD( p[ 0 ] ) )
- || ( !p[ 1 ] && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
+ || ( p == end && LDAP_DN_NEEDESCAPE_TRAIL( p[ 0 ] ) ) ) {
#ifdef PRETTY_ESCAPE
#if 0
if ( LDAP_DN_WILLESCAPE_HEX( flags, p[ 0 ] ) ) {

3
openldap-2.3.27.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eaad67982a1612526bea8ab31dce95f87ecf6d14406a3f8a3209063d84e3777d
size 2901710

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dd03c8f47c7cd3bf9eb08c6b7245f3afa1eb3dbfeb0212235f129ec3d38a8fec
size 91075

189
openldap-ntlm.diff Normal file
View File

@ -0,0 +1,189 @@
--- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500
+++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400
@@ -1753,5 +1753,26 @@
LDAPControl **cctrls ));
+/*
+ * hacks for NTLM
+ */
+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
+LDAP_F( int )
+ldap_ntlm_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+LDAP_F( int )
+ldap_parse_ntlm_bind_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge));
+
+
LDAP_END_DECL
#endif /* _LDAP_H */
--- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500
+++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400
@@ -20,7 +20,7 @@
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c sbind.c kbind.c unbind.c cancel.c \
+ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
@@ -29,7 +29,7 @@
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
--- /dev/null 2004-06-30 15:04:37.000000000 -0400
+++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400
@@ -0,0 +1,137 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
+/*
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+/* Mostly copied from sasl.c */
+
+#include "portable.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+
+#include "ldap-int.h"
+
+int
+ldap_ntlm_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ if( msgidp == NULL ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ assert( LBER_VALID( ber ) );
+
+ LDAP_NEXT_MSGID( ld, id );
+ rc = ber_printf( ber, "{it{istON}" /*}*/,
+ id, LDAP_REQ_BIND,
+ ld->ld_version, dn, tag,
+ cred );
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_parse_ntlm_bind_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge)
+{
+ ber_int_t errcode;
+ ber_tag_t tag;
+ BerElement *ber;
+ ber_len_t len;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ if ( ld == NULL || res == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_BIND ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( res->lm_ber );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ tag = ber_scanf( ber, "{ioa" /*}*/,
+ &errcode, challenge, &ld->ld_error );
+ ber_free( ber, 0 );
+
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ ld->ld_errno = errcode;
+
+ return( ld->ld_errno );
+}

3
openldap-rc.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:90c31536d68fed1dcb4d26f40f1e48ee576bbbe780735635d7aa51d102d0e7e0
size 4187

926
openldap2-client.changes Normal file
View File

@ -0,0 +1,926 @@
-------------------------------------------------------------------
Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de
- Fix for a flaw in libldap's strval2strlen() function when processing the
authcid string of certain Bind Requests, which could allow attackers to
cause an affected application to crash (especially the OpenLDAP Server),
creating a denial of service condition (Bug#221154,ITS#4740)
-------------------------------------------------------------------
Tue Nov 14 16:18:34 CET 2006 - rhafer@suse.de
- Additional back-perl fixes from CVS. The first revision of the
patch did not fix the problem completely (Bug#207618, ITS#4751)
-------------------------------------------------------------------
Fri Oct 27 16:46:43 CEST 2006 - rhafer@suse.de
- cyrus-sasl configuration moved from %{_libdir}/sasl2 to
/etc/sasl2/ (Bug: #206414)
-------------------------------------------------------------------
Wed Oct 4 15:56:11 CEST 2006 - rhafer@suse.de
- Add $network to Should-Start/Should-Stop in init scripts
(Bug: #206823)
- Imported latest back-perl changes from CVS, to fix back-perl
initialization (Bug: #207618)
-------------------------------------------------------------------
Tue Aug 22 16:27:25 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.27
* Fixed libldap dnssrv bug with "not present" positive statement
(ITS#4610)
* Fixed libldap dangling pointer issue (ITS#4405)
* Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
* Fixed slapd DN X.509 normalization crash (ITS#4644)
* Fixed slapd-monitor operations order via callbacks (ITS#4631)
* Fixed slapo-accesslog purge task during shutdown
* Fixed slapo-ppolicy handling of default policy (ITS#4634)
* Fixed slapo-ppolicy logging verbosity when using default policy
* Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622)
-------------------------------------------------------------------
Wed Aug 2 11:08:23 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.25
* Add libldap_r TLS concurrency workaround (ITS#4583)
* Fixed slapd acl selfwrite bug (ITS#4587)
* Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622,
4534,4613, 4589)
* Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572)
* Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616)
* Fixed slapd-bdb/hdb cache job issue
* Fixed slapo-ppolicy password hashing bug (ITS#4575)
* Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576)
* Fixed slapo-ppolicy control can be critical (ITS#4596)
- Enabled CLDAP (LDAP over UDP) support
------------------------------------------------------------------
Mon Jun 26 16:36:16 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.24
* Fixed slapd syncrepl timestamp bug (delta-sync/cascade)
(ITS#4567)
* Fixed slapd-bdb/hdb non-root users adding suffix/root entries
(ITS#4552)
* Re-fixed slapd-ldap improper free bug in exop (ITS#4550)
* Fixed slapd-ldif assert bug (ITS#4568)
* Fixed slapo-syncprov crash under glued database (ITS#4562)
- cleaned up SLES10 update specific stuff
- added "chain-return-error" feature from HEAD to chain overlay
(ITS#4570)
-------------------------------------------------------------------
Thu Jun 22 14:46:58 CEST 2006 - schwab@suse.de
- Don't use automake macros without using automake.
-------------------------------------------------------------------
Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.23
* obsoletes the patches: libldap_ads-sasl-gssapi.dif,
slapd-epollerr.dif
* Fixed slapd-ldap improper free bug (ITS#4550)
* Fixed libldap referral input destroy issue (ITS#4533)
* Fixed libldap ldap_sort_entries tail bug (ITS#4536)
* Fixed slapd runqueue use of freed memory (ITS#4517)
* Fixed slapd thread pool init issue (ITS#4513)
* Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532)
* Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538)
* Fixed slapd-bdb/hdb referral issue (ITS#4548)
* Fixed slapo-ppolicy BER tags issue (ITS#4528)
* Fixed slapo-ppolicy rebind bug (ITS#4516)
* For more details see the CHANGES file
- Install CHANGES file to /usr/share/doc/packages/openldap2
-------------------------------------------------------------------
Wed May 10 10:20:16 CEST 2006 - rhafer@suse.de
- Really apply the patch for Bug#160566
- slapd could crash while processing queries with pre-/postread
controls (Bug#173877, ITS#4532)
-------------------------------------------------------------------
Fri Mar 24 13:48:52 CET 2006 - rhafer@suse.de
- Backported fix from CVS for occasional crashes in referral
chasing code (as used in e.g. back-meta/back-ldap).
(Bug: #160566, ITS: #4448)
-------------------------------------------------------------------
Mon Mar 13 16:23:32 CET 2006 - rhafer@suse.de
- openldap2 must obsolete -back-monitor and -back-ldap to have them
removed during update (Bug: #157576)
-------------------------------------------------------------------
Fri Feb 17 12:58:13 CET 2006 - rhafer@suse.de
- Add "external" to the list of supported SASL mechanisms
(Bug: #151771)
-------------------------------------------------------------------
Thu Feb 16 11:45:20 CET 2006 - rhafer@suse.de
- Error out when conversion from old configfile to config database
fails (Bug: #135484,#135490 ITS: #4407)
-------------------------------------------------------------------
Mon Feb 13 14:45:43 CET 2006 - rhafer@suse.de
- Don't ignore non-read/write epoll events (Bug: #149993,
ITS: #4395)
- Added update message to /usr/share/update-messages/en/ and enable
it, when update did not succeed.
-------------------------------------------------------------------
Thu Feb 9 11:43:56 CET 2006 - rhafer@suse.de
- OPENLDAP_CHOWN_DIRS honors databases defined in include files
(Bug: #135473)
- Fixed version numbers in README.update
- Fixed GSSAPI binds against Active Directory (Bug: #149390)
-------------------------------------------------------------------
Fri Feb 3 11:32:27 CET 2006 - rhafer@suse.de
- Cleaned up update procedure
- man-pages updates and fixes (Fate: #6365)
-------------------------------------------------------------------
Fri Jan 27 09:15:33 CET 2006 - rhafer@suse.de
- Updated to 2.3.19 (Bug #144371)
-------------------------------------------------------------------
Fri Jan 27 02:16:56 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Jan 25 18:17:51 CET 2006 - rhafer@suse.de
- Updated Admin Guide to latest version
- build slapcat from openldap-2.2.24 and install it to
/usr/sbin/openldap-2.2-slapcat to be able to migrate from
OpenLDAP 2.2.
- removed slapd-backbdb-dbupgrade which is no longer needed
- attempt to dump/reload bdb databases in %{post}
- Update notes in README.update
-------------------------------------------------------------------
Fri Jan 13 10:36:44 CET 2006 - rhafer@suse.de
- New sysconfig variable OPENLDAP_KRB5_KEYTAB
- Cleanup in default configuration and init scripts
-------------------------------------------------------------------
Wed Jan 11 10:13:52 CET 2006 - rhafer@suse.de
- Updated to 2.3.17
- Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %post
slapd does now automatically recover the database if needed
- Removed unneeded README.SuSE
- Small adjustments to the default DB_CONFIG file
-------------------------------------------------------------------
Mon Jan 9 11:48:10 CET 2006 - rhafer@suse.de
- Updated to 2.3.16
-------------------------------------------------------------------
Mon Dec 19 13:55:35 CET 2005 - rhafer@suse.de
- Fixed filelist (slapd-hdb man-page was missing)
-------------------------------------------------------------------
Fri Dec 9 10:04:28 CET 2005 - rhafer@suse.de
- Fixed build on x86_64
-------------------------------------------------------------------
Wed Dec 7 10:48:57 CET 2005 - rhafer@suse.de
- Merged -back-ldap and -back-monitor subpackages into the main
package and don't build them as dynamic modules anymore.
- updated to OpenLDAP 2.3.13
-------------------------------------------------------------------
Mon Nov 28 16:56:21 CET 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.12
-------------------------------------------------------------------
Wed Oct 26 11:34:24 CEST 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.11
- removed the "LDAP_DEPRECATED" workaround
-------------------------------------------------------------------
Mon Sep 26 09:51:11 CEST 2005 - rhafer@suse.de
- Add "LDAP_DEPRECATED" to ldap.h for now
-------------------------------------------------------------------
Fri Sep 23 14:41:14 CEST 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.7
-------------------------------------------------------------------
Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de
- allow start_tls while chasing referrals (Bug #94355, ITS #3791)
-------------------------------------------------------------------
Mon Jul 4 11:42:08 CEST 2005 - rhafer@suse.de
- devel-subpackage requires openldap2-client of the same version
(Bugzilla: #93579)
-------------------------------------------------------------------
Thu Jun 30 17:55:22 CEST 2005 - uli@suse.de
- build with -fPIE (not -fpie) to avoid GOT overflow on s390*
-------------------------------------------------------------------
Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de
- build the server packages with -fpie/-pie
-------------------------------------------------------------------
Wed Jun 15 16:43:25 CEST 2005 - rhafer@suse.de
- updated to 2.2.27
-------------------------------------------------------------------
Wed May 25 13:58:57 CEST 2005 - rhafer@suse.de
- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of
gethostbyname in libldap. Should fix host lookups through
nss_ldap (Bugzilla: #76173)
-------------------------------------------------------------------
Fri May 13 12:27:05 CEST 2005 - rhafer@suse.de
- Updated to 2.2.26
- made /%{_libdir}]/sasl2/slapd.conf %config(noreplace)
-------------------------------------------------------------------
Thu Apr 28 09:42:30 CEST 2005 - rhafer@suse.de
- Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about
unconfigured OTP mechanism (Bugzilla: #80588)
-------------------------------------------------------------------
Tue Apr 12 15:02:24 CEST 2005 - rhafer@suse.de
- added minimal timeout to startproc in init-script to let it
report the "failed" status correctly in case of misconfiguration
(Bugzilla: #76393)
-------------------------------------------------------------------
Mon Apr 4 16:41:32 CEST 2005 - rhafer@suse.de
- crl-check.dif: Implements CRL checking on client and server side
- use different base ports for differnt values of BUILD_INCARNATION
(/.buildenv) to allow parallel runs of the test-suite on a single
machine
-------------------------------------------------------------------
Mon Apr 4 15:33:19 CEST 2005 - uli@suse.de
- force yielding-select test to yes (test occasionally hangs QEMU)
-------------------------------------------------------------------
Fri Apr 1 13:16:49 CEST 2005 - uli@suse.de
- disable test suite on ARM (hangs QEMU)
-------------------------------------------------------------------
Tue Mar 29 14:21:50 CEST 2005 - rhafer@suse.de
- updated to 2.2.24
- enabled back-hdb
-------------------------------------------------------------------
Wed Mar 2 13:44:23 CET 2005 - rhafer@suse.de
- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928)
- libldap-reinit-fdset.dif: Re-init fd_sets when select is
interupted (Bugzilla #50076, ITS: #3524)
-------------------------------------------------------------------
Thu Feb 17 14:28:02 CET 2005 - rhafer@suse.de
- checkproc_before_recover.dif: Check if slapd is stopped before
running db_recover from the init script. (Bugzilla: #50962)
-------------------------------------------------------------------
Tue Feb 1 14:30:13 CET 2005 - rhafer@suse.de
- Cleanup back-bdb databases in %post, db-4.3 changed the
transaction log format again.
- cosmetic fixes in init script
-------------------------------------------------------------------
Tue Jan 25 15:57:55 CET 2005 - rhafer@suse.de
- updated to 2.2.23
- cleaned up #neededforbuild
- package should also build on older SuSE Linux releases now
- increased killproc timeout in init-script (Bugzilla: #47227)
-------------------------------------------------------------------
Thu Jan 13 15:09:28 CET 2005 - rhafer@suse.de
- updated to 2.2.20
- Removed unneeded dependencies
-------------------------------------------------------------------
Fri Dec 10 12:58:58 CET 2004 - kukuk@suse.de
- don't install *.la files
-------------------------------------------------------------------
Wed Nov 10 16:38:10 CET 2004 - rhafer@suse.de
- updated to 2.2.18
- use kerberos-devel-packages in neededforbuild
-------------------------------------------------------------------
Fri Sep 24 17:55:10 CEST 2004 - ro@suse.de
- re-arranged specfile to sequence (header (package/descr)* rest)
so the checking parser is not confused ...
-------------------------------------------------------------------
Fri Sep 24 13:59:40 CEST 2004 - rhafer@suse.de
- Added pre_checkin.sh to generate a separate openldap2-client
spec-file from which the openldap2-client and openldap2-devel
subpackages are built. Should reduce build time for libldap as
the test-suite is only executed in openldap2.spec.
-------------------------------------------------------------------
Fri Sep 10 13:24:44 CEST 2004 - rhafer@suse.de
- libldap-result.dif: ldapsearch was hanging in select() when
retrieving results from eDirectory through a StartTLS protected
connection (Bugzilla #44942)
-------------------------------------------------------------------
Mon Aug 9 23:43:18 CEST 2004 - dobey@suse.de
- added ntlm support
-------------------------------------------------------------------
Tue Aug 3 14:48:25 CEST 2004 - rhafer@suse.de
- updated to 2.2.16
- Updated ACLs in slapd_conf.dif to disable default read access
to the "userPKCS12" Attribute
- rc-check-conn.diff: When starting slapd wait until is accepts
connections, or 10 seconds at maximum (Bugzilla #41354)
- Backported -o slp={on|off} feature from OpenLDAP Head and added
new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able
to switch SLP registration on and off. (Bugzilla #39865)
- removed unneeded README.update
-------------------------------------------------------------------
Fri Apr 30 16:46:50 CEST 2004 - rhafer@suse.de
- updated to 2.2.11
- remove SLES8 update specific stuff
- Bugzilla #39652: Updated slapd_conf.dif to contain basic access
control
- Bugzilla #39468: Added missing items to yast.schema
- fixed strict-aliasing compiler warnings (strict-aliasing.dif)
-------------------------------------------------------------------
Thu Apr 29 15:13:31 CEST 2004 - coolo@suse.de
- build with several jobs if available
-------------------------------------------------------------------
Mon Apr 19 12:13:41 CEST 2004 - rhafer@suse.de
- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and
args-file (Bugzilla #38790)
- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059,
Bugzilla #38915)
- modify_check_duplicates.dif: check for duplicate attribute
values in modify requests (ITS #3066/#3097, Bugzilla #38607)
- updated and renamed yast2userconfig.schema to yast.schema as it
contains more that only user configuration now
- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056)
- test_syncrepl_timeout: increased sleep timeout in syncrepl
testsuite
-------------------------------------------------------------------
Thu Apr 1 15:05:15 CEST 2004 - rhafer@suse.de
- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make
START_TLS work without access to the CA Certificate.
(Bugzilla: #37393)
-------------------------------------------------------------------
Fri Mar 26 15:30:12 CET 2004 - rhafer@suse.de
- fixed filelist
- check-build.sh (build on kernel >= 2.6.4 hosts only)
- yast2user.schema / slapd.conf fixed (#37076)
- don't check for TLS-options is init-script anymore (#33560)
- fixed various typos in README.update
-------------------------------------------------------------------
Wed Mar 17 13:21:45 CET 2004 - rhafer@suse.de
- fixed build of openldap-2.1-slapcat (using correct db41 include
files, build backends as on sles8)
- attempt to update bdb database and reindex ldbm database in %{post}
- Update notes in README.update
- better default configuration (including default DB_CONFIG file)
- misc updates for the YaST schema
- fixed crasher in syncrepl-code (syncrepl.dif)
-------------------------------------------------------------------
Tue Mar 16 16:15:49 CET 2004 - schwab@suse.de
- Fix type mismatch.
-------------------------------------------------------------------
Tue Mar 2 19:50:18 CET 2004 - rhafer@suse.de
- updated to 2.2.6
- build a openldap-2.1-slapcat from 2.1.25 sources to be able to
migrate from SLES8 and SL 9.0
-------------------------------------------------------------------
Thu Feb 19 17:25:12 CET 2004 - ro@suse.de
- added check-build.sh (build on 2.6 hosts only)
-------------------------------------------------------------------
Thu Feb 5 17:38:52 CET 2004 - rhafer@suse.de
- updated to 2.2.5
- adjusted rfc2307bis.schema to support UTF-8 values in most
attributes
- enabled proxycache-overlay (wiht fix to work with back-ldbm)
-------------------------------------------------------------------
Tue Jan 13 11:31:03 CET 2004 - rhafer@suse.de
- updated to 2.2.4
- updated Admin Guide to most recent version
-------------------------------------------------------------------
Sat Jan 10 10:19:26 CET 2004 - adrian@suse.de
- add %defattr
- fix build as user
-------------------------------------------------------------------
Mon Dec 8 16:46:03 CET 2003 - rhafer@suse.de
- updated to 2.1.25
- small fixes for the YaST user schema
-------------------------------------------------------------------
Tue Nov 11 15:20:05 CET 2003 - rhafer@suse.de
- enabled SLP-support
-------------------------------------------------------------------
Fri Oct 17 22:14:24 CEST 2003 - kukuk@suse.de
- Remove unused des from neededforbuild
-------------------------------------------------------------------
Tue Sep 2 16:04:05 CEST 2003 - mt@suse.de
- Bugzilla #29859: fixed typo in sysconfig metadata,
usage of OPENLDAP_LDAPS_INTERFACES in init script
- added /usr/lib/sasl2/slapd.conf permissions handling
- added sysconfig variable OPENLDAP_SLAPD_PARAMS=""
to support additional slapd start parameters
- added sysconfig variable OPENLDAP_START_LDAPI=NO/yes
for ldapi:/// (LDAP over IPC) URLs
-------------------------------------------------------------------
Thu Aug 14 17:12:35 CEST 2003 - rhafer@suse.de
- added activation metadata to sysconfig template (Bugzilla #28911)
- removed lint from specfile
-------------------------------------------------------------------
Thu Aug 7 18:37:16 CEST 2003 - rhafer@suse.de
- added %stop_on_removal and %restart_on_update calls
- bdb_addcnt.dif fixes a possible endless loop in id2entry()
- addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis)
-------------------------------------------------------------------
Wed Jul 16 19:27:39 CEST 2003 - rhafer@suse.de
- removed fillup_only and call fillup_and_insserv correctly
- new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES,
OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER
-------------------------------------------------------------------
Tue Jul 1 15:42:03 CEST 2003 - rhafer@suse.de
- updated to 2.1.22
- updated Admin Guide to most recent version
- build librewrite with -fPIC
-------------------------------------------------------------------
Mon Jun 16 16:29:03 CEST 2003 - rhafer@suse.de
- updated to 2.1.21
-------------------------------------------------------------------
Wed Jun 11 17:08:11 CEST 2003 - ro@suse.de
- fixed requires lines
-------------------------------------------------------------------
Mon May 26 16:00:43 CEST 2003 - rhafer@suse.de
- don't link back-ldap against librewrite.a, it's already linked
into slapd (package should build on non-i386 Archs again)
-------------------------------------------------------------------
Fri May 23 14:35:49 CEST 2003 - rhafer@suse.de
- fixed dynamic build of back-ldap
- new subpackage back-ldap
-------------------------------------------------------------------
Tue May 20 11:04:50 CEST 2003 - rhafer@suse.de
- updated to version 2.1.20
- enabled dynamic backend modules
- new subpackages back-perl, back-meta and back-monitor
- remove unpacked files from BuildRoot
-------------------------------------------------------------------
Fri May 9 14:23:45 CEST 2003 - rhafer@suse.de
- updated to version 2.1.19
-------------------------------------------------------------------
Wed Apr 16 00:34:31 CEST 2003 - ro@suse.de
- fixed requires for devel-package ...
-------------------------------------------------------------------
Tue Apr 15 10:18:11 CEST 2003 - ro@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de
- Enable IPv6 again
-------------------------------------------------------------------
Tue Feb 11 19:02:14 CET 2003 - rhafer@suse.de
- added /etc/openldap to filelist
-------------------------------------------------------------------
Mon Feb 3 16:42:47 CET 2003 - rhafer@suse.de
- switch default backend to ldbm
-------------------------------------------------------------------
Sun Feb 2 23:58:34 CET 2003 - ro@suse.de
- fixed requires for devel package (cyrus-sasl2-devel)
-------------------------------------------------------------------
Fri Jan 31 08:58:39 CET 2003 - rhafer@suse.de
- liblber.dif: Fixes two bugs in liblber by which remote attackers
could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275
and #2280)
-------------------------------------------------------------------
Tue Jan 14 11:53:11 CET 2003 - choeger@suse.de
- build using sasl2
-------------------------------------------------------------------
Mon Jan 13 12:23:31 CET 2003 - rhafer@suse.de
- updated to version 2.1.12
- added metadata to sysconfig template (Bug: #22666)
-------------------------------------------------------------------
Thu Nov 28 14:42:06 CET 2002 - rhafer@suse.de
- updated to version 2.1.8
- added additional fix of 64bit archs
- added secpatch.dif to fix setuid issues in libldap
-------------------------------------------------------------------
Fri Sep 6 11:11:07 CEST 2002 - rhafer@suse.de
- fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work
with multiple database backend directories
-------------------------------------------------------------------
Mon Sep 2 18:02:03 CEST 2002 - rhafer@suse.de
- removed damoenstart_ipv6.diff and disabled IPv6 support due to
massive problems with nss_ldap
-------------------------------------------------------------------
Mon Aug 26 19:37:32 CEST 2002 - rhafer@suse.de
- ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla
ID#17697)
-------------------------------------------------------------------
Fri Aug 23 13:54:15 CEST 2002 - rhafer@suse.de
- updated to version 2.1.4, which fixes tons of bugs
- added damoenstart_ipv6.diff (slapd was not starting when
configured to listen on IPv4 and IPv6 interfaces, as done by the
start script)
- added README.SuSE with some hints about the bdb-backend
- updated filelist to include only the man pages of the backends,
that were built
-------------------------------------------------------------------
Thu Aug 15 15:56:09 CEST 2002 - rhafer@suse.de
- removed termcap and readline from neededforbuild
-------------------------------------------------------------------
Thu Aug 8 11:21:36 CEST 2002 - rhafer@suse.de
- enabled {CRYPT} passwords
- update filelist (added new manpages)
-------------------------------------------------------------------
Thu Jul 25 15:58:03 CEST 2002 - rhafer@suse.de
- patches for 64 bit architectures
-------------------------------------------------------------------
Fri Jul 19 11:28:28 CEST 2002 - rhafer@suse.de
- update to 2.1.3
-------------------------------------------------------------------
Fri Jul 5 13:26:17 CEST 2002 - kukuk@suse.de
- fix openldap2-devel requires
-------------------------------------------------------------------
Thu Jul 4 10:29:03 CEST 2002 - rhafer@suse.de
- switched back from cyrus-sasl2 to cyrus-sasl
-------------------------------------------------------------------
Wed Jul 3 13:30:23 CEST 2002 - rhafer@suse.de
- updated to OpenLDAP 2.1.2
- added the OpenLDAP Administration Guide
- enabled additional backends (ldap, meta, monitor)
-------------------------------------------------------------------
Mon Jun 10 21:59:35 CEST 2002 - olh@suse.de
- hack build/ltconfig to build shared libs on ppc64
-------------------------------------------------------------------
Wed Jun 5 18:25:51 CEST 2002 - rhafer@suse.de
- created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable
to enable ldap over ssl support
-------------------------------------------------------------------
Thu Mar 7 16:27:15 CET 2002 - rhafer@suse.de
- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel
to the "Requires" Section of the -devel subpackage)
-------------------------------------------------------------------
Mon Feb 18 13:06:10 CET 2002 - rhafer@suse.de
- updated to the latest STABLE release (2.0.23) which fixes some
nasty bugs see ITS #1562,#1582,#1577,#1578
-------------------------------------------------------------------
Thu Feb 7 14:13:25 CET 2002 - rhafer@suse.de
- updated to the latest release (which fixes a index corruption
bug)
- cleanup in neededforbuild
- small fixes for the init-scripts
-------------------------------------------------------------------
Thu Jan 17 13:51:28 CET 2002 - rhafer@suse.de
- updated to the latest stable release (2.0.21)
-------------------------------------------------------------------
Wed Jan 16 18:36:12 CET 2002 - egmont@suselinux.hu
- removed periods and colons from startup/shutdown messages
-------------------------------------------------------------------
Tue Jan 15 15:31:09 CET 2002 - rhafer@suse.de
- updated to v2.0.20 (which fixes a security hole in ACL
processing)
-------------------------------------------------------------------
Fri Jan 11 15:54:51 CET 2002 - rhafer@suse.de
- converted archive to bzip2
- makes use of %{_libdir} now
- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise
the test suite fails on these archs
- changed slapd.conf to store the database under /var/lib/ldap
(this patch was missing in the last versions by accident)
-------------------------------------------------------------------
Mon Jan 7 16:41:32 CET 2002 - rhafer@suse.de
- update to v2.0.19
-------------------------------------------------------------------
Thu Dec 6 14:51:56 CET 2001 - rhafer@suse.de
- eliminated START_LDAP, START_SLURPD variables in rc.config
- created separate init script for slurpd
- moved init scripts from dif to separate source tgz
-------------------------------------------------------------------
Fri Oct 26 10:36:06 CEST 2001 - choeger@suse.de
- update to v2.0.18
-------------------------------------------------------------------
Mon Oct 15 10:00:06 CEST 2001 - choeger@suse.de
- update to v2.0.17
added a sleep to the restart section
moved some manpages to the client package
-------------------------------------------------------------------
Mon Oct 1 18:38:14 CEST 2001 - choeger@suse.de
- update to v2.0.15
-------------------------------------------------------------------
Wed Sep 12 09:53:03 CEST 2001 - choeger@suse.de
- backported the full bugfix from openldap-2.0.14
-------------------------------------------------------------------
Tue Sep 11 11:36:20 CEST 2001 - choeger@suse.de
- Bugfix for slurpd millionth second bug (ITS#1323)
-------------------------------------------------------------------
Mon Sep 10 09:06:40 CEST 2001 - choeger@suse.de
- moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf
to openldap2-client package
-------------------------------------------------------------------
Mon Sep 3 09:31:21 CEST 2001 - choeger@suse.de
- update to version 2.0.12
-------------------------------------------------------------------
Mon Jul 2 10:52:22 CEST 2001 - choeger@suse.de
- bugfix: init script was not LSB compliant, Bugzilla ID#9072
-------------------------------------------------------------------
Tue Jun 19 16:18:54 CEST 2001 - ro@suse.de
- fixed for autoconf again
-------------------------------------------------------------------
Fri Jun 15 10:23:24 CEST 2001 - choeger@suse.de
- update to 2.0.11
- removed autoconf in specfile, because it doesn't work
-------------------------------------------------------------------
Wed May 23 11:43:08 CEST 2001 - choeger@suse.de
- update to version 2.0.10 (minor fixes)
-------------------------------------------------------------------
Tue May 22 11:33:58 CEST 2001 - choeger@suse.de
- update to version 2.0.9
-------------------------------------------------------------------
Mon Apr 23 15:55:32 CEST 2001 - choeger@suse.de
- removed kerberos support
- added aci support
-------------------------------------------------------------------
Fri Apr 20 11:52:14 CEST 2001 - choeger@suse.de
- added kerberos support
-------------------------------------------------------------------
Thu Apr 5 13:47:51 CEST 2001 - choeger@suse.de
- moved section 5 and 8 manpages to the server part of package
-------------------------------------------------------------------
Wed Mar 14 18:17:50 CET 2001 - kukuk@suse.de
- Move *.so links into -devel package
- -devel requires -client
-------------------------------------------------------------------
Thu Mar 8 10:51:05 CET 2001 - choeger@suse.de
- split up into openldap2-client and -devel
-------------------------------------------------------------------
Tue Feb 27 11:20:53 CET 2001 - ro@suse.de
- changed neededforbuild <cyrus-sasl> to <cyrus-sasl cyrus-sasl-devel>
-------------------------------------------------------------------
Fri Feb 23 00:10:25 CET 2001 - ro@suse.de
- added readline/readline-devel to neededforbuild (split from bash)
-------------------------------------------------------------------
Thu Jan 4 14:03:17 CET 2001 - choeger@suse.de
- bugfix: slapd.conf rename /var/lib/openldap-ldbm to
/var/lib/ldap
init script: use $remote_fs
-------------------------------------------------------------------
Tue Jan 2 10:38:20 CET 2001 - olh@suse.de
- use script name in %post
-------------------------------------------------------------------
Thu Dec 7 15:01:53 CET 2000 - choeger@suse.de
- bugfix from Andreas Jaeger:
workaround for glibc2.2, detach
-------------------------------------------------------------------
Fri Dec 1 15:23:45 CET 2000 - ro@suse.de
- hacked configure for apparently broken pthread
-------------------------------------------------------------------
Fri Dec 1 02:28:54 CET 2000 - ro@suse.de
- fixed spec
-------------------------------------------------------------------
Thu Nov 23 11:27:07 CET 2000 - choeger@suse.de
- made configs %config(noreplace) (Bug 4112)
- fixed neededforbuild
-------------------------------------------------------------------
Wed Nov 22 11:37:22 CET 2000 - choeger@suse.de
- adopted new init scheme
-------------------------------------------------------------------
Wed Nov 15 16:24:48 CET 2000 - choeger@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Fri Nov 10 16:32:57 CET 2000 - choeger@suse.de
- added buildroot
-------------------------------------------------------------------
Tue Nov 7 18:52:54 CET 2000 - choeger@suse.de
- long package name
- new version, 2.0.7
-------------------------------------------------------------------
Fri Oct 6 11:35:47 CEST 2000 - choeger@suse.de
- first package of openldap2 (v2.0.6)

847
openldap2-client.spec Normal file
View File

@ -0,0 +1,847 @@
#
# spec file for package openldap2-client (Version 2.3.27)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: openldap2-client
BuildRequires: cyrus-sasl-devel db-devel db42-devel krb5-devel openslp-devel openssl-devel tcpd-devel
URL: http://www.openldap.org
License: BSD License and BSD-like
%if "%{name}" == "openldap2"
Group: Productivity/Networking/LDAP/Clients
Provides: ldap2 openldap2-back-ldap openldap2-back-monitor
Obsoletes: openldap2-back-ldap openldap2-back-monitor
Conflicts: openldap
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/strings /usr/bin/awk /usr/bin/grep
Summary: OpenLDAP2 Client Utilities
%else
Group: Productivity/Networking/LDAP/Clients
Conflicts: openldap-client
Summary: OpenLDAP2 Client Utilities
%endif
Autoreqprov: on
Version: 2.3.27
Release: 23
Source: openldap-%{version}.tar.bz2
Source1: openldap-rc.tgz
Source2: openldap-admin-guide.tar.bz2
Source3: addonschema.tar.gz
Source4: DB_CONFIG
Source5: sasl-slapd.conf
Patch: openldap2.dif
Patch1: secpatch.dif
Patch2: slapd_conf.dif
Patch3: ldap_conf.dif
Patch4: ldapi_url.dif
Patch5: openldap-ntlm.diff
Patch6: libldap-gethostbyname_r.dif
Patch7: pie-compile.dif
Patch8: libldap-manpages.dif
Patch9: slapd_chain_return_error.dif
Patch10: back-perl-init.dif
Patch11: libldap-sasl_bind-assert.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Prefix: %{_prefix}
%description
This package contains the OpenLDAP2 client utilities.
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%if "%{name}" == "openldap2"
%package -n openldap2-back-perl
Summary: OpenLDAP Perl Back-End
Requires: openldap2 = %{version}
Autoreqprov: on
Group: Productivity/Networking/LDAP/Servers
%description -n openldap2-back-perl
The OpenLDAP Perl back-end allows you to execute Perl code specific to
different LDAP operations.
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%package -n openldap2-back-meta
Summary: OpenLDAP Meta Back-End
Requires: openldap2 = %{version}
Autoreqprov: on
Group: Productivity/Networking/LDAP/Servers
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
%description -n openldap2-back-meta
The OpenLDAP Meta back-end is able to perform basic LDAP proxying with
respect to a set of remote LDAP servers. The information contained in
these servers can be presented as belonging to a single Directory
Information Tree (DIT).
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%else
%package -n openldap2-devel
Summary: Libraries, Header Files and Documentation for OpenLDAP2
Autoreqprov: on
Conflicts: openldap-devel
Requires: openldap2-client = %{version} cyrus-sasl-devel openssl-devel
Group: Development/Libraries/C and C++
%description -n openldap2-devel
This package provides the OpenLDAP2 libraries, header files, and
documentation.
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%endif
%prep
%setup -q -n openldap-%{version} -a1 -a2 -a3
%patch
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6
%if %suse_version > 920
%patch7
%endif
%patch8 -p1
%patch9 -p1
%patch10
%patch11
%build
%{?suse_update_config:%{suse_update_config -f build}}
libtoolize --force
autoreconf
export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS"
./configure --prefix=/usr \
--exec-prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var/run/slapd \
--libexecdir=/usr/lib/openldap \
--libdir=%{_libdir} \
--mandir=%{_mandir} \
--enable-wrappers \
--enable-aclgroups \
--enable-spasswd \
--enable-modules \
--enable-shared \
--enable-dynamic \
--with-tls \
--with-cyrus-sasl \
--enable-crypt \
--enable-ipv6=yes \
%if "%{name}" == "openldap2"
--enable-aci \
--enable-bdb \
--enable-hdb \
--enable-ldbm \
--enable-rewrite \
--enable-ldap=yes \
--enable-meta=mod \
--enable-monitor=yes \
--enable-perl=mod \
--enable-slp \
--enable-overlays=yes \
%else
--disable-slapd \
%endif
--enable-lmpasswd \
--with-yielding-select
make depend
make %{?jobs:-j%jobs}
rm tests/scripts/test022-ppolicy
rm tests/scripts/test036-meta-concurrency
rm tests/scripts/test039-glue-ldap-concurrency
# calculate the base port to be use in the test-suite
SLAPD_BASEPORT=10000
if [ -f /.buildenv ] ; then
. /.buildenv
SLAPD_BASEPORT=$(($SLAPD_BASEPORT + $BUILD_INCARNATION * 10))
fi
export SLAPD_BASEPORT
%ifnarch %arm alpha
make test
%endif
%install
#[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT;
mkdir -p $RPM_BUILD_ROOT/etc/init.d
mkdir -p $RPM_BUILD_ROOT/usr/sbin
make DESTDIR=$RPM_BUILD_ROOT install
install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
install -m 755 rc.slurpd $RPM_BUILD_ROOT/etc/init.d/slurpd
ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
ln -sf ../../etc/init.d/slurpd $RPM_BUILD_ROOT/usr/sbin/rcslurpd
mkdir -p $RPM_BUILD_ROOT/etc/sasl2
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/sasl2/slapd.conf
install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap
install -m 700 -d $RPM_BUILD_ROOT/var/lib/slurpd
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so*
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so*
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
%if "%{name}" == "openldap2"
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap
install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema
install -m 644 $RPM_SOURCE_DIR/DB_CONFIG $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example
rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example
%endif
rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sql.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5
# Remove *.la files, libtool does not handle this correct
rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
#
#put filelists into files
cat >openldap2.filelist <<EOF
/var/adm/fillup-templates/sysconfig.openldap
%config /etc/init.d/ldap
%config /etc/init.d/slurpd
/usr/sbin/rcldap
/usr/sbin/rcslurpd
/usr/sbin/slap*
%dir /etc/openldap
/etc/openldap/schema
%config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf
%config(noreplace) /var/lib/ldap/DB_CONFIG
%config(noreplace) /var/lib/ldap/DB_CONFIG.example
%attr(640, root, ldap) /etc/openldap/slapd.conf.default
%config(noreplace) /etc/sasl2/slapd.conf
%dir /usr/lib/openldap
%dir /usr/lib/openldap/modules
/usr/lib/openldap/slapd
/usr/lib/openldap/slurpd
%dir %attr(0700, ldap, ldap) /var/lib/ldap
%dir %attr(0700, ldap, ldap) /var/run/slapd
/var/lib/slurpd
%doc %{_mandir}/man8/sl*
%doc %{_mandir}/man5/slapd.*
%doc %{_mandir}/man5/slapd-bdb.*
%doc %{_mandir}/man5/slapd-hdb.*
%doc %{_mandir}/man5/slapd-ldbm.*
%doc %{_mandir}/man5/slapd-ldap.*
%doc %{_mandir}/man5/slapd-ldif.*
%doc %{_mandir}/man5/slapd-monitor.*
%doc %{_mandir}/man5/slapd-relay.*
%doc %{_mandir}/man5/slapo-*
%doc ANNOUNCEMENT COPYRIGHT INSTALL LICENSE README CHANGES
%doc doc/drafts doc/install doc/admin-guide
EOF
#
cat > openldap2-client.filelist <<EOF
%dir /etc/openldap
%config(noreplace) /etc/openldap/ldap.conf
/etc/openldap/ldap.conf.default
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
/usr/bin/ldappasswd
/usr/bin/ldapwhoami
%{_libdir}/liblber*.so.*
%{_libdir}/libldap*.so.*
%doc %{_mandir}/man1/ldap*
%doc %{_mandir}/man5/ldap.conf*
%doc %{_mandir}/man5/ldif.*
EOF
cat > openldap2-devel.filelist <<EOF
/usr/include/lber.h
/usr/include/lber_types.h
/usr/include/ldap*.h
/usr/include/slapi-plugin.h
%{_libdir}/liblber.a
%{_libdir}/liblber.so
%{_libdir}/libldap.a
%{_libdir}/libldap.so
%{_libdir}/libldap_r.a
%{_libdir}/libldap_r.so
%doc %{_mandir}/man3/ber*
%doc %{_mandir}/man3/lber*
%doc %{_mandir}/man3/ld_errno*
%doc %{_mandir}/man3/ldap*
EOF
cat > openldap2-back-perl.filelist <<EOF
/usr/lib/openldap/modules/back_perl*
%doc %{_mandir}/man5/slapd-perl.*
EOF
cat > openldap2-back-meta.filelist <<EOF
/usr/lib/openldap/modules/back_meta*
%doc %{_mandir}/man5/slapd-meta.*
EOF
#remove files from other spec file
%if "%{name}" == "openldap2"
cat openldap2-client.filelist openldap2-devel.filelist |
%else
cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-meta.filelist |
%endif
grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
rm -rf $RPM_BUILD_ROOT$name
done
%if "%{name}" == "openldap2"
%pre
/usr/sbin/groupadd -g 70 -o -r ldap 2> /dev/null || :
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d \
/var/lib/ldap ldap 2> /dev/null || :
%post
if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
fi
%{fillup_and_insserv -n -s openldap ldap START_LDAP slurpd START_SLURPD}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%preun
%stop_on_removal ldap slurpd
%postun
%restart_on_update ldap slurpd
%insserv_cleanup
%files -f openldap2.filelist
%defattr(-,root,root)
%files -n openldap2-back-perl -f openldap2-back-perl.filelist
%defattr(-,root,root)
%files -n openldap2-back-meta -f openldap2-back-meta.filelist
%defattr(-,root,root)
%else
%files -f openldap2-client.filelist
%defattr(-,root,root)
%files -n openldap2-devel -f openldap2-devel.filelist
%defattr(-,root,root)
%endif
%changelog -n openldap2-client
* Fri Nov 17 2006 - rhafer@suse.de
- Fix for a flaw in libldap's strval2strlen() function when processing the
authcid string of certain Bind Requests, which could allow attackers to
cause an affected application to crash (especially the OpenLDAP Server),
creating a denial of service condition (Bug#221154,ITS#4740)
* Tue Nov 14 2006 - rhafer@suse.de
- Additional back-perl fixes from CVS. The first revision of the
patch did not fix the problem completely (Bug#207618, ITS#4751)
* Fri Oct 27 2006 - rhafer@suse.de
- cyrus-sasl configuration moved from %%{_libdir}/sasl2 to
/etc/sasl2/ (Bug: #206414)
* Wed Oct 04 2006 - rhafer@suse.de
- Add $network to Should-Start/Should-Stop in init scripts
(Bug: #206823)
- Imported latest back-perl changes from CVS, to fix back-perl
initialization (Bug: #207618)
* Tue Aug 22 2006 - rhafer@suse.de
- Updated to Version 2.3.27
* Fixed libldap dnssrv bug with "not present" positive statement
(ITS#4610)
* Fixed libldap dangling pointer issue (ITS#4405)
* Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
* Fixed slapd DN X.509 normalization crash (ITS#4644)
* Fixed slapd-monitor operations order via callbacks (ITS#4631)
* Fixed slapo-accesslog purge task during shutdown
* Fixed slapo-ppolicy handling of default policy (ITS#4634)
* Fixed slapo-ppolicy logging verbosity when using default policy
* Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622)
* Wed Aug 02 2006 - rhafer@suse.de
- Updated to Version 2.3.25
* Add libldap_r TLS concurrency workaround (ITS#4583)
* Fixed slapd acl selfwrite bug (ITS#4587)
* Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622,
4534,4613, 4589)
* Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572)
* Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616)
* Fixed slapd-bdb/hdb cache job issue
* Fixed slapo-ppolicy password hashing bug (ITS#4575)
* Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576)
* Fixed slapo-ppolicy control can be critical (ITS#4596)
- Enabled CLDAP (LDAP over UDP) support
* Mon Jun 26 2006 - rhafer@suse.de
- Updated to Version 2.3.24
* Fixed slapd syncrepl timestamp bug (delta-sync/cascade)
(ITS#4567)
* Fixed slapd-bdb/hdb non-root users adding suffix/root entries
(ITS#4552)
* Re-fixed slapd-ldap improper free bug in exop (ITS#4550)
* Fixed slapd-ldif assert bug (ITS#4568)
* Fixed slapo-syncprov crash under glued database (ITS#4562)
- cleaned up SLES10 update specific stuff
- added "chain-return-error" feature from HEAD to chain overlay
(ITS#4570)
* Thu Jun 22 2006 - schwab@suse.de
- Don't use automake macros without using automake.
* Wed May 24 2006 - rhafer@suse.de
- Updated to Version 2.3.23
* obsoletes the patches: libldap_ads-sasl-gssapi.dif,
slapd-epollerr.dif
* Fixed slapd-ldap improper free bug (ITS#4550)
* Fixed libldap referral input destroy issue (ITS#4533)
* Fixed libldap ldap_sort_entries tail bug (ITS#4536)
* Fixed slapd runqueue use of freed memory (ITS#4517)
* Fixed slapd thread pool init issue (ITS#4513)
* Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532)
* Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538)
* Fixed slapd-bdb/hdb referral issue (ITS#4548)
* Fixed slapo-ppolicy BER tags issue (ITS#4528)
* Fixed slapo-ppolicy rebind bug (ITS#4516)
* For more details see the CHANGES file
- Install CHANGES file to /usr/share/doc/packages/openldap2
* Wed May 10 2006 - rhafer@suse.de
- Really apply the patch for Bug#160566
- slapd could crash while processing queries with pre-/postread
controls (Bug#173877, ITS#4532)
* Fri Mar 24 2006 - rhafer@suse.de
- Backported fix from CVS for occasional crashes in referral
chasing code (as used in e.g. back-meta/back-ldap).
(Bug: #160566, ITS: #4448)
* Mon Mar 13 2006 - rhafer@suse.de
- openldap2 must obsolete -back-monitor and -back-ldap to have them
removed during update (Bug: #157576)
* Fri Feb 17 2006 - rhafer@suse.de
- Add "external" to the list of supported SASL mechanisms
(Bug: #151771)
* Thu Feb 16 2006 - rhafer@suse.de
- Error out when conversion from old configfile to config database
fails (Bug: #135484,#135490 ITS: #4407)
* Mon Feb 13 2006 - rhafer@suse.de
- Don't ignore non-read/write epoll events (Bug: #149993,
ITS: #4395)
- Added update message to /usr/share/update-messages/en/ and enable
it, when update did not succeed.
* Thu Feb 09 2006 - rhafer@suse.de
- OPENLDAP_CHOWN_DIRS honors databases defined in include files
(Bug: #135473)
- Fixed version numbers in README.update
- Fixed GSSAPI binds against Active Directory (Bug: #149390)
* Fri Feb 03 2006 - rhafer@suse.de
- Cleaned up update procedure
- man-pages updates and fixes (Fate: #6365)
* Fri Jan 27 2006 - rhafer@suse.de
- Updated to 2.3.19 (Bug #144371)
* Fri Jan 27 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Jan 25 2006 - rhafer@suse.de
- Updated Admin Guide to latest version
- build slapcat from openldap-2.2.24 and install it to
/usr/sbin/openldap-2.2-slapcat to be able to migrate from
OpenLDAP 2.2.
- removed slapd-backbdb-dbupgrade which is no longer needed
- attempt to dump/reload bdb databases in %%{post}
- Update notes in README.update
* Fri Jan 13 2006 - rhafer@suse.de
- New sysconfig variable OPENLDAP_KRB5_KEYTAB
- Cleanup in default configuration and init scripts
* Wed Jan 11 2006 - rhafer@suse.de
- Updated to 2.3.17
- Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %%post
slapd does now automatically recover the database if needed
- Removed unneeded README.SuSE
- Small adjustments to the default DB_CONFIG file
* Mon Jan 09 2006 - rhafer@suse.de
- Updated to 2.3.16
* Mon Dec 19 2005 - rhafer@suse.de
- Fixed filelist (slapd-hdb man-page was missing)
* Fri Dec 09 2005 - rhafer@suse.de
- Fixed build on x86_64
* Wed Dec 07 2005 - rhafer@suse.de
- Merged -back-ldap and -back-monitor subpackages into the main
package and don't build them as dynamic modules anymore.
- updated to OpenLDAP 2.3.13
* Mon Nov 28 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.12
* Wed Oct 26 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.11
- removed the "LDAP_DEPRECATED" workaround
* Mon Sep 26 2005 - rhafer@suse.de
- Add "LDAP_DEPRECATED" to ldap.h for now
* Fri Sep 23 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.7
* Tue Aug 16 2005 - rhafer@suse.de
- allow start_tls while chasing referrals (Bug #94355, ITS #3791)
* Mon Jul 04 2005 - rhafer@suse.de
- devel-subpackage requires openldap2-client of the same version
(Bugzilla: #93579)
* Thu Jun 30 2005 - uli@suse.de
- build with -fPIE (not -fpie) to avoid GOT overflow on s390*
* Wed Jun 22 2005 - rhafer@suse.de
- build the server packages with -fpie/-pie
* Wed Jun 15 2005 - rhafer@suse.de
- updated to 2.2.27
* Wed May 25 2005 - rhafer@suse.de
- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of
gethostbyname in libldap. Should fix host lookups through
nss_ldap (Bugzilla: #76173)
* Fri May 13 2005 - rhafer@suse.de
- Updated to 2.2.26
- made /%%{_libdir}]/sasl2/slapd.conf %%config(noreplace)
* Thu Apr 28 2005 - rhafer@suse.de
- Added /%%{_libdir}]/sasl2/slapd.conf to avoid warnings about
unconfigured OTP mechanism (Bugzilla: #80588)
* Tue Apr 12 2005 - rhafer@suse.de
- added minimal timeout to startproc in init-script to let it
report the "failed" status correctly in case of misconfiguration
(Bugzilla: #76393)
* Mon Apr 04 2005 - rhafer@suse.de
- crl-check.dif: Implements CRL checking on client and server side
- use different base ports for differnt values of BUILD_INCARNATION
(/.buildenv) to allow parallel runs of the test-suite on a single
machine
* Mon Apr 04 2005 - uli@suse.de
- force yielding-select test to yes (test occasionally hangs QEMU)
* Fri Apr 01 2005 - uli@suse.de
- disable test suite on ARM (hangs QEMU)
* Tue Mar 29 2005 - rhafer@suse.de
- updated to 2.2.24
- enabled back-hdb
* Wed Mar 02 2005 - rhafer@suse.de
- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928)
- libldap-reinit-fdset.dif: Re-init fd_sets when select is
interupted (Bugzilla #50076, ITS: #3524)
* Thu Feb 17 2005 - rhafer@suse.de
- checkproc_before_recover.dif: Check if slapd is stopped before
running db_recover from the init script. (Bugzilla: #50962)
* Tue Feb 01 2005 - rhafer@suse.de
- Cleanup back-bdb databases in %%post, db-4.3 changed the
transaction log format again.
- cosmetic fixes in init script
* Tue Jan 25 2005 - rhafer@suse.de
- updated to 2.2.23
- cleaned up #neededforbuild
- package should also build on older SuSE Linux releases now
- increased killproc timeout in init-script (Bugzilla: #47227)
* Thu Jan 13 2005 - rhafer@suse.de
- updated to 2.2.20
- Removed unneeded dependencies
* Fri Dec 10 2004 - kukuk@suse.de
- don't install *.la files
* Wed Nov 10 2004 - rhafer@suse.de
- updated to 2.2.18
- use kerberos-devel-packages in neededforbuild
* Fri Sep 24 2004 - ro@suse.de
- re-arranged specfile to sequence (header (package/descr)* rest)
so the checking parser is not confused ...
* Fri Sep 24 2004 - rhafer@suse.de
- Added pre_checkin.sh to generate a separate openldap2-client
spec-file from which the openldap2-client and openldap2-devel
subpackages are built. Should reduce build time for libldap as
the test-suite is only executed in openldap2.spec.
* Fri Sep 10 2004 - rhafer@suse.de
- libldap-result.dif: ldapsearch was hanging in select() when
retrieving results from eDirectory through a StartTLS protected
connection (Bugzilla #44942)
* Mon Aug 09 2004 - dobey@suse.de
- added ntlm support
* Tue Aug 03 2004 - rhafer@suse.de
- updated to 2.2.16
- Updated ACLs in slapd_conf.dif to disable default read access
to the "userPKCS12" Attribute
- rc-check-conn.diff: When starting slapd wait until is accepts
connections, or 10 seconds at maximum (Bugzilla #41354)
- Backported -o slp={on|off} feature from OpenLDAP Head and added
new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able
to switch SLP registration on and off. (Bugzilla #39865)
- removed unneeded README.update
* Fri Apr 30 2004 - rhafer@suse.de
- updated to 2.2.11
- remove SLES8 update specific stuff
- Bugzilla #39652: Updated slapd_conf.dif to contain basic access
control
- Bugzilla #39468: Added missing items to yast.schema
- fixed strict-aliasing compiler warnings (strict-aliasing.dif)
* Thu Apr 29 2004 - coolo@suse.de
- build with several jobs if available
* Mon Apr 19 2004 - rhafer@suse.de
- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and
args-file (Bugzilla #38790)
- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059,
Bugzilla #38915)
- modify_check_duplicates.dif: check for duplicate attribute
values in modify requests (ITS #3066/#3097, Bugzilla #38607)
- updated and renamed yast2userconfig.schema to yast.schema as it
contains more that only user configuration now
- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056)
- test_syncrepl_timeout: increased sleep timeout in syncrepl
testsuite
* Thu Apr 01 2004 - rhafer@suse.de
- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make
START_TLS work without access to the CA Certificate.
(Bugzilla: #37393)
* Fri Mar 26 2004 - rhafer@suse.de
- fixed filelist
- check-build.sh (build on kernel >= 2.6.4 hosts only)
- yast2user.schema / slapd.conf fixed (#37076)
- don't check for TLS-options is init-script anymore (#33560)
- fixed various typos in README.update
* Wed Mar 17 2004 - rhafer@suse.de
- fixed build of openldap-2.1-slapcat (using correct db41 include
files, build backends as on sles8)
- attempt to update bdb database and reindex ldbm database in %%{post}
- Update notes in README.update
- better default configuration (including default DB_CONFIG file)
- misc updates for the YaST schema
- fixed crasher in syncrepl-code (syncrepl.dif)
* Tue Mar 16 2004 - schwab@suse.de
- Fix type mismatch.
* Tue Mar 02 2004 - rhafer@suse.de
- updated to 2.2.6
- build a openldap-2.1-slapcat from 2.1.25 sources to be able to
migrate from SLES8 and SL 9.0
* Thu Feb 19 2004 - ro@suse.de
- added check-build.sh (build on 2.6 hosts only)
* Thu Feb 05 2004 - rhafer@suse.de
- updated to 2.2.5
- adjusted rfc2307bis.schema to support UTF-8 values in most
attributes
- enabled proxycache-overlay (wiht fix to work with back-ldbm)
* Tue Jan 13 2004 - rhafer@suse.de
- updated to 2.2.4
- updated Admin Guide to most recent version
* Sat Jan 10 2004 - adrian@suse.de
- add %%defattr
- fix build as user
* Mon Dec 08 2003 - rhafer@suse.de
- updated to 2.1.25
- small fixes for the YaST user schema
* Tue Nov 11 2003 - rhafer@suse.de
- enabled SLP-support
* Fri Oct 17 2003 - kukuk@suse.de
- Remove unused des from neededforbuild
* Tue Sep 02 2003 - mt@suse.de
- Bugzilla #29859: fixed typo in sysconfig metadata,
usage of OPENLDAP_LDAPS_INTERFACES in init script
- added /usr/lib/sasl2/slapd.conf permissions handling
- added sysconfig variable OPENLDAP_SLAPD_PARAMS=""
to support additional slapd start parameters
- added sysconfig variable OPENLDAP_START_LDAPI=NO/yes
for ldapi:/// (LDAP over IPC) URLs
* Thu Aug 14 2003 - rhafer@suse.de
- added activation metadata to sysconfig template (Bugzilla #28911)
- removed lint from specfile
* Thu Aug 07 2003 - rhafer@suse.de
- added %%stop_on_removal and %%restart_on_update calls
- bdb_addcnt.dif fixes a possible endless loop in id2entry()
- addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis)
* Wed Jul 16 2003 - rhafer@suse.de
- removed fillup_only and call fillup_and_insserv correctly
- new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES,
OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER
* Tue Jul 01 2003 - rhafer@suse.de
- updated to 2.1.22
- updated Admin Guide to most recent version
- build librewrite with -fPIC
* Mon Jun 16 2003 - rhafer@suse.de
- updated to 2.1.21
* Wed Jun 11 2003 - ro@suse.de
- fixed requires lines
* Mon May 26 2003 - rhafer@suse.de
- don't link back-ldap against librewrite.a, it's already linked
into slapd (package should build on non-i386 Archs again)
* Fri May 23 2003 - rhafer@suse.de
- fixed dynamic build of back-ldap
- new subpackage back-ldap
* Tue May 20 2003 - rhafer@suse.de
- updated to version 2.1.20
- enabled dynamic backend modules
- new subpackages back-perl, back-meta and back-monitor
- remove unpacked files from BuildRoot
* Fri May 09 2003 - rhafer@suse.de
- updated to version 2.1.19
* Wed Apr 16 2003 - ro@suse.de
- fixed requires for devel-package ...
* Tue Apr 15 2003 - ro@suse.de
- fixed neededforbuild
* Thu Feb 13 2003 - kukuk@suse.de
- Enable IPv6 again
* Tue Feb 11 2003 - rhafer@suse.de
- added /etc/openldap to filelist
* Mon Feb 03 2003 - rhafer@suse.de
- switch default backend to ldbm
* Sun Feb 02 2003 - ro@suse.de
- fixed requires for devel package (cyrus-sasl2-devel)
* Fri Jan 31 2003 - rhafer@suse.de
- liblber.dif: Fixes two bugs in liblber by which remote attackers
could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275
and #2280)
* Tue Jan 14 2003 - choeger@suse.de
- build using sasl2
* Mon Jan 13 2003 - rhafer@suse.de
- updated to version 2.1.12
- added metadata to sysconfig template (Bug: #22666)
* Thu Nov 28 2002 - rhafer@suse.de
- updated to version 2.1.8
- added additional fix of 64bit archs
- added secpatch.dif to fix setuid issues in libldap
* Fri Sep 06 2002 - rhafer@suse.de
- fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work
with multiple database backend directories
* Mon Sep 02 2002 - rhafer@suse.de
- removed damoenstart_ipv6.diff and disabled IPv6 support due to
massive problems with nss_ldap
* Mon Aug 26 2002 - rhafer@suse.de
- ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla
ID#17697)
* Fri Aug 23 2002 - rhafer@suse.de
- updated to version 2.1.4, which fixes tons of bugs
- added damoenstart_ipv6.diff (slapd was not starting when
configured to listen on IPv4 and IPv6 interfaces, as done by the
start script)
- added README.SuSE with some hints about the bdb-backend
- updated filelist to include only the man pages of the backends,
that were built
* Thu Aug 15 2002 - rhafer@suse.de
- removed termcap and readline from neededforbuild
* Thu Aug 08 2002 - rhafer@suse.de
- enabled {CRYPT} passwords
- update filelist (added new manpages)
* Thu Jul 25 2002 - rhafer@suse.de
- patches for 64 bit architectures
* Fri Jul 19 2002 - rhafer@suse.de
- update to 2.1.3
* Fri Jul 05 2002 - kukuk@suse.de
- fix openldap2-devel requires
* Thu Jul 04 2002 - rhafer@suse.de
- switched back from cyrus-sasl2 to cyrus-sasl
* Wed Jul 03 2002 - rhafer@suse.de
- updated to OpenLDAP 2.1.2
- added the OpenLDAP Administration Guide
- enabled additional backends (ldap, meta, monitor)
* Mon Jun 10 2002 - olh@suse.de
- hack build/ltconfig to build shared libs on ppc64
* Wed Jun 05 2002 - rhafer@suse.de
- created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable
to enable ldap over ssl support
* Thu Mar 07 2002 - rhafer@suse.de
- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel
to the "Requires" Section of the -devel subpackage)
* Mon Feb 18 2002 - rhafer@suse.de
- updated to the latest STABLE release (2.0.23) which fixes some
nasty bugs see ITS #1562,#1582,#1577,#1578
* Thu Feb 07 2002 - rhafer@suse.de
- updated to the latest release (which fixes a index corruption
bug)
- cleanup in neededforbuild
- small fixes for the init-scripts
* Thu Jan 17 2002 - rhafer@suse.de
- updated to the latest stable release (2.0.21)
* Wed Jan 16 2002 - egmont@suselinux.hu
- removed periods and colons from startup/shutdown messages
* Tue Jan 15 2002 - rhafer@suse.de
- updated to v2.0.20 (which fixes a security hole in ACL
processing)
* Fri Jan 11 2002 - rhafer@suse.de
- converted archive to bzip2
- makes use of %%{_libdir} now
- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise
the test suite fails on these archs
- changed slapd.conf to store the database under /var/lib/ldap
(this patch was missing in the last versions by accident)
* Mon Jan 07 2002 - rhafer@suse.de
- update to v2.0.19
* Thu Dec 06 2001 - rhafer@suse.de
- eliminated START_LDAP, START_SLURPD variables in rc.config
- created separate init script for slurpd
- moved init scripts from dif to separate source tgz
* Fri Oct 26 2001 - choeger@suse.de
- update to v2.0.18
* Mon Oct 15 2001 - choeger@suse.de
- update to v2.0.17
added a sleep to the restart section
moved some manpages to the client package
* Mon Oct 01 2001 - choeger@suse.de
- update to v2.0.15
* Wed Sep 12 2001 - choeger@suse.de
- backported the full bugfix from openldap-2.0.14
* Tue Sep 11 2001 - choeger@suse.de
- Bugfix for slurpd millionth second bug (ITS#1323)
* Mon Sep 10 2001 - choeger@suse.de
- moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf
to openldap2-client package
* Mon Sep 03 2001 - choeger@suse.de
- update to version 2.0.12
* Mon Jul 02 2001 - choeger@suse.de
- bugfix: init script was not LSB compliant, Bugzilla ID#9072
* Tue Jun 19 2001 - ro@suse.de
- fixed for autoconf again
* Fri Jun 15 2001 - choeger@suse.de
- update to 2.0.11
- removed autoconf in specfile, because it doesn't work
* Wed May 23 2001 - choeger@suse.de
- update to version 2.0.10 (minor fixes)
* Tue May 22 2001 - choeger@suse.de
- update to version 2.0.9
* Mon Apr 23 2001 - choeger@suse.de
- removed kerberos support
- added aci support
* Fri Apr 20 2001 - choeger@suse.de
- added kerberos support
* Thu Apr 05 2001 - choeger@suse.de
- moved section 5 and 8 manpages to the server part of package
* Wed Mar 14 2001 - kukuk@suse.de
- Move *.so links into -devel package
- -devel requires -client
* Thu Mar 08 2001 - choeger@suse.de
- split up into openldap2-client and -devel
* Tue Feb 27 2001 - ro@suse.de
- changed neededforbuild <cyrus-sasl> to <cyrus-sasl cyrus-sasl-devel>
* Fri Feb 23 2001 - ro@suse.de
- added readline/readline-devel to neededforbuild (split from bash)
* Thu Jan 04 2001 - choeger@suse.de
- bugfix: slapd.conf rename /var/lib/openldap-ldbm to
/var/lib/ldap
init script: use $remote_fs
* Tue Jan 02 2001 - olh@suse.de
- use script name in %%post
* Thu Dec 07 2000 - choeger@suse.de
- bugfix from Andreas Jaeger:
workaround for glibc2.2, detach
* Fri Dec 01 2000 - ro@suse.de
- hacked configure for apparently broken pthread
* Fri Dec 01 2000 - ro@suse.de
- fixed spec
* Thu Nov 23 2000 - choeger@suse.de
- made configs %%config(noreplace) (Bug 4112)
- fixed neededforbuild
* Wed Nov 22 2000 - choeger@suse.de
- adopted new init scheme
* Wed Nov 15 2000 - choeger@suse.de
- fixed neededforbuild
* Fri Nov 10 2000 - choeger@suse.de
- added buildroot
* Tue Nov 07 2000 - choeger@suse.de
- long package name
- new version, 2.0.7
* Fri Oct 06 2000 - choeger@suse.de
- first package of openldap2 (v2.0.6)

926
openldap2.changes Normal file
View File

@ -0,0 +1,926 @@
-------------------------------------------------------------------
Fri Nov 17 10:25:44 CET 2006 - rhafer@suse.de
- Fix for a flaw in libldap's strval2strlen() function when processing the
authcid string of certain Bind Requests, which could allow attackers to
cause an affected application to crash (especially the OpenLDAP Server),
creating a denial of service condition (Bug#221154,ITS#4740)
-------------------------------------------------------------------
Tue Nov 14 16:18:34 CET 2006 - rhafer@suse.de
- Additional back-perl fixes from CVS. The first revision of the
patch did not fix the problem completely (Bug#207618, ITS#4751)
-------------------------------------------------------------------
Fri Oct 27 16:46:43 CEST 2006 - rhafer@suse.de
- cyrus-sasl configuration moved from %{_libdir}/sasl2 to
/etc/sasl2/ (Bug: #206414)
-------------------------------------------------------------------
Wed Oct 4 15:56:11 CEST 2006 - rhafer@suse.de
- Add $network to Should-Start/Should-Stop in init scripts
(Bug: #206823)
- Imported latest back-perl changes from CVS, to fix back-perl
initialization (Bug: #207618)
-------------------------------------------------------------------
Tue Aug 22 16:27:25 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.27
* Fixed libldap dnssrv bug with "not present" positive statement
(ITS#4610)
* Fixed libldap dangling pointer issue (ITS#4405)
* Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
* Fixed slapd DN X.509 normalization crash (ITS#4644)
* Fixed slapd-monitor operations order via callbacks (ITS#4631)
* Fixed slapo-accesslog purge task during shutdown
* Fixed slapo-ppolicy handling of default policy (ITS#4634)
* Fixed slapo-ppolicy logging verbosity when using default policy
* Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622)
-------------------------------------------------------------------
Wed Aug 2 11:08:23 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.25
* Add libldap_r TLS concurrency workaround (ITS#4583)
* Fixed slapd acl selfwrite bug (ITS#4587)
* Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622,
4534,4613, 4589)
* Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572)
* Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616)
* Fixed slapd-bdb/hdb cache job issue
* Fixed slapo-ppolicy password hashing bug (ITS#4575)
* Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576)
* Fixed slapo-ppolicy control can be critical (ITS#4596)
- Enabled CLDAP (LDAP over UDP) support
------------------------------------------------------------------
Mon Jun 26 16:36:16 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.24
* Fixed slapd syncrepl timestamp bug (delta-sync/cascade)
(ITS#4567)
* Fixed slapd-bdb/hdb non-root users adding suffix/root entries
(ITS#4552)
* Re-fixed slapd-ldap improper free bug in exop (ITS#4550)
* Fixed slapd-ldif assert bug (ITS#4568)
* Fixed slapo-syncprov crash under glued database (ITS#4562)
- cleaned up SLES10 update specific stuff
- added "chain-return-error" feature from HEAD to chain overlay
(ITS#4570)
-------------------------------------------------------------------
Thu Jun 22 14:46:58 CEST 2006 - schwab@suse.de
- Don't use automake macros without using automake.
-------------------------------------------------------------------
Wed May 24 09:52:03 CEST 2006 - rhafer@suse.de
- Updated to Version 2.3.23
* obsoletes the patches: libldap_ads-sasl-gssapi.dif,
slapd-epollerr.dif
* Fixed slapd-ldap improper free bug (ITS#4550)
* Fixed libldap referral input destroy issue (ITS#4533)
* Fixed libldap ldap_sort_entries tail bug (ITS#4536)
* Fixed slapd runqueue use of freed memory (ITS#4517)
* Fixed slapd thread pool init issue (ITS#4513)
* Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532)
* Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538)
* Fixed slapd-bdb/hdb referral issue (ITS#4548)
* Fixed slapo-ppolicy BER tags issue (ITS#4528)
* Fixed slapo-ppolicy rebind bug (ITS#4516)
* For more details see the CHANGES file
- Install CHANGES file to /usr/share/doc/packages/openldap2
-------------------------------------------------------------------
Wed May 10 10:20:16 CEST 2006 - rhafer@suse.de
- Really apply the patch for Bug#160566
- slapd could crash while processing queries with pre-/postread
controls (Bug#173877, ITS#4532)
-------------------------------------------------------------------
Fri Mar 24 13:48:52 CET 2006 - rhafer@suse.de
- Backported fix from CVS for occasional crashes in referral
chasing code (as used in e.g. back-meta/back-ldap).
(Bug: #160566, ITS: #4448)
-------------------------------------------------------------------
Mon Mar 13 16:23:32 CET 2006 - rhafer@suse.de
- openldap2 must obsolete -back-monitor and -back-ldap to have them
removed during update (Bug: #157576)
-------------------------------------------------------------------
Fri Feb 17 12:58:13 CET 2006 - rhafer@suse.de
- Add "external" to the list of supported SASL mechanisms
(Bug: #151771)
-------------------------------------------------------------------
Thu Feb 16 11:45:20 CET 2006 - rhafer@suse.de
- Error out when conversion from old configfile to config database
fails (Bug: #135484,#135490 ITS: #4407)
-------------------------------------------------------------------
Mon Feb 13 14:45:43 CET 2006 - rhafer@suse.de
- Don't ignore non-read/write epoll events (Bug: #149993,
ITS: #4395)
- Added update message to /usr/share/update-messages/en/ and enable
it, when update did not succeed.
-------------------------------------------------------------------
Thu Feb 9 11:43:56 CET 2006 - rhafer@suse.de
- OPENLDAP_CHOWN_DIRS honors databases defined in include files
(Bug: #135473)
- Fixed version numbers in README.update
- Fixed GSSAPI binds against Active Directory (Bug: #149390)
-------------------------------------------------------------------
Fri Feb 3 11:32:27 CET 2006 - rhafer@suse.de
- Cleaned up update procedure
- man-pages updates and fixes (Fate: #6365)
-------------------------------------------------------------------
Fri Jan 27 09:15:33 CET 2006 - rhafer@suse.de
- Updated to 2.3.19 (Bug #144371)
-------------------------------------------------------------------
Fri Jan 27 02:16:56 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Jan 25 18:17:51 CET 2006 - rhafer@suse.de
- Updated Admin Guide to latest version
- build slapcat from openldap-2.2.24 and install it to
/usr/sbin/openldap-2.2-slapcat to be able to migrate from
OpenLDAP 2.2.
- removed slapd-backbdb-dbupgrade which is no longer needed
- attempt to dump/reload bdb databases in %{post}
- Update notes in README.update
-------------------------------------------------------------------
Fri Jan 13 10:36:44 CET 2006 - rhafer@suse.de
- New sysconfig variable OPENLDAP_KRB5_KEYTAB
- Cleanup in default configuration and init scripts
-------------------------------------------------------------------
Wed Jan 11 10:13:52 CET 2006 - rhafer@suse.de
- Updated to 2.3.17
- Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %post
slapd does now automatically recover the database if needed
- Removed unneeded README.SuSE
- Small adjustments to the default DB_CONFIG file
-------------------------------------------------------------------
Mon Jan 9 11:48:10 CET 2006 - rhafer@suse.de
- Updated to 2.3.16
-------------------------------------------------------------------
Mon Dec 19 13:55:35 CET 2005 - rhafer@suse.de
- Fixed filelist (slapd-hdb man-page was missing)
-------------------------------------------------------------------
Fri Dec 9 10:04:28 CET 2005 - rhafer@suse.de
- Fixed build on x86_64
-------------------------------------------------------------------
Wed Dec 7 10:48:57 CET 2005 - rhafer@suse.de
- Merged -back-ldap and -back-monitor subpackages into the main
package and don't build them as dynamic modules anymore.
- updated to OpenLDAP 2.3.13
-------------------------------------------------------------------
Mon Nov 28 16:56:21 CET 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.12
-------------------------------------------------------------------
Wed Oct 26 11:34:24 CEST 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.11
- removed the "LDAP_DEPRECATED" workaround
-------------------------------------------------------------------
Mon Sep 26 09:51:11 CEST 2005 - rhafer@suse.de
- Add "LDAP_DEPRECATED" to ldap.h for now
-------------------------------------------------------------------
Fri Sep 23 14:41:14 CEST 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.7
-------------------------------------------------------------------
Tue Aug 16 14:08:49 CEST 2005 - rhafer@suse.de
- allow start_tls while chasing referrals (Bug #94355, ITS #3791)
-------------------------------------------------------------------
Mon Jul 4 11:42:08 CEST 2005 - rhafer@suse.de
- devel-subpackage requires openldap2-client of the same version
(Bugzilla: #93579)
-------------------------------------------------------------------
Thu Jun 30 17:55:22 CEST 2005 - uli@suse.de
- build with -fPIE (not -fpie) to avoid GOT overflow on s390*
-------------------------------------------------------------------
Wed Jun 22 16:26:42 CEST 2005 - rhafer@suse.de
- build the server packages with -fpie/-pie
-------------------------------------------------------------------
Wed Jun 15 16:43:25 CEST 2005 - rhafer@suse.de
- updated to 2.2.27
-------------------------------------------------------------------
Wed May 25 13:58:57 CEST 2005 - rhafer@suse.de
- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of
gethostbyname in libldap. Should fix host lookups through
nss_ldap (Bugzilla: #76173)
-------------------------------------------------------------------
Fri May 13 12:27:05 CEST 2005 - rhafer@suse.de
- Updated to 2.2.26
- made /%{_libdir}]/sasl2/slapd.conf %config(noreplace)
-------------------------------------------------------------------
Thu Apr 28 09:42:30 CEST 2005 - rhafer@suse.de
- Added /%{_libdir}]/sasl2/slapd.conf to avoid warnings about
unconfigured OTP mechanism (Bugzilla: #80588)
-------------------------------------------------------------------
Tue Apr 12 15:02:24 CEST 2005 - rhafer@suse.de
- added minimal timeout to startproc in init-script to let it
report the "failed" status correctly in case of misconfiguration
(Bugzilla: #76393)
-------------------------------------------------------------------
Mon Apr 4 16:41:32 CEST 2005 - rhafer@suse.de
- crl-check.dif: Implements CRL checking on client and server side
- use different base ports for differnt values of BUILD_INCARNATION
(/.buildenv) to allow parallel runs of the test-suite on a single
machine
-------------------------------------------------------------------
Mon Apr 4 15:33:19 CEST 2005 - uli@suse.de
- force yielding-select test to yes (test occasionally hangs QEMU)
-------------------------------------------------------------------
Fri Apr 1 13:16:49 CEST 2005 - uli@suse.de
- disable test suite on ARM (hangs QEMU)
-------------------------------------------------------------------
Tue Mar 29 14:21:50 CEST 2005 - rhafer@suse.de
- updated to 2.2.24
- enabled back-hdb
-------------------------------------------------------------------
Wed Mar 2 13:44:23 CET 2005 - rhafer@suse.de
- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928)
- libldap-reinit-fdset.dif: Re-init fd_sets when select is
interupted (Bugzilla #50076, ITS: #3524)
-------------------------------------------------------------------
Thu Feb 17 14:28:02 CET 2005 - rhafer@suse.de
- checkproc_before_recover.dif: Check if slapd is stopped before
running db_recover from the init script. (Bugzilla: #50962)
-------------------------------------------------------------------
Tue Feb 1 14:30:13 CET 2005 - rhafer@suse.de
- Cleanup back-bdb databases in %post, db-4.3 changed the
transaction log format again.
- cosmetic fixes in init script
-------------------------------------------------------------------
Tue Jan 25 15:57:55 CET 2005 - rhafer@suse.de
- updated to 2.2.23
- cleaned up #neededforbuild
- package should also build on older SuSE Linux releases now
- increased killproc timeout in init-script (Bugzilla: #47227)
-------------------------------------------------------------------
Thu Jan 13 15:09:28 CET 2005 - rhafer@suse.de
- updated to 2.2.20
- Removed unneeded dependencies
-------------------------------------------------------------------
Fri Dec 10 12:58:58 CET 2004 - kukuk@suse.de
- don't install *.la files
-------------------------------------------------------------------
Wed Nov 10 16:38:10 CET 2004 - rhafer@suse.de
- updated to 2.2.18
- use kerberos-devel-packages in neededforbuild
-------------------------------------------------------------------
Fri Sep 24 17:55:10 CEST 2004 - ro@suse.de
- re-arranged specfile to sequence (header (package/descr)* rest)
so the checking parser is not confused ...
-------------------------------------------------------------------
Fri Sep 24 13:59:40 CEST 2004 - rhafer@suse.de
- Added pre_checkin.sh to generate a separate openldap2-client
spec-file from which the openldap2-client and openldap2-devel
subpackages are built. Should reduce build time for libldap as
the test-suite is only executed in openldap2.spec.
-------------------------------------------------------------------
Fri Sep 10 13:24:44 CEST 2004 - rhafer@suse.de
- libldap-result.dif: ldapsearch was hanging in select() when
retrieving results from eDirectory through a StartTLS protected
connection (Bugzilla #44942)
-------------------------------------------------------------------
Mon Aug 9 23:43:18 CEST 2004 - dobey@suse.de
- added ntlm support
-------------------------------------------------------------------
Tue Aug 3 14:48:25 CEST 2004 - rhafer@suse.de
- updated to 2.2.16
- Updated ACLs in slapd_conf.dif to disable default read access
to the "userPKCS12" Attribute
- rc-check-conn.diff: When starting slapd wait until is accepts
connections, or 10 seconds at maximum (Bugzilla #41354)
- Backported -o slp={on|off} feature from OpenLDAP Head and added
new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able
to switch SLP registration on and off. (Bugzilla #39865)
- removed unneeded README.update
-------------------------------------------------------------------
Fri Apr 30 16:46:50 CEST 2004 - rhafer@suse.de
- updated to 2.2.11
- remove SLES8 update specific stuff
- Bugzilla #39652: Updated slapd_conf.dif to contain basic access
control
- Bugzilla #39468: Added missing items to yast.schema
- fixed strict-aliasing compiler warnings (strict-aliasing.dif)
-------------------------------------------------------------------
Thu Apr 29 15:13:31 CEST 2004 - coolo@suse.de
- build with several jobs if available
-------------------------------------------------------------------
Mon Apr 19 12:13:41 CEST 2004 - rhafer@suse.de
- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and
args-file (Bugzilla #38790)
- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059,
Bugzilla #38915)
- modify_check_duplicates.dif: check for duplicate attribute
values in modify requests (ITS #3066/#3097, Bugzilla #38607)
- updated and renamed yast2userconfig.schema to yast.schema as it
contains more that only user configuration now
- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056)
- test_syncrepl_timeout: increased sleep timeout in syncrepl
testsuite
-------------------------------------------------------------------
Thu Apr 1 15:05:15 CEST 2004 - rhafer@suse.de
- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make
START_TLS work without access to the CA Certificate.
(Bugzilla: #37393)
-------------------------------------------------------------------
Fri Mar 26 15:30:12 CET 2004 - rhafer@suse.de
- fixed filelist
- check-build.sh (build on kernel >= 2.6.4 hosts only)
- yast2user.schema / slapd.conf fixed (#37076)
- don't check for TLS-options is init-script anymore (#33560)
- fixed various typos in README.update
-------------------------------------------------------------------
Wed Mar 17 13:21:45 CET 2004 - rhafer@suse.de
- fixed build of openldap-2.1-slapcat (using correct db41 include
files, build backends as on sles8)
- attempt to update bdb database and reindex ldbm database in %{post}
- Update notes in README.update
- better default configuration (including default DB_CONFIG file)
- misc updates for the YaST schema
- fixed crasher in syncrepl-code (syncrepl.dif)
-------------------------------------------------------------------
Tue Mar 16 16:15:49 CET 2004 - schwab@suse.de
- Fix type mismatch.
-------------------------------------------------------------------
Tue Mar 2 19:50:18 CET 2004 - rhafer@suse.de
- updated to 2.2.6
- build a openldap-2.1-slapcat from 2.1.25 sources to be able to
migrate from SLES8 and SL 9.0
-------------------------------------------------------------------
Thu Feb 19 17:25:12 CET 2004 - ro@suse.de
- added check-build.sh (build on 2.6 hosts only)
-------------------------------------------------------------------
Thu Feb 5 17:38:52 CET 2004 - rhafer@suse.de
- updated to 2.2.5
- adjusted rfc2307bis.schema to support UTF-8 values in most
attributes
- enabled proxycache-overlay (wiht fix to work with back-ldbm)
-------------------------------------------------------------------
Tue Jan 13 11:31:03 CET 2004 - rhafer@suse.de
- updated to 2.2.4
- updated Admin Guide to most recent version
-------------------------------------------------------------------
Sat Jan 10 10:19:26 CET 2004 - adrian@suse.de
- add %defattr
- fix build as user
-------------------------------------------------------------------
Mon Dec 8 16:46:03 CET 2003 - rhafer@suse.de
- updated to 2.1.25
- small fixes for the YaST user schema
-------------------------------------------------------------------
Tue Nov 11 15:20:05 CET 2003 - rhafer@suse.de
- enabled SLP-support
-------------------------------------------------------------------
Fri Oct 17 22:14:24 CEST 2003 - kukuk@suse.de
- Remove unused des from neededforbuild
-------------------------------------------------------------------
Tue Sep 2 16:04:05 CEST 2003 - mt@suse.de
- Bugzilla #29859: fixed typo in sysconfig metadata,
usage of OPENLDAP_LDAPS_INTERFACES in init script
- added /usr/lib/sasl2/slapd.conf permissions handling
- added sysconfig variable OPENLDAP_SLAPD_PARAMS=""
to support additional slapd start parameters
- added sysconfig variable OPENLDAP_START_LDAPI=NO/yes
for ldapi:/// (LDAP over IPC) URLs
-------------------------------------------------------------------
Thu Aug 14 17:12:35 CEST 2003 - rhafer@suse.de
- added activation metadata to sysconfig template (Bugzilla #28911)
- removed lint from specfile
-------------------------------------------------------------------
Thu Aug 7 18:37:16 CEST 2003 - rhafer@suse.de
- added %stop_on_removal and %restart_on_update calls
- bdb_addcnt.dif fixes a possible endless loop in id2entry()
- addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis)
-------------------------------------------------------------------
Wed Jul 16 19:27:39 CEST 2003 - rhafer@suse.de
- removed fillup_only and call fillup_and_insserv correctly
- new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES,
OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER
-------------------------------------------------------------------
Tue Jul 1 15:42:03 CEST 2003 - rhafer@suse.de
- updated to 2.1.22
- updated Admin Guide to most recent version
- build librewrite with -fPIC
-------------------------------------------------------------------
Mon Jun 16 16:29:03 CEST 2003 - rhafer@suse.de
- updated to 2.1.21
-------------------------------------------------------------------
Wed Jun 11 17:08:11 CEST 2003 - ro@suse.de
- fixed requires lines
-------------------------------------------------------------------
Mon May 26 16:00:43 CEST 2003 - rhafer@suse.de
- don't link back-ldap against librewrite.a, it's already linked
into slapd (package should build on non-i386 Archs again)
-------------------------------------------------------------------
Fri May 23 14:35:49 CEST 2003 - rhafer@suse.de
- fixed dynamic build of back-ldap
- new subpackage back-ldap
-------------------------------------------------------------------
Tue May 20 11:04:50 CEST 2003 - rhafer@suse.de
- updated to version 2.1.20
- enabled dynamic backend modules
- new subpackages back-perl, back-meta and back-monitor
- remove unpacked files from BuildRoot
-------------------------------------------------------------------
Fri May 9 14:23:45 CEST 2003 - rhafer@suse.de
- updated to version 2.1.19
-------------------------------------------------------------------
Wed Apr 16 00:34:31 CEST 2003 - ro@suse.de
- fixed requires for devel-package ...
-------------------------------------------------------------------
Tue Apr 15 10:18:11 CEST 2003 - ro@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Thu Feb 13 12:13:23 CET 2003 - kukuk@suse.de
- Enable IPv6 again
-------------------------------------------------------------------
Tue Feb 11 19:02:14 CET 2003 - rhafer@suse.de
- added /etc/openldap to filelist
-------------------------------------------------------------------
Mon Feb 3 16:42:47 CET 2003 - rhafer@suse.de
- switch default backend to ldbm
-------------------------------------------------------------------
Sun Feb 2 23:58:34 CET 2003 - ro@suse.de
- fixed requires for devel package (cyrus-sasl2-devel)
-------------------------------------------------------------------
Fri Jan 31 08:58:39 CET 2003 - rhafer@suse.de
- liblber.dif: Fixes two bugs in liblber by which remote attackers
could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275
and #2280)
-------------------------------------------------------------------
Tue Jan 14 11:53:11 CET 2003 - choeger@suse.de
- build using sasl2
-------------------------------------------------------------------
Mon Jan 13 12:23:31 CET 2003 - rhafer@suse.de
- updated to version 2.1.12
- added metadata to sysconfig template (Bug: #22666)
-------------------------------------------------------------------
Thu Nov 28 14:42:06 CET 2002 - rhafer@suse.de
- updated to version 2.1.8
- added additional fix of 64bit archs
- added secpatch.dif to fix setuid issues in libldap
-------------------------------------------------------------------
Fri Sep 6 11:11:07 CEST 2002 - rhafer@suse.de
- fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work
with multiple database backend directories
-------------------------------------------------------------------
Mon Sep 2 18:02:03 CEST 2002 - rhafer@suse.de
- removed damoenstart_ipv6.diff and disabled IPv6 support due to
massive problems with nss_ldap
-------------------------------------------------------------------
Mon Aug 26 19:37:32 CEST 2002 - rhafer@suse.de
- ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla
ID#17697)
-------------------------------------------------------------------
Fri Aug 23 13:54:15 CEST 2002 - rhafer@suse.de
- updated to version 2.1.4, which fixes tons of bugs
- added damoenstart_ipv6.diff (slapd was not starting when
configured to listen on IPv4 and IPv6 interfaces, as done by the
start script)
- added README.SuSE with some hints about the bdb-backend
- updated filelist to include only the man pages of the backends,
that were built
-------------------------------------------------------------------
Thu Aug 15 15:56:09 CEST 2002 - rhafer@suse.de
- removed termcap and readline from neededforbuild
-------------------------------------------------------------------
Thu Aug 8 11:21:36 CEST 2002 - rhafer@suse.de
- enabled {CRYPT} passwords
- update filelist (added new manpages)
-------------------------------------------------------------------
Thu Jul 25 15:58:03 CEST 2002 - rhafer@suse.de
- patches for 64 bit architectures
-------------------------------------------------------------------
Fri Jul 19 11:28:28 CEST 2002 - rhafer@suse.de
- update to 2.1.3
-------------------------------------------------------------------
Fri Jul 5 13:26:17 CEST 2002 - kukuk@suse.de
- fix openldap2-devel requires
-------------------------------------------------------------------
Thu Jul 4 10:29:03 CEST 2002 - rhafer@suse.de
- switched back from cyrus-sasl2 to cyrus-sasl
-------------------------------------------------------------------
Wed Jul 3 13:30:23 CEST 2002 - rhafer@suse.de
- updated to OpenLDAP 2.1.2
- added the OpenLDAP Administration Guide
- enabled additional backends (ldap, meta, monitor)
-------------------------------------------------------------------
Mon Jun 10 21:59:35 CEST 2002 - olh@suse.de
- hack build/ltconfig to build shared libs on ppc64
-------------------------------------------------------------------
Wed Jun 5 18:25:51 CEST 2002 - rhafer@suse.de
- created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable
to enable ldap over ssl support
-------------------------------------------------------------------
Thu Mar 7 16:27:15 CET 2002 - rhafer@suse.de
- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel
to the "Requires" Section of the -devel subpackage)
-------------------------------------------------------------------
Mon Feb 18 13:06:10 CET 2002 - rhafer@suse.de
- updated to the latest STABLE release (2.0.23) which fixes some
nasty bugs see ITS #1562,#1582,#1577,#1578
-------------------------------------------------------------------
Thu Feb 7 14:13:25 CET 2002 - rhafer@suse.de
- updated to the latest release (which fixes a index corruption
bug)
- cleanup in neededforbuild
- small fixes for the init-scripts
-------------------------------------------------------------------
Thu Jan 17 13:51:28 CET 2002 - rhafer@suse.de
- updated to the latest stable release (2.0.21)
-------------------------------------------------------------------
Wed Jan 16 18:36:12 CET 2002 - egmont@suselinux.hu
- removed periods and colons from startup/shutdown messages
-------------------------------------------------------------------
Tue Jan 15 15:31:09 CET 2002 - rhafer@suse.de
- updated to v2.0.20 (which fixes a security hole in ACL
processing)
-------------------------------------------------------------------
Fri Jan 11 15:54:51 CET 2002 - rhafer@suse.de
- converted archive to bzip2
- makes use of %{_libdir} now
- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise
the test suite fails on these archs
- changed slapd.conf to store the database under /var/lib/ldap
(this patch was missing in the last versions by accident)
-------------------------------------------------------------------
Mon Jan 7 16:41:32 CET 2002 - rhafer@suse.de
- update to v2.0.19
-------------------------------------------------------------------
Thu Dec 6 14:51:56 CET 2001 - rhafer@suse.de
- eliminated START_LDAP, START_SLURPD variables in rc.config
- created separate init script for slurpd
- moved init scripts from dif to separate source tgz
-------------------------------------------------------------------
Fri Oct 26 10:36:06 CEST 2001 - choeger@suse.de
- update to v2.0.18
-------------------------------------------------------------------
Mon Oct 15 10:00:06 CEST 2001 - choeger@suse.de
- update to v2.0.17
added a sleep to the restart section
moved some manpages to the client package
-------------------------------------------------------------------
Mon Oct 1 18:38:14 CEST 2001 - choeger@suse.de
- update to v2.0.15
-------------------------------------------------------------------
Wed Sep 12 09:53:03 CEST 2001 - choeger@suse.de
- backported the full bugfix from openldap-2.0.14
-------------------------------------------------------------------
Tue Sep 11 11:36:20 CEST 2001 - choeger@suse.de
- Bugfix for slurpd millionth second bug (ITS#1323)
-------------------------------------------------------------------
Mon Sep 10 09:06:40 CEST 2001 - choeger@suse.de
- moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf
to openldap2-client package
-------------------------------------------------------------------
Mon Sep 3 09:31:21 CEST 2001 - choeger@suse.de
- update to version 2.0.12
-------------------------------------------------------------------
Mon Jul 2 10:52:22 CEST 2001 - choeger@suse.de
- bugfix: init script was not LSB compliant, Bugzilla ID#9072
-------------------------------------------------------------------
Tue Jun 19 16:18:54 CEST 2001 - ro@suse.de
- fixed for autoconf again
-------------------------------------------------------------------
Fri Jun 15 10:23:24 CEST 2001 - choeger@suse.de
- update to 2.0.11
- removed autoconf in specfile, because it doesn't work
-------------------------------------------------------------------
Wed May 23 11:43:08 CEST 2001 - choeger@suse.de
- update to version 2.0.10 (minor fixes)
-------------------------------------------------------------------
Tue May 22 11:33:58 CEST 2001 - choeger@suse.de
- update to version 2.0.9
-------------------------------------------------------------------
Mon Apr 23 15:55:32 CEST 2001 - choeger@suse.de
- removed kerberos support
- added aci support
-------------------------------------------------------------------
Fri Apr 20 11:52:14 CEST 2001 - choeger@suse.de
- added kerberos support
-------------------------------------------------------------------
Thu Apr 5 13:47:51 CEST 2001 - choeger@suse.de
- moved section 5 and 8 manpages to the server part of package
-------------------------------------------------------------------
Wed Mar 14 18:17:50 CET 2001 - kukuk@suse.de
- Move *.so links into -devel package
- -devel requires -client
-------------------------------------------------------------------
Thu Mar 8 10:51:05 CET 2001 - choeger@suse.de
- split up into openldap2-client and -devel
-------------------------------------------------------------------
Tue Feb 27 11:20:53 CET 2001 - ro@suse.de
- changed neededforbuild <cyrus-sasl> to <cyrus-sasl cyrus-sasl-devel>
-------------------------------------------------------------------
Fri Feb 23 00:10:25 CET 2001 - ro@suse.de
- added readline/readline-devel to neededforbuild (split from bash)
-------------------------------------------------------------------
Thu Jan 4 14:03:17 CET 2001 - choeger@suse.de
- bugfix: slapd.conf rename /var/lib/openldap-ldbm to
/var/lib/ldap
init script: use $remote_fs
-------------------------------------------------------------------
Tue Jan 2 10:38:20 CET 2001 - olh@suse.de
- use script name in %post
-------------------------------------------------------------------
Thu Dec 7 15:01:53 CET 2000 - choeger@suse.de
- bugfix from Andreas Jaeger:
workaround for glibc2.2, detach
-------------------------------------------------------------------
Fri Dec 1 15:23:45 CET 2000 - ro@suse.de
- hacked configure for apparently broken pthread
-------------------------------------------------------------------
Fri Dec 1 02:28:54 CET 2000 - ro@suse.de
- fixed spec
-------------------------------------------------------------------
Thu Nov 23 11:27:07 CET 2000 - choeger@suse.de
- made configs %config(noreplace) (Bug 4112)
- fixed neededforbuild
-------------------------------------------------------------------
Wed Nov 22 11:37:22 CET 2000 - choeger@suse.de
- adopted new init scheme
-------------------------------------------------------------------
Wed Nov 15 16:24:48 CET 2000 - choeger@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Fri Nov 10 16:32:57 CET 2000 - choeger@suse.de
- added buildroot
-------------------------------------------------------------------
Tue Nov 7 18:52:54 CET 2000 - choeger@suse.de
- long package name
- new version, 2.0.7
-------------------------------------------------------------------
Fri Oct 6 11:35:47 CEST 2000 - choeger@suse.de
- first package of openldap2 (v2.0.6)

44
openldap2.dif Normal file
View File

@ -0,0 +1,44 @@
--- build/top.mk
+++ build/top.mk
@@ -39,7 +39,7 @@
libexecdir = @libexecdir@
localstatedir = @localstatedir@
mandir = @mandir@
-moduledir = @libexecdir@$(ldap_subdir)
+moduledir = @libexecdir@/modules
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@$(ldap_subdir)
@@ -58,7 +58,7 @@
INSTALL_DATA = $(INSTALL) -m 644
INSTALL_SCRIPT = $(INSTALL)
-STRIP = -s
+#STRIP = -s
LINT = lint
5LINT = 5lint
--- configure.in
+++ configure.in
@@ -64,7 +64,9 @@
dnl we try not to use this for much
AC_CANONICAL_TARGET([])
-AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl
+AC_PROG_MAKE_SET
+PACKAGE=$OL_PACKAGE
+VERSION=$OL_VERSION
AC_SUBST(PACKAGE)dnl
AC_SUBST(VERSION)dnl
AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package)
--- servers/slapd/aclparse.c
+++ servers/slapd/aclparse.c
@@ -662,7 +662,7 @@
if ( rc != LDAP_SUCCESS ) {
char buf[ SLAP_TEXT_BUFLEN ];
- snprintf( buf, sizeof( buf ), "%s: line %d: "
+ snprintf( buf, sizeof( buf ),
" attr \"%s\" normalization failed (%d: %s)",
fname, lineno,
a->acl_attrs[ 0 ].an_name.bv_val, rc, text );

850
openldap2.spec Normal file
View File

@ -0,0 +1,850 @@
#
# spec file for package openldap2 (Version 2.3.27)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: openldap2
BuildRequires: cyrus-sasl-devel db-devel db42-devel krb5-devel openslp-devel openssl-devel tcpd-devel
URL: http://www.openldap.org
License: BSD License and BSD-like
%if "%{name}" == "openldap2"
Group: Productivity/Networking/LDAP/Servers
Provides: ldap2 openldap2-back-ldap openldap2-back-monitor
Obsoletes: openldap2-back-ldap openldap2-back-monitor
Conflicts: openldap
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd /usr/bin/strings /usr/bin/awk /usr/bin/grep
Summary: The New OpenLDAP Server (LDAPv3)
%else
Group: Productivity/Networking/LDAP/Servers
Conflicts: openldap-client
Summary: The New OpenLDAP Server (LDAPv3)
%endif
Autoreqprov: on
Version: 2.3.27
Release: 23
Source: openldap-%{version}.tar.bz2
Source1: openldap-rc.tgz
Source2: openldap-admin-guide.tar.bz2
Source3: addonschema.tar.gz
Source4: DB_CONFIG
Source5: sasl-slapd.conf
Patch: openldap2.dif
Patch1: secpatch.dif
Patch2: slapd_conf.dif
Patch3: ldap_conf.dif
Patch4: ldapi_url.dif
Patch5: openldap-ntlm.diff
Patch6: libldap-gethostbyname_r.dif
Patch7: pie-compile.dif
Patch8: libldap-manpages.dif
Patch9: slapd_chain_return_error.dif
Patch10: back-perl-init.dif
Patch11: libldap-sasl_bind-assert.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Prefix: %{_prefix}
%description
The Lightweight Directory Access Protocol (LDAP) is used to access
online directory services. It runs directly over TCP and can be used to
access a stand-alone LDAP directory service or to access a directory
service that has an X.500 back-end.
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%if "%{name}" == "openldap2"
%package -n openldap2-back-perl
Summary: OpenLDAP Perl Back-End
Requires: openldap2 = %{version}
Autoreqprov: on
Group: Productivity/Networking/LDAP/Servers
%description -n openldap2-back-perl
The OpenLDAP Perl back-end allows you to execute Perl code specific to
different LDAP operations.
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%package -n openldap2-back-meta
Summary: OpenLDAP Meta Back-End
Requires: openldap2 = %{version}
Autoreqprov: on
Group: Productivity/Networking/LDAP/Servers
Provides: openldap2:/usr/share/man/man5/slapd-meta.5.gz
%description -n openldap2-back-meta
The OpenLDAP Meta back-end is able to perform basic LDAP proxying with
respect to a set of remote LDAP servers. The information contained in
these servers can be presented as belonging to a single Directory
Information Tree (DIT).
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%else
%package -n openldap2-devel
Summary: Libraries, Header Files and Documentation for OpenLDAP2
Autoreqprov: on
Conflicts: openldap-devel
Requires: openldap2-client = %{version} cyrus-sasl-devel openssl-devel
Group: Development/Libraries/C and C++
%description -n openldap2-devel
This package provides the OpenLDAP2 libraries, header files, and
documentation.
Authors:
--------
The OpenLDAP Project <project@openldap.org>
%endif
%prep
%setup -q -n openldap-%{version} -a1 -a2 -a3
%patch
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6
%if %suse_version > 920
%patch7
%endif
%patch8 -p1
%patch9 -p1
%patch10
%patch11
%build
%{?suse_update_config:%{suse_update_config -f build}}
libtoolize --force
autoreconf
export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -DLDAP_CONNECTIONLESS"
./configure --prefix=/usr \
--exec-prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var/run/slapd \
--libexecdir=/usr/lib/openldap \
--libdir=%{_libdir} \
--mandir=%{_mandir} \
--enable-wrappers \
--enable-aclgroups \
--enable-spasswd \
--enable-modules \
--enable-shared \
--enable-dynamic \
--with-tls \
--with-cyrus-sasl \
--enable-crypt \
--enable-ipv6=yes \
%if "%{name}" == "openldap2"
--enable-aci \
--enable-bdb \
--enable-hdb \
--enable-ldbm \
--enable-rewrite \
--enable-ldap=yes \
--enable-meta=mod \
--enable-monitor=yes \
--enable-perl=mod \
--enable-slp \
--enable-overlays=yes \
%else
--disable-slapd \
%endif
--enable-lmpasswd \
--with-yielding-select
make depend
make %{?jobs:-j%jobs}
rm tests/scripts/test022-ppolicy
rm tests/scripts/test036-meta-concurrency
rm tests/scripts/test039-glue-ldap-concurrency
# calculate the base port to be use in the test-suite
SLAPD_BASEPORT=10000
if [ -f /.buildenv ] ; then
. /.buildenv
SLAPD_BASEPORT=$(($SLAPD_BASEPORT + $BUILD_INCARNATION * 10))
fi
export SLAPD_BASEPORT
%ifnarch %arm alpha
make test
%endif
%install
#[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT;
mkdir -p $RPM_BUILD_ROOT/etc/init.d
mkdir -p $RPM_BUILD_ROOT/usr/sbin
make DESTDIR=$RPM_BUILD_ROOT install
install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap
install -m 755 rc.slurpd $RPM_BUILD_ROOT/etc/init.d/slurpd
ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap
ln -sf ../../etc/init.d/slurpd $RPM_BUILD_ROOT/usr/sbin/rcslurpd
mkdir -p $RPM_BUILD_ROOT/etc/sasl2
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/sasl2/slapd.conf
install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap
install -m 700 -d $RPM_BUILD_ROOT/var/lib/slurpd
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so*
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so*
chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so*
%if "%{name}" == "openldap2"
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap
install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema
install -m 644 $RPM_SOURCE_DIR/DB_CONFIG $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG
install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example
rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example
rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example
%endif
rm -f $RPM_BUILD_ROOT/usr/lib/openldap/modules/*.a
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-dnssrv.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-null.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-passwd.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-shell.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-sql.5
rm -f $RPM_BUILD_ROOT/usr/share/man/man5/slapd-tcl.5
# Remove *.la files, libtool does not handle this correct
rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
#
#put filelists into files
cat >openldap2.filelist <<EOF
/var/adm/fillup-templates/sysconfig.openldap
%config /etc/init.d/ldap
%config /etc/init.d/slurpd
/usr/sbin/rcldap
/usr/sbin/rcslurpd
/usr/sbin/slap*
%dir /etc/openldap
/etc/openldap/schema
%config(noreplace) %attr(640, root, ldap) /etc/openldap/slapd.conf
%config(noreplace) /var/lib/ldap/DB_CONFIG
%config(noreplace) /var/lib/ldap/DB_CONFIG.example
%attr(640, root, ldap) /etc/openldap/slapd.conf.default
%config(noreplace) /etc/sasl2/slapd.conf
%dir /usr/lib/openldap
%dir /usr/lib/openldap/modules
/usr/lib/openldap/slapd
/usr/lib/openldap/slurpd
%dir %attr(0700, ldap, ldap) /var/lib/ldap
%dir %attr(0700, ldap, ldap) /var/run/slapd
/var/lib/slurpd
%doc %{_mandir}/man8/sl*
%doc %{_mandir}/man5/slapd.*
%doc %{_mandir}/man5/slapd-bdb.*
%doc %{_mandir}/man5/slapd-hdb.*
%doc %{_mandir}/man5/slapd-ldbm.*
%doc %{_mandir}/man5/slapd-ldap.*
%doc %{_mandir}/man5/slapd-ldif.*
%doc %{_mandir}/man5/slapd-monitor.*
%doc %{_mandir}/man5/slapd-relay.*
%doc %{_mandir}/man5/slapo-*
%doc ANNOUNCEMENT COPYRIGHT INSTALL LICENSE README CHANGES
%doc doc/drafts doc/install doc/admin-guide
EOF
#
cat > openldap2-client.filelist <<EOF
%dir /etc/openldap
%config(noreplace) /etc/openldap/ldap.conf
/etc/openldap/ldap.conf.default
/usr/bin/ldapadd
/usr/bin/ldapcompare
/usr/bin/ldapdelete
/usr/bin/ldapmodify
/usr/bin/ldapmodrdn
/usr/bin/ldapsearch
/usr/bin/ldappasswd
/usr/bin/ldapwhoami
%{_libdir}/liblber*.so.*
%{_libdir}/libldap*.so.*
%doc %{_mandir}/man1/ldap*
%doc %{_mandir}/man5/ldap.conf*
%doc %{_mandir}/man5/ldif.*
EOF
cat > openldap2-devel.filelist <<EOF
/usr/include/lber.h
/usr/include/lber_types.h
/usr/include/ldap*.h
/usr/include/slapi-plugin.h
%{_libdir}/liblber.a
%{_libdir}/liblber.so
%{_libdir}/libldap.a
%{_libdir}/libldap.so
%{_libdir}/libldap_r.a
%{_libdir}/libldap_r.so
%doc %{_mandir}/man3/ber*
%doc %{_mandir}/man3/lber*
%doc %{_mandir}/man3/ld_errno*
%doc %{_mandir}/man3/ldap*
EOF
cat > openldap2-back-perl.filelist <<EOF
/usr/lib/openldap/modules/back_perl*
%doc %{_mandir}/man5/slapd-perl.*
EOF
cat > openldap2-back-meta.filelist <<EOF
/usr/lib/openldap/modules/back_meta*
%doc %{_mandir}/man5/slapd-meta.*
EOF
#remove files from other spec file
%if "%{name}" == "openldap2"
cat openldap2-client.filelist openldap2-devel.filelist |
%else
cat openldap2.filelist openldap2-back-perl.filelist openldap2-back-meta.filelist |
%endif
grep -v "%dir " |sed -e "s|^.* ||" |grep "^/" |while read name ; do
rm -rf $RPM_BUILD_ROOT$name
done
%if "%{name}" == "openldap2"
%pre
/usr/sbin/groupadd -g 70 -o -r ldap 2> /dev/null || :
/usr/sbin/useradd -r -o -g ldap -u 76 -s /bin/bash -c "User for OpenLDAP" -d \
/var/lib/ldap ldap 2> /dev/null || :
%post
if [ ${1:-0} -gt 1 ] && [ -f %{_libdir}/sasl2/slapd.conf ] ; then
cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
fi
%{fillup_and_insserv -n -s openldap ldap START_LDAP slurpd START_SLURPD}
%{remove_and_set -n openldap OPENLDAP_RUN_DB_RECOVER}
%preun
%stop_on_removal ldap slurpd
%postun
%restart_on_update ldap slurpd
%insserv_cleanup
%files -f openldap2.filelist
%defattr(-,root,root)
%files -n openldap2-back-perl -f openldap2-back-perl.filelist
%defattr(-,root,root)
%files -n openldap2-back-meta -f openldap2-back-meta.filelist
%defattr(-,root,root)
%else
%files -f openldap2-client.filelist
%defattr(-,root,root)
%files -n openldap2-devel -f openldap2-devel.filelist
%defattr(-,root,root)
%endif
%changelog -n openldap2
* Fri Nov 17 2006 - rhafer@suse.de
- Fix for a flaw in libldap's strval2strlen() function when processing the
authcid string of certain Bind Requests, which could allow attackers to
cause an affected application to crash (especially the OpenLDAP Server),
creating a denial of service condition (Bug#221154,ITS#4740)
* Tue Nov 14 2006 - rhafer@suse.de
- Additional back-perl fixes from CVS. The first revision of the
patch did not fix the problem completely (Bug#207618, ITS#4751)
* Fri Oct 27 2006 - rhafer@suse.de
- cyrus-sasl configuration moved from %%{_libdir}/sasl2 to
/etc/sasl2/ (Bug: #206414)
* Wed Oct 04 2006 - rhafer@suse.de
- Add $network to Should-Start/Should-Stop in init scripts
(Bug: #206823)
- Imported latest back-perl changes from CVS, to fix back-perl
initialization (Bug: #207618)
* Tue Aug 22 2006 - rhafer@suse.de
- Updated to Version 2.3.27
* Fixed libldap dnssrv bug with "not present" positive statement
(ITS#4610)
* Fixed libldap dangling pointer issue (ITS#4405)
* Fixed slapd incorrect rebuilding of replica URI (ITS#4633)
* Fixed slapd DN X.509 normalization crash (ITS#4644)
* Fixed slapd-monitor operations order via callbacks (ITS#4631)
* Fixed slapo-accesslog purge task during shutdown
* Fixed slapo-ppolicy handling of default policy (ITS#4634)
* Fixed slapo-ppolicy logging verbosity when using default policy
* Fixed slapo-syncprov incomplete sync on restart issues (ITS#4622)
* Wed Aug 02 2006 - rhafer@suse.de
- Updated to Version 2.3.25
* Add libldap_r TLS concurrency workaround (ITS#4583)
* Fixed slapd acl selfwrite bug (ITS#4587)
* Fixed various syncrepl and slapo-syncprov bugs (ITS#4582, 4622,
4534,4613, 4589)
* Fixed slapd-bdb/hdb lock bug with virtual root (ITS#4572)
* Fixed slapd-bdb/hdb modrdn new entry disappearing bug (ITS#4616)
* Fixed slapd-bdb/hdb cache job issue
* Fixed slapo-ppolicy password hashing bug (ITS#4575)
* Fixed slapo-ppolicy password modify pwdMustChange reset bug (ITS#4576)
* Fixed slapo-ppolicy control can be critical (ITS#4596)
- Enabled CLDAP (LDAP over UDP) support
* Mon Jun 26 2006 - rhafer@suse.de
- Updated to Version 2.3.24
* Fixed slapd syncrepl timestamp bug (delta-sync/cascade)
(ITS#4567)
* Fixed slapd-bdb/hdb non-root users adding suffix/root entries
(ITS#4552)
* Re-fixed slapd-ldap improper free bug in exop (ITS#4550)
* Fixed slapd-ldif assert bug (ITS#4568)
* Fixed slapo-syncprov crash under glued database (ITS#4562)
- cleaned up SLES10 update specific stuff
- added "chain-return-error" feature from HEAD to chain overlay
(ITS#4570)
* Thu Jun 22 2006 - schwab@suse.de
- Don't use automake macros without using automake.
* Wed May 24 2006 - rhafer@suse.de
- Updated to Version 2.3.23
* obsoletes the patches: libldap_ads-sasl-gssapi.dif,
slapd-epollerr.dif
* Fixed slapd-ldap improper free bug (ITS#4550)
* Fixed libldap referral input destroy issue (ITS#4533)
* Fixed libldap ldap_sort_entries tail bug (ITS#4536)
* Fixed slapd runqueue use of freed memory (ITS#4517)
* Fixed slapd thread pool init issue (ITS#4513)
* Fixed slapd-bdb/hdb pre/post-read freeing (ITS#4532)
* Fixed slapd-bdb/hdb pre/post-read unavailable issue (ITS#4538)
* Fixed slapd-bdb/hdb referral issue (ITS#4548)
* Fixed slapo-ppolicy BER tags issue (ITS#4528)
* Fixed slapo-ppolicy rebind bug (ITS#4516)
* For more details see the CHANGES file
- Install CHANGES file to /usr/share/doc/packages/openldap2
* Wed May 10 2006 - rhafer@suse.de
- Really apply the patch for Bug#160566
- slapd could crash while processing queries with pre-/postread
controls (Bug#173877, ITS#4532)
* Fri Mar 24 2006 - rhafer@suse.de
- Backported fix from CVS for occasional crashes in referral
chasing code (as used in e.g. back-meta/back-ldap).
(Bug: #160566, ITS: #4448)
* Mon Mar 13 2006 - rhafer@suse.de
- openldap2 must obsolete -back-monitor and -back-ldap to have them
removed during update (Bug: #157576)
* Fri Feb 17 2006 - rhafer@suse.de
- Add "external" to the list of supported SASL mechanisms
(Bug: #151771)
* Thu Feb 16 2006 - rhafer@suse.de
- Error out when conversion from old configfile to config database
fails (Bug: #135484,#135490 ITS: #4407)
* Mon Feb 13 2006 - rhafer@suse.de
- Don't ignore non-read/write epoll events (Bug: #149993,
ITS: #4395)
- Added update message to /usr/share/update-messages/en/ and enable
it, when update did not succeed.
* Thu Feb 09 2006 - rhafer@suse.de
- OPENLDAP_CHOWN_DIRS honors databases defined in include files
(Bug: #135473)
- Fixed version numbers in README.update
- Fixed GSSAPI binds against Active Directory (Bug: #149390)
* Fri Feb 03 2006 - rhafer@suse.de
- Cleaned up update procedure
- man-pages updates and fixes (Fate: #6365)
* Fri Jan 27 2006 - rhafer@suse.de
- Updated to 2.3.19 (Bug #144371)
* Fri Jan 27 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Jan 25 2006 - rhafer@suse.de
- Updated Admin Guide to latest version
- build slapcat from openldap-2.2.24 and install it to
/usr/sbin/openldap-2.2-slapcat to be able to migrate from
OpenLDAP 2.2.
- removed slapd-backbdb-dbupgrade which is no longer needed
- attempt to dump/reload bdb databases in %%{post}
- Update notes in README.update
* Fri Jan 13 2006 - rhafer@suse.de
- New sysconfig variable OPENLDAP_KRB5_KEYTAB
- Cleanup in default configuration and init scripts
* Wed Jan 11 2006 - rhafer@suse.de
- Updated to 2.3.17
- Remove OPENLDAP_RUN_DB_RECOVER from sysconfig file in %%post
slapd does now automatically recover the database if needed
- Removed unneeded README.SuSE
- Small adjustments to the default DB_CONFIG file
* Mon Jan 09 2006 - rhafer@suse.de
- Updated to 2.3.16
* Mon Dec 19 2005 - rhafer@suse.de
- Fixed filelist (slapd-hdb man-page was missing)
* Fri Dec 09 2005 - rhafer@suse.de
- Fixed build on x86_64
* Wed Dec 07 2005 - rhafer@suse.de
- Merged -back-ldap and -back-monitor subpackages into the main
package and don't build them as dynamic modules anymore.
- updated to OpenLDAP 2.3.13
* Mon Nov 28 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.12
* Wed Oct 26 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.11
- removed the "LDAP_DEPRECATED" workaround
* Mon Sep 26 2005 - rhafer@suse.de
- Add "LDAP_DEPRECATED" to ldap.h for now
* Fri Sep 23 2005 - rhafer@suse.de
- updated to OpenLDAP 2.3.7
* Tue Aug 16 2005 - rhafer@suse.de
- allow start_tls while chasing referrals (Bug #94355, ITS #3791)
* Mon Jul 04 2005 - rhafer@suse.de
- devel-subpackage requires openldap2-client of the same version
(Bugzilla: #93579)
* Thu Jun 30 2005 - uli@suse.de
- build with -fPIE (not -fpie) to avoid GOT overflow on s390*
* Wed Jun 22 2005 - rhafer@suse.de
- build the server packages with -fpie/-pie
* Wed Jun 15 2005 - rhafer@suse.de
- updated to 2.2.27
* Wed May 25 2005 - rhafer@suse.de
- libldap-gethostbyname_r.dif: Use gethostbyname_r instead of
gethostbyname in libldap. Should fix host lookups through
nss_ldap (Bugzilla: #76173)
* Fri May 13 2005 - rhafer@suse.de
- Updated to 2.2.26
- made /%%{_libdir}]/sasl2/slapd.conf %%config(noreplace)
* Thu Apr 28 2005 - rhafer@suse.de
- Added /%%{_libdir}]/sasl2/slapd.conf to avoid warnings about
unconfigured OTP mechanism (Bugzilla: #80588)
* Tue Apr 12 2005 - rhafer@suse.de
- added minimal timeout to startproc in init-script to let it
report the "failed" status correctly in case of misconfiguration
(Bugzilla: #76393)
* Mon Apr 04 2005 - rhafer@suse.de
- crl-check.dif: Implements CRL checking on client and server side
- use different base ports for differnt values of BUILD_INCARNATION
(/.buildenv) to allow parallel runs of the test-suite on a single
machine
* Mon Apr 04 2005 - uli@suse.de
- force yielding-select test to yes (test occasionally hangs QEMU)
* Fri Apr 01 2005 - uli@suse.de
- disable test suite on ARM (hangs QEMU)
* Tue Mar 29 2005 - rhafer@suse.de
- updated to 2.2.24
- enabled back-hdb
* Wed Mar 02 2005 - rhafer@suse.de
- syncrepl.dif: merged latest syncrepl fixes (Bugzilla: #65928)
- libldap-reinit-fdset.dif: Re-init fd_sets when select is
interupted (Bugzilla #50076, ITS: #3524)
* Thu Feb 17 2005 - rhafer@suse.de
- checkproc_before_recover.dif: Check if slapd is stopped before
running db_recover from the init script. (Bugzilla: #50962)
* Tue Feb 01 2005 - rhafer@suse.de
- Cleanup back-bdb databases in %%post, db-4.3 changed the
transaction log format again.
- cosmetic fixes in init script
* Tue Jan 25 2005 - rhafer@suse.de
- updated to 2.2.23
- cleaned up #neededforbuild
- package should also build on older SuSE Linux releases now
- increased killproc timeout in init-script (Bugzilla: #47227)
* Thu Jan 13 2005 - rhafer@suse.de
- updated to 2.2.20
- Removed unneeded dependencies
* Fri Dec 10 2004 - kukuk@suse.de
- don't install *.la files
* Wed Nov 10 2004 - rhafer@suse.de
- updated to 2.2.18
- use kerberos-devel-packages in neededforbuild
* Fri Sep 24 2004 - ro@suse.de
- re-arranged specfile to sequence (header (package/descr)* rest)
so the checking parser is not confused ...
* Fri Sep 24 2004 - rhafer@suse.de
- Added pre_checkin.sh to generate a separate openldap2-client
spec-file from which the openldap2-client and openldap2-devel
subpackages are built. Should reduce build time for libldap as
the test-suite is only executed in openldap2.spec.
* Fri Sep 10 2004 - rhafer@suse.de
- libldap-result.dif: ldapsearch was hanging in select() when
retrieving results from eDirectory through a StartTLS protected
connection (Bugzilla #44942)
* Mon Aug 09 2004 - dobey@suse.de
- added ntlm support
* Tue Aug 03 2004 - rhafer@suse.de
- updated to 2.2.16
- Updated ACLs in slapd_conf.dif to disable default read access
to the "userPKCS12" Attribute
- rc-check-conn.diff: When starting slapd wait until is accepts
connections, or 10 seconds at maximum (Bugzilla #41354)
- Backported -o slp={on|off} feature from OpenLDAP Head and added
new sysconfig variable (OPENLDAP_REGISTER_SLP) to be able
to switch SLP registration on and off. (Bugzilla #39865)
- removed unneeded README.update
* Fri Apr 30 2004 - rhafer@suse.de
- updated to 2.2.11
- remove SLES8 update specific stuff
- Bugzilla #39652: Updated slapd_conf.dif to contain basic access
control
- Bugzilla #39468: Added missing items to yast.schema
- fixed strict-aliasing compiler warnings (strict-aliasing.dif)
* Thu Apr 29 2004 - coolo@suse.de
- build with several jobs if available
* Mon Apr 19 2004 - rhafer@suse.de
- ldapi_url.dif: Fixed paths for LDAPI-socket, pid-file and
args-file (Bugzilla #38790)
- ldbm_modrdn.dif: Fixed back-ldbm modrdn indexing bug (ITS #3059,
Bugzilla #38915)
- modify_check_duplicates.dif: check for duplicate attribute
values in modify requests (ITS #3066/#3097, Bugzilla #38607)
- updated and renamed yast2userconfig.schema to yast.schema as it
contains more that only user configuration now
- syncrepl.dif: addtional fixes for syncrepl (ITS #3055, #3056)
- test_syncrepl_timeout: increased sleep timeout in syncrepl
testsuite
* Thu Apr 01 2004 - rhafer@suse.de
- added "TLS_REQCERT allow" to /etc/openldap/ldap.conf, to make
START_TLS work without access to the CA Certificate.
(Bugzilla: #37393)
* Fri Mar 26 2004 - rhafer@suse.de
- fixed filelist
- check-build.sh (build on kernel >= 2.6.4 hosts only)
- yast2user.schema / slapd.conf fixed (#37076)
- don't check for TLS-options is init-script anymore (#33560)
- fixed various typos in README.update
* Wed Mar 17 2004 - rhafer@suse.de
- fixed build of openldap-2.1-slapcat (using correct db41 include
files, build backends as on sles8)
- attempt to update bdb database and reindex ldbm database in %%{post}
- Update notes in README.update
- better default configuration (including default DB_CONFIG file)
- misc updates for the YaST schema
- fixed crasher in syncrepl-code (syncrepl.dif)
* Tue Mar 16 2004 - schwab@suse.de
- Fix type mismatch.
* Tue Mar 02 2004 - rhafer@suse.de
- updated to 2.2.6
- build a openldap-2.1-slapcat from 2.1.25 sources to be able to
migrate from SLES8 and SL 9.0
* Thu Feb 19 2004 - ro@suse.de
- added check-build.sh (build on 2.6 hosts only)
* Thu Feb 05 2004 - rhafer@suse.de
- updated to 2.2.5
- adjusted rfc2307bis.schema to support UTF-8 values in most
attributes
- enabled proxycache-overlay (wiht fix to work with back-ldbm)
* Tue Jan 13 2004 - rhafer@suse.de
- updated to 2.2.4
- updated Admin Guide to most recent version
* Sat Jan 10 2004 - adrian@suse.de
- add %%defattr
- fix build as user
* Mon Dec 08 2003 - rhafer@suse.de
- updated to 2.1.25
- small fixes for the YaST user schema
* Tue Nov 11 2003 - rhafer@suse.de
- enabled SLP-support
* Fri Oct 17 2003 - kukuk@suse.de
- Remove unused des from neededforbuild
* Tue Sep 02 2003 - mt@suse.de
- Bugzilla #29859: fixed typo in sysconfig metadata,
usage of OPENLDAP_LDAPS_INTERFACES in init script
- added /usr/lib/sasl2/slapd.conf permissions handling
- added sysconfig variable OPENLDAP_SLAPD_PARAMS=""
to support additional slapd start parameters
- added sysconfig variable OPENLDAP_START_LDAPI=NO/yes
for ldapi:/// (LDAP over IPC) URLs
* Thu Aug 14 2003 - rhafer@suse.de
- added activation metadata to sysconfig template (Bugzilla #28911)
- removed lint from specfile
* Thu Aug 07 2003 - rhafer@suse.de
- added %%stop_on_removal and %%restart_on_update calls
- bdb_addcnt.dif fixes a possible endless loop in id2entry()
- addonschema.tar.gz: some extra Schema files (YaST, RFC2307bis)
* Wed Jul 16 2003 - rhafer@suse.de
- removed fillup_only and call fillup_and_insserv correctly
- new Options in sysconfig.openldap: OPENLDAP_LDAP_INTERFACES,
OPENLDAP_LDAPS_INTERFACES and OPENLDAP_RUN_DB_RECOVER
* Tue Jul 01 2003 - rhafer@suse.de
- updated to 2.1.22
- updated Admin Guide to most recent version
- build librewrite with -fPIC
* Mon Jun 16 2003 - rhafer@suse.de
- updated to 2.1.21
* Wed Jun 11 2003 - ro@suse.de
- fixed requires lines
* Mon May 26 2003 - rhafer@suse.de
- don't link back-ldap against librewrite.a, it's already linked
into slapd (package should build on non-i386 Archs again)
* Fri May 23 2003 - rhafer@suse.de
- fixed dynamic build of back-ldap
- new subpackage back-ldap
* Tue May 20 2003 - rhafer@suse.de
- updated to version 2.1.20
- enabled dynamic backend modules
- new subpackages back-perl, back-meta and back-monitor
- remove unpacked files from BuildRoot
* Fri May 09 2003 - rhafer@suse.de
- updated to version 2.1.19
* Wed Apr 16 2003 - ro@suse.de
- fixed requires for devel-package ...
* Tue Apr 15 2003 - ro@suse.de
- fixed neededforbuild
* Thu Feb 13 2003 - kukuk@suse.de
- Enable IPv6 again
* Tue Feb 11 2003 - rhafer@suse.de
- added /etc/openldap to filelist
* Mon Feb 03 2003 - rhafer@suse.de
- switch default backend to ldbm
* Sun Feb 02 2003 - ro@suse.de
- fixed requires for devel package (cyrus-sasl2-devel)
* Fri Jan 31 2003 - rhafer@suse.de
- liblber.dif: Fixes two bugs in liblber by which remote attackers
could crash the LDAP server (Bugzilla #22469, OpenLDAP ITS #2275
and #2280)
* Tue Jan 14 2003 - choeger@suse.de
- build using sasl2
* Mon Jan 13 2003 - rhafer@suse.de
- updated to version 2.1.12
- added metadata to sysconfig template (Bug: #22666)
* Thu Nov 28 2002 - rhafer@suse.de
- updated to version 2.1.8
- added additional fix of 64bit archs
- added secpatch.dif to fix setuid issues in libldap
* Fri Sep 06 2002 - rhafer@suse.de
- fix for Bugzilla ID #18981, chown to OPENLDAP_USER didn't work
with multiple database backend directories
* Mon Sep 02 2002 - rhafer@suse.de
- removed damoenstart_ipv6.diff and disabled IPv6 support due to
massive problems with nss_ldap
* Mon Aug 26 2002 - rhafer@suse.de
- ldap_user.dif: slapd is now run a the user/group ldap (Bugzilla
ID#17697)
* Fri Aug 23 2002 - rhafer@suse.de
- updated to version 2.1.4, which fixes tons of bugs
- added damoenstart_ipv6.diff (slapd was not starting when
configured to listen on IPv4 and IPv6 interfaces, as done by the
start script)
- added README.SuSE with some hints about the bdb-backend
- updated filelist to include only the man pages of the backends,
that were built
* Thu Aug 15 2002 - rhafer@suse.de
- removed termcap and readline from neededforbuild
* Thu Aug 08 2002 - rhafer@suse.de
- enabled {CRYPT} passwords
- update filelist (added new manpages)
* Thu Jul 25 2002 - rhafer@suse.de
- patches for 64 bit architectures
* Fri Jul 19 2002 - rhafer@suse.de
- update to 2.1.3
* Fri Jul 05 2002 - kukuk@suse.de
- fix openldap2-devel requires
* Thu Jul 04 2002 - rhafer@suse.de
- switched back from cyrus-sasl2 to cyrus-sasl
* Wed Jul 03 2002 - rhafer@suse.de
- updated to OpenLDAP 2.1.2
- added the OpenLDAP Administration Guide
- enabled additional backends (ldap, meta, monitor)
* Mon Jun 10 2002 - olh@suse.de
- hack build/ltconfig to build shared libs on ppc64
* Wed Jun 05 2002 - rhafer@suse.de
- created /etc/sysconfig/openldap and OPENLDAP_START_LDAPS variable
to enable ldap over ssl support
* Thu Mar 07 2002 - rhafer@suse.de
- Fix for Bugzilla ID#14569 (added cyrus-sasl-devel openssl-devel
to the "Requires" Section of the -devel subpackage)
* Mon Feb 18 2002 - rhafer@suse.de
- updated to the latest STABLE release (2.0.23) which fixes some
nasty bugs see ITS #1562,#1582,#1577,#1578
* Thu Feb 07 2002 - rhafer@suse.de
- updated to the latest release (which fixes a index corruption
bug)
- cleanup in neededforbuild
- small fixes for the init-scripts
* Thu Jan 17 2002 - rhafer@suse.de
- updated to the latest stable release (2.0.21)
* Wed Jan 16 2002 - egmont@suselinux.hu
- removed periods and colons from startup/shutdown messages
* Tue Jan 15 2002 - rhafer@suse.de
- updated to v2.0.20 (which fixes a security hole in ACL
processing)
* Fri Jan 11 2002 - rhafer@suse.de
- converted archive to bzip2
- makes use of %%{_libdir} now
- set CFLAGS to -O0 for archs ia64, s390(x) and alpha otherwise
the test suite fails on these archs
- changed slapd.conf to store the database under /var/lib/ldap
(this patch was missing in the last versions by accident)
* Mon Jan 07 2002 - rhafer@suse.de
- update to v2.0.19
* Thu Dec 06 2001 - rhafer@suse.de
- eliminated START_LDAP, START_SLURPD variables in rc.config
- created separate init script for slurpd
- moved init scripts from dif to separate source tgz
* Fri Oct 26 2001 - choeger@suse.de
- update to v2.0.18
* Mon Oct 15 2001 - choeger@suse.de
- update to v2.0.17
added a sleep to the restart section
moved some manpages to the client package
* Mon Oct 01 2001 - choeger@suse.de
- update to v2.0.15
* Wed Sep 12 2001 - choeger@suse.de
- backported the full bugfix from openldap-2.0.14
* Tue Sep 11 2001 - choeger@suse.de
- Bugfix for slurpd millionth second bug (ITS#1323)
* Mon Sep 10 2001 - choeger@suse.de
- moved ldapfilter.conf ldaptemplates.conf ldapsearchprefs.conf
to openldap2-client package
* Mon Sep 03 2001 - choeger@suse.de
- update to version 2.0.12
* Mon Jul 02 2001 - choeger@suse.de
- bugfix: init script was not LSB compliant, Bugzilla ID#9072
* Tue Jun 19 2001 - ro@suse.de
- fixed for autoconf again
* Fri Jun 15 2001 - choeger@suse.de
- update to 2.0.11
- removed autoconf in specfile, because it doesn't work
* Wed May 23 2001 - choeger@suse.de
- update to version 2.0.10 (minor fixes)
* Tue May 22 2001 - choeger@suse.de
- update to version 2.0.9
* Mon Apr 23 2001 - choeger@suse.de
- removed kerberos support
- added aci support
* Fri Apr 20 2001 - choeger@suse.de
- added kerberos support
* Thu Apr 05 2001 - choeger@suse.de
- moved section 5 and 8 manpages to the server part of package
* Wed Mar 14 2001 - kukuk@suse.de
- Move *.so links into -devel package
- -devel requires -client
* Thu Mar 08 2001 - choeger@suse.de
- split up into openldap2-client and -devel
* Tue Feb 27 2001 - ro@suse.de
- changed neededforbuild <cyrus-sasl> to <cyrus-sasl cyrus-sasl-devel>
* Fri Feb 23 2001 - ro@suse.de
- added readline/readline-devel to neededforbuild (split from bash)
* Thu Jan 04 2001 - choeger@suse.de
- bugfix: slapd.conf rename /var/lib/openldap-ldbm to
/var/lib/ldap
init script: use $remote_fs
* Tue Jan 02 2001 - olh@suse.de
- use script name in %%post
* Thu Dec 07 2000 - choeger@suse.de
- bugfix from Andreas Jaeger:
workaround for glibc2.2, detach
* Fri Dec 01 2000 - ro@suse.de
- hacked configure for apparently broken pthread
* Fri Dec 01 2000 - ro@suse.de
- fixed spec
* Thu Nov 23 2000 - choeger@suse.de
- made configs %%config(noreplace) (Bug 4112)
- fixed neededforbuild
* Wed Nov 22 2000 - choeger@suse.de
- adopted new init scheme
* Wed Nov 15 2000 - choeger@suse.de
- fixed neededforbuild
* Fri Nov 10 2000 - choeger@suse.de
- added buildroot
* Tue Nov 07 2000 - choeger@suse.de
- long package name
- new version, 2.0.7
* Fri Oct 06 2000 - choeger@suse.de
- first package of openldap2 (v2.0.6)

170
pie-compile.dif Normal file
View File

@ -0,0 +1,170 @@
--- build/top.mk 2005/06/22 09:26:29 1.3
+++ build/top.mk 2005/06/22 12:20:52
@@ -169,9 +169,9 @@
WRAP_LIBS = @WRAP_LIBS@
# AutoConfig generated
AC_CC = @CC@
-AC_CFLAGS = @CFLAGS@
+AC_CFLAGS = @CFLAGS@ $(PIE_CFLAGS)
AC_DEFS = @CPPFLAGS@ # @DEFS@
-AC_LDFLAGS = @LDFLAGS@
+AC_LDFLAGS = @LDFLAGS@ $(PIE_LDFLAGS)
AC_LIBS = @LIBS@
KRB4_LIBS = @KRB4_LIBS@
--- libraries/liblunicode/Makefile.in 2005/06/22 12:25:47 1.1
+++ libraries/liblunicode/Makefile.in 2005/06/22 12:26:18
@@ -29,6 +29,9 @@
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
ucgendat: $(XLIBS) ucgendat.o
$(LTLINK) -o $@ ucgendat.o $(LIBS)
./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt
--- libraries/liblutil/Makefile.in 2005/06/22 12:29:51 1.1
+++ libraries/liblutil/Makefile.in 2005/06/22 12:30:20
@@ -19,6 +19,9 @@
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
NT_SRCS = ntservice.c
NT_OBJS = ntservice.o slapdmsg.res
--- servers/slapd/Makefile.in 2005/06/22 09:28:52 1.1
+++ servers/slapd/Makefile.in 2005/06/22 10:04:38
@@ -67,6 +67,9 @@
SLAPI_LIBS=@LIBSLAPI@ @SLAPI_LIBS@
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
XDEFS = $(MODULES_CPPFLAGS)
XLDFLAGS = $(MODULES_LDFLAGS)
--- servers/slurpd/Makefile.in 2005/06/22 09:28:58 1.1
+++ servers/slurpd/Makefile.in 2005/06/22 10:05:30
@@ -38,6 +38,9 @@
all-local-srv: $(PROGRAMS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
# $(LTHREAD_LIBS) must be last!
XLIBS = $(SLURPD_L)
XXLIBS = $(SLURPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS)
--- servers/slapd/back-bdb/Makefile.in 2005/06/22 10:05:47 1.1
+++ servers/slapd/back-bdb/Makefile.in 2005/06/22 10:06:22
@@ -37,6 +37,9 @@
MOD_DEFS = $(@BUILD_BDB@_DEFS)
MOD_LIBS = $(LDBM_LIBS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
--- servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:01 1.1
+++ servers/slapd/back-hdb/Makefile.in 2005/06/22 11:31:41
@@ -39,6 +39,9 @@
MOD_DEFS = $(@BUILD_HDB@_DEFS)
MOD_LIBS = $(LDBM_LIBS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
--- servers/slapd/back-ldbm/Makefile.in 2005/06/22 10:05:41 1.1
+++ servers/slapd/back-ldbm/Makefile.in 2005/06/22 11:30:52
@@ -36,6 +36,9 @@
MOD_DEFS = $(@BUILD_LDBM@_DEFS)
MOD_LIBS = $(LDBM_LIBS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
--- servers/slapd/overlays/Makefile.in 2005/06/22 12:35:29 1.1
+++ servers/slapd/overlays/Makefile.in 2005/06/22 12:35:47
@@ -19,6 +19,9 @@
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
MOD_DEFS = -DSLAPD_IMPORT
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
--- servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:31 1.1
+++ servers/slapd/back-relay/Makefile.in 2005/09/23 09:59:12
@@ -24,6 +24,9 @@
mod_DEFS = -DSLAPD_IMPORT
MOD_DEFS = $(@BUILD_RELAY@_DEFS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) $(REWRITE)
--- servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:52 1.1
+++ servers/slapd/back-ldif/Makefile.in 2005/09/23 09:58:54
@@ -25,6 +25,9 @@
mod_DEFS = -DSLAPD_IMPORT
MOD_DEFS = $(yes_DEFS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
--- libraries/librewrite/Makefile.in 2005/09/23 10:16:37 1.1
+++ libraries/librewrite/Makefile.in 2005/09/23 10:18:36
@@ -26,6 +26,9 @@
LDAP_INCDIR= ../../include
LDAP_LIBDIR= ../../libraries
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
LIBRARY = librewrite.a
PROGRAMS = rewrite
XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) \
--- servers/slapd/back-ldap/Makefile.in 2005/12/09 08:58:44 1.1
+++ servers/slapd/back-ldap/Makefile.in 2005/12/09 08:59:28
@@ -27,6 +27,9 @@
mod_DEFS = -DSLAPD_IMPORT
MOD_DEFS = $(@BUILD_LDAP@_DEFS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
--- servers/slapd/back-monitor/Makefile.in 2005/12/09 08:58:55 1.1
+++ servers/slapd/back-monitor/Makefile.in 2005/12/09 08:59:48
@@ -33,6 +33,9 @@
mod_DEFS = -DSLAPD_IMPORT
MOD_DEFS = $(@BUILD_MONITOR@_DEFS)
+PIE_CFLAGS="-fPIE"
+PIE_LDFLAGS="-pie"
+
shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)

11
pre_checkin.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
echo -n "Generating openldap2-client "
cp openldap2.changes openldap2-client.changes
cp openldap2.spec openldap2-client.spec
perl -pi -e "s/^Name:.*openldap2$/Name: openldap2-client/g" openldap2-client.spec
echo "Done."

0
ready Normal file
View File

1
sasl-slapd.conf Normal file
View File

@ -0,0 +1 @@
mech_list: gssapi digest-md5 cram-md5 external

16
secpatch.dif Normal file
View File

@ -0,0 +1,16 @@
--- libraries/libldap/init.c 2004/01/08 10:44:36 1.1
+++ libraries/libldap/init.c 2004/01/08 10:44:45
@@ -558,6 +558,7 @@
#endif
openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
+ if( getuid() == geteuid() ){
openldap_ldap_init_w_userconf(LDAP_USERRC_FILE);
{
@@ -611,4 +612,5 @@
}
openldap_ldap_init_w_env(gopts, NULL);
+ }
}

View File

@ -0,0 +1,133 @@
Index: openldap-2.3.24/servers/slapd/back-ldap/chain.c
===================================================================
--- openldap-2.3.24.orig/servers/slapd/back-ldap/chain.c
+++ openldap-2.3.24/servers/slapd/back-ldap/chain.c
@@ -90,10 +90,12 @@ typedef struct ldap_chain_t {
unsigned lc_flags;
#define LDAP_CHAIN_F_NONE (0x00U)
#define LDAP_CHAIN_F_CHAINING (0x01U)
-#define LDAP_CHAIN_F_CACHE_URI (0x10U)
+#define LDAP_CHAIN_F_CACHE_URI (0x02U)
+#define LDAP_CHAIN_F_RETURN_ERR (0x04U)
#define LDAP_CHAIN_CHAINING( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_CHAINING ) == LDAP_CHAIN_F_CHAINING )
#define LDAP_CHAIN_CACHE_URI( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_CACHE_URI ) == LDAP_CHAIN_F_CACHE_URI )
+#define LDAP_CHAIN_RETURN_ERR( lc ) ( ( (lc)->lc_flags & LDAP_CHAIN_F_RETURN_ERR ) == LDAP_CHAIN_F_RETURN_ERR )
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
LDAPControl lc_chaining_ctrl;
@@ -475,6 +477,7 @@ static int
ldap_chain_response( Operation *op, SlapReply *rs )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+ ldap_chain_t *lc = (ldap_chain_t *)on->on_bi.bi_private;
void *private = op->o_bd->be_private;
slap_callback *sc = op->o_callback,
sc2 = { 0 };
@@ -796,11 +799,16 @@ cannot_chain:;
default:
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
- rc = SLAP_CB_CONTINUE;
- rs->sr_err = sr_err;
- rs->sr_type = sr_type;
- rs->sr_matched = matched;
- rs->sr_ref = ref;
+ if( LDAP_CHAIN_RETURN_ERR(lc) ){
+ rs->sr_err = rc;
+ rs->sr_type = sr_type;
+ } else {
+ rc = SLAP_CB_CONTINUE;
+ rs->sr_err = sr_err;
+ rs->sr_type = sr_type;
+ rs->sr_matched = matched;
+ rs->sr_ref = ref;
+ }
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
break;
}
@@ -858,7 +866,8 @@ str2chain( const char *s )
enum {
CH_CHAINING = 1,
- CH_CACHE_URI = 2,
+ CH_CACHE_URI,
+ CH_RETURN_ERR,
CH_LAST
};
@@ -880,6 +889,11 @@ static ConfigTable chaincfg[] = {
"( OLcfgOvAt:3.2 NAME 'olcCacheURI' "
"DESC 'Enables caching of URIs not present in configuration' "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+ { "chain-return-error", "TRUE/FALSE",
+ 2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_RETURN_ERR, chain_cf_gen,
+ "( OLcfgOvAt:3.4 NAME 'olcChainReturnError' "
+ "DESC 'Errors are returned instead of the original referral' "
+ "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
};
@@ -892,7 +906,8 @@ static ConfigOCs chainocs[] = {
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
"olcChainingBehavior $ "
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
- "olcCacheURI "
+ "olcCacheURI $ "
+ "olcChainReturnError "
") )",
Cft_Overlay, chaincfg, NULL, chain_cfadd },
{ "( OLcfgOvOc:3.2 "
@@ -1109,6 +1124,9 @@ chain_cf_gen( ConfigArgs *c )
case CH_CACHE_URI:
c->value_int = LDAP_CHAIN_CACHE_URI( lc );
break;
+ case CH_RETURN_ERR:
+ c->value_int = LDAP_CHAIN_RETURN_ERR( lc );
+ break;
default:
assert( 0 );
@@ -1124,6 +1142,9 @@ chain_cf_gen( ConfigArgs *c )
case CH_CACHE_URI:
lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI;
break;
+ case CH_RETURN_ERR:
+ lc->lc_flags &= ~LDAP_CHAIN_F_RETURN_ERR;
+ break;
default:
return 1;
@@ -1256,6 +1277,13 @@ chain_cf_gen( ConfigArgs *c )
lc->lc_flags &= ~LDAP_CHAIN_F_CACHE_URI;
}
break;
+ case CH_RETURN_ERR:
+ if ( c->value_int ) {
+ lc->lc_flags |= LDAP_CHAIN_F_RETURN_ERR;
+ } else {
+ lc->lc_flags &= ~LDAP_CHAIN_F_RETURN_ERR;
+ }
+ break;
default:
assert( 0 );
Index: openldap-2.3.24/doc/man/man5/slapo-chain.5
===================================================================
--- openldap-2.3.24.orig/doc/man/man5/slapo-chain.5
+++ openldap-2.3.24/doc/man/man5/slapo-chain.5
@@ -79,6 +79,14 @@ These URIs inherit the properties config
\fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP
directive; in detail, they are essentially chained anonymously.
.TP
+.B chain-return-error {FALSE|true}
+In case referral chasing fails, the real error is returned instead
+of the original referral. In case multiple referral URIs are present,
+only the first error is returned. This behavior may not be always
+appropriate nor desirable, since failures in referral chasing might be
+better resolved by the client (e.g. when caused by distributed
+authentication issues).
+.TP
.B chain-uri <ldapuri>
This directive instantiates a new underlying \fIldap\fP database
and instructs it about which URI to contact to chase referrals.

100
slapd_conf.dif Normal file
View File

@ -0,0 +1,100 @@
Index: servers/slapd/slapd.conf
===================================================================
--- servers/slapd/slapd.conf.orig
+++ servers/slapd/slapd.conf
@@ -3,6 +3,10 @@
# This file should NOT be world readable.
#
include %SYSCONFDIR%/schema/core.schema
+include %SYSCONFDIR%/schema/cosine.schema
+include %SYSCONFDIR%/schema/inetorgperson.schema
+include %SYSCONFDIR%/schema/rfc2307bis.schema
+include %SYSCONFDIR%/schema/yast.schema
# Define global ACLs to disable default read access.
@@ -10,16 +14,15 @@ include %SYSCONFDIR%/schema/core.schema
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
-pidfile %LOCALSTATEDIR%/run/slapd.pid
-argsfile %LOCALSTATEDIR%/run/slapd.args
+pidfile %LOCALSTATEDIR%/slapd.pid
+argsfile %LOCALSTATEDIR%/slapd.args
# Load dynamic backend modules:
-# modulepath %MODULEDIR%
-# moduleload back_bdb.la
+modulepath %MODULEDIR%
# moduleload back_ldap.la
-# moduleload back_ldbm.la
-# moduleload back_passwd.la
-# moduleload back_shell.la
+# moduleload back_meta.la
+# moduleload back_monitor.la
+# moduleload back_perl.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
@@ -28,20 +31,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
-# Root DSE: allow anyone to read it
-# Subschema (sub)entry DSE: allow anyone to read it
-# Other DSEs:
-# Allow self write access
-# Allow authenticated users read access
-# Allow anonymous users to authenticate
-# Directives needed to implement policy:
-# access to dn.base="" by * read
-# access to dn.base="cn=Subschema" by * read
-# access to *
-# by self write
-# by users read
-# by anonymous auth
-#
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access to user password
+# Allow anonymous users to authenticate
+# Allow read access to everything else
+# Directives needed to implement policy:
+access to dn.base=""
+ by * read
+
+access to dn.base="cn=Subschema"
+ by * read
+
+access to attrs=userPassword,userPKCS12
+ by self write
+ by * auth
+
+access to attrs=shadowLastChange
+ by self write
+ by * read
+
+access to *
+ by * read
+
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
@@ -54,6 +67,8 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
database bdb
suffix "dc=my-domain,dc=com"
+checkpoint 1024 5
+cachesize 10000
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
@@ -62,6 +77,6 @@ rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
-directory %LOCALSTATEDIR%/openldap-data
+directory /var/lib/ldap
# Indices to maintain
index objectClass eq