Accepting request 965879 from network:ldap

OBS-URL: https://build.opensuse.org/request/show/965879 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openldap2?expand=0&rev=172
2022-04-02 16:19:54 +00:00 · 2022-04-02 16:19:54 +00:00 · b3c80ad8dc
commit b3c80ad8dc
parent ff084bce11 67bef5017a
19 changed files with 265 additions and 770 deletions
--- a/0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
+++ b/0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
@ -1,66 +0,0 @@
-From 348588561c694784a8106871b0d5fe578007ea4e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20Str=C3=B6der?= <michael@stroeder.com>
-Date: Fri, 26 Oct 2018 16:40:23 +0200
-Subject: [PATCH] ITS#8866 slapo-unique to return filter used in diagnostic
- message
-
---
- servers/slapd/overlays/unique.c | 27 +++++++++++++++++----------
- 1 file changed, 17 insertions(+), 10 deletions(-)
-
-diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c
-index ed62d03b8..a7723cf5d 100644
--- a/servers/slapd/overlays/unique.c
-+++ b/servers/slapd/overlays/unique.c
-@@ -965,6 +965,8 @@ unique_search(
- 	slap_callback cb = { NULL, NULL, NULL, NULL }; /* XXX */
- 	unique_counter uq = { NULL, 0 };
- 	int rc;
-+	char *errmsg;
-+	int errmsgsize;
- 
- 	Debug(LDAP_DEBUG_TRACE, "==> unique_search %s\n", key->bv_val, 0, 0);
- 
-@@ -998,24 +1000,29 @@ unique_search(
- 	nop->o_bd = on->on_info->oi_origdb;
- 	rc = nop->o_bd->be_search(nop, &nrs);
- 	filter_free_x(nop, nop->ors_filter, 1);
-	op->o_tmpfree( key->bv_val, op->o_tmpmemctx );
- 
- 	if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
- 		op->o_bd->bd_info = (BackendInfo *) on->on_info;
- 		send_ldap_error(op, rs, rc, "unique_search failed");
-		return(rs->sr_err);
-	}
-
-	Debug(LDAP_DEBUG_TRACE, "=> unique_search found %d records\n", uq.count, 0, 0);
-+		rc = rs->sr_err;
-+	} else if(uq.count) {
-+		Debug(LDAP_DEBUG_TRACE, "=> unique_search found %d records\n", uq.count, 0, 0);
- 
-	if(uq.count) {
-+		errmsgsize = sizeof("non-unique attributes found with ") + key->bv_len;
-+		errmsg = op->o_tmpalloc(errmsgsize, op->o_tmpmemctx);
-+		snprintf( errmsg, errmsgsize, "non-unique attributes found with %s", key->bv_val );
- 		op->o_bd->bd_info = (BackendInfo *) on->on_info;
-		send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION,
-			"some attributes not unique");
-		return(rs->sr_err);
-+		send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, errmsg);
-+		op->o_tmpfree(errmsg, op->o_tmpmemctx);
-+		rc = rs->sr_err;
-+	} else {
-+		Debug(LDAP_DEBUG_TRACE, "=> unique_search found no records\n", 0, 0, 0);
-+		rc = SLAP_CB_CONTINUE;
- 	}
- 
-	return(SLAP_CB_CONTINUE);
-+	op->o_tmpfree( key->bv_val, op->o_tmpmemctx );
-+
-+	return(rc);
- }
- 
- static int
-- 
-2.19.1
-
--- a/0005-pie-compile.dif
+++ b/0005-pie-compile.dif
@ -5,10 +5,10 @@ Subject: pie compile


 diff --git a/build/top.mk b/build/top.mk
-index 633c9a4..c67289d 100644
+index 38ce146d7..d7fee4ec2 100644
 --- a/build/top.mk
 +++ b/build/top.mk
-@@ -107,7 +107,7 @@ LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS)
+@@ -111,7 +111,7 @@ OL_VERSIONED_SYMBOLS = @OL_VERSIONED_SYMBOLS@
 LTSTATIC = @LTSTATIC@

 LTLINK   = $(LIBTOOL) --mode=link \
@ -17,8 +17,8 @@ index 633c9a4..c67289d 100644

 LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=compile \
 	$(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c
-@@ -116,7 +116,7 @@ LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
- 	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB)
+@@ -120,7 +120,7 @@ LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
+ 	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(SYMBOL_VERSION_FLAGS)

 LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
 -	$(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
@ -26,7 +26,7 @@ index 633c9a4..c67289d 100644

 LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \
 	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD)
-@@ -206,7 +206,7 @@ SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LI
+@@ -214,7 +214,7 @@ LLOADD_LIBS = @BALANCER_LIBS@ $(LEVENT_LIBS)
 # Our Defaults
 CC = $(AC_CC)
 DEFS = $(LDAP_INCPATH) $(XINCPATH) $(XDEFS) $(AC_DEFS) $(DEFINES)
@ -35,34 +35,8 @@ index 633c9a4..c67289d 100644
 LDFLAGS = $(LDAP_LIBPATH) $(AC_LDFLAGS) $(XLDFLAGS)
 LIBS = $(XLIBS) $(XXLIBS) $(AC_LIBS) $(XXXLIBS)

-diff --git a/servers/slapd/back-bdb/Makefile.in b/servers/slapd/back-bdb/Makefile.in
-index da7da0c..dcb6d92 100644
--- a/servers/slapd/back-bdb/Makefile.in
-+++ b/servers/slapd/back-bdb/Makefile.in
-@@ -33,6 +33,8 @@ LDAP_LIBDIR= ../../../libraries
- BUILD_OPT = "--enable-bdb"
- BUILD_MOD = @BUILD_BDB@
- 
-+PIE_CFLAGS="-fPIE"
-+
- mod_DEFS = -DSLAPD_IMPORT
- MOD_DEFS = $(@BUILD_BDB@_DEFS)
- MOD_LIBS = $(BDB_LIBS)
-diff --git a/servers/slapd/back-hdb/Makefile.in b/servers/slapd/back-hdb/Makefile.in
-index 5af828f..6f43f7b 100644
--- a/servers/slapd/back-hdb/Makefile.in
-+++ b/servers/slapd/back-hdb/Makefile.in
-@@ -37,6 +37,8 @@ LDAP_LIBDIR= ../../../libraries
- BUILD_OPT = "--enable-hdb"
- BUILD_MOD = @BUILD_HDB@
- 
-+PIE_CFLAGS="-fPIE"
-+
- mod_DEFS = -DSLAPD_IMPORT
- MOD_DEFS = $(@BUILD_HDB@_DEFS)
- MOD_LIBS = $(BDB_LIBS)
 diff --git a/servers/slapd/back-ldap/Makefile.in b/servers/slapd/back-ldap/Makefile.in
-index 392d92e..3a0663d 100644
+index 71400ca1b..6427165c6 100644
 --- a/servers/slapd/back-ldap/Makefile.in
 +++ b/servers/slapd/back-ldap/Makefile.in
@@ -26,6 +26,8 @@ LDAP_LIBDIR= ../../../libraries
@ -75,7 +49,7 @@ index 392d92e..3a0663d 100644
 MOD_DEFS = $(@BUILD_LDAP@_DEFS)

 diff --git a/servers/slapd/back-ldif/Makefile.in b/servers/slapd/back-ldif/Makefile.in
-index 5e4abc1..1e8c454 100644
+index 225c8dd19..2f07c067b 100644
 --- a/servers/slapd/back-ldif/Makefile.in
 +++ b/servers/slapd/back-ldif/Makefile.in
@@ -22,6 +22,8 @@ LDAP_LIBDIR= ../../../libraries
@ -88,10 +62,10 @@ index 5e4abc1..1e8c454 100644
 MOD_DEFS = $(yes_DEFS)

 diff --git a/servers/slapd/back-mdb/Makefile.in b/servers/slapd/back-mdb/Makefile.in
-index 9b01d2a..e37520a 100644
+index 6d64824da..9bbf8747d 100644
 --- a/servers/slapd/back-mdb/Makefile.in
 +++ b/servers/slapd/back-mdb/Makefile.in
-@@ -34,6 +34,8 @@ MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/libmdb
+@@ -34,6 +34,8 @@ MDB_SUBDIR = $(srcdir)/$(LDAP_LIBDIR)/liblmdb
 BUILD_OPT = "--enable-mdb"
 BUILD_MOD = @BUILD_MDB@

@ -101,20 +75,20 @@ index 9b01d2a..e37520a 100644
 MOD_DEFS = $(@BUILD_MDB@_DEFS)
 MOD_LIBS = $(MDB_LIBS)
 diff --git a/servers/slapd/back-monitor/Makefile.in b/servers/slapd/back-monitor/Makefile.in
-index 9aecdbc..11c962c 100644
+index 200a1c65c..6b2afffb9 100644
 --- a/servers/slapd/back-monitor/Makefile.in
 +++ b/servers/slapd/back-monitor/Makefile.in
@@ -30,6 +30,8 @@ LDAP_LIBDIR= ../../../libraries
 BUILD_OPT = "--enable-monitor"
- BUILD_MOD = @BUILD_MONITOR@
+ BUILD_MOD = yes

 +PIE_CFLAGS="-fPIE"
 +
 mod_DEFS = -DSLAPD_IMPORT
- MOD_DEFS = $(@BUILD_MONITOR@_DEFS)
+ MOD_DEFS = $(yes_DEFS)

 diff --git a/servers/slapd/back-relay/Makefile.in b/servers/slapd/back-relay/Makefile.in
-index 90ea4b3..ff2f429 100644
+index 71d74a171..60b44afd8 100644
 --- a/servers/slapd/back-relay/Makefile.in
 +++ b/servers/slapd/back-relay/Makefile.in
@@ -22,6 +22,8 @@ LDAP_LIBDIR= ../../../libraries
@ -125,7 +99,3 @@ index 90ea4b3..ff2f429 100644
 +
 mod_DEFS = -DSLAPD_IMPORT
 MOD_DEFS = $(@BUILD_RELAY@_DEFS)
- 
-- 
-1.7.10.4
-
--- a/0007-Recover-on-DB-version-change.dif
+++ b/0007-Recover-on-DB-version-change.dif
@ -1,29 +0,0 @@
-From 895fa6d9b49344e1a92f7df3ed65458519e22f98 Mon Sep 17 00:00:00 2001
-From: Ralf Haferkamp <rhafer@suse.de>
-Date: Tue, 5 Oct 2010 14:20:22 +0200
-Subject: Recover on DB version change
-
-If the libdb Version changed try to recover the database. Note: This will
-only succeed if only the format of transaction logs changed.
-
-diff --git a/servers/slapd/back-bdb/init.c b/servers/slapd/back-bdb/init.c
-index ac5a6d5..fea5cb4 100644
--- a/servers/slapd/back-bdb/init.c
-+++ b/servers/slapd/back-bdb/init.c
-@@ -330,6 +330,13 @@ shm_retry:
- 	rc = (bdb->bi_dbenv->open)( bdb->bi_dbenv, dbhome,
- 			flags | do_recover, bdb->bi_dbenv_mode );
- 
-+	if ( rc == DB_VERSION_MISMATCH ) {
-+		Debug( LDAP_DEBUG_ANY,
-+				LDAP_XSTRING(bdb_db_open) ": bdb version change detected "
-+				"trying to recover\n", 0, 0, 0 );
-+		rc = (bdb->bi_dbenv->open)( bdb->bi_dbenv, dbhome,
-+				flags | DB_RECOVER, bdb->bi_dbenv_mode );
-+	}
- 	if ( rc ) {
- 		/* Regular open failed, probably a missing shm environment.
- 		 * Start over, do a recovery.
-- 
-1.7.10.4
-
--- a/0008-In-monitor-backend-do-not-return-Connection0-entries.patch
+++ b/0008-In-monitor-backend-do-not-return-Connection0-entries.patch
@ -9,10 +9,10 @@ Subject: [PATCH] In monitor backend, do not return Connection0 entries as they
 1 file changed, 5 insertions(+)

 diff --git a/servers/slapd/back-monitor/conn.c b/servers/slapd/back-monitor/conn.c
-index c1995b0..2d27738 100644
+index 4d327f243..c4d3c6237 100644
 --- a/servers/slapd/back-monitor/conn.c
 +++ b/servers/slapd/back-monitor/conn.c
-@@ -454,6 +454,11 @@ monitor_subsys_conn_create(
+@@ -456,6 +456,11 @@ monitor_subsys_conn_create(
 				c != NULL;
 				c = connection_next( c, &connindex ) )
 		{
@ -23,7 +23,4 @@ index c1995b0..2d27738 100644
 +
 			monitor_entry_t 	*mp;

- 			if ( conn_create( mi, c, &e, ms ) != SLAP_CB_CONTINUE
-- 
-2.1.4
-
+ 			/* ignore outbound for now, nothing to show */
--- a/0011-openldap-re24-its7796.patch
+++ b/0011-openldap-re24-its7796.patch
@ -1,80 +0,0 @@
-diff --git a/servers/slapd/back-bdb/filterindex.c b/servers/slapd/back-bdb/filterindex.c
-index 71e3ea4..bafef72 100644
--- a/servers/slapd/back-bdb/filterindex.c
-+++ b/servers/slapd/back-bdb/filterindex.c
-@@ -741,7 +741,7 @@ equality_candidates(
- 		&db, &mask, &prefix );
- 
- 	if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
-+		Debug( LDAP_DEBUG_TRACE,
- 			"<= bdb_equality_candidates: (%s) not indexed\n", 
- 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
- 		return 0;
-@@ -858,7 +858,7 @@ approx_candidates(
- 		&db, &mask, &prefix );
- 
- 	if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
-+		Debug( LDAP_DEBUG_TRACE,
- 			"<= bdb_approx_candidates: (%s) not indexed\n",
- 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
- 		return 0;
-@@ -978,7 +978,7 @@ substring_candidates(
- 		&db, &mask, &prefix );
- 
- 	if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
-+		Debug( LDAP_DEBUG_TRACE,
- 			"<= bdb_substring_candidates: (%s) not indexed\n",
- 			sub->sa_desc->ad_cname.bv_val, 0, 0 );
- 		return 0;
-@@ -1095,7 +1095,7 @@ inequality_candidates(
- 		&db, &mask, &prefix );
- 
- 	if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
-+		Debug( LDAP_DEBUG_TRACE,
- 			"<= bdb_inequality_candidates: (%s) not indexed\n", 
- 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
- 		return 0;
-diff --git a/servers/slapd/back-mdb/filterindex.c b/servers/slapd/back-mdb/filterindex.c
-index 58c1cc8..20c58b7 100644
--- a/servers/slapd/back-mdb/filterindex.c
-+++ b/servers/slapd/back-mdb/filterindex.c
-@@ -709,7 +709,7 @@ equality_candidates(
- 		&dbi, &mask, &prefix );
- 
- 	if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
-+		Debug( LDAP_DEBUG_TRACE,
- 			"<= mdb_equality_candidates: (%s) not indexed\n", 
- 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
- 		return 0;
-@@ -825,7 +825,7 @@ approx_candidates(
- 		&dbi, &mask, &prefix );
- 
- 	if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
-+		Debug( LDAP_DEBUG_TRACE,
- 			"<= mdb_approx_candidates: (%s) not indexed\n",
- 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
- 		return 0;
-@@ -944,7 +944,7 @@ substring_candidates(
- 		&dbi, &mask, &prefix );
- 
- 	if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
-+		Debug( LDAP_DEBUG_TRACE,
- 			"<= mdb_substring_candidates: (%s) not indexed\n",
- 			sub->sa_desc->ad_cname.bv_val, 0, 0 );
- 		return 0;
-@@ -1060,7 +1060,7 @@ inequality_candidates(
- 		&dbi, &mask, &prefix );
- 
- 	if ( rc == LDAP_INAPPROPRIATE_MATCHING ) {
-		Debug( LDAP_DEBUG_ANY,
-+		Debug( LDAP_DEBUG_TRACE,
- 			"<= mdb_inequality_candidates: (%s) not indexed\n", 
- 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
- 		return 0;
--- a/0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch
+++ b/0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch
@ -1,130 +0,0 @@
-From b026c9236e6b11c158e69572a28eb0efb174234b Mon Sep 17 00:00:00 2001
-From: HouzuoGuo <guohouzuo@gmail.com>
-Date: Wed, 17 Feb 2016 16:10:05 +0100
-Subject: [PATCH] Fix incorrect calculation of consecutive number of characters
- in a class, when the input is shorter than 6 chars or consecutive chars
- appear at the beginning of input
-
-
-diff --git a/check_password.c b/check_password.c
-index 0d9f901..acf8eda 100644
--- a/check_password.c
-+++ b/check_password.c
-@@ -355,18 +355,7 @@ check_password (char *pPasswd, char **ppErrStr, Entry *pEntry)
- 	int min_quality = DEFAULT_QUALITY;
- 	int use_cracklib = DEFAULT_CRACKLIB;
- 
-	/** bail out early as cracklib will reject passwords shorter
-	 * than 6 characters
-	 */
-
- 	nLen = strlen (pPasswd);
-	if ( nLen < 6) {
-		mem_len = realloc_error_message(&szErrStr, mem_len,
-				strlen(PASSWORD_TOO_SHORT_SZ) +
-				strlen(pEntry->e_name.bv_val) + 1);
-		sprintf (szErrStr, PASSWORD_TOO_SHORT_SZ, pEntry->e_name.bv_val, nLen);
-		goto fail;
-	}
- 
-   if (read_config_file() == -1) {
-     syslog(LOG_ERR, "Warning: Could not read values from config file %s. Using defaults.", CONFIG_FILE);
-@@ -392,46 +381,38 @@ check_password (char *pPasswd, char **ppErrStr, Entry *pEntry)
-    */
- 
-   if ( max_consecutive_per_class != 0 ) {
-    int consec_chars = 1;
-    char type[10] = "unkown";
-    char prev_type[10] = "unknown";
-+    char prev_type = '\0';
-+    char this_type = ' ';
-+    i = 0;
-+    int consec_chars = 0;
-     for ( i = 0; i < nLen; i++ ) {
-
-       if ( islower(pPasswd[i]) ) {
-        strncpy(type,"lower",10);
-+        this_type = 'l';
-       }
-       else if ( isupper(pPasswd[i]) ) {
-        strncpy(type,"upper",10);
-+        this_type = 'u';
-       }
-       else if ( isdigit(pPasswd[i]) ) {
-        strncpy(type,"digit",10);
-+        this_type = 'd';
-       }
-       else if ( ispunct(pPasswd[i]) ) {
-        strncpy(type,"punct",10);
-+        this_type = 'p';
-       }
-       else {
-        strncpy(type,"unknown",10);
-      }
-
-      if ( consec_chars > max_consecutive_per_class ) {
-				mem_len = realloc_error_message(&szErrStr, mem_len,
-						strlen(CONSEC_FAIL_SZ) +
-						strlen(pEntry->e_name.bv_val));
-				sprintf (szErrStr, CONSEC_FAIL_SZ, pEntry->e_name.bv_val);
-				goto fail;
-+        this_type = ' ';
-       }
-
-      if ( strncmp(type,prev_type,10) == 0 ) {
-        consec_chars++;
-+      if (this_type == prev_type) {
-+        ++consec_chars;
-+      } else if (i > 0) {
-+        consec_chars = 0;
-       }
-      else {
-        if (strncmp("unknown",prev_type,8) != 0) {
-          consec_chars = 1;
-        }
-        else {
-          consec_chars++;
-        }
-        strncpy(prev_type,type,10);
-+      prev_type = this_type;
-+      if ( consec_chars >= max_consecutive_per_class ) {
-+        mem_len = realloc_error_message(&szErrStr, mem_len,
-+          strlen(CONSEC_FAIL_SZ) +
-+          strlen(pEntry->e_name.bv_val));
-+        sprintf (szErrStr, CONSEC_FAIL_SZ, pEntry->e_name.bv_val);
-+        goto fail;
-       }
-     }
-   }
-diff --git a/check_password_test.c b/check_password_test.c
-index 626d719..d33bd80 100644
--- a/check_password_test.c
-+++ b/check_password_test.c
-@@ -90,7 +90,6 @@ void setconf(
- }
- 
- int main(void) {
-
-   // Empty Config, equiv to:
-   // 5,3,1,0,0,0,0
-   setconf(-1,-1,-1,-1,-1,-1,-1);
-@@ -109,5 +108,16 @@ int main(void) {
-   testpass("Test 2.1", "Simp1e", 1);
-   testpass("Test 2.2", "SimPle", 1);
-   testpass("Test 2.1", "Simp1e!", 0);
-+
-+  setconf(1,0,0,0,0,0,0);
-+  testpass("a", "Ab1,", 0);
-+  testpass("a", "AAb1,", 1);
-+  testpass("a", "Abb1,", 1);
-+
-+  setconf(3,0,0,0,0,0,0);
-+  testpass("a", "AAAbbb111,,,", 0);
-+  testpass("a", "AAAAbbb111,,,,", 1);
-+  testpass("a", "AAAbbbb111,,,", 1);
-+
-   return 0;
- }
-- 
-2.7.1
-
--- a/3
+++ b/3
@ -0,0 +1,3 @@
+<multibuild>
+  <package>contrib</package>
+</multibuild>
--- a/baselibs.conf
+++ b/baselibs.conf
@ -1,6 +1,6 @@
-libldap-2_4-2
+libldap-2_5-0
  provides "openldap2-client-<targettype> = <version>"
  obsoletes "openldap2-client-<targettype> <= <version>"
 openldap2-devel
  requires -openldap2-<targettype>
-  requires "libldap-2_4-2-<targettype> = <version>"
+  requires "libldap-2_5-0-<targettype> = <version>"
--- a/openldap-2.4.59.tgz
+++ b/openldap-2.4.59.tgz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:99f37d6747d88206c470067eda624d5e48c1011e943ec0ab217bae8712e22f34
-size 5886272
--- a/openldap-2.4.59.tgz.asc
+++ b/openldap-2.4.59.tgz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEPOJptTmLyLeFZF6Yf2fV/Rzhy84FAmC5T1oACgkQf2fV/Rzh
-y85Ukw//S/hsn6w62rKkwJtFl6zcCI5TlmbsKQdGVszhuqP2g58ZiJ2tzM/eucDK
-w7nustTdccBmWsIfBc5HONzXhDwZxTm65GBH6p/dsJuzruVw4M/e6l799tSbsVR3
-WsYxTWBKJ8MpqBtzvH/TV4HCCTk2YkhdxKirKbo7wfuNpsVN8iodhGayg/DJHZVQ
-idE6mpejyBU3CPk0ZE2oixOxlr6ij4KNQ7fnpjE0055EuuKLzQsuJsitSDDSG1o/
-UPyNzrBkjxzZlxmnO6olQ5AS/H7qgFRv77/ChPd7+AErvyrp0nDU4Rv6pkv3DHVM
-tL+ZBEETx7DUatpOjqO0mZ2+fkbMtSB0HQt9js9yRBoA1YdVWtnUYQ5jyCpz6xED
-TpMRnzCsXxeG7xWOGCKG1aZ3vIPo8wVbKjdWLvgjCzNHK4jZXy5ilZOo1SE0OtMo
-BfDzKse/OI8yM2CaHbKiJwYO0AssgwRwP4umOnYiSFIdKSHEvbObGePSCQZyLivc
-nG6jXIxG2e6xc4yCAHiyEyt3n/rcHJBgeqCHzQOkNZVAHcpbjk19R0PPS/08lKvh
-MoO9DiuLlNOLJQM56xhSsfCLr7dJzFAyH+n1EQUHZ/H7m4voakuGi2c5adtHc4IP
-0CyI3xjHABCSnqqiRuz9JYZZwRnyy126MbtozUZVdlAiib8/JQs=
-=Nc3V
-----END PGP SIGNATURE-----
--- a/openldap-2.5.9.tgz
+++ b/openldap-2.5.9.tgz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c08e12f4ca5803d5d9f9948c70ad3491282cda3c17ec8b655dcbcb2364e6fb9e
+size 6438837
--- a/openldap-2.5.9.tgz.asc
+++ b/openldap-2.5.9.tgz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEPOJptTmLyLeFZF6Yf2fV/Rzhy84FAmF3FnYACgkQf2fV/Rzh
+y87PeQ//YJhrhdYgpv8ZiRro3Iw/SCUHIEXPvnxIMXFatkILEiNs0p/JZ2vOvqTY
+SE8RWczX1kR1JN0ssPy5hiNBi0ju9J6sxxp3iRvO7azLxyksnjEKdRs1Vp7mpHSx
+aPwdPMYWbv+EdqOfe6cdoPUMb3UPZxVD4FHv/HxpTcreqGGxKo9F++spWHZnsIk0
+DdY1XoJWTvzs38g2cm09QvQAUspkBpOAmeuGmUWbCfhZfp7GbQKBTjEH7RZ6oe7r
+mpSVFmpanIt47rSUvZeWU04pcTeKwvbH9F+j7MQYUVXICznpyiXAdOFoEQH18G+K
+BlW2SdXqD7OANSrNxp/pWAo9/S3HuRhgiMGLHBDVpjxd+prJJN1KDKfXLqiu4JRe
+iQVCfVxO4DuHxtJX/ovcHcW006qRrxFYAPtc08cxvurRjGFiVdEAKOGoJwexeM+Z
+oC/QLNNVBDDQ/FdAm8sytcZQsYqunxrVMJBu8z19RkNYq3MDaWJX3oRHDXdIoy9f
+pTd9oWAH32/Oab+82DCgtIPHrUzKuv5tReilcoKE1vkjzuYsdO1NIkVXvIL31yFF
+w/K+fwPqXnU1TaKAXrfRmoWX3UgbNxup+IdoYj0lM5hpyV8SIXRiD/ajlSGWlk0M
+GDXazt5VY0sgK4Xnk7pnhrfp5nkiUp1WsW/D4wqnFoLE9mAxpbI=
+=gSf0
+-----END PGP SIGNATURE-----
--- a/openldap-r-only.dif
+++ b/openldap-r-only.dif
@ -1,24 +0,0 @@
-From: Jan Engelhardt <jengelh@inai.de>
-Date: 2017-07-04 13:53:32.386698982 +0200
-
-Build all own programs exclusively with libldap_r and not libldap.
-
-References: http://bugzilla.redhat.com/1370065
-References: http://bugzilla.opensuse.org/996551
---
- build/top.mk |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: openldap-2.4.45/build/top.mk
-===================================================================
--- openldap-2.4.45.orig/build/top.mk
-+++ openldap-2.4.45/build/top.mk
-@@ -171,7 +171,7 @@ LDAP_LIBLUNICODE_A = $(LDAP_LIBDIR)/libl
- LDAP_LIBLUTIL_A = $(LDAP_LIBDIR)/liblutil/liblutil.a
- 
- LDAP_L = $(LDAP_LIBLUTIL_A) \
-	$(LDAP_LIBLDAP_LA) $(LDAP_LIBLBER_LA)
-+	$(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
- SLAPD_L = $(LDAP_LIBLUNICODE_A) $(LDAP_LIBREWRITE_A) \
- 	$(LDAP_LIBLUTIL_A) $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
- 
--- a/openldap2.changes
+++ b/openldap2.changes
@ -1,3 +1,113 @@
+-------------------------------------------------------------------
+Sat Mar 26 14:08:57 UTC 2022 - Stephan Kulow <coolo@suse.com>
+
+- Add _multibuild support to integrate the build of libldapcpp-devel
+  to drop the outdated copy
+
+-------------------------------------------------------------------
+Mon Oct 25 22:03:53 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- update to 2.5.9
+
+OpenLDAP 2.5.9 Release (2021/10/25)
+    Fixed slapo-accesslog to initialize minCSN on import of 2.4 databases (ITS#9720)
+
+-------------------------------------------------------------------
+Mon Oct 11 18:46:13 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- update to 2.5.8
+
+OpenLDAP 2.5.8 Release (2021/10/11)
+    Fixed libldap ldap_int_tls_connect: isdigit() requires unsigned char (ITS#9668)
+    Fixed libldap memory leak in ldap_get_option LDAP_OPT_X_TLS_PEERCERT (ITS#9696)
+    Fixed slapd to allow normalized values for namingContexts in cn=monitor (ITS#8341)
+    Fixed slapd to normalize the suffix in rootDSE (ITS#9664)
+    Fixed slapd slapadd to avoid destroying configDB prematurely (ITS#9678)
+    Fixed slapd to not spam logs with lastbind information (ITS#9156)
+    Fixed slapd slaptest migration to correctly set olcTSLVerifyClient (ITS#9711)
+    Fixed slapd-mdb multival delete handling (ITS#9712)
+    Fixed slapd-sql ldap_entry_objectclass table for mariadb/mysql (ITS#9679)
+    Fixed slapd-wt multiple issues (ITS#9463)
+    Fixed slapd-wt to close cache db correctly (ITS#9631)
+    Fixed slapo-ppolicy to restore OpenLDAP 2.4 compatibilty (ITS#9671)
+    Fixed slapo-syncprov to free uuid list when finished replaying sessionlog (ITS#6467)
+    Build
+        Fixed libldap result.c compilation on musl systems (ITS#9648)
+        Fixed slapd duplicate definition of peerbv (ITS#9659)
+        Fixed test suite with memberof modular builds (ITS#9464)
+    Contrib
+        Added man page for ppm contrib module (ITS#9644)
+        Fix crash when pwdCheckModuleArg is not defined for ppm (ITS#9656)
+    Documentation
+        Fixed guide download link for heimdal (ITS#9669)
+        Fixed guide documentation for TLSECName (ITS#9687)
+        Fixed guide documentation missing tags (ITS#9693)
+        Fixed guide loadbalancer typo (ITS#9699)
+        Fixed guide synprov-nopresent redundant text (ITS#9689)
+        Fixed guide various typos and fix config alignment (ITS#9706)
+        Removed ppolicy.schema from servers/slapd/schema/README (ITS#9156)
+        Fixed slapd.conf(5)/slapd-config(5) to document default for database monitoring (ITS#9674)
+        Fixed slapd-meta(5)/slapd-asyncmeta(5) verbiage for try-propagate (ITS#9646)
+        Fixed slapo-syncprov(5) to note entryCSN indexing is highly recommended (ITS#9688)
+
+-------------------------------------------------------------------
+Tue Aug 24 13:04:36 UTC 2021 - Philipp Wagner <mail@philipp-wagner.com>
+
+- Update to upstream version 2.5.7
+	Fixed lloadd client state tracking (ITS#9624)
+	Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611)
+	Fixed slapd-ldif duplicate controls response (ITS#9497)
+	Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621)
+	Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958)
+	Fixed slapd-mdb idlexp maximum size handling (ITS#9637)
+	Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628)
+	Fixed slapd-sql to add support for ppolicy attributes (ITS#9629)
+	Fixed slapd-sql to close transactions after bind and search (ITS#9630)
+	Fixed slapo-accesslog to make reqMod optional (ITS#9569)
+	Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625)
+	Documentation
+		slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637)
+		slapo-accesslog(5) note that reqMod is optional (ITS#9569)
+		Add ldapvc(1) man page (ITS#9549)
+		Add guide section on load balancer (ITS#9443)
+		Updated guide to document multiprovider as replacement for mirrormode (ITS#9200)
+		Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200)
+		Updated guide to document removal of deprecated options from client tools (ITS#9200)
+
+-------------------------------------------------------------------
+Fri Jul 30 13:30:05 UTC 2021 - Philipp Wagner <mail@philipp-wagner.com>
+
+- Major version update to 2.5.6
+  See https://www.openldap.org/software/release/announce.html for a list of
+  changes.
+- The threaded version of the OpenLDAP libraries, libldap_r, has been merged
+  with libldap with 2.5. Removed all related downstream changes, including the
+  openldap-r-only.dif patch.
+  Introduce a new compatibility symlink in the other direction: libldap_r
+  pointing to libldap.
+- Removed the ppolicy-check-password module. It is unmaintained and does not
+  build any more. As part of that also remove the patch
+  patch 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch, which
+  is applied to this module.
+- Removed patch 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
+  Fixed upstream in 2.5 (ITS#8866)
+- Updated patch 0005-pie-compile.dif
+  Removed the hunks on back-bdb and back-hdb, which are retired backends in 2.5.
+- Removed patch 0007-Recover-on-DB-version-change.dif
+  The back-bdb backend was retired.
+- Removed patch 0011-openldap-re24-its7796.patch
+  Fixed upstream in 2.5 (ITS#7796)
+- Remove non-existant configure arguments:
+  --enable-rewrite, --enable-monitor, --enable-lmpasswd
+- Add the --enable-dynacl configure option, which is required for --enable-aci
+- Add the --with-argon2 configure option and remove it from the contrib
+  modules, since it is now official (ITS#9453).
+- Pass mandir to smbk5pwd to ensure the man page ends up in /usr/share.
+- Include the new overlays in libdir/openldap in the packages.
+- Add the pkgconfig files to the devel package.
+- Remove compat macro for _fillupdir, which was introduced in Nov 2017 and
+  should be widely available now.
+
 -------------------------------------------------------------------
 Fri Jun  4 00:06:15 UTC 2021 - Michael Ströder <michael@stroeder.com>

@ -3255,4 +3365,3 @@ Tue Nov  7 18:52:54 CET 2000 - choeger@suse.de
 Fri Oct  6 11:35:47 CEST 2000 - choeger@suse.de

 - first package of openldap2 (v2.0.6)
-
--- a/openldap2.spec
+++ b/openldap2.spec
@ -1,7 +1,7 @@
 #
-# spec file for package openldap2
+# spec file
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,19 +16,17 @@
 #


-#Compat macro for new _fillupdir macro introduced in Nov 2017
-%if ! %{defined _fillupdir}
-  %define _fillupdir /var/adm/fillup-templates
+%define run_test_suite 0
+%define version_main 2.5.9
+%define slapdrundir %{_rundir}/slapd
+%define flavor @BUILD_FLAVOR@%{nil}
+%if "%flavor" == "contrib"
+%define name_suffix -%{flavor}-src
+%else
+%define name_suffix %{nil}
 %endif

-%define run_test_suite 0
-%define version_main 2.4.59
-%define name_ppolicy_check_module ppolicy-check-password
-%define version_ppolicy_check_module 1.2
-%define ppolicy_docdir %{_docdir}/openldap-%{name_ppolicy_check_module}-%{version_ppolicy_check_module}
-%define slapdrundir %{_rundir}/slapd
-
-Name:           openldap2
+Name:           openldap2%{name_suffix}
 Summary:        An open source implementation of the Lightweight Directory Access Protocol
 License:        OLDAP-2.8
 Group:          Productivity/Networking/LDAP/Servers
@ -54,19 +52,10 @@ Source21:       slapd-ldif-update-crc.sh
 Source22:       update-crc.sh
 Source23:       slapd.conf
 Source24:       slapd.conf.olctemplate
-Patch1:         0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
 Patch3:         0003-LDAPI-socket-location.dif
 Patch5:         0005-pie-compile.dif
-Patch7:         0007-Recover-on-DB-version-change.dif
 Patch8:         0008-In-monitor-backend-do-not-return-Connection0-entries.patch
-Patch11:        0011-openldap-re24-its7796.patch
-Patch15:        openldap-r-only.dif
 Patch16:        0016-Clear-shared-key-only-in-close-function.patch
-Source200:      %{name_ppolicy_check_module}-%{version_ppolicy_check_module}.tar.gz
-Source201:      %{name_ppolicy_check_module}.Makefile
-Source202:      %{name_ppolicy_check_module}.conf
-Source203:      %{name_ppolicy_check_module}.5
-Patch200:       0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch

 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  cyrus-sasl-devel
@ -81,11 +70,15 @@ BuildRequires:  unixODBC-devel
 # avoid cycle with krb5
 BuildRequires:  pkgconfig(krb5)
 BuildRequires:  pkgconfig(systemd)
+%if "%flavor" == "contrib"
+BuildRequires:  gcc-c++
+BuildRequires:  openldap2-devel
+%endif
 %if %{suse_version} < 1500
 %{?systemd_requires}
 %endif
 Requires:       /usr/bin/awk
-Requires:       libldap-2_4-2 = %{version_main}
+Requires:       libldap-2_5-0 = %{version_main}
 Recommends:     cyrus-sasl
 Conflicts:      openldap
 PreReq:         %fillup_prereq
@ -163,7 +156,6 @@ cloak
 denyop
 lastbind      writes last bind timestamp to entry
 noopsrch      handles no-op search control
-pw-argon2     generates/validates Argon2 password hashes
 pw-sha2       generates/validates SHA-2 password hashes
 pw-pbkdf2     generates/validates PBKDF2 password hashes
 smbk5pwd      generates Samba3 password hashes (heimdal krb disabled)
@ -181,7 +173,7 @@ The OpenLDAP Admin Guide plus a set of OpenLDAP related IETF internet drafts.
 %package client
 Summary:        OpenLDAP client utilities
 Group:          Productivity/Networking/LDAP/Clients
-Requires:       libldap-2_4-2 = %{version_main}
+Requires:       libldap-2_5-0 = %{version_main}

 %description client
 OpenLDAP client utilities such as ldapadd, ldapsearch, ldapmodify.
@ -195,7 +187,7 @@ Obsoletes:      openldap2-devel-64bit
 %endif
 #
 Conflicts:      openldap-devel
-Requires:       libldap-2_4-2 = %{version_main}
+Requires:       libldap-2_5-0 = %{version_main}
 Recommends:     cyrus-sasl-devel

 %description devel
@ -213,56 +205,49 @@ Requires:       openldap2-devel = %version
 This package provides the static versions of the OpenLDAP libraries
 for development.

-%package      -n libldap-2_4-2
+%package      -n libldap-2_5-0
 Summary:        OpenLDAP Client Libraries
 Group:          Productivity/Networking/LDAP/Clients
 Recommends:     libldap-data >= %{version_main}

-%description -n libldap-2_4-2
+%description -n libldap-2_5-0
 This package contains the OpenLDAP client libraries.

-%package ppolicy-check-password
-Version:        %{version_ppolicy_check_module}
-Release:        0
-Summary:        Password quality check module for OpenLDAP
-Group:          Productivity/Networking/LDAP/Servers
-URL:            https://github.com/onyxpoint/ppolicy-check-password
-BuildRequires:  cracklib-devel
-Requires:       openldap2 = %version_main
-Recommends:     cracklib
-Recommends:     cracklib-dict-full
+%package      -n libldapcpp-devel
+Summary:        C++ wrapper around openLDAP API
+Group:          Development/Libraries/C and C++
+Requires:       libldapcpp0 = %{version}
+Requires:       openldap2-devel

-%description ppolicy-check-password
-An implementation of password quality check module, based on the original
-work done by LDAP Toolbox Project (https://ltd-project.org), that works
-together with OpenLDAP password policy overlay (ppolicy), to enforce
-password strength policies.
+%description -n libldapcpp-devel
+This package contains files needed for development with the LDAP C++
+library.
+
+%package      -n libldapcpp0
+Summary:        C++ wrapper around openLDAP API
+Group:          Development/Libraries/C and C++
+Provides:       ldapcpplib = %{version}
+Obsoletes:      ldapcpplib <= 0.0.5
+
+%description -n libldapcpp0
+This package provides a C++ library for accessing LDAP (Version 3)
+Servers

 %prep
-# Unpack ppolicy check module
-%setup -b 200 -q -n %{name_ppolicy_check_module}-%{version_ppolicy_check_module}
-%patch200 -p1
-cd ..
-# Compress the manual page of ppolicy check module
-gzip -k %{S:203}
-
-# Unpack and patch OpenLDAP 2.4
+# Unpack and patch OpenLDAP 2.5
 %setup -q -a 9 -n openldap-%{version_main}
-%patch1 -p1
 %patch3 -p1
 %patch5 -p1
-%patch7 -p1
 %patch8 -p1
-%patch11 -p1
-%patch15 -p1
 %patch16 -p1
 cp %{SOURCE5} .

-# Move ppolicy check module and its Makefile into openldap-2.4/contrib/slapd-modules/
-mv ../%{name_ppolicy_check_module}-%{version_ppolicy_check_module} contrib/slapd-modules/%{name_ppolicy_check_module}
-cp %{S:201} contrib/slapd-modules/%{name_ppolicy_check_module}/Makefile
-
 %build
+%if "%flavor" == "contrib"
+cd contrib/ldapc++
+%configure --disable-static
+make %{?_smp_mflags}
+%else
 %global _lto_cflags %{_lto_cflags} -ffat-lto-objects
 export CFLAGS="%{optflags} -Wno-format-extra-args -fno-strict-aliasing -DNDEBUG -DSLAP_CONFIG_DELETE -DSLAP_SCHEMA_EXPOSE -DLDAP_COLLECTIVE_ATTRIBUTES -DLDAP_USE_NON_BLOCKING_TLS"
 export STRIP=""
@ -281,13 +266,10 @@ export STRIP=""
        --with-cyrus-sasl \
        --enable-crypt \
        --enable-ipv6=yes \
+        --enable-dynacl \
        --enable-aci \
-        --enable-bdb=mod \
-        --enable-hdb=mod \
-        --enable-rewrite \
        --enable-ldap=mod \
        --enable-meta=mod \
-        --enable-monitor=mod \
        --enable-perl=mod \
        --enable-sock=mod \
        --enable-sql=mod \
@ -297,23 +279,22 @@ export STRIP=""
        --enable-overlays=mod \
        --enable-syncprov=mod \
        --enable-ppolicy=mod \
-        --enable-lmpasswd \
        --with-yielding-select \
+        --with-argon2 \
  || cat config.log
 make depend
 make %{?_smp_mflags}
 # Build selected contrib overlays
-for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/argon2 passwd/sha2 passwd/pbkdf2 trace
+for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace
 do
  make -C contrib/slapd-modules/${SLAPO_NAME} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
 done
 # slapo-smbk5pwd only for Samba password hashes
 make -C contrib/slapd-modules/smbk5pwd %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" DEFS="-DDO_SAMBA" HEIMDAL_LIB=""

-# Build ppolicy-check-password module
-make -C contrib/slapd-modules/%{name_ppolicy_check_module} %{?_smp_mflags} "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}"
 # Create ldap user
 %sysusers_generate_pre %{SOURCE19} ldap
+%endif

 %check
 %if %run_test_suite
@ -341,6 +322,10 @@ make SLAPD_DEBUG=0 test
 %endif

 %install
+%if "%flavor" == "contrib"
+cd contrib/ldapc++
+%make_install
+%else
 mkdir -p %{buildroot}%{_libdir}/openldap
 mkdir -p %{buildroot}/usr/lib/openldap
 mkdir -p %{buildroot}%{_sbindir}
@ -349,12 +334,12 @@ make STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdi
 # Additional symbolic link to slapd executable in /usr/sbin/
 ln -s %{_libdir}/slapd %{buildroot}%{_sbindir}/slapd
 # Install selected contrib overlays
-for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/argon2 passwd/sha2 passwd/pbkdf2 trace
+for SLAPO_NAME in addpartial allowed allop autogroup lastbind denyop cloak noopsrch passwd/sha2 passwd/pbkdf2 trace
 do
  make -C contrib/slapd-modules/${SLAPO_NAME} STRIP="" DESTDIR="%{buildroot}" "mandir=%{_mandir}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
 done
 # slapo-smbk5pwd only for Samba password hashes
-make -C contrib/slapd-modules/smbk5pwd STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
+make -C contrib/slapd-modules/smbk5pwd STRIP="" DESTDIR="%{buildroot}" "mandir=%{_mandir}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libdir}" install
 install -m 755 %{SOURCE13} %{buildroot}/usr/lib/openldap/start
 install -m 644 %{SOURCE14} %{buildroot}%{_unitdir}
 mkdir -p %{buildroot}%{_sysconfdir}/openldap/slapd.d
@ -362,7 +347,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/sasl2
 install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sasl2/slapd.conf
 install -m 755 -d %{buildroot}/var/lib/ldap
 chmod a+x %{buildroot}%{_libdir}/liblber.so*
-chmod a+x %{buildroot}%{_libdir}/libldap_r.so*
+chmod a+x %{buildroot}%{_libdir}/libldap.so*
 install -m 755 %{SOURCE6} %{buildroot}%{_sbindir}/schema2ldif
 mkdir -p  %{buildroot}%{_tmpfilesdir}/
 install -m 644 %{SOURCE18} %{buildroot}%{_tmpfilesdir}/
@ -373,18 +358,6 @@ install -m 755 %{SOURCE19}  ${RPM_BUILD_ROOT}/usr/lib/openldap/fixup-modulepath
 install -m 755 %{SOURCE20}  ${RPM_BUILD_ROOT}/%{_sbindir}/slapd-ldif-update-crc
 install -m 755 %{SOURCE21}  ${RPM_BUILD_ROOT}/usr/lib/openldap/update-crc

-# Install ppolicy check module
-make -C contrib/slapd-modules/ppolicy-check-password STRIP="" DESTDIR="%{buildroot}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libexecdir}" install
-install -m 0644 %{S:202}  %{buildroot}%{_sysconfdir}/openldap/check_password.conf
-# Install ppolicy check module's doc files
-pushd contrib/slapd-modules/%{name_ppolicy_check_module}
-mkdir -p "%{buildroot}%ppolicy_docdir"
-install -m 0644 README "%{buildroot}%ppolicy_docdir"
-install -m 0644 LICENSE "%{buildroot}%ppolicy_docdir"
-popd
-# Install ppolicy check module's manual page
-install -m 0644 %{S:203}.gz %{buildroot}%{_mandir}/man5/
-
 mkdir -p %{buildroot}%{_fillupdir}
 install -m 644 %{SOURCE16} %{buildroot}%{_fillupdir}/sysconfig.openldap
 install -m 644 *.ldif %{buildroot}%{_sysconfdir}/openldap/schema
@ -401,7 +374,6 @@ rm -rf doc/guide/release
 install -d %{buildroot}%{DOCDIR}/adminguide \
           %{buildroot}%{DOCDIR}/images \
           %{buildroot}%{DOCDIR}/drafts
-install -m 644 %{buildroot}/etc/openldap/DB_CONFIG.example %{buildroot}%{DOCDIR}/
 install -m 644 doc/guide/admin/* %{buildroot}%{DOCDIR}/adminguide
 install -m 644 doc/guide/images/*.gif %{buildroot}%{DOCDIR}/images
 install -m 644 doc/drafts/* %{buildroot}%{DOCDIR}/drafts
@ -413,10 +385,8 @@ install -m 644 ANNOUNCEMENT \
               %{buildroot}%{DOCDIR}
 install -m 644 servers/slapd/slapd.ldif \
               %{buildroot}%{DOCDIR}/slapd.ldif.default
-rm -f %{buildroot}/etc/openldap/DB_CONFIG.example
 rm -f %{buildroot}/etc/openldap/schema/README
 rm -f %{buildroot}/etc/openldap/slapd.ldif*
-rm -f %{buildroot}%{slapdrundir}/openldap-data/DB_CONFIG.example
 mv servers/slapd/back-sql/rdbms_depend servers/slapd/back-sql/examples

 ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcslapd
@ -429,14 +399,13 @@ rm -f %{buildroot}/usr/share/man/man5/slapd-passwd.5
 rm -f %{buildroot}/usr/share/man/man5/slapd-shell.5
 rm -f %{buildroot}/usr/share/man/man5/slapd-tcl.5
 # Remove *.la files, libtool does not handle this correct
-rm -f  %{buildroot}%{_libdir}/lib*.la
+# Keep .la files for modules in the openldap subdirectory, which are consumed
+# in this form.
+rm -f  %{buildroot}%{_libdir}/*.la

-# Make ldap_r the only copy in the system [rh#1370065].
-# libldap.so is only for `gcc/ld -lldap`. Make no libldap-2.4.so.2.
-rm -f "%{buildroot}%{_libdir}"/libldap-2.4.so*
-ln -fs libldap_r.so "%{buildroot}%{_libdir}/libldap.so"
-gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \
-       -Wl,-soname -Wl,libldap-2.4.so.2 -L "%{buildroot}%{_libdir}" -lldap_r
+# Provide a libldap_r for backwards-compatibility with OpenLDAP < 2.5.
+ln -fs libldap.so "%{buildroot}%{_libdir}/libldap_r.so"
+%endif

 %pre -f ldap.pre
 %service_add_pre slapd.service
@ -446,9 +415,9 @@ gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \
 %tmpfiles_create %{name}.conf
 %service_add_post slapd.service

-%post -n libldap-2_4-2 -p /sbin/ldconfig
+%post -n libldap-2_5-0 -p /sbin/ldconfig

-%postun -n libldap-2_4-2 -p /sbin/ldconfig
+%postun -n libldap-2_5-0 -p /sbin/ldconfig

 %preun
 %service_del_preun slapd.service
@ -456,6 +425,19 @@ gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \
 %postun
 %service_del_postun slapd.service

+%if "%flavor" == "contrib"
+%files -n libldapcpp-devel
+%doc contrib/ldapc++/README
+%_includedir/*.h
+%_libdir/libldapcpp.la
+%_libdir/libldapcpp.so
+
+%files -n libldapcpp0
+%_libdir/libldapcpp.so.0
+%_libdir/libldapcpp.so.0.0.0
+
+%else
+
 %files
 %defattr(-,root,root)
 %config %{_sysconfdir}/openldap/schema/*.schema
@ -474,24 +456,24 @@ gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \
 %{_fillupdir}/sysconfig.openldap
 %{_sbindir}/slap*
 %{_sbindir}/rcslapd
-%{_libdir}/openldap/back_bdb*
-%{_libdir}/openldap/back_hdb*
 %{_libdir}/openldap/back_ldap*
 %{_libdir}/openldap/back_mdb*
-%{_libdir}/openldap/back_monitor*
 %{_libdir}/openldap/back_relay*
 %{_libdir}/openldap/accesslog*
 %{_libdir}/openldap/auditlog*
+%{_libdir}/openldap/autoca*
 %{_libdir}/openldap/collect*
 %{_libdir}/openldap/constraint*
 %{_libdir}/openldap/dds*
 %{_libdir}/openldap/deref*
 %{_libdir}/openldap/dyngroup*
 %{_libdir}/openldap/dynlist*
+%{_libdir}/openldap/homedir*
 %{_libdir}/openldap/memberof*
+%{_libdir}/openldap/otp*
 %{_libdir}/openldap/pcache*
-%{_libdir}/openldap/ppolicy-2.4.*
-%{_libdir}/openldap/ppolicy.*
+%{_libdir}/openldap/ppolicy*
+%{_libdir}/openldap/remoteauth*
 %{_libdir}/openldap/refint*
 %{_libdir}/openldap/retcode*
 %{_libdir}/openldap/rwm*
@ -511,16 +493,20 @@ gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \
 %dir %attr(0750, ldap, ldap) %{_sharedstatedir}/ldap
 %ghost %attr(0750, ldap, ldap) %{slapdrundir}
 %doc %{_mandir}/man8/sl*
+%doc %{_mandir}/man8/lloadd.*
+%doc %{_mandir}/man5/lloadd.conf.*
 %doc %{_mandir}/man5/slapd.*
-%doc %{_mandir}/man5/slapd-bdb.*
+%doc %{_mandir}/man5/slapd-asyncmeta.*
 %doc %{_mandir}/man5/slapd-config.*
-%doc %{_mandir}/man5/slapd-hdb.*
 %doc %{_mandir}/man5/slapd-ldap.*
 %doc %{_mandir}/man5/slapd-ldif.*
 %doc %{_mandir}/man5/slapd-mdb.*
 %doc %{_mandir}/man5/slapd-monitor.*
+%doc %{_mandir}/man5/slapd-pw-*
 %doc %{_mandir}/man5/slapd-relay.*
+%doc %{_mandir}/man5/slapd-wt.*
 %doc %{_mandir}/man5/slapo-*
+%doc %{_mandir}/man5/slappw-argon2.*
 %dir %{DOCDIR}
 %doc %{DOCDIR}/ANNOUNCEMENT
 %doc %{DOCDIR}/COPYRIGHT
@ -528,7 +514,6 @@ gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \
 %doc %{DOCDIR}/README*
 %doc %{DOCDIR}/CHANGES
 %doc %{DOCDIR}/slapd.ldif.default
-%doc %{DOCDIR}/DB_CONFIG.example

 %files back-perl
 %defattr(-,root,root)
@ -574,14 +559,12 @@ gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \
 %{_libdir}/openldap/autogroup.*
 %{_libdir}/openldap/lastbind.*
 %{_libdir}/openldap/noopsrch.*
-%{_libdir}/openldap/pw-argon2.*
 %{_libdir}/openldap/pw-sha2.*
 %{_libdir}/openldap/pw-pbkdf2.*
 %{_libdir}/openldap/denyop.*
 %{_libdir}/openldap/cloak.*
 %{_libdir}/openldap/smbk5pwd.*
 %{_libdir}/openldap/trace.*
-%doc %{_mandir}/man5/slapd-pw-argon2.*

 %files client
 %defattr(-,root,root)
@ -598,12 +581,13 @@ gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \
 /usr/bin/ldapsearch
 /usr/bin/ldappasswd
 /usr/bin/ldapurl
+/usr/bin/ldapvc
 /usr/bin/ldapwhoami

-%files -n libldap-2_4-2
+%files -n libldap-2_5-0
 %defattr(-,root,root)
-%{_libdir}/liblber*2.4.so.*
-%{_libdir}/libldap*2.4.so.*
+%{_libdir}/liblber*2.5.so.*
+%{_libdir}/libldap*2.5.so.*

 %files devel
 %defattr(-,root,root)
@ -614,17 +598,13 @@ gcc -shared -o "%{buildroot}%{_libdir}/libldap-2.4.so.2" -Wl,--no-as-needed \
 %{_includedir}/*.h
 %{_libdir}/liblber.so
 %{_libdir}/libldap*.so
+%{_libdir}/pkgconfig/*.pc

 %files devel-static
 %defattr(-,root,root)
 %_libdir/liblber.a
 %_libdir/libldap*.a

-%files ppolicy-check-password
-%defattr(-,root,root)
-%doc %{ppolicy_docdir}/
-%config(noreplace) /etc/openldap/check_password.conf
-%{_libdir}/openldap/ppolicy-check-password.*
-%{_mandir}/man5/ppolicy-check-password.*
+%endif # !flavor:contrib

 %changelog
--- a/ppolicy-check-password-1.2.tar.gz
+++ b/ppolicy-check-password-1.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:840517adc7fa60cb45050ba203437e29458542d9d7f23e906520e0b2fca56fe9
-size 10354
--- a/ppolicy-check-password.5
+++ b/ppolicy-check-password.5
@ -1,182 +0,0 @@
-.\"/* 
-.\" * All rights reserved
-.\" * Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
-.\" * Authors: Howard Guo <hguo@suse.com>
-.\" *
-.\" * This program is free software; you can redistribute it and/or
-.\" * modify it under the terms of the GNU General Public License
-.\" * as published by the Free Software Foundation; either version 2
-.\" * of the License, or (at your option) any later version.
-.\" *
-.\" * This program is distributed in the hope that it will be useful,
-.\" * but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\" * GNU General Public License for more details.
-.\" */
-.\"
-.TH PPOLICY-CHECK-PASSWORD 5 "2016/02/18" "OpenLDAP password quality check"
-.SH NAME
-ppolicy\-check\-password \- Password quality checker for OpenLDAP ppolicy overlay
-.SH SYNOPSIS
-pwdCheckModule ppolicy-check-password.so
-.SH DESCRIPTION
-ppolicy\-check\-password is an implementation of password quality check module, it can be plugged into OpenLDAP
-.BR slapo\-ppolicy (5)
-overlay to enforce organisational password strength policies for password-change operations.
-
-.SH PREREQUISITES
-In order to use the module, you should enable and configure
-.BR slapo\-ppolicy (5)
-overlay on the OpenLDAP server. You may use the following example to enable ppolicy overlay:
-.HP 4
-Enable ppolicy overlay
-
-To enable ppolicy overlay on the server using static configuration file
-.BR slapd.conf (5)
-, first enable ppolicy schema by adding line:
-
-.br
-include /etc/openldap/schema/ppolicy.schema
-
-and then append the following lines to the database definition in which password policy should be enforced:
-
-.br
-overlay ppolicy
-.br
-ppolicy_default "cn=PolicyContainer,dc=my-domain,dc=com"
-
-Save slapd.conf and (re)start OpenLDAP server.
-
-If you use cn=config (online configuration) instead of static configuration file, add the schema /etc/openldap/schema/ppolicy.ldif to cn=schema,cn=config, then enable ppolicy overlay in olcDatabase.
-.LP
-
-.HP 4
-Create ppolicy container entry
-
-The ppolicy container entry stores attributes that describe the password policy in detail, create the entry with
-
-.BR ldapadd (1)
-:
-
-.br
-dn: cn=PolicyContainer,dc=my-domain,dc=com
-.br
-cn: PolicyContainer
-.br
-objectClass: pwdPolicy
-.br
-objectClass: person
-.br
-objectClass: top
-.br
-pwdAllowUserChange: TRUE
-.br
-pwdAttribute: userPassword
-.br
-pwdCheckQuality: 2
-.br
-pwdExpireWarning: 600
-.br
-pwdFailureCountInterval: 
-.br
-pwdGraceAuthNLimit: 5
-.br
-pwdInHistory: 5
-.br
-pwdLockout: TRUE
-.br
-pwdLockoutDuration: 0
-.br
-pwdMaxAge: 0
-.br
-pwdMaxFailure: 
-.br
-pwdMinAge: 0
-.br
-pwdMinLength: 5
-.br
-pwdMustChange: FALSE
-.br
-pwdSafeModify: FALSE
-.br
-sn: dummy value
-.br
-
-The password policy becomes effective immediately, there is no need to restart OpenLDAP server.
-.LP
-
-.HP 4
-Enable ppolicy-check-password.so module
-
-Modify the ppolicy container entry with
-.BR ldapmodify (1)
-:
-
-.br
-dn: cn=PolicyContainer,dc=my-domain,dc=com
-.br
-changeType: modify
-.br
-add: objectClass
-.br
-objectClass: pwdPolicyChecker
-.br
-\-
-.br
-add: pwdCheckModule
-.br
-pwdCheckModule: ppolicy-check-password.so
-
-The password check module becomes effective immediately, there is no need to restart OpenLDAP server.
-.LP
-
-.SH CONFIGURATION
-
-The password check module reads configuration parameters from
-.B /etc/openldap/check_password.conf
-
-Edits made to the configuration file become effective immediately, there is no need to restart OpenLDAP server.
-
-List of parameters:
-.TP
-.BI use_cracklib \ 1|0
-CrackLib is a library for checking that a password is not easily crackable, making sure that the password is not based on simple patterns or dictionary words. If the parameter is set to 1, cracklib will be involved and new passwords must pass cracklib quality check in addition to all other policies such as min_points
-.TP
-.BI min_points \ <integer>
-The parameter holds an integer value in between 0 and 4. The value denotes "quality points" that a password must acquire in order to pass the check. Usage of each character class awards one quality point. If the parameeter is set to 0, the check is disabled.
-
-The character classes are: upper case letters, lower case letters, numeric digits, punctuations.
-.TP
-.BI min_upper \ <integer>
-The minimal number of upper case characters a password must contain. If the parameter is set to 0, the check is disabled.
-.TP
-.BI min_lower \ <integer>
-The minimal number of lower case characters a password must contain. If the parameter is set to 0, the check is disabled.
-.TP
-.BI min_digit \ <integer>
-The minimal number of numeric digit characters a password must contain. If the parameter is set to 0, the check is disabled.
-.TP
-.BI min_punct \ <integer>
-The minimal number of punctuation characters a password must contain. If the parameter is set to 0, the check is disabled.
-.TP
-.BI max_consecutive_per_class \ <integer>
-The maximum number of characters from each character class that may appear consecutively. If the parameter is set to 0, the check is disabled.
-
-.SH USAGE
-After the module is enabled, the OpenLDAP server will invoke the password checker module on every user password change, the new user password must pass all quality checks before it is accepted. If the new password does not pass quality checks, the detailed reason will be logged on the OpenLDAP server, and the client will receive a Constraint Violation and a generic error message "Password fails quality checking policy" \- the lack of details is by design.
-
-If the password change is carried out by RootDN, password checker module will not enforce the quality checks, and any password is acceptable.
-
-.SH FILES
-.TP
-/etc/openldap/check_password.conf
-Define the password strength policy.
-.SH SEE ALSO
-.BR slapd.conf (5),
-.BR slapd\-config (5),
-.BR slapd (8),
-.BR slapo\-ppolicy (5)
-
-.SH ACKNOWLEDGEMENTS
-.P
-The module was originally authored by LTB-project (ltb\-project.org), and further maintained by Onyx Point (onyxpoint.com).
--- a/ppolicy-check-password.Makefile
+++ b/ppolicy-check-password.Makefile
@ -1,43 +0,0 @@
-LDAP_SRC = ../../..
-LDAP_BUILD = $(LDAP_SRC)
-LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
-LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
-	$(LDAP_BUILD)/libraries/liblber/liblber.la
-
-LIBTOOL = $(LDAP_BUILD)/libtool
-CC = gcc
-OPT = -g -O2 -Wall -fpic -DHAVE_CRACKLIB -DCRACKLIB_DICTPATH="\"/usr/share/cracklib/pw_dict\"" -DCONFIG_FILE="\"/etc/openldap/check_password.conf\"" -lcrack
-INCS = $(LDAP_INC)
-LIBS = $(LDAP_LIB)
-
-PROGRAMS = ppolicy-check-password.la
-LTVER = 0:0:0
-
-prefix=/usr/local
-exec_prefix=$(prefix)
-ldap_subdir=/openldap
-
-libdir=$(exec_prefix)/lib64
-libexecdir=$(exec_prefix)/libexec
-moduledir=$(libdir)$(ldap_subdir)
-
-.SUFFIXES: .c .o .lo
-
-.c.lo:
-	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
-
-all:		$(PROGRAMS)
-
-ppolicy-check-password.la:	check_password.lo
-	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
-	-rpath $(moduledir) -module -o $@ $? $(LIBS)
-
-clean:
-	rm -rf *.o *.lo *.la .libs
-
-install:	$(PROGRAMS)
-	mkdir -p $(DESTDIR)$(moduledir)
-	for p in $(PROGRAMS) ; do \
-		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
-	done
-
--- a/ppolicy-check-password.conf
+++ b/ppolicy-check-password.conf
@ -1,7 +0,0 @@
-use_cracklib 1
-min_points 3
-min_upper 0
-min_lower 0
-min_digit 0
-min_punct 0
-max_consecutive_per_class 5