diff --git a/libldap-manpages.dif b/libldap-manpages.dif deleted file mode 100644 index 3cd4251..0000000 --- a/libldap-manpages.dif +++ /dev/null @@ -1,714 +0,0 @@ -Index: openldap-2.3.19/doc/man/man3/ldap.3 -=================================================================== ---- openldap-2.3.19.orig/doc/man/man3/ldap.3 -+++ openldap-2.3.19/doc/man/man3/ldap.3 -@@ -39,16 +39,21 @@ created using - and set the protocol version to 3 by calling - .BR ldap_set_option (3). - The underlying session is established first operation is --issued. This would generally be a Start TLS or Bind operation. -+issued. This would generally be a Start TLS or Bind operation, -+or a Search operation to read attributes of the Root DSE. - A Start TLS operation is performed by calling - .BR ldap_start_tls_s (3). - A LDAP bind operation is performed by calling - .BR ldap_sasl_bind (3) --or one of its friends. Subsequently, other operations are performed -+or one of its friends. -+A Search operation is performed by calling ldap_search_ext_s(3) -+or one of its friends. -+ -+Subsequently, additional operations are performed - by calling one of the synchronous or asynchronous routines (e.g., --.BR ldap_search_ext_s (3) -+.BR ldap_compare_ext_s (3) - or --.BR ldap_search_ext (3) -+.BR ldap_compare_ext (3) - followed by - .BR ldap_result (3)). - Results returned from these routines are interpreted by calling the -Index: openldap-2.3.19/doc/man/man3/ldap_bind.3 -=================================================================== ---- openldap-2.3.19.orig/doc/man/man3/ldap_bind.3 -+++ openldap-2.3.19/doc/man/man3/ldap_bind.3 -@@ -1,9 +1,9 @@ - .TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION" --.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.16.2.5 2007/01/02 21:43:44 kurt Exp $ -+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.19 2006/01/03 22:12:04 kurt Exp $ - .\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved. - .\" Copying restrictions apply. See COPYRIGHT/LICENSE. - .SH NAME --ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s \- LDAP bind routines -+ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines - .SH LIBRARY - OpenLDAP LDAP (libldap, -lldap) - .SH SYNOPSIS -@@ -58,6 +58,18 @@ OpenLDAP LDAP (libldap, -lldap) - .\" .ft - .\" LDAP *ld; - .\" int (*rebindproc)(); -+.LP -+.BI "int ldap_unbind_ext(LDAP *" ld ", LDAPControl *" sctrls "[]," -+.RS -+.BI LDAPControl *" cctrls "[]);" -+.RE -+.LP -+.BI "int ldap_unbind_ext_s(LDAP *" ld ", LDAPControl *" sctrls "[]," -+.RS -+.BI LDAPControl *" cctrls "[]);" -+.RE -+.LP -+.BI "int ldap_set_rebind_proc (LDAP *" ld ", LDAP_REBIND_PROC *" ldap_proc ", void *" params);" - .SH DESCRIPTION - .LP - These routines provide various interfaces to the LDAP bind operation. -@@ -79,7 +91,6 @@ Both synchronous and asynchronous versio - call are provided. All routines - take \fIld\fP as their first parameter, as returned from - .BR ldap_init (3). --.LP - .SH SIMPLE AUTHENTICATION - The simplest form of the bind call is - .BR ldap_simple_bind_s() . -@@ -110,6 +121,41 @@ returns the message id of the request it - returns an LDAP error indication. - .SH SASL AUTHENTICATION - Description still under construction... -+.SH REBINDING -+.LP -+The -+.B ldap_set_rebind_proc -+function() sets the process to use for binding when an operation returns a -+referral. This function is used when an application needs to bind to another server -+in order to follow a referral or search continuation reference. -+.LP -+The function takes \fIld\fP, the \fIrebind\fP function, and the \fIparams\fP, -+the arbitrary data like state information which the client might need to properly rebind. -+The LDAP_OPT_REFERRALS option in the \fIld\fP must be set to ON for the libraries -+to use the rebind function. Use the -+.BR ldap_set_option -+function to set the value. -+.LP -+The rebind function has the following syntax. -+.B int rebind_function (LDAP *ld, const char *url,int request,ber_int_t msgid); -+.LP -+The \fIld\fP parameter must be used by the application when binding to the -+referred server if the application wants the libraries to follow the referral. -+.LP -+The \fIurl\fP parameter points to the URL referral string received from the LDAP server. -+The LDAP application can use the -+.BR ldap_url_parse() -+.LP -+The \fIrequest\fP parameter specifies the request operation that generated the referral. -+function to parse the string into its components. -+.LP -+The \fImsgid\fP parameter specifies the message ID of the request generating the referral. -+.LP -+The LDAP libraries set all the parameters when they call the rebind function. The application -+should not attempt to free either the ld or the url structures in the rebind function. -+.LP -+The application must supply to the rebind function the required authentication information such as, -+user name, password, and certificates. The rebind function must use a synchronous bind method. - .SH UNBINDING - The - .B ldap_unbind() -@@ -154,16 +200,32 @@ both of these calls are synchronous in n - .\" If anything but LDAP_SUCCESS is returned by the first call to - .\" the rebindproc, then referral processing is stopped and that error code - .\" is returned for the original LDAP operation. -+.LP -+The -+.B ldap_unbind_ext() -+and -+.B ldap_unbind_ext_s() -+allows the operations to sepicify controls. - .SH ERRORS - Asynchronous routines will return -1 in case of error, setting the - \fIld_errno\fP parameter of the \fIld\fP structure. Synchronous - routines return whatever \fIld_errno\fP is set to. See - .BR ldap_error (3) - for more information. -+.SH NOTES -+If an anonymous bind is sufficient for the application,the rebind process -+need not be provided. The LDAP libraries with the LDAP_OPT_REFERRALS option -+set to ON (default value) will automatically follow referrals using an anonymous bind. -+.LP -+If the application needs stronger authentication than an anonymous bind, -+you need to provide a rebind process for that authentication method. -+The bind method must be synchronous. - .SH SEE ALSO - .BR ldap (3), - .BR ldap_error (3), - .BR ldap_open (3), -+.BR ldap_set_option (3), -+.BR ldap_url_parse (3) - .B RFC 2222 - (http://www.ietf.org), - .B Cyrus SASL -Index: openldap-2.3.19/doc/man/man3/ldap_bind.3.links -=================================================================== ---- openldap-2.3.19.orig/doc/man/man3/ldap_bind.3.links -+++ openldap-2.3.19/doc/man/man3/ldap_bind.3.links -@@ -7,3 +7,4 @@ ldap_unbind.3 - ldap_unbind_ext.3 - ldap_unbind_s.3 - ldap_unbind_ext_s.3 -+ldap_set_rebind_proc.3 -Index: openldap-2.3.19/doc/man/man3/ldap_compare.3 -=================================================================== ---- openldap-2.3.19.orig/doc/man/man3/ldap_compare.3 -+++ openldap-2.3.19/doc/man/man3/ldap_compare.3 -@@ -1,9 +1,9 @@ - .TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION" --.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.13.2.4 2007/01/02 21:43:44 kurt Exp $ -+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.15 2006/01/03 22:12:04 kurt Exp $ - .\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved. - .\" Copying restrictions apply. See COPYRIGHT/LICENSE. - .SH NAME --ldap_compare, ldap_compare_s \- Perform an LDAP compare operation -+ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation. - .SH LIBRARY - OpenLDAP LDAP (libldap, -lldap) - .SH SYNOPSIS -@@ -22,6 +22,23 @@ int ldap_compare(ld, dn, attr, value) - .ft - LDAP *ld; - char *dn, *attr, *value; -+.LP -+.ft B -+int ldap_compare_ext(ld, dn, attr, bvalue, serverctrls, clientctrls, msgidp) -+.ft -+LDAP *ld; -+char *dn, *attr; -+const struct berval *bvalue; -+LDAPControl **serverctrls, **clientctrls; -+int *msgidp; -+.LP -+.ft B -+int ldap_compare_ext_s(ld, dn, attr, bvalue, serverctrls, clientctrls) -+.ft -+LDAP *ld; -+char *dn, *attr; -+const struct berval *bvalue; -+LDAPControl **serverctrls, **clientctrls; - .SH DESCRIPTION - The - .B ldap_compare_s() -@@ -40,6 +57,20 @@ asynchronously. It takes the same param - but returns the message id of the request it initiated. The result of - the compare can be obtained by a subsequent call to - .BR ldap_result (3). -+.LP -+The -+.B ldap_compare_ext() -+routine allows server and client controls to be -+specified to extend the compare request. This routine is asynchronous like -+ldap_compare(), but its return value is an LDAP error code. It stores the -+message id of the request in the integer pointed to by msgidp. -+.LP -+The -+.B ldap_compare_ext_s() -+routine is the synchronous version of -+.BR ldap_compare_ext(). -+It also returns an LDAP error code indicating success -+or failure of the operation. - .SH ERRORS - .B ldap_compare_s() - returns an LDAP error code which can be interpreted -@@ -48,6 +79,12 @@ by calling one of - and friends. ldap_compare() returns - -1 if something went wrong initiating the request. It returns the - non-negative message id of the request if things went ok. -+.LP -+.B ldap_compare_ext_s() -+and -+.B ldap_compare_ext() -+return some Non-zero value other than 0x05 or 0x06 in case of failure. -+0x05 corresponds to LDAP_COMPARE_FALSE and 0x06 corresponds to LDAP_COMPARE_TRUE. - .SH BUGS - There is no way to compare binary values, but there should be. - .SH SEE ALSO -Index: openldap-2.3.19/doc/man/man3/ldap_delete.3 -=================================================================== ---- openldap-2.3.19.orig/doc/man/man3/ldap_delete.3 -+++ openldap-2.3.19/doc/man/man3/ldap_delete.3 -@@ -1,9 +1,9 @@ - .TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION" --.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.13.2.4 2007/01/02 21:43:44 kurt Exp $ -+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.15 2006/01/03 22:12:04 kurt Exp $ - .\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved. - .\" Copying restrictions apply. See COPYRIGHT/LICENSE. - .SH NAME --ldap_delete, ldap_delete_s \- Perform an LDAP delete operation -+ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation. - .SH LIBRARY - OpenLDAP LDAP (libldap, -lldap) - .SH SYNOPSIS -@@ -22,22 +22,51 @@ int ldap_delete(ld, dn) - .ft - LDAP *ld; - char *dn; -+.LP -+.ft B -+int ldap_delete_ext(ld, dn, serverctrls, clientctrls, msgidp) -+.ft -+LDAP *ld; -+char *dn; -+LDAPControl **serverctrls, **clientctrls; -+int *msgidp; -+.LP -+.ft B -+int ldap_delete_ext_s(ld, dn, serverctrls, clientctrls) -+.ft -+LDAP *ld; -+char *dn; -+LDAPControl **serverctrls, **clientctrls; - .SH DESCRIPTION - The - .B ldap_delete_s() - routine is used to perform an LDAP delete operation --synchronously. It takes \fIdn\fP, the DN of the entry to be deleted. -+synchronously. It takes \fIdn\fP, the DN of the entry to be deleted. - It returns an LDAP error code, indicating the success or failure of the - operation. - .LP - The - .B ldap_delete() - routine is used to perform an LDAP delete operation --asynchronously. It takes the same parameters as --.BR ldap_delete_s() , --but returns the message id of the request it initiated. The result of -+asynchronously. It takes the same parameters as -+.BR ldap_delete_s(), -+but returns the message id of the request it initiated. The result of - the delete can be obtained by a subsequent call to - .BR ldap_result (3). -+.LP -+The -+.B ldap_delete_ext() -+routine allows server and client controls to be -+specified to extend the delete request. This routine is asynchronous like -+ldap_delete(), but its return value is an LDAP error code. It stores the -+message id of the request in the integer pointed to by msgidp. -+.LP -+The -+.B ldap_delete_ext_s() -+routine is the synchronous version of -+.BR ldap_delete_ext(). -+It also returns an LDAP error code indicating success -+or failure of the operation. - .SH ERRORS - .B ldap_delete_s() - returns an LDAP error code which can be interpreted -@@ -45,8 +74,14 @@ by calling one of - .BR ldap_perror (3) - and friends. - .B ldap_delete() --returns -1 if something went wrong initiating the request. It returns the -+returns -1 if something went wrong initiating the request. It returns the - non-negative message id of the request if things went ok. -+.LP -+.B ldap_delete_ext() -+and -+.B ldap_delete_ext_s() -+return some Non-zero value if -+something went wrong initiating the request, else return 0. - .SH SEE ALSO - .BR ldap (3), - .BR ldap_error (3) -Index: openldap-2.3.19/doc/man/man3/ldap_extended_operation.3 -=================================================================== ---- /dev/null -+++ openldap-2.3.19/doc/man/man3/ldap_extended_operation.3 -@@ -0,0 +1,64 @@ -+.TH LDAP_EXTENDED_OPERATION 3 "RELEASEDATE" "OpenLDAP LDVERSION" -+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_extended_operation.3,v 1.17 2006/01/03 22:12:04 kurt Exp $ -+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. -+.\" Copying restrictions apply. See COPYRIGHT/LICENSE. -+.SH NAME -+ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server. -+.SH LIBRARY -+OpenLDAP LDAP (libldap, -lldap) -+.SH SYNOPSIS -+.nf -+.ft B -+#include -+.LP -+.ft B -+int ldap_extended_operation( ld, requestoid, requestdata, sctrls[], cctrls[], msgidp ); -+.ft -+LDAP *ld; -+const char *requestoid; -+const struct berval *requestdata; -+LDAPControl *sctrls[], *cctrls[]; -+int *msgidp; -+.LP -+.ft B -+int ldap_extended_operation_s( ld, requestoid, requestdata, sctrls[], cctrls[], retoidp, retdatap ); -+.ft -+LDAP *ld, -+const char *requestoid; -+const struct berval *requestdata; -+LDAPControl *sctrls[], *cctrls[]; -+char **retoidp; -+struct berval **retdatap; -+.SH DESCRIPTION -+The -+.B ldap_extended_operation_s -+method is used to synchronously send an extended operation to the server. -+It takes \fIrequestoid\fP, which points to a dotted OID text string identifying -+the extended operation to perform. \fIrequestdata\fP is the data required for the -+operation, \fIseverctrls\fP is an array of LDAPControl structures to use with this -+extended operation,\fIclientctrls\fP is an array of LDAPControl structures that list -+the client controls to use with this extended operation .The input parameter -+\fIretoidp\fP points to a dotted-OID text string returned by the LDAP server. -+The memory used by the string should be freed with the ldap_memfree function. -+retdatap is an output parameter which points to a pointer to a berval structure -+that contains the returned data. If no data is returned, the server set this -+to NULL. The memory used by this structure should be freed with the ber_bvfree -+function. -+.LP -+The -+.B ldap_extended_operation -+works just like ldap_extended_operation_s, but the operation is asynchornous. -+It returns the message id of the request it initiated. -+The result of this operation can be obtained by calling -+.BR ldap_result(3). -+.SH NOTES -+The LDAP server must support the operation; otherwise an -+LDAP_NOT_SUPPORTED error is returned. -+.SH SEE ALSO -+.BR ldap_result (3), -+.BR ldap_parse_extended_result (3) -+.SH ACKNOWLEDGEMENTS -+.B OpenLDAP -+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). -+.B OpenLDAP -+is derived from University of Michigan LDAP 3.3 Release. -Index: openldap-2.3.19/doc/man/man3/ldap_extended_operation.3.links -=================================================================== ---- /dev/null -+++ openldap-2.3.19/doc/man/man3/ldap_extended_operation.3.links -@@ -0,0 +1,2 @@ -+ldap_extended_operation_s.3 -+ -Index: openldap-2.3.19/doc/man/man3/ldap_parse_sort_control.3 -=================================================================== ---- /dev/null -+++ openldap-2.3.19/doc/man/man3/ldap_parse_sort_control.3 -@@ -0,0 +1,44 @@ -+.TH LDAP_PARSE_SORT-CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION" -+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_sort_control.3,v 1.15 2006/01/03 22:12:04 kurt Exp $ -+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. -+.\" Copying restrictions apply. See COPYRIGHT/LICENSE. -+.SH NAME -+ldap_parse_sort_control \- Decodes the information returned from a search operation -+that used a server-side sort control. -+.SH LIBRARY -+OpenLDAP LDAP (libldap, -lldap) -+.SH SYNOPSIS -+.nf -+.ft B -+#include -+.LP -+.ft B -+int ldap_parse_sort_control(ld, ctrls, returnCode, attribute) -+.ft -+LDAP *ld; -+LDAPControl **ctrls; -+unsigned long *returnCode; -+char **attribute; -+.SH DESCRIPTION -+This function is used to parse the results returned in a search operation -+that uses a server-side sort control. -+.LP -+It takes a null terminated array of LDAPControl structures usually obtained -+by a call to the -+.BR ldap_parse_result -+function. A returncode which points to the sort control result code,and an array -+of LDAPControl structures that list the client controls to use with the search. -+The function also takes an out parameter \fIattribute\fP and if the sort operation -+fails, the server may return a string that indicates the first attribute in the -+sortKey list that caused the failure. If this parameter is NULL, no string is -+returned. If a string is returned, the memory should be freed by calling the -+ldap_memfree function. -+.SH NOTES -+.SH SEE ALSO -+.BR ldap_result (3), -+.BR ldap_controls_free (3) -+.SH ACKNOWLEDGEMENTS -+.B OpenLDAP -+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). -+.B OpenLDAP -+is derived from University of Michigan LDAP 3.3 Release. -Index: openldap-2.3.19/doc/man/man3/ldap_parse_vlv_control.3 -=================================================================== ---- /dev/null -+++ openldap-2.3.19/doc/man/man3/ldap_parse_vlv_control.3 -@@ -0,0 +1,53 @@ -+.TH LDAP_PARSE_VLV_CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION" -+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_vlv_control.3,v 1.17 2006/01/03 22:12:04 kurt Exp $ -+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. -+.\" Copying restrictions apply. See COPYRIGHT/LICENSE. -+.SH NAME -+ldap_parse_vlv_control \- Decodes the information returned from a search operation that -+used a VLV (virtual list view) control. -+.SH LIBRARY -+OpenLDAP LDAP (libldap, -lldap) -+.SH SYNOPSIS -+.nf -+.ft B -+#include -+.LP -+.ft B -+int ldap_parse_vlv_control( ld, ctrlp, target_posp, list_countp, contextp, errcodep ); -+.ft -+LDAP *ld; -+LDAPControl **ctrlp; -+unsigned long *target_posp, *list_countp; -+struct berval **contextp; -+int *errcodep; -+.SH DESCRIPTION -+The -+.B ldap_parse_vlv_control -+is used to decode the information returned from a search operation that used a -+VLV (virtual list view)control. It takes a null terminated array of LDAPControl -+structures, usually obtained by a call to the -+.BR ldap_parse_result function, -+a \fItarget_pos\fP which points to the list index of the target entry. If -+this parameter is NULL, the target position is not returned. The index returned -+is an approximation of the position of the target entry. It is -+not guaranteed to be exact. The parameter \fIlist_countp\fP points to -+the server's estimate of the size of the list. If this parameter is NULL, the -+size is not returned. \fIcontextp\fP is a pointer to the address of a berval -+structure that contains a server-generated context identifier if server returns -+one. If server does not return a context identifier, the server returns a NULL -+in this parameter. If this parameter is set to NULL, the context identifier is -+not returned. You should use this returned context in the next call to -+create a VLV control. When the berval structure is no longer needed, you should -+free the memory by calling the \fIber_bvfree function.e\fP -+\fIerrcodep\fP is an output paremeter, which points to the result code returned -+by the server. If this parameter is NULL, the result code is not returned. -+.LP -+See -+ldap.h for a list of possible return codes. -+.SH SEE ALSO -+.BR ldap_search (3) -+.SH ACKNOWLEDGEMENTS -+.B OpenLDAP -+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). -+.B OpenLDAP -+is derived from University of Michigan LDAP 3.3 Release. -Index: openldap-2.3.19/doc/man/man3/ldap_rename.3 -=================================================================== ---- /dev/null -+++ openldap-2.3.19/doc/man/man3/ldap_rename.3 -@@ -0,0 +1,69 @@ -+.TH LDAP_RENAME 3 "RELEASEDATE" "OpenLDAP LDVERSION" -+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_rename.3,v 1.17 2006/01/03 22:12:04 kurt Exp $ -+.\" Copyright 1998-2006 The OpenLDAP Foundation All Rights Reserved. -+.\" Copying restrictions apply. See COPYRIGHT/LICENSE. -+.SH NAME -+ldap_rename, ldap_rename_s \- Renames the specified entry. -+.SH LIBRARY -+OpenLDAP LDAP (libldap, -lldap) -+.SH SYNOPSIS -+.nf -+.ft B -+#include -+.LP -+.ft B -+int ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[], msgidp ); -+.ft -+LDAP *ld; -+const char *dn, *newrdn, *newparent; -+int deleteoldrdn; -+LDAPControl *sctrls[], *cctrls[]; -+int *msgidp); -+.LP -+.ft B -+int ldap_rename_s( ld, dn, newrdn, newparent, deleteoldrdn, sctrls[], cctrls[] ); -+.ft -+LDAP *ld; -+const char *dn, *newrdn, *newparent; -+int deleteoldrdn; -+LDAPControl *sctrls[], *cctrls[]; -+.SH DESCRIPTION -+These routines are used to perform a LDAP rename operation. -+The function changes the leaf component of an entry's distinguished -+name and optionally moves the entry to a new parent container. The -+.B ldap_rename_s -+performs a rename operation synchronously. -+The method takes \fIdn\fP, which points to the distinguished name of -+the entry whose attribute is being compared, \fInewparent\fP,the distinguished -+name of the entry's new parent. If this parameter is NULL, only the RDN is changed. -+The root DN is specified by passing a zero length string, "". -+\fIdeleteoldrdn\fP specifies whether the old RDN should be retained or deleted. -+Zero indicates that the old RDN should be retained. If you choose this option, -+the attribute will contain both names (the old and the new). -+Non-zero indicates that the old RDN should be deleted. -+\fIserverctrls\fP points to an array of LDAPControl structures that list the -+client controls to use with this extended operation. Use NULL to specify -+no client controls. \fIclientctrls\fP points to an array of LDAPControl -+structures that list the client controls to use with the search. -+.LP -+.B ldap_rename -+works just like -+.B ldap_rename_s, -+but the operation is asynchornous. It returns the message id of the request -+it initiated. The result of this operation can be obtained by calling -+.BR ldap_result(3). -+.SH ERRORS -+.B ldap_rename() -+returns -1 in case of error initiating the request, and -+will set the \fIld_errno\fP field in the \fIld\fP parameter to -+indicate the error. -+.BR ldap_rename_s() -+returns the LDAP error code resulting from the rename operation. -+.SH SEE ALSO -+.BR ldap (3), -+.BR ldap_modify (3) -+.SH ACKNOWLEDGEMENTS -+.B OpenLDAP -+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). -+.B OpenLDAP -+is derived from University of Michigan LDAP 3.3 Release. -Index: openldap-2.3.19/doc/man/man3/ldap_rename.3.links -=================================================================== ---- /dev/null -+++ openldap-2.3.19/doc/man/man3/ldap_rename.3.links -@@ -0,0 +1,2 @@ -+ldap_rename_s.3 -+ -Index: openldap-2.3.19/doc/man/man3/ldap_result.3 -=================================================================== ---- openldap-2.3.19.orig/doc/man/man3/ldap_result.3 -+++ openldap-2.3.19/doc/man/man3/ldap_result.3 -@@ -72,7 +72,8 @@ all references, all extended partial res - result have been received. - .LP - Upon success, the type of the result received is returned and the --\fIresult\fP parameter will contain the result of the operation. This -+\fIresult\fP parameter will contain the result of the operation; -+otherwise, the \fIresult\fP parameter is undefined. This - result should be passed to the LDAP parsing routines, - .BR ldap_first_message (3) - and friends, for interpretation. -Index: openldap-2.3.19/doc/man/man3/ldap_search.3 -=================================================================== ---- openldap-2.3.19.orig/doc/man/man3/ldap_search.3 -+++ openldap-2.3.19/doc/man/man3/ldap_search.3 -@@ -1,9 +1,9 @@ - .TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION" --.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.17.2.6 2007/01/02 21:43:45 kurt Exp $ -+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.21 2006/01/03 22:12:04 kurt Exp $ - .\" Copyright 1998-2007 The OpenLDAP Foundation All Rights Reserved. - .\" Copying restrictions apply. See COPYRIGHT/LICENSE. - .SH NAME --ldap_search, ldap_search_s, ldap_search_st \- Perform an LDAP search operation -+ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation - .SH LIBRARY - OpenLDAP LDAP (libldap, -lldap) - .SH SYNOPSIS -@@ -41,6 +41,35 @@ char *filter, *attrs[] - int attrsonly; - struct timeval *timeout; - LDAPMessage **res; -+.LP -+.ft B -+int ldap_search_ext(ld, base, scope, filter, attrs, attrsonly, serverctrls, -+.ft -+clientctrls, timeout, sizelimit, msgidp) -+.ft -+LDAP *ld; -+char *base; -+int scope; -+char *filter, *attrs[] -+int attrsonly; -+LDAPControl **serverctrls, **clientctrls; -+struct timeval *timeout; -+int sizelimit, *msgidp; -+.LP -+.ft B -+int ldap_search_ext_s(ld, base, scope, filter, attrs, attrsonly, serverctrls, -+.ft -+clientctrls, timeout, sizelimit, res) -+.ft -+LDAP *ld; -+char *base; -+int scope; -+char *filter, *attrs[] -+int attrsonly; -+LDAPControl **serverctrls, **clientctrls; -+struct timeval *timeout; -+int sizelimit; -+LDAPMessage **res; - .SH DESCRIPTION - These routines are used to perform LDAP search operations. - .B ldap_search_s() -@@ -59,6 +88,7 @@ LDAP_SCOPE_ONELEVEL, to search the objec - or LDAP_SCOPE_SUBTREE, to search the object and all its descendants. - .LP - \fIFilter\fP is a string -+ - representation of the filter to apply in the search. Simple filters - can be specified as \fI(attributetype=attributevalue)\fP. More complex - filters are specified using a prefix notation according to the following -@@ -99,8 +129,24 @@ To request no attributes, the type "1.1" - should be listed by itself. - .LP - \fIAttrsonly\fP should be set to 1 if --only attribute types are wanted. It should be set to 0 if both -+only attribute types are wanted. It should be set to 0 if both - attributes types and attribute values are wanted. -+.LP -+.B ldap_search_ext() -+routine allows server and client controls to be specified to extend -+the search request. This routine is asynchronous like -+.BR ldap_search() , -+but its return value is an LDAP error code. It stores the message id -+of the request in the integer pointed to -+by -+.IR msgidp . -+.LP -+The -+.B ldap_search_ext_s() -+routine is the synchronous version of -+.BR ldap_search_ext(). -+It also returns an LDAP error code indicating success or failure -+of the operation. - .SH ERRORS - .B ldap_search_s() - and -@@ -111,15 +157,28 @@ See - for details. - .B ldap_search() - returns -1 in case of trouble. -+.LP -+.B ldap_search_s(), -+.B ldap_search_ext_s -+and -+.B ldap_search_st() -+will return the LDAP error code resulting from the search operation. -+See -+.BR ldap_error (3) -+for details. -+.B ldap_search() -+and -+.B ldap_search_ext -+returns -1 in case of trouble. - .SH NOTES - Note that both read - and list functionality are subsumed by these routines, - by using a filter like "(objectclass=*)" and a scope of LDAP_SCOPE_BASE (to - emulate read) or LDAP_SCOPE_ONELEVEL (to emulate list). - .LP --These routines may dynamically allocate memory. The caller is -+These routines may dynamically allocate memory. The caller is - responsible for freeing such memory using supplied deallocation --routines. Return values are contained in . -+routines. Return values are contained in . - .SH SEE ALSO - .BR ldap (3), - .BR ldap_result (3), diff --git a/openldap-2.3.39.tar.bz2 b/openldap-2.3.39.tar.bz2 deleted file mode 100644 index 8122c97..0000000 --- a/openldap-2.3.39.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5aff2138b220a8935713a7bef7bedaaa3a5a4126023f2f2b639d27c9b2fe6c01 -size 2954905 diff --git a/openldap-2.4.7.tar.bz2 b/openldap-2.4.7.tar.bz2 new file mode 100644 index 0000000..c1a2696 --- /dev/null +++ b/openldap-2.4.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7e01ba11f8bf904b1c1507f52d18ccb83f8c3141cf1d5fec3eaac01833f32739 +size 3283611 diff --git a/openldap-admin-guide.tar.bz2 b/openldap-admin-guide.tar.bz2 deleted file mode 100644 index 11df4f4..0000000 --- a/openldap-admin-guide.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dd03c8f47c7cd3bf9eb08c6b7245f3afa1eb3dbfeb0212235f129ec3d38a8fec -size 91075 diff --git a/openldap-ntlm.diff b/openldap-ntlm.diff index a18ddee..81fa846 100644 --- a/openldap-ntlm.diff +++ b/openldap-ntlm.diff @@ -27,26 +27,6 @@ + LDAP_END_DECL #endif /* _LDAP_H */ ---- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500 -+++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400 -@@ -20,7 +20,7 @@ - SRCS = bind.c open.c result.c error.c compare.c search.c \ - controls.c messages.c references.c extended.c cyrus.c \ - modify.c add.c modrdn.c delete.c abandon.c \ -- sasl.c sbind.c kbind.c unbind.c cancel.c \ -+ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \ - filter.c free.c sort.c passwd.c whoami.c \ - getdn.c getentry.c getattr.c getvalues.c addentry.c \ - request.c os-ip.c url.c sortctrl.c vlvctrl.c \ -@@ -29,7 +29,7 @@ - OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ - controls.lo messages.lo references.lo extended.lo cyrus.lo \ - modify.lo add.lo modrdn.lo delete.lo abandon.lo \ -- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \ -+ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \ - filter.lo free.lo sort.lo passwd.lo whoami.lo \ - getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ - request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \ --- /dev/null 2004-06-30 15:04:37.000000000 -0400 +++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400 @@ -0,0 +1,137 @@ @@ -187,3 +167,23 @@ + + return( ld->ld_errno ); +} +--- libraries/libldap/Makefile.in 2007/02/21 16:33:57 1.1 ++++ libraries/libldap/Makefile.in 2007/02/21 16:36:42 +@@ -20,7 +20,7 @@ + SRCS = bind.c open.c result.c error.c compare.c search.c \ + controls.c messages.c references.c extended.c cyrus.c \ + modify.c add.c modrdn.c delete.c abandon.c \ +- sasl.c sbind.c unbind.c cancel.c \ ++ sasl.c ntlm.c sbind.c unbind.c cancel.c \ + filter.c free.c sort.c passwd.c whoami.c \ + getdn.c getentry.c getattr.c getvalues.c addentry.c \ + request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \ +@@ -31,7 +31,7 @@ + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ + controls.lo messages.lo references.lo extended.lo cyrus.lo \ + modify.lo add.lo modrdn.lo delete.lo abandon.lo \ +- sasl.lo sbind.lo unbind.lo cancel.lo \ ++ sasl.lo ntlm.lo sbind.lo unbind.lo cancel.lo \ + filter.lo free.lo sort.lo passwd.lo whoami.lo \ + getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \ + request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \ diff --git a/openldap-rc.tgz b/openldap-rc.tgz index 5dbf1db..4b95817 100644 --- a/openldap-rc.tgz +++ b/openldap-rc.tgz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2e9338b64501752c54ac1be438c424402fb9cb9386112da0c59802da192a0981 -size 4903 +oid sha256:84bacc3aed76e118b16d780980db56df1cc81dcb4644a429d34b7d7cb774bac4 +size 4836 diff --git a/openldap2-client.changes b/openldap2-client.changes index 132affb..ae16351 100644 --- a/openldap2-client.changes +++ b/openldap2-client.changes @@ -1,3 +1,68 @@ +------------------------------------------------------------------- +Fri Dec 14 13:53:33 CET 2007 - rhafer@suse.de + +- Update to Version 2.4.7. Most important changes: + * Added slapd ordered indexing of integer attributes (ITS#5239) + * Fixed slapd paged results control handling (ITS#5191) + * Fixed slapd sasl-host parsing (ITS#5209) + * Fixed slapd filter normalization (ITS#5212) + * Fixed slapd multiple suffix checking (ITS#5186) + * Fixed slapd paged results handling when using rootdn (ITS#5230) + * Fixed slapd syncrepl presentlist handling (ITS#5231) + * Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236) + * Fixed slapd 3-way Multi-Master Replication (ITS#5238) + * Fixed slapd hash collisions in index slots (ITS#5183) + * Fixed slapd replication of dSAOperation attributes (ITS#5268) + * Fixed slapadd contextCSN updating (ITS#5225) + * Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232) + * Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257) + * Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262) + * Fixed slapd-hdb caching on rename ops (ITS#5221) + * Fixed slapo-accesslog abandoned op cleanup (ITS#5161) + * Fixed slapo-dds deleting from nonexistent db (ITS#5267) + * Fixed slapo-memberOf deleted values saving (ITS#5258) + * Fixed slapo-pcache op->o_abandon handling (ITS#5187) + * Fixed slapo-ppolicy single password check on modify (ITS#5146) + * Fixed slapo-ppolicy internal search (ITS#5235) + * Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210) + * Fixed slapo-syncprov ignore invalid cookies (ITS#5211) + * Fixed slapo-translucent interaction with slapo-rwm (ITS#4889) + +------------------------------------------------------------------- +Thu Nov 29 15:43:11 CET 2007 - rhafer@suse.de + +- check for duplicates in getaddrinfo results and ignore them. + (Bug #288879) + +------------------------------------------------------------------- +Tue Nov 27 13:51:52 CET 2007 - rhafer@suse.de + +- The init-script removed directory access on /etc/openldap/slapd.d + (Bug #344091) + +------------------------------------------------------------------- +Mon Nov 26 15:56:28 CET 2007 - rhafer@suse.de + +- Update to Version 2.4.6. Initial 2.4 release for "general use". + New features: + * Usability/Manageability: + - More complete Documentation (manual pages and Admin Guide) + - dynamic configuration and monitoring improvments + * More functionality + - New overlays (dds, memberof, constraint) + - Multimaster syncrepl replication + * Performance improvments: + - Further optimized frontend + - Reduced locking contention in backend +- back-config support through new sysconfig option + "OPENLDAP_CONFIG_BACKEND" +- Install admin guide from the main tarball, to get rid of the + admin-guide tarball +- New sysconfig options: + * OPENLDAP_START_LDAP to allow to disable the ldap:// listener + * OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:/// + listeners + ------------------------------------------------------------------- Mon Oct 29 16:59:18 CET 2007 - rhafer@suse.de diff --git a/openldap2-client.spec b/openldap2-client.spec index 1803a85..fe2a5a2 100644 --- a/openldap2-client.spec +++ b/openldap2-client.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2-client (Version 2.3.39) +# spec file for package openldap2-client (Version 2.4.7) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -27,14 +27,13 @@ Conflicts: openldap-client Summary: OpenLDAP2 Client Utilities %endif AutoReqProv: on -Version: 2.3.39 -Release: 1 +Version: 2.4.7 +Release: 2 Source: openldap-%{version}.tar.bz2 Source1: openldap-rc.tgz -Source2: openldap-admin-guide.tar.bz2 -Source3: addonschema.tar.gz -Source4: DB_CONFIG -Source5: sasl-slapd.conf +Source2: addonschema.tar.gz +Source3: DB_CONFIG +Source4: sasl-slapd.conf Patch: openldap2.dif Patch1: secpatch.dif Patch2: slapd_conf.dif @@ -43,8 +42,7 @@ Patch4: ldapi_url.dif Patch5: openldap-ntlm.diff Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif -Patch8: libldap-manpages.dif -Patch9: slapd_chain_return_error.dif +Patch8: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -109,7 +107,7 @@ Authors: The OpenLDAP Project %prep -%setup -q -n openldap-%{version} -a1 -a2 -a3 +%setup -q -n openldap-%{version} -a1 -a2 %patch %patch1 %patch2 @@ -117,11 +115,8 @@ Authors: %patch4 %patch5 %patch6 -%if %suse_version > 920 %patch7 -%endif %patch8 -p1 -%patch9 -p1 %build %{?suse_update_config:%{suse_update_config -f build}} @@ -166,9 +161,6 @@ make depend make %{?jobs:-j%jobs} %check -rm tests/scripts/test022-ppolicy -rm tests/scripts/test036-meta-concurrency -rm tests/scripts/test039-glue-ldap-concurrency # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then @@ -177,6 +169,7 @@ if [ -f /.buildenv ] ; then fi export SLAPD_BASEPORT %ifnarch %arm alpha +rm -f tests/scripts/test022-ppolicy make test %endif @@ -185,15 +178,13 @@ mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/usr/sbin make DESTDIR=$RPM_BUILD_ROOT install install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap -install -m 755 rc.slurpd $RPM_BUILD_ROOT/etc/init.d/slurpd ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap -ln -sf ../../etc/init.d/slurpd $RPM_BUILD_ROOT/usr/sbin/rcslurpd +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2 -install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf +install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/apparmor/profiles/extras/ install -m 644 apparmor/usr.lib.openldap.slapd $RPM_BUILD_ROOT/%{_sysconfdir}/apparmor/profiles/extras/usr.lib.openldap.slapd install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap -install -m 700 -d $RPM_BUILD_ROOT/var/lib/slurpd chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so* chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so* chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* @@ -201,10 +192,12 @@ chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema -install -m 644 $RPM_SOURCE_DIR/DB_CONFIG $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG +install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/ install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap +rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d` +rm -rf doc/guide/release rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example %endif @@ -226,28 +219,26 @@ cat >openldap2.filelist <openldap2.filelist < openldap2-client.filelist < openldap2-client.filelist <o_abandon handling (ITS#5187) + * Fixed slapo-ppolicy single password check on modify (ITS#5146) + * Fixed slapo-ppolicy internal search (ITS#5235) + * Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210) + * Fixed slapo-syncprov ignore invalid cookies (ITS#5211) + * Fixed slapo-translucent interaction with slapo-rwm (ITS#4889) +* Thu Nov 29 2007 - rhafer@suse.de +- check for duplicates in getaddrinfo results and ignore them. + (Bug #288879) +* Tue Nov 27 2007 - rhafer@suse.de +- The init-script removed directory access on /etc/openldap/slapd.d + (Bug #344091) +* Mon Nov 26 2007 - rhafer@suse.de +- Update to Version 2.4.6. Initial 2.4 release for "general use". + New features: + * Usability/Manageability: + - More complete Documentation (manual pages and Admin Guide) + - dynamic configuration and monitoring improvments + * More functionality + - New overlays (dds, memberof, constraint) + - Multimaster syncrepl replication + * Performance improvments: + - Further optimized frontend + - Reduced locking contention in backend +- back-config support through new sysconfig option + "OPENLDAP_CONFIG_BACKEND" +- Install admin guide from the main tarball, to get rid of the + admin-guide tarball +- New sysconfig options: + * OPENLDAP_START_LDAP to allow to disable the ldap:// listener + * OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:/// + listeners * Mon Oct 29 2007 - rhafer@suse.de - Update to Version 2.3.39. Most important changes: * Fixed slapd database/overlay config conflict (ITS#4848) diff --git a/openldap2.changes b/openldap2.changes index 132affb..ae16351 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,68 @@ +------------------------------------------------------------------- +Fri Dec 14 13:53:33 CET 2007 - rhafer@suse.de + +- Update to Version 2.4.7. Most important changes: + * Added slapd ordered indexing of integer attributes (ITS#5239) + * Fixed slapd paged results control handling (ITS#5191) + * Fixed slapd sasl-host parsing (ITS#5209) + * Fixed slapd filter normalization (ITS#5212) + * Fixed slapd multiple suffix checking (ITS#5186) + * Fixed slapd paged results handling when using rootdn (ITS#5230) + * Fixed slapd syncrepl presentlist handling (ITS#5231) + * Fixed slapd core schema 'c' definition for RFC4519 (ITS#5236) + * Fixed slapd 3-way Multi-Master Replication (ITS#5238) + * Fixed slapd hash collisions in index slots (ITS#5183) + * Fixed slapd replication of dSAOperation attributes (ITS#5268) + * Fixed slapadd contextCSN updating (ITS#5225) + * Fixed slapd-bdb/hdb to report and fail on internal errors (ITS#5232) + * Fixed slapd-bdb/hdb dn2entry lock bug (ITS#5257) + * Fixed slapd-bdb/hdb dn2id lock bug (ITS#5262) + * Fixed slapd-hdb caching on rename ops (ITS#5221) + * Fixed slapo-accesslog abandoned op cleanup (ITS#5161) + * Fixed slapo-dds deleting from nonexistent db (ITS#5267) + * Fixed slapo-memberOf deleted values saving (ITS#5258) + * Fixed slapo-pcache op->o_abandon handling (ITS#5187) + * Fixed slapo-ppolicy single password check on modify (ITS#5146) + * Fixed slapo-ppolicy internal search (ITS#5235) + * Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210) + * Fixed slapo-syncprov ignore invalid cookies (ITS#5211) + * Fixed slapo-translucent interaction with slapo-rwm (ITS#4889) + +------------------------------------------------------------------- +Thu Nov 29 15:43:11 CET 2007 - rhafer@suse.de + +- check for duplicates in getaddrinfo results and ignore them. + (Bug #288879) + +------------------------------------------------------------------- +Tue Nov 27 13:51:52 CET 2007 - rhafer@suse.de + +- The init-script removed directory access on /etc/openldap/slapd.d + (Bug #344091) + +------------------------------------------------------------------- +Mon Nov 26 15:56:28 CET 2007 - rhafer@suse.de + +- Update to Version 2.4.6. Initial 2.4 release for "general use". + New features: + * Usability/Manageability: + - More complete Documentation (manual pages and Admin Guide) + - dynamic configuration and monitoring improvments + * More functionality + - New overlays (dds, memberof, constraint) + - Multimaster syncrepl replication + * Performance improvments: + - Further optimized frontend + - Reduced locking contention in backend +- back-config support through new sysconfig option + "OPENLDAP_CONFIG_BACKEND" +- Install admin guide from the main tarball, to get rid of the + admin-guide tarball +- New sysconfig options: + * OPENLDAP_START_LDAP to allow to disable the ldap:// listener + * OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:/// + listeners + ------------------------------------------------------------------- Mon Oct 29 16:59:18 CET 2007 - rhafer@suse.de diff --git a/openldap2.dif b/openldap2.dif index 0e2ce87..f70791d 100644 --- a/openldap2.dif +++ b/openldap2.dif @@ -1,6 +1,8 @@ ---- build/top.mk +Index: build/top.mk +=================================================================== +--- build/top.mk.orig +++ build/top.mk -@@ -39,7 +39,7 @@ +@@ -39,7 +39,7 @@ libdir = @libdir@ libexecdir = @libexecdir@ localstatedir = @localstatedir@ mandir = @mandir@ @@ -9,7 +11,7 @@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ sysconfdir = @sysconfdir@$(ldap_subdir) -@@ -58,7 +58,7 @@ +@@ -58,7 +58,7 @@ INSTALL_PROGRAM = $(INSTALL) INSTALL_DATA = $(INSTALL) -m 644 INSTALL_SCRIPT = $(INSTALL) @@ -18,9 +20,11 @@ LINT = lint 5LINT = 5lint ---- configure.in +Index: configure.in +=================================================================== +--- configure.in.orig +++ configure.in -@@ -64,7 +64,9 @@ +@@ -67,7 +67,9 @@ dnl Determine host platform dnl we try not to use this for much AC_CANONICAL_TARGET([]) @@ -31,9 +35,11 @@ AC_SUBST(PACKAGE)dnl AC_SUBST(VERSION)dnl AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) ---- servers/slapd/aclparse.c +Index: servers/slapd/aclparse.c +=================================================================== +--- servers/slapd/aclparse.c.orig +++ servers/slapd/aclparse.c -@@ -662,7 +662,7 @@ +@@ -644,7 +644,7 @@ parse_acl( if ( rc != LDAP_SUCCESS ) { char buf[ SLAP_TEXT_BUFLEN ]; @@ -42,3 +48,21 @@ " attr \"%s\" normalization failed (%d: %s)", fname, lineno, a->acl_attrs[ 0 ].an_name.bv_val, rc, text ); +Index: libraries/libldap/result.c +=================================================================== +--- libraries/libldap/result.c.orig ++++ libraries/libldap/result.c +@@ -639,10 +639,12 @@ retry_ber: + if ( LDAP_IS_UDP(ld) && isv2 ) { + ber_scanf(ber, "x{"); + } +-nextresp2: + #endif + } + ++#ifdef LDAP_CONNECTIONLESS ++nextresp2: ++#endif + /* the message type */ + tag = ber_peek_tag( ber, &len ); + if ( tag == LBER_ERROR ) { diff --git a/openldap2.spec b/openldap2.spec index fb4d7eb..d3facbc 100644 --- a/openldap2.spec +++ b/openldap2.spec @@ -1,5 +1,5 @@ # -# spec file for package openldap2 (Version 2.3.39) +# spec file for package openldap2 (Version 2.4.7) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -27,14 +27,13 @@ Conflicts: openldap-client Summary: The New OpenLDAP Server (LDAPv3) %endif AutoReqProv: on -Version: 2.3.39 -Release: 1 +Version: 2.4.7 +Release: 2 Source: openldap-%{version}.tar.bz2 Source1: openldap-rc.tgz -Source2: openldap-admin-guide.tar.bz2 -Source3: addonschema.tar.gz -Source4: DB_CONFIG -Source5: sasl-slapd.conf +Source2: addonschema.tar.gz +Source3: DB_CONFIG +Source4: sasl-slapd.conf Patch: openldap2.dif Patch1: secpatch.dif Patch2: slapd_conf.dif @@ -43,8 +42,7 @@ Patch4: ldapi_url.dif Patch5: openldap-ntlm.diff Patch6: libldap-gethostbyname_r.dif Patch7: pie-compile.dif -Patch8: libldap-manpages.dif -Patch9: slapd_chain_return_error.dif +Patch8: slapd_getaddrinfo_dupl.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -112,7 +110,7 @@ Authors: The OpenLDAP Project %prep -%setup -q -n openldap-%{version} -a1 -a2 -a3 +%setup -q -n openldap-%{version} -a1 -a2 %patch %patch1 %patch2 @@ -120,11 +118,8 @@ Authors: %patch4 %patch5 %patch6 -%if %suse_version > 920 %patch7 -%endif %patch8 -p1 -%patch9 -p1 %build %{?suse_update_config:%{suse_update_config -f build}} @@ -169,9 +164,6 @@ make depend make %{?jobs:-j%jobs} %check -rm tests/scripts/test022-ppolicy -rm tests/scripts/test036-meta-concurrency -rm tests/scripts/test039-glue-ldap-concurrency # calculate the base port to be use in the test-suite SLAPD_BASEPORT=10000 if [ -f /.buildenv ] ; then @@ -180,6 +172,7 @@ if [ -f /.buildenv ] ; then fi export SLAPD_BASEPORT %ifnarch %arm alpha +rm -f tests/scripts/test022-ppolicy make test %endif @@ -188,15 +181,13 @@ mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/usr/sbin make DESTDIR=$RPM_BUILD_ROOT install install -m 755 rc.ldap $RPM_BUILD_ROOT/etc/init.d/ldap -install -m 755 rc.slurpd $RPM_BUILD_ROOT/etc/init.d/slurpd ln -sf ../../etc/init.d/ldap $RPM_BUILD_ROOT/usr/sbin/rcldap -ln -sf ../../etc/init.d/slurpd $RPM_BUILD_ROOT/usr/sbin/rcslurpd +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/slapd.d mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2 -install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf +install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/sasl2/slapd.conf mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/apparmor/profiles/extras/ install -m 644 apparmor/usr.lib.openldap.slapd $RPM_BUILD_ROOT/%{_sysconfdir}/apparmor/profiles/extras/usr.lib.openldap.slapd install -m 755 -d $RPM_BUILD_ROOT/var/lib/ldap -install -m 700 -d $RPM_BUILD_ROOT/var/lib/slurpd chmod a+x $RPM_BUILD_ROOT/%{_libdir}/liblber.so* chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap_r.so* chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* @@ -204,10 +195,12 @@ chmod a+x $RPM_BUILD_ROOT/%{_libdir}/libldap.so* mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates install -m 644 sysconfig.openldap $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.openldap install -m 644 *.schema $RPM_BUILD_ROOT/etc/openldap/schema -install -m 644 $RPM_SOURCE_DIR/DB_CONFIG $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG +install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG install -m 644 $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example $RPM_BUILD_ROOT/var/lib/ldap/DB_CONFIG.example install -d $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/ install -m 644 SuSEfirewall2.openldap $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/openldap +rm -f `find doc/guide ! -name *.html -a ! -name *.gif -a ! -name *.png -a ! -type d` +rm -rf doc/guide/release rm -f $RPM_BUILD_ROOT/etc/openldap/DB_CONFIG.example rm -f $RPM_BUILD_ROOT/var/run/slapd/openldap-data/DB_CONFIG.example %endif @@ -229,28 +222,26 @@ cat >openldap2.filelist <openldap2.filelist < openldap2-client.filelist < openldap2-client.filelist <o_abandon handling (ITS#5187) + * Fixed slapo-ppolicy single password check on modify (ITS#5146) + * Fixed slapo-ppolicy internal search (ITS#5235) + * Fixed slapo-syncprov refresh and persist cookie sending (ITS#5210) + * Fixed slapo-syncprov ignore invalid cookies (ITS#5211) + * Fixed slapo-translucent interaction with slapo-rwm (ITS#4889) +* Thu Nov 29 2007 - rhafer@suse.de +- check for duplicates in getaddrinfo results and ignore them. + (Bug #288879) +* Tue Nov 27 2007 - rhafer@suse.de +- The init-script removed directory access on /etc/openldap/slapd.d + (Bug #344091) +* Mon Nov 26 2007 - rhafer@suse.de +- Update to Version 2.4.6. Initial 2.4 release for "general use". + New features: + * Usability/Manageability: + - More complete Documentation (manual pages and Admin Guide) + - dynamic configuration and monitoring improvments + * More functionality + - New overlays (dds, memberof, constraint) + - Multimaster syncrepl replication + * Performance improvments: + - Further optimized frontend + - Reduced locking contention in backend +- back-config support through new sysconfig option + "OPENLDAP_CONFIG_BACKEND" +- Install admin guide from the main tarball, to get rid of the + admin-guide tarball +- New sysconfig options: + * OPENLDAP_START_LDAP to allow to disable the ldap:// listener + * OPENLDAP_LDAPI_INTERFACES to specify the paths for the ldapi:/// + listeners * Mon Oct 29 2007 - rhafer@suse.de - Update to Version 2.3.39. Most important changes: * Fixed slapd database/overlay config conflict (ITS#4848) diff --git a/pie-compile.dif b/pie-compile.dif index 388f2b1..0514654 100644 --- a/pie-compile.dif +++ b/pie-compile.dif @@ -48,18 +48,6 @@ XDEFS = $(MODULES_CPPFLAGS) XLDFLAGS = $(MODULES_LDFLAGS) ---- servers/slurpd/Makefile.in 2005/06/22 09:28:58 1.1 -+++ servers/slurpd/Makefile.in 2005/06/22 10:05:30 -@@ -38,6 +38,9 @@ - - all-local-srv: $(PROGRAMS) - -+PIE_CFLAGS="-fPIE" -+PIE_LDFLAGS="-pie" -+ - # $(LTHREAD_LIBS) must be last! - XLIBS = $(SLURPD_L) - XXLIBS = $(SLURPD_LIBS) $(SECURITY_LIBS) $(LUTIL_LIBS) --- servers/slapd/back-bdb/Makefile.in 2005/06/22 10:05:47 1.1 +++ servers/slapd/back-bdb/Makefile.in 2005/06/22 10:06:22 @@ -37,6 +37,9 @@ @@ -78,18 +66,6 @@ MOD_DEFS = $(@BUILD_HDB@_DEFS) MOD_LIBS = $(LDBM_LIBS) -+PIE_CFLAGS="-fPIE" -+PIE_LDFLAGS="-pie" -+ - shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) - NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) - UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) ---- servers/slapd/back-ldbm/Makefile.in 2005/06/22 10:05:41 1.1 -+++ servers/slapd/back-ldbm/Makefile.in 2005/06/22 11:30:52 -@@ -36,6 +36,9 @@ - MOD_DEFS = $(@BUILD_LDBM@_DEFS) - MOD_LIBS = $(LDBM_LIBS) - +PIE_CFLAGS="-fPIE" +PIE_LDFLAGS="-pie" + diff --git a/slapd_chain_return_error.dif b/slapd_chain_return_error.dif deleted file mode 100644 index bab430f..0000000 --- a/slapd_chain_return_error.dif +++ /dev/null @@ -1,19 +0,0 @@ -Index: openldap-2.3.24/doc/man/man5/slapo-chain.5 -=================================================================== ---- openldap-2.3.24.orig/doc/man/man5/slapo-chain.5 -+++ openldap-2.3.24/doc/man/man5/slapo-chain.5 -@@ -79,6 +79,14 @@ These URIs inherit the properties config - \fBslapd-ldap\fP(5) before any occurrence of the \fBchain-uri\fP - directive; in detail, they are essentially chained anonymously. - .TP -+.B chain-return-error {FALSE|true} -+In case referral chasing fails, the real error is returned instead -+of the original referral. In case multiple referral URIs are present, -+only the first error is returned. This behavior may not be always -+appropriate nor desirable, since failures in referral chasing might be -+better resolved by the client (e.g. when caused by distributed -+authentication issues). -+.TP - .B chain-uri - This directive instantiates a new underlying \fIldap\fP database - and instructs it about which URI to contact to chase referrals. diff --git a/slapd_conf.dif b/slapd_conf.dif index d87ae8c..5f22516 100644 --- a/slapd_conf.dif +++ b/slapd_conf.dif @@ -1,7 +1,5 @@ -Index: servers/slapd/slapd.conf -=================================================================== ---- servers/slapd/slapd.conf.orig -+++ servers/slapd/slapd.conf +--- servers/slapd/slapd.conf 2007/02/21 16:27:01 1.1 ++++ servers/slapd/slapd.conf 2007/02/21 16:29:20 @@ -3,6 +3,10 @@ # This file should NOT be world readable. # @@ -13,7 +11,7 @@ Index: servers/slapd/slapd.conf # Define global ACLs to disable default read access. -@@ -10,16 +14,15 @@ include %SYSCONFDIR%/schema/core.schema +@@ -10,8 +14,8 @@ # service AND an understanding of referrals. #referral ldap://root.openldap.org @@ -23,20 +21,8 @@ Index: servers/slapd/slapd.conf +argsfile %LOCALSTATEDIR%/slapd.args # Load dynamic backend modules: --# modulepath %MODULEDIR% --# moduleload back_bdb.la -+modulepath %MODULEDIR% - # moduleload back_ldap.la --# moduleload back_ldbm.la --# moduleload back_passwd.la --# moduleload back_shell.la -+# moduleload back_meta.la -+# moduleload back_monitor.la -+# moduleload back_perl.la - - # Sample security restrictions - # Require integrity protection (prevent hijacking) -@@ -28,20 +31,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args + # modulepath %MODULEDIR% +@@ -26,20 +30,30 @@ # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: @@ -81,7 +67,7 @@ Index: servers/slapd/slapd.conf # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") -@@ -54,6 +67,8 @@ argsfile %LOCALSTATEDIR%/run/slapd.args +@@ -52,6 +66,8 @@ database bdb suffix "dc=my-domain,dc=com" @@ -90,7 +76,7 @@ Index: servers/slapd/slapd.conf rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. -@@ -62,6 +77,6 @@ rootpw secret +@@ -60,6 +76,6 @@ # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. diff --git a/slapd_getaddrinfo_dupl.dif b/slapd_getaddrinfo_dupl.dif new file mode 100644 index 0000000..cc69239 --- /dev/null +++ b/slapd_getaddrinfo_dupl.dif @@ -0,0 +1,105 @@ +Index: openldap-2.4.6/servers/slapd/daemon.c +=================================================================== +--- openldap-2.4.6.orig/servers/slapd/daemon.c ++++ openldap-2.4.6/servers/slapd/daemon.c +@@ -983,7 +983,8 @@ slap_get_listener_addresses( + { + #ifdef HAVE_GETADDRINFO + struct addrinfo hints, *res, *sai; +- int n, err; ++ struct sockaddr **sap2; ++ int n, err, cmpres; + char serv[7]; + + memset( &hints, '\0', sizeof(hints) ); +@@ -1009,43 +1010,63 @@ slap_get_listener_addresses( + *sap = NULL; + + for ( sai=res; sai; sai=sai->ai_next ) { ++ cmpres=1; ++fprintf(stderr,"JO\n"); + if( sai->ai_addr == NULL ) { + Debug( LDAP_DEBUG_ANY, "slap_get_listener_addresses: " + "getaddrinfo ai_addr is NULL?\n", 0, 0, 0 ); + freeaddrinfo(res); + goto errexit; + } +- +- switch (sai->ai_family) { +-# ifdef LDAP_PF_INET6 +- case AF_INET6: +- *sap = ch_malloc(sizeof(struct sockaddr_in6)); +- if (*sap == NULL) { +- freeaddrinfo(res); +- goto errexit; ++ /* check for duplicates */ ++ for ( sap2 = *sal; sap && *sap2; sap2++ ){ ++fprintf(stderr,"JOJO\n"); ++ if ( sai->ai_family == (*sap2)->sa_family ) { ++ if (sai->ai_family == AF_INET6) { ++ cmpres = memcmp(sai->ai_addr, *sap2, ++ sizeof(struct sockaddr_in6)); ++ } else if (sai->ai_family == AF_INET) { ++ cmpres = memcmp(sai->ai_addr, *sap2, ++ sizeof(struct sockaddr_in)); ++ } ++ if (! cmpres ){ ++ fprintf(stderr, "DUPLICATE\n"); ++ break; ++ } + } +- *(struct sockaddr_in6 *)*sap = +- *((struct sockaddr_in6 *)sai->ai_addr); +- break; ++ } ++ if (cmpres){ ++ switch (sai->ai_family) { ++# ifdef LDAP_PF_INET6 ++ case AF_INET6: ++ *sap = ch_malloc(sizeof(struct sockaddr_in6)); ++ if (*sap == NULL) { ++ freeaddrinfo(res); ++ goto errexit; ++ } ++ *(struct sockaddr_in6 *)*sap = ++ *((struct sockaddr_in6 *)sai->ai_addr); ++ break; + # endif /* LDAP_PF_INET6 */ +- case AF_INET: +- *sap = ch_malloc(sizeof(struct sockaddr_in)); +- if (*sap == NULL) { +- freeaddrinfo(res); +- goto errexit; ++ case AF_INET: ++ *sap = ch_malloc(sizeof(struct sockaddr_in)); ++ if (*sap == NULL) { ++ freeaddrinfo(res); ++ goto errexit; ++ } ++ *(struct sockaddr_in *)*sap = ++ *((struct sockaddr_in *)sai->ai_addr); ++ break; ++ default: ++ *sap = NULL; ++ break; + } +- *(struct sockaddr_in *)*sap = +- *((struct sockaddr_in *)sai->ai_addr); +- break; +- default: +- *sap = NULL; +- break; +- } + +- if (*sap != NULL) { +- (*sap)->sa_family = sai->ai_family; +- sap++; +- *sap = NULL; ++ if (*sap != NULL) { ++ (*sap)->sa_family = sai->ai_family; ++ sap++; ++ *sap = NULL; ++ } + } + } +