rpms/openldap/devel openldap-2.4.6-config.patch, NONE, 1.1 openldap-2.4.6-evolution-ntlm.patch, NONE, 1.1 openldap-2.4.6-multilib.patch, NONE, 1.1 openldap-2.4.6-nosql.patch, NONE, 1.1 openldap-2.4.6-pie.patch, NONE, 1.1 .cvsignore, 1.35, 1.36 guide.html, 1.4, 1.5 ldap.init, 1.26, 1.27 openldap.spec, 1.100, 1.101 sources, 1.36, 1.37 openldap-2.3.34-quiet-slaptest.patch, 1.1, NONE openldap-2.3.38-multilib.patch, 1.1, NONE openldap-ntlm.diff, 1.1, NONE
Jan Šafránek (jsafrane)
fedora-extras-commits at redhat.com
Wed Nov 21 12:12:48 UTC 2007
Author: jsafrane
Update of /cvs/pkgs/rpms/openldap/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25135
Modified Files:
.cvsignore guide.html ldap.init openldap.spec sources
Added Files:
openldap-2.4.6-config.patch
openldap-2.4.6-evolution-ntlm.patch
openldap-2.4.6-multilib.patch openldap-2.4.6-nosql.patch
openldap-2.4.6-pie.patch
Removed Files:
openldap-2.3.34-quiet-slaptest.patch
openldap-2.3.38-multilib.patch openldap-ntlm.diff
Log Message:
Upgrade to openldap-2.4
openldap-2.4.6-config.patch:
--- NEW FILE openldap-2.4.6-config.patch ---
diff -up openldap-2.4.6/servers/slapd/slapd.conf.old openldap-2.4.6/servers/slapd/slapd.conf
--- openldap-2.4.6/servers/slapd/slapd.conf.old 2007-11-20 16:02:19.000000000 +0100
+++ openldap-2.4.6/servers/slapd/slapd.conf 2007-11-20 16:02:26.000000000 +0100
@@ -2,22 +2,57 @@
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
-include %SYSCONFDIR%/schema/core.schema
-# Define global ACLs to disable default read access.
+include /etc/openldap/schema/corba.schema
+include /etc/openldap/schema/core.schema
+include /etc/openldap/schema/cosine.schema
+include /etc/openldap/schema/duaconf.schema
+include /etc/openldap/schema/dyngroup.schema
+include /etc/openldap/schema/inetorgperson.schema
+include /etc/openldap/schema/java.schema
+include /etc/openldap/schema/misc.schema
+include /etc/openldap/schema/nis.schema
+include /etc/openldap/schema/openldap.schema
+include /etc/openldap/schema/ppolicy.schema
+include /etc/openldap/schema/collective.schema
+
+# Allow LDAPv2 client connections. This is NOT the default.
+allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
-pidfile %LOCALSTATEDIR%/run/slapd.pid
-argsfile %LOCALSTATEDIR%/run/slapd.args
+pidfile /var/run/openldap/slapd.pid
+argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
-# modulepath %MODULEDIR%
-# moduleload back_bdb.la
-# moduleload back_hdb.la
-# moduleload back_ldap.la
+# modulepath /usr/lib/openldap # or /usr/lib64/openldap
+# moduleload accesslog.la
+# moduleload auditlog.la
+# moduleload back_sql.la
+# moduleload denyop.la
+# moduleload dyngroup.la
+# moduleload dynlist.la
+# moduleload lastmod.la
+# moduleload pcache.la
+# moduleload ppolicy.la
+# moduleload refint.la
+# moduleload retcode.la
+# moduleload rwm.la
+# moduleload syncprov.la
+# moduleload translucent.la
+# moduleload unique.la
+# moduleload valsort.la
+
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it. Your client software
+# may balk at self-signed certificates, however.
+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
@@ -47,19 +83,41 @@ argsfile %LOCALSTATEDIR%/run/slapd.args
# rootdn can always read and write EVERYTHING!
#######################################################################
-# BDB database definitions
+# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
-# be avoid. See slappasswd(8) and slapd.conf(5) for details.
+# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
-rootpw secret
+# rootpw secret
+# rootpw {crypt}ijFYNcSNctBYg
+
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
-directory %LOCALSTATEDIR%/openldap-data
-# Indices to maintain
-index objectClass eq
+directory /var/lib/ldap
+
+# Indices to maintain for this database
+index objectClass eq,pres
+index ou,cn,mail,surname,givenname eq,pres,sub
+index uidNumber,gidNumber,loginShell eq,pres
+index uid,memberUid eq,pres,sub
+index nisMapName,nisMapEntry eq,pres,sub
+
+# Replicas of this database
+#replogfile /var/lib/ldap/openldap-master-replog
+#replica host=ldap-1.example.com:389 starttls=critical
+# bindmethod=sasl saslmech=GSSAPI
+# authcId=host/ldap-master.example.com at EXAMPLE.COM
+
+
+# enable monitoring
+database monitor
+
+# allow onlu rootdn to read the monitor
+access to *
+ by dn.exact="cn=Manager,dc=my-domain,dc=com" read
+ by * none
openldap-2.4.6-evolution-ntlm.patch:
--- NEW FILE openldap-2.4.6-evolution-ntlm.patch ---
diff -up evo-openldap-2.4.6/include/ldap.h.evolution-ntlm evo-openldap-2.4.6/include/ldap.h
--- evo-openldap-2.4.6/include/ldap.h.evolution-ntlm 2007-09-01 01:13:53.000000000 +0200
+++ evo-openldap-2.4.6/include/ldap.h 2007-11-02 15:22:49.000000000 +0100
@@ -2343,5 +2343,26 @@ ldap_parse_session_tracking_control LDAP
#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
+/*
+ * hacks for NTLM
+ */
+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
+LDAP_F( int )
+ldap_ntlm_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+LDAP_F( int )
+ldap_parse_ntlm_bind_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge));
+
+
LDAP_END_DECL
#endif /* _LDAP_H */
diff -up evo-openldap-2.4.6/libraries/libldap/Makefile.in.evolution-ntlm evo-openldap-2.4.6/libraries/libldap/Makefile.in
--- evo-openldap-2.4.6/libraries/libldap/Makefile.in.evolution-ntlm 2007-09-01 01:13:54.000000000 +0200
+++ evo-openldap-2.4.6/libraries/libldap/Makefile.in 2007-11-02 15:24:24.000000000 +0100
@@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest ur
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
- sasl.c sbind.c unbind.c cancel.c \
+ sasl.c ntlm.c sbind.c unbind.c cancel.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
@@ -31,7 +31,7 @@ SRCS = bind.c open.c result.c error.c co
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
- sasl.lo sbind.lo unbind.lo cancel.lo \
+ sasl.lo ntlm.lo sbind.lo unbind.lo cancel.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
diff -up /dev/null evo-openldap-2.4.6/libraries/libldap/ntlm.c
--- /dev/null 2007-11-02 11:28:37.758699524 +0100
+++ evo-openldap-2.4.6/libraries/libldap/ntlm.c 2007-11-02 15:22:49.000000000 +0100
@@ -0,0 +1,137 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
+/*
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+/* Mostly copied from sasl.c */
+
+#include "portable.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+
+#include "ldap-int.h"
+
+int
+ldap_ntlm_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+{
+ BerElement *ber;
+ int rc;
+ ber_int_t id;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ if( msgidp == NULL ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ assert( LBER_VALID( ber ) );
+
+ LDAP_NEXT_MSGID( ld, id );
+ rc = ber_printf( ber, "{it{istON}" /*}*/,
+ id, LDAP_REQ_BIND,
+ ld->ld_version, dn, tag,
+ cred );
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+}
+
+int
+ldap_parse_ntlm_bind_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge)
+{
+ ber_int_t errcode;
+ ber_tag_t tag;
+ BerElement *ber;
+ ber_len_t len;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ if ( ld == NULL || res == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_BIND ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( res->lm_ber );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ tag = ber_scanf( ber, "{ioa" /*}*/,
+ &errcode, challenge, &ld->ld_error );
+ ber_free( ber, 0 );
+
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ ld->ld_errno = errcode;
+
+ return( ld->ld_errno );
+}
openldap-2.4.6-multilib.patch:
--- NEW FILE openldap-2.4.6-multilib.patch ---
diff -up openldap-2.3.38/doc/man/man8/slapd.8.orig openldap-2.3.38/doc/man/man8/slapd.8
--- openldap-2.3.38/doc/man/man8/slapd.8.orig 2007-01-02 22:43:46.000000000 +0100
+++ openldap-2.3.38/doc/man/man8/slapd.8 2007-10-23 15:03:13.000000000 +0200
@@ -5,7 +5,7 @@
.SH NAME
slapd \- Stand-alone LDAP Daemon
.SH SYNOPSIS
-.B LIBEXECDIR/slapd
+.B slapd
.B [\-[4|6]]
.B [\-T {acl|add|auth|cat|dn|index|passwd|test}]
.B [\-d debug\-level]
@@ -234,7 +234,7 @@ the LDAP databases defined in the defaul
.LP
.nf
.ft tt
- LIBEXECDIR/slapd
+ slapd
.ft
.fi
.LP
@@ -245,7 +245,7 @@ on voluminous debugging which will be pr
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -f /var/tmp/slapd.conf -d 255
+ slapd -f /var/tmp/slapd.conf -d 255
.ft
.fi
.LP
@@ -253,7 +253,7 @@ To test whether the configuration file i
.LP
.nf
.ft tt
- LIBEXECDIR/slapd -Tt
+ slapd -Tt
.ft
.fi
.LP
openldap-2.4.6-nosql.patch:
--- NEW FILE openldap-2.4.6-nosql.patch ---
diff -up openldap-2.4.6/build/top.mk.nosql openldap-2.4.6/build/top.mk
--- openldap-2.4.6/build/top.mk.nosql 2007-09-01 01:13:50.000000000 +0200
+++ openldap-2.4.6/build/top.mk 2007-11-02 14:55:23.000000000 +0100
@@ -199,7 +199,7 @@ SLAPD_SQL_LDFLAGS = @SLAPD_SQL_LDFLAGS@
SLAPD_SQL_INCLUDES = @SLAPD_SQL_INCLUDES@
SLAPD_SQL_LIBS = @SLAPD_SQL_LIBS@
-SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_PERL_LDFLAGS@ @SLAPD_SQL_LDFLAGS@ @SLAPD_SQL_LIBS@ @SLAPD_SLP_LIBS@ @SLAPD_GMP_LIBS@ $(ICU_LIBS)
+SLAPD_LIBS = @SLAPD_LIBS@ @SLAPD_SLP_LIBS@ $(ICU_LIBS)
# Our Defaults
CC = $(AC_CC)
openldap-2.4.6-pie.patch:
--- NEW FILE openldap-2.4.6-pie.patch ---
Build both slapd as position-independent executables. This really
should be threaded into the various autotools, but I guess this is what we have
until that happens, if it happens.
--- openldap-2.2.13/servers/slapd/Makefile.in 2004-04-12 14:07:40.000000000 -0400
+++ openldap-2.2.13/servers/slapd/Makefile.in 2004-06-15 13:45:45.000000000 -0400
@@ -255,7 +255,7 @@
cp slapi/.libs/libslapi.a .
slapd: $(SLAPD_DEPENDS) @LIBSLAPI@
- $(LTLINK) -o $@ $(SLAPD_OBJECTS) $(LIBS) \
+ $(LTLINK) -pie -Wl,-z,defs -o $@ $(SLAPD_OBJECTS) $(LIBS) \
$(WRAP_LIBS)
rm -f $(SLAPTOOLS)
for i in $(SLAPTOOLS); do \
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/devel/.cvsignore,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- .cvsignore 5 Nov 2007 09:49:33 -0000 1.35
+++ .cvsignore 21 Nov 2007 12:12:15 -0000 1.36
@@ -9,4 +9,5 @@
openldap-2.3.37.tgz
db-4.6.18.tar.gz
openldap-2.3.38.tgz
+openldap-2.4.6.tgz
openldap-2.3.39.tgz
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.4 -r 1.5 guide.html
Index: guide.html
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/devel/guide.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- guide.html 22 Sep 2006 18:32:00 -0000 1.4
+++ guide.html 21 Nov 2007 12:12:15 -0000 1.5
@@ -7,7 +7,7 @@
available from http://www.mincom.com/mtr/sdf. -->
<HEAD>
-<TITLE>OpenLDAP Software 2.3 Administrator's Guide</TITLE>
+<TITLE>OpenLDAP Software 2.4 Administrator's Guide</TITLE>
</HEAD>
<BODY>
@@ -21,9 +21,9 @@
<BR CLEAR="Left">
</DIV>
<DIV CLASS="title">
-<H1 CLASS="doc-title">OpenLDAP Software 2.3 Administrator's Guide</H1>
+<H1 CLASS="doc-title">OpenLDAP Software 2.4 Administrator's Guide</H1>
<ADDRESS CLASS="doc-author">The OpenLDAP Project <<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>></ADDRESS>
-<ADDRESS CLASS="doc-modified">9 August 2005</ADDRESS>
+<ADDRESS CLASS="doc-modified">31 October 2007</ADDRESS>
<BR CLEAR="All">
</DIV>
<DIV CLASS="contents">
@@ -37,15 +37,19 @@
<BR>
<A HREF="#What is LDAP">1.2. What is LDAP?</A>
<BR>
-<A HREF="#How does LDAP work">1.3. How does LDAP work?</A>
+<A HREF="#When should I use LDAP">1.3. When should I use LDAP?</A>
<BR>
-<A HREF="#What about X.500">1.4. What about X.500?</A>
+<A HREF="#When should I not use LDAP">1.4. When should I not use LDAP?</A>
<BR>
-<A HREF="#What is the difference between LDAPv2 and LDAPv3">1.5. What is the difference between LDAPv2 and LDAPv3?</A>
+<A HREF="#How does LDAP work">1.5. How does LDAP work?</A>
<BR>
-<A HREF="#What is slapd and what can it do">1.6. What is slapd and what can it do?</A>
+<A HREF="#What about X.500">1.6. What about X.500?</A>
<BR>
-<A HREF="#What is slurpd and what can it do">1.7. What is slurpd and what can it do?</A></UL>
+<A HREF="#What is the difference between LDAPv2 and LDAPv3">1.7. What is the difference between LDAPv2 and LDAPv3?</A>
+<BR>
+<A HREF="#LDAP vs RDBMS">1.8. LDAP vs RDBMS</A>
+<BR>
+<A HREF="#What is slapd and what can it do">1.9. What is slapd and what can it do?</A></UL>
<BR>
<A HREF="#A Quick-Start Guide">2. A Quick-Start Guide</A>
<BR>
@@ -61,7 +65,18 @@
<A HREF="#Building and Installing OpenLDAP Software">4. Building and Installing OpenLDAP Software</A><UL>
<A HREF="#Obtaining and Extracting the Software">4.1. Obtaining and Extracting the Software</A>
<BR>
-<A HREF="#Prerequisite software">4.2. Prerequisite software</A>
+<A HREF="#Prerequisite software">4.2. Prerequisite software</A><UL>
+<A HREF="#{{TERM[expand]TLS}}">4.2.1. <TERM>Transport Layer Security</TERM></A>
+<BR>
+<A HREF="#{{TERM[expand]SASL}}">4.2.2. <TERM>Simple Authentication and Security Layer</TERM></A>
+<BR>
+<A HREF="#{{TERM[expand]Kerberos}}">4.2.3. <TERM>Kerberos Authentication Service</TERM></A>
+<BR>
+<A HREF="#Database Software">4.2.4. Database Software</A>
+<BR>
+<A HREF="#Threads">4.2.5. Threads</A>
+<BR>
+<A HREF="#TCP Wrappers">4.2.6. TCP Wrappers</A></UL>
<BR>
<A HREF="#Running configure">4.3. Running configure</A>
<BR>
@@ -74,18 +89,58 @@
<A HREF="#Configuring slapd">5. Configuring slapd</A><UL>
<A HREF="#Configuration Layout">5.1. Configuration Layout</A>
<BR>
-<A HREF="#Configuration Directives">5.2. Configuration Directives</A>
+<A HREF="#Configuration Directives">5.2. Configuration Directives</A><UL>
+<A HREF="#cn=config">5.2.1. cn=config</A>
+<BR>
+<A HREF="#cn=module">5.2.2. cn=module</A>
+<BR>
+<A HREF="#cn=schema">5.2.3. cn=schema</A>
+<BR>
+<A HREF="#Backend-specific Directives">5.2.4. Backend-specific Directives</A>
+<BR>
+<A HREF="#Database-specific Directives">5.2.5. Database-specific Directives</A>
+<BR>
+<A HREF="#BDB and HDB Database Directives">5.2.6. BDB and HDB Database Directives</A></UL>
+<BR>
+<A HREF="#Access Control">5.3. Access Control</A><UL>
+<A HREF="#What to control access to">5.3.1. What to control access to</A>
+<BR>
+<A HREF="#Who to grant access to">5.3.2. Who to grant access to</A>
+<BR>
+<A HREF="#The access to grant">5.3.3. The access to grant</A>
+<BR>
+<A HREF="#Access Control Evaluation">5.3.4. Access Control Evaluation</A>
<BR>
-<A HREF="#Access Control">5.3. Access Control</A>
+<A HREF="#Access Control Examples">5.3.5. Access Control Examples</A>
<BR>
-<A HREF="#Configuration Example">5.4. Configuration Example</A></UL>
+<A HREF="#Access Control Ordering">5.3.6. Access Control Ordering</A></UL>
+<BR>
+<A HREF="#Configuration Example">5.4. Configuration Example</A>
+<BR>
+<A HREF="#Converting from slapd.conf(8) to a {{B:cn=config}} directory format">5.5. Converting from slapd.conf(8) to a <B>cn=config</B> directory format</A></UL>
<BR>
<A HREF="#The slapd Configuration File">6. The slapd Configuration File</A><UL>
<A HREF="#Configuration File Format">6.1. Configuration File Format</A>
<BR>
-<A HREF="#Configuration File Directives">6.2. Configuration File Directives</A>
+<A HREF="#Configuration File Directives">6.2. Configuration File Directives</A><UL>
+<A HREF="#Global Directives">6.2.1. Global Directives</A>
+<BR>
+<A HREF="#General Backend Directives">6.2.2. General Backend Directives</A>
+<BR>
+<A HREF="#General Database Directives">6.2.3. General Database Directives</A>
+<BR>
+<A HREF="#BDB and HDB Database Directives">6.2.4. BDB and HDB Database Directives</A></UL>
+<BR>
+<A HREF="#The access Configuration Directive">6.3. The access Configuration Directive</A><UL>
+<A HREF="#What to control access to">6.3.1. What to control access to</A>
+<BR>
+<A HREF="#Who to grant access to">6.3.2. Who to grant access to</A>
+<BR>
+<A HREF="#The access to grant">6.3.3. The access to grant</A>
<BR>
-<A HREF="#Access Control">6.3. Access Control</A>
+<A HREF="#Access Control Evaluation">6.3.4. Access Control Evaluation</A>
+<BR>
+<A HREF="#Access Control Examples">6.3.5. Access Control Examples</A></UL>
<BR>
<A HREF="#Configuration File Example">6.4. Configuration File Example</A></UL>
<BR>
@@ -99,1009 +154,1603 @@
<A HREF="#Database Creation and Maintenance Tools">8. Database Creation and Maintenance Tools</A><UL>
<A HREF="#Creating a database over LDAP">8.1. Creating a database over LDAP</A>
<BR>
-<A HREF="#Creating a database off-line">8.2. Creating a database off-line</A>
+<A HREF="#Creating a database off-line">8.2. Creating a database off-line</A><UL>
+<A HREF="#The {{EX:slapadd}} program">8.2.1. The <TT>slapadd</TT> program</A>
+<BR>
+<A HREF="#The {{EX:slapindex}} program">8.2.2. The <TT>slapindex</TT> program</A>
+<BR>
+<A HREF="#The {{EX:slapcat}} program">8.2.3. The <TT>slapcat</TT> program</A></UL>
<BR>
<A HREF="#The LDIF text entry format">8.3. The LDIF text entry format</A></UL>
<BR>
-<A HREF="#Schema Specification">9. Schema Specification</A><UL>
-<A HREF="#Distributed Schema Files">9.1. Distributed Schema Files</A>
+<A HREF="#Backends">9. Backends</A><UL>
+<A HREF="#Berkeley DB Backends">9.1. Berkeley DB Backends</A><UL>
+<A HREF="#Overview">9.1.1. Overview</A>
<BR>
-<A HREF="#Extending Schema">9.2. Extending Schema</A></UL>
+<A HREF="#back-bdb/back-hdb Configuration">9.1.2. back-bdb/back-hdb Configuration</A>
<BR>
-<A HREF="#Security Considerations">10. Security Considerations</A><UL>
-<A HREF="#Network Security">10.1. Network Security</A>
+<A HREF="#Further Information">9.1.3. Further Information</A></UL>
<BR>
-<A HREF="#Data Integrity and Confidentiality Protection">10.2. Data Integrity and Confidentiality Protection</A>
+<A HREF="#LDAP">9.2. LDAP</A><UL>
+<A HREF="#Overview">9.2.1. Overview</A>
<BR>
-<A HREF="#Authentication Methods">10.3. Authentication Methods</A></UL>
+<A HREF="#back-ldap Configuration">9.2.2. back-ldap Configuration</A>
<BR>
-<A HREF="#Using SASL">11. Using SASL</A><UL>
-<A HREF="#SASL Security Considerations">11.1. SASL Security Considerations</A>
+<A HREF="#Further Information">9.2.3. Further Information</A></UL>
<BR>
-<A HREF="#SASL Authentication">11.2. SASL Authentication</A>
+<A HREF="#LDIF">9.3. LDIF</A><UL>
+<A HREF="#Overview">9.3.1. Overview</A>
<BR>
-<A HREF="#SASL Proxy Authorization">11.3. SASL Proxy Authorization</A></UL>
+<A HREF="#back-ldif Configuration">9.3.2. back-ldif Configuration</A>
<BR>
-<A HREF="#Using TLS">12. Using TLS</A><UL>
-<A HREF="#TLS Certificates">12.1. TLS Certificates</A>
+<A HREF="#Further Information">9.3.3. Further Information</A></UL>
<BR>
-<A HREF="#TLS Configuration">12.2. TLS Configuration</A></UL>
+<A HREF="#Metadirectory">9.4. Metadirectory</A><UL>
+<A HREF="#Overview">9.4.1. Overview</A>
<BR>
-<A HREF="#Constructing a Distributed Directory Service">13. Constructing a Distributed Directory Service</A><UL>
-<A HREF="#Subordinate Knowledge Information">13.1. Subordinate Knowledge Information</A>
+<A HREF="#back-meta Configuration">9.4.2. back-meta Configuration</A>
<BR>
-<A HREF="#Superior Knowledge Information">13.2. Superior Knowledge Information</A>
+<A HREF="#Further Information">9.4.3. Further Information</A></UL>
<BR>
-<A HREF="#The ManageDsaIT Control">13.3. The ManageDsaIT Control</A></UL>
+<A HREF="#Monitor">9.5. Monitor</A><UL>
[...7867 lines suppressed...]
-<P>Syncrepl supports both pull-based and push-based synchronization. In its basic refreshOnly synchronization mode, the provider uses pull-based synchronization where the consumer servers need not be tracked and no history information is maintained. The information required for the provider to process periodic polling requests is contained in the synchronization cookie of the request itself. To optimize the pull-based synchronization, syncrepl utilizes the present phase of the LDAP Sync protocol as well as its delete phase, instead of falling back on frequent full reloads. To further optimize the pull-based synchronization, the provider can maintain a per-scope session log as a history store. In its refreshAndPersist mode of synchronization, the provider uses a push-based synchronization. The provider keeps track of the consumer servers that have requested a persistent search and sends them necessary updates as the provider replication content gets modified.</P>
-<P>With syncrepl, a consumer server can create a replica without changing the provider's configurations and without restarting the provider server, if the consumer server has appropriate access privileges for the DIT fragment to be replicated. The consumer server can stop the replication also without the need for provider-side changes and restart.</P>
-<P>Syncrepl supports both partial and sparse replications. The shadow DIT fragment is defined by a general search criteria consisting of base, scope, filter, and attribute list. The replica content is also subject to the access privileges of the bind identity of the syncrepl replication connection.</P>
-<H2><A NAME="The LDAP Content Synchronization Protocol">15.1. The LDAP Content Synchronization Protocol</A></H2>
-<P>The LDAP Sync protocol allows a client to maintain a synchronized copy of a DIT fragment. The LDAP Sync operation is defined as a set of controls and other protocol elements which extend the LDAP search operation. This section introduces the LDAP Content Sync protocol only briefly. For more information, refer to the Internet Draft <EM>The LDAP Content Synchronization Operation <draft-zeilenga-ldup-sync-05.txt></EM>.</P>
-<P>The LDAP Sync protocol supports both polling and listening for changes by defining two respective synchronization operations: <EM>refreshOnly</EM> and <EM>refreshAndPersist</EM>. Polling is implemented by the <EM>refreshOnly</EM> operation. The client copy is synchronized to the server copy at the time of polling. The server finishes the search operation by returning <EM>SearchResultDone</EM> at the end of the search operation as in the normal search. The listening is implemented by the <EM>refreshAndPersist</EM> operation. Instead of finishing the search after returning all entries currently matching the search criteria, the synchronization search remains persistent in the server. Subsequent updates to the synchronization content in the server cause additional entry updates to be sent to the client.</P>
-<P>The <EM>refreshOnly</EM> operation and the refresh stage of the <EM>refreshAndPersist</EM> operation can be performed with a present phase or a delete phase.</P>
-<P>In the present phase, the server sends the client the entries updated within the search scope since the last synchronization. The server sends all requested attributes, be it changed or not, of the updated entries. For each unchanged entry which remains in the scope, the server sends a present message consisting only of the name of the entry and the synchronization control representing state present. The present message does not contain any attributes of the entry. After the client receives all update and present entries, it can reliably determine the new client copy by adding the entries added to the server, by replacing the entries modified at the server, and by deleting entries in the client copy which have not been updated nor specified as being present at the server.</P>
-<P>The transmission of the updated entries in the delete phase is the same as in the present phase. The server sends all the requested attributes of the entries updated within the search scope since the last synchronization to the client. In the delete phase, however, the server sends a delete message for each entry deleted from the search scope, instead of sending present messages. The delete message consists only of the name of the entry and the synchronization control representing state delete. The new client copy can be determined by adding, modifying, and removing entries according to the synchronization control attached to the <EM>SearchResultEntry</EM> message.</P>
-<P>In the case that the LDAP Sync server maintains a history store and can determine which entries are scoped out of the client copy since the last synchronization time, the server can use the delete phase. If the server does not maintain any history store, cannot determine the scoped-out entries from the history store, or the history store does not cover the outdated synchronization state of the client, the server should use the present phase. The use of the present phase is much more efficient than a full content reload in terms of the synchronization traffic. To reduce the synchronization traffic further, the LDAP Sync protocol also provides several optimizations such as the transmission of the normalized <TT>entryUUID</TT>s and the transmission of multiple <TT>entryUUIDs</TT> in a single <EM>syncIdSet</EM> message.</P>
-<P>At the end of the <EM>refreshOnly</EM> synchronization, the server sends a synchronization cookie to the client as a state indicator of the client copy after the synchronization is completed. The client will present the received cookie when it requests the next incremental synchronization to the server.</P>
-<P>When <EM>refreshAndPersist</EM> synchronization is used, the server sends a synchronization cookie at the end of the refresh stage by sending a Sync Info message with TRUE refreshDone. It also sends a synchronization cookie by attaching it to <EM>SearchResultEntry</EM> generated in the persist stage of the synchronization search. During the persist stage, the server can also send a Sync Info message containing the synchronization cookie at any time the server wants to update the client-side state indicator. The server also updates a synchronization indicator of the client at the end of the persist stage.</P>
-<P>In the LDAP Sync protocol, entries are uniquely identified by the <TT>entryUUID</TT> attribute value. It can function as a reliable identifier of the entry. The DN of the entry, on the other hand, can be changed over time and hence cannot be considered as the reliable identifier. The <TT>entryUUID</TT> is attached to each <EM>SearchResultEntry</EM> or <EM>SearchResultReference</EM> as a part of the synchronization control.</P>
-<H2><A NAME="Syncrepl Details">15.2. Syncrepl Details</A></H2>
-<P>The syncrepl engine utilizes both the <EM>refreshOnly</EM> and the <EM>refreshAndPersist</EM> operations of the LDAP Sync protocol. If a syncrepl specification is included in a database definition, <EM>slapd</EM> (8) launches a syncrepl engine as a <EM>slapd</EM> (8) thread and schedules its execution. If the <EM>refreshOnly</EM> operation is specified, the syncrepl engine will be rescheduled at the interval time after a synchronization operation is completed. If the <EM>refreshAndPersist</EM> operation is specified, the engine will remain active and process the persistent synchronization messages from the provider.</P>
-<P>The syncrepl engine utilizes both the present phase and the delete phase of the refresh synchronization. It is possible to configure a per-scope session log in the provider server which stores the <TT>entryUUID</TT>s of a finite number of entries deleted from a replication content. Multiple replicas of single provider content share the same per-scope session log. The syncrepl engine uses the delete phase if the session log is present and the state of the consumer server is recent enough that no session log entries are truncated after the last synchronization of the client. The syncrepl engine uses the present phase if no session log is configured for the replication content or if the consumer replica is too outdated to be covered by the session log. The current design of the session log store is memory based, so the information contained in the session log is not persistent over multiple provider invocations. It is not currently supported to access the session log sto!
re by using LDAP operations. It is also not currently supported to impose access control to the session log.</P>
-<P>As a further optimization, even in the case the synchronization search is not associated with any session log, no entries will be transmitted to the consumer server when there has been no update in the replication context.</P>
-<P>The syncrepl engine, which is a consumer-side replication engine, can work with any backends. The LDAP Sync provider can be configured as an overlay on any backend, but works best with the <EM>back-bdb</EM> or <EM>back-hdb</EM> backend. The provider can not support refreshAndPersist mode on <EM>back-ldbm</EM> due to limits in that backend's locking architecture.</P>
-<P>The LDAP Sync provider maintains a <TT>contextCSN</TT> for each database as the current synchronization state indicator of the provider content. It is the largest <TT>entryCSN</TT> in the provider context such that no transactions for an entry having smaller <TT>entryCSN</TT> value remains outstanding. The <TT>contextCSN</TT> could not just be set to the largest issued <TT>entryCSN</TT> because <TT>entryCSN</TT> is obtained before a transaction starts and transactions are not committed in the issue order.</P>
-<P>The provider stores the <TT>contextCSN</TT> of a context in the <TT>contextCSN</TT> attribute of the context suffix entry. The attribute is not written to the database after every update operation though; instead it is maintained primarily in memory. At database start time the provider reads the last saved <TT>contextCSN</TT> into memory and uses the in-memory copy exclusively thereafter. By default, changes to the <TT>contextCSN</TT> as a result of database updates will not be written to the database until the server is cleanly shut down. A checkpoint facility exists to cause the contextCSN to be written out more frequently if desired.</P>
-<P>Note that at startup time, if the provider is unable to read a <TT>contextCSN</TT> from the suffix entry, it will scan the entire database to determine the value, and this scan may take quite a long time on a large database. When a <TT>contextCSN</TT> value is read, the database will still be scanned for any <TT>entryCSN</TT> values greater than it, to make sure the <TT>contextCSN</TT> value truly reflects the greatest committed <TT>entryCSN</TT> in the database. On databases which support inequality indexing, setting an eq index on the <TT>entryCSN</TT> attribute and configuring <EM>contextCSN</EM> checkpoints will greatly speed up this scanning step.</P>
-<P>If no <TT>contextCSN</TT> can be determined by reading and scanning the database, a new value will be generated. Also, if scanning the database yielded a greater <TT>entryCSN</TT> than was previously recorded in the suffix entry's <TT>contextCSN</TT> attribute, a checkpoint will be immediately written with the new value.</P>
-<P>The consumer also stores its replica state, which is the provider's <TT>contextCSN</TT> received as a synchronization cookie, in the <TT>contextCSN</TT> attribute of the suffix entry. The replica state maintained by a consumer server is used as the synchronization state indicator when it performs subsequent incremental synchronization with the provider server. It is also used as a provider-side synchronization state indicator when it functions as a secondary provider server in a cascading replication configuration. Since the consumer and provider state information are maintained in the same location within their respective databases, any consumer can be promoted to a provider (and vice versa) without any special actions.</P>
-<P>Because a general search filter can be used in the syncrepl specification, some entries in the context may be omitted from the synchronization content. The syncrepl engine creates a glue entry to fill in the holes in the replica context if any part of the replica content is subordinate to the holes. The glue entries will not be returned in the search result unless <EM>ManageDsaIT</EM> control is provided.</P>
-<P>Also as a consequence of the search filter used in the syncrepl specification, it is possible for a modification to remove an entry from the replication scope even though the entry has not been deleted on the provider. Logically the entry must be deleted on the consumer but in <EM>refreshOnly</EM> mode the provider cannot detect and propagate this change without the use of the session log.</P>
-<H2><A NAME="Configuring Syncrepl">15.3. Configuring Syncrepl</A></H2>
-<P>Because syncrepl is a consumer-side replication engine, the syncrepl specification is defined in <EM>slapd.conf</EM> (5) of the consumer server, not in the provider server's configuration file. The initial loading of the replica content can be performed either by starting the syncrepl engine with no synchronization cookie or by populating the consumer replica by adding an <TERM>LDIF</TERM> file dumped as a backup at the provider.</P>
-<P>When loading from a backup, it is not required to perform the initial loading from the up-to-date backup of the provider content. The syncrepl engine will automatically synchronize the initial consumer replica to the current provider content. As a result, it is not required to stop the provider server in order to avoid the replica inconsistency caused by the updates to the provider content during the content backup and loading process.</P>
-<P>When replicating a large scale directory, especially in a bandwidth constrained environment, it is advised to load the consumer replica from a backup instead of performing a full initial load using syncrepl.</P>
-<H3><A NAME="Set up the provider slapd">15.3.1. Set up the provider slapd</A></H3>
-<P>The provider is implemented as an overlay, so the overlay itself must first be configured in <EM>slapd.conf</EM> (5) before it can be used. The provider has only two configuration directives, for setting checkpoints on the <TT>contextCSN</TT> and for configuring the session log. Because the LDAP Sync search is subject to access control, proper access control privileges should be set up for the replicated content.</P>
-<P>The <TT>contextCSN</TT> checkpoint is configured by the</P>
-<PRE>
- syncprov-checkpoint <ops> <minutes>
-</PRE>
-<P>directive. Checkpoints are only tested after successful write operations. If <EM><ops></EM> operations or more than <EM><minutes></EM> time has passed since the last checkpoint, a new checkpoint is performed.</P>
-<P>The session log is configured by the</P>
-<PRE>
- syncprov-sessionlog <size>
-</PRE>
-<P>directive, where <EM><size></EM> is the maximum number of session log entries the session log can record. When a session log is configured, it is automatically used for all LDAP Sync searches within the database.</P>
-<P>Note that using the session log requires searching on the <EM>entryUUID</EM> attribute. Setting an eq index on this attribute will greatly benefit the performance of the session log on the provider.</P>
-<P>A more complete example of the <EM>slapd.conf</EM> content is thus:</P>
-<PRE>
- database bdb
- suffix dc=Example,dc=com
- rootdn dc=Example,dc=com
- directory /var/ldap/db
- index objectclass,entryCSN,entryUUID eq
-
- overlay syncprov
- syncprov-checkpoint 100 10
- syncprov-sessionlog 100
-</PRE>
-<H3><A NAME="Set up the consumer slapd">15.3.2. Set up the consumer slapd</A></H3>
-<P>The syncrepl replication is specified in the database section of <EM>slapd.conf</EM> (5) for the replica context. The syncrepl engine is backend independent and the directive can be defined with any database type.</P>
-<PRE>
- database hdb
- suffix dc=Example,dc=com
- rootdn dc=Example,dc=com
- directory /var/ldap/db
- index objectclass,entryCSN,entryUUID eq
-
- syncrepl rid=123
- provider=ldap://provider.example.com:389
- type=refreshOnly
- interval=01:00:00:00
- searchbase="dc=example,dc=com"
- filter="(objectClass=organizationalPerson)"
- scope=sub
- attrs="cn,sn,ou,telephoneNumber,title,l"
- schemachecking=off
- bindmethod=simple
- binddn="cn=syncuser,dc=example,dc=com"
- credentials=secret
-</PRE>
-<P>In this example, the consumer will connect to the provider slapd at port 389 of <A HREF="ldap://provider.example.com">ldap://provider.example.com</A> to perform a polling (<EM>refreshOnly</EM>) mode of synchronization once a day. It will bind as <TT>cn=syncuser,dc=example,dc=com</TT> using simple authentication with password "secret". Note that the access control privilege of <TT>cn=syncuser,dc=example,dc=com</TT> should be set appropriately in the provider to retrieve the desired replication content. Also the search limits must be high enough on the provider to allow the syncuser to retrieve a complete copy of the requested content. The consumer uses the rootdn to write to its database so it always has full permissions to write all content.</P>
-<P>The synchronization search in the above example will search for the entries whose objectClass is organizationalPerson in the entire subtree rooted at <TT>dc=example,dc=com</TT>. The requested attributes are <TT>cn</TT>, <TT>sn</TT>, <TT>ou</TT>, <TT>telephoneNumber</TT>, <TT>title</TT>, and <TT>l</TT>. The schema checking is turned off, so that the consumer <EM>slapd</EM> (8) will not enforce entry schema checking when it process updates from the provider <EM>slapd</EM> (8).</P>
-<P>For more detailed information on the syncrepl directive, see the <A HREF="#syncrepl">syncrepl</A> section of <A HREF="#The slapd Configuration File">The slapd Configuration File</A> chapter of this admin guide.</P>
-<H3><A NAME="Start the provider and the consumer slapd">15.3.3. Start the provider and the consumer slapd</A></H3>
-<P>The provider <EM>slapd</EM> (8) is not required to be restarted. <EM>contextCSN</EM> is automatically generated as needed: it might be originally contained in the <TERM>LDIF</TERM> file, generated by <EM>slapadd</EM> (8), generated upon changes in the context, or generated when the first LDAP Sync search arrives at the provider. If an LDIF file is being loaded which did not previously contain the <EM>contextCSN</EM>, the <EM>-w</EM> option should be used with <EM>slapadd</EM> (8) to cause it to be generated. This will allow the server to startup a little quicker the first time it runs.</P>
-<P>When starting a consumer <EM>slapd</EM> (8), it is possible to provide a synchronization cookie as the <EM>-c cookie</EM> command line option in order to start the synchronization from a specific state. The cookie is a comma separated list of name=value pairs. Currently supported syncrepl cookie fields are <EM>csn=<csn></EM> and <EM>rid=<rid></EM>. <EM><csn></EM> represents the current synchronization state of the consumer replica. <EM><rid></EM> identifies a consumer replica locally within the consumer server. It is used to relate the cookie to the syncrepl definition in <EM>slapd.conf</EM> (5) which has the matching replica identifier. The <EM><rid></EM> must have no more than 3 decimal digits. The command line cookie overrides the synchronization cookie stored in the consumer replica database.</P>
-<P></P>
-<HR>
-<H1><A NAME="The Proxy Cache Engine">16. The Proxy Cache Engine</A></H1>
-<P>LDAP servers typically hold one or more subtrees of a DIT. Replica (or shadow) servers hold shadow copies of entries held by one or more master servers. Changes are propagated from the master server to replica (slave) servers using LDAP Sync or <EM>slurpd</EM>(8). An LDAP cache is a special type of replica which holds entries corresponding to search filters instead of subtrees.</P>
-<H2><A NAME="Overview">16.1. Overview</A></H2>
-<P>The proxy cache extension of slapd is designed to improve the responseiveness of the ldap and meta backends. It handles a search request (query) by first determining whether it is contained in any cached search filter. Contained requests are answered from the proxy cache's local database. Other requests are passed on to the underlying ldap or meta backend and processed as usual.</P>
-<P>E.g. <TT>(shoesize>=9)</TT> is contained in <TT>(shoesize>=8)</TT> and <TT>(sn=Richardson)</TT> is contained in <TT>(sn=Richards*)</TT></P>
-<P>Correct matching rules and syntaxes are used while comparing assertions for query containment. To simplify the query containment problem, a list of cacheable "templates" (defined below) is specified at configuration time. A query is cached or answered only if it belongs to one of these templates. The entries corresponding to cached queries are stored in the proxy cache local database while its associated meta information (filter, scope, base, attributes) is stored in main memory.</P>
-<P>A template is a prototype for generating LDAP search requests. Templates are described by a prototype search filter and a list of attributes which are required in queries generated from the template. The representation for prototype filter is similar to RFC 2254, except that the assertion values are missing. Examples of prototype filters are: (sn=),(&(sn=)(givenname=)) which are instantiated by search filters (sn=Doe) and (&(sn=Doe)(givenname=John)) respectively.</P>
-<P>The cache replacement policy removes the least recently used (LRU) query and entries belonging to only that query. Queries are allowed a maximum time to live (TTL) in the cache thus providing weak consistency. A background task periodically checks the cache for expired queries and removes them.</P>
-<P>The Proxy Cache paper (<A HREF="http://www.openldap.org/pub/kapurva/proxycaching.pdf">http://www.openldap.org/pub/kapurva/proxycaching.pdf</A>) provides design and implementation details.</P>
-<H2><A NAME="Proxy Cache Configuration">16.2. Proxy Cache Configuration</A></H2>
-<P>The cache configuration specific directives described below must appear after a <TT>overlay proxycache</TT> directive within a <TT>"database meta"</TT> or <TT>database ldap</TT> section of the server's <EM>slapd.conf</EM>(5) file.</P>
-<H3><A NAME="Setting cache parameters">16.2.1. Setting cache parameters</A></H3>
-<PRE>
- proxyCache <DB> <maxentries> <nattrsets> <entrylimit> <period>
-</PRE>
-<P>This directive enables proxy caching and sets general cache parameters. The <DB> parameter specifies which underlying database is to be used to hold cached entries. It should be set to <TT>bdb</TT>, <TT>hdb</TT>, or <TT>ldbm</TT>. The <maxentries> parameter specifies the total number of entries which may be held in the cache. The <nattrsets> parameter specifies the total number of attribute sets (as specified by the <TT>proxyAttrSet</TT> directive) that may be defined. The <entrylimit> parameter specifies the maximum number of entries in a cachable query. The <period> specifies the consistency check period (in seconds). In each period, queries with expired TTLs are removed.</P>
-<H3><A NAME="Defining attribute sets">16.2.2. Defining attribute sets</A></H3>
-<PRE>
- proxyAttrset <index> <attrs...>
-</PRE>
-<P>Used to associate a set of attributes to an index. Each attribute set is associated with an index number from 0 to <numattrsets>-1. These indices are used by the proxyTemplate directive to define cacheable templates.</P>
-<H3><A NAME="Specifying cacheable templates">16.2.3. Specifying cacheable templates</A></H3>
-<PRE>
- proxyTemplate <prototype_string> <attrset_index> <TTL>
-</PRE>
-<P>Specifies a cacheable template and the "time to live" (in sec) <TTL> for queries belonging to the template. A template is described by its prototype filter string and set of required attributes identified by <attrset_index>.</P>
-<H3><A NAME="Example">16.2.4. Example</A></H3>
-<P>An example <EM>slapd.conf</EM>(5) database section for a caching server which proxies for the <TT>"dc=example,dc=com"</TT> subtree held at server <TT>ldap.example.com</TT>.</P>
-<PRE>
- database ldap
- suffix "dc=example,dc=com"
- rootdn "dc=example,dc=com"
- uri ldap://ldap.example.com/dc=example%2cdc=com
- overlay proxycache
- proxycache bdb 100000 1 1000 100
- proxyAttrset 0 mail postaladdress telephonenumber
- proxyTemplate (sn=) 0 3600
- proxyTemplate (&(sn=)(givenName=)) 0 3600
- proxyTemplate (&(departmentNumber=)(secretary=*)) 0 3600
-
- cachesize 20
- directory ./testrun/db.2.a
- index objectClass eq
- index cn,sn,uid,mail pres,eq,sub
-</PRE>
-<H4><A NAME="Cacheable Queries">16.2.4.1. Cacheable Queries</A></H4>
-<P>A LDAP search query is cacheable when its filter matches one of the templates as defined in the "proxyTemplate" statements and when it references only the attributes specified in the corresponding attribute set. In the example above the attribute set number 0 defines that only the attributes: <TT>mail postaladdress telephonenumber</TT> are cached for the following proxyTemplates.</P>
-<H4><A NAME="Examples:">16.2.4.2. Examples:</A></H4>
-<PRE>
- Filter: (&(sn=Richard*)(givenName=jack))
- Attrs: mail telephoneNumber
-</PRE>
-<P>is cacheable, because it matches the template <TT>(&(sn=)(givenName=))</TT> and its attributes are contained in proxyAttrset 0.</P>
-<PRE>
- Filter: (&(sn=Richard*)(telephoneNumber))
- Attrs: givenName
-</PRE>
-<P>is not cacheable, because the filter does not match the template, nor is the attribute givenName stored in the cache</P>
-<PRE>
- Filter: (|(sn=Richard*)(givenName=jack))
- Attrs: mail telephoneNumber
-</PRE>
-<P>is not cacheable, because the filter does not match the template ( logical OR "|" condition instead of logical AND "&" )</P>
<P></P>
<HR>
-<H1><A NAME="Generic configure Instructions">A. Generic configure Instructions</A></H1>
+<H1><A NAME="Generic configure Instructions">J. Generic configure Instructions</A></H1>
<PRE>
Basic Installation
==================
@@ -4572,27 +8645,27 @@
</PRE>
<P></P>
<HR>
-<H1><A NAME="OpenLDAP Software Copyright Notices">B. OpenLDAP Software Copyright Notices</A></H1>
-<H2><A NAME="OpenLDAP Copyright Notice">B.1. OpenLDAP Copyright Notice</A></H2>
-<P>Copyright 1998-2005 The OpenLDAP Foundation.<BR><EM>All rights reserved.</EM></P>
+<H1><A NAME="OpenLDAP Software Copyright Notices">K. OpenLDAP Software Copyright Notices</A></H1>
+<H2><A NAME="OpenLDAP Copyright Notice">K.1. OpenLDAP Copyright Notice</A></H2>
+<P>Copyright 1998-2007 The OpenLDAP Foundation.<BR><EM>All rights reserved.</EM></P>
<P>Redistribution and use in source and binary forms, with or without modification, are permitted <EM>only as authorized</EM> by the <A HREF="#OpenLDAP Public License">OpenLDAP Public License</A>.</P>
<P>A copy of this license is available in file <TT>LICENSE</TT> in the top-level directory of the distribution or, alternatively, at <<A HREF="http://www.OpenLDAP.org/license.html">http://www.OpenLDAP.org/license.html</A>>.</P>
<P>OpenLDAP is a registered trademark of the OpenLDAP Foundation.</P>
<P>Individual files and/or contributed packages may be copyright by other parties and their use subject to additional restrictions.</P>
-<P>This work is derived from the University of Michigan LDAP v3.3 distribution. Information concerning this software is available at <<A HREF="http://www.umich.edu/~dirsvcs/ldap/">http://www.umich.edu/~dirsvcs/ldap/</A>>.</P>
+<P>This work is derived from the University of Michigan LDAP v3.3 distribution. Information concerning this software is available at <<A HREF="http://www.umich.edu/~dirsvcs/ldap/ldap.html">http://www.umich.edu/~dirsvcs/ldap/ldap.html</A>>.</P>
<P>This work also contains materials derived from public sources.</P>
<P>Additional information about OpenLDAP software can be obtained at <<A HREF="http://www.OpenLDAP.org/">http://www.OpenLDAP.org/</A>>.</P>
-<H2><A NAME="Additional Copyright Notice">B.2. Additional Copyright Notice</A></H2>
-<P>Portions Copyright 1998-2005 Kurt D. Zeilenga.<BR>Portions Copyright 1998-2005 Net Boolean Incorporated.<BR>Portions Copyright 2001-2005 IBM Corporation.<BR><EM>All rights reserved.</EM></P>
+<H2><A NAME="Additional Copyright Notice">K.2. Additional Copyright Notice</A></H2>
+<P>Portions Copyright 1998-2006 Kurt D. Zeilenga.<BR>Portions Copyright 1998-2006 Net Boolean Incorporated.<BR>Portions Copyright 2001-2006 IBM Corporation.<BR><EM>All rights reserved.</EM></P>
<P>Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the <A HREF="#OpenLDAP Public License">OpenLDAP Public License</A>.</P>
-<P>Portions Copyright 1999-2005 Howard Y.H. Chu.<BR>Portions Copyright 1999-2005 Symas Corporation.<BR>Portions Copyright 1998-2003 Hallvard B. Furuseth.<BR><EM>All rights reserved.</EM></P>
+<P>Portions Copyright 1999-2007 Howard Y.H. Chu.<BR>Portions Copyright 1999-2007 Symas Corporation.<BR>Portions Copyright 1998-2003 Hallvard B. Furuseth.<BR>Portions Copyright 2007 Gavin Henry<BR>Portions Copyright 2007 Suretec Systems<BR><EM>All rights reserved.</EM></P>
<P>Redistribution and use in source and binary forms, with or without modification, are permitted provided that this notice is preserved. The names of the copyright holders may not be used to endorse or promote products derived from this software without their specific prior written permission. This software is provided ``as is'' without express or implied warranty.</P>
-<H2><A NAME="University of Michigan Copyright Notice">B.3. University of Michigan Copyright Notice</A></H2>
+<H2><A NAME="University of Michigan Copyright Notice">K.3. University of Michigan Copyright Notice</A></H2>
<P>Portions Copyright 1992-1996 Regents of the University of Michigan.<BR><EM>All rights reserved.</EM></P>
<P>Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided ``as is'' without express or implied warranty.</P>
<P></P>
<HR>
-<H1><A NAME="OpenLDAP Public License">C. OpenLDAP Public License</A></H1>
+<H1><A NAME="OpenLDAP Public License">L. OpenLDAP Public License</A></H1>
<PRE>
The OpenLDAP Public License
Version 2.8, 17 August 2003
@@ -4651,7 +8724,7 @@
<P>
<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
________________<BR>
-<SMALL>© Copyright 2005, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
+<SMALL>© Copyright 2007, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info at OpenLDAP.org">info at OpenLDAP.org</A></SMALL></B></FONT>
</DIV>
Index: ldap.init
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/devel/ldap.init,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- ldap.init 18 Sep 2007 10:41:07 -0000 1.26
+++ ldap.init 21 Nov 2007 12:12:15 -0000 1.27
@@ -1,7 +1,7 @@
#!/bin/bash
#
# ldap This shell script takes care of starting and stopping
-# ldap servers (slapd and slurpd).
+# ldap servers (slapd).
#
# chkconfig: - 27 73
# description: LDAP stands for Lightweight Directory Access Protocol, used \
@@ -23,7 +23,7 @@
SLAPD_LDAP="yes"
SLAPD_LDAPI="no"
SLAPD_LDAPS="no"
-# OPTIONS, SLAPD_OPTIONS, SLURPD_OPTIONS and KTB5_KTNAME are not defined
+# OPTIONS, SLAPD_OPTIONS and KTB5_KTNAME are not defined
# Source an auxiliary options file if we have one
if [ -r /etc/sysconfig/ldap ] ; then
@@ -31,10 +31,8 @@
fi
slapd=/usr/sbin/slapd
-slurpd=/usr/sbin/slurpd
slaptest=/usr/sbin/slaptest
[ -x ${slapd} ] || exit 1
-[ -x ${slurpd} ] || exit 1
RETVAL=0
@@ -99,7 +97,7 @@
prog=`basename ${slapd}`
ldapuid=`id -u $user`
# Unaccessible database files.
- slaptestflags=
+ slaptestflags=""
for dbdir in `LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' /etc/openldap/slapd.conf | sed s,^directory,,` ; do
for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do
echo -n $"$file is not owned by \"$user\"" ; warning ; echo
@@ -107,7 +105,7 @@
if ! test -s ${dbdir}/id2entry.dbb ; then
if ! test -s ${dbdir}/id2entry.gdbm ; then
if ! test -s ${dbdir}/id2entry.bdb ; then
- slaptestflags=-u
+ slaptestflags="-u"
fi
fi
fi
@@ -167,28 +165,6 @@
echo -n $"Starting $prog: "
daemon --check=$prog ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS
RETVAL=$?
- echo
- if [ $RETVAL -eq 0 ]; then
- if grep -q "^replogfile" /etc/openldap/slapd.conf; then
- prog=`basename ${slurpd}`
- i=1;
- for replogfile in `grep "^replogfile" /etc/openldap/slapd.conf`
- do
- if [ "$replogfile" != "replogfile" ]
- then
- echo -n $"Starting $prog: "
- daemon ${slurpd} -r $replogfile -n $i $SLURPD_OPTIONS
- # make the return value nozero if any of the slurpd failed
- RET=$?
- if [ $RET -ne 0 ] ; then
- RETVAL=$RET
- fi
- i=$[i+1]
- echo
- fi
- done
- fi
- fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
return $RETVAL
}
@@ -199,16 +175,6 @@
echo -n $"Stopping $prog: "
killproc ${slapd}
RETVAL=$?
- echo
- if [ $RETVAL -eq 0 ]; then
- if grep -q "^replogfile" /etc/openldap/slapd.conf; then
- prog=`basename ${slurpd}`
- echo -n $"Stopping $prog: "
- killproc ${slurpd}
- RETVAL=$?
- echo
- fi
- fi
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
return $RETVAL
}
@@ -229,13 +195,6 @@
status)
status ${slapd}
RETVAL=$?
- if grep -q "^replogfile" /etc/openldap/slapd.conf ; then
- status ${slurpd}
- RET=$?
- if [ $RET -ne 0 ] ; then
- RETVAL=$RET;
- fi
- fi
;;
restart)
stop
Index: openldap.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/devel/openldap.spec,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -r1.100 -r1.101
--- openldap.spec 5 Nov 2007 09:51:42 -0000 1.100
+++ openldap.spec 21 Nov 2007 12:12:15 -0000 1.101
@@ -1,22 +1,22 @@
%define migtools_version 47
%define db_version 4.4.20
%define ldbm_backend berkeley
-%define version_22 2.2.29
%define version_23 2.3.39
+%define version_24 2.4.6
%define evolution_connector_prefix %{_libdir}/evolution-openldap
%define evolution_connector_includedir %{evolution_connector_prefix}/include
%define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
-# For Fedora Core 5, we want 2.2 compatibility.
-%define compat_version %{version_22}
+# For Fedora 9, we want 2.3 compatibility.
+%define compat_version %{version_23}
Summary: The configuration files, libraries, and documentation for OpenLDAP
Name: openldap
-Version: %{version_23}
+Version: %{version_24}
Release: 1%{?dist}
License: OpenLDAP
Group: System Environment/Daemons
-Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
-Source1: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_22}.tgz
+Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_24}.tgz
+Source1: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz
Source2: http://download.oracle.com/berkeley-db/db-%{db_version}.tar.gz
Source3: ftp://ftp.padl.com/pub/MigrationTools-%{migtools_version}.tar.gz
Source4: ldap.init
@@ -27,26 +27,24 @@
Source9: README.evolution
Source10: ldap.sysconfig
-# Patches that are still valid for 2.3
-Patch0: openldap-2.3.34-config.patch
+# Patches for 2.4
+Patch0: openldap-2.4.6-config.patch
Patch1: openldap-2.0.11-ldaprc.patch
Patch2: openldap-2.2.13-setugid.patch
-Patch3: openldap-2.2.13-pie.patch
+Patch3: openldap-2.4.6-pie.patch
Patch4: openldap-2.3.11-toollinks.patch
-Patch5: openldap-2.3.11-nosql.patch
+Patch5: openldap-2.4.6-nosql.patch
Patch6: openldap-2.3.19-gethostbyXXXX_r.patch
-Patch7: openldap-2.3.34-quiet-slaptest.patch
Patch8: openldap-2.3.34-pthread.patch
Patch9: openldap-2.3.37-smbk5pwd.patch
-Patch10: openldap-2.3.38-multilib.patch
+Patch10: openldap-2.4.6-multilib.patch
-# Patches for 2.2.29 for the compat-openldap package.
-Patch100: openldap-2.2.13-tls-fix-connection-test.patch
-Patch101: openldap-2.2.23-resolv.patch
-Patch102: openldap-2.2.29-ads.patch
+# Patches for 2.3.39
+Patch100: openldap-2.2.13-pie.patch
+Patch101: openldap-2.3.11-nosql.patch
# Patches for the evolution library
-Patch200: openldap-ntlm.diff
+Patch200: openldap-2.4.6-evolution-ntlm.patch
# Patches for the MigrationTools package
Patch300: MigrationTools-38-instdir.patch
@@ -63,10 +61,10 @@
Patch401: db-4.4.20-2.patch
URL: http://www.openldap.org/
-BuildRoot: %{_tmppath}/%{name}-%{version_23}-root
+BuildRoot: %{_tmppath}/%{name}-%{version_24}-root
BuildRequires: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel
BuildRequires: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers-devel,
-BuildRequires: unixODBC-devel, libtool-ltdl-devel
+BuildRequires: unixODBC-devel, libtool-ltdl-devel, groff
Requires: glibc >= 2.2.3-48, mktemp
%description
@@ -81,8 +79,8 @@
%package devel
Summary: OpenLDAP development libraries and header files.
Group: Development/Libraries
-Requires: openldap = %{version_23}-%{release}, cyrus-sasl-devel >= 2.1
-Provides: openldap-evolution-devel = %{version_23}-%{release}
+Requires: openldap = %{version_24}-%{release}, cyrus-sasl-devel >= 2.1
+Provides: openldap-evolution-devel = %{version_24}-%{release}
%description devel
The openldap-devel package includes the development libraries and
@@ -96,7 +94,7 @@
Summary: OpenLDAP servers and related files.
# OpenLDAP server includes Berkeley DB library, which is licensed under Sleepycat and BSD licenses)
License: OpenLDAP and (Sleepycat and BSD)
-Requires: fileutils, make, openldap = %{version_23}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig, /sbin/runuser
+Requires: fileutils, make, openldap = %{version_24}-%{release}, openssl, /usr/sbin/useradd, /sbin/chkconfig, /sbin/runuser
Group: System Environment/Daemons
%description servers
@@ -105,12 +103,12 @@
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
-over the Internet. This package contains the slapd and slurpd servers,
+over the Internet. This package contains the slapd server,
migration scripts, and related files.
%package servers-sql
Summary: OpenLDAP server SQL support module.
-Requires: openldap-servers = %{version_23}-%{release}
+Requires: openldap-servers = %{version_24}-%{release}
Group: System Environment/Daemons
%description servers-sql
@@ -124,7 +122,7 @@
%package clients
Summary: Client programs for OpenLDAP.
-Requires: openldap = %{version_23}-%{release}
+Requires: openldap = %{version_24}-%{release}
Group: Applications/Internet
%description clients
@@ -143,10 +141,10 @@
Group: System Environment/Libraries
# Require the current OpenLDAP libraries package in an attempt to ensure that
# we have a /etc/openldap/ldap.conf file on the system.
-Requires: openldap = %{version_23}-%{release}
+Requires: openldap = %{version_24}-%{release}
# Why this weirdo version number? We want to ensure that version comparisons
# for this package always sort in the same order as the main openldap package.
-Version: %{version_23}_%{compat_version}
+Version: %{version_24}_%{compat_version}
%description -n compat-openldap
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
@@ -162,7 +160,7 @@
%patch401 -b .patch2
popd
-pushd openldap-%{version_23}
+pushd openldap-%{version_24}
%patch0 -p1 -b .config
%patch1 -p1 -b .ldaprc
%patch2 -p1 -b .setugid
@@ -170,7 +168,6 @@
%patch4 -p1 -b .toollinks
%patch5 -p1 -b .nosql
%patch6 -p1 -b .gethostbyname_r
-%patch7 -p1 -b .quiet-slaptest
%patch8 -p1 -b .pthread
%patch9 -p1 -b .smbk5pwd
%patch10 -p1 -b .multilib
@@ -182,12 +179,12 @@
# non-standard NTLM bind type which is needed to connect to Win2k GC servers
# (Win2k3 supports SASL with DIGEST-MD5, so this shouldn't be needed for those
# servers, though as of version 1.4 the connector doesn't try SASL first).
-if ! cp -al openldap-%{version_23} evo-openldap-%{version_23} ; then
- rm -fr evo-openldap-%{version_23}
- cp -a openldap-%{version_23} evo-openldap-%{version_23}
+if ! cp -al openldap-%{version_24} evo-openldap-%{version_24} ; then
+ rm -fr evo-openldap-%{version_24}
+ cp -a openldap-%{version_24} evo-openldap-%{version_24}
fi
-pushd evo-openldap-%{version_23}
-%patch200 -p0 -b .evolution-ntlm
+pushd evo-openldap-%{version_24}
+%patch200 -p1 -b .evolution-ntlm
popd
pushd MigrationTools-%{migtools_version}
@@ -201,17 +198,16 @@
%patch307 -p1
popd
-pushd openldap-%{version_22}
-%patch100 -p1 -b .resolv
-%patch101 -p1 -b .CAN-2005-2069
-%patch102 -p1 -b .ads
+pushd openldap-%{version_23}
+%patch100 -p1
+%patch101 -p1
for subdir in build-servers build-compat ; do
mkdir $subdir
ln -s ../configure $subdir
done
popd
-pushd openldap-%{version_23}
+pushd openldap-%{version_24}
for subdir in build-servers build-clients ; do
mkdir $subdir
ln -s ../configure $subdir
@@ -306,11 +302,10 @@
# Build the servers with Kerberos support (for password checking, mainly).
LIBS=-lpthread; export LIBS
LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}; export LD_LIBRARY_PATH
-pushd openldap-%{version_23}/build-servers
+pushd openldap-%{version_24}/build-servers
build \
--enable-plugins \
--enable-slapd \
- --enable-slurpd \
--enable-multimaster \
--enable-bdb \
--enable-hdb \
@@ -335,10 +330,9 @@
# Build clients without Kerberos password-checking support, which is only
# useful in the server anyway, to avoid stray dependencies.
-pushd openldap-%{version_23}/build-clients
+pushd openldap-%{version_24}/build-clients
build \
--disable-slapd \
- --disable-slurpd \
--enable-shared \
--enable-dynamic \
--enable-static \
@@ -348,10 +342,9 @@
# Build evolution-specific clients just as we would normal clients, except with
# a different installation directory in mind and no shared libraries.
-pushd evo-openldap-%{version_23}
+pushd evo-openldap-%{version_24}
build \
--disable-slapd \
- --disable-slurpd \
--disable-shared \
--disable-dynamic \
--enable-static \
@@ -390,7 +383,7 @@
mv LICENSE LICENSE.bdb-backend
popd
-pushd openldap-%{version_23}/build-servers
+pushd openldap-%{version_24}/build-servers
make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" STRIP=""
popd
@@ -403,7 +396,7 @@
# Install clients and shared libraries. Install the evo-specific versions
# first so that any conflicting files are overwritten by generic versions.
-pushd evo-openldap-%{version_23}
+pushd evo-openldap-%{version_24}
make install DESTDIR=$RPM_BUILD_ROOT \
includedir=%{evolution_connector_includedir} \
libdir=%{evolution_connector_libdir} \
@@ -414,7 +407,7 @@
$RPM_SOURCE_DIR/README.evolution \
$RPM_BUILD_ROOT/%{evolution_connector_prefix}/
popd
-pushd openldap-%{version_23}/build-clients
+pushd openldap-%{version_24}/build-clients
make install DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} LIBTOOL="$libtool" STRIP=""
popd
@@ -467,7 +460,7 @@
$RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat/
# Move slapd and slurpd out of _libdir
-mv $RPM_BUILD_ROOT/%{_libdir}/sl{apd,urpd} $RPM_BUILD_ROOT/%{_sbindir}/
+mv $RPM_BUILD_ROOT/%{_libdir}/slapd $RPM_BUILD_ROOT/%{_sbindir}/
rm -f $RPM_BUILD_ROOT/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test}
rm -f $RPM_BUILD_ROOT/%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test}
for X in acl add auth cat dn index passwd test; do ln -s slapd $RPM_BUILD_ROOT/%{_sbindir}/slap$X ; done
@@ -485,7 +478,7 @@
rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.so
rm -f $RPM_BUILD_ROOT%{_localstatedir}/openldap-data/DB_CONFIG.example
-rmdir $RPM_BUILD_ROOT%{_localstatedir}/openldap-slurp $RPM_BUILD_ROOT%{_localstatedir}/openldap-data
+rmdir $RPM_BUILD_ROOT%{_localstatedir}/openldap-data
%clean
rm -rf $RPM_BUILD_ROOT
@@ -584,17 +577,17 @@
%files
%defattr(-,root,root)
-%doc openldap-%{version_23}/ANNOUNCEMENT
-%doc openldap-%{version_23}/CHANGES
-%doc openldap-%{version_23}/COPYRIGHT
-%doc openldap-%{version_23}/LICENSE
-%doc openldap-%{version_23}/README
+%doc openldap-%{version_24}/ANNOUNCEMENT
+%doc openldap-%{version_24}/CHANGES
+%doc openldap-%{version_24}/COPYRIGHT
+%doc openldap-%{version_24}/LICENSE
+%doc openldap-%{version_24}/README
%attr(0755,root,root) %dir %{_sysconfdir}/openldap
%attr(0755,root,root) %dir %{_sysconfdir}/openldap/cacerts
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap*.conf
-%attr(0755,root,root) %{_libdir}/liblber-2.3*.so.*
-%attr(0755,root,root) %{_libdir}/libldap-2.3*.so.*
-%attr(0755,root,root) %{_libdir}/libldap_r-2.3*.so.*
+%attr(0755,root,root) %{_libdir}/liblber-2.4*.so.*
+%attr(0755,root,root) %{_libdir}/libldap-2.4*.so.*
+%attr(0755,root,root) %{_libdir}/libldap_r-2.4*.so.*
%attr(0644,root,root) %{_mandir}/man5/ldif.5*
%attr(0644,root,root) %{_mandir}/man5/ldap.conf.5*
%attr(0755,root,root) %dir %{_datadir}/openldap
@@ -604,9 +597,9 @@
%doc openldap-%{compat_version}/ANNOUNCEMENT
%doc openldap-%{compat_version}/COPYRIGHT
%doc openldap-%{compat_version}/LICENSE
-%attr(0755,root,root) %{_libdir}/liblber-2.2.so.*
-%attr(0755,root,root) %{_libdir}/libldap-2.2.so.*
-%attr(0755,root,root) %{_libdir}/libldap_r-2.2.so.*
+%attr(0755,root,root) %{_libdir}/liblber-2.3.so.*
+%attr(0755,root,root) %{_libdir}/libldap-2.3.so.*
+%attr(0755,root,root) %{_libdir}/libldap_r-2.3.so.*
%attr(0755,ldap,ldap) %dir %{_libdir}/compat-openldap
%attr(0755,root,root) %{_libdir}/compat-openldap/slapcat
@@ -617,8 +610,8 @@
%doc TOOLS.migration
%doc db-%{db_version}/LICENSE.bdb-backend
%doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/guide.html
-%doc openldap-%{version_23}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
-%doc openldap-%{version_23}/doc/guide/admin/*.gif
+%doc openldap-%{version_24}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd
+%doc openldap-%{version_24}/doc/guide/admin/*.gif
%ghost %config %{_sysconfdir}/pki/tls/certs/slapd.pem
%attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/ldap
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/openldap/ldap*.conf
@@ -641,8 +634,6 @@
%attr(0755,root,root) %{_datadir}/openldap/migration/*.pl
%attr(0755,root,root) %{_datadir}/openldap/migration/*.sh
%attr(0644,root,root) %{_datadir}/openldap/migration/*.txt
-%attr(0755,root,root) %dir %{_datadir}/openldap/ucdata
-%attr(0644,root,root) %dir %{_datadir}/openldap/ucdata/*
%attr(0700,ldap,ldap) %dir /var/lib/ldap
%attr(0755,ldap,ldap) %dir /var/run/openldap
%attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
@@ -651,8 +642,8 @@
%files servers-sql
%defattr(-,root,root)
-%doc openldap-%{version_23}/servers/slapd/back-sql/docs/*
-%doc openldap-%{version_23}/servers/slapd/back-sql/rdbms_depend
+%doc openldap-%{version_24}/servers/slapd/back-sql/docs/*
+%doc openldap-%{version_24}/servers/slapd/back-sql/rdbms_depend
%attr(0755,root,root) %{_libdir}/openldap/back_sql.la
%attr(0755,root,root) %{_libdir}/openldap/back_sql*.so.*
@@ -663,7 +654,7 @@
%files devel
%defattr(-,root,root)
-%doc openldap-%{version_23}/doc/drafts openldap-%{version_23}/doc/rfc
+%doc openldap-%{version_24}/doc/drafts openldap-%{version_24}/doc/rfc
%attr(0755,root,root) %{_libdir}/libl*.so
%attr(0644,root,root) %{_libdir}/libl*.a
%attr(0644,root,root) %{_includedir}/*
@@ -676,6 +667,9 @@
%attr(0644,root,root) %{evolution_connector_libdir}/*.a
%changelog
+* Fri Nov 2 2007 Jan Safranek <jsafranek at redhat.com> 2.4.6-1%{?dist}
+- new upstream version (openldap-2.4)
+
* Mon Nov 5 2007 Jan Safranek <jsafranek at redhat.com> 2.3.39-1%{?dist}
- new upstream release
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/openldap/devel/sources,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- sources 5 Nov 2007 09:49:33 -0000 1.36
+++ sources 21 Nov 2007 12:12:15 -0000 1.37
@@ -1,4 +1,4 @@
-6c4c72a1336aa45b463e738034c078d6 openldap-2.2.29.tgz
+e3fec2953c948f6990ccdc3af7bf7f18 openldap-2.3.39.tgz
3faf83eb8482e55979bda47f1d1e6501 MigrationTools-47.tar.gz
33851f01b455cca48aa601956de93c6f db-4.4.20.tar.gz
-e3fec2953c948f6990ccdc3af7bf7f18 openldap-2.3.39.tgz
+4418da48649297587a3d07c987808a5e openldap-2.4.6.tgz
--- openldap-2.3.34-quiet-slaptest.patch DELETED ---
--- openldap-2.3.38-multilib.patch DELETED ---
--- openldap-ntlm.diff DELETED ---
More information about the fedora-extras-commits
mailing list