From 7735241b69004288fb6772d8dbe3c9ce6d0b0722 Mon Sep 17 00:00:00 2001 From: Jan Šafránek Date: Jul 13 2007 20:00:26 +0000 Subject: Sync with devel: - Fix initscript return codes (#242667) - Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895) - Add available modules to config file - do not create script in /tmp on startup (bz#188298) - add compat-slapcat to openldap-compat (bz#179378) - do not import ddp services with migrate_services.pl (bz#201183) - sort the hosts by address, preventing duplicities in migrate*nis*.pl (bz#201540) - start slupd for each replicated database (bz#210155) - add ldconfig to devel post/postun (bz#240253) - include misc.schema in default slapd.conf (bz#147805) --- diff --git a/MigrationTools-46-ddp.patch b/MigrationTools-46-ddp.patch new file mode 100644 index 0000000..8e0a54b --- /dev/null +++ b/MigrationTools-46-ddp.patch @@ -0,0 +1,15 @@ +--- MigrationTools-46/migrate_services.pl.orig 2007-05-23 14:41:22.000000000 +0200 ++++ MigrationTools-46/migrate_services.pl 2007-05-23 14:42:55.000000000 +0200 +@@ -102,6 +102,12 @@ + my ($servicename, $portproto, @aliases) = split(m/\s+/o, $card); + my ($rawport, $proto) = split(m#[/,]#o, $portproto); + ++ # do not generate ddp services - it's AppleTalk, not IP ++ if ($proto eq "ddp") { ++ print STDERR "Skipping non-IP service '$servicename $portproto'\n"; ++ next; ++ } ++ + # Find services specifying a port range (e.g. X11.) + my $loport = ''; + my $hiport = ''; diff --git a/MigrationTools-46-unique-hosts.patch b/MigrationTools-46-unique-hosts.patch new file mode 100644 index 0000000..f0db7ba --- /dev/null +++ b/MigrationTools-46-unique-hosts.patch @@ -0,0 +1,23 @@ +Prevent duplicities in hosts, which are read from NIS. +--- MigrationTools-46/migrate_all_nis_online.sh.orig 2007-05-24 11:21:54.000000000 +0200 ++++ MigrationTools-46/migrate_all_nis_online.sh 2007-05-24 11:26:30.000000000 +0200 +@@ -67,7 +67,7 @@ + ypcat $DOMFLAG protocols > $ETC_PROTOCOLS + touch $ETC_FSTAB + ypcat $DOMFLAG rpc.byname > $ETC_RPC +-ypcat $DOMFLAG hosts > $ETC_HOSTS ++ypcat $DOMFLAG hosts.byaddr > $ETC_HOSTS + ypcat $DOMFLAG networks > $ETC_NETWORKS + #ypcat $DOMFLAG -k aliases > $ETC_ALIASES + +--- MigrationTools-46/migrate_all_nis_offline.sh.orig 2007-05-24 11:21:54.000000000 +0200 ++++ MigrationTools-46/migrate_all_nis_offline.sh 2007-05-24 11:26:13.000000000 +0200 +@@ -67,7 +67,7 @@ + ypcat $DOMFLAG protocols > $ETC_PROTOCOLS + touch $ETC_FSTAB + ypcat $DOMFLAG rpc.byname > $ETC_RPC +-ypcat $DOMFLAG hosts > $ETC_HOSTS ++ypcat $DOMFLAG hosts.byaddr > $ETC_HOSTS + ypcat $DOMFLAG networks > $ETC_NETWORKS + #ypcat $DOMFLAG -k aliases > $ETC_ALIASES + diff --git a/ldap.init b/ldap.init index c5707e4..6d1eff2 100644 --- a/ldap.init +++ b/ldap.init @@ -16,7 +16,7 @@ # Source networking configuration and check that networking is up. if [ -r /etc/sysconfig/network ] ; then . /etc/sysconfig/network - [ ${NETWORKING} = "no" ] && exit 0 + [ ${NETWORKING} = "no" ] && exit 1 fi # Source an auxiliary options file if we have one, and pick up OPTIONS, @@ -29,8 +29,8 @@ fi slapd=/usr/sbin/slapd slurpd=/usr/sbin/slurpd slaptest=/usr/sbin/slaptest -[ -x ${slapd} ] || exit 0 -[ -x ${slurpd} ] || exit 0 +[ -x ${slapd} ] || exit 1 +[ -x ${slurpd} ] || exit 1 RETVAL=0 @@ -97,7 +97,7 @@ function configtest() { # Unaccessible database files. slaptestflags= for dbdir in `LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' /etc/openldap/slapd.conf | sed s,^directory,,` ; do - for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" \)` ; do + for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do echo -n $"$file is not owned by \"$user\"" ; warning ; echo done if ! test -s ${dbdir}/id2entry.dbb ; then @@ -149,10 +149,6 @@ function start() { # Define a couple of local variables which we'll need. Maybe. user=ldap prog=`basename ${slapd}` - # Build a wrapper script to exec slapd with the right arguments, to - # avoid being tripped out by changes or weirdness in how daemon() - # handles quoted arguments. - wrapper=`mktemp ${TMP:-/tmp}/start-slapd.XXXXXX` harg="ldap:///" if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then harg="$harg ldaps:///" @@ -160,26 +156,30 @@ function start() { if test x$SLAPD_LDAPI = xyes ; then harg="$harg ldapi:///" fi - if test -z "$wrapper" ; then - return 1 - fi - cat >> $wrapper <<- EOF - exec ${slapd} -h "$harg" -u ${user} $OPTIONS $SLAPD_OPTIONS - EOF - chmod u+x $wrapper - trap "rm -f $wrapper" EXIT # Start daemons. echo -n $"Starting $prog: " - daemon --check=$prog $wrapper + daemon --check=$prog ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS RETVAL=$? echo if [ $RETVAL -eq 0 ]; then if grep -q "^replogfile" /etc/openldap/slapd.conf; then prog=`basename ${slurpd}` - echo -n $"Starting $prog: " - daemon ${slurpd} $OPTIONS $SLURPD_OPTIONS - RETVAL=$? - echo + i=1; + for replogfile in `grep "^replogfile" /etc/openldap/slapd.conf` + do + if [ "$replogfile" != "replogfile" ] + then + echo -n $"Starting $prog: " + daemon ${slurpd} -r $replogfile -n $i + # make the return value nozero if any of the slurpd failed + RET=$? + if [ $RET -ne 0 ] ; then + RETVAL=$RET + fi + i=$[i+1] + echo + fi + done fi fi [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap @@ -213,24 +213,33 @@ case "$1" in ;; start) start + RETVAL=$? ;; stop) stop + RETVAL=$? ;; status) status ${slapd} + RETVAL=$? if grep -q "^replogfile" /etc/openldap/slapd.conf ; then status ${slurpd} + RET=$? + if [ $RET -ne 0 ] ; then + RETVAL=$RET; + fi fi ;; restart) stop start + RETVAL=$? ;; condrestart) if [ -f /var/lock/subsys/ldap ] ; then stop start + RETVAL=$? fi ;; *) diff --git a/openldap-2.3.11-config.patch b/openldap-2.3.11-config.patch deleted file mode 100644 index 978cfc4..0000000 --- a/openldap-2.3.11-config.patch +++ /dev/null @@ -1,111 +0,0 @@ ---- openldap-2.3.17/servers/slapd/slapd.conf.config 2004-06-17 22:49:08.000000000 -0400 -+++ openldap-2.3.17/servers/slapd/slapd.conf 2006-01-12 15:33:04.000000000 -0500 -@@ -3,15 +3,19 @@ - # This file should NOT be world readable. - # - include %SYSCONFDIR%/schema/core.schema -+include %SYSCONFDIR%/schema/cosine.schema -+include %SYSCONFDIR%/schema/inetorgperson.schema -+include %SYSCONFDIR%/schema/nis.schema - --# Define global ACLs to disable default read access. -+# Allow LDAPv2 client connections. This is NOT the default. -+allow bind_v2 - - # Do not enable referrals until AFTER you have a working directory - # service AND an understanding of referrals. - #referral ldap://root.openldap.org - --pidfile %LOCALSTATEDIR%/run/slapd.pid --argsfile %LOCALSTATEDIR%/run/slapd.args -+pidfile %LOCALSTATEDIR%/run/openldap/slapd.pid -+argsfile %LOCALSTATEDIR%/run/openldap/slapd.args - - # Load dynamic backend modules: - # modulepath %MODULEDIR% -@@ -21,6 +25,15 @@ - # moduleload back_passwd.la - # moduleload back_shell.la - -+# The next three lines allow use of TLS for encrypting connections using a -+# dummy test certificate which you can generate by changing to -+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on -+# slapd.pem so that the ldap user or group can read it. Your client software -+# may balk at self-signed certificates, however. -+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt -+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem -+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem -+ - # Sample security restrictions - # Require integrity protection (prevent hijacking) - # Require 112-bit (3DES or better) encryption for updates -@@ -49,19 +62,32 @@ - # rootdn can always read and write EVERYTHING! - - ####################################################################### --# BDB database definitions -+# ldbm and/or bdb database definitions - ####################################################################### - - database bdb - suffix "dc=my-domain,dc=com" - rootdn "cn=Manager,dc=my-domain,dc=com" - # Cleartext passwords, especially for the rootdn, should --# be avoid. See slappasswd(8) and slapd.conf(5) for details. -+# be avoided. See slappasswd(8) and slapd.conf(5) for details. - # Use of strong authentication encouraged. --rootpw secret -+# rootpw secret -+# rootpw {crypt}ijFYNcSNctBYg -+ - # The database directory MUST exist prior to running slapd AND - # should only be accessible by the slapd and slap tools. - # Mode 700 recommended. --directory %LOCALSTATEDIR%/openldap-data --# Indices to maintain --index objectClass eq -+directory /var/lib/ldap -+ -+# Indices to maintain for this database -+index objectClass eq,pres -+index ou,cn,mail,surname,givenname eq,pres,sub -+index uidNumber,gidNumber,loginShell eq,pres -+index uid,memberUid eq,pres,sub -+index nisMapName,nisMapEntry eq,pres,sub -+ -+# Replicas of this database -+#replogfile /var/lib/ldap/openldap-master-replog -+#replica host=ldap-1.example.com:389 starttls=critical -+# bindmethod=sasl saslmech=GSSAPI -+# authcId=host/ldap-master.example.com@EXAMPLE.COM ---- openldap-2.2.13/servers/slurpd/slurp.h 2004-01-01 13:16:42.000000000 -0500 -+++ openldap-2.2.13/servers/slurpd/slurp.h 2004-06-15 11:40:04.000000000 -0400 -@@ -66,7 +66,7 @@ - #define SERVICE_NAME OPENLDAP_PACKAGE "-slurpd" - - /* Default directory for slurpd's private copy of replication logs */ --#define DEFAULT_SLURPD_REPLICA_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-slurp" -+#define DEFAULT_SLURPD_REPLICA_DIR "/var/lib/ldap" - - /* Default name for slurpd's private copy of the replication log */ - #define DEFAULT_SLURPD_REPLOGFILE "slurpd.replog" -@@ -75,7 +75,7 @@ - #define DEFAULT_SLURPD_STATUS_FILE "slurpd.status" - - /* slurpd dump file - contents of rq struct are written here (debugging) */ --#define SLURPD_DUMPFILE LDAP_TMPDIR LDAP_DIRSEP "slurpd.dump" -+#define SLURPD_DUMPFILE DEFAULT_SLURPD_REPLICA_DIR "/slurpd.dump" - - /* Amount of time to sleep if no more work to do */ - #define DEFAULT_NO_WORK_INTERVAL 3 ---- openldap-2.3.11/doc/man/man8/slurpd.8.config 2005-07-10 00:36:41.000000000 -0400 -+++ openldap-2.3.11/doc/man/man8/slurpd.8 2005-10-28 21:07:54.000000000 -0400 -@@ -120,7 +120,7 @@ - temporary files may contain sensitive information. - This option allows you to specify the location of these temporary files. - The default is --.BR LOCALSTATEDIR/openldap-slurp . -+.BR /var/lib/ldap . - .SH EXAMPLES - To start - .I slurpd diff --git a/openldap-2.3.34-config.patch b/openldap-2.3.34-config.patch new file mode 100644 index 0000000..58f5d63 --- /dev/null +++ b/openldap-2.3.34-config.patch @@ -0,0 +1,98 @@ +--- openldap-2.3.34/servers/slapd/slapd.conf.orig 2007-06-29 09:01:50.000000000 +0200 ++++ openldap-2.3.34/servers/slapd/slapd.conf 2007-06-29 09:03:50.000000000 +0200 +@@ -3,23 +3,48 @@ + # This file should NOT be world readable. + # + include %SYSCONFDIR%/schema/core.schema ++include %SYSCONFDIR%/schema/cosine.schema ++include %SYSCONFDIR%/schema/inetorgperson.schema ++include %SYSCONFDIR%/schema/nis.schema ++include %SYSCONFDIR%/schema/misc.schema + +-# Define global ACLs to disable default read access. ++# Allow LDAPv2 client connections. This is NOT the default. ++allow bind_v2 + + # Do not enable referrals until AFTER you have a working directory + # service AND an understanding of referrals. + #referral ldap://root.openldap.org + +-pidfile %LOCALSTATEDIR%/run/slapd.pid +-argsfile %LOCALSTATEDIR%/run/slapd.args ++pidfile %LOCALSTATEDIR%/run/openldap/slapd.pid ++argsfile %LOCALSTATEDIR%/run/openldap/slapd.args + + # Load dynamic backend modules: + # modulepath %MODULEDIR% +-# moduleload back_bdb.la +-# moduleload back_ldap.la +-# moduleload back_ldbm.la +-# moduleload back_passwd.la +-# moduleload back_shell.la ++# moduleload accesslog.la ++# moduleload auditlog.la ++# moduleload back_sql.la ++# moduleload denyop.la ++# moduleload dyngroup.la ++# moduleload dynlist.la ++# moduleload lastmod.la ++# moduleload pcache.la ++# moduleload ppolicy.la ++# moduleload refint.la ++# moduleload retcode.la ++# moduleload rwm.la ++# moduleload syncprov.la ++# moduleload translucent.la ++# moduleload unique.la ++# moduleload valsort.la ++ ++# The next three lines allow use of TLS for encrypting connections using a ++# dummy test certificate which you can generate by changing to ++# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on ++# slapd.pem so that the ldap user or group can read it. Your client software ++# may balk at self-signed certificates, however. ++# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt ++# TLSCertificateFile /etc/pki/tls/certs/slapd.pem ++# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem + + # Sample security restrictions + # Require integrity protection (prevent hijacking) +@@ -49,19 +74,32 @@ + # rootdn can always read and write EVERYTHING! + + ####################################################################### +-# BDB database definitions ++# ldbm and/or bdb database definitions + ####################################################################### + + database bdb + suffix "dc=my-domain,dc=com" + rootdn "cn=Manager,dc=my-domain,dc=com" + # Cleartext passwords, especially for the rootdn, should +-# be avoid. See slappasswd(8) and slapd.conf(5) for details. ++# be avoided. See slappasswd(8) and slapd.conf(5) for details. + # Use of strong authentication encouraged. +-rootpw secret ++# rootpw secret ++# rootpw {crypt}ijFYNcSNctBYg ++ + # The database directory MUST exist prior to running slapd AND + # should only be accessible by the slapd and slap tools. + # Mode 700 recommended. +-directory %LOCALSTATEDIR%/openldap-data +-# Indices to maintain +-index objectClass eq ++directory /var/lib/ldap ++ ++# Indices to maintain for this database ++index objectClass eq,pres ++index ou,cn,mail,surname,givenname eq,pres,sub ++index uidNumber,gidNumber,loginShell eq,pres ++index uid,memberUid eq,pres,sub ++index nisMapName,nisMapEntry eq,pres,sub ++ ++# Replicas of this database ++#replogfile /var/lib/ldap/openldap-master-replog ++#replica host=ldap-1.example.com:389 starttls=critical ++# bindmethod=sasl saslmech=GSSAPI ++# authcId=host/ldap-master.example.com@EXAMPLE.COM diff --git a/openldap-2.3.34-smbk5pwd.patch b/openldap-2.3.34-smbk5pwd.patch new file mode 100644 index 0000000..7f5b6cb --- /dev/null +++ b/openldap-2.3.34-smbk5pwd.patch @@ -0,0 +1,50 @@ +--- openldap-2.3.34/servers/slapd/overlays/Makefile.in.smbk5pwd 2007-01-02 22:44:08.000000000 +0100 ++++ openldap-2.3.34/servers/slapd/overlays/Makefile.in 2007-06-29 16:59:32.000000000 +0200 +@@ -28,7 +28,8 @@ + syncprov.c \ + translucent.c \ + unique.c \ +- valsort.c ++ valsort.c \ ++ smbk5pwd.c + OBJS = overlays.o \ + statover.o \ + @SLAPD_STATIC_OVERLAYS@ +@@ -41,14 +42,14 @@ + LDAP_INCDIR= ../../../include + LDAP_LIBDIR= ../../../libraries + +-MOD_DEFS = -DSLAPD_IMPORT ++MOD_DEFS = -DSLAPD_IMPORT -DDO_SAMBA + + shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA) + NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS) + + LIBRARY = ../liboverlays.a +-PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@ ++PROGRAMS = @SLAPD_DYNAMIC_OVERLAYS@ smbk5pwd.la + + XINCPATH = -I.. -I$(srcdir)/.. + XDEFS = $(MODULES_CPPFLAGS) +@@ -105,6 +106,9 @@ + valsort.la : valsort.lo + $(LTLINK_MOD) -module -o $@ valsort.lo version.lo $(LINK_LIBS) + ++smbk5pwd.la : smbk5pwd.lo ++ $(LTLINK_MOD) -module -o $@ smbk5pwd.lo version.lo $(LINK_LIBS) ++ + install-local: $(PROGRAMS) + @if test -n "$?" ; then \ + $(MKDIR) $(DESTDIR)$(moduledir); \ +--- openldap-2.3.34/contrib/slapd-modules/smbk5pwd/README.smbk5pwd 2005-11-14 19:06:04.000000000 +0100 ++++ openldap-2.3.34/contrib/slapd-modules/smbk5pwd/README 2007-07-09 09:44:43.000000000 +0200 +@@ -1,3 +1,8 @@ ++*************************************************************** ++Red Hat note: Kerberos support is NOT compiled into ++this version of smbk5pwd because we do not use Heimdall. ++*************************************************************** ++ + Copyright 2004-2005 Howard Chu, Symas Corp. All rights reserved. + + Redistribution and use in source and binary forms, with or without diff --git a/openldap.spec b/openldap.spec index 1c05d17..99bc9c6 100644 --- a/openldap.spec +++ b/openldap.spec @@ -13,7 +13,7 @@ Summary: The configuration files, libraries, and documentation for OpenLDAP Name: openldap Version: %{version_23} -Release: 2%{?dist} +Release: 3%{?dist} License: OpenLDAP Group: System Environment/Daemons Source0: ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/openldap-%{version_23}.tgz @@ -31,7 +31,7 @@ Source11: nptl-abi-note.S Source12: README.evolution # Patches that are still valid for 2.3 -Patch0: openldap-2.3.11-config.patch +Patch0: openldap-2.3.34-config.patch Patch1: openldap-1.2.11-cldap.patch Patch2: openldap-2.0.11-ldaprc.patch Patch3: openldap-2.2.13-setugid.patch @@ -42,6 +42,7 @@ Patch6: openldap-2.3.11-nosql.patch Patch8: openldap-2.3.19-gethostbyXXXX_r.patch Patch9: openldap-2.3.34-quiet-slaptest.patch Patch10: openldap-2.3.34-pthread.patch +Patch11: openldap-2.3.34-smbk5pwd.patch # Patches for 2.2.29 for the compat-openldap package. Patch100: openldap-2.2.13-tls-fix-connection-test.patch @@ -59,6 +60,8 @@ Patch302: MigrationTools-27-simple.patch Patch303: MigrationTools-26-suffix.patch Patch304: MigrationTools-46-schema.patch Patch305: MigrationTools-45-noaliases.patch +Patch306: MigrationTools-46-ddp.patch +Patch307: MigrationTools-46-unique-hosts.patch Patch400: db-4.4.20-1.patch Patch401: db-4.4.20-2.patch @@ -178,6 +181,8 @@ pushd openldap-%{version_23} %patch8 -p1 -b .gethostbyname_r %patch9 -p1 -b .quiet-slaptest %patch10 -p1 -b .pthread +%patch11 -p1 -b .smbk5pwd + cp %{_datadir}/libtool/config.{sub,guess} build/ popd @@ -200,6 +205,8 @@ pushd MigrationTools-%{migtools_version} %patch303 -p1 -b .suffix %patch304 -p1 -b .schema %patch305 -p1 -b .noaliases +%patch306 -p1 +%patch307 -p1 popd autodir=`pwd`/auto-instroot @@ -229,6 +236,9 @@ pushd openldap-%{version_23} mkdir $subdir ln -s ../configure $subdir done +# build smbk5pwd with other overlays +ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays +mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd autoconf popd @@ -317,7 +327,7 @@ LD_LIBRARY_PATH=${dbdir}/%{_lib}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}; export # Build the client libraries for the compat package. pushd openldap-%{compat_version}/build-compat %configure \ - --disable-slapd --disable-slurpd \ + --enable-slapd --disable-slurpd \ --with-threads=posix --enable-static --enable-shared --enable-dynamic \ --enable-local --with-tls --with-cyrus-sasl --without-kerberos make %{_smp_mflags} @@ -368,11 +378,14 @@ build \ --enable-null \ --enable-shell \ --enable-sql=mod \ + --enable-passwd \ --disable-perl \ + --enable-relay \ --disable-shared \ --disable-dynamic \ --enable-static \ - --with-kerberos=k5only + --with-kerberos=k5only \ + --enable-overlays=mod unset LIBS popd @@ -419,6 +432,11 @@ pushd openldap-%{compat_version}/build-compat/libraries rm $RPM_BUILD_ROOT/%{_libdir}/*.so popd +mkdir -p $RPM_BUILD_ROOT/%{_libdir}/compat-openldap +pushd openldap-%{compat_version}/build-compat/servers/slapd + $libtool --mode=install /usr/bin/install -c -s -m 755 slapd $RPM_BUILD_ROOT/%{_libdir}/compat-openldap/slapcat +popd + # Install servers. %ifarch %{nptl_arches} case %{_target_platform} in @@ -625,6 +643,12 @@ if [ $1 -ge 1 ] ; then /sbin/service ldap condrestart > /dev/null 2>&1 || : fi +%post devel +/sbin/ldconfig + +%postun devel +/sbin/ldconfig + %files %defattr(-,root,root) %doc openldap-%{version_23}/ANNOUNCEMENT @@ -650,12 +674,16 @@ fi %attr(0755,root,root) %{_libdir}/liblber-2.2.so.* %attr(0755,root,root) %{_libdir}/libldap-2.2.so.* %attr(0755,root,root) %{_libdir}/libldap_r-2.2.so.* +%attr(0755,ldap,ldap) %dir %{_libdir}/compat-openldap +%attr(0755,root,root) %{_libdir}/compat-openldap/slapcat + %files servers %defattr(-,root,root) %doc README.migration %doc TOOLS.migration %doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/guide.html +%doc openldap-%{version_23}/contrib/slapd-modules/smbk5pwd/README.smbk5pwd %ghost %config %{_sysconfdir}/pki/tls/certs/slapd.pem %attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/ldap %attr(0640,root,ldap) %config(noreplace) %{_sysconfdir}/openldap/slapd.conf @@ -681,6 +709,8 @@ fi %attr(0700,ldap,ldap) %dir /var/lib/ldap %attr(0755,ldap,ldap) %dir /var/run/openldap %attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so +%attr(0755,root,root) %dir %{_libdir}/openldap +%attr(0755,root,root) %{_libdir}/openldap/[^b]* %ifarch %{nptl_arches} %ifnarch %{ix86} %attr(0755,root,root) %{_libdir}/tls/libslapd_db-*.*.so @@ -694,7 +724,6 @@ fi %defattr(-,root,root) %doc openldap-%{version_23}/servers/slapd/back-sql/docs/* %doc openldap-%{version_23}/servers/slapd/back-sql/rdbms_depend -%attr(0755,root,root) %{_libdir}/openldap %attr(0755,root,root) %{_libdir}/openldap/back_sql.la %attr(0755,root,root) %{_libdir}/openldap/back_sql*.so.* @@ -718,6 +747,20 @@ fi %attr(0644,root,root) %{evolution_connector_libdir}/*.a %changelog +* Fri Jul 13 2007 Jan Safranek 2.3.34-3%{?dist} +- Fix initscript return codes (#242667) +- Provide overlays including smbk5pwd (as modules; #246036, #245896, #220895) +- Add available modules to config file +- do not create script in /tmp on startup (bz#188298) +- add compat-slapcat to openldap-compat (bz#179378) +- do not import ddp services with migrate_services.pl + (bz#201183) +- sort the hosts by address, preventing duplicities + in migrate*nis*.pl (bz#201540) +- start slupd for each replicated database (bz#210155) +- add ldconfig to devel post/postun (bz#240253) +- include misc.schema in default slapd.conf (bz#147805) + * Mon Apr 23 2007 Jan Safranek 2.3.34-2%{?dist} - slapadd during package update is now quiet (bz#224581) - use _localstatedir instead of var/ during build (bz#220970)