1
0
forked from jengelh/openldap2

Accepting request 358048 from home:stroeder:branches:network:ldap

update to 2.4.44 (successfully tested on Tumbleweed x86_64)

OBS-URL: https://build.opensuse.org/request/show/358048
OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=150
This commit is contained in:
Howard Guo 2016-02-08 09:04:15 +00:00 committed by Git OBS Bridge
parent d3fab28acb
commit f74d513b91
8 changed files with 40 additions and 92 deletions

View File

@ -1,63 +1,38 @@
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 4938b85..b9bec75 100644 index b225fe5..e22e7f2 100644
--- a/servers/slapd/slapd.conf --- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf +++ b/servers/slapd/slapd.conf
@@ -2,7 +2,11 @@ @@ -3,6 +3,10 @@
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable. # This file should NOT be world readable.
# #
-include %SYSCONFDIR%/schema/core.schema include %SYSCONFDIR%/schema/core.schema
+include /etc/openldap/schema/core.schema +include %SYSCONFDIR%/schema/cosine.schema
+include /etc/openldap/schema/cosine.schema +include %SYSCONFDIR%/schema/inetorgperson.schema
+include /etc/openldap/schema/inetorgperson.schema +include %SYSCONFDIR%/schema/rfc2307bis.schema
+include /etc/openldap/schema/rfc2307bis.schema +include %SYSCONFDIR%/schema/yast.schema
+include /etc/openldap/schema/yast.schema
# Define global ACLs to disable default read access. # Define global ACLs to disable default read access.
@@ -10,13 +14,13 @@ include %SYSCONFDIR%/schema/core.schema @@ -10,12 +14,12 @@ include %SYSCONFDIR%/schema/core.schema
# service AND an understanding of referrals. # service AND an understanding of referrals.
#referral ldap://root.openldap.org #referral ldap://root.openldap.org
-pidfile %LOCALSTATEDIR%/run/slapd.pid -pidfile %LOCALSTATEDIR%/run/slapd.pid
-argsfile %LOCALSTATEDIR%/run/slapd.args -argsfile %LOCALSTATEDIR%/run/slapd.args
+pidfile /run/slapd/slapd.pid +pidfile %LOCALSTATEDIR%/slapd.pid
+argsfile /run/slapd/slapd.args +argsfile %LOCALSTATEDIR%/slapd.args
# Load dynamic backend modules: # Load dynamic backend modules:
-# modulepath %MODULEDIR% # modulepath %MODULEDIR%
+# modulepath /usr/lib/openldap -# moduleload back_mdb.la
# moduleload back_bdb.la +moduleload back_mdb.la
-# moduleload back_hdb.la
+moduleload back_hdb.la
# moduleload back_ldap.la # moduleload back_ldap.la
# Sample security restrictions # Sample security restrictions
@@ -26,20 +30,30 @@ argsfile %LOCALSTATEDIR%/run/slapd.args @@ -45,6 +49,23 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
# security ssf=1 update_ssf=112 simple_bind=64 #
# rootdn can always read and write EVERYTHING!
# Sample access control policy:
-# Root DSE: allow anyone to read it
-# Subschema (sub)entry DSE: allow anyone to read it
-# Other DSEs:
-# Allow self write access
-# Allow authenticated users read access
-# Allow anonymous users to authenticate
-# Directives needed to implement policy:
-# access to dn.base="" by * read
-# access to dn.base="cn=Subschema" by * read
-# access to *
-# by self write
-# by users read
-# by anonymous auth
-#
+# Root DSE: allow anyone to read it
+# Subschema (sub)entry DSE: allow anyone to read it
+# Other DSEs:
+# Allow self write access to user password
+# Allow anonymous users to authenticate
+# Allow read access to everything else
+# Directives needed to implement policy:
+access to dn.base="" +access to dn.base=""
+ by * read + by * read
+ +
@ -75,22 +50,10 @@ index 4938b85..b9bec75 100644
+access to * +access to *
+ by * read + by * read
+ +
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
@@ -50,8 +64,10 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
# BDB database definitions
####################################################################### #######################################################################
# MDB database definitions
-database bdb #######################################################################
+database hdb @@ -60,6 +81,6 @@ rootpw secret
suffix "dc=my-domain,dc=com"
+checkpoint 1024 5
+cachesize 10000
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
@@ -60,6 +76,6 @@ rootpw secret
# The database directory MUST exist prior to running slapd AND # The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools. # should only be accessible by the slapd and slap tools.
# Mode 700 recommended. # Mode 700 recommended.

View File

@ -1,25 +0,0 @@
From fd7bfbc0df0ade534bea84914d385ecf2a73f678 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Tue, 8 Dec 2015 18:17:24 +0000
Subject: ITS#8336 fix page_search_root assert on FreeDB
Let "illegal" branch pages thru on the FreeDB - the condition
is only temporary and will be fixed by the time rebalance finishes.
diff --git a/libraries/liblmdb/mdb.c b/libraries/liblmdb/mdb.c
index fa0c9e5..a624cba 100644
--- a/libraries/liblmdb/mdb.c
+++ b/libraries/liblmdb/mdb.c
@@ -5279,7 +5279,11 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int flags)
indx_t i;
DPRINTF(("branch page %"Z"u has %u keys", mp->mp_pgno, NUMKEYS(mp)));
- mdb_cassert(mc, NUMKEYS(mp) > 1);
+ /* Don't assert on branch pages in the FreeDB. We can get here
+ * while in the process of rebalancing a FreeDB branch page; we must
+ * let that proceed. ITS#8336
+ */
+ mdb_cassert(mc, !mc->mc_dbi || NUMKEYS(mp) > 1);
DPRINTF(("found index 0 to page %"Z"u", NODEPGNO(NODEPTR(mp, 0))));
if (flags & (MDB_PS_FIRST|MDB_PS_LAST)) {

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:34d78e5598a2b0360d26a9050fcdbbe198c65493b013bb607839d5598b6978c8
size 5654057

3
openldap-2.4.44.tgz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400
size 5658830

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com
- Upgrade to upstream 2.4.44 release with accumulated bug fixes.
- Specify source with FTP URL
- Removed obsolete 0012-openldap-re24-its8336.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com

View File

@ -17,7 +17,7 @@
%define run_test_suite 0 %define run_test_suite 0
%define version_main 2.4.43 %define version_main 2.4.44
%if %{suse_version} >= 1310 && %{suse_version} != 1315 %if %{suse_version} >= 1310 && %{suse_version} != 1315
%define _rundir /run/slapd %define _rundir /run/slapd
@ -32,7 +32,7 @@ Group: Productivity/Networking/LDAP/Clients
Version: %{version_main} Version: %{version_main}
Release: 0 Release: 0
Url: http://www.openldap.org Url: http://www.openldap.org
Source: openldap-%{version_main}.tgz Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
Source3: DB_CONFIG Source3: DB_CONFIG
Source4: sasl-slapd.conf Source4: sasl-slapd.conf
Source5: README.module-loading Source5: README.module-loading
@ -55,7 +55,6 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
Patch11: 0011-openldap-re24-its7796.patch Patch11: 0011-openldap-re24-its7796.patch
Patch12: 0012-openldap-re24-its8336.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cyrus-sasl-devel BuildRequires: cyrus-sasl-devel
BuildRequires: groff BuildRequires: groff
@ -219,7 +218,6 @@ This package contains the OpenLDAP client libraries.
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
cp %{SOURCE5} . cp %{SOURCE5} .
%build %build

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sat Feb 6 12:10:53 UTC 2016 - michael@stroeder.com
- Upgrade to upstream 2.4.44 release with accumulated bug fixes.
- Specify source with FTP URL
- Removed obsolete 0012-openldap-re24-its8336.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com Mon Jan 25 14:10:12 UTC 2016 - hguo@suse.com

View File

@ -17,7 +17,7 @@
%define run_test_suite 0 %define run_test_suite 0
%define version_main 2.4.43 %define version_main 2.4.44
%if %{suse_version} >= 1310 && %{suse_version} != 1315 %if %{suse_version} >= 1310 && %{suse_version} != 1315
%define _rundir /run/slapd %define _rundir /run/slapd
@ -32,7 +32,7 @@ Group: Productivity/Networking/LDAP/Clients
Version: %{version_main} Version: %{version_main}
Release: 0 Release: 0
Url: http://www.openldap.org Url: http://www.openldap.org
Source: openldap-%{version_main}.tgz Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-%{version_main}.tgz
Source3: DB_CONFIG Source3: DB_CONFIG
Source4: sasl-slapd.conf Source4: sasl-slapd.conf
Source5: README.module-loading Source5: README.module-loading
@ -55,7 +55,6 @@ Patch8: 0008-In-monitor-backend-do-not-return-Connection0-entries.patch
Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch Patch9: 0009-Fix-ldap-host-lookup-ipv6.patch
Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch Patch10: 0010-Enforce-minimum-DH-size-of-1024.patch
Patch11: 0011-openldap-re24-its7796.patch Patch11: 0011-openldap-re24-its7796.patch
Patch12: 0012-openldap-re24-its8336.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: cyrus-sasl-devel BuildRequires: cyrus-sasl-devel
BuildRequires: groff BuildRequires: groff
@ -219,7 +218,6 @@ This package contains the OpenLDAP client libraries.
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
cp %{SOURCE5} . cp %{SOURCE5} .
%build %build