diff options
author | Markus Ullmann <jokey@gentoo.org> | 2006-01-30 16:34:57 +0000 |
---|---|---|
committer | Markus Ullmann <jokey@gentoo.org> | 2006-01-30 16:34:57 +0000 |
commit | e7c8031bc3ce8b197768a85ab0b80feefde941d6 (patch) | |
tree | 085f7f30f5a0c5781f0527e7969ee94ad17d4e2c /net-nds | |
parent | Added ~amd64 (bug #120947). (diff) | |
download | gentoo-2-e7c8031bc3ce8b197768a85ab0b80feefde941d6.tar.gz gentoo-2-e7c8031bc3ce8b197768a85ab0b80feefde941d6.tar.bz2 gentoo-2-e7c8031bc3ce8b197768a85ab0b80feefde941d6.zip |
Version bump
(Portage version: 2.1_pre4-r1)
Diffstat (limited to 'net-nds')
-rw-r--r-- | net-nds/openldap/ChangeLog | 7 | ||||
-rw-r--r-- | net-nds/openldap/Manifest | 6 | ||||
-rw-r--r-- | net-nds/openldap/files/digest-openldap-2.3.19 | 9 | ||||
-rw-r--r-- | net-nds/openldap/openldap-2.3.19.ebuild | 473 |
4 files changed, 494 insertions, 1 deletions
diff --git a/net-nds/openldap/ChangeLog b/net-nds/openldap/ChangeLog index 4075122bd3e3..ce10a3cad8f6 100644 --- a/net-nds/openldap/ChangeLog +++ b/net-nds/openldap/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-nds/openldap # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.161 2006/01/30 15:33:28 jokey Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.162 2006/01/30 16:34:57 jokey Exp $ + +*openldap-2.3.19 (30 Jan 2006) + + 30 Jan 2006; Markus Ullmann <jokey@gentoo.org> +openldap-2.3.19.ebuild: + Version bump 30 Jan 2006; Markus Ullmann <jokey@gentoo.org> metadata.xml: Added self as co-maintainer diff --git a/net-nds/openldap/Manifest b/net-nds/openldap/Manifest index a249e5e29c2c..94ef2cb115b3 100644 --- a/net-nds/openldap/Manifest +++ b/net-nds/openldap/Manifest @@ -37,6 +37,9 @@ SHA256 d20034eb3df60ad22bae0538638a41a1e570a93a8ff2a1857d15e407ac6b658a files/di MD5 45ed15fd98376da964b0fabac57a839a files/digest-openldap-2.3.18 195 RMD160 94ee0ffa96ef5fb8e2e4903645559f9a158da4ca files/digest-openldap-2.3.18 195 SHA256 e5cee751e402c17ffa84e85a9b2c771d7977f6fc643bc186e3c447e0029b87b4 files/digest-openldap-2.3.18 195 +MD5 b4512f1af83b238598f391f3078a78ed files/digest-openldap-2.3.19 723 +RMD160 7ab755cccb6e42e891f2605d9d0402b8b4c7b642 files/digest-openldap-2.3.19 723 +SHA256 8b090d314904c0c274ff47ff54db16a98243b2c6c1440ba04faa44e1ae0146c7 files/digest-openldap-2.3.19 723 MD5 c8d6f4ebeb92ef1085b1bb77d7b4db5f files/gencert.sh 3505 RMD160 9de31e9a4d4b654ac9e0f899e51a8c5049bf90bf files/gencert.sh 3505 SHA256 73f1f7f0d76132da878ae8739f4f4403bb5f17d630ffa109fe4b1645e7f073c6 files/gencert.sh 3505 @@ -127,3 +130,6 @@ SHA256 0832e6c53a19cdcfe3ce0944aa924b7636858efdf0f85350c1eda614b7ad9dc6 openldap MD5 a9ad1dec248a064a5810d679284c045f openldap-2.3.18.ebuild 17220 RMD160 4ed4984580d91ba4f4830994033f57a299ac524b openldap-2.3.18.ebuild 17220 SHA256 955b82207ed2510060f9581fc6dc9ac1c6f8b4439b10f1ea4c5de11b722a9de3 openldap-2.3.18.ebuild 17220 +MD5 a9ad1dec248a064a5810d679284c045f openldap-2.3.19.ebuild 17220 +RMD160 4ed4984580d91ba4f4830994033f57a299ac524b openldap-2.3.19.ebuild 17220 +SHA256 955b82207ed2510060f9581fc6dc9ac1c6f8b4439b10f1ea4c5de11b722a9de3 openldap-2.3.19.ebuild 17220 diff --git a/net-nds/openldap/files/digest-openldap-2.3.19 b/net-nds/openldap/files/digest-openldap-2.3.19 new file mode 100644 index 000000000000..4a3b7f25961e --- /dev/null +++ b/net-nds/openldap/files/digest-openldap-2.3.19 @@ -0,0 +1,9 @@ +MD5 e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz 2044673 +RMD160 431aa798c6197530c17611b931f0169d7a53e831 openldap-2.1.30.tgz 2044673 +SHA256 7fcefd45dfc82038cf0875e36b86a67d3af44b6a734e0127bae9ff2582ae8b25 openldap-2.1.30.tgz 2044673 +MD5 b51db7328430b9cbe527696da726f1fb openldap-2.2.28.tgz 2630427 +RMD160 ca3f5aff42e6afc6b7c0a62beb8c13d4ff43d44c openldap-2.2.28.tgz 2630427 +SHA256 05c75b719305578dec799f05eaddae6b77eb51857abc6284e47b6abc4317dfba openldap-2.2.28.tgz 2630427 +MD5 867ee197df0e4432fa00f2439e6094f6 openldap-2.3.19.tgz 3709244 +RMD160 46680874f6230465bd9562a3e9e78525a7140baf openldap-2.3.19.tgz 3709244 +SHA256 cb58e741e6bdaed953af67cac726943436138fbe90b98c665557e77430f64cc3 openldap-2.3.19.tgz 3709244 diff --git a/net-nds/openldap/openldap-2.3.19.ebuild b/net-nds/openldap/openldap-2.3.19.ebuild new file mode 100644 index 000000000000..1d1b0251f91d --- /dev/null +++ b/net-nds/openldap/openldap-2.3.19.ebuild @@ -0,0 +1,473 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.3.19.ebuild,v 1.1 2006/01/30 16:34:57 jokey Exp $ + +inherit flag-o-matic toolchain-funcs eutils multilib + +COMPAT21_PV="2.1.30" +COMPAT21_P="${PN}-${COMPAT21_PV}" +COMPAT21_S="${WORKDIR}/${COMPAT21_P}" + +COMPAT22_PV="2.2.28" +COMPAT22_P="${PN}-${COMPAT22_PV}" +COMPAT22_S="${WORKDIR}/${COMPAT22_P}" + +DESCRIPTION="LDAP suite of application and development tools" +HOMEPAGE="http://www.OpenLDAP.org/" +SRC_URI="mirror://openldap/openldap-release/${P}.tgz + mirror://openldap/openldap-release/${COMPAT21_P}.tgz + mirror://openldap/openldap-release/${COMPAT22_P}.tgz" + +LICENSE="OPENLDAP" +SLOT="0" +KEYWORDS="~x86 ~amd64" +IUSE="berkdb crypt debug gdbm ipv6 kerberos minimal odbc perl readline samba + sasl selinux slp ssl tcpd" + +RDEPEND=">=sys-libs/ncurses-5.1 + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + ssl? ( >=dev-libs/openssl-0.9.6 ) + readline? ( >=sys-libs/readline-4.1 ) + sasl? ( >=dev-libs/cyrus-sasl-2.1.7-r3 ) + odbc? ( dev-db/unixODBC ) + slp? ( >=net-libs/openslp-1.0 ) + perl? ( >=dev-lang/perl-5.6 ) + samba? ( >=dev-libs/openssl-0.9.6 ) + selinux? ( sec-policy/selinux-openldap ) + kerberos? ( virtual/krb5 )" + +# note that the 'samba' USE flag pulling in OpenSSL is NOT an error. OpenLDAP +# uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like +# mine at work)! +# Robin H. Johnson <robbat2@gentoo.org> March 8, 2004 + +# if USE=berkdb +# pull in sys-libs/db +# else if USE=gdbm +# pull in sys-libs/gdbm +# else +# pull in sys-libs/db +RDEPEND_BERKDB=">=sys-libs/db-4.2.52_p2-r1" +RDEPEND_GDBM=">=sys-libs/gdbm-1.8.0" +RDEPEND="${RDEPEND} + berkdb? ( ${RDEPEND_BERKDB} ) + !berkdb? ( + gdbm? ( ${RDEPEND_GDBM} ) + !gdbm? ( ${RDEPEND_BERKDB} ) + )" + +DEPEND="${RDEPEND} + >=sys-devel/libtool-1.5.18-r1 + >=sys-apps/sed-4" + +# for tracking versions +OPENLDAP_VERSIONTAG="/var/lib/openldap-data/.version-tag" + +openldap_upgrade_warning() { + ewarn "If you are upgrading from OpenLDAP-2.1 or 2.2, and run slapd on this" + ewarn "machine please see the ebuild for upgrade instructions, otherwise" + ewarn "you may corrupt your database!" + echo + ewarn "Part of the configuration file syntax has changed in 2.3:" + ewarn "'access to attribute=' is now 'access to attrs='" + echo + ewarn "The libraries of 2.1 and 2.2 are provided but please" + ewarn "consider updating your applications to only use 2.3" + ewarn "as the backwards compatible libraries will be removed in future." + ewarn "Do rebuild your applications against the new libraries do:" + ewarn "# revdep-rebuild --soname liblber.so.2" + ewarn "# revdep-rebuild --soname libldap.so.2" + ewarn "# revdep-rebuild --soname libldap_r.so.2" + echo + ewarn "Note that there are substantial changes to how openldap functions" + ewarn "in 2.3, if you are using bdb as a backend. You should issue the" + ewarn "following commands in order to get openldap to run:" + ewarn "mkdir /etc/openldap" + ewarn "slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d" + ewarn "chown -R ldap:ldap /etc/openldap/slapd.d" + ewarn "Make sure that '-F /etc/openldap/slapd.d' is included in the" + ewarn "/etc/conf.d/slapd configuration file. While it is possible to" + ewarn "skip the slaptest line above, it is inadvisable to do so as by" + ewarn "using slaptest you are able to resolve any configuration syntax" + ewarn "changes that might be present, however, if you are sure that" + ewarn "your syntax will work for 2.3 then you may simply create the" + ewarn "directory, set the permissions and ensure that the" + ewarn "/etc/conf.d/slapd has the extra information in it and" + ewarn "openldap will automatically create the new directory structure" + ewarn "and populate it with data." + echo +} + +pkg_setup() { + # grab lines + openldap_datadirs="" + if [ -f ${ROOT}/etc/openldap/slapd.conf ]; then + openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)" + fi + datafiles="" + for d in $openldap_datadirs; do + datafiles="${datafiles} $(ls $d/*db* 2>/dev/null)" + done + # remove extra spaces + datafiles="$(echo ${datafiles// })" + # TODO: read OPENLDAP_VERSIONTAG instead in future + if has_version '<net-nds/openldap-2.3' && [ -n "$datafiles" ]; then + eerror "A possible old installation of OpenLDAP was detected" + eerror "As major version upgrades to 2.3 from lower versions can corrupt your" + eerror "database, you need to dump your database and re-create it afterwards." + eerror "" + d="$(date -u +%s)" + l="/root/ldapdump.${d}" + i="${l}.raw" + eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop" + eerror " 2. slapcat -l ${i}" + eerror " 3. egrep -v '^entryCSN:' <${i} >${l}" + eerror " 4. emerge unmerge '<=net-nds/openldap-2.2*'" + eerror " 5. mv /var/lib/openldap-data/ /var/lib/openldap-data.old/" + eerror " 6. emerge '>=net-nds/openldap-2.3'" + eerror " 7. etc-update, and ensure that you apply the changes" + eerror " 8. slapadd -l ${l}" + eerror " 9. chown ldap:ldap /var/lib/openldap-data/*" + eerror "10. /etc/init.d/slapd start" + eerror "11. check that your data is intact." + eerror "12. set up the new replication system." + eerror "" + eerror "This install will not proceed until your old data directory" + eerror "is at least moved out of the way." + die "Warning direct upgrade unsafe!" + fi + openldap_upgrade_warning + if use perl && built_with_use dev-lang/perl minimal ; then + die "You must have a complete (USE='-minimal') Perl install to use the perl backend!" + fi +} + +pkg_preinst() { + openldap_upgrade_warning + enewgroup ldap 439 + enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap +} + +src_unpack() { + unpack ${A} + + # According to MDK, the link order needs to be changed so that + # on systems w/ MD5 passwords the system crypt library is used + # (the net result is that "passwd" can be used to change ldap passwords w/ + # proper pam support) + sed -i -e 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \ + ${S}/servers/slapd/Makefile.in + + # Fixes for 2.3 + einfo "Applying patches for 2.3" + + # supersedes old fix for bug #31202 + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.14-perlthreadsfix.patch + + # ximian connector 1.4.7 ntlm patch + EPATCH_OPTS="-p0 -d ${S}" epatch ${FILESDIR}/${PN}-2.2.6-ntlm.patch + + # fixes for 2.2 + einfo "Applying patches for 2.2 compat lib" + + # Fix up DB-4.0 linking problem + # remember to autoconf! this expands configure by 500 lines (4 lines to m4 + # stuff). + EPATCH_OPTS="-p1 -d ${COMPAT22_S}" epatch ${FILESDIR}/${PN}-2.2.14-db40.patch + + # supersedes old fix for bug #31202 + EPATCH_OPTS="-p1 -d ${COMPAT22_S}" epatch ${FILESDIR}/${PN}-2.2.14-perlthreadsfix.patch + + # ximian connector 1.4.7 ntlm patch + EPATCH_OPTS="-p0 -d ${COMPAT22_S}" epatch ${FILESDIR}/${PN}-2.2.6-ntlm.patch + + # make autoconf-archive compatible + EPATCH_OPTS="-p0 -d ${COMPAT22_S}" epatch ${FILESDIR}/${PN}-2.2.28-autoconf-archived-fix.patch + + # make autoconf-archive compatible + EPATCH_OPTS="-p0 -d ${COMPAT22_S}" epatch ${FILESDIR}/${PN}-2.2.28-r1-configure.in-rpath.patch + + # fixes for 2.1 + einfo "Applying patches for 2.1 compat lib" + + # Fix up DB-4.0 linking problem + # remember to autoconf! this expands configure by 500 lines (4 lines to m4 + # stuff). + EPATCH_OPTS="-p1 -d ${COMPAT21_S}" epatch ${FILESDIR}/${PN}-2.1.30-db40.patch + EPATCH_OPTS="-p1 -d ${COMPAT21_S}" epatch ${FILESDIR}/${PN}-2.1.30-tls-activedirectory-hang-fix.patch + + # Security bug #96767 + # http://bugzilla.padl.com/show_bug.cgi?id=210 + EPATCH_OPTS="-p1 -d ${COMPAT21_S}" epatch ${FILESDIR}/${PN}-2.2.26-tls-fix-connection-test.patch + + # make files ready for new autoconf + EPATCH_OPTS="-p0 -d ${COMPAT21_S}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf25.patch + + # make autoconf-archive compatible + EPATCH_OPTS="-p0 -d ${COMPAT21_S}" epatch ${FILESDIR}/${PN}-2.1.30-autoconf-archived-fix.patch + + # fix AC calls bug #114544 + EPATCH_OPTS="-p0 -d ${COMPAT21_S}/build" epatch ${FILESDIR}/${PN}-2.1.30-m4_underquoted.patch + + # supersedes old fix for bug #31202 + EPATCH_OPTS="-p0 -d ${COMPAT21_S}" epatch ${FILESDIR}/${PN}-2.1.27-perlthreadsfix.patch + + export WANT_AUTOMAKE="1.9" + export WANT_AUTOCONF="2.5" + + # reconf compat for RPATH solve (bug #105380) + for each in ${COMPAT21_P} ${COMPAT22_P} + do + LOCAL_S=${WORKDIR}/${each} + + # ensure correct SLAPI path by default + sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \ + ${LOCAL_S}/include/ldap_defaults.h + + cd ${LOCAL_S} + einfo "Running libtoolize on ${each}" + libtoolize --copy --force --automake + einfo "Running aclocal on ${each}" + aclocal || die "aclocal failed" + + # apply RPATH patch + EPATCH_OPTS="-p0 -d ${LOCAL_S}" epatch ${FILESDIR}/${PN}-2.1.30-rpath.patch + + einfo "Running autoconf on ${each}" + autoconf || die "autoconf failed" + done +} + +src_compile() { + local myconf + + # HDB is only available with BerkDB + myconf_berkdb='--enable-bdb --enable-ldbm-api=berkeley --enable-hdb=mod' + myconf_gdbm='--disable-bdb --enable-ldbm-api=gdbm --disable-hdb' + + use debug && myconf="${myconf} --enable-debug" # there is no disable-debug + + # enable slapd/slurpd servers if not doing a minimal build + # slurpd is deprecated by syncrepl in 2.3 + if ! use minimal; then + myconf="${myconf} --enable-slapd --enable-slurpd" + # base backend stuff + myconf="${myconf} --enable-ldbm" + if use berkdb; then + einfo "Using Berkeley DB for local backend" + myconf="${myconf} ${myconf_berkdb}" + elif use gdbm; then + einfo "Using GDBM for local backend" + myconf="${myconf} ${myconf_gdbm}" + else + ewarn "Neither gdbm or berkdb USE flags present, falling back to" + ewarn "Berkeley DB for local backend" + myconf="${myconf} ${myconf_berkdb}" + fi + # extra backend stuff + myconf="${myconf} --enable-passwd=mod --enable-phonetic=mod" + myconf="${myconf} --enable-dnssrv=mod --enable-ldap" + myconf="${myconf} --enable-meta=mod --enable-monitor=mod" + myconf="${myconf} --enable-null=mod --enable-shell=mod" + myconf="${myconf} `use_enable perl perl mod`" + myconf="${myconf} `use_enable odbc sql mod`" + # slapd options + myconf="${myconf} `use_enable crypt` `use_enable slp`" + myconf="${myconf} --enable-rewrite --enable-rlookups" + myconf="${myconf} --enable-aci --enable-modules" + myconf="${myconf} --enable-cleartext --enable-slapi" + myconf="${myconf} `use_with samba lmpasswd`" + # disabled options: + # --with-bdb-module=dynamic + # alas, for BSD only: + # --with-fetch + # slapd overlay options + myconf="${myconf} --enable-dyngroup --enable-proxycache" + else + myconf="${myconf} --disable-slapd --disable-slurpd" + myconf="${myconf} --disable-bdb --disable-monitor" + # repeat? - is there a reason for this? + #myconf="${myconf} --disable-slurpd" + fi + # basic functionality stuff + myconf="${myconf} --enable-syslog --enable-dynamic" + myconf="${myconf} --enable-local --enable-proctitle" + + myconf="${myconf} `use_enable ipv6` `use_enable readline`" + myconf="${myconf} `use_with sasl cyrus-sasl` `use_enable sasl spasswd`" + myconf="${myconf} `use_enable tcpd wrappers` `use_with ssl tls`" + + if [ $(get_libdir) != "lib" ] ; then + append-ldflags -L/usr/$(get_libdir) + fi + + econf \ + --enable-static \ + --enable-shared \ + --libexecdir=/usr/$(get_libdir)/openldap \ + ${myconf} || die "configure failed" + + make depend || die "make depend failed" + make || die "make failed" + + # special kerberos stuff + tc-export CC + if ! use minimal && use kerberos ; then + cd ${S}/contrib/slapd-modules/passwd/ && \ + ${CC} -shared -I../../../include ${CFLAGS} -fPIC \ + -DHAVE_KRB5 -o pw-kerberos.so kerberos.c || \ + die "failed to compile kerberos module" + fi + + # now build old compat libs + for each in ${COMPAT21_P} ${COMPAT22_P} + do + LOCAL_S=${WORKDIR}/${each} + cd ${LOCAL_S} && \ + econf \ + --disable-static --enable-shared \ + --libexecdir=/usr/$(get_libdir)/openldap \ + --disable-slapd --disable-aci --disable-cleartext --disable-crypt \ + --disable-lmpasswd --disable-spasswd --enable-modules \ + --disable-phonetic --disable-rewrite --disable-rlookups --disable-slp \ + --disable-wrappers --disable-bdb --disable-dnssrv --disable-ldap \ + --disable-ldbm --disable-meta --disable-monitor --disable-null \ + --disable-passwd --disable-perl --disable-shell --disable-sql \ + --disable-slurpd || die "configure for ${each} failed" + make depend || die "make depend on ${each} failed" + cd ${LOCAL_S}/libraries/liblber && make liblber.la || die "make for ${each} liblber.la failed" + cd ${LOCAL_S}/libraries/libldap && make libldap.la || die "make for ${each}libldap.la failed" + cd ${LOCAL_S}/libraries/libldap_r && make libldap_r.la || die "make for ${each} libldap_r.la failed" + done +} + +src_test() { + einfo "Doing tests" + cd tests ; make tests || die "make tests failed" +} + +src_install() { + make DESTDIR=${D} install || die "make install failed" + + dodoc ANNOUNCEMENT CHANGES COPYRIGHT README LICENSE + docinto rfc ; dodoc doc/rfc/*.txt + + # openldap modules go here + # TODO: write some code to populate slapd.conf with moduleload statements + keepdir /usr/$(get_libdir)/openldap/openldap/ + + # make state directories + for x in data slurp ldbm; do + keepdir /var/lib/openldap-${x} + fowners ldap:ldap /var/lib/openldap-${x} + fperms 0700 /var/lib/openldap-${x} + done + + + echo "OLDPF='${PF}'" >${D}${OPENLDAP_VERSIONTAG} + echo "# do NOT delete this. it is used" >>${D}${OPENLDAP_VERSIONTAG} + echo "# to track versions for upgrading." >>${D}${OPENLDAP_VERSIONTAG} + + # manually remove /var/tmp references in .la + # because it is packaged with an ancient libtool + for x in ${D}/usr/$(get_libdir)/lib*.la; do + sed -i -e "s:-L${S}[/]*libraries::" ${x} + done + + # change slapd.pid location in configuration file + keepdir /var/run/openldap + fowners ldap:ldap /var/run/openldap + fperms 0755 /var/run/openldap + + if ! use minimal; then + # config modifications + for f in /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default; do + sed -e "s:/var/lib/run/slapd.:/var/run/openldap/slapd.:" -i ${D}/${f} + sed -e "/database\tbdb$/acheckpoint 32 30 # <kbyte> <min>" -i ${D}/${f} + fowners root:ldap ${f} + fperms 0640 ${f} + done + # install our own init scripts + exeinto /etc/init.d + newexe ${FILESDIR}/2.0/slapd slapd + newexe ${FILESDIR}/2.0/slurpd slurpd + if [ $(get_libdir) != lib ]; then + sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i ${D}/etc/init.d/{slapd,slurpd} + fi + insinto /etc/conf.d + newins ${FILESDIR}/2.0/slapd.conf slapd + if use kerberos && [ -f ${S}/contrib/slapd-modules/passwd/pw-kerberos.so ]; then + insinto /usr/$(get_libdir)/openldap/openldap + doins ${S}/contrib/slapd-modules/passwd/pw-kerberos.so || \ + die "failed to install kerberos passwd module" + fi + fi + + # install MDK's ssl cert script + if use ssl || use samba; then + dodir /etc/openldap/ssl + exeinto /etc/openldap/ssl + #newexe ${FILESDIR}/gencert.sh-2.2.27 gencert.sh + doexe ${FILESDIR}/gencert.sh + fi + + if ! use nocompat; then + dolib.so ${COMPAT21_S}/libraries/liblber/.libs/liblber.so.2.0.130 || \ + die "failed to install 2.1 liblber" + dolib.so ${COMPAT21_S}/libraries/libldap/.libs/libldap.so.2.0.130 || \ + die "failed to install 2.1 libldap" + dolib.so ${COMPAT21_S}/libraries/libldap_r/.libs/libldap_r.so.2.0.130 || \ + die "failed to install 2.1 libldap_r" + + dolib.so ${COMPAT22_S}/libraries/liblber/.libs/liblber-2.2.so.7.0.21 || \ + die "failed to install 2.1 liblber" + dosym liblber-2.2.so.7.0.21 /usr/$(get_libdir)/liblber-2.2.so.7 + dolib.so ${COMPAT22_S}/libraries/libldap/.libs/libldap-2.2.so.7.0.21 || \ + die "failed to install 2.1 libldap" + dosym libldap-2.2.so.7.0.21 /usr/$(get_libdir)/libldap-2.2.so.7 + dolib.so ${COMPAT22_S}/libraries/libldap_r/.libs/libldap_r-2.2.so.7.0.21 || \ + die "failed to install 2.1 libldap_r" + dosym libldap_r-2.2.so.7.0.21 /usr/$(get_libdir)/libldap_r-2.2.so.7 + fi +} + +pkg_postinst() { + if use ssl; then + # make a self-signed ssl cert (if there isn't one there already) + if [ ! -e /etc/openldap/ssl/ldap.pem ] + then + cd /etc/openldap/ssl + yes "" | sh gencert.sh + chmod 640 ldap.pem + chown root:ldap ldap.pem + else + einfo "An LDAP cert already appears to exist, no creating" + fi + fi + + # Since moving to running openldap as user ldap there are some + # permissions problems with directories and files. + # Let's make sure these permissions are correct. + chown ldap:ldap /var/run/openldap + chmod 0755 /var/run/openldap + chown root:ldap /etc/openldap/slapd.conf{,.default} + chmod 0640 /etc/openldap/slapd.conf{,.default} + + if use ssl; then + ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" + ewarn "add 'TLS_REQCERT never' if you want to use them." + fi + ewarn "See Berkeley Database tuning options for OpenLDAP at http://www.openldap.org/faq/data/cache/1072.html" + + einfo "Please note there is an example BDB configuration file in" + einfo "/etc/openldap and /var/lib/openldap-data. Review these config" + einfo "files for possible performance enhancements." + einfo + openldap_upgrade_warning + + # Reference inclusion bug #77330 + echo + einfo "Getting started using OpenLDAP? There is some documentation available:" + einfo "Gentoo Guide to OpenLDAP Authentication" + einfo "(http://www.gentoo.org/doc/en/ldap-howto.xml)" +} |