diff --git a/.cvsignore b/.cvsignore
index 99215ad..976b86e 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,4 +1,6 @@
 openldap-2.2.29.tgz
-openldap-2.3.11.tgz
 MigrationTools-46.tar.gz
-openldap-2.3.16.tgz
+openldap-2.3.19.tgz
+db-4.4.20.tar.gz
+autoconf-2.13.1.tar.gz
+automake-1.4a.tar.gz
diff --git a/ldap.init b/ldap.init
index 7471380..868c5f1 100644
--- a/ldap.init
+++ b/ldap.init
@@ -8,7 +8,7 @@
 #              for implementing the industry standard directory services.
 # processname: slapd
 # config: /etc/openldap/slapd.conf
-# pidfile: /var/run/slapd.pid
+# pidfile: /var/run/openldap/slapd.pid
 
 # Source function library.
 . /etc/init.d/functions
@@ -121,8 +121,8 @@ function configtest() {
 		fi
 	done
 	# Check the configuration file.
-	if ! action $"Checking configuration files for $prog: " $slaptest $slaptestflags ; then
-		if $slaptest -u > /dev/null 2> /dev/null ; then
+	if ! action $"Checking configuration files for $prog: " /sbin/runuser -f -m -s /bin/sh -c "$slaptest $slaptestflags" -- "$user" ; then
+		if /sbin/runuser -f -m -s /bin/sh -c "$slaptest  -u" -- "$user" > /dev/null 2> /dev/null ; then
 			dirs=`LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' /etc/openldap/slapd.conf | awk '{print $2}'`
 			for directory in $dirs ; do
 				if test -r $directory/__db.001 ; then
diff --git a/openldap-2.3.11-config.patch b/openldap-2.3.11-config.patch
index 921e67a..978cfc4 100644
--- a/openldap-2.3.11-config.patch
+++ b/openldap-2.3.11-config.patch
@@ -1,6 +1,6 @@
---- openldap-2.2.13/servers/slapd/slapd.conf	2003-12-29 13:10:40.000000000 -0500
-+++ openldap-2.2.13/servers/slapd/slapd.conf	2004-06-15 11:44:23.000000000 -0400
-@@ -3,8 +3,12 @@
+--- openldap-2.3.17/servers/slapd/slapd.conf.config	2004-06-17 22:49:08.000000000 -0400
++++ openldap-2.3.17/servers/slapd/slapd.conf	2006-01-12 15:33:04.000000000 -0500
+@@ -3,15 +3,19 @@
  # This file should NOT be world readable.
  #
  include		%SYSCONFDIR%/schema/core.schema
@@ -14,6 +14,15 @@
  
  # Do not enable referrals until AFTER you have a working directory
  # service AND an understanding of referrals.
+ #referral	ldap://root.openldap.org
+ 
+-pidfile		%LOCALSTATEDIR%/run/slapd.pid
+-argsfile	%LOCALSTATEDIR%/run/slapd.args
++pidfile		%LOCALSTATEDIR%/run/openldap/slapd.pid
++argsfile	%LOCALSTATEDIR%/run/openldap/slapd.args
+ 
+ # Load dynamic backend modules:
+ # modulepath	%MODULEDIR%
 @@ -21,6 +25,15 @@
  # moduleload	back_passwd.la
  # moduleload	back_shell.la
@@ -53,10 +62,10 @@
  # should only be accessible by the slapd and slap tools.
  # Mode 700 recommended.
 -directory	%LOCALSTATEDIR%/openldap-data
-+directory	/var/lib/ldap
-+
 -# Indices to maintain
 -index	objectClass	eq
++directory	/var/lib/ldap
++
 +# Indices to maintain for this database
 +index objectClass                       eq,pres
 +index ou,cn,mail,surname,givenname      eq,pres,sub
diff --git a/openldap.spec b/openldap.spec
index a233e92..6cedacb 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -1,8 +1,8 @@
 %define migtools_version 46
-%define db_version 4.3.27
+%define db_version 4.4.20
 %define ldbm_backend berkeley
 %define version_22 2.2.29
-%define version_23 2.3.16
+%define version_23 2.3.19
 %define evolution_connector_prefix %{_libdir}/evolution-openldap
 %define evolution_connector_includedir %{evolution_connector_prefix}/include
 %define evolution_connector_libdir %{evolution_connector_prefix}/%{_lib}
@@ -29,6 +29,7 @@ Source9: README.upgrading
 Source10: http://www.OpenLDAP.org/doc/admin/guide.html
 Source11: nptl-abi-note.S
 Source12: README.evolution
+
 # Patches that are still valid for 2.3
 Patch0: openldap-2.3.11-config.patch
 Patch1: openldap-1.2.11-cldap.patch
@@ -37,13 +38,17 @@ Patch3: openldap-2.2.13-setugid.patch
 Patch4: openldap-2.2.13-pie.patch
 Patch5: openldap-2.3.11-toollinks.patch
 Patch6: openldap-2.3.11-nosql.patch
-Patch7: openldap-2.3.11-ads.patch
+#Patch7: openldap-2.3.19-nostrip.patch
+
 # Patches for 2.2.29 for the compat-openldap package.
 Patch100: openldap-2.2.13-tls-fix-connection-test.patch
 Patch101: openldap-2.2.23-resolv.patch
 Patch102: openldap-2.2.29-ads.patch
-# patch for the evolution library
+#Patch103: openldap-2.2.29-nostrip.patch
+
+# Patches for the evolution library
 Patch200: openldap-ntlm.diff
+
 # Patches for the MigrationTools package
 Patch300: MigrationTools-38-instdir.patch
 Patch301: MigrationTools-36-mktemp.patch
@@ -52,6 +57,7 @@ Patch303: MigrationTools-26-suffix.patch
 Patch304: MigrationTools-46-schema.patch
 Patch305: MigrationTools-45-noaliases.patch
 
+
 URL: http://www.openldap.org/
 BuildRoot: %{_tmppath}/%{name}-%{version_23}-root
 BuildPreReq: cyrus-sasl-devel >= 2.1, gdbm-devel, libtool >= 1.5.6-2, krb5-devel
@@ -157,7 +163,7 @@ pushd openldap-%{version_23}
 %patch4 -p1 -b .pie
 %patch5 -p1 -b .toollinks
 %patch6 -p1 -b .nosql
-%patch7 -p1 -b .ads
+#%patch7 -p1 -b .nostrip
 cp %{_datadir}/libtool/config.{sub,guess} build/
 popd
 
@@ -196,6 +202,7 @@ pushd openldap-%{version_22}
 %patch100 -p1 -b .resolv
 %patch101 -p1 -b .CAN-2005-2069
 %patch102 -p1 -b .ads
+#%patch103 -p1 -b .nostrip
         for subdir in build-servers build-compat ; do
                 mkdir $subdir
                 ln -s ../configure $subdir
@@ -324,7 +331,7 @@ build() {
 	--enable-modules \
 	--disable-sql \
 	\
-	--libexecdir=%{_sbindir} \
+	--libexecdir=%{_libdir} \
 	$@
 make %{_smp_mflags} LIBTOOL="$libtool"
 }
@@ -469,6 +476,8 @@ cp $RPM_SOURCE_DIR/migration-tools.txt TOOLS.migration
 
 # Create the data directory.
 mkdir -p $RPM_BUILD_ROOT/var/lib/ldap
+# Create the new run directory
+mkdir -p $RPM_BUILD_ROOT/var/run/openldap
 
 # Hack the build root out of the default config files.
 perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/*.conf
@@ -490,6 +499,12 @@ install -m644 \
 	$RPM_SOURCE_DIR/autofs.schema \
 	$RPM_BUILD_ROOT%{_sysconfdir}/openldap/schema/redhat/
 
+# Move slapd and slurpd out of _libdir
+mv $RPM_BUILD_ROOT/%{_libdir}/sl{apd,urpd} $RPM_BUILD_ROOT/%{_sbindir}/
+rm -f $RPM_BUILD_ROOT/%{_sbindir}/slap{acl,add,auth,cat,dn,index,passwd,test}
+rm -f $RPM_BUILD_ROOT/%{_libdir}/slap{acl,add,auth,cat,dn,index,passwd,test}
+for X in acl add auth cat dn index passwd test; do ln -s slapd $RPM_BUILD_ROOT/%{_sbindir}/slap$X ; done
+
 # Tweak permissions on the libraries to make sure they're correct.
 chmod 755 $RPM_BUILD_ROOT/%{_libdir}/lib*.so*
 chmod 644 $RPM_BUILD_ROOT/%{_libdir}/lib*.*a
@@ -499,8 +514,8 @@ rm -f $RPM_BUILD_ROOT/%{_datadir}/openldap/migration/*.{instdir,simple,schema,mk
 rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.la
 rm -f $RPM_BUILD_ROOT/%{evolution_connector_libdir}/*.so*
-rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.a
-rm -f $RPM_BUILD_ROOT/%{_sbindir}/openldap/*.so
+rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.a
+rm -f $RPM_BUILD_ROOT/%{_libdir}/openldap/*.so
 
 rm -f $RPM_BUILD_ROOT/var/openldap-data/DB_CONFIG.example
 rmdir $RPM_BUILD_ROOT/var/openldap-slurp $RPM_BUILD_ROOT/var/openldap-data
@@ -528,6 +543,12 @@ fi
 %post servers
 /sbin/ldconfig
 /sbin/chkconfig --add ldap
+# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
+# It was created by the uninstall of the previous version.
+if [ -f /var/lib/ldap/upgrade.ldif ] ; then
+	/sbin/runuser -f -m -s /bin/sh -c "/usr/sbin/slapadd" -- "ldap" < /var/lib/ldap/upgrade.ldif
+	rm /var/lib/ldap/upgrade.ldif
+fi
 exec > /dev/null 2> /dev/null
 if [ ! -f %{_sysconfdir}/pki/tls/certs/slapd.pem ] ; then
 pushd %{_sysconfdir}/pki/tls/certs
@@ -552,6 +573,17 @@ if [ "$1" = "0" ] ; then
 	/sbin/service ldap stop > /dev/null 2>&1 || :
 	/sbin/chkconfig --del ldap
 fi
+# Save an ldif of the database where the "% post servers" scriptlet can
+# restore it.  Also save the database files to a "rpmorig" directory
+# Just In Case (TM)
+if slapcat -l /dev/null > /dev/null 2>&1 ; then
+	/sbin/service ldap stop > /dev/null 2>&1 || :
+	/usr/sbin/slapcat -l /var/lib/ldap/upgrade.ldif
+	rm -fr /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
+	mkdir /var/lib/ldap/rpmorig
+	mv /var/lib/ldap/{alock,*.bdb,__db.*,log.*} /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
+	cp -f /var/lib/ldap/DB_CONFIG /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
+fi
 
 %postun servers
 /sbin/ldconfig
@@ -613,6 +645,7 @@ fi
 %attr(0755,root,root) %dir %{_datadir}/openldap/ucdata
 %attr(0644,root,root) %dir %{_datadir}/openldap/ucdata/*
 %attr(0700,ldap,ldap) %dir /var/lib/ldap
+%attr(0755,ldap,ldap) %dir /var/run/openldap
 %attr(0755,root,root) %{_libdir}/libslapd_db-*.*.so
 %ifarch %{nptl_arches}
 %ifnarch %{ix86}
@@ -627,8 +660,9 @@ fi
 %defattr(-,root,root)
 %doc openldap-%{version_23}/servers/slapd/back-sql/docs/*
 %doc openldap-%{version_23}/servers/slapd/back-sql/rdbms_depend
-%attr(0755,root,root) %{_sbindir}/openldap/back_sql.la
-%attr(0755,root,root) %{_sbindir}/openldap/back_sql*.so.*
+%attr(0755,root,root) %{_libdir}/openldap
+%attr(0755,root,root) %{_libdir}/openldap/back_sql.la
+%attr(0755,root,root) %{_libdir}/openldap/back_sql*.so.*
 
 %files clients
 %defattr(-,root,root)
@@ -650,8 +684,33 @@ fi
 %attr(0644,root,root)      %{evolution_connector_libdir}/*.a
 
 %changelog
-* Tue Jan 10 2006 Jay Fenlason <fenlason@redhat.com> 2.3.16-2
-- Upgrade to 2.3.16, which upstream will consider stable soon
+* Tue Jan 10 2006 Jay Fenlason <fenlason@redhat.com> 2.3.19-2
+- Upgrade to 2.3.19, which upstream now considers stable
+- Modify the -config.patch, ldap.init, and this spec file to put the
+  pid file and args file in an ldap-owned openldap subdirectory under
+  /var/run.
+- Move back_sql* out of %{_sbindir}/openldap , which requires
+  hand-moving slapd and slurpd to _sbindir, and recreating symlinks
+  by hand.
+- Retire openldap-2.3.11-ads.patch, which went upstream.
+- Update the ldap.init script to run slaptest as the ldap user rather
+  than as root.  This solves
+  bz#150172 Startup failure after database problem
+- Add to the servers post and preun scriptlets so that on preun, the
+  database is slapcatted to /var/lib/ldap/upgrade.ldif and the
+  database files are saved to /var/lib/ldap/rpmorig.  On post, if
+  /var/lib/ldap/upgrade.ldif exists, it is slapadded.  This means that
+  on upgrades from 2.3.16-2 to higher versions, the database files may
+  be automatically upgraded.  Unfortunatly, because of the changes to
+  the preun scriptlet, users have to do the slapcat, etc by hand when
+  upgrading to 2.3.16-2.  Also note that the /var/lib/ldap/rpmorig
+  files need to be removed by hand because automatically removing your
+  emergency fallback files is a bad idea.
+- Upgrade internal bdb to db-4.4.20.  For a clean upgrade, this will
+  require that users slapcat their databases into a temp file, move
+  /var/lib/ldap someplace safe, upgrade the openldap rpms, then
+  slapadd the temp file.
+
 
 * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
 - rebuilt
diff --git a/sources b/sources
index a0ed671..ac3510d 100644
--- a/sources
+++ b/sources
@@ -1,6 +1,6 @@
 5a9e617c1d5339d3c90c545c93e30949  autoconf-2.13.1.tar.gz
 0faee50993f7e4fe00f4b921b640b84d  automake-1.4a.tar.gz
-fcc481d52c3b80e20a328f8c0cb042bd  db-4.3.27.tar.gz
 6c4c72a1336aa45b463e738034c078d6  openldap-2.2.29.tgz
 dc80548f76d6aeba2b51b15751e08b21  MigrationTools-46.tar.gz
-adb793bea93db1a56840e5c0c7a647f2  openldap-2.3.16.tgz
+867ee197df0e4432fa00f2439e6094f6  openldap-2.3.19.tgz
+33851f01b455cca48aa601956de93c6f  db-4.4.20.tar.gz