diff options
145 files changed, 23776 insertions, 0 deletions
diff --git a/debian/DB_CONFIG b/debian/DB_CONFIG new file mode 100644 index 0000000..302dcfa --- /dev/null +++ b/debian/DB_CONFIG @@ -0,0 +1,78 @@ +# WARNING: Before tuning the following parameters, _PLEASE READ_ +# /usr/share/doc/slapd/README.DB_CONFIG.gz + +# Set the database in memory cache size. +# +# set_cachesize <gbytes> <bytes> <ncache> +# Sets the database in memory cache size. +# Database entries and indexes will be stored in this cache to +# avoid disk access during database read and write operations. +# Tuning this value can greatly effect your database performance. +# The parameters are: +# <gbytes>: The number of gigabytes of memory to allocate to the cache. +# <bytes>: The number of bytes of memory to allocate to the cache. +# <ncache>: The number of cache segments to use. If this value is set to +# 0 or 1 then Berkeley DB will try to allocate one contiguous section +# of memory for the cache. If this value is greater than 1, the cache +# will be split into that number of segments. +#set_cachesize 0 52428800 0 + +# For the Debian package we use 2MB as default but be sure to update this +# value if you have plenty of RAM +set_cachesize 0 2097152 0 + +# Sets the database startup flags. +# +# set_flags <flag> +# There are various flag options that may be set. The DB_TXN_NOSYNC flag +# tells the database not to immediately flush transaction buffers to disk. +# Setting this flag can help speed up database access during periods of +# database write activity BUT at expense of data safety. Enable it only +# to load data with slapadd, while slapd is not running. +#set_flags DB_TXN_NOSYNC + + +# Set the maximum in memory cache in <bytes> for database file name caching. +# +# set_lg_regionmax <bytes> +# This value should be increased as the number of database files increases +# (tables and indexes). +#set_lg_regionmax 1048576 + +# Set the maximum size of log files in <bytes>. +# +# set_lg_max <bytes> +# Logs will be rotated when <bytes> amount of data have been written to +# one log file. This value should be at least four times the size of +# set_lg_bsize. +#set_lg_max 10485760 + +# Set the in memory cache for log information. +# +# set_lg_bsize <bytes> +# When <bytes> amount of logging information have been written to this +# cache it will be flushed to disk. +#set_lg_bsize 2097152 +# For the Debian package we use 512kByte which should suffice for typical +# directory usage (read often, write seldom) +set_lg_bsize 524288 + +# Set the log file directory to <directory>. +# +# set_lg_dir /usr/local/var/openldap-logs +# Log files should preferably be on a different disk than the +# database files. This both improves reliability (for disastrous +# recovery) and speed of the database. +#set_lg_dir <directory> + + +# Sven Hartge reported that he had to set this value incredibly high +# to get slapd running at all. See http://bugs.debian.org/303057 +# for more information. + +# Number of objects that can be locked at the same time. +set_lk_max_objects 5000 +# Number of locks (both requested and granted) +set_lk_max_locks 5000 +# Number of lockers +set_lk_max_lockers 5000 diff --git a/debian/README.DB_CONFIG b/debian/README.DB_CONFIG new file mode 100644 index 0000000..f8ee5f1 --- /dev/null +++ b/debian/README.DB_CONFIG @@ -0,0 +1,187 @@ +For good performance using the BDB backend, a good DB_CONFIG file in the +database directory (usually /var/lib/ldap) is crucial. The following two +articles should help you to determine a good configuration for your +requirements. A standard DB_CONFIG is installed but it may not be adequate +for your system. + +The current version of OpenLDAP supports putting DB_CONFIG parameters into +slapd.conf instead by prefixing those options with dbconfig. See the +slapd-bdb(5) man page for more information. If there is no DB_CONFIG file +when slapd starts and there are dbconfig lines in slapd.conf, slapd will +write out a DB_CONFIG file with those settings before initializing the +database. + +With the current version of OpenLDAP, any changes to DB_CONFIG will take +effect automatically after restarting slapd. Running db_recover is no +longer required. + + -- Torsten Landschoff <torsten@debian.org> Sun, 29 May 2005 18:08:10 +0200 + Russ Allbery <rra@debian.org> Fri, 01 Jun 2007 23:57:33 -0700 + +How do I configure the BDB backend? +----------------------------------- +(Taken from http://www.openldap.org/faq/data/cache/893.html, author unknown) + +The BDB backend ("back-bdb") uses a lot of special features of Sleepycat's +Berkeley DB library, and there are a lot of details that must be set correctly +to get the best results from it. Even though the LDBM backend ("back-ldbm") can +use the BerkeleyDB library, the BDB and LDBM backends have some very important +differences, as already noted in (Xref) What are the different backends? What +are their differences?. + +Because back-bdb is transaction-based and uses write-ahead logging to ensure +data consistency, it has much heavier I/O demands than back-ldbm. Also, the +transaction log files accumulate as data is written to the directory, and these +log files must be cleaned out periodically. Otherwise the log files will +consume enormous amounts of disk space. The cleanup procedures are described in +(Xref) How to maintain Berkeley DB (logs etc.) ?. + +The information needed to fully understand things and to properly configure +back-bdb is divided among the slapd-bdb(5) manual page and the SleepyCat +BerkeleyDB documentation (http://www.sleepycat.com/docs/). + +You should read the entire slapd-bdb(5) manpage before proceeding. The only +mandatory keyword is "directory" for setting the location of the database +files. The other keywords control tradeoffs between data reliability, +performance, and memory use. To ensure that committed transactions actually get +flushed to disk, you should use the "checkpoint" keyword, otherwise your data +is vulnerable to loss due to system failures. See the SleepyCat documentation +for more information about checkpoints. (In fact, you should read all of +chapter 9 "Berkeley DB Transactional Data Store Applications" in the SleepyCat +reference manual. At least, read sections 1-3 and 13-24.) + +The "dbnosync" keyword is provided for compatibility with back-ldbm; the +preferred method of setting this is to use the BDB DB_CONFIG file option +set_flags DB_TXN_NOSYNC. The "lockdetect" keyword is also deprecated, you +should instead use the BDB DB_CONFIG file set_lk_detect keyword. (It's safe to +leave this at the default setting.) + +A number of important items must be configured in the BDB DB_CONFIG file and +not in slapd.conf. You should, at least, read about these items: + +set_cachesize + The BDB library maintains its own cache separate from the back-bdb entry + cache. You must set this cache to a size appropriate for your database and + physical memory size. Note that this is a persistent setting - after you + set it the first time, further changes will be ignored until you recreate + the environment using db_recover. +set_lg_dir + Set the directory for storing transaction logs. For best performance, + the transaction logs must be located on a different physical disk from + the database files. +set_lg_bsize + Set the buffer size for the transaction log. Larger is better, but it + doesn't have much effect unless you're also using the DB_TXN_NOSYNC + option. With a default log file size of 10MB I usually set this to 2MB. + The default is only 32K, which is too small for back-bdb. + +On a very busy system you might see error messages talking about running out of +locks, lockers, or lock objects. Usually the default values are plenty, and in +older versions of the BDB library the errors were more likely due to library +bugs than actual system load. However, it is possible that you have actually +run out of lock resources due to heavy system usage. If this happens, you +should read about the set_lk_max_lockers, set_lk_max_locks, and +set_lk_max_objects keywords. + +How do I determine the proper BDB/HDB database cache size? +---------------------------------------------------------- +(Taken from http://www.openldap.org/faq/data/cache/1075.html, written by +hyc@openldap.org, Kurt@OpenLDAP.org) + +Not having a proper database cache size will cause performance issues. (Note: +in older versions of Berkeley DB, an improper database case size could also +cause the server to hang.) + +These issues are not an indication of corruption occurring in the database. It +is merely the fact that the cache is thrashing itself that causes +performance/response time to slowdown. If you take the time to read and +understand the Berkeley DB documentation, measure the library performance using +db_stat, and tune your settings, you will avoid these problems. + +It is not absolutely necessary to configure a BerkeleyDB cache equal in size to +your entire database. All that you need is a cache that's large enough for your +"working set." That means, large enough to hold all of the most frequently +accessed data, plus a few less-frequently accessed items. + +You should really read the BDB documentation referenced above, but let me spell +out what that really means here, in detail. The discussion here is focused on +back-bdb and back-hdb, but most of it also applies to back-ldbm when using +BerkeleyDB as the underlying database engine. + +Start with the most obvious - the back-bdb database lives in two main files, +dn2id.bdb and id2entry.bdb. These are B-tree databases. We have never +documented the back-bdb internal layout before, because it didn't seem like +something anyone should have to worry about, nor was it necessarily cast in +stone. But here's how it works today, in OpenLDAP 2.1 and 2.2. (All of the +database files in back-ldbm are B-trees by default.) + +A B-tree is a balanced tree; it stores data in its leaf nodes and bookkeeping +data in its interior nodes. (If you don't know what tree data structures look +like in general, Google for some references, because that's getting far too +elementary for the purposes of this discussion.) + +For decent performance, you need enough cache memory to contain all the nodes +along the path from the root of the tree down to the particular data item +you're accessing. That's enough cache for a single search. For the general +case, you want enough cache to contain all the internal nodes in the database. +"db_stat -d" will tell you how many internal pages are present in a database. +You should check this number for both dn2id and id2entry. + +Also note that id2entry always uses 16KB per "page", while dn2id uses whatever +the underlying filesystem uses, typically 4 or 8KB. To avoid thrashing the +cache and triggering these infinite hang bugs in BDB 4.1.25, your cache must be +at least as large as the number of internal pages in both the dn2id and +id2entry databases, plus some extra space to accomodate the actual leaf data +pages. + +For example, in my OpenLDAP 2.2 test database, I have an input LDIF file that's +about 360MB. With the back-hdb backend this creates a dn2id.bdb that's 68MB, +and an id2entry that's 800MB. db_stat tells me that dn2id uses 4KB pages, has +433 internal pages, and 6378 leaf pages. The id2entry uses 16KB pages, has 52 +internal pages, and 45912 leaf pages. In order to efficiently retrieve any +single entry in this database, the cache should be at least + +(433+1) * 4KB + (52+1) * 16KB in size: 1736KB + 848KB =~ 2.5MB. + +This doesn't take into account other library overhead, so this is even lower +than the barest minimum. The default cache size, when nothing is configured, is +only 256KB. If you tried to do much of anything with this database and only +default settings, BDB 4.1.25 would lock up in an infinite loop. + +This 2.5MB number also doesn't take indexing into account. Each indexed +attribute uses another database file of its own, using a Hash structure. +(Again, in back-ldbm, the indexes also use B-trees by default, so this part of +the discussion doesn't apply unless back-ldbm was explicitly compiled to use +Hashes instead. Also, in OpenLDAP 2.2 onward, all of the indexes use B-trees, +there are no more Hash database files. So just use the B-tree information above +and ignore this Hash discussion.) + +Unlike the B-trees, where you only need to touch one data page to find an entry +of interest, doing an index lookup generally touches multiple keys, and the +point of a hash structure is that the keys are evenly distributed across the +data space. That means there's no convenient compact subset of the database +that you can keep in the cache to insure quick operation, you can pretty much +expect references to be scattered across the whole thing. My strategy here +would be to provide enough cache for at least 50% of all of the hash data. +(Number of hash buckets + number of overflow pages + number of duplicate pages) +* page size / 2. + +The objectClass index for my example database is 5.9MB and uses 3 hash buckets +and 656 duplicate pages. So ( 3 + 656 ) * 4KB / 2 =~ 1.3MB. + +With only this index enabled, I'd figure at least a 4MB cache for this backend. +(Of course you're using a single cache shared among all of the database files, +so the cache pages will most likely get used for something other than what you +accounted for, but this gives you a fighting chance.) + +With this 4MB cache I can slapcat this entire database on my 1.3GHz PIII in 1 +minute, 40 seconds. With the cache doubled to 8MB, it still takes the same +1:40s. Once you've got enough cache to fit the B-tree internal pages, +increasing it further won't have any effect until the cache really is large +enough to hold 100% of the data pages. I don't have enough free RAM to hold all +the 800MB id2entry data, so 4MB is good enough. + +With back-bdb and back-hdb you can use "db_stat -m" to check how well the +database cache is performing. Unfortunately you can't do this with back-ldbm, +as the statistics are not accessible when slapd is running, nor are they saved +anywhere when slapd is stopped. (Yet another reason not to use back-ldbm.) diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..768674c --- /dev/null +++ b/debian/TODO @@ -0,0 +1,32 @@ +openldap2.2 (2.2.23-4) unstable; urgency=low + + * debian/slapd.NEWS: Summarize the upstream changes and make clear that + the upgrade may be problemated. Sketch the upgrade procedure. + * debian/README.Debian: Explain what to check for if upgrading fails and + how to recover. + * CARLO: debian/slapd.scripts-common: Handle all UTF-8 supported characters + in organization field by converting the locale specific input into + utf-8 and base64 encoding the result (closes: #236097). + * Maintainer scripts: Handle the configuration to enable ldif dumping + correctly: Dump if requested and only slapadd the data if it is + supposed to be there. + * Check ITS#3267 (possible data loss) and apply the patch to the + package. + * CARLO: Escape special chars in the names of backup LDIF files using + the %xx syntax. + * Check lintian warning: Postinst uses db_input. I think the usage is + okay as it is an error message IIRC which is also output using cat + in case debconf is not available. + + -- Torsten Landschoff <torsten@debian.org> Sun, 3 Apr 2005 20:24:52 +0200 + +openldap2.2 (2.2.23-5) unstable; urgency=low + + * Refactoring of the maintainer scripts. Goals: + + No more direct access to global variables but accessor functions + to check for invalid uses. Example: Don't use $OLD_VERSION but + `get_previous_version`. That way invalid uses can easily be flagged + if that information is not available anymore. + * Remove perl script to hash a password and use slappasswd instead. + + -- Torsten Landschoff <torsten@debian.org> Sun, 3 Apr 2005 20:24:52 +0200 diff --git a/debian/USE-CASES b/debian/USE-CASES new file mode 100644 index 0000000..e073fae --- /dev/null +++ b/debian/USE-CASES @@ -0,0 +1,7 @@ +Some ideas what to check and what the desired results would be: + +- running dpkg-reconfigure with an already configured slapd + + Should either backup the database or ask before killing it. + Same for slapd.conf. Neither old configuration or old database + should be lost without the user confirming that this is what he wants. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..6b42763 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,3300 @@ +openldap (2.4.47+dfsg-3+deb10u7) buster-security; urgency=high + + * Fix SQL injection in back-sql (ITS#9815) (CVE-2022-29155) + + -- Ryan Tandy <ryan@nardis.ca> Sat, 14 May 2022 11:35:44 -0700 + +openldap (2.4.47+dfsg-3+deb10u6) buster-security; urgency=high + + * Fix slapd assertion failure in Certificate List Exact Assertion validation + (ITS#9454) (CVE-2021-27212) + + -- Ryan Tandy <ryan@nardis.ca> Sun, 14 Feb 2021 10:32:34 -0800 + +openldap (2.4.47+dfsg-3+deb10u5) buster-security; urgency=high + + * Fix slapd crashes in Certificate Exact Assertion processing + (ITS#9404, ITS#9424) (CVE-2020-36221) + * Fix slapd assertion failures in saslAuthzTo validation + (ITS#9406, ITS#9407) (CVE-2020-36222) + * Fix slapd crash in Values Return Filter control handling + (ITS#9408) (CVE-2020-36223) + * Fix slapd crashes in saslAuthzTo processing (ITS#9409, ITS#9412, ITS#9413) + (CVE-2020-36224, CVE-2020-36225, CVE-2020-36226) + * Fix slapd assertion failure in X.509 DN parsing + (ITS#9423) (CVE-2020-36230) + * Fix slapd crash in X.509 DN parsing (ITS#9425) (CVE-2020-36229) + * Fix slapd crash in Certificate List Exact Assertion processing + (ITS#9427) (CVE-2020-36228) + * Fix slapd infinite loop with Cancel operation (ITS#9428) (CVE-2020-36227) + + -- Ryan Tandy <ryan@nardis.ca> Thu, 21 Jan 2021 19:54:40 -0800 + +openldap (2.4.47+dfsg-3+deb10u4) buster-security; urgency=high + + * Fix slapd abort due to assertion failure in Certificate List syntax + validation (ITS#9383) (CVE-2020-25709) + * Fix slapd abort due to assertion failure in CSN normalization with invalid + input (ITS#9384) (CVE-2020-25710) + + -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Nov 2020 17:23:45 -0800 + +openldap (2.4.47+dfsg-3+deb10u3) buster-security; urgency=high + + * Fix slapd normalization handling with modrdn + (ITS#9370) (CVE-2020-25692) + + -- Ryan Tandy <ryan@nardis.ca> Thu, 29 Oct 2020 18:36:26 -0700 + +openldap (2.4.47+dfsg-3+deb10u2) buster-security; urgency=high + + * Fix slapd to limit depth of nested expressions in search filters + (ITS#9202) (CVE-2020-12243) + + -- Ryan Tandy <ryan@nardis.ca> Mon, 20 Apr 2020 11:19:54 -0700 + +openldap (2.4.47+dfsg-3+deb10u1) buster; urgency=medium + + * Fix slapd to restrict rootDN proxyauthz to its own databases + (CVE-2019-13057) (ITS#9038) (Closes: #932997) + * Fix slapd to enforce sasl_ssf ACL statement on every connection + (CVE-2019-13565) (ITS#9052) (Closes: #932998) + * Fix slapo-rwm to not free original filter when rewritten filter is invalid + (ITS#8964) (Closes: #934277, LP: #1838370) + + -- Ryan Tandy <ryan@nardis.ca> Sat, 10 Aug 2019 11:58:18 -0700 + +openldap (2.4.47+dfsg-3) unstable; urgency=medium + + * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS + individually in the relevant command lines instead of overriding OPT. The + change to use OPT caused FTBFS on some ports arches where PIE enablement + uses spec files, by mixing compile-time and link-time flags. + (Closes: #919136) + * Fix architecture-specific path in smbk5pwd's binary-or-shlib-defines-rpath + Lintian override. + * Skip exporting cn=config to LDIF in preinst for upgrades where nothing + needs to be checked in it. + * Update Standards-Version to 4.3.0. + + -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800 + +openldap (2.4.47+dfsg-2) unstable; urgency=medium + + * Reintroduce slapi-dev binary package. (Closes: #711469) + Thanks to Florian Schlichting. + * Do not call gnutls_global_set_mutex(). (Closes: #803197) + * Use dh_auto_* to build and install contrib modules. + - Stop patching the clean rule in smbk5pwd's Makefile. + * Explicitly list overlays and man pages installed by slapd package in + slapd.install and slapd.manpages files. + * Set common variables for contrib Makefiles by make(1) command line instead + of patching every Makefile. + * Build and install more contrib plugins in a new slapd-contrib package: + - pw-apr1 and pw-netscape (Closes: #592362) + - pw-pbkdf2 (Closes: #794999) + * Import the slapo-pw-pbkdf2 man page from upstream git master and install + it with the slapd-contrib package. + * Add smbk5pwd to slapd-contrib and turn slapd-smbk5pwd into a transitional + package. Drop smbk5pwd README since it now has a man page which is a + better resource for users. + - Use Breaks to ensure that slapd is not upgraded in between removing the + old smbk5pwd module and installing the new one. + * Include the apr1-atol.pl and apr1-lota.pl helper scripts in the + slapd-contrib package as examples. + * Merge remaining contrib Makefile patches into a single contrib-makefiles + patch. + + -- Ryan Tandy <ryan@nardis.ca> Sat, 12 Jan 2019 11:18:03 -0800 + +openldap (2.4.47+dfsg-1) unstable; urgency=medium + + * New upstream release. + - reverted GnuTLS handshake change in libldap as it regressed slapd + (Reopens: #861838) + * Update Standards-Version to 4.2.1. + + -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800 + +openldap (2.4.46+dfsg-5) unstable; urgency=medium + + * Restore slapd-smbk5pwd now that libldap is installable in unstable. + This reverts the changes from -3 and -4. + + -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 16:12:27 -0700 + +openldap (2.4.46+dfsg-4) unstable; urgency=medium + + * Disable building the smbk5pwd plugin temporarily. + + -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 08:06:58 -0700 + +openldap (2.4.46+dfsg-3) unstable; urgency=medium + + * Build without heimdal temporarily to resolve BD-Uninstallable loop. + + -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700 + +openldap (2.4.46+dfsg-2) unstable; urgency=medium + + * Remove version constraint from libldap-2.4-2 dependency on libldap-common. + + -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 14:16:49 -0700 + +openldap (2.4.46+dfsg-1) unstable; urgency=medium + + * Move the repository to Salsa. + Update debian/control Vcs-* fields. + * Remove Matthijs Möhlmann from Uploaders. (Closes: #891308) + Thank you Matthijs for your past contributions. + * New upstream release. + - fixed slapd out-of-sync issue with delta-MMR and memberof overlay + (ITS#8444) (Closes: #877166) + * Rebase patch no-AM_INIT_AUTOMAKE to apply cleanly. + * Drop patch ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN, applied + upstream. + * Really fix upgrades when the config contains backslash-escaped special + characters. The previous fix was incomplete and didn't fully fix upgrades + involving a database reload. (Closes: #864719) + * Update Standards-Version to 4.1.4. + - Change the Priority of libldap-2.4-2 and libldap-common to optional. + * Change download URL in debian/watch to https. Fixes a Lintian info. + * Override the binary-or-shlib-defines-rpath Lintian tag for slapd-smbk5pwd. + The rpath is set by krb5-config.heimdal; see bug #868840. + + -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700 + +openldap (2.4.45+dfsg-1) unstable; urgency=medium + + * New upstream release. + - fixed a use-after-free in GnuTLS options handling + (ITS#8385) (Closes: #820244) (LP: #1557248) + - fixed unsafe concurrent SASL calls causing memory corruption + (ITS#8648) (Closes: #860947) (LP: #1688575) + - fixed syncrepl infinite looping with multi-master delta-syncrepl + (ITS#8432) (Closes: #868753) + * Rebase patches to apply cleanly: + - do-not-second-guess-sonames + - no-AM_INIT_AUTOMAKE + * Drop patches applied upstream: + - ITS-8554-kFreeBSD-is-like-BSD.patch + - ITS-8644-wait-for-slapd-to-start-in-test064.patch + - ITS-8655-paged-results-double-free.patch + * Upgrade to debhelper compat level 10. + - Depend on debhelper 10. + - Stop enabling parallel and autoreconf explicitly. They are now enabled + by default. + - Drop dh-autoreconf from build-depends since debhelper requires it. + * Add -Wno-format-extra-args to CFLAGS to reduce the noise in the build + logs, as this warning is emitted on each use of the Debug() macro. + * Drop libldap-2.4-4-dbg and slapd-dbg binary packages in favour of + automatic dbgsym packages. + * Update Standards-Version to 4.0.0; no changes required. + * Drop Priority and Section from binary package stanzas when they only + duplicate information from the source stanza. + * Update Priority of slapd-smbk5pwd and libldap2-dev to optional to match + the archive. + * Remove retired developer, Roland Bauerschmidt, from Uploaders. + (Closes: #856422) + * Remove Timo Aaltonen from Uploaders, with his agreement. + * debian/patches/ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN.patch: + If gnutls_handshake() returns EAGAIN, call it again. Fixes TLS handshake + failures when the ServerHello message exceeds 16K. + (ITS#8650) (Closes: #861838) + * Drop time from Build-Depends. The upstream testsuite no longer calls it. + + -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700 + +openldap (2.4.44+dfsg-8) unstable; urgency=medium + + * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until + the underlying kernel bug #866122 is fixed. + * Fix FTBFS with Heimdal 7.2.0: Drop patch heimdal-fix as the + hdb_generate_key_set_password change was reverted in heimdal. Depend on an + appropriate minimum version of heimdal. + + -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700 + +openldap (2.4.44+dfsg-7) unstable; urgency=medium + + * Relax the dependency of libldap-2.4-2 on libldap-common to also permit + later versions. (Closes: #860774) + + -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700 + +openldap (2.4.44+dfsg-6) unstable; urgency=medium + + * Update the list of non-translatable strings for the + slapd/ppolicy_schema_needs_update template. Thanks Ferenc Wágner. + * Fix upgrade failure when olcSuffix contains a backslash. (Closes: #864719) + + -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700 + +openldap (2.4.44+dfsg-5) unstable; urgency=medium + + * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an + intermittently failing test by waiting for slapd to start before running + tests. (ITS#8644) (Closes: #770890) + * debian/patches/ITS-8655-paged-results-double-free.patch: Fix a double free + in the MDB backend on a search including the Paged Results control with a + page size of 0. (ITS#8655) (CVE-2017-9287) (Closes: #863563) + + -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700 + +openldap (2.4.44+dfsg-4) unstable; urgency=medium + + * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to + Justin B Rye for the review. + * Update Catalan debconf translation. (Closes: #851905) + Thanks to Innocent De Marchi. + * Update Czech debconf translation. (Closes: #852190) + Thanks to Miroslav Kure. + * Update Danish debconf translation. (Closes: #850859) + Thanks to Joe Dalton. + * Update German debconf translation. (Closes: #851480) + Thanks to Helge Kreutzmann. + * Update Basque debconf translation. (Closes: #850812) + Thanks to Iñaki Larrañaga Murgoitio. + * Update French debconf translation. (Closes: #852459) + Thanks to Jean-Pierre Giraud. + * Update Italian debconf translation. (Closes: #852074) + Thanks to Luca Monducci. + * Update Japanese debconf translation. (Closes: #851457) + Thanks to Kenshi Muto. + * Update Dutch debconf translation. (Closes: #852405) + Thanks to Frans Spiesschaert. + * Update Brazilian Portuguese debconf translation. (Closes: #852443) + Thanks to Adriano Rafael Gomes. + * Update Russian debconf translation. (Closes: #850833) + Thanks to Yuri Kozlov. + * Update Slovak debconf translation. (Closes: #850796) + Thanks to Ivan Masár. + * Update Swedish debconf translation. (Closes: #851168) + Thanks to Martin Bagge. + * Update Turkish debconf translation. (Closes: #851470) + Thanks to Atila KOÇ. + * Update Vietnamese debconf translation. + Thanks to Trần Ngá»c Quân. + * Update Build-Depends on debhelper to ensure shlibs files are installed at + the expected time during build. (Closes: #854158) + * Update Portuguese debconf translation. (Closes: #859943) + Thanks to Rui Branco and DebianPT. + * Dump the configuration and databases to LDIF before removing slapd, so + that they are available if a newer version requiring migration is + installed later. (Closes: #665199) + * When creating a new configuration with dpkg-reconfigure, back up the old + configuration before overwriting it. + + -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700 + +openldap (2.4.44+dfsg-3) unstable; urgency=medium + + * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394) + * Restore heimdal support to the smbk5pwd overlay. + + -- Ryan Tandy <ryan@nardis.ca> Sun, 01 Jan 2017 19:47:36 -0800 + +openldap (2.4.44+dfsg-2) unstable; urgency=medium + + [ Ryan Tandy ] + * Update Standards-Version to 3.9.8; no changes required. + * Enable dh_makeshlibs for libldap-2.4-2. Remove libldap-2.4-2.postinst, now + replaced by the automatic ldconfig trigger. + * Don't execute slapd's override_dh_install when building only + arch-independent packages. (Closes: #845506) + * Override lintian false positives on slapd.README.Debian, + slapd-smbk5pwd.postinst, and slapd-smbk5pwd triggering ldconfig. + * Perform permissions changes in override_dh_fixperms instead of in + override_dh_install. + * Remove manual chmod of schema files since dh_fixperms sets correct + permissions automatically. + * Fix slapd-smbk5pwd failing to upgrade when there are no instances of the + overlay configured. + + [ Helmut Grohne ] + * Fix FTCBFS: Pass CC to make explicitly. (Closes: #839251) + + -- Ryan Tandy <ryan@nardis.ca> Thu, 01 Dec 2016 19:40:20 -0800 + +openldap (2.4.44+dfsg-1) unstable; urgency=medium + + [ Ryan Tandy ] + * New upstream release. + - Fixed ppolicy not unlocking policy entry after initialization failure + (ITS#7537) (Closes: #702414) + * Drop ITS8240-remove-obsolete-assert.patch, included upstream. + * Update debian/schema/ppolicy.schema to add the pwdMaxRecordedFailure + attribute. + * Update libldap-2.4-2.symbols with new ldap_build_*_req symbols. + * Mark the build target in debian/rules as phony, since the upstream source + includes a build/ directory. + * Correct the list of files to be cleaned for the pw-sha2 contrib module. + * Fix a typo (slpad -> slapd) in the Catalan debconf translation. + * Disable OpenSLP support and remove libslp-dev from Build-Depends. + (Closes: #815364) + * Ensure /var/run/slapd exists when starting slapd, even if the pid file is + somewhere else. Thanks to Dave Beach for the report. (Closes: #815571) + * Create the pidfile directory when starting slapd, but not when running the + init script in other modes. + * Remove support for enabling the obsolete LDAPv2 protocol via debconf. + * debian/copyright: Update the OpenLDAP copyright and license. + * debian/control: Update VCS URIs to the modern canonical form. + * Override Lintian errors about schema files derived from RFC documents. + Copyrightable content has been removed from these files; however, the + copyright notices have been retained to preserve attribution. + * On upgrade, if the cn=config database contains the ppolicy schema, add the + new pwdMaxRecordedFailure attribute to it. + * Add debian/patches/set-maintainer-name to omit the builder's username and + working directory from version strings and thereby make the build + reproducible. Thanks to Daniel Shahaf for the patch. (Closes: #833179) + * Build smbk5pwd without Kerberos support and drop the build-dependency on + heimdal. (Closes: #836885) + * On upgrade, comment the krb5 setting on any instances of the smbk5pwd + overlay in slapd.conf. Require cn=config users to disable krb5 manually + before upgrading. + + [ Helmut Grohne ] + * Fix policy 8.2 violation (Closes: #330695) + + Move /etc/ldap/ldap.conf and manpage to new package libldap-common. + + -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800 + +openldap (2.4.42+dfsg-2) unstable; urgency=medium + + [ Ryan Tandy ] + * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as + recommended by lintian. + * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile. + This allows the dependency loop with heimdal to be broken for + bootstrapping, and the dependency on libperl-dev to be avoided for + cross-building. Thanks Daniel Schepler and Helmut Grohne. + (Closes: #724518) + * Apply wrap-and-sort to the Build-Depends field. + * Drop libncurses5-dev from Build-Depends, no longer needed since the ud + tool was removed in OpenLDAP 2.1.4. + * Drop libltdl3-dev as an alternate Build-Depends, since that package was + removed after lenny. + * Annotate Build-Depends on perl with :any to allow running the system perl + interpreter during cross builds. + * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne. + * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for + restriction formula support. + * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is + actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a + false positive; see #687022. + * Include the smbk5pwd man page in the slapd-smbk5pwd package. + * Allow anonymous read access to the shadowLastChange attribute by default, + allowing nss-ldap/nss-ldapd to handle password expiry correctly even when + bound anonymously. This was the only restricted shadow attribute, the + others were already world-readable. (Closes: #669235) + * Drop the redundant default ACL for dn.base="" from the database entry. + It's already covered by the fallback case below. + * Copy more comments from the slapd.conf template to slapd.init.ldif. Also + comment the shadowLastChange access rule. + * Import upstream patch to remove an unnecessary assert(0) that could be + triggered remotely by an unauthenticated user by sending a malformed BER + element. (ITS#8240) (CVE-2015-6908) (Closes: #798622) + + [ Peter Marschall ] + * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to + install the new manual page. (Closes: #794998) + + -- Ryan Tandy <ryan@nardis.ca> Thu, 10 Sep 2015 20:13:17 -0700 + +openldap (2.4.42+dfsg-1) unstable; urgency=medium + + [ Peter Marschall ] + * slapd.scripts-common: + - Use update_permissions instead of direct calls to chown and chgrp. + - Make variables only used within a function local to that function. + - Restore databases ordered by increasing suffix path length. + This should help configurations with databases glued together using the + 'subordinate' keyword / 'olcSubordinate' attribute in slapd's + configuration. + (Closes: #794996) + * Install slapo-lastbind.5 man page. (Closes: #794997) + + [ Ryan Tandy ] + * slapd.scripts-common: Delete an outdated comment. + * New upstream release. + * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library + provides all the required interfaces, and the test suite now passes. + Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have + not yet been implemented. + * Disable the BDB/HDB backends on the Hurd. BDB requires record locks + (F_SETLK), which have not yet been implemented; see #693971. + + -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700 + +openldap (2.4.41+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Update patches for upstream changes, drop patches included upstream. + * debian/rules: Adjust get-orig-source target to add +dfsg to version. + * Convert to source format 3.0 (quilt). + * debian/slapd.scripts-common: Fix nesting of fold markers. + + -- Ryan Tandy <ryan@nardis.ca> Wed, 08 Jul 2015 21:07:24 -0700 + +openldap (2.4.40+dfsg-2) unstable; urgency=medium + + * Actually install libldap-2.4-2.symbols. + * Update Standards-Version to 3.9.6. + * Build-Depend on debhelper (>= 9) to fix a Lintian warning. + * Import upstream patch to fix FTBFS with gcc-5. (Addresses #778045) + + -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700 + +openldap (2.4.40+dfsg-1) unstable; urgency=medium + + * Remove inetorgperson.schema from the upstream source. Replace it with a + copy stripped of RFC text. (Closes: #780283) + * Adjust debian/watch for +dfsg versioning. + * debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream + patch to fix scope=onelevel searches wrongly including the search base in + results under the MDB backend. (ITS#7975) (Closes: #782212) + + -- Ryan Tandy <ryan@nardis.ca> Thu, 09 Apr 2015 08:38:38 -0700 + +openldap (2.4.40-4) unstable; urgency=medium + + * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream + patch to fix a crash when a search includes the Deref control with an + empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988) + * debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream + patch to fix a double free triggered by certain search queries using the + Matched Values control. (ITS#8046) (CVE-2015-1546, Closes: #776991) + + -- Ryan Tandy <ryan@nardis.ca> Sun, 08 Feb 2015 20:19:11 +0000 + +openldap (2.4.40-3) unstable; urgency=medium + + * Remove trailing spaces from slapd.templates. + * Update Vietnamese debconf translation. + Thanks to Trần Ngá»c Quân. + * Update Danish debconf translation. + Thanks to Joe Hansen. (Closes: #766848) + * Update Japanese debconf translation. + Thanks to Kenshi Muto. (Closes: #766824) + * Update Russian debconf translation. + Thanks to Yuri Kozlov. (Closes: #766825) + * Update Basque translation. + Thanks to Iñaki Larrañaga Murgoitio. (Closes: #767070) + * Update French debconf translation. + Thanks to Christian Perrier. (Closes: #767634) + * Update German debconf translation. + Thanks to Helge Kreutzmann. (Closes: #767686) + * Update Portuguese debconf translation. + Thanks to Ricardo Silva. (Closes: #768085) + * Update Italian debconf translation. + Thanks to Luca Monducci. (Closes: #768195) + * Update Turkish debconf translation. + Thanks to Atila KOÇ. (Closes: #768409) + * Update Czech debconf translation. + Thanks to Miroslav Kure. (Closes: #768591) + * Update Catalan debconf translation. + Thanks to Innocent De Marchi. (Closes: #768605) + * Update Dutch debconf translation. + Thanks to Frans Spiesschaert. (Closes: #769024) + * Update Brazilian Portuguese debconf translation. + Thanks to Adriano Rafael Gomes. (Closes: #769717) + * Update Galician debconf translation. + Thanks to Jorge Barreiro. + * Update Swedish debconf translation. + Thanks to Martin Bagge / brother. (Closes: #769867) + * Update Spanish debconf translation. + Thanks to Camaleón. (Closes: #770715) + * Fix doubled spaces in po files, caused by trailing spaces in the templates + file. + * Run debconf-updatepo to refresh PO files. + + -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Nov 2014 10:33:10 -0800 + +openldap (2.4.40-2) unstable; urgency=medium + + * Fix typo (chmod/chgrp) in previous changelog, spotted by Ferenc Wagner. + * debian/patches/contrib-modules-use-dpkg-buildflags: Also use CPPFLAGS from + dpkg-buildflags. Spotted by Lintian. + * debian/slapd.init.ldif: Don't bother explicitly granting rights to the + rootdn, since it already has unlimited privileges. Thanks Ferenc Wagner. + * Recommend MDB for new installations, per upstream's recommendation. + * Don't re-create the default DB_CONFIG if there wasn't one in the backup, + for example if the active backend doesn't use it. Thanks Ferenc Wagner. + * On upgrade, if an access rule begins with "to * by self write", show a + debconf note warning that it should be changed. (Closes: #761406) + * Build and install the lastbind contrib module. (Closes: #701111) + * Build and install the passwd/sha2 contrib module. (Closes: #746727) + + -- Ryan Tandy <ryan@nardis.ca> Mon, 20 Oct 2014 22:19:24 -0700 + +openldap (2.4.40-1) unstable; urgency=low + + [ Ryan Tandy ] + * New upstream release. + - fixed ldap_get_dn(3) ldap_ava definition (ITS#7860) (Closes: #465024) + - fixed slapcat with external schema (ITS#7895) (Closes: #599235) + - fixed double free with invalid ciphersuite (ITS#7500) (Closes: #640384) + - fixed modrdn crash on naming attr with no matching rule (ITS#7850) + (Closes: #666515) + - fixed slapacl causing unclean database (ITS#7827) (Closes: #741248) + * slapd.scripts-common: + - Anchor grep patterns to avoid matching commented lines in ldif files + under cn=config. (Closes: #723957) + - Don't silently ignore nonexistent directories that should be dumped. + - Invoke find, chown, and chgrp with -H in case /var/lib/ldap is a + symlink. (Closes: #742862) + - When upgrading a database, ignore extra nested directories as they might + contain other databases. Patch from Kenny Millington. (LP: #1003854) + - Fix dumping and reloading when multiple databases hold the same suffix, + thanks Peder Stray. (Closes: #759596, LP: #1362481) + - Remove trailing dot from slapd/domain. (Closes: #637996) + * debian/rules: + - Enable parallel building. + - Copy libldap-2.4-2.shlibs into place manually, as a workaround for + #676168. (Closes: #742841) + * debian/slapd.README.Debian: Add a note about database format upgrades and + the consequences of missing one. (Closes: #594711) + * Build with GnuTLS 3 (Closes: #745231, #760559). + * Drop debian/patches/fix-ftbfs-binutils-gold, no longer needed. + * Drop debconf-utils from Build-Depends, no longer used (replaced by + po-debconf). Thanks Johannes Schauer. + * Acknowledge NMU fixing #729367, thanks to Michael Gilbert. + * Offer the MDB backend as a choice during initial configuration. (Closes: + #750022) + * debian/slapd.init.ldif: + - Disallow modifying one's own entry by default, except specific + attributes. (Closes: #761406) + - Index some more common search attributes by default. (Closes: #762111) + * Introduce a symbols file for libldap-2.4-2. + * debian/schema/pmi.schema: Add a copyright clarification. There does not + appear to be any copyrighted text in this file, only ASN.1 assignments and + LDAP schema definitions. Fixes a Lintian error on the original. + * debian/schema/duaconf.schema: Strip Internet-Draft text from + duaconf.schema. + * Drop debian/patches/CVE-2013-4449.patch, applied upstream. + * Update debian/patches/no-AM_INIT_AUTOMAKE with upstream changes. + * debian/schema/ppolicy.schema: Update with ordering rules added in + draft-behera-ldap-password-policy-11. + * Suggest GSSAPI SASL modules. (Closes: #762424) + * debian/patches/ITS6035-olcauthzregex-needs-restart.patch: Document in + slapd-config.5 the fact that changes to olcAuthzRegexp only take effect + after the server is restarted. (Closes: #761407) + * Add myself to Uploaders. + + [ Jelmer Vernooij ] + * Depend on heimdal-multidev rather than heimdal-dev. (Closes: #745356, + #706123) + + [ Updated debconf translations ] + * Turkish, thanks to Atila KOÇ <akoc@artielektronik.com.tr>. + (Closes: #661641) + + -- Ryan Tandy <ryan@nardis.ca> Fri, 17 Oct 2014 08:19:28 -0700 + +openldap (2.4.39-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2013-4449: reference counting logic issue (closes: #729367). + + -- Michael Gilbert <mgilbert@debian.org> Sat, 09 Aug 2014 09:26:51 +0000 + +openldap (2.4.39-1) unstable; urgency=low + + [ Peter Marschall ] + * debian/patches/wrong-database-location: fix database location in + doc/man/man5/slapd-mdb.5 + * debian/configure.options: add info on --enable-mdb + + [ Russ Allbery ] + * Remove myself from Uploaders. + + [ Steve Langasek ] + * Remove Stephen Frost from Uploaders, per discussion with him. Thanks for + your contributions, Stephen! + * Adjust dh_autoreconf usage to update all config.sub/config.guess + instances in the source, so that we can be forwards-compatible with new + ports. Thanks to Colin Watson <cjwatson@ubuntu.com> for the patch. + Closes: #725824. + * Add Timo to Uploaders. + * Update Vcs-* fields to point at the new git repo; thanks to Timo for + driving this migration! + * Rebuild against db5.3, with a corresponding dump/restore of the database + on upgrade. Closes: #738641. + + [ Timo Aaltonen ] + * contrib-modules-use-dpkg-buildflags, autogroup-makefile, + smbk5pwd-makefile: + - Updated for current upstream. + * Refresh patches to apply cleanly. + * rules: Use dpkg-parsechangelog to determine the upstream version for + get-orig-source. + * source: Add lintian overrides for non-transatable internal + templates. + + -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700 + +openldap (2.4.31-1) unstable; urgency=low + + * New upstream release. + - Fixes a denial of service attack, CVE-2012-1164, when using the rwm + overlay. Closes: #663644. + - Fixes a bug with ldap_result always returning -1 when called from + sssd. Closes: #666230. + - Fix a build failure on armel due to unaligned memory access. + Closes: #677158. + * Incorporate NMU (thanks, Julien Cristau, Mattias Ellert): + - Disable the mdb backend on non-Linux, it looks like it doesn't work + with linuxthreads (closes: #654824). + - Backport fix for shell backend configuration. Closes: #662940. + + [ Peter Marschall ] + * debian/slapd.scripts-common: avoid grep warnings + * debian/patches/heimdal-fix: fix arguments of + hdb_generate_key_set_password(). Closes: #664930 + + [ Steve Langasek ] + * debian/patches/contrib-modules-use-dpkg-buildflags: pass CFLAGS to + contrib builds. Thanks to Simon Ruderich <simon@ruderich.org>. + Closes: #663724. + + -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000 + +openldap (2.4.28-1) unstable; urgency=low + + * New upstream release. + - Fixes CVE-2011-4079. Closes: #647610. + - Fixes support for proxy authorization with SASL-GSSAPI. + Closes: #608815. + - Drop patch service-operational-before-detach, which came from upstream. + - Drop patch fix-its6898-locking-issue, included upstream. + - Refresh other patches as needed. + * debian/slapd.scripts-common: quote the argument to slappasswd, to cope + with shell characters in the string. Thanks to Nicolai Ehemann + <en@englightened.de> for the patch. Closes: #635931. + * Install ldif.h in libldap2-dev, now that it's been blessed upstream. + Closes: #644985. + * debian/patches/no-bdb-ABI-second-guessing: don't force an exact match on + the upstream version of libdb; this is redundant with our packaging + system, and causes spurious errors when there's a non-ABI-breaking + BDB upstream release. Closes: #651333. + * Build-conflict with the ancient autoconf2.13, which is incompatible with + dh-autoreconf. (Maybe dh-autoreconf itself should conflict with it?) + Closes: #651598. + + [ Updated debconf translations ] + * Dutch, thanks to Jeroen Schot <schot@A-Eskwadraat.nl>. Closes: #651400. + + -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000 + +openldap (2.4.25-4) unstable; urgency=low + + * Drop explicit depends on libdb4.8, since we're now linking against + libdb5.1. Thanks to Peter Marschall for catching. Closes: #621403 + again. + * Rebuild against cyrus-sasl2 2.1.25. Closes: #628237. + * Use dh_autoreconf instead of a locally-patched autogen.sh. + * debian/patches/no-AM_INIT_AUTOMAKE: don't use AM_INIT_AUTOMAKE macro + when we aren't using automake. + * Convert debian/rules to dh(1). + * use DEB_CFLAGS_MAINT_APPEND with appropriate versioned dependency on + debhelper and dpkg-dev, so we can pick up dpkg-buildflags for our + policy-mandated flags - as well as our security-enhancing ones! + Closes: #644427. + * Also set hardening=+pie,+bindnow buildflags options for maximum + security, since this is a security-sensitive daemon dealing with + untrusted input. Ubuntu has been building with these flags for a + while via hardening-wrappers, so the change is presumed safe. + * Drop debian/check_config. The upstream configure script now enforces + --with-cyrus-sasl, so there's no need for a second check. + * debian/po/es.po: tweak an ambiguous string in the Spanish debconf + translation, noticed in response to a submitted Catalan translation + * debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff: + Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL. + Thanks to Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de> for the + patch. Closes: #327585. + + [ Updated debconf translations ] + * Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com>. + Closes: #644274. + + -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000 + +openldap (2.4.25-3) unstable; urgency=low + + * Brown paper bag: really fix the .links.in handling, so we don't generate + broken /usr/lib/${DEB_HOST_MULTIARCH} dirs. + + -- Steve Langasek <vorlon@debian.org> Mon, 15 Aug 2011 09:50:37 +0000 + +openldap (2.4.25-2) unstable; urgency=low + + [ Matthijs Möhlmann ] + * Change to bdb 5.1 (Closes: #621403) + * Add note to ldap-utils package how to unfold lines. (Closes: #530519) + (Thanks to Peter Marschall and Javier Barroso) + + [ Steve Langasek ] + * Acknowledge NMU for bug #596343; thanks to Thijs Kinkhorst for the fix! + * Bump to compat level 7, so we don't have to spell out debian/tmp in + every single .install file + * Build for multiarch. + + -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700 + +openldap (2.4.25-1.1) unstable; urgency=low + + * Non-maintainer upload to fix RC bug. + * Fix "dpkg-reconfigure slapd". Closes: #596343 + + -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200 + +openldap (2.4.25-1) unstable; urgency=low + + * New upstream version (Closes: #617606, #618904, #606815, #608813) + - Fixes CVE-2011-1024, CVE-2011-1025, CVE-2011-1081 + - slapd server process frequently hangs during everyday usage is fixed in + newer versions of openldap according to the bug submitter + * Refresh all patches + * Remove manpage-tlscyphersuite-additions, applied upstream + * Remove issue-6534-patch, applied upstream + * Add Slovak translation, thanks Slavko <linux@slavino.sk> (Closes: #608699) + * Add debian specific patch for ldap.conf. Add TLS_CACERT option and set it + by default to /etc/ssl/certs/ca-certificates.crt (Closes: #555409, #616703) + * Add patch to fix a FTBFS with binutils-gold (Closes: #555867) + * Add slapschema, just hardlink it (Closes: #601569) + * Update patch service-operational-before-detach (Closes: #616164, #598361) + * Add ldif_* symbols to libldap-2.4-2 + * Add upstream patch for a locking issue in libldap_r + * Fix build failure, use @SHELL@ instead of hardcoded /bin/sh (build/top.mk) + (Closes: #621925) + + -- Matthijs Möhlmann <matthijs@cacholong.nl> Mon, 11 Apr 2011 22:10:14 +0200 + +openldap (2.4.23-7) unstable; urgency=low + + * Updated vietnamese translation, thanks Clytie Siddall + (Closes: #601537, #598575) + * Updated portuguese translation, thanks Traduz (Closes: #599760) + * Updated danish translation, thanks Joe Dalton (Closes: #599835) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100 + +openldap (2.4.23-6) unstable; urgency=high + + * Check for an empty directory to prevent an rm -f /*. (Closes: #597704) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 23 Sep 2010 10:17:50 +0200 + +openldap (2.4.23-5) unstable; urgency=high + + [ Steve Langasek ] + * High-urgency upload for RC bugfix. + * debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in + get_suffix(), which causes us to incorrectly parse any slapd.conf that + uses tabs instead of spaces. Closes: #595672. + * debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not + set in /etc/default/slapd, we should always set a default value, giving + precedence to slapd.d and falling back to slapd.conf. Users who don't + want to use an existing slapd.d should point at slapd.conf explicitly. + Closes: #594714, #596343. + * debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the + absence of a slapd configuration; we should still exit 0 so that the + package can be removed gracefully. Closes: #596100. + * drop build-conflicts with libssl-dev; we explicitly pass + --with-tls=gnutls to configure, so there's no risk of a misbuild here. + * debian/slapd.default: now that we have a sensible default behavior in + both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to + save pain later. + * debian/slapd.scripts-common: ... and do the same in + migrate_to_slapd_d_style, we just need to comment out the user's + previous entry instead of blowing it away. + * debian/slapd.scripts-common: call get_suffix in a way that lets us + separate responses by newlines, to properly handle the case when a + DN has embedded spaces. Introduces a few more stupid fd tricks to work + around possible problems with debconf. Closes: #595466. + * debian/slapd.scripts-common: when parsing the names of includes, handle + double-quotes and escape characters as described in slapd.conf(5). + Closes: #595784. + * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from + versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which + otherwise is blocked by our added olcAccess settings. Closes: #596326. + * debian/slapd.init.ldif: set the acl in the default LDIF for new installs, + too. + * Likewise, grant access to dn.exact="" so that base dn autodiscovery + works as intended. Closes: #596049. + * debian/slapd.init.ldif: synchronize our behavior on new installs with + that on upgrades, avoiding the non-standard cn=localroot,cn=config. + * debian/slapd.scripts-common: don't run the migration code if slapd.d + already exists. Closes: #593965. + + [ Matthijs Mohlmann ] + * Remove upgrade_supported_from_backend, implemented patch from + Peter Marschall <peter@adpm.de> to automatically detect if an upgrade is + supported. (Closes: #594712) + + [ Peter Marschall ] + * debian/slapd.init: correctly set the slapd.conf argument even when + SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880. + * debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that + subordinate databases aren't incorrectly included in the dump/restore of + the parent database. Closes: #594821. + + -- Steve Langasek <vorlon@debian.org> Mon, 13 Sep 2010 06:59:11 +0000 + +openldap (2.4.23-4) unstable; urgency=low + + [ Steve Langasek ] + * Bump the database upgrade version check to 2.4.23-4; should have been + set to 2.4.23-1 when we switched to db4.8, but was missed so we need to + clean up. Closes: #593550. + + [ Matthijs Mohlmann ] + * Fix root access to cn=config on upgrades from configuration style slapd.conf + Thanks to Mathias Gug (Closes: #593566, #593878) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 26 Aug 2010 20:30:51 +0200 + +openldap (2.4.23-3) unstable; urgency=low + + * Configure the newly installed openldap package using slapd.d instead of + slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428) + * Update the debconf templates by running debconf-updatepo. + * We do not support upgrades from older releases then lenny, so removed some + upgrade functions from slapd.scripts-common. + * Updated japanese translation, thanks Kenshi Muto (Closes: #589508) + * Updated czech translation, thanks Miroslav Kure (Closes: #589569) + * Update slapd.README.Debian and slapd.NEWS and note the new configuration + style. + * Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852) + * Update italian translation, thanks Luca Monducci (Closes: #590154) + * Update spanish translation, thanks Francisco Javier Cuadrado + (Closes: #590829) + * Update basque translation, thanks Iñaki Larrañaga Murgoitio + * Bump Standards-Version to 3.9.1 + * Added debian specific patch to wait until slapd is operational before + detaching to the terminal (Closes: #589915) + * Add a lintian overrides for libldap. + * Empty dependency_libs line in .la files. (Closes: #591550) + * Update galician translation, thanks Jorge Barreiro (Closes: #592815) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Tue, 17 Aug 2010 22:00:16 +0200 + +openldap (2.4.23-2) unstable; urgency=medium + + * Depend on libdb4.8 >= 4.8.30 (Closes: #588969) + * Urgency previous as previous version fixes a RC bug. + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Wed, 14 Jul 2010 10:17:27 +0200 + +openldap (2.4.23-1) unstable; urgency=low + + * New upstream version + * Change to build dependency libdb4.8-dev instead of libdb4.7-dev + * Updated french translation thanks Christian Perrier (Closes: #579192) + * Updated swedish translation thanks Martin Bagge (Closes: #580145) + * Updated german translation thanks Helge Kreutzmann (Closes: #579582) + * Updated russian translation thanks Yuri Kozlov (Closes: #585688) + * Fix bashisms in debian/rules (Closes: #581454) + * Add documentation patch (Closes: #513270) + * Refreshed all quilt patches. + * Bump Standards-Version to 3.9.0 + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200 + +openldap (2.4.21-1) unstable; urgency=low + + [ Steve Langasek ] + * New upstream version + (Closes: #561144, #465024, #502769, #528695, #564686, #504728) + * Add upstream manpage for ldapexop; thanks to Peter Marschall + <peter@adpm.de>. Closes: #549291. + + [ Matthijs Mohlmann ] + * Ack NMU (Closes: #553432) + * Update Standards-Version to 3.8.4 + * Fix NEWS entry to have the correct version number + * Improve the wording for the slapd/invalid_config question (Closes: #452834) + * Make lintian a bit more happy (Closes: #518660) + * Fix bashism (Closes: #518657) + * Refresh all patches + * Add patch from upstream (Closes: #549642) + * Reworked the configure.options a bit to include some more options + * Enable dynamic acls + * Use slappasswd to create a secure password (Closes: #490930) + * Set a rootdn and rootpw if no password is given by debconf (Closes: #231950) + * Better document the TLSCipherSuite in slapd.conf manpage (Closes: #563113) + * Better document the TLS_CIPHER_SUITE in ldap.conf manpage (Closes: #510346) + * Add smbk5pwd slapd module, used patch from Mark Hymers (Closes: #443073) + * Add autogroup slapd module, used patch from Mathieu Parent (Closes: #575900) + * Add lsb logging, used patch from David Härdeman (Closes: #385898) + * Use dh_lintian to install the lintian-overrides + * Added critical error report when slapcat fails (Closes: #226090) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200 + +openldap (2.4.17-2.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL + character in subject Common Name (Closes: #553432) + + -- Giuseppe Iuculano <iuculano@debian.org> Tue, 10 Nov 2009 19:09:45 +0100 + +openldap (2.4.17-2) unstable; urgency=low + + * Fix up the lintian warnings: + - add missing misc-depends on all packages + - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive + overrides + - bump Standards-Version to 3.8.2, no changes required. + * slapd.scripts-common: fix upgrade to correctly handle multiple database + declarations; thanks, Peter Marschall <peter@adpm.de>! Closes: #517556 + * Add 'status' argument to init script; thanks to Peter Eisentraut + <petere@debian.org>. Closes: #545898. + * New patch, do-not-second-guess-sonames, to remove an incorrect check for + the Cyrus SASL version number at runtime. If there's any reason this is + needed, it needs to be addressed in the cyrus-sasl soname and Debian + shlibs, not here. Closes: #546885. + + -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700 + +openldap (2.4.17-1) unstable; urgency=low + + * New upstream version. + - Fixes FTBFS on ia64 with -fPIE. Closes: #524770. + - Fixes some TLS issues with GnuTLS. Closes: #505191. + * Update priority of libldap-2.4-2 to match the archive override. + * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the + ldapurl(1) manpage. Thanks to Peter Marschall for the patch. + Closes: #496749. + * Bump build-dependency on debhelper to 6 instead of 5, since that's + what we're using. Closes: #498116. + * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using + the built-in default of ldap:/// only. + * Build-depend on libltdl-dev | libltdl3-dev (>= 1.4.3), for the package + name change. Closes: #522965. + + [ Updated debconf translations ] + * Spanish, thanks to Francisco Javier Cuadrado <fcocuadrado@gmail.com>. + Closes: #521804. + + -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700 + +openldap (2.4.15-1) unstable; urgency=low + + * New upstream version + - Fixes a bug with the pcache overlay not returning cached entries + (closes: #497697) + - Update evolution-ntlm patch to apply to current Makefiles. + - (tentatively) drop gnutls-ciphers, since this bug was reported to be + fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the + patch from the bug report, so this should be watched for regressions. + * Build against db4.7 instead of db4.2 at last! Closes: #421946. + * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is + installed in the build environment. + * Add -D_GNU_SOURCE to CFLAGS, apparently required for building with + current headers in unstable + + -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800 + +openldap (2.4.11-1) unstable; urgency=low + + * New upstream version (closes: #499560). + - Fixes a crash with syncrepl and delcsn (closes: #491066). + - Fix CRL handling with GnuTLS (closes: #498410). + - Drop patches no_backend_inter-linking, + CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied + upstream. + + [ Russ Allbery ] + * New patch, back-perl-init, which updates the calling conventions + around initialization and shutdown of the Perl interpreter to match + the current perlembed recommendations. Fixes probable hangs on HPPA + in back-perl. Thanks, Niko Tyni. (Closes: #495069) + + [ Steve Langasek ] + * Drop the conflict with libldap2, which is not the standard means of + handling symbol conflicts in Debian and which causes serious upgrade + problems from etch. Closes: #487211. + + -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700 + +openldap (2.4.10-3) unstable; urgency=low + + [ Steve Langasek ] + * New patch, CVE-2008-2952_BER-decoding-assertion, to fix a remote DoS + vulnerability in the BER decoder. Addresses CVE-2008-2952, + closes: #488710. + * debian/slapd.scripts-common, debian/slapd.postinst: drop + update_path_argsfile_pidfile function, not needed for updates from etch + or newer. + * Drop the code to check for and upgrade ldbm databases. The etch + release of slapd had already dropped support for them and direct + upgrades from sarge are not supported. + + [ Russ Allbery ] + * Apply upstream patch to convert GnuTLS cipher strength from bytes to + bits, as expected by OpenLDAP. (Closes: #473796) + * Add Build-Depends on time, used by the test suite and only a shell + built-in with bash. Thanks, Daniel Schepler. (Closes: #490754) + * Refresh all patches, convert all patches to -p1, and remove extraneous + Index: lines. (Closes: #485263) + * Unless DFSG_NONFREE is set, also check whether the upstream schemas + with RFC comments are included. + * Update standards version to 3.8.0. + - Include debian/README.source pointing to the quilt README.source. + - Wrap Uploaders for readability. + * Wrap slapd's Depends for readability. + + [ Updated debconf translations ] + * Swedish, thanks to Martin Ã…gren <martin.agren@gmail.com>. + Closes: #492748. + + -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700 + +openldap (2.4.10-2) unstable; urgency=low + + * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at + build time + * Hack around glibc behavior when resolving localhost, by exporting + RESOLV_MULTI=off when invoking the test suite + * Reclaim the 'openldap' source package name; openldap2.3 has been a + misnomer for some time, causing undue confusion, so switch to a + permanent source package name that we won't need to change again later. + - Along the way, kill off non-DFSG-compliant schema files that snuck + back into the archive due to my bad merge of 2.4.10. + + -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700 + +openldap2.3 (2.4.10-1) unstable; urgency=low + + [ Steve Langasek ] + * New upstream release. + - Clean up ld_defconn if it was freed, fixing an assertion failure in + various clients. Closes: #469232. + - Fixes slapd syncrepl hang on back-config. Closes: #471253. + - Drop patch hurd-path-max, integrated upstream. + * Drop spurious build-dependency on heimdal-dev, introduced accidentally + as part of an aborted attempt to build the smbk5pwd overlay. + * Use hardlinks instead of symlinks for the various slap* commands; this + is functionally equivalent for us, and reduces divergence from + derivatives such as Ubuntu that use apparmor. Closes: #488409. + * New patch, no_backend_inter-linking, to fix the meta backend to not + try to look up symbols in external objects (back_ldap) that it + doesn't link against. + * Turn on 'make test' during builds, now that back_meta is fixed. + + [ Matthijs Mohlmann ] + * All manpages in category 5 were missing, wrong directory. + (Closes: #474976, #483631, #483633) + + -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700 + +openldap2.3 (2.4.9-1) unstable; urgency=low + + [ Updated debconf translations ] + * French, thanks to Christian Perrier <bubulle@debian.org>. + Closes: #471792. + * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #475238. + * Czech, thanks to Miroslav Kure <kurem@upcase.info.upol.cz>. + Closes: #480138. + * Basque, thanks to Piarres Beobide <pi+debian@beobide.net>. + Closes: #480177. + * Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>. + Closes: #480181. + * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>. Closes: #480218. + * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #480247. + * Italian, thanks to Luca Monducci <luca.mo@tiscali.it>. (Closes: #477718) + * Brazilian Portuguese, thanks to Eder L. Marques <eder@edermarques.net> + (Closes: #480172) + * Portuguese, thanks to Tiago Fernandes <tjg.fernandes@gmail.com> + (Closes: #481126) + * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com> (Closes: #481214) + * Dutch, thanks to "cobaco (aka Bart Cornelis)" <cobaco@skolelinux.no>. + Closes: #483014. + + [ Matthijs Mohlmann ] + * New upstream release. + - Bad entryUUID no longer crashes slapd. (Closes: #471867) + - Fix assertion failure in some modify operations. (Closes: #474161) + - Mention index in slapd.conf's man page. (Closes: #414650) + - Fixes to slapd include handling. (Closes: #457261) + - Fix syncrepl cookie truncation. (Closes: #464024) + - Fix memory allocation in ldap_parse_page_control. (Closes: #464877) + - Fix slapd crash when accessed by multiple threads. (Closes: #479237) + * Acknowledge NMU. + (Closes: #474976, #471225, #475856, #474652, #465875) + * Bump Standards-Version to 3.7.3 + * Add versioned build dependency on libgnutls-dev (Closes: #466558) + * Bump debhelper compat level to 6. + + [ Russ Allbery ] + * Use MAXPATHLEN rather than PATH_MAX, since OpenLDAP defines the + former and the latter isn't defined on GNU Hurd. Thanks, Samuel + Thibault. (Closes: #475744) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 26 May 2008 22:34:16 +0200 + +openldap2.3 (2.4.7-6.3) unstable; urgency=low + + * Non-maintainer upload. + * Install all slapd relevant manpages into slapd package. + (closes: #474976) + * Make libldap-2.4-2 conflict against libldap2. (closes: #475856) + + -- Bastian Blank <waldi@debian.org> Tue, 29 Apr 2008 18:00:23 +0200 + +openldap2.3 (2.4.7-6.2) unstable; urgency=low + + * Non-maintainer upload to solve release goal issues. + * Add LSB dependency header to init.d scripts (Closes: #474652) + + -- Petter Reinholdtsen <pere@debian.org> Wed, 16 Apr 2008 08:04:49 +0200 + +openldap2.3 (2.4.7-6.1) unstable; urgency=high + + * Non-maintainer upload by security team. + * Fix possible remote denial of service vulnerability in the BDB backend + via a modrdn operation with a NOOP control + (CVE-2008-0658; Closes: #465875). + + -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100 + +openldap2.3 (2.4.7-6) unstable; urgency=low + + [ Updated debconf translations ] + * Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no>. Closes: #452950. + * Brazilian Portuguese, thanks to Eder L. Marques <frolic@debian-ce.org>. + Closes: #463460. + * German, thanks to Helge Kreutzmann <debian@helgefjell.de>. + Closes: #465784. + + [ Steve Langasek ] + * Relax build-dependency on libsasl2-dev now that the versioned dependency + is satisfied by all extant versions (including in oldstable), fixing a + lintian warning about versioned build-deps on Debian revisions. + * Avoid using a mutex around getaddrinfo() and getnameinfo() calls, which + are guaranteed by glibc to be threadsafe; this fixes a deadlock when + using nss_ldap for host lookups. Closes: #340601. + * debian/libldap2-dev.manpages: install all of man3/* instead of + enumerating specific manpages to install. Closes: #320073. + * Add new patch, sasl-cleartext-strncasecmp, to correct a regression that + prevented the use of the {CLEARTEXT} password scheme with SASL. + Closes LP: #191563. + * drop LGPL from debian/copyright; there is no longer any code under this + license in the package. + * Drop patch gnutls-altname-nulterminated; it's been determined that the + "length" discrepancy was a bug in gnutls, and fixed in that package. + * debian/configure.options: explicitly pass --with-odbc=unixodbc, so + that we depend on the right ODBC implementation when both happen to + be installed at build time. + + [ Russ Allbery ] + * Add a stamp file for the configure rule to avoid rerunning configure + needlessly. Closes: #465588. + * Don't create the openldap user if slapd has been configured to run as + a different user. If slapd has been configured to run as openldap, do + create the user on reconfigure. Closes: #452438. + * Reformat, reorganize, and update slapd's README.Debian. + - Include SASL configuration information. + - Remove LDBM information, since upstream no longer even ships LDBM + and the debconf prompting and maintainer scripts already take care + of any lingering databases. + - Document the differences between the Debian OpenLDAP packages and + upstream. + + -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800 + +openldap2.3 (2.4.7-5) unstable; urgency=low + + [ Updated debconf translations ] + * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #462688. + * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>. Closes: #462987. + * French, thanks to Christian Perrier <bubulle@debian.org>. + Closes: #463149. + * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>. Closes: #463442. + * Czech, thanks to Miroslav Kure <kurem@debian.cz>. Closes: #463472. + * German, thanks to Helge Kreutzmann <debian@helgefjell.de>. + Closes: #464718. + + [ Steve Langasek ] + * Fix various regressions related to the introduction of GnuTLS: + - Add new patch, gnutls-ciphers, to fix support for specifying multiple + ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle + Moffett <kyle@moffetthome.net> for the patch. Closes LP: #188200. + - Add new patch, slapd-tlsverifyclient-default, to set the intended + default value of "TLSVerifyClient never" in the right place. + - Add new patch, gnutls-altname-nulterminated, to account for differences + in how the "length" is returned for commonName vs. subjectAltName. + - Comment out TLSCipherSuite settings on upgrade from all versions prior + to 2.4.7-5, and throw a debconf error to the user notifying them of + this, since all OpenSSL cipher suite values are incompatible with + GnuTLS. + Closes: #462588. + * Add new patch from upstream, entryCSN-backwards-compatibility, to support + auto-converting entryCSN attributes in a previously supported old format, + fixing an upgrade failure. Closes: #462099. + * Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the + latter resorts to a SIGKILL and may corrupt backend data; whereas the + former will exit non-zero if slapd is still running but won't directly + cause data-loss. Thanks to Mark McDonald for the patch. LP: #92139. + * Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for + reporting. Closes: #463971. + * Fix a superfluous space in the debconf templates, due to a trailing space + in the templates. Closes: #464719. + + -- Steve Langasek <vorlon@debian.org> Sat, 09 Feb 2008 14:25:55 -0800 + +openldap2.3 (2.4.7-4) unstable; urgency=high + + [ Steve Langasek ] + * Build-conflict with libicu-dev, for consistent dependencies in all + build environments. + * Fix an oversight in the checkpoint migration, which caused the checkpoint + option to not be moved far enough down. Closes: #462304, LP: #185257. + * Build-depend on unixodbc instead of iODBC. + + [ Updated debconf translations ] + * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #462191. + + -- Steve Langasek <vorlon@debian.org> Fri, 25 Jan 2008 02:17:23 -0800 + +openldap2.3 (2.4.7-3) unstable; urgency=low + + * Add missing build-dependency on groff-base, to allow use of soelim during + build. + + -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 15:18:27 -0800 + +openldap2.3 (2.4.7-2) unstable; urgency=low + + * Temporarily drop slapi-dev from the package to get through NEW; this + functionality should be readded later, either by restoring the slapi-dev + package or by moving it to libldap2-dev, depending on the outcome of + discussion with the ftp-masters. + + -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 06:13:21 -0800 + +openldap2.3 (2.4.7-1) unstable; urgency=low + + [ Steve Langasek ] + * New upstream version; closes: #449354. + - remove another schema from upstream source, collective.schema, + that contains text from the IETF RFCs and include a stripped copy + in debian/schema. + - drop patches slurpd-in-spool and man-slurpd, since slurpd is no + longer provided upstream. + - libldap2.3-0 is now libldap2.4-2 + - build libldap2-dev from this source package now, superseding + openldap2; closes: #428385, #260118, #262539, #391899, #393215. + - lastmod and denyop have been moved to contrib upstream and are no + longer shipped as supported overlays + - drop dependency on libldap2 and take ownership of the + /etc/ldap/ldap.conf conffile, since libldap2 is now obsolete + - need to dump and reload databases again for the upgrade from 2.3.39. + - ldap_init(3) no longer attempts to document the internals of the + LDAP opaque type. Closes: #320072. + - ldap-utils utilities find LDAP servers via SRV records when given a + URL with -H and no host in the URL. Closes: #221173. + - if the old slapd.conf included any replica commands, automatically + enable syncprov for the corresponding database and print an error + with debconf. + * slapd.conf and DB_CONFIG are used in the postinst, they shouldn't be + shipped under doc/examples because /usr/share/doc can't be depended + on per policy; ship the files under /usr/share/slapd and symlink the + /other/ way, which also spares us from dh_compress trying to gzip + slapd.conf. Closes: #452749. + * Drop libldap.so as was done for libldap2, making it a link to + libldap_r.so to avoid unfortunate symbol collisions. + * Add new patch, libldap-symbol-versions, to build libldap and liblber + with symbol versions; needed to avoid segfaults when applications + manage to pull both libldap2 and the new libldap-2.4-2 into the same + process (as during a partial upgrade or the initial soname + transition), and also when the library soname changes again in the + future (as it's likely to do). + * Reintroduce add-autogen-sh patch, with build deps on libtool, automake, + and autoconf, required due to the previous patch; this time around, take + care to clean up the autogenerated files in the clean target as well + * Build-depend on libgnutls-dev instead of on libssl-dev, so that at long + last we can build the server and lib from the same source package again + without licensing problems. Closes: #457182, #407334, #428468, #381788. + Closes: #412706. + * slapd.prerm, slapd.postinst: drop no-longer-needed upgrade code for + openldap < 2.1.22 + * Ask about ldbm to bdb migration in the preinst, since there is no + guarantee that the debconf config script will be run before the unpack + phase. + * Don't stop slapd in the preinst by hand, the prerm already stops the + old slapd using the standard interfaces. + * Don't build with LAN Manager password support; these passwords are more + insecure than traditional Unix crypt, and only relevant when talking to + Windows 98. + * Move libslapi into the slapd package and provide a virtual package for + library dependencies, since this is expected to stay lockstep with the + server. + * Split slapi dev support into a new libslapi-dev package, as this is + unrelated to libldap; and drop libslapi.a since it would be insane to try + to statically link a dynamically-loaded slapi plugin. + * "checkpoint" directives are no longer supported as part of the backend + config, only as part of the database config; move the lines around in + slapd.conf on upgrade. + * "schemacheck" directives are no longer supported; comment them out + on upgrade since this option was set by default in sarge. + * Package description updates; thanks to Christian Perrier + <bubulle@debian.org> and the Smith review project for these + improvements. + * Incorporate debconf template changes suggested by the debian-l10n-english + team as part of the Smith review project. Closes: #447224. + + [ Russ Allbery ] + * Removed fix_ldif and all remaining code to try running it on LDIF + dumps. Schema checking has been imposed since 2.1 and it's highly + unlikely that anyone still needs this. + * Move the checkpoint directive in the default slapd.conf below the + database and suffix directives for the primary database. This is now + required for OpenLDAP 2.4. + * Create /etc/ldap/slapd.conf owned by the openldap group and mode 640 + by default so that slapindex and friends can read it when run as the + openldap user. Fix permissions on upgrade if slapd.conf is owned by + root and mode 600. Closes: #432662. + * Drop slapd patch to read slapd.conf before dropping privileges, since + slapd.conf should now be readable by SLAPD_GROUP. + * If SLAPD_CONF is set to a directory in /etc/default/slapd, assume + the cn=config backend is used and start slapd with the appropriate + options. Based on a patch from Mike Burr. Closes: #411413. + * Rework slapd's README.Debian: + - Document the BerkeleyDB version. Closes: #438127. + - Document how to direct slapd's logs to another file. Closes: #258931. + - Remove obsolete information about TLS/SSL and OpenLDAP 2.0 upgrades. + - Recommend HDB instead of BDB. + - Generally reformat and reorganize. + * Patch cleanup: + - Combine the NTLM patches for Evolution into a single patch. + - Add explanatory comments to every patch. + - Refresh all patches to remove diff garbage and trailing whitespace. + * debian/rules cleanup: + - Fix patch dependencies for parallel build (hopefully). + - Tell configure the system type. + - Rewrite upstream_strip_nondfsg.sh as a get-orig-source target. + - Remove stamp files as the first step of the clean target. + - Add trivial build-arch and build-indep targets. + - Remove dead code and unnecessary comments. + * Remove postrm code to delete /var/lib/slapd/upgrade* flag files. We + haven't used those since the 2.1 upgrade. + * Update Vcs-* headers for new repository layout. + * Remove versioned dependency on an ancient dpkg-dev. + * Wrap and reorder Build-Depends for readability. + + [ Updated debconf translations ] + * Czech, thanks to Miroslav Kure <kurem@debian.cz>. Closes: #458215. + * German, thanks to Helge Kreutzmann <debian@helgefjell.de>. + Closes: #452833. + * Spanish + * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #448061. + * French, thanks to Christian Perrier <bubulle@debian.org>. + Closes: #452632. + * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>. + Closes: #451158. + * Italian, thanks to Luca Monducci <luca.mo@tiscali.it>. Closes: #449442. + * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #451325. + * Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no>. Closes: #448935. + * Brazilian Portuguese + * Portuguese, thanks to Tiago Fernandes <tjg.fernandes@gmail.com>. + Closes: #453341. + * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>. Closes: #453318. + * Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>. + Closes: #453411. + + -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 04:58:24 -0800 + +openldap2.3 (2.3.39-1) unstable; urgency=medium + + * Medium severity due to denial of service fix. + * New upstream release. + - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache + (the overlay for proxy caching). (Closes: #448644) + - Multiple additional more minor bug fixes. + * Document in the default slapd.conf that dbconfig options only generate + the DB_CONFIG file on first slapd start and have no effect afterwards + unless DB_CONFIG is removed. (Closes: #442191) + * Inline the checkpoint and BerkeleyDB backend settings in the default + slapd.conf rather than generating them dynamically in postinst. All + the allowable default database choices are now BerekelyDB variants and + will probably continue to be so for the forseeable future, and this is + easier to maintain. + * Drop debconf questions, warnings, and maintainer script functions + dealing with upgrades from OpenLDAP 2.1, which is now too hold for + supported direct upgrades. (Closes: #444806) + * Add a watch file. Thanks, Fernando Ribeiro. (Closes: #435290) + * Add Homepage, Vcs-Svn, and Vcs-Browser control fields. + + -- Russ Allbery <rra@debian.org> Mon, 12 Nov 2007 16:00:47 -0800 + +openldap2.3 (2.3.38-1) unstable; urgency=low + + [ Steve Langasek ] + * Drop debian/patches/use-lpthread, which is no longer needed on mips* + because gcc has been fixed. + * Drop debian/patches/add-autogen-sh, also no longer needed now that + the above patch is gone. + + [ Matthijs Mohlmann ] + * Fix bashism in initscript. (Closes: #428883) + * Drop upstream patches ITS4924, ITS4925 and ITS4966. + * Add patch for objectClasses which causes slapd to crash. (Closes: #440632) + - CVE-2007-5707. + - Upstream bug ITS5119. + * Change default loglevel to none, to log high priority messages. + (Closes: #442000) + * Tighten up the build dependencies, now that autogen patch is removed. + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 17 Sep 2007 22:58:54 +0200 + +openldap2.3 (2.3.35-2) unstable; urgency=low + + * Enable LAN Manager password support in slapd. (Closes: #245341) + * If automatic configuration is selected and slapd.conf doesn't exist + during an upgrade, treat this as a fresh installation rather than + aborting with an error. Also try to provide a better error message if + the user has deleted /etc/ldap/schema but we just generated a new + configuration that references it. These cases can occur if someone + removes (rather than purges) the package, manually deletes /etc/ldap, + and then reinstalls. (Closes: #205010) + * Don't fail in slapd's postrm if /etc/ldap/schema has already been + deleted. + * Remove slapd conflicts with libbind-dev and bind-dev. There no longer + appears to be anything in those packages that would break slapd's + resolver. (Closes: #225896) + * Add libldap-2.3-0-dbg and slapd-dbg packages with detached debugging + information. + * db_recover is no longer required after changing DB_CONFIG; slapd now + detects changes itself and does the right thing. Also note in + README.DB_CONFIG the existence of the dbconfig slapd.conf parameter + and slapd's DB_CONFIG writing support. (Closes: #412575) + * Add options to /etc/default/slapd to let the system administrator tell + the init script to not start slapd on boot. (Closes: #254999) + * Redirect fd 3 to /dev/null in the slapd init script for additional + robustness when debconf is running. (Closes: #227482) + * Add to /etc/default/slapd a commented-out example of how to change the + keytab file used for GSSAPI authentication. (Closes: #412017) + * Use variables in /etc/init.d/slapd for the paths to slapd and slurpd + so that someone who really wants to can override them in + /etc/default/slapd. (Closes: #403948) + * Allow people building packages for outside Debian to skip the checks + for non-DFSG-free material by setting a variable. Thanks, Peter + Marschall. (Closes: #427245) + * Remove duplicate libldap-2.3-0 dependencies. (Closes: #408987) + * Use binary:Version instead of Source-Version for the tight + dependencies between slapd and ldap-utils and libldap-2.3-0. + + -- Russ Allbery <rra@debian.org> Mon, 11 Jun 2007 20:26:26 -0700 + +openldap2.3 (2.3.35-1) unstable; urgency=low + + * New upstream release with many bug fixes. + - Allow syncprov to follow aliases. (Closes: #422087) + * Apply upstream patches: + - ITS#4924: client crash on incorrectly tagged result from server. + - ITS#4925: NOOP modify with BDB backend crashed slapd. + - ITS#4966: Delete of valsort-controlled entries crashed slapd. + * Enable SLAPI support. (Closes: #390954) + * Re-enable use of the epoll system call since Debian no longer supports + 2.4 kernels. This means that the OpenLDAP packages will not work on + pre-2.6 kernels. + * Remove schema files that contain text from IETF RFCs from the upstream + source since that text is not DFSG-free. Instead, install stripped + versions of those schema files containing only the functional + interface specifications, a comment explaining why this is needed, and + a pointer to the relevant RFC. (Closes: #361846) + * Document the repackaging of the upstream source in debian/copyright. + * Update config.guess and config.sub during the build instead of in the + clean target and remove them in the clean target for a clean diff. + Build-depend on autotools-dev so that we can unconditionally copy over + the latest versions. + * Added commentary and upstream ITS numbers for several patches + applicable upstream. + * Use debian/compat rather than the deprecated DH_COMPAT rules setting. + * Update to debhelper compatibility level V5 (no changes required). + + -- Russ Allbery <rra@debian.org> Wed, 30 May 2007 22:42:28 -0700 + +openldap2.3 (2.3.30-5) unstable; urgency=low + + [ Steve Langasek ] + * Add Portuguese debconf translation; thanks to Tiago Fernandes. + Closes: #409632. + * Re-add .la files to the slapd package, for greater compatibility + with upstream documentation. + + [ Russ Allbery ] + * When starting slapd, create a symlink from /var/run/ldapi to + /var/run/slapd/ldapi for compatibility with 2.1 client libraries. + Closes: #385809. + * Apply upstream patch to prevent a race condition in slapd when + shutting down connections. + * Update the Brazilian Portuguese debconf translation; thanks to Felipe + Augusto van de Wiel. + + -- Russ Allbery <rra@debian.org> Thu, 8 Mar 2007 18:21:02 -0800 + +openldap2.3 (2.3.30-4) unstable; urgency=low + + * Ok, argh, it helps to check that the function being re-added to the + preinst hasn't been removed again from the common include. Re-add + break_on_ldbm_to_bdb_migration_disagree, because by all appearances + we /should/ be using this in the preinst. Closes: #411474. + + -- Steve Langasek <vorlon@debian.org> Mon, 19 Feb 2007 03:55:22 -0800 + +openldap2.3 (2.3.30-3) unstable; urgency=medium + + [ Matthijs Mohlmann ] + * Added spanish translation. (Closes: #404250) + * Documentation updates backported from upstream. + * Fix a security bug in kerberos kbind code. (Only used when enabling with + --enable-kbind option) But better safe then sorry. + * Backported a mem leak fix on failed binds. + * Added patch from upstream that fixes a memory leak in ACLs that use sets. + + [ Steve Langasek ] + * *Really* abort in preinst if the user doesn't accept the upgrade + from ldbm to bdb. Closes: #392747. + * Set the name of debian/slapd.NEWS right so that it gets + installed in the binary package. Closes: #409923. + * Add Russian debconf translation; thanks to Yuri Kozlov. + Closes: #405706. + * Add Galician debconf translation; thanks to Jacobo Tarrio. + Closes: #407267. + + -- Steve Langasek <vorlon@debian.org> Sun, 18 Feb 2007 16:47:16 -0800 + +openldap2.3 (2.3.30-2) unstable; urgency=low + + * Make sure that the pidfile directory doesn't exist in the init script. + (Closes: #402705) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Tue, 12 Dec 2006 21:34:44 +0100 + +openldap2.3 (2.3.30-1) unstable; urgency=low + + * New upstream release. + - Fixed authzTo/authzFrom URL matching. + - Fixed syncrepl consumer memory leaks. + - Fixed slapd-hdb livelock. + - Fixed slapo-ppolicy external quality check. + - Fixed ldapsearch(1) man page acknowledgement. + * Added patch to make sure that the pidfile directory exists. + (Closes: #390337) + * Do not ask the question allow ldap v2 logins when user wants manual + configuration. (Closes: #401003) + * Add patch to look also in /etc/ldap/sasl2 for sasl configuration. + (Closes: #398657) + * Removed db4.2-util recommend, the slapd binary includes checking code to + fix DB errors. + * Updated README in schema directory. It doesn't list collective.schema + anymore. (Closes: #287358) + * Updated manpages to point to right paths. (Closes: #398790) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 9 Dec 2006 20:50:58 +0100 + +openldap2.3 (2.3.29-1) unstable; urgency=medium + + [ Matthijs Mohlmann ] + * New upstream release. + - Fixes Denial of Service through a certain combination of LDAP BIND + requests (CVE-2006-5779) (Closes: #397673) + * LSB section added to the init script. + * Updated README.Debian about running as non-root user (Closes: #389369) + * Updated de translation (Closes: #396096) + * Added some documentation / warning when running slapindex as root. + * Remove drafts and rfc from the tarball. (Closes: #393404) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 11 Nov 2006 11:24:42 +0100 + +openldap2.3 (2.3.27-1) unstable; urgency=low + + [ Matthijs Mohlmann ] + * New upstream release. + * pidfile location is changed 3 years ago, when people are upgrading from + back then they have a broken slapd because the openldap user is not able + to write to /var/run. (Closes: #380687) + * Patches by Quanah Gibson-Mount <quanah@stanford.edu> + - Fix one time memleak on startup in the accesslog db. + * Changed priority of libldap-2.3-0 to optional as it is only used by slapd. + + [ Torsten Landschoff ] + * Remove RFC documents as they do not meet the DFSG. + + debian/rules: Check that the RFCs are gone to make sure it does not + get included again by accident. + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 2 Sep 2006 00:33:44 +0200 + +openldap2.3 (2.3.25-1) unstable; urgency=low + + [ Matthijs Mohlmann ] + * New upstream release: + - Accepts 'require none' in slapd.conf (closes: #370023). + - Added patch to fix a bold issue in the manpage ldapsearch. Thanks to + Matt Kraai. (Closes: #355670) + * Added commented out rootdn parameter in slapd.conf. (Closes: #303245) + * Make the scripts output a bit more consistent. + * Fix a regression in the slapd packages. Data directory is /var/lib/ldap + and not /var/openldap-data, also adjust the manpages to reflect these + change. Thanks to Peter Marschall. (Closes: #368891) + * Removed script move_files, dh_install is used instead. (Closes: #368896) + * Dutch translation already updated. Closes: #375101) + * Documented that slapd is compiled with TCP wrappers (Closes: #351428) + * dpkg-reconfigure slapd now just reinstalls slapd and moves old databases + to /var/backups. Already done in previous version (Closes: #230366, #208056) + + [ Torsten Landschoff ] + * debian/libldap-2.3-0.install: Ignore version information when installing + libraries. This way it does not need updating for each new upstream + release. + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Wed, 26 Jul 2006 18:05:40 +0200 + +openldap2.3 (2.3.24-2) unstable; urgency=low + + * Switch slapd from running as root to running as user. + (Closes: #292845, #261696) + * Changing configuration in slapd.conf by the postinst will now also follow + includes. (Closes: #304488) + * Patches by Quanah Gibson-Mount <quanah@stanford.edu> + - fix a lock bug with a virtual root entry in the BDB backend. + - fix boolean logic in the overlays. + - fix that slurpd can use ldaps. + - fix initialization of auditdb. + - fix TLS concurrency issues. + - fix exop password change that didn't reset pwdMustChange. + - fix syncrepl that fails when no rootdn is defined. + * Add dependency on adduser. + * Specify the PATH variable in the init script. (Closes: #367981) + * Added patch to read config before dropping privileges. + * epoll(4) system call is missing on kernels <2.6, this causes slapd to + not work on 2.4 kernels. Added patch that remove the #define in + portable.in (Closes: #369352, #372194, #373233) + * In 2.3.24 slapd won't segfault if the moduleload directive appears + somewhere else. (Closes: #349011) + * Removed fileutils dependency, it's superseeded in Sarge already. + (Closes: #370013) + * Use find in combination with mv to move an old directory away. + (Closes: #306435) + * Updated Dutch debconf translation (Closes: #365172) + * Added an example backup script that can be put into cron (Closes: #319477) + * Make the db directories 0700. On new installations this is the default. + (Closes: #354450) + * Get rid of a '.' in front of a domain. (Closes: #318143) + * Added shadowLastChange to the ACL in the default slapd.conf + (Closes: #370550) + * Updated Japanese translation (Closes: #378565) + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 17 Jul 2006 18:22:45 +0200 + +openldap2.3 (2.3.24-1) unstable; urgency=low + + [ Matthijs Mohlmann ] + * New upstream version. (Closes: #369544) + * Update patch slurpd-in-spool. (Closes: #368586, #368709, #368889) + * Added slapi-errorlog-file to be into /var/log (Closes: #368895) + * Removed patch configure.in-fix, incorporated upstream. + * Move debian/configure.options.new to debian/configure.options. + * Added patch to put ldapi socket in /var/run/slapd. + * Removed bdb recovery from the init.d script. This was introduced to fix + bug #255276. Now that slapd has the ability to check and recover from bdb + failures, this function is not needed anymore. (Closes: #369484, #369093) + * Updated the lintian overrides. + + [ Torsten Landschoff ] + * Include man pages for accesslog and auditlog overlays, patch by + Peter Marschall (closes: #368888). + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 1 Jun 2006 08:16:02 +0200 + +openldap2.3 (2.3.23-1) unstable; urgency=low + + [ Matthijs Mohlmann ] + * New upstream release. (Closes: #308906, #310282, #353877, #335618, #315158) + (Closes: #310282, #319155) + * OpenLDAP checks database before starting up. + (Closes: #190165, #195079, #294701, #308416) + * move_old_database_away isn't called in a while loop anymore (which would + kill debconf interaction) (Closes: #299100) + * BDB_CONFIG file will be installed on new installations (Closes: #301292) + * Move to dh_install. + * Move to quilt patch system. + * Fix manpage. + * Make ldiftopasswd and fix_ldif executable. (fixes lintian warnings) + * Wipe passwords after we created the initial configuration. + * The config scripts is runned twice, this causes the password in + slapd/internal/adminpw to be empty. This fixes the issue with having an + empty password in the ldap database. (Closes: #343113, #347725) + * Added #DEBHELPER# token to fix a lintian warning. + * bdb has changed between major versions, so dump the database and import it + again for versions before 2.3.19. + * Remove comments from debian/control (The out commented control information + is actually in debian/control.dev) + * Enable all backends and overlays with: --enable-backends=mod and + --enable-overlays=mod + * Add | debconf-2.0 to unblock cdebconf transition (Closes: #332053) + * Added Danish debconf translation (Closes: #353897) + * Updated French debconf translation (Closes: #320739) + * Updated Vietnamese debconf translation (Closes: #319706) + * Updated Czech debconf translation (Closes: #356554) + * Encode the organization to utf8 (Closes: #236097) + * Disabled the LDBM backend. Break in preinstallation if user doesn't want + to migrate to BDB backend. + * Removed choice for LDBM backend from slapd templates. And some explanation + in that question about the LDBM backend. + * Add sizelimit and tool-threads and some documentation to slapd.conf + (Closes: #327808) + * slapd.scripts-common had two functions with the same name. + * Don't return a error message if hostname fails. + * Backup the config only once on upgrade. + * For new installations do not install a DB_CONFIG file but use the + slapd.conf as file for BDB/HDB configuration parameters. See: slapd-bdb(5) + * Added various "exit 0" to the installation scripts. + * Add configure.in patch to fix C comparison what should be bash (ITS#4416) + * Raise debconf configuration level from low to medium for + slapd/no_configuration. + * Updated Standards-Version to 3.7.2.0 + * Added build-dependency on perl which is used in the debian/rules file. + Considered by lintian. + * Added lintian override for too-long-extended-description-in-templates, it + is an explanation about the backends. + + [ Steve Langasek ] + * debian/slapd.templates: Fix typo durin -> during; re-run + debconf-updatepo, fixing up the fuzzies (closes: #319596). + + [ Torsten Landschoff ] + * debian/slapd.scripts-common: Rename backend_supported to + upgrade_supported_from_backend for more clarity. + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 13 May 2006 00:28:11 +0200 + +openldap2.2 (2.2.26-4) unstable; urgency=low + + * [l10n] Vietnamese translations by Clytie Siddall (closes: #316623). + * debian/slapd.templates: Fix typos occured -> occurred (closes: #316624). + * libraries/libldap/url.c: Apply patch from upstream CVS to fix URI + parsing (closes: #317100). + + -- Torsten Landschoff <torsten@debian.org> Tue, 19 Jul 2005 20:52:17 +0200 + +openldap2.2 (2.2.26-3) unstable; urgency=low + + * [SECURITY] Applied the patch available at + http://bugzilla.padl.com/show_bug.cgi?id=210 + to force libldap to really use TLS when requested in /etc/ldap/ldap.conf + (cf. CAN-2005-2069). Clients still will use libldap2 from openldap2 + source package so this is only to prepare unleashing the libraries of + OpenLDAP 2.2 for unstable... + + -- Torsten Landschoff <torsten@debian.org> Sun, 3 Jul 2005 10:41:37 +0200 + +openldap2.2 (2.2.26-2) unstable; urgency=low + + * Assembled changes from patches supplied by Peter Marschall (thanks, + Peter): + | debian/move_files: Move slapd and slurpd to /usr/sbin and adjust symlinks + (closes: #316354). + + debian/slapd.links: Remove symlinks from /usr/sbin to /usr/lib. + | debian/rules: Don't install cron jobs needed for GnuTLS as long as we are + using OpenSSL. + | debian/control: Remove build-dependencies needed for GnuTLS + (closes: #316355). + + Require libsasl >= 2.1.18 as recommended by OpenLDAP project. + | Update quicktool patch from Quanah Gibson-Mount (closes: #316361). + | debian/slapd.init: Use /bin/sh as shell when running db_recover + (closes: #316350). + | debian/configure.options: Enabled dynlist and proxycache overlays + (closes: #316351). + + * debian/po/de.po: Apply typo correction patch (closes: #313809). + * debian/po/fr.po: Apply updates by Christian Perrier (closes: #315122). + + -- Torsten Landschoff <torsten@debian.org> Fri, 1 Jul 2005 12:53:18 +0200 + +openldap2.2 (2.2.26-1) unstable; urgency=low + + * New upstream release. + * debian/slapd.init: Run db_recover as the user configured for slapd + (closes: #311331). + * debian/po/cs.po: Add Czech translation by Miroslav Kure (closes: #312064). + * Run debconf-updatepo, oh my :( + * Update configure via libtoolize -cf; aclocal-1.4; autoconf2.50. + * configure.in: Try to fix memcmp check (probably does not work anymore, but + we should have a working memcmp on all Debian systems anyway). + * debian/rules: Remove config.{sub,guess} before installing new versions + (just in case there were symlinks for them...). + + -- Torsten Landschoff <torsten@debian.org> Tue, 21 Jun 2005 12:06:40 +0200 + +openldap2.2 (2.2.23-8) unstable; urgency=low + + * debian/DB_CONFIG: Fixed the log cache configuration (used the wrong + command so there was about no effect). + + -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:48:10 +0200 + +openldap2.2 (2.2.23-7) unstable; urgency=low + + * debian/slapd.scripts-common: Install the default DB_CONFIG for each + database loaded from LDIF which didn't have a DB_CONFIG before. + * (automatic) Updated config.sub and config.guess from autotools-dev. + + -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:08:37 +0200 + +openldap2.2 (2.2.23-6) unstable; urgency=low + + Torsten Landschoff <torsten@debian.org>: + * debian/po/ja.po: Merge updates from Kenshi Muto (closes: #303505). + * debian/po/fr.po: Merge updates from Christian Perrier (closes: #306229). + * debian/slapd.scripts-common: If the user enters the empty value for + the database dumping directory use the default value. Seems like the + readline interface does not care about the default value + (closes: #308234). + * debian/slapd.postinst: Make sure the debhelper commands are executed + in all cases (closes: #310422). + * Merged suggested changes by Eugene Konev to automatically run + db_recover before starting slapd (closes: #255276). + + debian/slapd.init: Run db_recover if enabled and available and no + slapd process running. + + debian/slapd.default: Add configuration option to disable it. + * Applied and improved patch by Matthijs Mohlmann to support migration + from ldbm to bdb backend. + + debian/slapd.config: Ask if migration is wanted. + + debian/slapd.postinst: Update configuration from ldbm to bdb if yes. + + debian/slapd.scripts-common: Implemented some parts in their own + functions. + * Add a README.DB_CONFIG.gz and reference it where referring to BDB + configuration. + * Update default DB_CONFIG with some senseful values. + + Steve Langasek <vorlon@debian.org>: + * libraries/libldap_r/Makefile.in: make sure the ximian-connector ntlm + patch is applied to libldap_r, not just to libldap + * debian/move_files: make libldap a symlink to libldap_r, as carrying + two versions of this library around is more trouble than it's worth, + and can cause glorious segfaults down the line + + -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:07:49 +0200 + +openldap2.2 (2.2.23-5) unstable; urgency=low + + Torsten Landschoff <torsten@debian.org>: + * debian/lintian-overrides: Add. Contains lintian warnings/errors to + override for each package (plus comments). + + debian/move_files: Automatically install applying overrides into + each package. + + Steve Langasek <vorlon@debian.org>: + * configure.in: reinstate the remainder of the fix for 195990 from + 2.1.22-2: give preference to -lpthread over -pthread in configure.in, + because some archs (mipsel, at least) don't like -pthread. + + -- Steve Langasek <vorlon@debian.org> Sun, 24 Apr 2005 05:01:02 -0700 + +openldap2.2 (2.2.23-4) unstable; urgency=low + + Torsten Landschoff <torsten@debian.org>: + * debian/control: Make the requirement for debconf a pre-dependency as + we are using it from the maintainer scripts. + * debian/slapd.preinst: Always use debconf (don't check for availability). + * debian/slapd.scripts-common: Remove the alert_user function which + was there to output an error message in case debconf is not available. + + Steve Langasek <vorlon@debian.org>: + * debian/fix_ldif: Add code to fix up oddly formatted integer attribs; + limited use because it only fixes those attributes that we have + prior knowledge of (i.e., those in the default schemas we ship), but + it's something at least. Closes: #302629. + * debian/fix_ldif: Also change fix_ldif to not chew up everything that + has a # in the line: treat lines beginning with # as comments, but # + is a valid character in an attribute value. + * debian/rules: Fix the check for missing lib symbols to use + LD_LIBRARY_PATH, so the package builds on systems that don't already + have libldap-2.2-7 installed. Closes: #305785. + * debian/po/ja.po: Use the partial translation provided by Kenshi Muto. + + Stephen Frost <sfrost@debian.org>: + * debian/slapd.scripts-common: Make sure - ends up at the end of the + bracket expression given to grep so it's not treated as a range + (closes: #302743). + + -- Steve Langasek <vorlon@debian.org> Sat, 23 Apr 2005 22:01:20 -0700 + +openldap2.2 (2.2.23-3) unstable; urgency=low + + Steve Langasek <vorlon@debian.org> + * libraries/libldap_r/Makefile.in: Code that uses pthreads *must* be + linked with -pthread, even if it's a library; without this, the + libldap_r library ends up with dangling unversioned reference to + pthread_create() which gets resolved to a wrong version that causes + segfaults on 64-bit platforms. Closes: #304549. + * debian/rules: error out on build if an installed library has + undefined symbols; future-proofing against a repeat of #304549. + * debian/slapd.postinst: don't dump and reload directories unless we + know we're upgrading from an incompatible version! Closes: #304840. + * debian/slapd.scripts-common: don't use merge_logical_lines for + functions that will be writing back to the config; the code is not + as pretty now, but the output is much less ugly. Closes: #303243. + * debian/slapd.examples, debian/slapd.scripts-common, + debian/slapd.links, debian/move_files: install DB_CONFIG in + /usr/share/slapd/ instead of /usr/share/doc/slapd/examples/; this + simplifies the code, and ensures users who don't install + /usr/share/doc aren't penalized. Create links for the DB_CONFIG and + slapd.confg templates to /usr/share/doc/slapd/examples, since these + are worthwhile examples as well. + * Updated maintainer scripts to keep DB_CONFIG for LDAP databases over + upgrades (closes: #265860). + * Move slappasswd to the slapd package, since it's now a symlink and + isn't actually useful without the slapd binary (closes: #304339). + + -- Torsten Landschoff <torsten@debian.org> Thu, 21 Apr 2005 01:29:57 +0200 + +openldap2.2 (2.2.23-2) unstable; urgency=low + + * debian/configure.options: Change localstatedir to /var from /var/run + as the current upstream version adds /run to that during runtime for + slapi sockets etc. Problem: The database location is specified relative + to localstatedir/openldap-data. Another thing to fix... + (closes: #298271, #304491). + * debian/slapd.scripts-common (load_databases): Reimplement automatic + fixing of LDIF data via the fix_ldif script. Only tried if an + initial slapadd using the original LDIF data fails. With this change + upgrading from woody for some simple cases does work again. + * Disabled the version check for Berkeley DB in upstream code. Any + libdb4.2 package should work but of course using the latest will give + you the best results (closes: #300851). + * debian/slapd.scripts-common (import_database): Removed, no longer used. + * debian/slapd.scripts-common: Store the diagnostic output from + slapadd and output it before aborting if the command failed. + * debian/po/fr.po: Use the translations provided by Christian Perrier + (closes: #304141). + * debian/slapd.scripts-common: Use the -q option during slapadd to + improve performance. + * debian/slapd.templates (slapd/dump_database_destdir): Apply rewording + changes from Thomas Prokosch. Gives the user more information about + the usage of that directory. + + Run debconf-updatepo to update the translation templates. + * debian/slapd.templates: Clean up the debconf templates of the slapd + packages by merging the changes suggested by Christian Perrier + (closes: #302829). Thanks, Christian! + + Changed the wording of some of the templates. + + Adapt to the DTSG (Debconf Templates Style Guide). + + Removed item slapd/admin which is not used anymore. + + Run debconf-updatepo and send new fr.po to Christian Perrier. + * debian/slapd.postinst: Make a backup copy of slapd.conf before changing + anything (closes: #304485). + * Trivial improvements: + + Don't ask to move contents of /var/lib/ldap if it does not even + exist (but also is not an empty directory...) in initial config. + + Move check for current installation status out of configure_dumping. + + -- Torsten Landschoff <torsten@debian.org> Thu, 14 Apr 2005 19:57:11 +0200 + +openldap2.2 (2.2.23-1) unstable; urgency=low + + * debian/slapd.scripts-common: Move all shell functions of the maintainer + scripts here to have it all in one place. + * Another pass over the maintainer scripts to remove cruft and tidy up + the code a bit. Fixed some bugs on the way. + * Test upgrade and installation revealed some bugs, mostly typos: + + return in shell actually is "return $?", not "return 0" as I though + + Referenced $src where $srcdir was meant. + + Only load old directories on upgrade and not during initial + installation. + + -- Torsten Landschoff <torsten@debian.org> Fri, 1 Apr 2005 18:50:21 +0200 + +openldap2.2 (2.2.23-0.pre6) experimental; urgency=low + + Torsten Landschoff <torsten@debian.org>: + * debian/slapd.postinst: Add a testing interface to test the helper + functions. + * debian/slapd.postinst: Make sure that debconf actually displays the + error message even if the user has already seen it before. + * debian/slapd.postinst (compute_backup_path): Make function more robust + in case we don't know the old version or the suffix of the database. + Converted the backup dir to a more simple scheme which should be save + against accidental overwriting. + * Rewrote part of the maintainer scripts for correct handling of + directory dumps in preinst. New debconf questions etc. + * Move the manpage of slappasswd to ldap-utils where slappasswd itself + is included (closes: #300212). + + debian/control: Add Replaces: slapd << 2.2.23-0.pre6 to ldap-utils. + + debian/move_files: Move slappasswd manpage into ldap-utils. + * debian/slapd.config: Don't fail if hostname is unset (pulled from + Ubuntu, thanks to Jeff Bailey). + * Applied patch by Quanah Gibson-Mount (directory administrator of Stanford) + to add -q option to some tools for quick operation without updating + logs. This is mostly for importing directories from LDIF backups. + * Go back to libdb4.2 as OpenLDAP is known to have problems with BDB 4.3. + + debian/control: Update dependencies for BDB 4.2. + + debian/slapd.scripts-common: Mark all databases before this version + as incompatible. + * Fix some bashisms in maintainer scripts. + * debian/slapd.postinst: Include the version of the backup in the + backup of a database directory. + + Carlo Contavalli <ccontavalli@debian.org>: + * debian/slapd.init: Print command line if starting a daemon failed. + * debian/slapd.postinst: Handle hdb backend just as if it was bdb. + * debian/README.Debian: Add some notes about DB_CONFIG and how to run + slapd under a different uid/gid. + * Install an example DB_CONFIG file during initial configuration + + slapd.postinst: Add a function to implement this and hook it into + create_new_configuration. + + debian/DB_CONFIG: Example DB_CONFIG that is installed. + + debian/slapd.examples: Mark DB_CONFIG as an example. + * servers/slapd/daemon.c: Actually change the permissions of the + unix socket if requested using an ldapi url with x-mod. + * debian/slapd.scripts-common: change privileges of upgraded databases + as indicated by SLAPD_USER and SLAPD_GROUP variables. + * debian/slapd.scripts-common,slapd.postinst: corrected some minor + typos. + + -- Torsten Landschoff <torsten@debian.org> Fri, 1 Apr 2005 12:26:35 +0200 + +openldap2.2 (2.2.23-0.pre5) experimental; urgency=low + + * Apply NTLM patch from ximian-connector source package. + * debian/slapd.postinst: Fix small typo leading to upgrade failures. + Added some notes while wading through maintainer scripts. + * debian/slapd.postinst: Make slapadd more noisy, writing the new + directory to stderr if something goes wrong (should help for + bug #236097). + * Make slapd.init idempotent by adding --oknodo to start-stop-daemon + invocations (closes: #298741). Kudos to Bill Allombert for this + patch. + * slapd.postinst: Try to fix slapd.conf for syntactic and semantic changes + introduced upstream into 2.2.x. + * slapd.scripts-common: Make sure directories before 2.2.23 are dumped + and reloaded on upgrade. + + -- Torsten Landschoff <torsten@debian.org> Fri, 11 Mar 2005 18:54:57 +0100 + +openldap2.2 (2.2.23-0.pre4) experimental; urgency=low + + * Rename libldap2.2 to libldap-2.2-7 to match soname. Updated + debian/{control,rules,...}. + * Checked the usage of the ucdata files shipped with libldap2 before. + Actually they stem from liblunicode which is only linked to slapd. + Therefore those files are shipped with slapd now. This change is + relevant so that multiple libldap-2.2-x packages can coexist later. + * debian/control: Updated for slapd replacing files from libldap2. + * debian/control: Recommend db4.3-util instead of db4.2-util as we are + using the former version now for slapd. + * debian/control: Add Build-Depends for libperl-dev, this time for + real. I wonder what went wrong last time as it built correctly with + pdebuild (closes: #297123). + + -- Torsten Landschoff <torsten@debian.org> Mon, 28 Feb 2005 15:17:52 +0100 + +openldap2.2 (2.2.23-0.pre3) experimental; urgency=low + + * debian/slapd.prerm: Reformat and fix double stopping of slapd. Find + out which bug we are working around and document it. + * debian/configure.options: Enable ACI support (closes: #101602). + Looked through the source code and it seems to be properly + insulated to not make a difference when not used. + * .../Makefile.in: Remove -s option from install invocations and let + dh_strip handle stripping binaries (closes: #264448). + * debian/slapd.postinst: Code cleanup and reading, unused and duplicate + code removed. Main body still needs fixing. + * debian/slapd.postinst: Fixed chmod --reference calls to keep the + permissions of slapd.conf. Putting data into the file using shell + redirection recreates the file with default umask and owner, killing + the permissions we applied using chod --reference after creating the + file. Instead we change the permissions directly before renaming the + file now. Wrapped it into a function and update the owner as well. + How do we do this correctly for ACLs etc.!? Thanks to Carlo Contavalli + for pointing this out. + * servers/slapd/main.c: Log a warning if writing the pidfile or writing + the arguments file fails (closes: #261696). + * debian/control: Add missing build dependency for perl development + library (closes: #297123). + + -- Torsten Landschoff <torsten@debian.org> Sun, 27 Feb 2005 17:44:03 +0100 + +openldap2.2 (2.2.23-0.pre2) experimental; urgency=low + + * servers/slurpd/slurp.h: Relocate the default spool directory to + /var/spool/slurpd again. + * Merged some changes done by Fabio M. Di Nitto for the ubuntu + distribution (thanks, Fabio!): + + debian/slapd.{postinst,conf}: Checkpoint BDB databases every 512kb + or 30 minutes by default. + + debian/slapd.scripts-common: Make is_empty_dir less noisy on first + install (cosmetic). + * Applied some changes suggested by Ondrej Sury: + + debian/rules: Add MAKEVARS variable and set datadir = + /usr/share/libldap2.2/ucdata instead of changing build/top.mk as + suggested. + + debian/move_files: Install /usr/share/libldap2.2 into libldap2.2 + and remove duplicate ldap.conf manpage. + + debian/control: Let libldap2.2 dependon libldap2 for config files. + * Also in Ondrej's patch: + + doc/man/man8/slapd.8: Refer to slapd.conf instead of ldap.h for + loglevel documentation. Changed by ubuntu? I don't know... + * debian/slapd.README.Debian: Update TLS/SSL information. + + -- Torsten Landschoff <torsten@debian.org> Fri, 25 Feb 2005 14:44:59 +0100 + +openldap2.2 (2.2.23-0.pre1) experimental; urgency=low + + * Merge new upstream release 2.2.23. + * Change name of source package to openldap2.2. + * configure.in: Fix AC_LIBOBJ for configure2.50. + * Run libtoolize, aclocal-1.4 and autoconf2.50 to get a working + configure script. + * debian/slapd.init: Output failure reasons using "$failure" so that + no glob substitution is done. Had a hard time grokking why slapd + would mention the contents of the current directory in its error + message... + * debian/rules: Disable building -dev packages as we don't want + other packages to link against the new libraries before sarge. + Remove the binary-indep target from the binary dependends list. + * debian/control: Move packages that are no longer build into control-dev. + * debian/configure.options: Build against OpenSSL with --with-tls + (this can only be done for slapd itself, we need GnuTLS support + before enabling this for libldap2.2-dev). + * debian/control: Update build dependencies for libdb4.3 and OpenSSL. + + -- Torsten Landschoff <torsten@debian.org> Wed, 23 Feb 2005 19:29:38 +0100 + +openldap2 (2.2.18-0.pre2) experimental; urgency=low + + * debian/check_config: Make sasl2 check more robust against file + format changes in config.status. + * debian/libldap2.shlibs: Remove. + * Update configure script using libtoolize, aclocal-1.4 and autoconf2.50 + to fix wrong shared library dependency in libldap2.2 (depended on + libldap2 by linking against the system's liblber). + * debian/libldap2.README.Debian: Move to libldap2.2.README.Debian. + * Lintian cleanup: + + Run debconf-updatepo for debian/rules clean and manually as + requested. + + Update config.guess and config.sub in debian/rules clean as well. + First update done. + + debian/rules (install): Fix the manpage section of the admin commands + from 8C to 8. + + debian/rules (binary-arch): Run dh_fixperms to fix the permissions + on shared libraries. + + -- Torsten Landschoff <torsten@pulsar.galaxy> Thu, 13 Jan 2005 11:53:28 +0100 + +openldap2 (2.2.18-0.pre1) experimental; urgency=low + + * New upstream release. + * Disable TLS for now. + * debian/rules: Don't run autoheader and autoconf. + * debian/configure.options: Recreated and updated for new setup. + * debian/rules: Move slapd, slurpd from /usr/lib to /usr/sbin. + * Rename library packages to include the OpenLDAP version. + * Remove /etc/ldap/ldap*.conf from libldap2.2 to avoid clash with + libldap2. Also add Replaces entry for libldap2 to allow overwriting + for now. Needs fixing... + * Instead of moving slapd from /usr/lib to /usr/sbin create a symlink. + Seems like slapadd etc. are now all included in the slapd binary + and all link to its binary. + * debian/rules: Run dh_link for arch dependend packages. + * configure: Fix broken libdb checking which forced static building of + back-bdb. + * debian/slapd.conf: Fix access directive to use "attrs=" instead of + "attribute=" which wasn't officially supported anyway. + + -- Torsten Landschoff <torsten@debian.org> Wed, 3 Nov 2004 09:57:14 +0100 + +openldap2 (2.1.30-3) unstable; urgency=high + + * Urgeny high since previous releases were hardly usable (at least + with TLS). + * Roland Bauerschmidt <rb@debian.org> + + libraries/libldap/gnutls.c, libraries/libldap/tls.c, + include/ldap_pvt_gnutls.h: Use callback with + gnutls_certificate_set_params_function to generate dh_params and + rsa_params (this is also the way, it's done with OpenSSL). We need + GNUTLS 1.0.9 for this. With the new version of libgcrypt, we also + need to initialize threading explicitly. The previous + segmentation faults resulted from the *global* param structure + being recreated and freed for every session. Many thanks to + Matthias Urlichs who helped debugging a lot and also packaged + GNUTLS 1.0.16 very quickly... Closes: #244827. + + debian/control: Add build dependency to libgcrypt11-dev (we're + initializing it directly now) and change libgnutls10-dev to + libgnutls11-dev. + + libraries/libldap/gnutls.c: in tls_gnutls_need_{dh,rsa}_params + (formerly ldap_gnutls_need_...), create temp files more securely, + doing unlink before opening and opening them with O_EXCL. This is + necessary because under Linux 2.6 all threads have the same PID. + Thanks to Andrew Suffield for pointing this out. + + debian/slapd.cron.daily: cron job to remove GNUTLS rsa_export and + dh param cache files every day. + + debian/slapd.README.Debian: add note that we use GNUTLS rather + than OpenSSL. + + -- Roland Bauerschmidt <rb@debian.org> Mon, 26 Jul 2004 18:41:23 +0200 + +openldap2 (2.1.30-2) unstable; urgency=low + + * Roland Bauerschmidt <rb@debian.org> + + debian/slapd.scripts-common: add missing space before ! + Closes: #251036, #253633, #257513. + * Torsten Landschoff <torsten@debian.org> + + Applied patch by Ralf Hack to support non-standard config file + location in /etc/default/slapd (closes: #229195). + + Applied patch to fix handling of abandoned commands + (closes: #254183). Thanks to Peter Marschall for submitting it. + + Applied patch to fix memory leak after search (closes: #254184). + Thanks again, Peter! + + Applied trivial patch to support logging to DAEMON facility + as well as LOCAL* (closes: #254186). Here you are, Peter ;) + + -- Roland Bauerschmidt <rb@debian.org> Fri, 09 Jul 2004 15:56:06 +0200 + +openldap2 (2.1.30-1) unstable; urgency=low + + * Torsten Landschoff <torsten@debian.org>: + + debian/control: Have slapd conflict with libltdl3 version 1.5.4-1 + as with that version loading of .so files is broken which breaks + slapd (closes: #249152). + + Applied patch to fix Perl backend (closes: #245347). Kudos + to Peter Marschall. + + debian/configure.options: Enable building of Perl backend. + + * Roland Bauerschmidt <rb@debian.org> + + debian/slapd.templates: replace 'domain' with 'DNS domain name' + which is little more specific + + debian/slapd.config: check if the domain has a valid syntax to + prevent slapadd from failing. Closes: #235749. + + New upstream version with fix for NS-MTA-MD5 hash length + checking. Closes: #226583. + + -- Torsten Landschoff <torsten@debian.org> Mon, 24 May 2004 23:33:21 +0200 + +openldap2 (2.1.29-2) unstable; urgency=low + + * Roland Bauerschmidt <rb@debian.org> + + debian/rules: Revert change to install ldapadd as symlink. + Somehow, with that change, ldapadd didn't get installed at all. + Closes: #243537. + + -- Roland Bauerschmidt <rb@debian.org> Tue, 13 Apr 2004 19:49:55 +0200 + +openldap2 (2.1.29-1) unstable; urgency=low + + * Stephen Frost <sfrost@debian.org> + + libraries/gnutls.c: Generate and store RSA/DH parameters, + based off a patch by Petr Vandrovec (though changed alot). + Closes: #234639, #234593 + + * Roland Bauerschmidt <rb@debian.org> + + Merged new upstream release. + + debian/slapd.prerm: add #DEBHELPER# token. + + debian/control: have slapd depend on debconf (>= 0.5) to ensure + it supports the seen flag. + + debian/rules: ldapadd is installed as a hardlink to ldapmodify; + use a symlink instead. + + debian/slapd.{scripts-common,postinst,preinst,config}: Add new + function read_slapd_conf that evaluates include statements. + + -- Torsten Landschoff <torsten@debian.org> Mon, 12 Apr 2004 15:27:55 +0200 + +openldap2 (2.1.26-1) unstable; urgency=low + + * Torsten Landschoff <torsten@debian.org>: + + Merged new upstream release. + + debian/slapd.templates (slapd/purge_database): Set default value to + false. + + debian/slapd.config (manual_configuration_wanted): Don't exit + from the script directly if the user wants to configure + slapd manually (exit 0 -> return 0). + + Build-depend on libgnutls10-dev instead of libgnutls7-dev and + rebuild (closes: #233833). + + Move previous content of /var/lib/ldap away during creation of + an initial directory (closes: #228886, #233512). + + debian/slapd.postrm: Remove flag files in /var/lib/slapd on purge. + + Removed functionality (verbose error messages) from gnutls.c until + it compiled with libgnutls10-dev :-(( + + debian/slapd.postinst: Overwrite existing /etc/ldap/slapd.conf (only + reached during initial installation/dpkg-reconfigure). + + -- Torsten Landschoff <torsten@debian.org> Mon, 23 Feb 2004 09:36:32 +0100 + +openldap2 (2.1.25-1) unstable; urgency=low + + * Roland Bauerschmidt <rb@debian.org>: + + New upstream version. + - Build against libdb4.2. Hopefully, this resolves the BDB + lock ups when configured improperly. + + debian/control: Have ldap-utils depend on the same version of + libldap2, and libldap2 conflict with ldap-utils (<= 2.1.23-1). + Closes: #216661. + + debian/slapd.{templates,config}: Check if there are slave + databases in slapd.conf lacking an updateref option, and warn + about it. Closes: #216797. + + debian/slapd.{templates,config,postinst,conf}: Ask which + database backend to use (BDB or LDBM). + + debian/slapd.README.Debian: cleanup + + servers/slapd/back-bdb/dbcache.c: Turn off subdatabases. This + is an incompatible database format change, but according to + Howard Chu "using them (subdatabases) is known to cause deadlocks + on multiprocessor machines, among other issues." + + debian/control: add Recommends: db4.2-util to slapd + + debian/control: add Recommends: libsasl2-modules to slapd and + ldap-utils. Closes: #224058. + + debian/slapd.{scripts-common,preinst,postinst}: Extended dump + and restore code to deal with different versions for different + backends. + + debian/control: Geez, centipede seems to have vanished a long + time ago. So don't claim it's included in the slapd package. + + debian/slapd.docs: created with servers/slapd/back-sql/ + rdbms_depends. Closes: #225807. + + * Torsten Landschoff <torsten@debian.org>: + + debian/move_files: Install slappasswd into ldap-utils instead + of slapd as it's useful without slapd as well (closes: #228705). + + debian/control: Make ldap-utils Replaces: slapd < 2.1.25 because + of that change. + + debian/control: Use libdb4.2-dev instead of libdb4.1-dev as a + number of problems seem to be related to DB 4.1. + + -- Torsten Landschoff <torsten@debian.org> Fri, 6 Feb 2004 20:48:22 +0100 + +openldap2 (2.1.23-1) unstable; urgency=low + + * Roland Bauerschmidt <rb@debian.org>: + + New upstream version. + + Applied fix for admin password breakage from Michael Beattie + <mjb@debian.org>. Closes: #214270. + + Added Dutch Debconf template translation by cobaco@linux.be. + Closes: #215373. + + Bumped Standards-Version (no changes needed). + + * Torsten Landschoff <torsten@debian.org>: + + debian/move_files: Install slappasswd into ldap-utils instead + of slapd (closes: #228705). + + -- Roland Bauerschmidt <rb@debian.org> Sat, 18 Oct 2003 19:56:54 +0200 + +openldap2 (2.1.22-3) unstable; urgency=low + + * Call perl -w to run debian/dh_installscripts-common. Closes: #214054. + + -- Roland Bauerschmidt <rb@debian.org> Sat, 4 Oct 2003 14:22:11 +0200 + +openldap2 (2.1.22-2) unstable; urgency=high + + * Stephen Frost <sfrost@debian.org> + + servers/slapd/daemon.c: Apply patch from head for select handling. + + debian/rules: Fix build options to optimize correctly and to use + DEB_BUILD_OPTIONS (Policy, 10.1). Closes: #202306 + + debian/slapd.conf: Add in ACL for root DSE explicitly. + + debian/slapd.init: Add --oknodo in stop_slurpd. Closes: #202592 + + debian/rules: Need quotes around $(CFLAGS) on configure line. + + debian/slapd.init: Remove \'s before quotes around pidfile. + + debian/slapd.init: Add support for -h slapd flag. Closes: #201991 + + debian/slapd.default: Add variable $SLAPD_SERVICES for slapd -h. + + libraries/libldap/tls.c: Apply patch from asuffield in #202741 to + fix subjectAltName usage. Closes: #202741 + + * Torsten Landschoff <torsten@debian.org>: + + Fix invocation of "head" in maintainer scripts and replace usage of + [ foo -a bar ] by [ foo ] && [ bar ] (closes: #203292). + + debian/slapd.postrm: Small cleanup, only remove the directory, not + the backups, on purge. + + debian/rules: Don't run the upstream install target if we did not + rebuild the whole tree. Makes debugging maintainer script much more + tolerable. + + debian/slapd.config: Cleaned up and restructured for readability. + + debian/slapd.templates: Replaced the invalid_suffix template with + invalid_config which is more general and can be used for any + inconsistency in the initial configuration. + + debian/slapd.postinst: Rewritten to eliminate all that spaghetti. + Did not yet implement all old features again... + - Now the #DEBHELPER# part is always reached so that the daemon + will be restarted even if no automatic configuration is wanted + (closes: #204008). + + Fixed the undefined symbols in libldap_r.so.2 (closes: #195990). + | configure.in: Try -lpthread before -pthread to link the thread + library. libtool does not pass -pthread through, -lpthread seems + to work though. + | libraries/libldap_r/Makefile.in: Add $(LTHREAD_LIBS) to + UNIX_LINK_LIBS so that pthread is linked when creating a shared library + as well. + + * Roland Bauerschmidt <rb@debian.org>: + + debian/configure.options: change --localstatedir=/var/lib to + --localstatedir=/var/run. Since localstatedir isn't used anywhere + in the code, except for the ldapi socket (and examples in the + manpages which are correct at the moment anyway), all this change + does should be changing the default location of the ldapi socket + from /var/lib/ldapi to /var/run/ldapi. Closes: #160965. + + libraries/libldap/tls.c: In get_ca_list, walk through CACERTDIR + manually if building against GNUTLS (since there is no equivalent + to SSL_add_dir_cert_subjects_to_stack). Closes: #205609. + + debian/slapd.preinst: create /var/backups/ldap/$oldver with + permissions 0700. Also change permissions for /var/backups/ldap + to 0700 if it already exists. Closes: #209019. + + Added Japanese translation of Debconf templates by Kenshi Muto + <kmuto@debian.org>. Closes: #210731. + + debian/slapd.{postinst,preinst,config}: Replaced duplicate + implementations of the same functions with one version and moved + those into debian/slapd.scripts-common which will be included by + debian/dh_installscripts-common. + + debian/slapd.preinst: before dumping the database, check if the + backend is supported + + debian/slapd.postinst: + - add -q to grep call for allow bind_v2 + - readded pre-2.1 (woody) upgrade path (that is, dumping, fixing + and reimporting the database) + + -- Roland Bauerschmidt <rb@debian.org> Fri, 3 Oct 2003 15:35:29 +0200 + +openldap2 (2.1.22-1) unstable; urgency=low + + * Stephen Frost <sfrost@debian.org>: + + New upstream version (minor changes). + + debian/control: Change build-deps to autoconf2.13, Closes: #201482 + + debian/rules: Add dh_compress -i for binary-indep. + + debian/slapd.postinst: Give variable for read (avoids bashism). + + configure/.in: Use upstream's version of back-meta/back-ldap fix. + + -- Stephen Frost <sfrost@debian.org> Wed, 16 Jul 2003 08:42:23 -0400 + +openldap2 (2.1.21-2) unstable; urgency=low + + * Stephen Frost <sfrost@debian.org>: + + debian/slapd.preinst: slapcat here if possible, if slapcat not + available then slapcat in postinst. Also remove old unused + function. + + debian/slapd.postinst: Check if slapcat in preinst worked and use + those results in preference. Also moved to using /var/backups/ldap. + + servers/slapd/daemon.c: Provide more information on socket/bind + failures. Patch submitted upstream. Closes: #94967. + + ./configure, ./configure.in: Fix check for back_ldap in back_meta. + back_ldap now included as module. back_ldap and back_meta appear + to load fine, though order may matter. Closes: #196995. + + debian/control: Add versioned Depends on perl, need recent version + for migration script. + + debian/slapd.{pre,post}inst: Allow for whitespace in postinst + before database definitions + + debian/control: Drop the libldap2-dev Depends that aren't actually + necessary. + + debian/slapd.preinst: Add create_sed_script to create the script to + deal with multi-line commands in slapd.conf. Modify things to use + sed script to preprocess slapd.conf before using it. Remove + support for whitespace preceeding commands. + + debian/slapd.postinst: Add create_sed_script here too and modify + everything to use it as necessary. Also change everything to + reference $SLAPD_CONF instead of /etc/ldap/slapd.conf everywhere. + Remove support for whitespace preceeding commands. + + debian/slapd.postinst: Removed all tabs. Changed all sed scripts + to used [:space:] instead of [space tab]. + + debian/slapd.postinst: Removed debugging statements from ldap_v2 + support handling code. + + debian/slapd.preinst: Changed to use mktemp for sed script. + + debian/slapd.postinst: Changed to use mktemp for sed script. + + debian/slapd.config: If no hostname set just use debian.org. + + contrib/ldapc++/config.{sub,guess}: Resync back to upstream, no + reason not to, we don't even build this stuff... + + debian/control: Change build-depends to libgnutls7-dev instead of + libssl-dev. + + debian/rules: Now run autoconf && autoheader to pick up on the + configure.in changes needed for GNU TLS. + + debian/copyright: Added Steve Langasek (SL) copyright statement. + + Patch from Steve Langasek for GNU TLS support, Closes: #198553 + | include/ldap_pvt_gnutls.h: Added for GNU TLS + | configure.in: Now uses GNU TLS where available. + | servers/slapd/schema_init.c: Modified for GNU TLS- some functions + removed because GNU TLS layer does not support them yet. + | build/install-sh: Added for new autoconf. + | libraries/libldap/Makefile.in: Changed to compile GNU TLS portions. + | libraries/libldap/getdn.c: Stub function added, GNU TLS layer does + not support TLS certificates for authentication yet. + | libraries/libldap/tls.c: Now calls GNU TLS functions instead of + OpenSSL. + | libraries/libldap/gnutls.c: Added to support GNU TLS in place of + OpenSSL for TLS connections. + | libraries/libldap_r/Makefile.in: Changed to compile GNU TLS portions. + + debian/slapd.postinst: remove temp file if upgrading or doing a + reconfigure but the OLDSUFFIX and basedn match so that we do not + move an empty file overtop of slapd.conf. Closes: #190797. + + debian/slapd.init: Inform user when not starting slapd due to + no configuration file found. Deals with users who select to not + configure slapd during installation. + + debian/slapd.init: Removed cat <<-EOF and got rid of associated + tabs; best to not depend on tab vs. space distinction. + + debian/slapd.config: Change debconf question names to be fully + qualified in the $var from the for loop- organization is under + shared/ and domain is under slapd/, not both under slapd/. + + debian/slapd.postrm: Can not depend on debconf being around in + postrm so check before attempting to source it. Also protect + against failure from db_get. + + debian/slapd.postinst: Check for old directory and move it out + of the way if it exists on new configure or reconfigure. + + debian/slapd.postinst: Fix db_input's for error messages, + should be high priority and need to || true them. + + debian/slapd.postinst: Do not error exit once we've told the + user about the problem, if there was one, with slapcat/slapadd. + + debian/slapd.postinst: Make sure we get the organization before + we attempt to fix_ldif on old slapcat output. Default to unknown + if the organization is not set. + + debian/slapd.postinst: Be sure that slapd has been stopped before + attempting to fix and slapadd old slapcat. + + debian/slapd.postinst: Do not use --exec with s-s-d in postinst. + + debian/slapd.postinst: grep calls need to be || true'd when no + matching lines found is possible (this case is handled). + + debian/slapd.postinst: Be very sure slapd has stopped before + attempting to upgrade database. + + debian/slapd.preinst: Use either the pidfile or exec if pidfile + is not available when stopping. Do not put \"\" around pidfile. + Use $oldver instead of $2. + + debian/slapd.config: Reask questions on a reconfigure. Use the + same logic as slapd.postinst for when to ask questions regarding + the db. Be sure to db_go after db_input's. + + debian/slapd.templates: Fix allow_bind_v2 short description to + make more sense since the default is off. + + debian/slapd.preinst: Use perl instead of sed for handling conf. + + debian/slapd.postinst: Use perl instead of sed for handling conf, + use old sed method to insert \n's, user invoke-rc.d when slapd + needs to be stopped. Assume preinst shuts slapd down for upgrade. + + debian/slapd.postinst: Only stop slapd on reconfigure. + + * Torsten Landschoff <torsten@debian.org>: + + doc/man/man8/slapd.8: Refer to slapd.conf(5) for a description of + the debugging level (closes: #176980). + + debian/move_files: Kill of the static archives of our backend + modules as they are of absolutely no use. + + * Steve Langasek <vorlon@debian.org>: + + debian/slapd.postinst: Add a new function, get_database_list, that + prints out the list of configured databases from slapd.conf + one row at a time. Move all of the upgrade handling into a + loop, and iterate through the configured databases. Since the + while loop is in fact a subshell, be sure to handle errors + correctly. We also have to look at the configured directory + for each database, instead of assuming /var/lib/ldap. + Closes: #190155, #190156. + + debian/slapd.preinst: Simplify the handling of error status: if + the slapcat fails, just remove the ldif file. Also, add the + suffix to the name of the output file, and add the + get_database_list function here as well. + + * Roland Bauerschmidt <rb@debian.org>: + + debian/rules: call dh_makeshlibs with -plibldap2 rather than just + with libldap2 + + debian/slapd.postinst: Add question about no configuration. + + debian/slapd.templates: Add template for no config question. + + debian/slapd.templates: Add template for invalid suffix. + + debian/slapd.config: Add no configuration option. Closes: #87986 + + debian/slapd.config: Complain to the user on invalid domain/org. + + -- Stephen Frost <sfrost@debian.org> Tue, 15 Jul 2003 12:37:05 -0400 + +openldap2 (2.1.21-1) unstable; urgency=low + + * Torsten Landschoff <torsten@debian.org>: + + Merged new upstream release. + + * Stephen Frost <sfrost@debian.org>: + + debian/control: Add libbind-dev and bind-dev to the conflicts for + slapd, the libs in them can end up being used even when not + compiled against causing getaddrinfo() to fail. Closes: #166777 + + debian/copyright: Flush out the copyright file to include all found + copyrights and updates to those. + + debian/copyright: Add clarification of MA license + + debian/copyright: Add clarification of JC license + + debian/slapd.templates: More clearly inform users of important + config change. Closes: #194192. + + debian/control: Remove patch from build-depends (dpkg-dev depends on it) + + debian/fix_ldif: Correctly handle base64-encoded DNs. Closes: #197014. + + debian/slapd.templates: Added templates for asking about LDAPv2 support + and telling the user of slapcat/slapadd failures during upgrade. + + debian/slapd.postinst: Added support for adding LDAPv2 support + + debian/slapd.postinst: Modified to handle slapcat/slapadd failure. + In the event of an upgrade failure the database will be left untouched + and the user notified. Closes: #192431 + + debian/slapd.postinst: Use ldif_dump_location in more places... + + debian/slapd.prerm: Check if upgrade failed and assume bad old init.d + script was used and attempt to shut down slapd with --oknodo in case + slapd isn't running. Closes: #193854. (Again) + + debian/slapd.conf: Add commented out allow line + + debian/rules: Tell dh_installinit to not touch slapd.prerm now. + + debian/slapd.postinst: Do a dry-run with slapadd first and check if + that worked or not. If it did not work then tell the user, otherwise + do a real slapadd which should work. + + debian/slapd.postinst: Make sure slapd is stopped before doing + slapadd/slapcat's and the like. (Note: The woody version does not + stop slapd). Closes: #189777. + + debian/slapd.postinst: Check if directories exist before attempting + to mkdir them. Closes: #189947 + + debian/slapd.README.debian: Add note about runlevel issue. + Closes: #175736 + + debian/move_files: Copy ldiftopasswd into /usr/share/slapd for users + to use, if they find it useful. Closes: #94963. + + debian/slapd.README.Debian: Added note about ldiftopasswd. + + * Roland Bauerschmidt <rb@debian.org>: + + debian/slapd.postinst: fixed typos and check for the existence of + slapd.conf before reading it. + + -- Torsten Landschoff <torsten@debian.org> Thu, 19 Jun 2003 17:35:32 +0200 + +openldap2 (2.1.17-3) unstable; urgency=low + + * Stephen Frost <sfrost@debian.org>: + + debian/slapd.init: Add --oknodo for stopping slapd. Closes: #192423, #193854. + + debian/slapd.init: Change START_SLURPD to SLURPD_START. Closes: #190724. + + debian/libldap2.shlibs: Bump to 2.1.17- 2.1.12 never hit the archive. + These should only be bumped when new symbols are added so we should + figure out a way to handle checking that. + + debian/slapd.dirs: Added /var/run/slapd for pidfile + + debian/slapd.conf: Moved pidfile to /var/run/slapd; Needed if running + non-root. + + debian/slapd.conf: Clean up config file, be more explicit about what + directives are 'general', 'backend', and 'database'. Moved and + commented out 'replogfile' since it is database specific, wasn't doing + anything where it was and use of it depends on slurpd usage. + I consider this solving #151511 since we don't ask if you want to use + replication anymore anyway. Closes: #151511 + + debian/copy_slapd_dev_files: Added to copy the include files for + building slapd back-ends. + + debian/control: Add warning about libslapd2-dev + + debian/control: Add build-depend on po-debconf for dh_installdebconf + + debian/slapd.default: Add option for settings SLAPD_CONF file + + debian/slapd.init: Changed to use SLAPD_CONF, setting it to + /etc/ldap/slapd.conf if it is not specified. Closes: #91318 + + debian/control: Added libslapd2-dev to control file. Closes: #192163. + + debian/rules: Added binary-indep to the binary: build line and flushed + it out to build the libslapd2-dev deb. Added -k to dh_clean since we're + building arch and indep debs now. + + Maintainer upload, acknowledge NMU. Closes: #98039. + + Add debian/po/fr.po from 194740. Closes: #194740 + + Add space before ']' on line 113 of postinst. Closes: #194192, #194943 + + * Torsten Landschoff <torsten@debian.org>: + + debian/control: Enforce libldap2 to be the same version as slapd + as slapd (legitimately) uses internal functions of that library + (closes: #190164). + + debian/slapd.postinst: Fix the regexp for finding the database + definitions. + + * Steve Langasek <vorlon@debian.org>: + + debian/slapd.preinst: don't use debconf or ldapsearch in the + preinst, as this is a policy violation (even if a previous + version was installed, it could've been removed-but-not-purged). + Closes: #189811, #195029. + + debian/slapd.{pre,post}inst: dump & fix up the directory in the + postinst, not in the preinst -- using slapcat/slapadd, not + ldapmodify. This ensures that the dump will succeed whenever the + database is present, rather than depending on access to an admin + dn. Closes: #190085. + + debian/fix_ldif, debian/move_files, debian/copyright: add Dave + Horsfall's dn-fixing script, to handle objectClass upgrading + + debian/slapd.postinst: Skip the duplicate prompting for the + organization name; we're guaranteed to always have one. + + -- Torsten Landschoff <torsten@debian.org> Fri, 6 Jun 2003 16:56:16 +0200 + +openldap2 (2.1.17-2) unstable; urgency=low + + * The who-says-slavery-is-dead upload. + * Steve Langasek <vorlon@debian.org>: + + debian/slapd.postinst: Fix the database regexp. + + debian/slapd.postinst: Only add moduleload lines *once* on upgrade + from 2.0. Wrap the backup code with a check for + /var/lib/slapd/upgrade_2.0, to guarantee idempotency. + Closes: #190401. + + debian/slapd.{config,templates,postinst}: On dpkg-reconfigure, + don't wipe out an existing config; only merge in any requested + changes. Also, prompt before wiping out the existing db. + Closes: #190799. + + debian/slapd.{postinst,examples},debian/rules: Move slapd.conf + from doc/slapd/examples to /usr/share/slapd, per policy. + + debian/slapd.postinst: make sure slapd.conf is always created + atomically. + + debian/slapd.postrm: If removing databases on package purge, + remove any database backups as well. + + * Torsten Landschoff <torsten@debian.org>: + + debian/configure.options: Disable ACIs because they are still + experimental. + + debian/control: Change section and priority of libldap2-dev to + libdevel and extra respectively (dinstall message). + + debian/slapd.preinst: Only query the object classes of the root + dn if there was no error parsing the config. + + Update templates for po-debconf using the patch submitted by + Andre Luis Lopes (closes: #189933). + + Use [[:space:]] instead of [\t ] in sed invocations since the + latter does not seem to work (reported by Daniel Lutz). + + debian/control: Add Replaces: entry for openldapd since ldif.5.gz + was included in the potato package of that name (closes: #190660). + + debian/control: Tighten the build dependency on libtldl3-dev as + versions before 1.4.3 required the .la file for dynamic binding + (thanks to Josip Rodin for pointing this out). + + -- Torsten Landschoff <torsten@debian.org> Sat, 19 Apr 2003 02:28:32 +0200 + +openldap2 (2.1.17-1) unstable; urgency=low + + * New upstream release. + * Torsten Landschoff <torsten@debian.org>: + + debian/slapd.init: Improve the error reporting. If nothing is output + by the failing command don't leave the user alone but print a hint + to look into the logfile etc. + + debian/control: Require at least version 2.1.3 of libsasl2-dev + as this is what the configure script checks for. Pointed out by + Norbert Tretkowski. + + debian/slapd.{pre,post}inst: Small cleanups, added some comments, + adapted for the removal of the .la files in slapd package. + + -- Torsten Landschoff <torsten@debian.org> Sat, 19 Apr 2003 01:59:26 +0200 + +openldap2.1 (2.1.16-1) unstable; urgency=low + + * New upstream release. + + build/top.mk: Remove patch to omit "-static" at linking time. Upstream + now respects the --enable-shared flag used at configuration time. + + debian/slapd.postinst: Automagically add the module load directives + after upgrade as needed. + + debian/slapd.config: + - Only ask questions to create a new directory on fresh install. + - Ask wether the right modules should automatically be loaded in + slapd.conf. + + debian/slapd.templates: Add the templates for autoloading modules + and fixing the directory. + + debian/slapd.preinst: New script to support upgrading from 2.0. + The old prerm did not stop the daemon so we have to do it here. + Also a first attempt to fix broken LDAP directories not acceptable + to 2.1. + - Conditionally load debconf when upgrading as it only has to + be available in that case. + + debian/slapd.preinst: Dump database before upgrade. + + debian/slapd.postinst: Recreate database from dump after upgrade. + Move old database out of the way. + + * Roland Bauerschmidt <rb@debian.org> + + debian/slapd.README.Debian: mention that backend database modules are + now compiled as shared objects + + * Stephen Frost <sfrost@debian.org> + + debian/slapd.conf: Drop the '.la' file extension + + debian/move_files: Drop and rm the .la files, they aren't necessary. + + debian/slapd.README.Debian: Dropped the .la from the module_load line. + + servers/slapd/daemon.c: check slapd_srvurls is not NULL before + deref; included in upstream CVS. + + servers/slapd/back-*/init.c: Change the munged symbol names to + init_module, they do not need to be munged, and cause problems when + they are and not using .la files (which cause other problems) + + servers/slapd/module.c: Change to use lt_dlopenext() so we don't + need the .la files + + -- Torsten Landschoff <torsten@debian.org> Wed, 26 Mar 2003 20:34:35 +0100 + +openldap2.1 (2.1.12-1) experimental; urgency=low + + * Initial release of OpenLDAP 2.1 packages. Closes: #167566, #178014. + - this includes support for the >= and <= operators. Closes: #159078. + - fixes various upstream bugs. Closes: #171008. + + * Torsten Landschoff <torsten@debian.org> + - debian/check_config: Added script to check if OpenLDAP was configured + the way we want it. + - Don't build special TLS packages anymore - SSL is enabled in the + stock ldap library. Everything else will just give me more headaches. + - Build against libsasl2 instead of libsasl1. Closes: #176462. + - debian/control: + - Build-depend on debhelper 4.0 as debian/rules uses DH_COMPAT=4. + - Depend on coreutils | fileutils. Closes: #175704, #185676. + - Make libldap2 conflict with libldap2-tls which is obsolete now. + - debian/rules: Move the long list of configure options to a new + file debian/configure.options and read $(CONFIG) from that file. + - configure with --enable-aci. Closes: #101602. + - debian/slapd.init: Rewrite and add comments. + - Add support for running as non-root (closes: #111765, #157037). + - servers/slapd/main.c (main): Remove pid file on exit (closes: #162284). + - servers/slurpd/slurp.h: Change the default spool directory to + /var/spool/slurpd (avoids passing it via -t in init.d). + - servers/{slapd,slurpd}/Makefile.in: Install binaries into sbindir + instead of libexecdir. + - debian/control: Add Stephen Frost to the Uploaders field. Thanks + for your help, Stephen! + - contrib/ldapc++/config.{guess,sub}: Replaced with current files from + autotools-dev (lintian). Not actually neccessary since this part of + the package is not currently built but I think this is the best way + to shut up lintian :) + - build/mod.mk: Use -m 644 instead of -m 755 in installing shared + libraries. Shared libraries should not be marked as executable + (lintian). + - debian/libldap2.conffiles: Remove, since we are using version 4 + of debhelper which tags everything in /etc as conffile by default. + - debian/rules: Change the mode of everything upstream installed into + /etc to 0644 as required by policy (lintian). + - debian/rules: Call dh_installdeb later in the binary target so that + the conffiles are already there for listing. Without this nothing in + /etc gets tagged as conffile... (lintian). + - debian/rules: Pass the start and stop priority of slapd to + dh_installinit in preparation for a postinst supported by debhelper. + - debian/rules: Call dh_installdirs again. + - Rewrite slapd.config, slapd.postinst, slapd.templates - a first try + in getting slapd to configure itself. Way to go. + + * Roland Bauerschmidt <rb@debian.org> + - debian/control: + - build-depend on libdb4.1-dev instead of libdb4.0-dev + - conflict, replace, and provide libldap2-tls (libldap2) + - removed ldap-gateways binary package + - drop suggestion to obsolete openldap-guide. Closes: #171894, #146968. + - debian/rules: + - build with BDB backend + - run dh_installdeb + - only run dh_makeshlibs for libldap2 + - debian/slapd.dirs: added to create /var/lib/ldap and /var/spool/slurpd + - debian/slapd.postinst: + - properly remove temporary files on errors. Closes: #160412. + - install init.d link if slapd.conf already exists. Closes: #159542. + - run db_stop even if package isn't configured for the first time. This + prevents hanging during upgrades. + - added debian/slapd.default and use it from debian/slapd.init. + Closes: #160964, #176832. + - added debian/slapd.README.Debian + - added versioned dependency on coreutils to make lintian quiet. + - added debian/slapd.postrm + - remove slapd.conf when package is purged + - remove /var/lib/ldap when slapd/purge_database is true + - remove /etc/ldap/schema if empty. Closes: #185173. + - debian/templates: added slapd/purge_database template + - build/top.mk: link against libcrypt before other SECURITY_LIBS + - debian/libldap2.shlibs: tighten dependencies. Closes: #181168. + + * Stephen Frost <sfrost@debian.org> + - debian/control: added libltdl2-dev and libslp-dev to the build-depends + - Correct typo for back-sql init routine; already in OpenLDAP upstream + CVS + - Correct free of SASL interact results; already in OpenLDAP upstream CVS + - Duplicate the DN from SASL to ensure '\0' termination; already in + OpenLDAP upstream CVS + - debian/control: added Replaces: slapd (<< 2.1) for ldap-utils due to + ldif.5 move. + - Add modulepath /usr/lib/ldap to default slapd config + - Add moduleload back_bdb to default slapd config + - Changed libexecdir to ${prefix}/lib + - Add usr/lib/ldap to slapd portion of move_files + - Modified backend types to be built as modules for dynamic loading + - Fixed pt_BR translation + + -- Roland Bauerschmidt <rb@debian.org> Sat, 15 Mar 2003 21:35:24 +0100 + +openldap2 (2.0.27-3) unstable; urgency=high + + * [SECURITY]: Apply the patch used by SuSE in SuSE-SA:2002:047 + (or rather the parts of it not yet included upstream). + + -- Torsten Landschoff <torsten@debian.org> Fri, 20 Dec 2002 04:47:15 +0100 + +openldap2 (2.0.27-2) unstable; urgency=low + + * debian/control: Make libldap2-dev depend on libssl-dev and + libsasl-dev, since those libs are pulled via the libldap.la file + (closes: #164791). + * debian/control: Add shlibs:Depends to libldap2-tls as well. Most + of those depends are pulled via libldap2 but of course libssl + is not among those. (closes: #169950). + * debian/libldap2-tls: Remove old divertions on "configure" and not + on "upgrade" - the latter is not really called. + + -- Torsten Landschoff <torsten@debian.org> Fri, 22 Nov 2002 00:35:29 +0100 + +openldap2 (2.0.27-1) unstable; urgency=low + + * New upstream release. + + -- Torsten Landschoff <torsten@debian.org> Wed, 6 Nov 2002 01:12:06 +0100 + +openldap2 (2.0.23-14) unstable; urgency=low + + * debian/rules: Remove search paths from .la files using some perl + trickery (closes: #110479). + * debian/libldap2.README.debian: Document the NSS problem which stops /usr + from being unmounted cleanly when using libnss-ldap (for more info + see bug#159771). + + * Started cleaning up the maintainer scripts: + - Remove creation of the /usr/doc symlinks (lintian). + - Don't run ldconfig in prerm scripts (lintian). + + -- Torsten Landschoff <torsten@debian.org> Mon, 30 Sep 2002 12:10:05 +0200 + +openldap2 (2.0.23-13) unstable; urgency=low + + * As Ashley Clark found out the preinst of libldap-tls fails for a new + install. My fault - I did not check that (removing ldap is cumbersome + if you are using it... :) and the scripts were only checked without + "set -e" in effect. + + debian/libldap2-tls.preinst: Apply Ashley's patch (thanks a lot, + Ashley. closes: #162123). + + Coincidently the other installation scripts seem to be okay, the + failing command is in the middle of a pipe and therefore ignored. + + -- Torsten Landschoff <torsten@debian.org> Tue, 24 Sep 2002 12:56:18 +0200 + +openldap2 (2.0.23-12) unstable; urgency=low + + * Apply the patch from upstream ITS#2012 to support MD5 hashes. Problem + is that OpenSSL comes with its own version of the crypt() function + which is linked in instead of the system's version from libcrypt. + The patch changes the link order so that slapd takes the system's + implementation. + * debian/rules: Pass --enable-crypt-first to configure to enable the + patch (closes: #160763). + * Fix the diversion handling of libldap2-tls: + - preinst: Only install diversions that are not there. + - postrm: Remove this package's diversions. + - postinst: Remove obsolete diversions after upgrade. + - Removal of diversions is done in reverted order of the installation. + + * Enable DNSSRV support as requested by Turbo. No Kerberos for now, sorry. + * debian/control: Updates Standards-Version to 3.5.7 and fix running + of ldconfig in maintainer scripts. + + -- Torsten Landschoff <torsten@debian.org> Mon, 23 Sep 2002 12:18:40 +0200 + +openldap2 (2.0.23-11) unstable; urgency=low + + * debian/rules: Build with --with-tls (closes: #80591, #155937). + * debian/control: + + Add build dependency on libssl-dev. + + Specify Roland Bauerschmidt as co maintainer. + * Added the trickery to have libldap2 without TLS and libldap2-tls + with the TLS stuff. Otherwise we have to change the base system, + and god knows how long that would take. + + Most of the changes done by Roland Bauerschmidt. We now build the + source two times - with and without ssl. We mostly use the ssl enabled + stuff with the exception of a libldap2 package which does not have + support for that. If you need TLS support you have to install + libldap2-tls, which diverts the libraries from libldap2 out of the + way and replaces them with the TLS enabled version. + + -- Torsten Landschoff <torsten@debian.org> Thu, 29 Aug 2002 13:35:39 +0200 + +openldap2 (2.0.23-10) unstable; urgency=low + + * debian/control: Build depend on libdb4.0-dev instead of libdb3-dev. + This should fix the index corruption problems (closes: #152959). + + -- Torsten Landschoff <torsten@debian.org> Sun, 18 Aug 2002 19:47:02 +0200 + +openldap2 (2.0.23-9) unstable; urgency=low + + * debian/slapd.init: Wait for the daemons to actually terminate for + the stop action (which is used for restart) and trap all errors + (closes: #148033). + * debian/rules: Build with -D_FILE_OFFSET_BITS=64 to support files + bigger than 2GB on all architectures (closes: #155197). As off_t is + about never used in the source that should not create any problems. + * debian/control: Make libldap2-dev depend on libsasl-dev + (closes: #135223, #96957). + * doc/man/man1/ldapmodify.1: Fix typo (closes: #105905). + * debian/rules: Create symlinks for some manpages (closes: #99547). + * Fix spelling error in description of ldap-gateways (closes: #124859). + * debian/copyright: Include the full content of the LICENSE file + (closes: #151222). + + -- Torsten Landschoff <torsten@debian.org> Thu, 8 Aug 2002 15:54:46 +0200 + +openldap2 (2.0.23-8) unstable; urgency=low + + * New maintainer. + * debian/control: Build-Conflict with libbind-dev to use the right + resolver library everywhere (closes: #112459). Of course, the + real solution must be to fix the configure script to not detect + libbind-dev and use the right resolver all the time. But a work around + is better than nothing I would say... + + -- Torsten Landschoff <torsten@debian.org> Wed, 7 Aug 2002 14:53:39 +0200 + +openldap2 (2.0.23-7) unstable; urgency=low + + * Add Brazilian translation for debconf templates. Closes: Bug#114021 + * Fix hostless LDAP URLs, patch from Lamont Jones. Closes: Bug#140387 + + -- Wichert Akkerman <wakkerma@debian.org> Sat, 4 May 2002 20:05:32 +0200 + +openldap2 (2.0.23-6) unstable; urgency=high + + * Make slapd.config idempotent, so that calling it once (during + preconfiguration) and again (during postinst) doesn't break things. + Patch from Anthony Towns. Closes: Bug#137552). + + -- Wichert Akkerman <wakkerma@debian.org> Sun, 14 Apr 2002 19:10:50 +0200 + +openldap2 (2.0.23-5) unstable; urgency=high + + * Fix slurpd invocation in slapd.init. Closes: Bug#141959 + * Ask for admin DN when using LDIF initialization as well. + Lets hope this finally Closes: Bug#137552 + * Merge German translation for debconf templates. Closes: Bug#141712 + * Add Build-Depends on debconf-utils since we use debconf-mergetemplate + * Remove bogus error from slapd.init. Closes: Bug#137718 + + -- Wichert Akkerman <wakkerma@debian.org> Tue, 9 Apr 2002 14:49:27 +0200 + +openldap2 (2.0.23-4) unstable; urgency=high + + * Only show already-configured note on initial installs. Closes: Bug#137100 + * Supply -t option to slurpd when starting it, not when stopping it. + Closes: Bug#136240 + * Use db_input instead of db_get for notes in the slapd postinst. + * Only fetch password from debconf when not using ldif initialization. + Closes: Bug#138558,#137552 + * Check if slapd.conf exists in slapd postinst. Closes: Bug#138136 + + -- Wichert Akkerman <wakkerma@debian.org> Sat, 6 Apr 2002 23:02:42 +0200 + +openldap2 (2.0.23-3) unstable; urgency=high + + * If can not get a password for the admin entry when installing slapd + generate one randomly. Closes: Bug#134774 + * Bump shlibs dependency to 2.0.23 + + -- Wichert Akkerman <wakkerma@debian.org> Thu, 21 Feb 2002 23:23:57 +0100 + +openldap2 (2.0.23-2) unstable; urgency=high + + * Create /var/spool/slurpd and tell slurpd to use that as temporary + directory. Closes: Bug#134564 + * Improve debconf prompts a bit. Closes: Bug#134945 + * Properly set default value for domain + * Clear crypted password from debconf after creating the LDAP directory + + -- Wichert Akkerman <wakkerma@debian.org> Sun, 17 Feb 2002 16:07:18 +0100 + +openldap2 (2.0.23-1) unstable; urgency=high + + * Upstream updated config.{guess,sub} so we are back to zero patches + again. + * Apply fix from Klaus Duscher for the missing password problem: the + config script did not check if it was run twice without slapd.conf + being generated in between and would abort with a missing password + error. Closes: Bug#132566 + * Change slapd priority for boot sequence to start earlier and stop + later so people can use LDAP for NSS purposes. Closes: Bug#130277 + + -- Wichert Akkerman <wakkerma@debian.org> Sun, 17 Feb 2002 16:07:18 +0100 + +openldap2 (2.0.22-2) unstable; urgency=low + + * Update config.{guess,sub} again. Closes: Bug#131469 + + -- Wichert Akkerman <wakkerma@debian.org> Thu, 7 Feb 2002 22:33:01 +0100 + +openldap2 (2.0.22-1) unstable; urgency=low + + * New upstream version + * Build properly as non-native package + + -- Wichert Akkerman <wakkerma@debian.org> Wed, 6 Feb 2002 00:17:20 +0100 + +openldap2 (2.0.21-3) unstable; urgency=high + + * Add logic to config and postinst to configure replication as well + * Don't fail in slapd postinst if we can't stop slapd. Closes: Bug#131617 + * Change localstatedir to /var/lib + * Remove /var/lib/ldap when purging slapd + * Don't remove user-supplied ldif file after creating the directory + * Set default replogfile + * Fix typo in severity for no_password note + * Encrypt admin password and remove it from the debconf database + + -- Wichert Akkerman <wakkerma@debian.org> Thu, 31 Jan 2002 17:03:36 +0100 + +openldap2 (2.0.21-2) unstable; urgency=medium + + * Update config.{guess,sub} and forwarded upstream (ITS#1567). + Closes: Bug#131469 + * Remove -x from slapd postinst. Closes: Bug#131502 + + -- Wichert Akkerman <wakkerma@debian.org> Wed, 30 Jan 2002 10:53:45 +0100 + +openldap2 (2.0.21-1) unstable; urgency=high + + * New upstream version, + * Update copyright + * Update config.guess and config.sub + * Redone packaging, no more dbs or debhelper + * Drop all patches, they are either unnecessary or alternatives have + been made upstream + + -- Wichert Akkerman <wakkerma@debian.org> Tue, 29 Jan 2002 17:04:10 +0100 + +openldap2 (2.0.14-1) unstable; urgency=high + + * New upstream version, which includes a billion second bug. + Closes: Bug#111833 + * Drop 005_libldbm_dbopen, upgrading the database in place no longer works + with the new db-env code. + * Redo 008_porting_maxpathlen + + -- Wichert Akkerman <wakkerma@debian.org> Sat, 15 Sep 2001 13:39:46 +0200 + +openldap2 (2.0.11-2) unstable; urgency=low + + * Test if /etc/init.d/slapd is executable when purging slapd. + Closes: Bug#100938 + * Update 008_porting_maxpathlen. Closes: Bug#100584 + * Don't use four11 as referral example anymore. Closes: Bug#99998 + * Fix synopsis of slapindex manpage. Added to 002_man_fixes. + Closes: Bug#98805 + * Removed stray backup file from 002_man_fixes + + -- Wichert Akkerman <wakkerma@debian.org> Tue, 19 Jun 2001 01:01:17 +0200 + +openldap2 (2.0.11-1) unstable; urgency=low + + * New upstream version + * Add autoconf to Build-Depends. Closes: Bug#99440 + * Fix new db upgrade patch. Closes: Bug#98853 + + -- Wichert Akkerman <wakkerma@debian.org> Sun, 3 Jun 2001 00:25:47 +0200 + +openldap2 (2.0.10-2) unstable; urgency=low + + * Tighten shlibs dependency to >= 2.0.1-1. Closes: Bug#98683 + + -- Wichert Akkerman <wakkerma@debian.org> Fri, 25 May 2001 16:32:35 +0200 + +openldap2 (2.0.10-1) unstable; urgency=low + + * New upstream version + * New maintainer + * Remove useless LINE_WIDTH bit from patch 000_clients + * Patch 004_ssl_fix has been merged upstream, removed + * Redo 005_db3_upgrade + * Rediff all other patches + + -- Wichert Akkerman <wakkerma@debian.org> Thu, 24 May 2001 14:56:02 +0200 + +openldap2 (2.0.7-6) unstable; urgency=low + + * Make sure autoconf is run if configure.in is changed (for Hurd patch), + closes: #96145 + * Fix slapd.postinst in the case of using an ldif file, closes: #95600 + * Use a var for slapd.conf in slapd init script. Partially fixes bug + 91318. + * Fixed hurd patch for strrchr in replog.c, closes: #93605 + + -- Ben Collins <bcollins@debian.org> Mon, 7 May 2001 23:00:27 -0400 + +openldap2 (2.0.7-5) unstable; urgency=low + + * Fixed db3 upgrade code, closes: #92331, #92916 + * m68k should compile fine with db3 now, closes: #90165 + * Included provided patch for Hurd compilation, closes: #88079 + + -- Ben Collins <bcollins@debian.org> Wed, 4 Apr 2001 17:46:47 -0400 + +openldap2 (2.0.7-4) unstable; urgency=low + + * slapd.conf is no longer a conffile, and not provided by the package. + Instead, it is only generated. closes: #81359 + * Fixed by previous upload, closes: #71852, #78950, #82491 + * Actually install the netscape schema, closes: #90323 + * Add comment to README.Debian about being compiled with libwrap, + closes: #84954 + * Provide example sasl config file, closes: #90855 + * Conflict replace openldap-utils (ldap-utils), and libopenldap-dev + (libldap2-dev), closes: #71471 + * Revert to using some code to upgrade previous db's. Remove slapd's dep + on db3-util, and remove postinst code that upgrades the db's. + + -- Ben Collins <bcollins@debian.org> Sat, 24 Mar 2001 21:59:20 -0500 + +openldap2 (2.0.7-3) unstable; urgency=low + + * netscape-profile.schema: new schema for old roaming support + * 004_ssl_fix.diff: Fix for SSL support (not compiled in, but some + people use it). + * slapd.config: FINALLY fix the "dc=" base bug. + * Build-Depend on libdb3-dev now that it is available. + * Now that we use db3, make sure we upgrade existing databases to the + db3 format with db3_upgrade. + + -- Ben Collins <bcollins@debian.org> Sun, 11 Mar 2001 23:36:34 -0500 + +openldap2 (2.0.7-2) unstable; urgency=low + + * slapd.postinst: fix debhelper wraper so it gets the right @argv, + closes: #71854 + * sendmail appears to be compiled against glibc2.2/libdb2 now, + closes: #71602 + * %strace ldapsearch cn=admin | & grep /etc | grep ldap + open("/etc/ldap/ldap.conf", O_RDONLY) = 3 + closes: #71716 + * ldap_first_attribute.3: s/ber_free(3)/ber_free/. closes: #76719 + * init.d/slapd: fix reference to pidfile, and also remove the pidfile + after killing the daemon, closes: #77633, #77635 + * Fix fgets buffer size thinko in slurpd. closes: #78003 + * slapd.8: s/ldap.h/slapd.conf(5)/. closes: #80457 + + -- Ben Collins <bcollins@debian.org> Sun, 31 Dec 2000 00:02:46 -0500 + +openldap2 (2.0.7-1) unstable; urgency=low + + * New upstream + * Removed hack for shlibs now that dpkg 1.7 is available, added dpkg-dev + 1.7.1 to build-depends. + * start using DH_COMPAT=2 + + -- Ben Collins <bcollins@debian.org> Fri, 10 Nov 2000 18:53:25 -0500 + +openldap2 (2.0.2-2) unstable; urgency=low + + * Recompile against libdb2/glibc 2.1.94/sasl + + -- Ben Collins <bcollins@debian.org> Wed, 27 Sep 2000 11:31:59 -0400 + +openldap2 (2.0.2-1) unstable; urgency=low + + * New upstream version, includes some patches from me that fix some + stability issues + * debian/control:Build-Depends: change libwrap-dev to libwrap0-dev for + clarity, closes: #71366 + * debian/rules: make sure mail500 docs do not get installed under bogus + subdirs, closes: #71473 + * debian/README.build,debian/scripts/dbs-build.mk: Fix and document + build system better, closes: #71584 + * debian/local/slapd.conf: Setup default ACL's to work with openldap2 + correctly, closes: #71127, #71131 + * debian/README: document how to access OpenLDAP 1 servers via + ldap-utils, closes: #71469 + * debian/rules:CFLAGS: add -I/usr/include/db2 to make sure we get the + right <db.h> header, closes: #71470 + * I cannot reproduce this. In debian/rules I have done exactly what is + needed to keep it from happening, and sparc, i386 and powerpc builds + do not show it, closes: #71472 + + -- Ben Collins <bcollins@debian.org> Wed, 13 Sep 2000 22:32:35 -0400 + +openldap2 (2.0.1-2) unstable; urgency=low + + * Fixed up depend for libldap2 on itself + + -- Ben Collins <bcollins@debian.org> Wed, 6 Sep 2000 13:24:06 -0400 + +openldap2 (2.0.1-1) unstable; urgency=low + + * New upstream version + * Added libsasl-dev to build-deps, closes: #70923 + + -- Ben Collins <bcollins@debian.org> Tue, 5 Sep 2000 06:49:05 -0400 + +openldap2 (2.0-1) unstable; urgency=low + + * Initial release of OpenLDAP 2 test code + + -- Ben Collins <bcollins@debian.org> Tue, 29 Aug 2000 14:28:39 -0400 diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..42e651c --- /dev/null +++ b/debian/clean @@ -0,0 +1,2 @@ +debian/libldap-2.4-2.links +debian/libldap2-dev.links diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/configure.options b/debian/configure.options new file mode 100644 index 0000000..08a55e0 --- /dev/null +++ b/debian/configure.options @@ -0,0 +1,204 @@ +#`configure' configures this package to adapt to many kinds of systems. +# +#Usage: ./configure [OPTION]... [VAR=VALUE]... +# +#To assign environment variables (e.g., CC, CFLAGS...), specify them as +#VAR=VALUE. See below for descriptions of some of the useful variables. +# +#Defaults for the options are specified in brackets. +# +#Configuration: +# -h, --help display this help and exit +# --help=short display options specific to this package +# --help=recursive display the short help of all the included packages +# -V, --version display version information and exit +# -q, --quiet, --silent do not print `checking...' messages +# --cache-file=FILE cache test results in FILE [disabled] +# -C, --config-cache alias for `--cache-file=config.cache' +# -n, --no-create do not create output files +# --srcdir=DIR find the sources in DIR [configure dir or `..'] +# +#Installation directories: +# --prefix=PREFIX install architecture-independent files in PREFIX +# [/usr/local] +--prefix=/usr +# --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX +# [PREFIX] +# +#By default, `make install' will install all the files in +#`/usr/local/bin', `/usr/local/lib' etc. You can specify +#an installation prefix other than `/usr/local' using `--prefix', +#for instance `--prefix=$HOME'. +# +#For better control, use the options below. +# +#Fine tuning of the installation directories: +# --bindir=DIR user executables [EPREFIX/bin] +# --sbindir=DIR system admin executables [EPREFIX/sbin] +# --libexecdir=DIR program executables [EPREFIX/libexec] +--libexecdir='${prefix}/lib' +# --sysconfdir=DIR read-only single-machine data [PREFIX/etc] +--sysconfdir=/etc +# --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] +# --localstatedir=DIR modifiable single-machine data [PREFIX/var] +--localstatedir=/var +# --libdir=DIR object code libraries [EPREFIX/lib] +# --includedir=DIR C header files [PREFIX/include] +# --oldincludedir=DIR C header files for non-gcc [/usr/include] +# --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] +# --datadir=DIR read-only architecture-independent data [DATAROOTDIR] +# --infodir=DIR info documentation [DATAROOTDIR/info] +# --localedir=DIR locale-dependent data [DATAROOTDIR/locale] +# --mandir=DIR man documentation [DATAROOTDIR/man] +--mandir='${prefix}/share/man' +# --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] +# --htmldir=DIR html documentation [DOCDIR] +# --dvidir=DIR dvi documentation [DOCDIR] +# --pdfdir=DIR pdf documentation [DOCDIR] +# --psdir=DIR ps documentation [DOCDIR] +# +#Program names: +# --program-prefix=PREFIX prepend PREFIX to installed program names +# --program-suffix=SUFFIX append SUFFIX to installed program names +# --program-transform-name=PROGRAM run sed PROGRAM on installed program names +# +#System types: +# --build=BUILD configure for building on BUILD [guessed] +# --host=HOST cross-compile to build programs to run on HOST [BUILD] +# --target=TARGET configure for building compilers for TARGET [HOST] +# +#Optional Features: +# --disable-option-checking ignore unrecognized --enable/--with options +# --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) +# --enable-FEATURE[=ARG] include FEATURE [ARG=yes] +# --enable-debug enable debugging no|yes|traditional [yes] +--enable-debug +# --enable-dynamic enable linking built binaries with dynamic libs [no] +--enable-dynamic +# --enable-syslog enable syslog support [auto] +--enable-syslog +# --enable-proctitle enable proctitle support [yes] +--enable-proctitle +# --enable-ipv6 enable IPv6 support [auto] +--enable-ipv6 +# --enable-local enable AF_LOCAL (AF_UNIX) socket support [auto] +--enable-local +# +#SLAPD (Standalone LDAP Daemon) Options: +# --enable-slapd enable building slapd [yes] +--enable-slapd +# --enable-dynacl enable run-time loadable ACL support (experimental) [no] +--enable-dynacl +# --enable-aci enable per-object ACIs (experimental) no|yes|mod [no] +--enable-aci +# --enable-cleartext enable cleartext passwords [yes] +--enable-cleartext +# --enable-crypt enable crypt(3) passwords [no] +--enable-crypt +# --enable-lmpasswd enable LAN Manager passwords [no] +--disable-lmpasswd +# --enable-spasswd enable (Cyrus) SASL password verification [no] +--enable-spasswd +# --enable-modules enable dynamic module support [no] +--enable-modules +# --enable-rewrite enable DN rewriting in back-ldap and rwm overlay [auto] +--enable-rewrite +# --enable-rlookups enable reverse lookups of client hostnames [no] +--enable-rlookups +# --enable-slapi enable SLAPI support (experimental) [no] +--enable-slapi +# --enable-slp enable SLPv2 support [no] +--disable-slp +# --enable-wrappers enable tcp wrapper support [no] +--enable-wrappers +# +#SLAPD Backend Options: +# --enable-backends enable all available backends no|yes|mod +--enable-backends=mod +# --enable-bdb enable Berkeley DB backend no|yes|mod [yes] +# --enable-dnssrv enable dnssrv backend no|yes|mod [no] +# --enable-hdb enable Hierarchical DB backend no|yes|mod [yes] +# --enable-ldap enable ldap backend no|yes|mod [no] +# --enable-mdb enable mdb database backend no|yes|mod [yes] +# --enable-meta enable metadirectory backend no|yes|mod [no] +# --enable-monitor enable monitor backend no|yes|mod [yes] +# --enable-ndb enable MySQL NDB Cluster backend no|yes|mod [no] +--disable-ndb +# --enable-null enable null backend no|yes|mod [no] +# --enable-passwd enable passwd backend no|yes|mod [no] +# --enable-perl enable perl backend no|yes|mod [no] +# --enable-relay enable relay backend no|yes|mod [yes] +# --enable-shell enable shell backend no|yes|mod [no] +# --enable-sock enable sock backend no|yes|mod [no] +# --enable-sql enable sql backend no|yes|mod [no] +# +#SLAPD Overlay Options: +# --enable-overlays enable all available overlays no|yes|mod +--enable-overlays=mod +# --enable-accesslog In-Directory Access Logging overlay no|yes|mod [no] +# --enable-auditlog Audit Logging overlay no|yes|mod [no] +# --enable-collect Collect overlay no|yes|mod [no] +# --enable-constraint Attribute Constraint overlay no|yes|mod [no] +# --enable-dds Dynamic Directory Services overlay no|yes|mod [no] +# --enable-deref Dereference overlay no|yes|mod [no] +# --enable-dyngroup Dynamic Group overlay no|yes|mod [no] +# --enable-dynlist Dynamic List overlay no|yes|mod [no] +# --enable-memberof Reverse Group Membership overlay no|yes|mod [no] +# --enable-ppolicy Password Policy overlay no|yes|mod [no] +# --enable-proxycache Proxy Cache overlay no|yes|mod [no] +# --enable-refint Referential Integrity overlay no|yes|mod [no] +# --enable-retcode Return Code testing overlay no|yes|mod [no] +# --enable-rwm Rewrite/Remap overlay no|yes|mod [no] +# --enable-seqmod Sequential Modify overlay no|yes|mod [no] +# --enable-sssvlv ServerSideSort/VLV overlay no|yes|mod [no] +# --enable-syncprov Syncrepl Provider overlay no|yes|mod [yes] +# --enable-translucent Translucent Proxy overlay no|yes|mod [no] +# --enable-unique Attribute Uniqueness overlay no|yes|mod [no] +# --enable-valsort Value Sorting overlay no|yes|mod [no] +# +#Library Generation & Linking Options +# --enable-static[=PKGS] build static libraries [default=yes] +# --enable-shared[=PKGS] build shared libraries [default=yes] +# --enable-fast-install[=PKGS] +# optimize for fast installation [default=yes] +# --disable-dependency-tracking speeds up one-time build +# --enable-dependency-tracking do not reject slow dependency extractors +# --disable-libtool-lock avoid locking (might break parallel builds) +# +#Optional Packages: +# --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] +# --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) +# --with-subdir=DIR change default subdirectory used for installs +--with-subdir=ldap +# --with-cyrus-sasl with Cyrus SASL support [auto] +--with-cyrus-sasl +# --with-fetch with fetch(3) URL support [auto] +# --with-threads with threads [auto] +--with-threads +# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto] +--with-tls=gnutls +# --with-yielding-select with implicitly yielding select [auto] +# --with-mp with multiple precision statistics auto|longlong|long|bignum|gmp [auto] +# --with-odbc with specific ODBC support iodbc|unixodbc|odbc32|auto [auto] +--with-odbc=unixodbc +# --with-gnu-ld assume the C compiler uses GNU ld [default=no] +# --with-pic try to use only PIC/non-PIC objects [default=use +# both] +# --with-tags[=TAGS] include additional configurations [automatic] +# +#See INSTALL file for further details. +# +#Some influential environment variables: +# CC C compiler command +# CFLAGS C compiler flags +# LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a +# nonstandard directory <lib dir> +# LIBS libraries to pass to the linker, e.g. -l<library> +# CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if +# you have headers in a nonstandard directory <include dir> +# CPP C preprocessor +# +#Use these variables to override the choices made by `configure' or to help +#it to find libraries and programs with nonstandard names/locations. +# +#Report bugs to the package provider. diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..b1784eb --- /dev/null +++ b/debian/control @@ -0,0 +1,125 @@ +Source: openldap +Section: net +Priority: optional +Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> +Uploaders: Steve Langasek <vorlon@debian.org>, + Torsten Landschoff <torsten@debian.org>, + Ryan Tandy <ryan@nardis.ca> +Build-Depends: debhelper (>= 10), + dpkg-dev (>= 1.17.14), + groff-base, + heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!stage1>, + libdb5.3-dev <!stage1>, + libgnutls28-dev, + libltdl-dev <!stage1>, + libperl-dev (>= 5.8.0) <!stage1>, + libsasl2-dev, + libwrap0-dev <!stage1>, + nettle-dev <!stage1>, + perl:any, + po-debconf, + unixodbc-dev <!stage1> +Build-Conflicts: libbind-dev, bind-dev, libicu-dev, autoconf2.13 +Standards-Version: 4.3.0 +Homepage: http://www.openldap.org/ +Vcs-Git: https://salsa.debian.org/openldap-team/openldap.git +Vcs-Browser: https://salsa.debian.org/openldap-team/openldap + +Package: slapd +Architecture: any +Build-Profiles: <!stage1> +Pre-Depends: debconf (>= 0.5) | debconf-2.0, ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}), + coreutils (>= 4.5.1-1), psmisc, perl (>> 5.8.0) | libmime-base64-perl, + adduser, lsb-base (>= 3.2-13), ${misc:Depends} +Recommends: libsasl2-modules +Suggests: ldap-utils, + libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal +Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1) +Replaces: libldap2, ldap-utils (<< 2.2.23-3) +Provides: ldap-server, ${slapd:Provides} +Description: OpenLDAP server (slapd) + This is the OpenLDAP (Lightweight Directory Access Protocol) server + (slapd). The server can be used to provide a standalone directory + service. + +Package: slapd-contrib +Architecture: any +Build-Profiles: <!stage1> +Depends: slapd (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} +Provides: slapd-smbk5pwd +Breaks: slapd-smbk5pwd (<< 2.4.47+dfsg-2~) +Replaces: slapd-smbk5pwd (<< 2.4.47+dfsg-2~) +Description: contributed plugins for OpenLDAP slapd + This package contains a number of slapd overlays and plugins contributed by + the OpenLDAP community. While distributed as part of OpenLDAP Software, they + are not necessarily supported by the OpenLDAP Project. + +Package: slapd-smbk5pwd +Architecture: all +Section: oldlibs +Build-Profiles: <!stage1> +Depends: slapd-contrib, ${misc:Depends} +Breaks: slapd (<< 2.4.47+dfsg-2~) +Description: transitional package for slapd-contrib + This is a transitional package from slapd-smbk5pwd to slapd-contrib. It can be + safely removed. + +Package: ldap-utils +Architecture: any +Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}), ${misc:Depends} +Recommends: libsasl2-modules +Suggests: libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal +Conflicts: umich-ldap-utils, openldap-utils, ldap-client +Replaces: openldap-utils, slapd (<< 2.2.23-0.pre6), openldapd +Provides: ldap-client, openldap-utils +Description: OpenLDAP utilities + This package provides utilities from the OpenLDAP (Lightweight + Directory Access Protocol) package. These utilities can access a + local or remote LDAP server and contain all the client programs + required to access LDAP servers. + +Package: libldap-2.4-2 +Section: libs +Architecture: any +Multi-Arch: same +Conflicts: ldap-utils (<= 2.1.23-1) +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, libldap-common +Replaces: libldap2, libldap-2.3-0 +Description: OpenLDAP libraries + These are the run-time libraries for the OpenLDAP (Lightweight Directory + Access Protocol) servers and clients. + +Package: libldap-common +Section: libs +Architecture: all +Multi-Arch: foreign +Depends: ${misc:Depends} +Replaces: libldap-2.4-2 (<< 2.4.44+dfsg-1) +Description: OpenLDAP common files for libraries + These are common files for the run-time libraries for the OpenLDAP + (Lightweight Directory Access Protocol) servers and clients. + +Package: libldap2-dev +Section: libdevel +Architecture: any +Multi-Arch: same +Conflicts: libldap-dev, libopenldap-dev +Replaces: libopenldap-dev +Provides: libldap-dev +Depends: libldap-2.4-2 (= ${binary:Version}), ${misc:Depends} +Description: OpenLDAP development libraries + This package allows development of LDAP applications using the OpenLDAP + libraries. It includes headers, libraries and links to allow static and + dynamic linking. + +Package: slapi-dev +Section: libdevel +Architecture: any +Build-Profiles: <!stage1> +Depends: slapd (= ${binary:Version}), ${misc:Depends} +Description: development libraries for OpenLDAP SLAPI plugin interface + This package allows development of plugins for the OpenLDAP slapd server + using the SLAPI interface. It includes the headers and libraries needed + to build such plugins. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..b52383e --- /dev/null +++ b/debian/copyright @@ -0,0 +1,466 @@ +This package was downloaded from: + + <http://www.openldap.org/> + +The upstream distribution has been repackaged to remove the RFCs and +Internet-Drafts included in the upstream distribution, since the Internet +Society license does not meet the Debian Free Software Guidelines. The +schema files that contain verbatim text from RFCs or Internet-Drafts have +similarly been removed and are replaced during the package build with +versions stripped of the literal RFC or Internet-Draft text. + +Copyright: + +Copyright 1998-2016 The OpenLDAP Foundation +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted only as authorized by the OpenLDAP +Public License. + +A copy of this license is available in the file LICENSE in the +top-level directory of the distribution or, alternatively, at +<http://www.OpenLDAP.org/license.html>. + +OpenLDAP is a registered trademark of the OpenLDAP Foundation. + +Individual files and/or contributed packages may be copyright by +other parties and/or subject to additional restrictions. + +This work is derived from the University of Michigan LDAP v3.3 +distribution. Information concerning this software is available +at <http://www.umich.edu/~dirsvcs/ldap/ldap.html>. + +This work also contains materials derived from public sources. + +Additional information about OpenLDAP can be obtained at +<http://www.openldap.org/>. + +--- + +The OpenLDAP Public License + Version 2.8, 17 August 2003 + +Redistribution and use of this software and associated documentation +("Software"), with or without modification, are permitted provided +that the following conditions are met: + +1. Redistributions in source form must retain copyright statements + and notices, + +2. Redistributions in binary form must reproduce applicable copyright + statements and notices, this list of conditions, and the following + disclaimer in the documentation and/or other materials provided + with the distribution, and + +3. Redistributions must contain a verbatim copy of this document. + +The OpenLDAP Foundation may revise this license from time to time. +Each revision is distinguished by a version number. You may use +this Software under terms of this license revision or under the +terms of any subsequent revision of the license. + +THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS +CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT +SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) +OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +The names of the authors and copyright holders must not be used in +advertising or otherwise to promote the sale, use or other dealing +in this Software without specific, written prior permission. Title +to copyright in this Software shall at all times remain with copyright +holders. + +--- +Noted above is that various files can be copyrighted individually. +The licenses found in the OpenLDAP tree are as follows: + +CRL +----------------------------------- +# Copyright 1999 Computing Research Labs, New Mexico State University +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY +# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT +# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR +# THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +----------------------------------- + + +FSF +----------------------------------- +# Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +----------------------------------- + + +HC +----------------------------------- + * Permission is granted to anyone to use this software for any purpose + * on any computer system, and to alter it and redistribute it, subject + * to the following restrictions: + * + * 1. The author is not responsible for the consequences of use of this + * software, no matter how awful, even if they arise from flaws in it. + * + * 2. The origin of this software must not be misrepresented, either by + * explicit claim or by omission. Since few users ever read sources, + * credits should appear in the documentation. + * + * 3. Altered versions must be plainly marked as such, and must not be + * misrepresented as being the original software. Since few users + * ever read sources, credits should appear in the + * documentation. + * + * 4. This notice may not be removed or altered. + +----------------------------------- + + +IBM +----------------------------------- + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + +----------------------------------- + + +IS +----------------------------------- +# Full Copyright Statement +# +# Copyright (C) The Internet Society (1999). All Rights Reserved. +# +# This document and translations of it may be copied and furnished to +# others, and derivative works that comment on or otherwise explain it +# or assist in its implementation may be prepared, copied, published +# and distributed, in whole or in part, without restriction of any +# kind, provided that the above copyright notice and this paragraph are +# included on all such copies and derivative works. However, this +# document itself may not be modified in any way, such as by removing +# the copyright notice or references to the Internet Society or other +# Internet organizations, except as needed for the purpose of +# developing Internet standards in which case the procedures for +# copyrights defined in the Internet Standards process must be +# followed, or as required to translate it into languages other than +# English. +# +# The limited permissions granted above are perpetual and will not be +# revoked by the Internet Society or its successors or assigns. +# +# This document and the information contained herein is provided on an +# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +This license was present in the copies of several schema files and one +LDIF file as distributed upstream. The relevant content has been removed +except where it is purely functional (descriptions of an LDAP schema). +The copyright notice has been retained with a clarifying comment. The +provisions in the above license that prohibit modification therefore +should no longer apply to any files distributed with the Debian package. + +Several files in libraries/libldap also reference this license as the +copyright on ABNF sequences embedded as comments in those files. These +too are purely functional interface specifications distributed as part of +the LDAP protocol standard and do not contain creative work such as +free-form text. +----------------------------------- + + +ISC +----------------------------------- + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + +----------------------------------- + + +JC +----------------------------------- + * This software is not subject to any license of Silicon Graphics + * Inc. or Purdue University. + * + * Redistribution and use in source and binary forms are permitted + * without restriction or fee of any kind as long as this notice + * is preserved. + +The following is additional information from Juan C. Gomez on how +this license is to be interpreted: +----- +Local-Date: Fri, 06 Jun 2003 13:18:52 -0400 +Date: Fri, 6 Jun 2003 10:18:52 -0700 +From: Juan Gomez <juang@us.ibm.com> +To: Stephen Frost <sfrost@debian.org> +X-Mailer: Lotus Notes Release 5.0.2a (Intl) 23 November 1999 +Subject: Re: Juan C. Gomez license in OpenLDAP Source + +Stephen, + +"There is no restriction on modifications and derived works" on the work I +did for the openldap server as long as this is consistent with the openldap +license. Please forward this email to Kurt so he does the appropriate +changes to the files to reflect this. + + +Regards, Juan +----------------------------------- + + +MA +----------------------------------- + * Copyright (c) 2000, Mark Adamson, Carnegie Mellon. All rights reserved. + * This software is not subject to any license of Carnegie Mellon University. + * + * Redistribution and use in source and binary forms are permitted without + * restriction or fee of any kind as long as this notice is preserved. + * + * The name "Carnegie Mellon" must not be used to endorse or promote + * products derived from this software without prior written permission. + +The following is additional information from Mark Adamson on how this license +is to be interpreted: +------ +Local-Date: Thu, 05 Jun 2003 16:53:32 -0400 +Date: Thu, 5 Jun 2003 16:53:32 -0400 (EDT) +From: Mark Adamson <adamson@andrew.cmu.edu> +To: Stephen Frost <sfrost@debian.org> +Subject: Re: Mark Adamson license in OpenLDAP source + +Hi Stephen, + + I don't see how this conflicts with the Debian FSG. The first statement +in the copyright pertaining to CMU say only that we don't license out the +software. The second mention denies the right to say things like, +"Now! Powered by software from Carnegie Mellon!" There is no restriction +on modifications and derived works. + +-Mark +------ +----------------------------------- + + +MIT +----------------------------------- +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. + +----------------------------------- + + +OL2 +----------------------------------- +Copyright 1999-2001 The OpenLDAP Foundation, Redwood City, +California, USA. All Rights Reserved. Permission to copy and +distribute verbatim copies of this document is granted. +----------------------------------- + + +PM +----------------------------------- + * Copyright (C) 2000 Pierangelo Masarati, <ando@sys-net.it> + * All rights reserved. + * + * Permission is granted to anyone to use this software for any purpose + * on any computer system, and to alter it and redistribute it, subject + * to the following restrictions: + * + * 1. The author is not responsible for the consequences of use of this + * software, no matter how awful, even if they arise from flaws in it. + * + * 2. The origin of this software must not be misrepresented, either by + * explicit claim or by omission. Since few users ever read sources, + * credits should appear in the documentation. + * + * 3. Altered versions must be plainly marked as such, and must not be + * misrepresented as being the original software. Since few users + * ever read sources, credits should appear in the documentation. + * + * 4. This notice may not be removed or altered. + * +----------------------------------- + + +PM2 +----------------------------------- + * Redistribution and use in source and binary forms are permitted only + * as authorized by the OpenLDAP Public License. A copy of this + * license is available at http://www.OpenLDAP.org/license.html or + * in file LICENSE in the top-level directory of the distribution. +----------------------------------- + + +UoC +----------------------------------- + * Redistribution and use in source and binary forms are permitted + * provided that the above copyright notice and this paragraph are + * duplicated in all such forms and that any documentation, + * advertising materials, and other materials related to such + * distribution and use acknowledge that the software was developed + * by the University of California, Berkeley. The name of the + * University may not be used to endorse or promote products derived + * from this software without specific prior written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + +NOTE: The Regents have since retroactively removed the advertising +clause from above. + +----------------------------------- + + +UoC2 +----------------------------------- + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + +NOTE: The Regents have since retroactively removed the advertising +clause from above. +See: +ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change + +----------------------------------- + + +UoM +----------------------------------- + * Redistribution and use in source and binary forms are permitted + * provided that this notice is preserved and that due credit is given + * to the University of Michigan at Ann Arbor. The name of the University + * may not be used to endorse or promote products derived from this + * software without specific prior written permission. This software + * is provided ``as is'' without express or implied warranty. +--- +After discussing this license with the OpenLDAP Foundation we received +clarification on it: +--- + + * To: Stephen Frost <sfrost@snowman.net> + * Subject: Re: OpenLDAP Licenseing issues + * From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> + * Date: Wed, 28 May 2003 10:55:44 -0700 + * Cc: Steve Langasek <vorlon@netexpress.net>,debian-legal@lists.debian.org, openldap-devel@OpenLDAP.org + * In-reply-to: <20030528162613.GB8524@ns.snowman.net> + * Message-id: <5.2.0.9.0.20030528094229.02924780@127.0.0.1> + * Old-return-path: <Kurt@OpenLDAP.org> + +Steven, + +The OpenLDAP Foundation believes it the Regents' statement grants a +license to redistribute derived works and is confident that the University, +who is quite aware of our actions (as they actively participate in them), +does not consider our actions to infringe on their rights. You are +welcomed to your opinions. I suggest, however, that before you rely +on your or other people's opinions (including ours), that you consult +with a lawyer familiar with applicable law and the particulars of your +situation. + +The Foundation sees no reason for it to expend its limited resources +seeking clarifications which it believes are unnecessary. You are, +of course, welcomed to expend time and energy seeking clarifications +you think are necessary. I suggest you contact University's general +counsel office (http://www.umich.edu/~vpgc/). + +Regards, Kurt +----------------------------------- + + diff --git a/debian/dh_installscripts-common b/debian/dh_installscripts-common new file mode 100755 index 0000000..9936b4f --- /dev/null +++ b/debian/dh_installscripts-common @@ -0,0 +1,22 @@ +#!/usr/bin/perl -w + +use strict; +use Debian::Debhelper::Dh_Lib; + +init(); + +foreach my $package (@{$dh{DOPACKAGES}}) { + my $tmp=tmpdir($package); + my $ext=pkgext($package); + + if (! -d "$tmp/DEBIAN") { + next; + } + + foreach my $file (qw{postinst preinst prerm postrm config}) { + my $f="$tmp/DEBIAN/$file"; + if ($f) { + complex_doit("perl -pe 's~#SCRIPTSCOMMON#~qx{cat debian/${ext}scripts-common}~eg' -i $f"); + } + } +} diff --git a/debian/ldap-utils.README.Debian b/debian/ldap-utils.README.Debian new file mode 100644 index 0000000..83e979a --- /dev/null +++ b/debian/ldap-utils.README.Debian @@ -0,0 +1,5 @@ +If you want to play with shell and ldapsearch output, be sure your dn +entries are one per line. A perl script could be: + + ldapsearch ... | perl -p -0040 -e 's/\n //' + diff --git a/debian/ldap-utils.dirs b/debian/ldap-utils.dirs new file mode 100644 index 0000000..a65408f --- /dev/null +++ b/debian/ldap-utils.dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/man diff --git a/debian/ldap-utils.install b/debian/ldap-utils.install new file mode 100644 index 0000000..7a0238a --- /dev/null +++ b/debian/ldap-utils.install @@ -0,0 +1,10 @@ +debian/tmp/usr/bin/ldapadd usr/bin +debian/tmp/usr/bin/ldapdelete usr/bin +debian/tmp/usr/bin/ldapmodrdn usr/bin +debian/tmp/usr/bin/ldapsearch usr/bin +debian/tmp/usr/bin/ldapcompare usr/bin +debian/tmp/usr/bin/ldapmodify usr/bin +debian/tmp/usr/bin/ldappasswd usr/bin +debian/tmp/usr/bin/ldapwhoami usr/bin +debian/tmp/usr/bin/ldapexop usr/bin +debian/tmp/usr/bin/ldapurl usr/bin diff --git a/debian/ldap-utils.manpages b/debian/ldap-utils.manpages new file mode 100644 index 0000000..b7778fe --- /dev/null +++ b/debian/ldap-utils.manpages @@ -0,0 +1,11 @@ +debian/tmp/usr/share/man/man1/ldapcompare.1 +debian/tmp/usr/share/man/man1/ldapdelete.1 +debian/tmp/usr/share/man/man1/ldapexop.1 +debian/tmp/usr/share/man/man1/ldapmodify.1 +debian/tmp/usr/share/man/man1/ldapmodrdn.1 +debian/tmp/usr/share/man/man1/ldappasswd.1 +debian/tmp/usr/share/man/man1/ldapsearch.1 +debian/tmp/usr/share/man/man1/ldapwhoami.1 +debian/tmp/usr/share/man/man1/ldapurl.1 +debian/tmp/usr/share/man/man1/ldapadd.1 +debian/tmp/usr/share/man/man5/ldif.5 diff --git a/debian/ldiftopasswd b/debian/ldiftopasswd new file mode 100755 index 0000000..543bdd5 --- /dev/null +++ b/debian/ldiftopasswd @@ -0,0 +1,174 @@ +#!/usr/bin/perl -w +# +# +# Comments on usage from the email we received: +# I showed a friend the following script. He said I should submit it for +# inclusion in openldap, because it might useful for others. +# +# The attached perl script, when used like +# +# ldapsearch | ldiftopasswd +# +# will automatically: +# +# 1. create /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow +# +# 2. append /etc/passwd.top, /etc/shadow.top, /etc/group.top, and /etc/gshadow.top to respective files. +# +# 3. use data from ldap to create the files (note: gshadow isn't really +# supported, because I don't use it, nor could I find any +# documentation. Adding support for other files should be easy). +# +# (of course you need access to all fields including the password field +# for this, so use correct parameters to ldapsearch). +# +# This could be useful for instance on laptop computers where you don't +# want to run a slave slapd server for some reason (perhaps memory +# constraints). +# ---------------------------------------- +use strict; +use Getopt::Long; +use MIME::Base64; +use IO::File; + +my $passwdfile="/etc/passwd"; +my $shadowfile="/etc/shadow"; +my $groupfile="/etc/group"; +my $gshadowfile="/etc/gshadow"; +my $help; +GetOptions ( + '--passwd=s',\$passwdfile, + '--shadow=s',\$shadowfile, + '--group=s',\$groupfile, + '--gshadow=s',\$gshadowfile, + '--help',\$help, + ) or die "Bad options\n"; + +if ($help or $#ARGV != -1) { + print STDERR "usage: $0 [etcfile=filename] [--help]\n"; + exit 255; +} + +sub start_file($) { + my ($file) = @_; + my $outhandle = new IO::File; + $outhandle->open(">$file") or die "Cannot open $file for writing"; + + open(TMP,"<$file.top") or die "cannot open $file.top for reading"; + while (<TMP>) { $outhandle->print($_); } + close(TMP) or die "cannot close $file for reading"; + + return($outhandle); +} + +my $PASSWD = start_file($passwdfile); +my $SHADOW = start_file($shadowfile); +my $GROUP = start_file($groupfile); +my $GSHADOW = start_file($gshadowfile); + +sub dopasswd($) { + my ($record) = @_; + my $userPassword="*"; + + $PASSWD->print( + $record->{"uid"},":", + "x",":", + $record->{"uidNumber"},":", + $record->{"gidNumber"},":", + $record->{"gecos"},":", + $record->{"homeDirectory"},":", + $record->{"loginShell"},"\n"); + + if (defined($record->{"userPassword"}) && + $record->{"userPassword"} =~ /^{(crypt)}(.*)$/) + { $userPassword = $2; } + + $SHADOW->print( + $record->{"uid"},":", + $userPassword,":", + $record->{"shadowLastChange"} || "10706",":", + $record->{"shadowMin"} || "0",":", + $record->{"shadowMax"} || "99999",":", + $record->{"shadowWarning"} || "7",":", + $record->{"shadowInactive"} || "",":", + $record->{"shadowExpire"} || "",":", + "","\n"); +} + +sub dogroup($) { + my ($record) = @_; + my $userPassword="*"; + + my $members=""; + if (defined($record->{"memberUid"})) { + $members = join(",",@{$record->{"memberUid"}}); + } + + $GROUP->print( + $record->{"cn"},":", + "x",":", + $record->{"gidNumber"},":", + $members,"\n"); + + if (defined($record->{"userPassword"}) && + $record->{"userPassword"} =~ /^{(crypt)}(.*)$/) + { $userPassword = $2; } + +# !FIXME! +# $GSHADOW->print +# $record->{"cn"},":", +# "*",":", +# "",":", +# "","\n"; +} + + +my %record; +my $user=0; +my $group=0; + +while (<>) { + if (/^$/) { + if ($user) { + dopasswd(\%record); + } + if ($group) { + dogroup(\%record); + } + + $user = $group = 0; + %record=(); + } + elsif (/^objectClass: posixAccount$/) { + $user = 1; + } + elsif (/^objectClass: posixGroup$/) { + $group = 1; + } + elsif (/^(uid|uidNumber|gidNumber|gecos|homeDirectory|loginShell): (.*)$/) { + if (!defined($record{$1})) { $record{$1} = $2; } + } + elsif (/^(userPassword|shadowLastChange|shadowMin|shadowMax|shadowWarning|shadowInactive|shadowExpire): (.*)$/) { + if (!defined($record{$1})) { $record{$1} = $2; } + } + elsif (/^(cn): (.*)$/) { + if (!defined($record{$1})) { $record{$1} = $2; } + } + elsif (/^(uniqueMember): (.*)$/) { + push @{$record{$1}},$2; + if ($2 =~ /uid=([a-zA-Z]*),/) { + push @{$record{"memberUid"}},$1; + } + } + elsif (/^(memberUid): (.*)$/) { + push @{$record{$1}},$2; + } + elsif (/^(userPassword):: (.*)$/) { + $record{$1} = decode_base64($2); + } +} + +$PASSWD->close or die "Cannot close $passwdfile for writing"; +$SHADOW->close or die "Cannot close $shadowfile for writing"; +$GROUP->close or die "Cannot close $groupfile for writing"; +$GSHADOW->close or die "Cannot close $gshadowfile for writing"; diff --git a/debian/libldap-2.4-2.README.Debian b/debian/libldap-2.4-2.README.Debian new file mode 100644 index 0000000..151703c --- /dev/null +++ b/debian/libldap-2.4-2.README.Debian @@ -0,0 +1,22 @@ +Notes about Debian's libldap2 package +------------------------------------- + +It has been reported that using libnss-ldap can cause a failure to +unmount /usr on system shutdown. The reason is that the nss module +uses libldap from /usr and is used by the shell in the system +scripts executed on shutdown/reboot. + +More precisely bash uses the getpwuid function to get the data of +the current user which pulls in the nss modules which includes +the ldap libraries if you are using that module. + +Possible solutions to this problem are: + +a) use another shell that does not utilize getpwuid for getting info + about the current user (take dash for example). +b) make sure that the nsswitch.conf is replaced by a version which does + not mention ldap before the system is shut down (and have a startup + script that installs the "full" version of that file). +c) move the libraries to /lib (not recommended). + + -- Torsten Landschoff <torsten@debian.org> Mon, 30 Sep 2002 11:06:22 +0200 diff --git a/debian/libldap-2.4-2.install b/debian/libldap-2.4-2.install new file mode 100644 index 0000000..35b0d96 --- /dev/null +++ b/debian/libldap-2.4-2.install @@ -0,0 +1,4 @@ +usr/lib/*/liblber-2.4.so.2 +usr/lib/*/liblber-2.4.so.2.*.* +usr/lib/*/libldap_r-2.4.so.2 +usr/lib/*/libldap_r-2.4.so.2.*.* diff --git a/debian/libldap-2.4-2.links.in b/debian/libldap-2.4-2.links.in new file mode 100644 index 0000000..c81df26 --- /dev/null +++ b/debian/libldap-2.4-2.links.in @@ -0,0 +1 @@ +usr/lib/${DEB_HOST_MULTIARCH}/libldap_r-2.4.so.2 usr/lib/${DEB_HOST_MULTIARCH}/libldap-2.4.so.2 diff --git a/debian/libldap-2.4-2.lintian-overrides b/debian/libldap-2.4-2.lintian-overrides new file mode 100644 index 0000000..f5baab4 --- /dev/null +++ b/debian/libldap-2.4-2.lintian-overrides @@ -0,0 +1,4 @@ +libldap-2.4-2: package-name-doesnt-match-sonames liblber-2.4-2 libldap-r-2.4-2 +# #687022 +libldap-2.4-2: dev-pkg-without-shlib-symlink */liblber-2.4.so.* * +libldap-2.4-2: dev-pkg-without-shlib-symlink */libldap_r-2.4.so.* * diff --git a/debian/libldap-2.4-2.shlibs b/debian/libldap-2.4-2.shlibs new file mode 100644 index 0000000..13fdedb --- /dev/null +++ b/debian/libldap-2.4-2.shlibs @@ -0,0 +1,9 @@ +# While only libldap_r is packaged, the client programs are linked +# against libldap during build. This is here just to satisfy +# dpkg-shlibdeps for ldap-utils: libldap is not around when +# dpkg-gensymbols runs, so it's not listed in the symbols file. A better +# long-term workaround will be to patch the upstream build system so the +# client programs are linked against libldap_r. +liblber-2.4 2 libldap-2.4-2 (>= 2.4.7) +libldap-2.4 2 libldap-2.4-2 (>= 2.4.7) +libldap_r-2.4 2 libldap-2.4-2 (>= 2.4.7) diff --git a/debian/libldap-2.4-2.symbols b/debian/libldap-2.4-2.symbols new file mode 100644 index 0000000..d42ccec --- /dev/null +++ b/debian/libldap-2.4-2.symbols @@ -0,0 +1,646 @@ +liblber-2.4.so.2 libldap-2.4-2 #MINVER# + OPENLDAP_2.4_2@OPENLDAP_2.4_2 2.4.7 + ber_alloc@OPENLDAP_2.4_2 2.4.7 + ber_alloc_t@OPENLDAP_2.4_2 2.4.7 + ber_bprint@OPENLDAP_2.4_2 2.4.7 + ber_bvarray_add@OPENLDAP_2.4_2 2.4.7 + ber_bvarray_add_x@OPENLDAP_2.4_2 2.4.7 + ber_bvarray_dup_x@OPENLDAP_2.4_2 2.4.7 + ber_bvarray_free@OPENLDAP_2.4_2 2.4.7 + ber_bvarray_free_x@OPENLDAP_2.4_2 2.4.7 + ber_bvdup@OPENLDAP_2.4_2 2.4.7 + ber_bvecadd@OPENLDAP_2.4_2 2.4.7 + ber_bvecadd_x@OPENLDAP_2.4_2 2.4.7 + ber_bvecfree@OPENLDAP_2.4_2 2.4.7 + ber_bvecfree_x@OPENLDAP_2.4_2 2.4.7 + ber_bvfree@OPENLDAP_2.4_2 2.4.7 + ber_bvfree_x@OPENLDAP_2.4_2 2.4.7 + ber_bvreplace@OPENLDAP_2.4_2 2.4.7 + ber_bvreplace_x@OPENLDAP_2.4_2 2.4.7 + ber_decode_oid@OPENLDAP_2.4_2 2.4.7 + ber_dump@OPENLDAP_2.4_2 2.4.7 + ber_dup@OPENLDAP_2.4_2 2.4.7 + ber_dupbv@OPENLDAP_2.4_2 2.4.7 + ber_dupbv_x@OPENLDAP_2.4_2 2.4.7 + ber_encode_oid@OPENLDAP_2.4_2 2.4.7 + ber_errno_addr@OPENLDAP_2.4_2 2.4.7 + ber_error_print@OPENLDAP_2.4_2 2.4.7 + ber_first_element@OPENLDAP_2.4_2 2.4.7 + ber_flatten2@OPENLDAP_2.4_2 2.4.7 + ber_flatten@OPENLDAP_2.4_2 2.4.7 + ber_flush2@OPENLDAP_2.4_2 2.4.7 + ber_flush@OPENLDAP_2.4_2 2.4.7 + ber_free@OPENLDAP_2.4_2 2.4.7 + ber_free_buf@OPENLDAP_2.4_2 2.4.7 + ber_get_bitstringa@OPENLDAP_2.4_2 2.4.7 + ber_get_boolean@OPENLDAP_2.4_2 2.4.7 + ber_get_enum@OPENLDAP_2.4_2 2.4.7 + ber_get_int@OPENLDAP_2.4_2 2.4.7 + ber_get_next@OPENLDAP_2.4_2 2.4.7 + ber_get_null@OPENLDAP_2.4_2 2.4.7 + ber_get_option@OPENLDAP_2.4_2 2.4.7 + ber_get_stringa@OPENLDAP_2.4_2 2.4.7 + ber_get_stringa_null@OPENLDAP_2.4_2 2.4.7 + ber_get_stringal@OPENLDAP_2.4_2 2.4.7 + ber_get_stringb@OPENLDAP_2.4_2 2.4.7 + ber_get_stringbv@OPENLDAP_2.4_2 2.4.7 + ber_get_stringbv_null@OPENLDAP_2.4_2 2.4.7 + ber_get_tag@OPENLDAP_2.4_2 2.4.7 + ber_init2@OPENLDAP_2.4_2 2.4.7 + ber_init@OPENLDAP_2.4_2 2.4.7 + ber_init_w_nullc@OPENLDAP_2.4_2 2.4.7 + ber_int_errno_fn@OPENLDAP_2.4_2 2.4.7 + ber_int_log_proc@OPENLDAP_2.4_2 2.4.7 + ber_int_memory_fns@OPENLDAP_2.4_2 2.4.7 + ber_int_options@OPENLDAP_2.4_2 2.4.7 + ber_int_sb_close@OPENLDAP_2.4_2 2.4.7 + ber_int_sb_destroy@OPENLDAP_2.4_2 2.4.7 + ber_int_sb_init@OPENLDAP_2.4_2 2.4.7 + ber_int_sb_read@OPENLDAP_2.4_2 2.4.7 + ber_int_sb_write@OPENLDAP_2.4_2 2.4.7 + ber_len@OPENLDAP_2.4_2 2.4.7 + ber_log_bprint@OPENLDAP_2.4_2 2.4.7 + ber_log_dump@OPENLDAP_2.4_2 2.4.7 + ber_log_sos_dump@OPENLDAP_2.4_2 2.4.7 + ber_mem2bv@OPENLDAP_2.4_2 2.4.7 + ber_mem2bv_x@OPENLDAP_2.4_2 2.4.7 + ber_memalloc@OPENLDAP_2.4_2 2.4.7 + ber_memalloc_x@OPENLDAP_2.4_2 2.4.7 + ber_memcalloc@OPENLDAP_2.4_2 2.4.7 + ber_memcalloc_x@OPENLDAP_2.4_2 2.4.7 + ber_memfree@OPENLDAP_2.4_2 2.4.7 + ber_memfree_x@OPENLDAP_2.4_2 2.4.7 + ber_memrealloc@OPENLDAP_2.4_2 2.4.7 + ber_memrealloc_x@OPENLDAP_2.4_2 2.4.7 + ber_memvfree@OPENLDAP_2.4_2 2.4.7 + ber_memvfree_x@OPENLDAP_2.4_2 2.4.7 + ber_next_element@OPENLDAP_2.4_2 2.4.7 + ber_peek_element@OPENLDAP_2.4_2 2.4.21 + ber_peek_tag@OPENLDAP_2.4_2 2.4.7 + ber_printf@OPENLDAP_2.4_2 2.4.7 + ber_ptrlen@OPENLDAP_2.4_2 2.4.7 + ber_put_berval@OPENLDAP_2.4_2 2.4.7 + ber_put_bitstring@OPENLDAP_2.4_2 2.4.7 + ber_put_boolean@OPENLDAP_2.4_2 2.4.7 + ber_put_enum@OPENLDAP_2.4_2 2.4.7 + ber_put_int@OPENLDAP_2.4_2 2.4.7 + ber_put_null@OPENLDAP_2.4_2 2.4.7 + ber_put_ostring@OPENLDAP_2.4_2 2.4.7 + ber_put_seq@OPENLDAP_2.4_2 2.4.7 + ber_put_set@OPENLDAP_2.4_2 2.4.7 + ber_put_string@OPENLDAP_2.4_2 2.4.7 + ber_pvt_err_file@OPENLDAP_2.4_2 2.4.7 + ber_pvt_log_output@OPENLDAP_2.4_2 2.4.7 + ber_pvt_log_print@OPENLDAP_2.4_2 2.4.7 + ber_pvt_log_printf@OPENLDAP_2.4_2 2.4.7 + ber_pvt_opt_on@OPENLDAP_2.4_2 2.4.7 + ber_pvt_sb_buf_destroy@OPENLDAP_2.4_2 2.4.7 + ber_pvt_sb_buf_init@OPENLDAP_2.4_2 2.4.7 + ber_pvt_sb_copy_out@OPENLDAP_2.4_2 2.4.7 + ber_pvt_sb_do_write@OPENLDAP_2.4_2 2.4.7 + ber_pvt_sb_grow_buffer@OPENLDAP_2.4_2 2.4.7 + ber_pvt_socket_set_nonblock@OPENLDAP_2.4_2 2.4.7 + ber_read@OPENLDAP_2.4_2 2.4.7 + ber_realloc@OPENLDAP_2.4_2 2.4.7 + ber_remaining@OPENLDAP_2.4_2 2.4.7 + ber_reset@OPENLDAP_2.4_2 2.4.7 + ber_rewind@OPENLDAP_2.4_2 2.4.7 + ber_scanf@OPENLDAP_2.4_2 2.4.7 + ber_set_option@OPENLDAP_2.4_2 2.4.7 + ber_skip_data@OPENLDAP_2.4_2 2.4.7 + ber_skip_element@OPENLDAP_2.4_2 2.4.21 + ber_skip_tag@OPENLDAP_2.4_2 2.4.7 + ber_sockbuf_add_io@OPENLDAP_2.4_2 2.4.7 + ber_sockbuf_alloc@OPENLDAP_2.4_2 2.4.7 + ber_sockbuf_ctrl@OPENLDAP_2.4_2 2.4.7 + ber_sockbuf_free@OPENLDAP_2.4_2 2.4.7 + ber_sockbuf_io_debug@OPENLDAP_2.4_2 2.4.7 + ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7 + ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7 + ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7 + ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7 + ber_sos_dump@OPENLDAP_2.4_2 2.4.7 + ber_start@OPENLDAP_2.4_2 2.4.7 + ber_start_seq@OPENLDAP_2.4_2 2.4.7 + ber_start_set@OPENLDAP_2.4_2 2.4.7 + ber_str2bv@OPENLDAP_2.4_2 2.4.7 + ber_str2bv_x@OPENLDAP_2.4_2 2.4.7 + ber_strdup@OPENLDAP_2.4_2 2.4.7 + ber_strdup_x@OPENLDAP_2.4_2 2.4.7 + ber_strndup@OPENLDAP_2.4_2 2.4.7 + ber_strndup_x@OPENLDAP_2.4_2 2.4.7 + ber_strnlen@OPENLDAP_2.4_2 2.4.17 + ber_write@OPENLDAP_2.4_2 2.4.7 + der_alloc@OPENLDAP_2.4_2 2.4.7 + lutil_debug@OPENLDAP_2.4_2 2.4.7 + lutil_debug_file@OPENLDAP_2.4_2 2.4.7 +libldap_r-2.4.so.2 libldap-2.4-2 #MINVER# + OPENLDAP_2.4_2@OPENLDAP_2.4_2 2.4.7 + ldap_X509dn2bv@OPENLDAP_2.4_2 2.4.7 + ldap_abandon@OPENLDAP_2.4_2 2.4.7 + ldap_abandon_ext@OPENLDAP_2.4_2 2.4.7 + ldap_add@OPENLDAP_2.4_2 2.4.7 + ldap_add_ext@OPENLDAP_2.4_2 2.4.7 + ldap_add_ext_s@OPENLDAP_2.4_2 2.4.7 + ldap_add_result_entry@OPENLDAP_2.4_2 2.4.7 + ldap_add_s@OPENLDAP_2.4_2 2.4.7 + ldap_alloc_ber_with_options@OPENLDAP_2.4_2 2.4.7 + ldap_append_referral@OPENLDAP_2.4_2 2.4.7 + ldap_attributetype2bv@OPENLDAP_2.4_2 2.4.7 + ldap_attributetype2name@OPENLDAP_2.4_2 2.4.7 + ldap_attributetype2str@OPENLDAP_2.4_2 2.4.7 + ldap_attributetype_free@OPENLDAP_2.4_2 2.4.7 + ldap_bind@OPENLDAP_2.4_2 2.4.7 + ldap_bind_s@OPENLDAP_2.4_2 2.4.7 + ldap_build_add_req@OPENLDAP_2.4_2 2.4.43 + ldap_build_bind_req@OPENLDAP_2.4_2 2.4.43 + ldap_build_compare_req@OPENLDAP_2.4_2 2.4.43 + ldap_build_delete_req@OPENLDAP_2.4_2 2.4.43 + ldap_build_extended_req@OPENLDAP_2.4_2 2.4.43 + ldap_build_moddn_req@OPENLDAP_2.4_2 2.4.43 + ldap_build_modify_req@OPENLDAP_2.4_2 2.4.43 + ldap_build_search_req@OPENLDAP_2.4_2 2.4.7 + ldap_bv2dn@OPENLDAP_2.4_2 2.4.7 + ldap_bv2dn_x@OPENLDAP_2.4_2 2.4.7 + ldap_bv2escaped_filter_value@OPENLDAP_2.4_2 2.4.7 + ldap_bv2escaped_filter_value_len@OPENLDAP_2.4_2 2.4.7 + ldap_bv2escaped_filter_value_x@OPENLDAP_2.4_2 2.4.7 + ldap_bv2rdn@OPENLDAP_2.4_2 2.4.7 + ldap_bv2rdn_x@OPENLDAP_2.4_2 2.4.7 + ldap_cancel@OPENLDAP_2.4_2 2.4.7 + ldap_cancel_s@OPENLDAP_2.4_2 2.4.7 + ldap_charray2str@OPENLDAP_2.4_2 2.4.7 + ldap_charray_add@OPENLDAP_2.4_2 2.4.7 + ldap_charray_dup@OPENLDAP_2.4_2 2.4.7 + ldap_charray_free@OPENLDAP_2.4_2 2.4.7 + ldap_charray_inlist@OPENLDAP_2.4_2 2.4.7 + ldap_charray_merge@OPENLDAP_2.4_2 2.4.7 + ldap_chase_referrals@OPENLDAP_2.4_2 2.4.7 + ldap_chase_v3referrals@OPENLDAP_2.4_2 2.4.7 + ldap_clear_select_write@OPENLDAP_2.4_2 2.4.31 + ldap_compare@OPENLDAP_2.4_2 2.4.7 + ldap_compare_ext@OPENLDAP_2.4_2 2.4.7 + ldap_compare_ext_s@OPENLDAP_2.4_2 2.4.7 + ldap_compare_s@OPENLDAP_2.4_2 2.4.7 + ldap_connect_to_host@OPENLDAP_2.4_2 2.4.7 + ldap_connect_to_path@OPENLDAP_2.4_2 2.4.7 + ldap_contentrule2bv@OPENLDAP_2.4_2 2.4.7 + ldap_contentrule2name@OPENLDAP_2.4_2 2.4.7 + ldap_contentrule2str@OPENLDAP_2.4_2 2.4.7 + ldap_contentrule_free@OPENLDAP_2.4_2 2.4.7 + ldap_control_create@OPENLDAP_2.4_2 2.4.7 + ldap_control_dup@OPENLDAP_2.4_2 2.4.7 + ldap_control_find@OPENLDAP_2.4_2 2.4.7 + ldap_control_free@OPENLDAP_2.4_2 2.4.7 + ldap_controls_dup@OPENLDAP_2.4_2 2.4.7 + ldap_controls_free@OPENLDAP_2.4_2 2.4.7 + ldap_count_entries@OPENLDAP_2.4_2 2.4.7 + ldap_count_messages@OPENLDAP_2.4_2 2.4.7 + ldap_count_references@OPENLDAP_2.4_2 2.4.7 + ldap_count_values@OPENLDAP_2.4_2 2.4.7 + ldap_count_values_len@OPENLDAP_2.4_2 2.4.7 + ldap_create@OPENLDAP_2.4_2 2.4.7 + ldap_create_assertion_control@OPENLDAP_2.4_2 2.4.11 + ldap_create_assertion_control_value@OPENLDAP_2.4_2 2.4.11 + ldap_create_control@OPENLDAP_2.4_2 2.4.7 + ldap_create_deref_control@OPENLDAP_2.4_2 2.4.15 + ldap_create_deref_control_value@OPENLDAP_2.4_2 2.4.15 + ldap_create_page_control@OPENLDAP_2.4_2 2.4.7 + ldap_create_page_control_value@OPENLDAP_2.4_2 2.4.7 + ldap_create_passwordpolicy_control@OPENLDAP_2.4_2 2.4.7 + ldap_create_session_tracking_control@OPENLDAP_2.4_2 2.4.28 + ldap_create_session_tracking_value@OPENLDAP_2.4_2 2.4.28 + ldap_create_sort_control@OPENLDAP_2.4_2 2.4.7 + ldap_create_sort_control_value@OPENLDAP_2.4_2 2.4.7 + ldap_create_sort_keylist@OPENLDAP_2.4_2 2.4.7 + ldap_create_vlv_control@OPENLDAP_2.4_2 2.4.7 + ldap_create_vlv_control_value@OPENLDAP_2.4_2 2.4.7 + ldap_dcedn2dn@OPENLDAP_2.4_2 2.4.7 + ldap_delete@OPENLDAP_2.4_2 2.4.7 + ldap_delete_ext@OPENLDAP_2.4_2 2.4.7 + ldap_delete_ext_s@OPENLDAP_2.4_2 2.4.7 + ldap_delete_result_entry@OPENLDAP_2.4_2 2.4.7 + ldap_delete_s@OPENLDAP_2.4_2 2.4.7 + ldap_derefresponse_free@OPENLDAP_2.4_2 2.4.15 + ldap_destroy@OPENLDAP_2.4_2 2.4.25 + ldap_dn2ad_canonical@OPENLDAP_2.4_2 2.4.7 + ldap_dn2bv@OPENLDAP_2.4_2 2.4.7 + ldap_dn2bv_x@OPENLDAP_2.4_2 2.4.7 + ldap_dn2dcedn@OPENLDAP_2.4_2 2.4.7 + ldap_dn2domain@OPENLDAP_2.4_2 2.4.7 + ldap_dn2str@OPENLDAP_2.4_2 2.4.7 + ldap_dn2ufn@OPENLDAP_2.4_2 2.4.7 + ldap_dn_normalize@OPENLDAP_2.4_2 2.4.7 + ldap_dnfree@OPENLDAP_2.4_2 2.4.7 + ldap_dnfree_x@OPENLDAP_2.4_2 2.4.7 + ldap_domain2dn@OPENLDAP_2.4_2 2.4.7 + ldap_domain2hostlist@OPENLDAP_2.4_2 2.4.7 + ldap_dump_connection@OPENLDAP_2.4_2 2.4.7 + ldap_dump_requests_and_responses@OPENLDAP_2.4_2 2.4.7 + ldap_dup@OPENLDAP_2.4_2 2.4.25 + ldap_err2string@OPENLDAP_2.4_2 2.4.7 + ldap_explode_dn@OPENLDAP_2.4_2 2.4.7 + ldap_explode_rdn@OPENLDAP_2.4_2 2.4.7 + ldap_extended_operation@OPENLDAP_2.4_2 2.4.7 + ldap_extended_operation_s@OPENLDAP_2.4_2 2.4.7 + ldap_find_control@OPENLDAP_2.4_2 2.4.7 + ldap_find_request_by_msgid@OPENLDAP_2.4_2 2.4.7 + ldap_first_attribute@OPENLDAP_2.4_2 2.4.7 + ldap_first_entry@OPENLDAP_2.4_2 2.4.7 + ldap_first_message@OPENLDAP_2.4_2 2.4.7 + ldap_first_reference@OPENLDAP_2.4_2 2.4.7 + ldap_free_connection@OPENLDAP_2.4_2 2.4.7 + ldap_free_request@OPENLDAP_2.4_2 2.4.7 + ldap_free_select_info@OPENLDAP_2.4_2 2.4.7 + ldap_free_sort_keylist@OPENLDAP_2.4_2 2.4.7 + ldap_free_urldesc@OPENLDAP_2.4_2 2.4.7 + ldap_free_urllist@OPENLDAP_2.4_2 2.4.7 + ldap_get_attribute_ber@OPENLDAP_2.4_2 2.4.7 + ldap_get_dn@OPENLDAP_2.4_2 2.4.7 + ldap_get_dn_ber@OPENLDAP_2.4_2 2.4.7 + ldap_get_entry_controls@OPENLDAP_2.4_2 2.4.7 + ldap_get_message_ber@OPENLDAP_2.4_2 2.4.7 + ldap_get_option@OPENLDAP_2.4_2 2.4.7 + ldap_get_values@OPENLDAP_2.4_2 2.4.7 + ldap_get_values_len@OPENLDAP_2.4_2 2.4.7 + ldap_gssapi_bind@OPENLDAP_2.4_2 2.4.15 + ldap_gssapi_bind_s@OPENLDAP_2.4_2 2.4.15 + ldap_host_connected_to@OPENLDAP_2.4_2 2.4.7 + ldap_init@OPENLDAP_2.4_2 2.4.7 + ldap_init_fd@OPENLDAP_2.4_2 2.4.7 + ldap_initialize@OPENLDAP_2.4_2 2.4.7 + ldap_install_tls@OPENLDAP_2.4_2 2.4.7 + ldap_int_bisect_delete@OPENLDAP_2.4_2 2.4.7 + ldap_int_bisect_find@OPENLDAP_2.4_2 2.4.7 + ldap_int_bisect_insert@OPENLDAP_2.4_2 2.4.7 + ldap_int_check_async_open@OPENLDAP_2.4_2 2.4.28 + ldap_int_client_controls@OPENLDAP_2.4_2 2.4.7 + ldap_int_connect_cbs@OPENLDAP_2.4_2 2.4.15 + ldap_int_error_init@OPENLDAP_2.4_2 2.4.7 + ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7 + ldap_int_global_options@OPENLDAP_2.4_2 2.4.7 + ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23 + ldap_int_hostname@OPENLDAP_2.4_2 2.4.7 + ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39 + ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7 + ldap_int_initialize@OPENLDAP_2.4_2 2.4.7 + ldap_int_initialize_global_options@OPENLDAP_2.4_2 2.4.7 + ldap_int_msgtype2str@OPENLDAP_2.4_2 2.4.7 + ldap_int_open_connection@OPENLDAP_2.4_2 2.4.7 + ldap_int_parse_numericoid@OPENLDAP_2.4_2 2.4.7 + ldap_int_parse_ruleid@OPENLDAP_2.4_2 2.4.7 + ldap_int_poll@OPENLDAP_2.4_2 2.4.7 + ldap_int_put_controls@OPENLDAP_2.4_2 2.4.7 + ldap_int_resolv_mutex@OPENLDAP_2.4_2 2.4.7 + ldap_int_sasl_bind@OPENLDAP_2.4_2 2.4.7 + ldap_int_sasl_close@OPENLDAP_2.4_2 2.4.7 + ldap_int_sasl_config@OPENLDAP_2.4_2 2.4.7 + ldap_int_sasl_external@OPENLDAP_2.4_2 2.4.7 + ldap_int_sasl_get_option@OPENLDAP_2.4_2 2.4.7 + ldap_int_sasl_init@OPENLDAP_2.4_2 2.4.7 + ldap_int_sasl_open@OPENLDAP_2.4_2 2.4.7 + ldap_int_sasl_set_option@OPENLDAP_2.4_2 2.4.7 + ldap_int_select@OPENLDAP_2.4_2 2.4.7 + ldap_int_thread_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_int_thread_initialize@OPENLDAP_2.4_2 2.4.7 + ldap_int_thread_pool_shutdown@OPENLDAP_2.4_2 2.4.7 + ldap_int_thread_pool_startup@OPENLDAP_2.4_2 2.4.7 + ldap_int_timeval_dup@OPENLDAP_2.4_2 2.4.7 + ldap_int_tls_config@OPENLDAP_2.4_2 2.4.7 + ldap_int_tls_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_int_tls_impl@OPENLDAP_2.4_2 2.4.15 + ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7 + ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7 + ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7 + ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7 + ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7 + ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7 + ldap_is_write_ready@OPENLDAP_2.4_2 2.4.7 + ldap_ld_free@OPENLDAP_2.4_2 2.4.7 + ldap_log_printf@OPENLDAP_2.4_2 2.4.7 + ldap_mark_select_clear@OPENLDAP_2.4_2 2.4.7 + ldap_mark_select_read@OPENLDAP_2.4_2 2.4.7 + ldap_mark_select_write@OPENLDAP_2.4_2 2.4.7 + ldap_matchingrule2bv@OPENLDAP_2.4_2 2.4.7 + ldap_matchingrule2name@OPENLDAP_2.4_2 2.4.7 + ldap_matchingrule2str@OPENLDAP_2.4_2 2.4.7 + ldap_matchingrule_free@OPENLDAP_2.4_2 2.4.7 + ldap_matchingruleuse2bv@OPENLDAP_2.4_2 2.4.7 + ldap_matchingruleuse2name@OPENLDAP_2.4_2 2.4.7 + ldap_matchingruleuse2str@OPENLDAP_2.4_2 2.4.7 + ldap_matchingruleuse_free@OPENLDAP_2.4_2 2.4.7 + ldap_memalloc@OPENLDAP_2.4_2 2.4.7 + ldap_memcalloc@OPENLDAP_2.4_2 2.4.7 + ldap_memfree@OPENLDAP_2.4_2 2.4.7 + ldap_memrealloc@OPENLDAP_2.4_2 2.4.7 + ldap_memvfree@OPENLDAP_2.4_2 2.4.7 + ldap_modify@OPENLDAP_2.4_2 2.4.7 + ldap_modify_ext@OPENLDAP_2.4_2 2.4.7 + ldap_modify_ext_s@OPENLDAP_2.4_2 2.4.7 + ldap_modify_s@OPENLDAP_2.4_2 2.4.7 + ldap_modrdn2@OPENLDAP_2.4_2 2.4.7 + ldap_modrdn2_s@OPENLDAP_2.4_2 2.4.7 + ldap_modrdn@OPENLDAP_2.4_2 2.4.7 + ldap_modrdn_s@OPENLDAP_2.4_2 2.4.7 + ldap_mods_free@OPENLDAP_2.4_2 2.4.7 + ldap_msgdelete@OPENLDAP_2.4_2 2.4.7 + ldap_msgfree@OPENLDAP_2.4_2 2.4.7 + ldap_msgid@OPENLDAP_2.4_2 2.4.7 + ldap_msgtype@OPENLDAP_2.4_2 2.4.7 + ldap_nameform2bv@OPENLDAP_2.4_2 2.4.7 + ldap_nameform2name@OPENLDAP_2.4_2 2.4.7 + ldap_nameform2str@OPENLDAP_2.4_2 2.4.7 + ldap_nameform_free@OPENLDAP_2.4_2 2.4.7 + ldap_new_connection@OPENLDAP_2.4_2 2.4.7 + ldap_new_select_info@OPENLDAP_2.4_2 2.4.7 + ldap_next_attribute@OPENLDAP_2.4_2 2.4.7 + ldap_next_entry@OPENLDAP_2.4_2 2.4.7 + ldap_next_message@OPENLDAP_2.4_2 2.4.7 + ldap_next_reference@OPENLDAP_2.4_2 2.4.7 + ldap_ntlm_bind@OPENLDAP_2.4_2 2.4.7 + ldap_objectclass2bv@OPENLDAP_2.4_2 2.4.7 + ldap_objectclass2name@OPENLDAP_2.4_2 2.4.7 + ldap_objectclass2str@OPENLDAP_2.4_2 2.4.7 + ldap_objectclass_free@OPENLDAP_2.4_2 2.4.7 + ldap_open@OPENLDAP_2.4_2 2.4.7 + ldap_open_defconn@OPENLDAP_2.4_2 2.4.7 + ldap_open_internal_connection@OPENLDAP_2.4_2 2.4.7 + ldap_parse_deref_control@OPENLDAP_2.4_2 2.4.15 + ldap_parse_derefresponse_control@OPENLDAP_2.4_2 2.4.15 + ldap_parse_extended_result@OPENLDAP_2.4_2 2.4.7 + ldap_parse_intermediate@OPENLDAP_2.4_2 2.4.7 + ldap_parse_ntlm_bind_result@OPENLDAP_2.4_2 2.4.7 + ldap_parse_page_control@OPENLDAP_2.4_2 2.4.7 + ldap_parse_pageresponse_control@OPENLDAP_2.4_2 2.4.7 + ldap_parse_passwd@OPENLDAP_2.4_2 2.4.7 + ldap_parse_passwordpolicy_control@OPENLDAP_2.4_2 2.4.7 + ldap_parse_reference@OPENLDAP_2.4_2 2.4.7 + ldap_parse_refresh@OPENLDAP_2.4_2 2.4.7 + ldap_parse_result@OPENLDAP_2.4_2 2.4.7 + ldap_parse_sasl_bind_result@OPENLDAP_2.4_2 2.4.7 + ldap_parse_session_tracking_control@OPENLDAP_2.4_2 2.4.28 + ldap_parse_sortresponse_control@OPENLDAP_2.4_2 2.4.7 + ldap_parse_vlvresponse_control@OPENLDAP_2.4_2 2.4.7 + ldap_parse_whoami@OPENLDAP_2.4_2 2.4.7 + ldap_passwd@OPENLDAP_2.4_2 2.4.7 + ldap_passwd_s@OPENLDAP_2.4_2 2.4.7 + ldap_passwordpolicy_err2txt@OPENLDAP_2.4_2 2.4.7 + ldap_perror@OPENLDAP_2.4_2 2.4.7 + ldap_put_vrFilter@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_bv2scope@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_csnstr@OPENLDAP_2.4_2 2.4.23 + ldap_pvt_ctime@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_discard@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_filter_value_unescape@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_find_wildcard@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_get_controls@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_get_fqdn@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_get_hname@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_gethostbyaddr_a@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_gethostbyname_a@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_gettime@OPENLDAP_2.4_2 2.4.23 + ldap_pvt_hex_unescape@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_put_control@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_put_filter@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_runqueue_find@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_runqueue_insert@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_runqueue_isrunning@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_runqueue_next_sched@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_runqueue_persistent_backload@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_runqueue_remove@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_runqueue_resched@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_runqueue_runtask@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_runqueue_stoptask@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_sasl_generic_install@OPENLDAP_2.4_2 2.4.15 + ldap_pvt_sasl_generic_remove@OPENLDAP_2.4_2 2.4.15 + ldap_pvt_sasl_getmechs@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_sasl_install@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_sasl_mutex_dispose@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_sasl_mutex_lock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_sasl_mutex_new@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_sasl_mutex_unlock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_sasl_remove@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_sasl_secprops@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_sasl_secprops_unparse@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_scope2bv@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_scope2str@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_search@OPENLDAP_2.4_2 2.4.15 + ldap_pvt_search_s@OPENLDAP_2.4_2 2.4.15 + ldap_pvt_sockbuf_io_sasl_generic@OPENLDAP_2.4_2 2.4.15 + ldap_pvt_str2lower@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_str2lowerbv@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_str2scope@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_str2upper@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_str2upperbv@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_strtok@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_cond_broadcast@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_cond_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_cond_init@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_cond_signal@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_cond_wait@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_create@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_exit@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_get_concurrency@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_initialize@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_join@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_key_create@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_key_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_key_getdata@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_key_setdata@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_kill@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_mutex_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_mutex_init@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_mutex_lock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_mutex_trylock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_mutex_unlock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_backload@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_context@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_context_reset@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_getkey@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_idle@OPENLDAP_2.4_2 2.4.31 + ldap_pvt_thread_pool_init@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_maxthreads@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_pause@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_pausecheck@OPENLDAP_2.4_2 2.4.9 + ldap_pvt_thread_pool_pausing@OPENLDAP_2.4_2 2.4.9 + ldap_pvt_thread_pool_purgekey@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_query@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_resume@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_retract@OPENLDAP_2.4_2 2.4.17 + ldap_pvt_thread_pool_setkey@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_submit@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_tid@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_pool_unidle@OPENLDAP_2.4_2 2.4.31 + ldap_pvt_thread_rdwr_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rdwr_init@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rdwr_rlock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rdwr_rtrylock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rdwr_runlock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rdwr_wlock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rdwr_wtrylock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rdwr_wunlock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rmutex_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rmutex_init@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rmutex_lock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rmutex_trylock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_rmutex_unlock@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_self@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_set_concurrency@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_sleep@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_thread_yield@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_accept@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_check_hostname@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_ctx_free@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_get_my_dn@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_get_option@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_get_peer_dn@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_get_strength@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_init@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_init_def_ctx@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_inplace@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_sb_ctx@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_tls_set_option@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_url_scheme2proto@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_url_scheme2tls@OPENLDAP_2.4_2 2.4.7 + ldap_pvt_url_scheme_port@OPENLDAP_2.4_2 2.4.7 + ldap_rdn2bv@OPENLDAP_2.4_2 2.4.7 + ldap_rdn2bv_x@OPENLDAP_2.4_2 2.4.7 + ldap_rdn2str@OPENLDAP_2.4_2 2.4.7 + ldap_rdnfree@OPENLDAP_2.4_2 2.4.7 + ldap_rdnfree_x@OPENLDAP_2.4_2 2.4.7 + ldap_refresh@OPENLDAP_2.4_2 2.4.7 + ldap_refresh_s@OPENLDAP_2.4_2 2.4.7 + ldap_rename2@OPENLDAP_2.4_2 2.4.7 + ldap_rename2_s@OPENLDAP_2.4_2 2.4.7 + ldap_rename@OPENLDAP_2.4_2 2.4.7 + ldap_rename_s@OPENLDAP_2.4_2 2.4.7 + ldap_result2error@OPENLDAP_2.4_2 2.4.7 + ldap_result@OPENLDAP_2.4_2 2.4.7 + ldap_return_request@OPENLDAP_2.4_2 2.4.7 + ldap_sasl_bind@OPENLDAP_2.4_2 2.4.7 + ldap_sasl_bind_s@OPENLDAP_2.4_2 2.4.7 + ldap_sasl_interactive_bind@OPENLDAP_2.4_2 2.4.25 + ldap_sasl_interactive_bind_s@OPENLDAP_2.4_2 2.4.7 + ldap_scherr2str@OPENLDAP_2.4_2 2.4.7 + ldap_search@OPENLDAP_2.4_2 2.4.7 + ldap_search_ext@OPENLDAP_2.4_2 2.4.7 + ldap_search_ext_s@OPENLDAP_2.4_2 2.4.7 + ldap_search_s@OPENLDAP_2.4_2 2.4.7 + ldap_search_st@OPENLDAP_2.4_2 2.4.7 + ldap_send_initial_request@OPENLDAP_2.4_2 2.4.7 + ldap_send_server_request@OPENLDAP_2.4_2 2.4.7 + ldap_send_unbind@OPENLDAP_2.4_2 2.4.7 + ldap_set_ber_options@OPENLDAP_2.4_2 2.4.7 + ldap_set_nextref_proc@OPENLDAP_2.4_2 2.4.7 + ldap_set_option@OPENLDAP_2.4_2 2.4.7 + ldap_set_rebind_proc@OPENLDAP_2.4_2 2.4.7 + ldap_set_urllist_proc@OPENLDAP_2.4_2 2.4.7 + ldap_simple_bind@OPENLDAP_2.4_2 2.4.7 + ldap_simple_bind_s@OPENLDAP_2.4_2 2.4.7 + ldap_sort_entries@OPENLDAP_2.4_2 2.4.7 + ldap_sort_strcasecmp@OPENLDAP_2.4_2 2.4.7 + ldap_sort_values@OPENLDAP_2.4_2 2.4.7 + ldap_start_tls@OPENLDAP_2.4_2 2.4.7 + ldap_start_tls_s@OPENLDAP_2.4_2 2.4.7 + ldap_str2attributetype@OPENLDAP_2.4_2 2.4.7 + ldap_str2charray@OPENLDAP_2.4_2 2.4.7 + ldap_str2contentrule@OPENLDAP_2.4_2 2.4.7 + ldap_str2dn@OPENLDAP_2.4_2 2.4.7 + ldap_str2matchingrule@OPENLDAP_2.4_2 2.4.7 + ldap_str2matchingruleuse@OPENLDAP_2.4_2 2.4.7 + ldap_str2nameform@OPENLDAP_2.4_2 2.4.7 + ldap_str2objectclass@OPENLDAP_2.4_2 2.4.7 + ldap_str2rdn@OPENLDAP_2.4_2 2.4.7 + ldap_str2structurerule@OPENLDAP_2.4_2 2.4.7 + ldap_str2syntax@OPENLDAP_2.4_2 2.4.7 + ldap_strdup@OPENLDAP_2.4_2 2.4.7 + ldap_structurerule2bv@OPENLDAP_2.4_2 2.4.7 + ldap_structurerule2name@OPENLDAP_2.4_2 2.4.7 + ldap_structurerule2str@OPENLDAP_2.4_2 2.4.7 + ldap_structurerule_free@OPENLDAP_2.4_2 2.4.7 + ldap_sync_destroy@OPENLDAP_2.4_2 2.4.7 + ldap_sync_init@OPENLDAP_2.4_2 2.4.7 + ldap_sync_init_refresh_and_persist@OPENLDAP_2.4_2 2.4.7 + ldap_sync_init_refresh_only@OPENLDAP_2.4_2 2.4.7 + ldap_sync_initialize@OPENLDAP_2.4_2 2.4.7 + ldap_sync_poll@OPENLDAP_2.4_2 2.4.7 + ldap_syntax2bv@OPENLDAP_2.4_2 2.4.7 + ldap_syntax2name@OPENLDAP_2.4_2 2.4.7 + ldap_syntax2str@OPENLDAP_2.4_2 2.4.7 + ldap_syntax_free@OPENLDAP_2.4_2 2.4.7 + ldap_tls_inplace@OPENLDAP_2.4_2 2.4.7 + ldap_turn@OPENLDAP_2.4_2 2.4.7 + ldap_turn_s@OPENLDAP_2.4_2 2.4.7 + ldap_ucs_to_utf8s@OPENLDAP_2.4_2 2.4.7 + ldap_unbind@OPENLDAP_2.4_2 2.4.7 + ldap_unbind_ext@OPENLDAP_2.4_2 2.4.7 + ldap_unbind_ext_s@OPENLDAP_2.4_2 2.4.7 + ldap_unbind_s@OPENLDAP_2.4_2 2.4.7 + ldap_url_desc2str@OPENLDAP_2.4_2 2.4.7 + ldap_url_dup@OPENLDAP_2.4_2 2.4.7 + ldap_url_duplist@OPENLDAP_2.4_2 2.4.7 + ldap_url_list2hosts@OPENLDAP_2.4_2 2.4.7 + ldap_url_list2urls@OPENLDAP_2.4_2 2.4.7 + ldap_url_parse@OPENLDAP_2.4_2 2.4.7 + ldap_url_parse_ext@OPENLDAP_2.4_2 2.4.7 + ldap_url_parsehosts@OPENLDAP_2.4_2 2.4.7 + ldap_url_parselist@OPENLDAP_2.4_2 2.4.7 + ldap_url_parselist_ext@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_bytes@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_charlen2@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_charlen@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_chars@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_copy@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_isalnum@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_isalpha@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_isascii@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_isdigit@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_islower@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_isspace@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_isupper@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_isxdigit@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_lentab@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_mintab@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_next@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_offset@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_prev@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_strchr@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_strcspn@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_strpbrk@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_strspn@OPENLDAP_2.4_2 2.4.7 + ldap_utf8_strtok@OPENLDAP_2.4_2 2.4.7 + ldap_value_dup@OPENLDAP_2.4_2 2.4.7 + ldap_value_free@OPENLDAP_2.4_2 2.4.7 + ldap_value_free_len@OPENLDAP_2.4_2 2.4.7 + ldap_whoami@OPENLDAP_2.4_2 2.4.7 + ldap_whoami_s@OPENLDAP_2.4_2 2.4.7 + ldap_x_mb_to_utf8@OPENLDAP_2.4_2 2.4.7 + ldap_x_mbs_to_utf8s@OPENLDAP_2.4_2 2.4.7 + ldap_x_ucs4_to_utf8@OPENLDAP_2.4_2 2.4.7 + ldap_x_utf8_to_mb@OPENLDAP_2.4_2 2.4.7 + ldap_x_utf8_to_ucs4@OPENLDAP_2.4_2 2.4.7 + ldap_x_utf8_to_wc@OPENLDAP_2.4_2 2.4.7 + ldap_x_utf8s_to_mbs@OPENLDAP_2.4_2 2.4.7 + ldap_x_utf8s_to_wcs@OPENLDAP_2.4_2 2.4.7 + ldap_x_wc_to_utf8@OPENLDAP_2.4_2 2.4.7 + ldap_x_wcs_to_utf8s@OPENLDAP_2.4_2 2.4.7 + ldif_close@OPENLDAP_2.4_2 2.4.25 + ldif_countlines@OPENLDAP_2.4_2 2.4.25 + ldif_debug@OPENLDAP_2.4_2 2.4.25 + ldif_fetch_url@OPENLDAP_2.4_2 2.4.25 + ldif_getline@OPENLDAP_2.4_2 2.4.25 + ldif_is_not_printable@OPENLDAP_2.4_2 2.4.25 + ldif_must_b64_encode_register@OPENLDAP_2.4_2 2.4.25 + ldif_must_b64_encode_release@OPENLDAP_2.4_2 2.4.25 + ldif_open@OPENLDAP_2.4_2 2.4.25 + ldif_open_url@OPENLDAP_2.4_2 2.4.25 + ldif_parse_line2@OPENLDAP_2.4_2 2.4.25 + ldif_parse_line@OPENLDAP_2.4_2 2.4.25 + ldif_put@OPENLDAP_2.4_2 2.4.25 + ldif_put_wrap@OPENLDAP_2.4_2 2.4.25 + ldif_read_record@OPENLDAP_2.4_2 2.4.39 + ldif_sput@OPENLDAP_2.4_2 2.4.25 + ldif_sput_wrap@OPENLDAP_2.4_2 2.4.25 diff --git a/debian/libldap-common.install b/debian/libldap-common.install new file mode 100644 index 0000000..b64373e --- /dev/null +++ b/debian/libldap-common.install @@ -0,0 +1 @@ +etc/ldap/ldap.conf diff --git a/debian/libldap-common.manpages b/debian/libldap-common.manpages new file mode 100644 index 0000000..6f9e09c --- /dev/null +++ b/debian/libldap-common.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man5/ldap.conf.5 diff --git a/debian/libldap2-dev.dirs b/debian/libldap2-dev.dirs new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/debian/libldap2-dev.dirs diff --git a/debian/libldap2-dev.install b/debian/libldap2-dev.install new file mode 100644 index 0000000..1b89c2d --- /dev/null +++ b/debian/libldap2-dev.install @@ -0,0 +1,12 @@ +usr/include/lber.h +usr/include/lber_types.h +usr/include/ldap_cdefs.h +usr/include/ldap_features.h +usr/include/ldap.h +usr/include/ldap_schema.h +usr/include/ldap_utf8.h +usr/include/ldif.h +usr/lib/*/liblber.a +usr/lib/*/liblber.so +usr/lib/*/libldap_r.a +usr/lib/*/libldap_r.so diff --git a/debian/libldap2-dev.links.in b/debian/libldap2-dev.links.in new file mode 100644 index 0000000..8ded4da --- /dev/null +++ b/debian/libldap2-dev.links.in @@ -0,0 +1,12 @@ +usr/share/man/man3/lber-encode.3 usr/share/man/man3/ber_put_bitstring.3 +usr/share/man/man3/lber-encode.3 usr/share/man/man3/ber_put_boolean.3 +usr/share/man/man3/lber-encode.3 usr/share/man/man3/ber_start_seq.3 +usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memalloc.3 +usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memcalloc.3 +usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memfree.3 +usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memrealloc.3 +usr/share/man/man3/lber-types.3 usr/share/man/man3/ber_int_t.3 +usr/share/man/man3/lber-types.3 usr/share/man/man3/ber_len_t.3 +usr/share/man/man3/lber-types.3 usr/share/man/man3/ber_tag_t.3 +usr/lib/${DEB_HOST_MULTIARCH}/libldap_r.so usr/lib/${DEB_HOST_MULTIARCH}/libldap.so +usr/lib/${DEB_HOST_MULTIARCH}/libldap_r.a usr/lib/${DEB_HOST_MULTIARCH}/libldap.a diff --git a/debian/libldap2-dev.manpages b/debian/libldap2-dev.manpages new file mode 100644 index 0000000..7c72677 --- /dev/null +++ b/debian/libldap2-dev.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man3/* diff --git a/debian/patches/ITS-8964-Do-not-free-original-filter.patch b/debian/patches/ITS-8964-Do-not-free-original-filter.patch new file mode 100644 index 0000000..7714e0a --- /dev/null +++ b/debian/patches/ITS-8964-Do-not-free-original-filter.patch @@ -0,0 +1,36 @@ +From 0f7ec3a81258bb2c33b5d7c7434ef1c11d7fa7cb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net> +Date: Mon, 17 Jun 2019 12:49:25 +0200 +Subject: [PATCH] ITS#8964 Do not free original filter + +--- + servers/slapd/overlays/rwm.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c +index 36bceaffe..2e24f24cc 100644 +--- a/servers/slapd/overlays/rwm.c ++++ b/servers/slapd/overlays/rwm.c +@@ -125,11 +125,15 @@ rwm_op_rollback( Operation *op, SlapReply *rs, rwm_op_state *ros ) + break; + case LDAP_REQ_SEARCH: + op->o_tmpfree( ros->mapped_attrs, op->o_tmpmemctx ); +- filter_free_x( op, op->ors_filter, 1 ); +- op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); + op->ors_attrs = ros->ors_attrs; +- op->ors_filter = ros->ors_filter; +- op->ors_filterstr = ros->ors_filterstr; ++ if ( op->ors_filter != ros->ors_filter ) { ++ filter_free_x( op, op->ors_filter, 1 ); ++ op->ors_filter = ros->ors_filter; ++ } ++ if ( op->ors_filterstr.bv_val != ros->ors_filterstr.bv_val ) { ++ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx ); ++ op->ors_filterstr = ros->ors_filterstr; ++ } + break; + case LDAP_REQ_EXTENDED: + if ( op->ore_reqdata != ros->ore_reqdata ) { +-- +2.20.1 + diff --git a/debian/patches/ITS-9038-Another-test028-typo.patch b/debian/patches/ITS-9038-Another-test028-typo.patch new file mode 100644 index 0000000..243e200 --- /dev/null +++ b/debian/patches/ITS-9038-Another-test028-typo.patch @@ -0,0 +1,25 @@ +From 0832ec02f0679cf0862dca2cca5280be1e4fdb37 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net> +Date: Thu, 27 Jun 2019 00:45:29 +0200 +Subject: [PATCH] ITS#9038 Another test028 typo + +--- + tests/scripts/test028-idassert | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert +index 564a615d2..dacd68d8f 100755 +--- a/tests/scripts/test028-idassert ++++ b/tests/scripts/test028-idassert +@@ -252,7 +252,7 @@ if test $USE_SASL != "no" ; then + if test $RC != 50 ; then + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS +- exit $RC ++ exit 1 + fi + + echo "Filtering ldapsearch results..." +-- +2.20.1 + diff --git a/debian/patches/ITS-9038-Fix-typo-in-test-script.patch b/debian/patches/ITS-9038-Fix-typo-in-test-script.patch new file mode 100644 index 0000000..72cd9fe --- /dev/null +++ b/debian/patches/ITS-9038-Fix-typo-in-test-script.patch @@ -0,0 +1,25 @@ +From c064d45c5d4551f2321276c3a5ed25b1c08e115d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net> +Date: Mon, 24 Jun 2019 16:37:23 +0200 +Subject: [PATCH] ITS#9038 Fix typo in test script + +--- + tests/scripts/test028-idassert | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert +index 9e5e10724..564a615d2 100755 +--- a/tests/scripts/test028-idassert ++++ b/tests/scripts/test028-idassert +@@ -199,7 +199,7 @@ RC=$? + if test $RC != 1 ; then + echo "ldapwhoami should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS +- exit $RC ++ exit 1 + fi + + ID="uid=jaj,ou=People,dc=example,dc=it" +-- +2.20.1 + diff --git a/debian/patches/ITS-9038-Update-test028-to-test-this-is-enforced.patch b/debian/patches/ITS-9038-Update-test028-to-test-this-is-enforced.patch new file mode 100644 index 0000000..3e8712a --- /dev/null +++ b/debian/patches/ITS-9038-Update-test028-to-test-this-is-enforced.patch @@ -0,0 +1,102 @@ +From ce5869c89a0cf1a9ec23bde014cb4c11f4d0360c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net> +Date: Wed, 19 Jun 2019 18:47:32 +0200 +Subject: [PATCH] ITS#9038 Update test028 to test this is enforced + +--- + tests/data/idassert.out | 5 +++++ + tests/data/slapd-idassert.conf | 1 + + tests/data/test-idassert1.ldif | 6 ++++++ + tests/scripts/test028-idassert | 24 ++++++++++++++++++++++++ + 4 files changed, 36 insertions(+) + +diff --git a/tests/data/idassert.out b/tests/data/idassert.out +index 53d76bb2e..fa51c25d6 100644 +--- a/tests/data/idassert.out ++++ b/tests/data/idassert.out +@@ -4,6 +4,11 @@ objectClass: dcObject + o: Example, Inc. + dc: example + ++dn: cn=Manager,o=Example,c=US ++objectClass: inetOrgPerson ++cn: Manager ++sn: Parson ++ + dn: ou=People,o=Example,c=US + objectClass: organizationalUnit + ou: People +diff --git a/tests/data/slapd-idassert.conf b/tests/data/slapd-idassert.conf +index 88d66a36f..561c5ccc4 100644 +--- a/tests/data/slapd-idassert.conf ++++ b/tests/data/slapd-idassert.conf +@@ -36,6 +36,7 @@ argsfile @TESTDIR@/slapd.1.args + ####################################################################### + + authz-policy both ++authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com" + authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)" + authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)" + authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)" +diff --git a/tests/data/test-idassert1.ldif b/tests/data/test-idassert1.ldif +index 063d6ec45..3ccbd1a22 100644 +--- a/tests/data/test-idassert1.ldif ++++ b/tests/data/test-idassert1.ldif +@@ -4,6 +4,12 @@ objectClass: dcObject + o: Example, Inc. + dc: example + ++dn: cn=Manager,dc=example,dc=com ++objectClass: inetOrgPerson ++cn: Manager ++sn: Parson ++userPassword: secret ++ + dn: ou=People,dc=example,dc=com + objectClass: organizationalUnit + ou: People +diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert +index b1e16744a..9e5e10724 100755 +--- a/tests/scripts/test028-idassert ++++ b/tests/scripts/test028-idassert +@@ -191,6 +191,17 @@ if test $RC != 0 ; then + exit $RC + fi + ++AUTHZID="u:it/jaj" ++echo "Checking another DB's rootdn can't assert identity from another DB..." ++$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -e\!"authzid=$AUTHZID" ++ ++RC=$? ++if test $RC != 1 ; then ++ echo "ldapwhoami should have failed ($RC)!" ++ test $KILLSERVERS != no && kill -HUP $KILLPIDS ++ exit $RC ++fi ++ + ID="uid=jaj,ou=People,dc=example,dc=it" + BASE="o=Example,c=US" + echo "Testing ldapsearch as $ID for \"$BASE\"..." +@@ -231,6 +242,19 @@ if test $USE_SASL != "no" ; then + exit $RC + fi + ++ ID="manager" ++ AUTHZID="u:it/jaj" ++ echo "Checking another DB's rootdn can't assert in another (with SASL bind this time)..." ++ $LDAPSASLWHOAMI -h $LOCALHOST -p $PORT1 \ ++ -Q -U "$ID" -w $PASSWD -Y $MECH -X $AUTHZID ++ ++ RC=$? ++ if test $RC != 50 ; then ++ echo "ldapwhoami should have failed ($RC)!" ++ test $KILLSERVERS != no && kill -HUP $KILLPIDS ++ exit $RC ++ fi ++ + echo "Filtering ldapsearch results..." + $LDIFFILTER < $SEARCHOUT > $SEARCHFLT + echo "Filtering original ldif used to create database..." +-- +2.20.1 + diff --git a/debian/patches/ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch b/debian/patches/ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch new file mode 100644 index 0000000..a63c6fe --- /dev/null +++ b/debian/patches/ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch @@ -0,0 +1,36 @@ +From f120d0e461178b5974694876ba2d2bdba4f7d122 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Wed, 19 Jun 2019 12:29:02 +0100 +Subject: [PATCH] ITS#9038 restrict rootDN proxyauthz to its own DBs. + +Treat as normal user for any other DB. +--- + servers/slapd/saslauthz.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c +index 64c70537d..b3727eafe 100644 +--- a/servers/slapd/saslauthz.c ++++ b/servers/slapd/saslauthz.c +@@ -2062,12 +2062,13 @@ int slap_sasl_authorized( Operation *op, + goto DONE; + } + +- /* Allow the manager to authorize as any DN. */ +- if( op->o_conn->c_authz_backend && +- be_isroot_dn( op->o_conn->c_authz_backend, authcDN )) ++ /* Allow the manager to authorize as any DN in its own DBs. */ + { +- rc = LDAP_SUCCESS; +- goto DONE; ++ Backend *zbe = select_backend( authzDN, 1 ); ++ if ( zbe && be_isroot_dn( zbe, authcDN )) { ++ rc = LDAP_SUCCESS; ++ goto DONE; ++ } + } + + /* Check source rules */ +-- +2.20.1 + diff --git a/debian/patches/ITS-9052-zero-out-sasl_ssf-in-connection_init.patch b/debian/patches/ITS-9052-zero-out-sasl_ssf-in-connection_init.patch new file mode 100644 index 0000000..ec09120 --- /dev/null +++ b/debian/patches/ITS-9052-zero-out-sasl_ssf-in-connection_init.patch @@ -0,0 +1,25 @@ +From 744a46a1acb93798f4e027290191d6a11dd4c18c Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Wed, 10 Jul 2019 21:29:39 +0100 +Subject: [PATCH] ITS#9052 zero out sasl_ssf in connection_init + +--- + servers/slapd/connection.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c +index b85bcb4c6..704067c55 100644 +--- a/servers/slapd/connection.c ++++ b/servers/slapd/connection.c +@@ -554,7 +554,7 @@ Connection * connection_init( + c->c_close_reason = "?"; /* should never be needed */ + + c->c_ssf = c->c_transport_ssf = ssf; +- c->c_tls_ssf = 0; ++ c->c_tls_ssf = c->c_sasl_ssf = 0; + + #ifdef HAVE_TLS + if ( flags & CONN_IS_TLS ) { +-- +2.20.1 + diff --git a/debian/patches/ITS-9202-limit-depth-of-nested-filters.patch b/debian/patches/ITS-9202-limit-depth-of-nested-filters.patch new file mode 100644 index 0000000..8c547d1 --- /dev/null +++ b/debian/patches/ITS-9202-limit-depth-of-nested-filters.patch @@ -0,0 +1,125 @@ +From 45c18dbd0b2e91841e642ffbe835c46f189f19ee Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Thu, 16 Apr 2020 01:08:19 +0100 +Subject: [PATCH] ITS#9202 limit depth of nested filters + +Using a hardcoded limit for now; no reasonable apps +should ever run into it. +--- + servers/slapd/filter.c | 41 ++++++++++++++++++++++++++++++++--------- + 1 file changed, 32 insertions(+), 9 deletions(-) + +diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c +index cf5ae3daef..e397bebe87 100644 +--- a/servers/slapd/filter.c ++++ b/servers/slapd/filter.c +@@ -37,11 +37,16 @@ + const Filter *slap_filter_objectClass_pres; + const struct berval *slap_filterstr_objectClass_pres; + ++#ifndef SLAPD_MAX_FILTER_DEPTH ++#define SLAPD_MAX_FILTER_DEPTH 5000 ++#endif ++ + static int get_filter_list( + Operation *op, + BerElement *ber, + Filter **f, +- const char **text ); ++ const char **text, ++ int depth ); + + static int get_ssa( + Operation *op, +@@ -80,12 +85,13 @@ filter_destroy( void ) + return; + } + +-int +-get_filter( ++static int ++get_filter0( + Operation *op, + BerElement *ber, + Filter **filt, +- const char **text ) ++ const char **text, ++ int depth ) + { + ber_tag_t tag; + ber_len_t len; +@@ -126,6 +132,11 @@ get_filter( + * + */ + ++ if( depth > SLAPD_MAX_FILTER_DEPTH ) { ++ *text = "filter nested too deeply"; ++ return SLAPD_DISCONNECT; ++ } ++ + tag = ber_peek_tag( ber, &len ); + + if( tag == LBER_ERROR ) { +@@ -221,7 +232,7 @@ get_filter( + + case LDAP_FILTER_AND: + Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); +- err = get_filter_list( op, ber, &f.f_and, text ); ++ err = get_filter_list( op, ber, &f.f_and, text, depth+1 ); + if ( err != LDAP_SUCCESS ) { + break; + } +@@ -234,7 +245,7 @@ get_filter( + + case LDAP_FILTER_OR: + Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); +- err = get_filter_list( op, ber, &f.f_or, text ); ++ err = get_filter_list( op, ber, &f.f_or, text, depth+1 ); + if ( err != LDAP_SUCCESS ) { + break; + } +@@ -248,7 +259,7 @@ get_filter( + case LDAP_FILTER_NOT: + Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); + (void) ber_skip_tag( ber, &len ); +- err = get_filter( op, ber, &f.f_not, text ); ++ err = get_filter0( op, ber, &f.f_not, text, depth+1 ); + if ( err != LDAP_SUCCESS ) { + break; + } +@@ -311,10 +322,22 @@ get_filter( + return( err ); + } + ++int ++get_filter( ++ Operation *op, ++ BerElement *ber, ++ Filter **filt, ++ const char **text ) ++{ ++ return get_filter0( op, ber, filt, text, 0 ); ++} ++ ++ + static int + get_filter_list( Operation *op, BerElement *ber, + Filter **f, +- const char **text ) ++ const char **text, ++ int depth ) + { + Filter **new; + int err; +@@ -328,7 +351,7 @@ get_filter_list( Operation *op, BerElement *ber, + tag != LBER_DEFAULT; + tag = ber_next_element( ber, &len, last ) ) + { +- err = get_filter( op, ber, new, text ); ++ err = get_filter0( op, ber, new, text, depth ); + if ( err != LDAP_SUCCESS ) + return( err ); + new = &(*new)->f_next; +-- +2.20.1 + diff --git a/debian/patches/ITS-9370-check-for-equality-rule-on-old_rdn.patch b/debian/patches/ITS-9370-check-for-equality-rule-on-old_rdn.patch new file mode 100644 index 0000000..832e41a --- /dev/null +++ b/debian/patches/ITS-9370-check-for-equality-rule-on-old_rdn.patch @@ -0,0 +1,27 @@ +From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 19 Oct 2020 14:03:41 +0100 +Subject: [PATCH] ITS#9370 check for equality rule on old_rdn + +Just skip normalization if there's no equality rule. We accept +DNs without equality rules already. +--- + servers/slapd/modrdn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c +index c73dd8dbaa..a22975540c 100644 +--- a/servers/slapd/modrdn.c ++++ b/servers/slapd/modrdn.c +@@ -505,7 +505,7 @@ slap_modrdn2mods( + mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value ); + mod_tmp->sml_values[1].bv_val = NULL; +- if( desc->ad_type->sat_equality->smr_normalize) { ++ if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) { + mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); + (void) (*desc->ad_type->sat_equality->smr_normalize)( + SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, +-- +2.20.1 + diff --git a/debian/patches/ITS-9383-remove-assert-in-certificateListValidate.patch b/debian/patches/ITS-9383-remove-assert-in-certificateListValidate.patch new file mode 100644 index 0000000..7000fc2 --- /dev/null +++ b/debian/patches/ITS-9383-remove-assert-in-certificateListValidate.patch @@ -0,0 +1,26 @@ +From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 2 Nov 2020 13:12:10 +0000 +Subject: [PATCH] ITS#9383 remove assert in certificateListValidate + +--- + servers/slapd/schema_init.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index ea0d67aa62..28f9e71a16 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in ) + /* Optional version */ + if ( tag == LBER_INTEGER ) { + tag = ber_get_int( ber, &version ); +- assert( tag == LBER_INTEGER ); +- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; ++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; + } + tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */ + if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; +-- +2.20.1 + diff --git a/debian/patches/ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch b/debian/patches/ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch new file mode 100644 index 0000000..96f5b67 --- /dev/null +++ b/debian/patches/ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch @@ -0,0 +1,27 @@ +From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 2 Nov 2020 16:01:14 +0000 +Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23() + +--- + servers/slapd/schema_init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 5812bc4b66..ea0d67aa62 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -5327,8 +5327,8 @@ csnNormalize23( + } + *ptr = '\0'; + +- assert( ptr == &bv.bv_val[bv.bv_len] ); +- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { ++ if ( ptr != &bv.bv_val[bv.bv_len] || ++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + +-- +2.20.1 + diff --git a/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch b/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch new file mode 100644 index 0000000..de25ed2 --- /dev/null +++ b/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch @@ -0,0 +1,58 @@ +From 38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 23 Nov 2020 17:14:00 +0000 +Subject: [PATCH] ITS#9404 fix serialNumberAndIssuerCheck + +Tighten validity checks +--- + servers/slapd/schema_init.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 834f54593d..5b577607de 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -3193,7 +3193,7 @@ serialNumberAndIssuerCheck( + + if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX; + +- if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) { ++ if( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) { + /* Parse old format */ + is->bv_val = ber_bvchr( in, '$' ); + if( BER_BVISNULL( is ) ) return LDAP_INVALID_SYNTAX; +@@ -3224,7 +3224,7 @@ serialNumberAndIssuerCheck( + HAVE_ALL = ( HAVE_ISSUER | HAVE_SN ) + } have = HAVE_NONE; + +- int numdquotes = 0; ++ int numdquotes = 0, gotquote; + struct berval x = *in; + struct berval ni; + x.bv_val++; +@@ -3266,11 +3266,12 @@ serialNumberAndIssuerCheck( + is->bv_val = x.bv_val; + is->bv_len = 0; + +- for ( ; is->bv_len < x.bv_len; ) { ++ for ( gotquote=0; is->bv_len < x.bv_len; ) { + if ( is->bv_val[is->bv_len] != '"' ) { + is->bv_len++; + continue; + } ++ gotquote = 1; + if ( is->bv_val[is->bv_len+1] == '"' ) { + /* double dquote */ + numdquotes++; +@@ -3279,6 +3280,8 @@ serialNumberAndIssuerCheck( + } + break; + } ++ if ( !gotquote ) return LDAP_INVALID_SYNTAX; ++ + x.bv_val += is->bv_len + 1; + x.bv_len -= is->bv_len + 1; + +-- +2.20.1 + diff --git a/debian/patches/ITS-9406-9407-remove-saslauthz-asserts.patch b/debian/patches/ITS-9406-9407-remove-saslauthz-asserts.patch new file mode 100644 index 0000000..a6f085c --- /dev/null +++ b/debian/patches/ITS-9406-9407-remove-saslauthz-asserts.patch @@ -0,0 +1,69 @@ +From 6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Fri, 27 Nov 2020 14:37:10 +0000 +Subject: [PATCH 1/2] ITS#9406, #9407 remove saslauthz asserts + +--- + servers/slapd/saslauthz.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c +index e05f3f9cf6..2e59eb5598 100644 +--- a/servers/slapd/saslauthz.c ++++ b/servers/slapd/saslauthz.c +@@ -180,14 +180,16 @@ int slap_parse_user( struct berval *id, struct berval *user, + } + + if ( !BER_BVISNULL( mech ) ) { +- assert( mech->bv_val == id->bv_val + 2 ); ++ if ( mech->bv_val != id->bv_val + 2 ) ++ return LDAP_PROTOCOL_ERROR; + + AC_MEMCPY( mech->bv_val - 2, mech->bv_val, mech->bv_len + 1 ); + mech->bv_val -= 2; + } + + if ( !BER_BVISNULL( realm ) ) { +- assert( realm->bv_val >= id->bv_val + 2 ); ++ if ( realm->bv_val < id->bv_val + 2 ) ++ return LDAP_PROTOCOL_ERROR; + + AC_MEMCPY( realm->bv_val - 2, realm->bv_val, realm->bv_len + 1 ); + realm->bv_val -= 2; +@@ -449,9 +451,12 @@ is_dn: bv.bv_len = in->bv_len - ( bv.bv_val - in->bv_val ); + } + + /* Grab the searchbase */ +- assert( ludp->lud_dn != NULL ); +- ber_str2bv( ludp->lud_dn, 0, 0, &bv ); +- rc = dnValidate( NULL, &bv ); ++ if ( ludp->lud_dn != NULL ) { ++ ber_str2bv( ludp->lud_dn, 0, 0, &bv ); ++ rc = dnValidate( NULL, &bv ); ++ } else { ++ rc = LDAP_INVALID_SYNTAX; ++ } + + done: + ldap_free_urldesc( ludp ); +@@ -813,7 +818,6 @@ is_dn: bv.bv_len = val->bv_len - ( bv.bv_val - val->bv_val ); + } + + /* Grab the searchbase */ +- assert( ludp->lud_dn != NULL ); + if ( ludp->lud_dn ) { + struct berval out = BER_BVNULL; + +@@ -831,6 +835,9 @@ is_dn: bv.bv_len = val->bv_len - ( bv.bv_val - val->bv_val ); + } + + ludp->lud_dn = out.bv_val; ++ } else { ++ rc = LDAP_INVALID_SYNTAX; ++ goto done; + } + + ludp->lud_port = 0; +-- +2.20.1 + diff --git a/debian/patches/ITS-9406-fix-debug-msg.patch b/debian/patches/ITS-9406-fix-debug-msg.patch new file mode 100644 index 0000000..92fc31e --- /dev/null +++ b/debian/patches/ITS-9406-fix-debug-msg.patch @@ -0,0 +1,33 @@ +From 02dfc32d658fadc25e4040f78e36592f6e1e1ca0 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Fri, 27 Nov 2020 14:48:26 +0000 +Subject: [PATCH 2/2] ITS#9406 fix debug msg + +--- + servers/slapd/saslauthz.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c +index 2e59eb5598..982fe3120d 100644 +--- a/servers/slapd/saslauthz.c ++++ b/servers/slapd/saslauthz.c +@@ -488,6 +488,7 @@ authzPrettyNormal( + + assert( val != NULL ); + assert( !BER_BVISNULL( val ) ); ++ BER_BVZERO( normalized ); + + /* + * 2) dn[.{exact|children|subtree|onelevel}]:{*|<DN>} +@@ -906,7 +907,7 @@ authzPretty( + rc = authzPrettyNormal( val, out, ctx, 0 ); + + Debug( LDAP_DEBUG_TRACE, "<<< authzPretty: <%s> (%d)\n", +- out->bv_val, rc, 0 ); ++ out->bv_val ? out->bv_val : "(null)" , rc, 0 ); + + return rc; + } +-- +2.20.1 + diff --git a/debian/patches/ITS-9408-fix-vrfilter-double-free.patch b/debian/patches/ITS-9408-fix-vrfilter-double-free.patch new file mode 100644 index 0000000..c4f1295 --- /dev/null +++ b/debian/patches/ITS-9408-fix-vrfilter-double-free.patch @@ -0,0 +1,28 @@ +From 21981053a1195ae1555e23df4d9ac68d34ede9dd Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Sat, 28 Nov 2020 15:54:17 +0000 +Subject: [PATCH] ITS#9408 fix vrfilter double-free + +--- + servers/slapd/controls.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c +index 3455319406..28fa64eb06 100644 +--- a/servers/slapd/controls.c ++++ b/servers/slapd/controls.c +@@ -1578,7 +1578,10 @@ static int parseValuesReturnFilter ( + } else { + send_ldap_result( op, rs ); + } +- if( op->o_vrFilter != NULL) vrFilter_free( op, op->o_vrFilter ); ++ if( op->o_vrFilter != NULL) { ++ vrFilter_free( op, op->o_vrFilter ); ++ op->o_vrFilter = NULL; ++ } + } + #ifdef LDAP_DEBUG + else { +-- +2.20.1 + diff --git a/debian/patches/ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch b/debian/patches/ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch new file mode 100644 index 0000000..cae29b7 --- /dev/null +++ b/debian/patches/ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch @@ -0,0 +1,25 @@ +From c0b61a9486508e5202aa2e0cfb68c9813731b439 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 30 Nov 2020 11:45:46 +0000 +Subject: [PATCH 2/2] ITS#9409 saslauthz: use ch_free on normalized DN + +--- + servers/slapd/saslauthz.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c +index 982fe3120d..cc5a292de7 100644 +--- a/servers/slapd/saslauthz.c ++++ b/servers/slapd/saslauthz.c +@@ -860,7 +860,7 @@ done: + + if ( lud_dn ) { + if ( ludp->lud_dn != lud_dn ) { +- ber_memfree( ludp->lud_dn ); ++ ch_free( ludp->lud_dn ); + } + ludp->lud_dn = lud_dn; + } +-- +2.20.1 + diff --git a/debian/patches/ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch b/debian/patches/ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch new file mode 100644 index 0000000..8a2a3fd --- /dev/null +++ b/debian/patches/ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch @@ -0,0 +1,25 @@ +From 554dff1927176579d652f2fe60c90e9abbad4c65 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 30 Nov 2020 16:20:18 +0000 +Subject: [PATCH] ITS#9409 saslauthz: use slap_sl_free in prev commit + +--- + servers/slapd/saslauthz.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c +index cc5a292de7..4a9420b37c 100644 +--- a/servers/slapd/saslauthz.c ++++ b/servers/slapd/saslauthz.c +@@ -860,7 +860,7 @@ done: + + if ( lud_dn ) { + if ( ludp->lud_dn != lud_dn ) { +- ch_free( ludp->lud_dn ); ++ slap_sl_free( ludp->lud_dn, ctx ); + } + ludp->lud_dn = lud_dn; + } +-- +2.20.1 + diff --git a/debian/patches/ITS-9411-fix-thisUpdate-check.patch b/debian/patches/ITS-9411-fix-thisUpdate-check.patch new file mode 100644 index 0000000..20a39ea --- /dev/null +++ b/debian/patches/ITS-9411-fix-thisUpdate-check.patch @@ -0,0 +1,25 @@ +From 4dfeac8655d964442c00be7e69ee180cc19d1e92 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Tue, 1 Dec 2020 18:02:51 +0000 +Subject: [PATCH] ITS#9411 fix thisUpdate check + +--- + servers/slapd/schema_init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 9049c1878d..2780d630e8 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -3885,7 +3885,7 @@ issuerAndThisUpdateCheck( + /* empty */; + } + +- if ( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; ++ if ( !x.bv_len || x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX; + x.bv_val++; + x.bv_len--; + +-- +2.20.1 + diff --git a/debian/patches/ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch b/debian/patches/ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch new file mode 100644 index 0000000..b7e32cc --- /dev/null +++ b/debian/patches/ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch @@ -0,0 +1,42 @@ +From 5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Tue, 1 Dec 2020 18:32:35 +0000 +Subject: [PATCH] ITS#9412 fix AVA_Sort on invalid RDN + +--- + servers/slapd/dn.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c +index 06698b089e..7a095ba9e9 100644 +--- a/servers/slapd/dn.c ++++ b/servers/slapd/dn.c +@@ -233,6 +233,7 @@ AVA_Sort( LDAPRDN rdn, int nAVAs ) + { + LDAPAVA *ava_i; + int i; ++ int rc = LDAP_SUCCESS; + + assert( rdn != NULL ); + +@@ -250,7 +251,7 @@ AVA_Sort( LDAPRDN rdn, int nAVAs ) + /* RFC4512 does not allow multiple AVAs + * with the same attribute type in RDN (ITS#5968) */ + if ( a == 0 ) +- return LDAP_INVALID_DN_SYNTAX; ++ rc = LDAP_INVALID_DN_SYNTAX; + + if ( a > 0 ) + break; +@@ -259,7 +260,7 @@ AVA_Sort( LDAPRDN rdn, int nAVAs ) + } + rdn[ j+1 ] = ava_i; + } +- return LDAP_SUCCESS; ++ return rc; + } + + static int +-- +2.20.1 + diff --git a/debian/patches/ITS-9413-fix-slap_parse_user.patch b/debian/patches/ITS-9413-fix-slap_parse_user.patch new file mode 100644 index 0000000..7d620e7 --- /dev/null +++ b/debian/patches/ITS-9413-fix-slap_parse_user.patch @@ -0,0 +1,38 @@ +From d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Tue, 1 Dec 2020 19:03:24 +0000 +Subject: [PATCH] ITS#9413 fix slap_parse_user + +--- + servers/slapd/saslauthz.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c +index 4a9420b37c..b17f34a211 100644 +--- a/servers/slapd/saslauthz.c ++++ b/servers/slapd/saslauthz.c +@@ -156,10 +156,9 @@ int slap_parse_user( struct berval *id, struct berval *user, + user->bv_val++; + user->bv_len = id->bv_len - ( user->bv_val - id->bv_val ); + +- mech->bv_val = ber_bvchr( id, '.' ); +- if ( !BER_BVISNULL( mech ) ) { +- mech->bv_val[ 0 ] = '\0'; +- mech->bv_val++; ++ if ( id->bv_val[1] == '.' ) { ++ id->bv_val[1] = '\0'; ++ mech->bv_val = id->bv_val + 2; + mech->bv_len = user->bv_val - mech->bv_val - 1; + + realm->bv_val = ber_bvchr( mech, '/' ); +@@ -172,6 +171,7 @@ int slap_parse_user( struct berval *id, struct berval *user, + } + + } else { ++ BER_BVZERO( mech ); + BER_BVZERO( realm ); + } + +-- +2.20.1 + diff --git a/debian/patches/ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch b/debian/patches/ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch new file mode 100644 index 0000000..321a57a --- /dev/null +++ b/debian/patches/ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch @@ -0,0 +1,48 @@ +From 8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Sun, 13 Dec 2020 21:48:45 +0000 +Subject: [PATCH] ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN + count + +--- + libraries/libldap/tls2.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c +index ca5a44ab0c..e0c82fa9f8 100644 +--- a/libraries/libldap/tls2.c ++++ b/libraries/libldap/tls2.c +@@ -1254,6 +1254,12 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, + } + } + ++ /* Rewind and prepare to extract */ ++ ber_rewind( ber ); ++ tag = ber_first_element( ber, &len, &dn_end ); ++ if ( tag == LBER_DEFAULT ) ++ return LDAP_DECODING_ERROR; ++ + /* Allocate the DN/RDN/AVA stuff as a single block */ + dnsize = sizeof(LDAPRDN) * (nrdns+1); + dnsize += sizeof(LDAPAVA *) * (navas+nrdns); +@@ -1265,16 +1271,12 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, + } else { + newDN = (LDAPDN)(char *)ptrs; + } +- ++ + newDN[nrdns] = NULL; + newRDN = (LDAPRDN)(newDN + nrdns+1); + newAVA = (LDAPAVA *)(newRDN + navas + nrdns); + baseAVA = newAVA; + +- /* Rewind and start extracting */ +- ber_rewind( ber ); +- +- tag = ber_first_element( ber, &len, &dn_end ); + for ( i = nrdns - 1; i >= 0; i-- ) { + newDN[i] = newRDN; + +-- +2.20.1 + diff --git a/debian/patches/ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch b/debian/patches/ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch new file mode 100644 index 0000000..9874446 --- /dev/null +++ b/debian/patches/ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch @@ -0,0 +1,25 @@ +From 58c1748e81c843c5b6e61648d2a4d1d82b47e842 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 14 Dec 2020 19:03:27 +0000 +Subject: [PATCH] ITS#9424 fix serialNumberAndIssuerSerialCheck + +--- + servers/slapd/schema_init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index d697fa108c..e035c1a6a7 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -4302,7 +4302,7 @@ serialNumberAndIssuerSerialCheck( + if ( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX; + + /* no old format */ +- if ( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX; ++ if ( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX; + + x.bv_val++; + x.bv_len -= 2; +-- +2.20.1 + diff --git a/debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch b/debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch new file mode 100644 index 0000000..618eb3d --- /dev/null +++ b/debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch @@ -0,0 +1,45 @@ +From 4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 14 Dec 2020 20:05:44 +0000 +Subject: [PATCH] ITS#9425 add more checks to ldap_X509dn2bv + +--- + libraries/libldap/tls2.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c +index e0c82fa9f8..193d20fdfa 100644 +--- a/libraries/libldap/tls2.c ++++ b/libraries/libldap/tls2.c +@@ -1248,6 +1248,8 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, + for ( tag = ber_first_element( ber, &len, &rdn_end ); + tag == LBER_SEQUENCE; + tag = ber_next_element( ber, &len, rdn_end )) { ++ if ( rdn_end > dn_end ) ++ return LDAP_DECODING_ERROR; + tag = ber_skip_tag( ber, &len ); + ber_skip_data( ber, len ); + navas++; +@@ -1257,7 +1259,7 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func, + /* Rewind and prepare to extract */ + ber_rewind( ber ); + tag = ber_first_element( ber, &len, &dn_end ); +- if ( tag == LBER_DEFAULT ) ++ if ( tag != LBER_SET ) + return LDAP_DECODING_ERROR; + + /* Allocate the DN/RDN/AVA stuff as a single block */ +@@ -1370,6 +1372,10 @@ allocd: + /* X.690 bitString value converted to RFC4517 Bit String */ + rc = der_to_ldap_BitString( &Val, &newAVA->la_value ); + goto allocd; ++ case LBER_DEFAULT: ++ /* decode error */ ++ rc = LDAP_DECODING_ERROR; ++ goto nomem; + default: + /* Not a string type at all */ + newAVA->la_flags = 0; +-- +2.20.1 + diff --git a/debian/patches/ITS-9427-fix-issuerAndThisUpdateCheck.patch b/debian/patches/ITS-9427-fix-issuerAndThisUpdateCheck.patch new file mode 100644 index 0000000..3f6ddfb --- /dev/null +++ b/debian/patches/ITS-9427-fix-issuerAndThisUpdateCheck.patch @@ -0,0 +1,25 @@ +From 91dccd25c347733b365adc74cb07d074512ed5ad Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Wed, 16 Dec 2020 18:52:42 +0000 +Subject: [PATCH] ITS#9427 fix issuerAndThisUpdateCheck + +--- + servers/slapd/schema_init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index e035c1a6a7..cc7c816937 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -3809,7 +3809,7 @@ issuerAndThisUpdateCheck( + + if ( in->bv_len < STRLENOF( "{issuer \"\",thisUpdate \"YYMMDDhhmmssZ\"}" ) ) return LDAP_INVALID_SYNTAX; + +- if ( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) { ++ if ( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) { + return LDAP_INVALID_SYNTAX; + } + +-- +2.20.1 + diff --git a/debian/patches/ITS-9428-fix-cancel-exop.patch b/debian/patches/ITS-9428-fix-cancel-exop.patch new file mode 100644 index 0000000..65e2026 --- /dev/null +++ b/debian/patches/ITS-9428-fix-cancel-exop.patch @@ -0,0 +1,28 @@ +From 9d0e8485f3113505743baabf1167e01e4558ccf5 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Sun, 20 Dec 2020 21:31:15 +0000 +Subject: [PATCH] ITS#9428 fix cancel exop + +--- + servers/slapd/cancel.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/servers/slapd/cancel.c b/servers/slapd/cancel.c +index 2060312900..b972b18fc3 100644 +--- a/servers/slapd/cancel.c ++++ b/servers/slapd/cancel.c +@@ -65,6 +65,11 @@ int cancel_extop( Operation *op, SlapReply *rs ) + return LDAP_PROTOCOL_ERROR; + } + ++ if ( opid == op->o_msgid ) { ++ op->o_cancel = SLAP_CANCEL_DONE; ++ return LDAP_SUCCESS; ++ } ++ + ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); + + if ( op->o_abandon ) { +-- +2.20.1 + diff --git a/debian/patches/ITS-9454-fix-issuerAndThisUpdateCheck.patch b/debian/patches/ITS-9454-fix-issuerAndThisUpdateCheck.patch new file mode 100644 index 0000000..a9b724a --- /dev/null +++ b/debian/patches/ITS-9454-fix-issuerAndThisUpdateCheck.patch @@ -0,0 +1,25 @@ +From 9badb73425a67768c09bcaed1a9c26c684af6c30 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Sat, 6 Feb 2021 20:52:06 +0000 +Subject: [PATCH] ITS#9454 fix issuerAndThisUpdateCheck + +--- + servers/slapd/schema_init.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 31be1154ef..8b1e255393 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -3900,6 +3900,8 @@ issuerAndThisUpdateCheck( + break; + } + } ++ if ( tu->bv_len < STRLENOF("YYYYmmddHHmmssZ") ) return LDAP_INVALID_SYNTAX; ++ + x.bv_val += tu->bv_len + 1; + x.bv_len -= tu->bv_len + 1; + +-- +2.20.1 + diff --git a/debian/patches/ITS-9815-slapd-sql-escape-filter-values.patch b/debian/patches/ITS-9815-slapd-sql-escape-filter-values.patch new file mode 100644 index 0000000..28e681d --- /dev/null +++ b/debian/patches/ITS-9815-slapd-sql-escape-filter-values.patch @@ -0,0 +1,268 @@ +From 87df6c19915042430540931d199a39105544a134 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Wed, 23 Mar 2022 12:43:31 +0000 +Subject: [PATCH] ITS#9815 slapd-sql: escape filter values + +--- + servers/slapd/back-sql/search.c | 123 +++++++++++++++++++++++++++----- + 1 file changed, 105 insertions(+), 18 deletions(-) + +--- a/servers/slapd/back-sql/search.c ++++ b/servers/slapd/back-sql/search.c +@@ -63,6 +63,38 @@ + ID *lastid ); + #endif /* ! BACKSQL_ARBITRARY_KEY */ + ++/* Look for chars that need to be escaped, return count of them. ++ * If out is non-NULL, copy escape'd val to it. ++ */ ++static int ++backsql_val_escape( Operation *op, struct berval *in, struct berval *out ) ++{ ++ char *ptr, *end; ++ int q = 0; ++ ++ ptr = in->bv_val; ++ end = ptr + in->bv_len; ++ while (ptr < end) { ++ if ( *ptr == '\'' ) ++ q++; ++ ptr++; ++ } ++ if ( q && out ) { ++ char *dst; ++ out->bv_len = in->bv_len + q; ++ out->bv_val = op->o_tmpalloc( out->bv_len + 1, op->o_tmpmemctx ); ++ ptr = in->bv_val; ++ dst = out->bv_val; ++ while (ptr < end ) { ++ if ( *ptr == '\'' ) ++ *dst++ = '\''; ++ *dst++ = *ptr++; ++ } ++ *dst = '\0'; ++ } ++ return q; ++} ++ + static int + backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad ) + { +@@ -429,6 +461,8 @@ + backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private; + int i; + int casefold = 0; ++ int escaped = 0; ++ struct berval escval, *fvalue; + + if ( !f ) { + return 0; +@@ -462,50 +496,68 @@ + + BER_BVZERO( &bv ); + if ( f->f_sub_initial.bv_val ) { +- bv.bv_len += f->f_sub_initial.bv_len; ++ bv.bv_len += f->f_sub_initial.bv_len + backsql_val_escape( NULL, &f->f_sub_initial, NULL ); + } + if ( f->f_sub_any != NULL ) { + for ( a = 0; f->f_sub_any[ a ].bv_val != NULL; a++ ) { +- bv.bv_len += f->f_sub_any[ a ].bv_len; ++ bv.bv_len += f->f_sub_any[ a ].bv_len + backsql_val_escape( NULL, &f->f_sub_any[ a ], NULL ); + } + } + if ( f->f_sub_final.bv_val ) { +- bv.bv_len += f->f_sub_final.bv_len; ++ bv.bv_len += f->f_sub_final.bv_len + backsql_val_escape( NULL, &f->f_sub_final, NULL ); + } + bv.bv_len = 2 * bv.bv_len - 1; + bv.bv_val = ch_malloc( bv.bv_len + 1 ); + + s = 0; + if ( !BER_BVISNULL( &f->f_sub_initial ) ) { +- bv.bv_val[ s ] = f->f_sub_initial.bv_val[ 0 ]; +- for ( i = 1; i < f->f_sub_initial.bv_len; i++ ) { ++ fvalue = &f->f_sub_initial; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; ++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ]; ++ for ( i = 1; i < fvalue->bv_len; i++ ) { + bv.bv_val[ s + 2 * i - 1 ] = '%'; +- bv.bv_val[ s + 2 * i ] = f->f_sub_initial.bv_val[ i ]; ++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ]; + } + bv.bv_val[ s + 2 * i - 1 ] = '%'; + s += 2 * i; ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + } + + if ( f->f_sub_any != NULL ) { + for ( a = 0; !BER_BVISNULL( &f->f_sub_any[ a ] ); a++ ) { +- bv.bv_val[ s ] = f->f_sub_any[ a ].bv_val[ 0 ]; +- for ( i = 1; i < f->f_sub_any[ a ].bv_len; i++ ) { ++ fvalue = &f->f_sub_any[ a ]; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; ++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ]; ++ for ( i = 1; i < fvalue->bv_len; i++ ) { + bv.bv_val[ s + 2 * i - 1 ] = '%'; +- bv.bv_val[ s + 2 * i ] = f->f_sub_any[ a ].bv_val[ i ]; ++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ]; + } + bv.bv_val[ s + 2 * i - 1 ] = '%'; + s += 2 * i; ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + } + } + + if ( !BER_BVISNULL( &f->f_sub_final ) ) { +- bv.bv_val[ s ] = f->f_sub_final.bv_val[ 0 ]; +- for ( i = 1; i < f->f_sub_final.bv_len; i++ ) { ++ fvalue = &f->f_sub_final; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; ++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ]; ++ for ( i = 1; i < fvalue->bv_len; i++ ) { + bv.bv_val[ s + 2 * i - 1 ] = '%'; +- bv.bv_val[ s + 2 * i ] = f->f_sub_final.bv_val[ i ]; ++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ]; + } +- bv.bv_val[ s + 2 * i - 1 ] = '%'; ++ bv.bv_val[ s + 2 * i - 1 ] = '%'; + s += 2 * i; ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + } + + bv.bv_val[ s - 1 ] = '\0'; +@@ -561,11 +613,17 @@ + f->f_sub_initial.bv_val, 0 ); + #endif /* BACKSQL_TRACE */ + ++ fvalue = &f->f_sub_initial; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; + start = bsi->bsi_flt_where.bb_val.bv_len; + backsql_strfcat_x( &bsi->bsi_flt_where, + bsi->bsi_op->o_tmpmemctx, + "b", +- &f->f_sub_initial ); ++ fvalue ); ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { + ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); + } +@@ -586,12 +644,18 @@ + i, f->f_sub_any[ i ].bv_val ); + #endif /* BACKSQL_TRACE */ + ++ fvalue = &f->f_sub_any[ i ]; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; + start = bsi->bsi_flt_where.bb_val.bv_len; + backsql_strfcat_x( &bsi->bsi_flt_where, + bsi->bsi_op->o_tmpmemctx, + "bc", +- &f->f_sub_any[ i ], ++ fvalue, + '%' ); ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { + /* + * Note: toupper('%') = '%' +@@ -611,11 +675,17 @@ + f->f_sub_final.bv_val, 0 ); + #endif /* BACKSQL_TRACE */ + ++ fvalue = &f->f_sub_final; ++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval ); ++ if ( escaped ) ++ fvalue = &escval; + start = bsi->bsi_flt_where.bb_val.bv_len; + backsql_strfcat_x( &bsi->bsi_flt_where, + bsi->bsi_op->o_tmpmemctx, + "b", +- &f->f_sub_final ); ++ fvalue ); ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); + if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) { + ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] ); + } +@@ -1183,6 +1253,8 @@ + struct berval *filter_value = NULL; + MatchingRule *matching_rule = NULL; + struct berval ordering = BER_BVC("<="); ++ struct berval escval; ++ int escaped = 0; + + Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter_attr(%s)\n", + at->bam_ad->ad_cname.bv_val, 0, 0 ); +@@ -1237,6 +1309,10 @@ + casefold = 1; + } + ++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval ); ++ if ( escaped ) ++ filter_value = &escval; ++ + /* FIXME: directoryString filtering should use a similar + * approach to deal with non-prettified values like + * " A non prettified value ", by using a LIKE +@@ -1317,6 +1393,10 @@ + casefold = 1; + } + ++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval ); ++ if ( escaped ) ++ filter_value = &escval; ++ + /* + * FIXME: should we uppercase the operands? + */ +@@ -1350,7 +1430,7 @@ + &at->bam_sel_expr, + &ordering, + '\'', +- &f->f_av_value, ++ filter_value, + (ber_len_t)STRLENOF( /* (' */ "')" ), + /* ( */ "')" ); + } +@@ -1374,13 +1454,17 @@ + case LDAP_FILTER_APPROX: + /* we do our best */ + ++ filter_value = &f->f_av_value; ++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval ); ++ if ( escaped ) ++ filter_value = &escval; + /* + * maybe we should check type of at->sel_expr here somehow, + * to know whether upper_func is applicable, but for now + * upper_func stuff is made for Oracle, where UPPER is + * safely applicable to NUMBER etc. + */ +- (void)backsql_process_filter_like( bsi, at, 1, &f->f_av_value ); ++ (void)backsql_process_filter_like( bsi, at, 1, filter_value ); + break; + + default: +@@ -1394,6 +1478,9 @@ + + } + ++ if ( escaped ) ++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx ); ++ + Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter_attr(%s)\n", + at->bam_ad->ad_cname.bv_val, 0, 0 ); + diff --git a/debian/patches/ITS6035-olcauthzregex-needs-restart.patch b/debian/patches/ITS6035-olcauthzregex-needs-restart.patch new file mode 100644 index 0000000..acd3c6f --- /dev/null +++ b/debian/patches/ITS6035-olcauthzregex-needs-restart.patch @@ -0,0 +1,13 @@ +--- a/doc/man/man5/slapd-config.5 ++++ b/doc/man/man5/slapd-config.5 +@@ -409,6 +409,10 @@ + and replacement patterns. The matching patterns are checked in the order they + appear in the attribute, stopping at the first successful match. + ++Note that changes to ++.B olcAuthzRegexp ++take effect the next time the server is started, not immediately upon ++changing the configuration. + .\".B Caution: + .\"Because the plus sign + is a character recognized by the regular expression engine, + .\"and it will appear in names that include a REALM, be careful to escape the diff --git a/debian/patches/add-tlscacert-option-to-ldap-conf b/debian/patches/add-tlscacert-option-to-ldap-conf new file mode 100644 index 0000000..e8e731a --- /dev/null +++ b/debian/patches/add-tlscacert-option-to-ldap-conf @@ -0,0 +1,10 @@ +--- a/libraries/libldap/ldap.conf ++++ b/libraries/libldap/ldap.conf +@@ -11,3 +11,7 @@ + #SIZELIMIT 12 + #TIMELIMIT 15 + #DEREF never ++ ++# TLS certificates (needed for GnuTLS) ++TLS_CACERT /etc/ssl/certs/ca-certificates.crt ++ diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles new file mode 100644 index 0000000..07256ba --- /dev/null +++ b/debian/patches/contrib-makefiles @@ -0,0 +1,159 @@ +--- a/contrib/slapd-modules/passwd/Makefile ++++ b/contrib/slapd-modules/passwd/Makefile +@@ -13,7 +13,7 @@ + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) + +-PROGRAMS = pw-kerberos.la pw-netscape.la pw-radius.la pw-apr1.la ++PROGRAMS = pw-netscape.la pw-apr1.la + LTVER = 0:0:0 + + prefix=/usr/local +@@ -27,24 +27,24 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + pw-kerberos.la: kerberos.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? -lkrb5 + + pw-netscape.la: netscape.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? + + pw-radius.la: radius.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? -lradius + + pw-apr1.la: apr1.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? + + clean: +--- a/contrib/slapd-modules/passwd/pbkdf2/Makefile ++++ b/contrib/slapd-modules/passwd/pbkdf2/Makefile +@@ -12,7 +12,7 @@ + #DEFS = -DSLAPD_PBKDF2_DEBUG + + INCS = $(LDAP_INC) +-LIBS = $(LDAP_LIB) -lcrypto ++LIBS = $(LDAP_LIB) -lnettle + + PROGRAMS = pw-pbkdf2.la + LTVER = 0:0:0 +@@ -30,12 +30,12 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + pw-pbkdf2.la: pw-pbkdf2.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: +--- a/contrib/slapd-modules/smbk5pwd/Makefile ++++ b/contrib/slapd-modules/smbk5pwd/Makefile +@@ -19,10 +19,10 @@ + $(LDAP_BUILD)/libraries/liblber/liblber.la + + SSL_INC = +-SSL_LIB = -lcrypto ++SSL_LIB = -lnettle + +-HEIMDAL_INC = -I/usr/heimdal/include +-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++HEIMDAL_INC = $(shell krb5-config.heimdal --cflags kadm-server) ++HEIMDAL_LIB = $(shell krb5-config.heimdal --libs kadm-server) + + LIBTOOL = $(LDAP_BUILD)/libtool + CC = gcc +@@ -30,7 +30,8 @@ + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. + DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW + INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) +-LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB) ++# put /usr/lib/heimdal before /usr/lib in case libkrb5-dev is installed, #745356 ++LIBS = $(HEIMDAL_LIB) $(LDAP_LIB) $(SSL_LIB) + + PROGRAMS = smbk5pwd.la + LTVER = 0:0:0 +@@ -46,12 +47,12 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + smbk5pwd.la: smbk5pwd.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: +--- a/contrib/slapd-modules/autogroup/Makefile ++++ b/contrib/slapd-modules/autogroup/Makefile +@@ -27,12 +27,12 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + autogroup.la: autogroup.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: +--- a/contrib/slapd-modules/lastbind/Makefile ++++ b/contrib/slapd-modules/lastbind/Makefile +@@ -37,12 +37,12 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + lastbind.la: lastbind.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: +--- a/contrib/slapd-modules/passwd/sha2/Makefile ++++ b/contrib/slapd-modules/passwd/sha2/Makefile +@@ -28,12 +28,12 @@ + .SUFFIXES: .c .o .lo + + .c.lo: +- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $< + + all: $(PROGRAMS) + + pw-sha2.la: slapd-sha2.lo sha2.lo +- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \ + -rpath $(moduledir) -module -o $@ $? $(LIBS) + + clean: diff --git a/debian/patches/do-not-second-guess-sonames b/debian/patches/do-not-second-guess-sonames new file mode 100644 index 0000000..bbf099c --- /dev/null +++ b/debian/patches/do-not-second-guess-sonames @@ -0,0 +1,68 @@ +Rip out code that second-guesses the libsasl soname / Debian shlibs. If +cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream +there, not kludged around upstream here! + +Debian bug #546885 + +Upstream ITS #6302 filed. + +--- a/libraries/libldap/cyrus.c ++++ b/libraries/libldap/cyrus.c +@@ -74,28 +74,6 @@ + */ + int ldap_int_sasl_init( void ) + { +-#ifdef HAVE_SASL_VERSION +- /* stringify the version number, sasl.h doesn't do it for us */ +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ +- SASL_VERSION_STEP) +- { int rc; +- sasl_version( NULL, &rc ); +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || +- (rc & 0xffff) < SASL_VERSION_STEP) { +- char version[sizeof("xxx.xxx.xxxxx")]; +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, +- rc & 0xffff ); +- +- Debug( LDAP_DEBUG_ANY, +- "ldap_int_sasl_init: SASL library version mismatch:" +- " expected " SASL_VERSION_STRING "," +- " got %s\n", version, 0, 0 ); +- return -1; +- } +- } +-#endif + + /* SASL 2 takes care of its own memory completely internally */ + #if SASL_VERSION_MAJOR < 2 && !defined(CSRIMALLOC) +--- a/servers/slapd/sasl.c ++++ b/servers/slapd/sasl.c +@@ -1145,26 +1145,6 @@ int slap_sasl_init( void ) + #endif + + #ifdef HAVE_CYRUS_SASL +-#ifdef HAVE_SASL_VERSION +- /* stringify the version number, sasl.h doesn't do it for us */ +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ +- SASL_VERSION_STEP) +- +- sasl_version( NULL, &rc ); +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || +- (rc & 0xffff) < SASL_VERSION_STEP) +- { +- char version[sizeof("xxx.xxx.xxxxx")]; +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, +- rc & 0xffff ); +- Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version mismatch:" +- " expected %s, got %s\n", +- SASL_VERSION_STRING, version, 0 ); +- return -1; +- } +-#endif + + sasl_set_mutex( + ldap_pvt_sasl_mutex_new, diff --git a/debian/patches/evolution-ntlm b/debian/patches/evolution-ntlm new file mode 100644 index 0000000..cd9bc26 --- /dev/null +++ b/debian/patches/evolution-ntlm @@ -0,0 +1,222 @@ +Patch from evolution-exchange (2.10.3). The ldap_ntlm_bind function is +actually called by evolution-data-server, checked at version 1.12.2. +Without this patch, the Exchange addressbook integration uses simple binds +with cleartext passwords. + +Russ checked with openldap-software for upstream's opinion on this patch +on 2007-12-21. Upstream had never received it as a patch submission and +given that it's apparently only for older Exchange servers that can't do +SASL and DIGEST-MD5, it's not very appealing. + +Bug#457374 filed against evolution-data-server asking if this support is +still required on 2007-12-21. + +--- a/include/ldap.h ++++ b/include/ldap.h +@@ -2517,5 +2517,25 @@ ldap_parse_deref_control LDAP_P(( + LDAPControl **ctrls, + LDAPDerefRes **drp )); + ++/* ++ * hacks for NTLM ++ */ ++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU) ++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU) ++LDAP_F( int ) ++ldap_ntlm_bind LDAP_P(( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp )); ++LDAP_F( int ) ++ldap_parse_ntlm_bind_result LDAP_P(( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge)); ++ + LDAP_END_DECL + #endif /* _LDAP_H */ +--- /dev/null ++++ b/libraries/libldap/ntlm.c +@@ -0,0 +1,138 @@ ++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */ ++/* ++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. ++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file ++ */ ++ ++/* Mostly copied from sasl.c */ ++ ++#include "portable.h" ++ ++#include <stdlib.h> ++#include <stdio.h> ++ ++#include <ac/socket.h> ++#include <ac/string.h> ++#include <ac/time.h> ++#include <ac/errno.h> ++ ++#include "ldap-int.h" ++ ++int ++ldap_ntlm_bind( ++ LDAP *ld, ++ LDAP_CONST char *dn, ++ ber_tag_t tag, ++ struct berval *cred, ++ LDAPControl **sctrls, ++ LDAPControl **cctrls, ++ int *msgidp ) ++{ ++ BerElement *ber; ++ int rc; ++ ber_int_t id; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( msgidp != NULL ); ++ ++ if( msgidp == NULL ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ /* create a message to send */ ++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ assert( LBER_VALID( ber ) ); ++ ++ LDAP_NEXT_MSGID( ld, id ); ++ rc = ber_printf( ber, "{it{istON}" /*}*/, ++ id, LDAP_REQ_BIND, ++ ld->ld_version, dn, tag, ++ cred ); ++ ++ /* Put Server Controls */ ++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) { ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) { ++ ld->ld_errno = LDAP_ENCODING_ERROR; ++ ber_free( ber, 1 ); ++ return ld->ld_errno; ++ } ++ ++ /* send the message */ ++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ); ++ ++ if(*msgidp < 0) ++ return ld->ld_errno; ++ ++ return LDAP_SUCCESS; ++} ++ ++int ++ldap_parse_ntlm_bind_result( ++ LDAP *ld, ++ LDAPMessage *res, ++ struct berval *challenge) ++{ ++ ber_int_t errcode; ++ ber_tag_t tag; ++ BerElement *ber; ++ ber_len_t len; ++ ++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 ); ++ ++ assert( ld != NULL ); ++ assert( LDAP_VALID( ld ) ); ++ assert( res != NULL ); ++ ++ if ( ld == NULL || res == NULL ) { ++ return LDAP_PARAM_ERROR; ++ } ++ ++ if( res->lm_msgtype != LDAP_RES_BIND ) { ++ ld->ld_errno = LDAP_PARAM_ERROR; ++ return ld->ld_errno; ++ } ++ ++ if ( ld->ld_error ) { ++ LDAP_FREE( ld->ld_error ); ++ ld->ld_error = NULL; ++ } ++ if ( ld->ld_matched ) { ++ LDAP_FREE( ld->ld_matched ); ++ ld->ld_matched = NULL; ++ } ++ ++ /* parse results */ ++ ++ ber = ber_dup( res->lm_ber ); ++ ++ if( ber == NULL ) { ++ ld->ld_errno = LDAP_NO_MEMORY; ++ return ld->ld_errno; ++ } ++ ++ tag = ber_scanf( ber, "{ioa" /*}*/, ++ &errcode, challenge, &ld->ld_error ); ++ ber_free( ber, 0 ); ++ ++ if( tag == LBER_ERROR ) { ++ ld->ld_errno = LDAP_DECODING_ERROR; ++ return ld->ld_errno; ++ } ++ ++ ld->ld_errno = errcode; ++ ++ return( ld->ld_errno ); ++} ++ +--- a/libraries/libldap/Makefile.in ++++ b/libraries/libldap/Makefile.in +@@ -27,7 +27,7 @@ SRCS = bind.c open.c result.c error.c co + init.c options.c print.c string.c util-int.c schema.c \ + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ + tls2.c tls_o.c tls_g.c tls_m.c \ +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ + assertion.c deref.c ldif.c fetch.c + + OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \ +@@ -40,7 +40,7 @@ OBJS = bind.lo open.lo result.lo error.l + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ + assertion.lo deref.lo ldif.lo fetch.lo + + LDAP_INCDIR= ../../include +--- a/libraries/libldap_r/Makefile.in ++++ b/libraries/libldap_r/Makefile.in +@@ -29,7 +29,7 @@ XXSRCS = apitest.c test.c \ + init.c options.c print.c string.c util-int.c schema.c \ + charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \ + tls2.c tls_o.c tls_g.c tls_m.c \ +- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \ ++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \ + assertion.c deref.c ldif.c fetch.c + SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \ + thr_posix.c thr_cthreads.c thr_thr.c thr_nt.c \ +@@ -47,7 +47,7 @@ OBJS = threads.lo rdwr.lo rmutex.lo tpoo + init.lo options.lo print.lo string.lo util-int.lo schema.lo \ + charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \ + tls2.lo tls_o.lo tls_g.lo tls_m.lo \ +- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \ ++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \ + assertion.lo deref.lo ldif.lo fetch.lo + + LDAP_INCDIR= ../../include diff --git a/debian/patches/fix-build-top-mk b/debian/patches/fix-build-top-mk new file mode 100644 index 0000000..418fe35 --- /dev/null +++ b/debian/patches/fix-build-top-mk @@ -0,0 +1,11 @@ +--- a/build/top.mk ++++ b/build/top.mk +@@ -20,7 +20,7 @@ + RELEASEDATE= @OPENLDAP_RELEASE_DATE@ + + @SET_MAKE@ +-SHELL = /bin/sh ++SHELL = @SHELL@ + + top_builddir = @top_builddir@ + diff --git a/debian/patches/getaddrinfo-is-threadsafe b/debian/patches/getaddrinfo-is-threadsafe new file mode 100644 index 0000000..ab6e2b7 --- /dev/null +++ b/debian/patches/getaddrinfo-is-threadsafe @@ -0,0 +1,43 @@ +Author: Steve Langasek <vorlon@debian.org> + +OpenLDAP upstream conservatively assumes that certain resolver functions +(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we +know that the glibc implementations of these functions are thread-safe, so +we should bypass the use of this mutex. This fixes a locking problem when +an application uses libldap and libnss-ldap is also used for hosts +resolution. + +Closes Debian bug #340601. + +Not suitable for forwarding upstream; might be made suitable by adding a +configure-time check for glibc and disabling the mutex only on known +thread-safe implementations. + +--- a/libraries/libldap/os-ip.c ++++ b/libraries/libldap/os-ip.c +@@ -602,13 +602,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf * + hints.ai_socktype = socktype; + snprintf(serv, sizeof serv, "%d", port ); + +- /* most getaddrinfo(3) use non-threadsafe resolver libraries */ +- LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex); +- + err = getaddrinfo( host, serv, &hints, &res ); +- +- LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex); +- + if ( err != 0 ) { + osip_debug(ld, "ldap_connect_to_host: getaddrinfo failed: %s\n", + AC_GAI_STRERROR(err), 0, 0); +--- a/libraries/libldap/util-int.c ++++ b/libraries/libldap/util-int.c +@@ -431,9 +431,7 @@ int ldap_pvt_get_hname( + int rc; + #if defined( HAVE_GETNAMEINFO ) + +- LDAP_MUTEX_LOCK( &ldap_int_resolv_mutex ); + rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 ); +- LDAP_MUTEX_UNLOCK( &ldap_int_resolv_mutex ); + if ( rc ) *err = (char *)AC_GAI_STRERROR( rc ); + return rc; + diff --git a/debian/patches/index-files-created-as-root b/debian/patches/index-files-created-as-root new file mode 100644 index 0000000..47fc88a --- /dev/null +++ b/debian/patches/index-files-created-as-root @@ -0,0 +1,37 @@ +Document in the man page that slapindex should be run as the same user +as slapd, and print a warning if it's run as root (since Debian defaults +to running slapd as openldap). + +Not suitable for upstream in this form. This patch needs to be reworked +to check the BerkeleyDB database ownership and only warn if running as +root with a database that's not owned by root. + +Upstream ITS #5356 filed requesting better handling of this. Current +upstream discussion leans towards putting the check into the database +backend and aborting if slapd is run as a different user than the database +owner, which is an even better fix. + +--- a/doc/man/man8/slapindex.8 ++++ b/doc/man/man8/slapindex.8 +@@ -148,6 +148,10 @@ + should not be running (at least, not in read-write + mode) when you do this to ensure consistency of the database. + .LP ++slapindex ought to be run as the user specified for ++.BR slapd (8) ++to ensure correct database permissions. ++.LP + This command provides ample opportunity for the user to obtain + and drink their favorite beverage. + .SH EXAMPLES +--- a/servers/slapd/slapindex.c ++++ b/servers/slapd/slapindex.c +@@ -34,6 +34,8 @@ + int + slapindex( int argc, char **argv ) + { ++ if (geteuid() == 0) ++ fprintf( stderr, "\nWARNING!\nRunnig as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n"); + ID id; + int rc = EXIT_SUCCESS; + const char *progname = "slapindex"; diff --git a/debian/patches/lastbind-makefile-manpage b/debian/patches/lastbind-makefile-manpage new file mode 100644 index 0000000..66e5a79 --- /dev/null +++ b/debian/patches/lastbind-makefile-manpage @@ -0,0 +1,46 @@ +--- a/contrib/slapd-modules/lastbind/Makefile ++++ b/contrib/slapd-modules/lastbind/Makefile +@@ -17,6 +17,7 @@ + $(LDAP_BUILD)/libraries/liblber/liblber.la + + LIBTOOL = $(LDAP_BUILD)/libtool ++INSTALL = /usr/bin/install + CC = gcc + OPT = -g -O2 -Wall + DEFS = -DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC +@@ -25,6 +26,7 @@ + + PROGRAMS = lastbind.la + LTVER = 0:0:0 ++MANPAGES = slapo-lastbind.5 + + prefix=/usr/local + exec_prefix=$(prefix) +@@ -33,6 +35,8 @@ + libdir=$(exec_prefix)/lib + libexecdir=$(exec_prefix)/libexec + moduledir = $(libexecdir)$(ldap_subdir) ++mandir = $(exec_prefix)/share/man ++man5dir = $(mandir)/man5 + + .SUFFIXES: .c .o .lo + +@@ -48,9 +52,17 @@ + clean: + rm -rf *.o *.lo *.la .libs + +-install: $(PROGRAMS) ++install: install-lib install-man FORCE ++ ++install-lib: $(PROGRAMS) + mkdir -p $(DESTDIR)$(moduledir) + for p in $(PROGRAMS) ; do \ + $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \ + done + ++install-man: $(MANPAGES) ++ mkdir -p $(DESTDIR)$(man5dir) ++ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir) ++ ++FORCE: ++ diff --git a/debian/patches/ldap-conf-tls-cacertdir b/debian/patches/ldap-conf-tls-cacertdir new file mode 100644 index 0000000..e8aab91 --- /dev/null +++ b/debian/patches/ldap-conf-tls-cacertdir @@ -0,0 +1,29 @@ +--- a/doc/man/man5/ldap.conf.5 ++++ b/doc/man/man5/ldap.conf.5 +@@ -317,7 +317,7 @@ certificates in separate individual file + .B TLS_CACERT + is always used before + .B TLS_CACERTDIR. +-This parameter is ignored with GnuTLS. ++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS. + + When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key + database. If <path> contains a Mozilla NSS cert/key database and +@@ -428,7 +428,7 @@ This parameter is ignored with GnuTLS. + Specifies the file to obtain random bits from when /dev/[u]random is + not available. Generally set to the name of the EGD/PRNGD socket. + The environment variable RANDFILE can also be used to specify the filename. +-This parameter is ignored with GnuTLS and Mozilla NSS. ++This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS. + .TP + .B TLS_REQCERT <level> + Specifies what checks to perform on server certificates in a TLS session, +@@ -461,7 +461,7 @@ Specifies if the Certificate Revocation + used to verify if the server certificates have not been revoked. This + requires + .B TLS_CACERTDIR +-parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. ++parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS. + .B <level> + can be specified as one of the following keywords: + .RS diff --git a/debian/patches/ldapi-socket-place b/debian/patches/ldapi-socket-place new file mode 100644 index 0000000..a482bbf --- /dev/null +++ b/debian/patches/ldapi-socket-place @@ -0,0 +1,16 @@ +Move the ldapi socket to /var/run/slapd from /var/run, since /var/run +is only writable by root and slapd runs as openldap. + +Debian-specific. + +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -39,7 +39,7 @@ + #define LDAP_ENV_PREFIX "LDAP" + + /* default ldapi:// socket */ +-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" ++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "slapd" LDAP_DIRSEP "ldapi" + + /* + * SLAPD DEFINITIONS diff --git a/debian/patches/libldap-symbol-versions b/debian/patches/libldap-symbol-versions new file mode 100644 index 0000000..fb28f49 --- /dev/null +++ b/debian/patches/libldap-symbol-versions @@ -0,0 +1,161 @@ +Add symbol versioning to the public LDAP libraries. This is required for +library transitions, such as the current transition from 2.1 to 2.4, +since programs will sometimes have both libraries loaded by different +dependency chains during the transition. + +Not yet contributed upstream. + +Upstream ITS #5365 filed requesting symbol versioning for libldap and +libber. + +--- a/libraries/libldap_r/Makefile.in ++++ b/libraries/libldap_r/Makefile.in +@@ -61,6 +61,9 @@ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) + XXXLIBS = $(LTHREAD_LIBS) + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) + UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS) ++ifneq (,$(VERSION_OPTION)) ++ VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map" ++endif + + .links : Makefile + @for i in $(XXSRCS); do \ +--- a/build/top.mk ++++ b/build/top.mk +@@ -104,6 +104,9 @@ LTFLAGS_MOD = $(@PLAT@_LTFLAGS_MOD) + # LINK_LIBS referenced in library and module link commands. + LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS) + ++# option to pass to $(CC) to support library symbol versioning, if any ++VERSION_OPTION = @VERSION_OPTION@ ++ + LTSTATIC = @LTSTATIC@ + + LTLINK = $(LIBTOOL) --mode=link \ +@@ -113,7 +116,7 @@ LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB) + $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c + + LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \ +- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) ++ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(VERSION_FLAGS) + + LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \ + $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c +--- a/build/openldap.m4 ++++ b/build/openldap.m4 +@@ -1136,3 +1136,54 @@ AC_DEFUN([OL_SSL_COMPAT], + #endif + ], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])]) + ]) ++ ++dnl ==================================================================== ++dnl check for symbol versioning support ++AC_DEFUN([OL_SYMBOL_VERSIONING], ++[AC_CACHE_CHECK([for .symver assembler directive], ++ [ol_cv_asm_symver_directive],[ ++cat > conftest.s <<EOF ++${libc_cv_dot_text} ++_sym: ++.symver _sym,sym@VERS ++EOF ++if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then ++ ol_cv_asm_symver_directive=yes ++else ++ ol_cv_asm_symver_directive=no ++fi ++rm -f conftest*]) ++AC_CACHE_CHECK([for ld --version-script], ++ [ol_cv_ld_version_script_option],[ ++if test $ol_cv_asm_symver_directive = yes; then ++ cat > conftest.s <<EOF ++${libc_cv_dot_text} ++_sym: ++.symver _sym,sym@VERS ++EOF ++ cat > conftest.map <<EOF ++VERS_1 { ++ global: sym; ++}; ++ ++VERS_2 { ++ global: sym; ++} VERS_1; ++EOF ++ if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then ++ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared ++ -o conftest.so conftest.o ++ -Wl,--version-script,conftest.map ++ 1>&AS_MESSAGE_LOG_FD]); ++ then ++ ol_cv_ld_version_script_option=yes ++ else ++ ol_cv_ld_version_script_option=no ++ fi ++ else ++ ol_cv_ld_version_script_option=no ++ fi ++else ++ ol_cv_ld_version_script_option=no ++fi ++rm -f conftest*])]) +--- a/configure.in ++++ b/configure.in +@@ -1909,6 +1909,13 @@ else + fi + AC_SUBST(LTSTATIC)dnl + ++VERSION_OPTION="" ++OL_SYMBOL_VERSIONING ++if test $ol_cv_ld_version_script_option = yes ; then ++ VERSION_OPTION="-Wl,--version-script=" ++fi ++AC_SUBST(VERSION_OPTION) ++ + dnl ---------------------------------------------------------------- + if test $ol_enable_wrappers != no ; then + AC_CHECK_HEADERS(tcpd.h,[ +--- /dev/null ++++ b/libraries/libldap/libldap.map +@@ -0,0 +1,7 @@ ++OPENLDAP_2.4_2 { ++ global: ++ ldap_*; ++ ldif_*; ++ local: ++ *; ++}; +--- a/libraries/libldap/Makefile.in ++++ b/libraries/libldap/Makefile.in +@@ -52,6 +52,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $( + XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS) + NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) + UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) ++ifneq (,$(VERSION_OPTION)) ++ VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map ++endif + + apitest: $(XLIBS) apitest.o + $(LTLINK) -o $@ apitest.o $(LIBS) +--- a/libraries/liblber/Makefile.in ++++ b/libraries/liblber/Makefile.in +@@ -38,6 +38,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A) + XXLIBS = + NT_LINK_LIBS = $(AC_LIBS) + UNIX_LINK_LIBS = $(AC_LIBS) ++ifneq (,$(VERSION_OPTION)) ++ VERSION_FLAGS = "$(VERSION_OPTION)$(srcdir)/liblber.map" ++endif + + dtest: $(XLIBS) dtest.o + $(LTLINK) -o $@ dtest.o $(LIBS) +--- /dev/null ++++ b/libraries/liblber/liblber.map +@@ -0,0 +1,8 @@ ++OPENLDAP_2.4_2 { ++ global: ++ ber_*; ++ der_alloc; ++ lutil_*; ++ local: ++ *; ++}; diff --git a/debian/patches/man-slapd b/debian/patches/man-slapd new file mode 100644 index 0000000..5f55137 --- /dev/null +++ b/debian/patches/man-slapd @@ -0,0 +1,60 @@ +Patch the slapd man page to not refer to a header file that isn't +installed with the slapd package and to reference the correct path +for slapd. + +Debian-specific. + +--- a/doc/man/man8/slapd.8 ++++ b/doc/man/man8/slapd.8 +@@ -5,7 +5,7 @@ + .SH NAME + slapd \- Stand-alone LDAP Daemon + .SH SYNOPSIS +-.B LIBEXECDIR/slapd ++.B /usr/sbin/slapd + [\c + .BR \-4 | \-6 ] + [\c +@@ -103,11 +103,10 @@ + will not fork or disassociate from the invoking terminal. Some general + operation and status messages are printed for any value of \fIdebug-level\fP. + \fIdebug-level\fP is taken as a bit string, with each bit corresponding to a +-different kind of debugging information. See <ldap_log.h> for details. +-Comma-separated arrays of friendly names can be specified to select +-debugging output of the corresponding debugging information. +-All the names recognized by the \fIloglevel\fP directive +-described in \fBslapd.conf\fP(5) are supported. ++different kind of debugging information. Comma-separated arrays of friendly ++names can be specified to select debugging output of the corresponding ++debugging information. All the names recognized by the \fIloglevel\fP ++directive described in \fBslapd.conf\fP(5) are supported. + If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed, + and slapd exits. + +@@ -317,7 +316,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd ++ /usr/sbin/slapd + .ft + .fi + .LP +@@ -328,7 +327,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255 ++ /usr/sbin/slapd \-f /var/tmp/slapd.conf \-d 255 + .ft + .fi + .LP +@@ -336,7 +335,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-Tt ++ /usr/sbin/slapd \-Tt + .ft + .fi + .LP diff --git a/debian/patches/no-AM_INIT_AUTOMAKE b/debian/patches/no-AM_INIT_AUTOMAKE new file mode 100644 index 0000000..0976036 --- /dev/null +++ b/debian/patches/no-AM_INIT_AUTOMAKE @@ -0,0 +1,25 @@ +Description: don't use AM_INIT_AUTOMAKE macro when we aren't using automake + Calling AM_INIT_AUTOMAKE() in configure.in serves no purpose if we're not + using automake, and it confuses autoreconf. Use AC_INIT() instead. +Author: Steve Langasek <vorlon@debian.org> + +--- a/configure.in ++++ b/configure.in +@@ -26,7 +26,8 @@ dnl Configure.in for OpenLDAP + AC_COPYRIGHT([[Copyright 1998-2018 The OpenLDAP Foundation. All rights reserved. + Restrictions apply, see COPYRIGHT and LICENSE files.]]) + AC_REVISION([$Id: 2a4d29f78fa5f6b25f2c5cecac2126fcc3bd8623 $]) +-AC_INIT([OpenLDAP],,[http://www.openldap.org/its/]) ++AC_INIT([OpenLDAP],[$OL_VERSION],[http://www.openldap.org/its/]) ++AC_PROG_MAKE_SET + m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>]) + AC_CONFIG_SRCDIR(build/version.sh)dnl + dnl ---------------------------------------------------------------- +@@ -69,7 +70,6 @@ dnl Determine host platform + dnl we try not to use this for much + AC_CANONICAL_TARGET([]) + +-AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl + AC_SUBST(PACKAGE)dnl + AC_SUBST(VERSION)dnl + AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package) diff --git a/debian/patches/no-bdb-ABI-second-guessing b/debian/patches/no-bdb-ABI-second-guessing new file mode 100644 index 0000000..db76aa7 --- /dev/null +++ b/debian/patches/no-bdb-ABI-second-guessing @@ -0,0 +1,42 @@ +Author: Steve Langasek <vorlon@debian.org> +Description: don't second-guess BDB ABI + OpenLDAP upstream conservatively assumes that any change to the version + number of libdb can result in an API-breaking change that could impact + the database. In Debian, we know that such changes require bumping the + library soname and changing the package name, and demand such rigor from + our package maintainers even when upstreams don't deliver; so any such + check in the source code works against the packaging system by forcing + database upgrades when we know none are required. Disable this check + so we rely on the packaging system to do its job. +Bug-Debian: http://bugs.debian.org/651333 +Forwarded: not-needed + +--- a/servers/slapd/back-bdb/init.c ++++ b/servers/slapd/back-bdb/init.c +@@ -762,7 +762,7 @@ bdb_back_initialize( + bi->bi_controls = controls; + + { /* version check */ +- int major, minor, patch, ver; ++ int major, minor, patch; + char *version = db_version( &major, &minor, &patch ); + #ifdef HAVE_EBCDIC + char v2[1024]; +@@ -776,17 +776,6 @@ bdb_back_initialize( + version = v2; + #endif + +- ver = (major << 24) | (minor << 16) | patch; +- if( ver != DB_VERSION_FULL ) { +- /* fail if a versions don't match */ +- Debug( LDAP_DEBUG_ANY, +- LDAP_XSTRING(bdb_back_initialize) ": " +- "BDB library version mismatch:" +- " expected " DB_VERSION_STRING "," +- " got %s\n", version, 0, 0 ); +- return -1; +- } +- + Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_back_initialize) + ": %s\n", version, 0, 0 ); + } diff --git a/debian/patches/no-gnutls_global_set_mutex b/debian/patches/no-gnutls_global_set_mutex new file mode 100644 index 0000000..c81f926 --- /dev/null +++ b/debian/patches/no-gnutls_global_set_mutex @@ -0,0 +1,77 @@ +Description: Do not call gnutls_global_set_mutex() + Since GnuTLS moved to implicit initialization on library load, calling + this function deinitializes GnuTLS and then re-initializes it. + . + When GnuTLS uses /dev/urandom as an entropy source (getrandom() not + available, or older versions of GnuTLS), and the application closed all + file descriptors at startup, this could result in GnuTLS opening + /dev/urandom over one of the application's file descriptors when + re-initialized. + . + Additionally, the custom mutex functions are never reset, so if libldap + is unloaded (for example via dlclose()) after calling this, its code + may be unmapped and the application could crash when GnuTLS calls the + mutex functions. + . + The default behaviour of GnuTLS, using pthreads, should be suitable on + all Debian systems, and is probably the same as what libldap uses + anyway. +Author: Ryan Tandy <ryan@nardis.ca> +Bug-Debian: https://bugs.debian.org/803197 +Forwarded: no + +--- a/libraries/libldap/tls_g.c ++++ b/libraries/libldap/tls_g.c +@@ -67,51 +67,10 @@ + + #ifdef LDAP_R_COMPILE + +-static int +-tlsg_mutex_init( void **priv ) +-{ +- int err = 0; +- ldap_pvt_thread_mutex_t *lock = LDAP_MALLOC( sizeof( ldap_pvt_thread_mutex_t )); +- +- if ( !lock ) +- err = ENOMEM; +- if ( !err ) { +- err = ldap_pvt_thread_mutex_init( lock ); +- if ( err ) +- LDAP_FREE( lock ); +- else +- *priv = lock; +- } +- return err; +-} +- +-static int +-tlsg_mutex_destroy( void **lock ) +-{ +- int err = ldap_pvt_thread_mutex_destroy( *lock ); +- LDAP_FREE( *lock ); +- return err; +-} +- +-static int +-tlsg_mutex_lock( void **lock ) +-{ +- return ldap_pvt_thread_mutex_lock( *lock ); +-} +- +-static int +-tlsg_mutex_unlock( void **lock ) +-{ +- return ldap_pvt_thread_mutex_unlock( *lock ); +-} +- + static void + tlsg_thr_init( void ) + { +- gnutls_global_set_mutex (tlsg_mutex_init, +- tlsg_mutex_destroy, +- tlsg_mutex_lock, +- tlsg_mutex_unlock); ++ /* do nothing */ + } + #endif /* LDAP_R_COMPILE */ + diff --git a/debian/patches/sasl-default-path b/debian/patches/sasl-default-path new file mode 100644 index 0000000..6d5c7b0 --- /dev/null +++ b/debian/patches/sasl-default-path @@ -0,0 +1,55 @@ +Add /etc/ldap/sasl2 to the SASL configuration search path. + +Not submitted upstream. Somewhat Debian-specific and probably not of +interest upstream. + +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -63,4 +63,6 @@ + /* dn of the default "monitor" subentry */ + #define SLAPD_MONITOR_DN "cn=Monitor" + ++#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP "sasl2" ++ + #endif /* _LDAP_CONFIG_H */ +--- a/servers/slapd/sasl.c ++++ b/servers/slapd/sasl.c +@@ -1103,12 +1103,38 @@ static const rewrite_mapper slapd_mapper + }; + #endif + ++static int ++slap_sasl_getconfpath( void * context, char ** path ) ++{ ++ char * sasl_default_configpath; ++ size_t len; ++ ++#if SASL_VERSION_MAJOR >= 2 ++ sasl_default_configpath = "/usr/lib/sasl2"; ++#else ++ sasl_default_configpath = "/usr/lib/sasl"; ++#endif ++ ++ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ + ++ strlen(sasl_default_configpath) + 1 /* \0 */; ++ *path = malloc( len ); ++ if ( *path == NULL ) ++ return SASL_FAIL; ++ ++ if (snprintf( *path, len, "%s:%s", SASL_CONFIGPATH, ++ sasl_default_configpath ) != len-1 ) ++ return SASL_FAIL; ++ ++ return SASL_OK; ++} ++ + int slap_sasl_init( void ) + { + #ifdef HAVE_CYRUS_SASL + int rc; + static sasl_callback_t server_callbacks[] = { + { SASL_CB_LOG, (slap_sasl_cb_ft)&slap_sasl_log, NULL }, ++ { SASL_CB_GETCONFPATH, (slap_sasl_cb_ft)&slap_sasl_getconfpath, NULL }, + { SASL_CB_GETOPT, (slap_sasl_cb_ft)&slap_sasl_getopt, NULL }, + { SASL_CB_LIST_END, NULL, NULL } + }; diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..85497de --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,48 @@ +man-slapd +evolution-ntlm +slapi-errorlog-file +ldapi-socket-place +wrong-database-location +index-files-created-as-root +sasl-default-path +libldap-symbol-versions +getaddrinfo-is-threadsafe +do-not-second-guess-sonames +contrib-makefiles +smbk5pwd-makefile-manpage +lastbind-makefile-manpage +ldap-conf-tls-cacertdir +add-tlscacert-option-to-ldap-conf +fix-build-top-mk +no-AM_INIT_AUTOMAKE +switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff +no-bdb-ABI-second-guessing +ITS6035-olcauthzregex-needs-restart.patch +set-maintainer-name +no-gnutls_global_set_mutex +ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch +ITS-9038-Update-test028-to-test-this-is-enforced.patch +ITS-9038-Fix-typo-in-test-script.patch +ITS-9038-Another-test028-typo.patch +ITS-9052-zero-out-sasl_ssf-in-connection_init.patch +ITS-8964-Do-not-free-original-filter.patch +ITS-9202-limit-depth-of-nested-filters.patch +ITS-9370-check-for-equality-rule-on-old_rdn.patch +ITS-9383-remove-assert-in-certificateListValidate.patch +ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch +ITS-9404-fix-serialNumberAndIssuerCheck.patch +ITS-9406-9407-remove-saslauthz-asserts.patch +ITS-9406-fix-debug-msg.patch +ITS-9408-fix-vrfilter-double-free.patch +ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch +ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch +ITS-9411-fix-thisUpdate-check.patch +ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch +ITS-9413-fix-slap_parse_user.patch +ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch +ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch +ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch +ITS-9427-fix-issuerAndThisUpdateCheck.patch +ITS-9428-fix-cancel-exop.patch +ITS-9454-fix-issuerAndThisUpdateCheck.patch +ITS-9815-slapd-sql-escape-filter-values.patch diff --git a/debian/patches/set-maintainer-name b/debian/patches/set-maintainer-name new file mode 100644 index 0000000..262b7ef --- /dev/null +++ b/debian/patches/set-maintainer-name @@ -0,0 +1,16 @@ +--- a/build/mkversion ++++ b/build/mkversion +@@ -50,12 +50,7 @@ + fi + + APPLICATION=$1 +-# Reproducible builds set SOURCE_DATE_EPOCH, want constant strings +-if [ -n "${SOURCE_DATE_EPOCH}" ]; then +- WHOWHERE="openldap" +-else +- WHOWHERE="$USER@$(uname -n):$(pwd)" +-fi ++WHOWHERE="Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>" + + cat << __EOF__ + /* This work is part of OpenLDAP Software <http://www.openldap.org/>. diff --git a/debian/patches/slapi-errorlog-file b/debian/patches/slapi-errorlog-file new file mode 100644 index 0000000..4899451 --- /dev/null +++ b/debian/patches/slapi-errorlog-file @@ -0,0 +1,16 @@ +The slapi error log file defaults to /var/errors given our setting +of --localstatedir. Move it to /var/log/slapi-errors instead. + +Debian-specific. + +--- a/servers/slapd/slapi/slapi_overlay.c ++++ b/servers/slapd/slapi/slapi_overlay.c +@@ -930,7 +930,7 @@ int slapi_over_config( BackendDB *be, Co + ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex ); + + if ( slapi_log_file == NULL ) +- slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" ); ++ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "log" LDAP_DIRSEP "slapi-errors" ); + + rc = slapi_int_init_object_extensions(); + if ( rc != 0 ) diff --git a/debian/patches/smbk5pwd-makefile-manpage b/debian/patches/smbk5pwd-makefile-manpage new file mode 100644 index 0000000..8b09206 --- /dev/null +++ b/debian/patches/smbk5pwd-makefile-manpage @@ -0,0 +1,251 @@ +From: Peter Marschall <peter@adpm.de> +Date: Sun, 26 Jul 2015 15:04:26 +0200 +Subject: [PATCH] contrib/smbk5pwd: add man page, install it too + +Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to +install the new manual page. + +This patch is derived from the corresponding patch upstreamed in ITS#8205 + +--- + contrib/slapd-modules/smbk5pwd/Makefile | 14 +- + contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 | 179 ++++++++++++++++++++++++ + 2 files changed, 192 insertions(+), 1 deletion(-) + create mode 100644 contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 + +diff --git a/contrib/slapd-modules/smbk5pwd/Makefile b/contrib/slapd-modules/smbk5pwd/Makefile +index 676d914..0042a49 100644 +--- a/contrib/slapd-modules/smbk5pwd/Makefile ++++ b/contrib/slapd-modules/smbk5pwd/Makefile +@@ -25,6 +25,7 @@ + HEIMDAL_LIB = $(shell krb5-config.heimdal --libs kadm-server) + + LIBTOOL = $(LDAP_BUILD)/libtool ++INSTALL = /usr/bin/install + CC = gcc + OPT = -g -O2 -Wall + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. +@@ -34,6 +35,7 @@ + LIBS = $(HEIMDAL_LIB) $(LDAP_LIB) $(SSL_LIB) + + PROGRAMS = smbk5pwd.la ++MANPAGES = slapo-smbk5pwd.5 + LTVER = 0:0:0 + + prefix=/usr/local +@@ -43,6 +45,8 @@ + libdir=$(exec_prefix)/lib + libexecdir=$(exec_prefix)/libexec + moduledir = $(libexecdir)$(ldap_subdir) ++mandir = $(exec_prefix)/share/man ++man5dir = $(mandir)/man5 + + .SUFFIXES: .c .o .lo + +@@ -58,9 +62,17 @@ + clean: + rm -rf *.o *.lo *.la .libs + +-install: $(PROGRAMS) ++install: install-lib install-man FORCE ++ ++install-lib: $(PROGRAMS) + mkdir -p $(DESTDIR)$(moduledir) + for p in $(PROGRAMS) ; do \ + $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \ + done + ++install-man: $(MANPAGES) ++ mkdir -p $(DESTDIR)$(man5dir) ++ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir) ++ ++FORCE: ++ +diff --git a/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 +new file mode 100644 +index 0000000..431a765 +--- /dev/null ++++ b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 +@@ -0,0 +1,179 @@ ++.TH SLAPO-SMBK5PWD 5 "RELEASEDATE" "OpenLDAP LDVERSION" ++.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved. ++.\" Copying restrictions apply. See COPYRIGHT/LICENSE. ++.\" $OpenLDAP$ ++.SH NAME ++slapo-smbk5pwd \- Samba & Kerberos password sync overlay to slapd ++.SH SYNOPSIS ++ETCDIR/slapd.conf ++.RS ++.LP ++include ++.B "<path to>/krb5-kdc.schema" ++.LP ++include ++.B "<path to>/samba.schema" ++.LP ++moduleload ++.B smbk5pwd.so ++.LP ++ ... ++.LP ++database mdb ++.LP ++ ... ++.LP ++overlay ++.B smbk5pwd ++.RE ++ ++.SH DESCRIPTION ++.LP ++The ++.B smbk5pwd ++overlay to ++.BR slapd (8) ++overloads the Password Modify Extended Operation (RFC 3062) to update ++Kerberos keys and Samba password hashes for an LDAP user, as well as ++updating password change related attributes for Kerberos, Samba and/or ++UNIX user accounts. ++.LP ++The Samba support is written using the Samba 3.0 LDAP schema; ++Kerberos support is written for Heimdal using its hdb-ldap backend. ++.LP ++Additionally, a new ++.B {K5KEY} ++password hash mechanism is provided. ++For ++.B krb5KDCEntry ++objects that have this scheme specifier in their ++.I userPassword ++attribute, Simple Binds will be checked against the Kerberos keys of the entry. ++No data is needed after the ++.B {K5KEY} ++scheme specifier in the ++.IR userPassword , ++it is looked up from the entry directly. ++ ++.SH CONFIGURATION ++The ++.B smbk5pwd ++overlay supports the following ++.B slapd.conf ++configuration options, which should appear after the ++.B overlay ++directive: ++.TP ++.BI smbk5pwd-enable " <module>" ++can be used to enable only the desired modules. ++Legal values for ++.I <module> ++are ++.LP ++.RS ++.TP ++.B krb5 ++If the user has the ++.B krb5KDCEntry ++objectclass, update the ++.B krb5Key ++and ++.B krb5KeyVersionNumber ++attributes using the new password in the Password Modify operation, ++provided the Kerberos account is not expired. ++Exiration is determined by evaluating the ++.B krb5ValidEnd ++attribute. ++.TP ++.B samba ++If the user is a ++.B sambaSamAccount ++object, synchronize the ++.B sambaLMPassword ++and ++.B sambaNTPassword ++to the password entered in the Password Modify operation, and update ++.B sambaPwdLastSet ++accordingly. ++.TP ++.B shadow ++Update the attribute ++.BR shadowLastChange , ++if the entry has the objectclass ++.BR shadowAccount . ++.LP ++By default all modules compiled in are enabled. ++Setting the config statement restricts the enabled modules to the ones ++explicitly mentioned. ++.RE ++.TP ++.BI smbk5pwd-can-change " <seconds>" ++If the ++.B samba ++module is enabled and the user is a ++.BR sambaSamAccount , ++update the attribute ++.B sambaPwdCanChange ++to point ++.I <seconds> ++into the future, essentially denying any Samba password change until then. ++A value of ++.B 0 ++disables this feature. ++.TP ++.BI smbk5pwd-must-change " <seconds>" ++If the ++.B samba ++module is enabled and the user is a ++.BR sambaSamAccount , ++update the attribute ++.B sambaPwdMustChange ++to point ++.I <seconds> ++into the future, essentially setting the Samba password expiration time. ++A value of ++.B 0 ++disables this feature. ++.LP ++Alternatively, the overlay supports table-driven configuration, ++and thus can be run-time loaded and configured via back-config. ++ ++.SH EXAMPLE ++The layout of a slapd.d based, table-driven configuration entry looks like: ++.LP ++.EX ++ # {0}smbk5pwd, {1}bdb, config ++ dn: olcOverlay={0}smbk5pwd,olcDatabase={1}mdb,cn=config ++ objectClass: olcOverlayConfig ++ objectClass: olcSmbK5PwdConfig ++ olcOverlay: {0}smbk5pwd ++ olcSmbK5PwdEnable: krb5 ++ olcSmbK5PwdEnable: samba ++ olcSmbK5PwdMustChange: 2592000 ++.EE ++.LP ++which enables both ++.B krb5 ++and ++.B samba ++modules with a Samba password expiration time of 30 days (= ++.B 2592000 ++seconds). ++ ++.SH SEE ALSO ++.BR slapd.conf (5), ++.BR ldappasswd (1), ++.BR ldap (3), ++.LP ++"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) ++.LP ++ ++.SH ACKNOWLEDGEMENTS ++This manual page has been writen by Peter Marschall based on the ++module's README file written by Howard Chu. ++.LP ++.B OpenLDAP ++is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). ++.B OpenLDAP ++is derived from University of Michigan LDAP 3.3 Release. ++ +-- +2.5.0 + diff --git a/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff new file mode 100644 index 0000000..f0dd4e1 --- /dev/null +++ b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff @@ -0,0 +1,40 @@ +From: Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de>
+Date: Tue, 18 May 2010 17:47:05 +0200
+Subject: Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
+ Open all modules with RTLD_GLOBAL, needed so that back_perl can load
+ non-trivial Perl extensions that require symbols from back_perl.so itself.
+Bug-Debian: http://bugs.debian.org/327585
+
+---
+--- a/servers/slapd/module.c ++++ b/servers/slapd/module.c +@@ -117,6 +117,20 @@ int module_unload( const char *file_name + return -1; /* not found */ + } + ++static lt_dlhandle slapd_lt_dlopenext_global( const char *filename ) ++{ ++ lt_dlhandle handle = 0; ++ lt_dladvise advise; ++ ++ if (!lt_dladvise_init (&advise) && !lt_dladvise_ext (&advise) ++ && !lt_dladvise_global (&advise)) ++ handle = lt_dlopenadvise (filename, advise); ++ ++ lt_dladvise_destroy (&advise); ++ ++ return handle; ++} ++ + int module_load(const char* file_name, int argc, char *argv[]) + { + module_loaded_t *module; +@@ -180,7 +194,7 @@ int module_load(const char* file_name, i + * to calling Debug. This is because Debug is a macro that expands + * into multiple function calls. + */ +- if ((module->lib = lt_dlopenext(file)) == NULL) { ++ if ((module->lib = slapd_lt_dlopenext_global(file)) == NULL) { + error = lt_dlerror(); + #ifdef HAVE_EBCDIC + strcpy( ebuf, error ); diff --git a/debian/patches/wrong-database-location b/debian/patches/wrong-database-location new file mode 100644 index 0000000..25d96cb --- /dev/null +++ b/debian/patches/wrong-database-location @@ -0,0 +1,74 @@ +Move the default slapd database location to /var/lib/ldap instead of +/var/openldap-data. + +Debian-specific. + +--- a/doc/man/man5/slapd-bdb.5 ++++ b/doc/man/man5/slapd-bdb.5 +@@ -131,7 +131,7 @@ Specify the directory where the BDB file + associated indexes live. + A separate directory must be specified for each database. + The default is +-.BR LOCALSTATEDIR/openldap\-data . ++.BR LOCALSTATEDIR/lib/ldap . + .TP + .B dirtyread + Allow reads of modified but not yet committed data. +--- a/doc/man/man5/slapd.conf.5 ++++ b/doc/man/man5/slapd.conf.5 +@@ -2007,7 +2007,7 @@ suffix "dc=our\-domain,dc=com" + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-directory LOCALSTATEDIR/openldap\-data ++directory LOCALSTATEDIR/lib/ldap + # Indices to maintain + index objectClass eq + index cn,sn,mail pres,eq,approx,sub +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -47,7 +47,7 @@ + /* location of the default slapd config file */ + #define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf" + #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d" +-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data" ++#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "ldap" + #define SLAPD_DEFAULT_DB_MODE 0600 + #define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata" + /* default max deref depth for aliases */ +--- a/servers/slapd/Makefile.in ++++ b/servers/slapd/Makefile.in +@@ -445,9 +445,9 @@ install-conf: FORCE + + install-db-config: FORCE + @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) +- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data ++ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/ldap + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ +- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example ++ $(DESTDIR)$(localstatedir)/lib/ldap/DB_CONFIG.example + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ + $(DESTDIR)$(sysconfdir)/DB_CONFIG.example + +--- a/doc/man/man5/slapd-config.5 ++++ b/doc/man/man5/slapd-config.5 +@@ -2051,7 +2051,7 @@ olcSuffix: "dc=our\-domain,dc=com" + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-olcDbDirectory: LOCALSTATEDIR/openldap\-data ++olcDbDirectory: LOCALSTATEDIR/lib/ldap + # Indices to maintain + olcDbIndex: objectClass eq + olcDbIndex: cn,sn,mail pres,eq,approx,sub +--- a/doc/man/man5/slapd-mdb.5 ++++ b/doc/man/man5/slapd-mdb.5 +@@ -52,7 +52,7 @@ Specify the directory where the LMDB fil + associated indexes live. + A separate directory must be specified for each database. + The default is +-.BR LOCALSTATEDIR/openldap\-data . ++.BR LOCALSTATEDIR/lib/ldap . + .TP + \fBenvflags \fR{\fBnosync\fR,\fBnometasync\fR,\fBwritemap\fR,\fBmapasync\fR,\fBnordahead\fR} + Specify flags for finer-grained control of the LMDB library's operation. diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..07cbdde --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] slapd.templates diff --git a/debian/po/ca.po b/debian/po/ca.po new file mode 100644 index 0000000..2244054 --- /dev/null +++ b/debian/po/ca.po @@ -0,0 +1,453 @@ +# openldap po-debconf translation to Catalan. +# This file is distributed under the same license as the openldap package. +# Innocent De Marchi <tangram.peces@gmail.com>, 2011-2017. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.44+dfsg-4\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-19 19:35+0100\n" +"Last-Translator: Innocent De Marchi <tangram.peces@gmail.com>\n" +"Language-Team: catalan <debian-l10n-catalan@lists.debian.org>\n" +"Language: ca_ES\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.8.11\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Voleu ometre la configuració del servidor OpenLDAP?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Si desactivau aquesta opció, no es generarà la configuració ni la base de " +"dades inicial." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "sempre" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "quan sigui necessari" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "mai" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Bolcar les bases de dades a un fitxer en fer l'actualització:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Abans d'actualitzar a una nova versió del servidor OpenLDAP, les dades dels " +"seus directoris LDAP poden desar-se a fitxers de text en el format està ndard " +"d'intercanvi de dades LDAP («LDAP Data Interchange Format»)." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Seleccionant «sempre» el bolcat de les bases de dades es farà sense " +"condicions abans de l'actualització. Seleccionant «quan sigui necessari» " +"només es farà el bolcat de les bases de dades si la nova versió és " +"incompatible amb el format anterior de les bases de dades i és necessari re-" +"importar-les. Si seleccionau «mai», no es farà el bolcat." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Directori a fer servir en el bolcat de les bases de dades:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Seleccionau el directori d'exportació de les bases de dades LDAP. En aquest " +"directori, es generaran diversos fitxers LDIF que es corresponen amb les " +"bases de dades localitzades en el servidor. Comproveu que hi ha espai lliure " +"suficient a la partició on està ubicat el directori seleccionat. La primer " +"aparició de la cadena «VERSION» serà reemplaçada per la versió del servidor " +"de la qual està actualitzant." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Moure la base de dades anterior?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Hi ha fitxers a «/var/lib/ldap» que probablement interrompran el procés de " +"configuració. Si activau aquesta opció, el guió de manteniment mourà els " +"fitxers de les bases de dades anteriors fora del directori anterior abans de " +"generar una nova base de dades." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Tornar a intentar la configuració?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"La configuració que ha introduït no és và lida. Comproveu que el nom de " +"domini DNS és sintà cticament correcte, que el camp del nom de l'organització " +"està emplenat i que les contrasenyes de l'administrador coincideixen. Si " +"decideix no tornar a intentar la configuració, el servidor LDAP quedarà " +"sense configurar. Executi «dpkg-reconfigure slapd» per tornar a intentar-ho " +"més tard." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Nom del domini DNS:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"El nom de domini DNS es fa servir per construir el DN base del directori " +"LDAP. Per exemple, si el vostre nom de domini és «elmeu.domini.org» es " +"generarà el directori amb el DN base «dc=elmeu, dc=domini, dc=org»" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Nom de l'organització:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Escriviu el nom de l'organització per fer servir en el DN base del directori " +"LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Contrasenya de l'administrador:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"Escriviu la contrasenya per l'accés com administrador al vostre directori " +"LDAP:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Confirmeu la vostra contrasenya:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Introduïu de nou la contrasenya d'administrador per al directori LDAP per " +"comprovar que s'ha escrit correctament." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Les contrasenyes no coincideixen" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Les dues contrasenyes no coincideixen. Tornau a provar-ho." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Desitjau que s'elimini la base de dades en purgar el paquet slapd?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "ha fallat «slapcat» durant l'actualització" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "S'ha produït un error en l'actualització del directori LDAP." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"El programa «slapcat» ha fallat en l'extracció del directori LDAP. Aquest " +"error pot ésser causat per un fitxer de configuració incorrecte (per " +"exemple, per que faltin lÃnies «moduleload» necessà ries pel motor de la base " +"de dades)" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Aquest error farà que «slapadd» torni a fallar més endavant. Els fitxers de " +"la base de dades anterior es mouran a «/var/backups». Si desitjau tornar a " +"intentar l'actualització, haureu de tornar a moure els fitxers de la base de " +"dades anterior a la seva ubicació inicial, solucionar la causa de l'error i " +"tornar a executar:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"A continuació, tornau els arxius de la base de dades a la zona de seguretat " +"i després intenteu executar «slapadd» des de ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Motor de base de dades a fer servir:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB i BDB fan servir formats d'emmagatzematge semblants, però HDB permet fer " +"canvis de nom dels subarbres. Tots dos tenen les mateixes opcions de " +"configuració." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"El motor MDB és el recomanat. MDB fa servir un nou format d'emmagatzematge i " +"requereix menys tasques de configuració que BDB o HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"En qualsevol cas, heu de revisar la configuració de base de dades resultant " +"per ajustar-la a les vostres necessitats. Consulteu «/usr/share/doc/slapd/" +"README.Debian.gz» per a més detalls." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Configuració de control d'accés de slapd potencialment insegur" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Una o més de les bases de dades configurades té una norma de control d'accés " +"que permet als usuaris modificar la major part dels seus atributs. Aquest " +"situació pot ser perillosa, depenent de com s'utilitza la base de dades." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"En el cas que les normes d'accés de slapd comencin per \"to *\", és " +"recomanable eliminar totes les instà ncies a \"by self write\", de manera que " +"els usuaris només puguin modificar els atributs especÃficament permesos." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Consulteu «/usr/share/doc/slapd/README.Debian.gz» per a més detalls." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "aturar la instal·lació" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "continua sense tenir en compte" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "" +"Es recomana l'actualització manual de la directiva de contrasenya («ppolicy»)" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"La nova versió de la superposició de directiva de contrasenya («ppolicy») " +"requereix que l'esquema defineixi el tipus d'atribut " +"«pwdMaxRecordedFailure», que no està inclòs en l'esquema actualment en ús. " +"És recomana aturar ara l'actualització, i actualitzar la directiva de " +"contrasenya abans d'actualitzar «slapd». Si la replicació està en marxa, " +"l'actualització de l'esquema s'ha d'aplicar a cada servidor abans de " +"continuar amb l'actualització." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" +"Un s'ha generat un fitxer LDIF amb els canvis necessaris per a " +"l'actualització:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"per que si «slapd» fa servir les regles d'accés predeterminades, aquests " +"canvis es poden fer efectius (després d'iniciar «slapd») fent servir l'ordre:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"En canvi, si decidiu continuar amb la instal·lació, el nou tipus d'atribut " +"s'afegirà automà ticament, però el canvi no es veurà afectat per les " +"superposicions de «slapd», i la replicació amb altres servidors es pot veure " +"afectada." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Desitjau permetre el protocol LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "El protocol obsolet LDAPv2 està desactivat per defecte a slapd. Els " +#~ "programes i usuaris haurien d'actualitzar-se a LDAPv3. Si teniu " +#~ "programes antics que no poden fer servir LDAPv3, seleccioneu aquesta " +#~ "opció i s'afegirà l'opció «allow bind_v2» al vostre fitxer de " +#~ "configuració slapd.conf." diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 0000000..bfbbff7 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,512 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-22 11:49+0100\n" +"Last-Translator: Miroslav Kure <kurem@debian.cz>\n" +"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "PÅ™eskoÄit nastavenà OpenLDAP serveru?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"PÅ™istoupÃte-li na tuto možnost, nevytvořà se databáze ani poÄáteÄnà " +"nastavenÃ." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "vždy" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "v pÅ™ÃpadÄ› potÅ™eby" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "nikdy" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "PÅ™i aktualizaci uložit databáze do souboru:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"PÅ™ed aktualizacà na novÄ›jÅ¡Ã verzi serveru OpenLDAP se mohou data z LDAP " +"adresářů vyexportovat do textových souborů ve formátu LDAP Data Interchange " +"Format, což je standardizovaný formát pro popis tÄ›chto dat." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"VýbÄ›rem „“vždy“ zajistÃte, že se databáze vyexportujà do souborů pÅ™ed každou " +"aktualizacÃ. Volba „v pÅ™ÃpadÄ› potÅ™eby“ znamená, že se databáze vyexportujà " +"pouze v pÅ™ÃpadÄ›, že je formát nové databáze nekompatibilnà s pÅ™edchozà verzà " +"a tudÞ je potÅ™eba data znovu nahrát. ZvolÃte-li „nikdy“, data se nebudou " +"exportovat." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Adresář pro exportované databáze:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Zadejte prosÃm adresář, do kterého se budou exportovat LDAP databáze. V " +"tomto adresáři se vytvořà nÄ›kolik LDIF souborů odpovÃdajÃcÃch koÅ™enům LDAP " +"adresářů na daném serveru. UjistÄ›te se, že máte na dané oblasti dostatek " +"mÃsta. Prvnà výskyt Å™etÄ›zce \"VERSION\" se nahradà verzà LDAP serveru, ze " +"kterého aktualizujete na novÄ›jÅ¡Ã verzi." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "PÅ™esunout starou databázi?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Ve /var/lib/ldap jsou stále soubory, které pravdÄ›podobnÄ› naruÅ¡Ã instalaÄnà " +"proces. Budete-li souhlasit, instalaÄnà skripty pÅ™ed vytvoÅ™enÃm nové " +"databáze nejprve pÅ™esunou staré databázové soubory na jiné mÃsto." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Zopakovat nastavenÃ?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"Zadané nastavenà nenà platné. UjistÄ›te se, že máte doménové jméno (DNS) ve " +"správném formátu, že je vyplnÄ›né pole pro organizaci a že administrátorská " +"hesla souhlasÃ. Jestliže znovu nespustÃte tohoto průvodce, LDAP server " +"nebude nakonfigurován. Budete-li chtÃt balÃk nastavit pozdÄ›ji, použijte " +"pÅ™Ãkaz „dpkg-reconfigure slapd“." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "DNS název domény:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"Název domény se použÃvá pro vytvoÅ™enà základnÃho DN vaÅ¡eho LDAP adresáře. " +"NapÅ™Ãklad zadánÃm „foo.bar.cz“ se vytvořà adresář se základnÃm DN „dc=foo, " +"dc=bar, dc=cz“." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Název organizace:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Zadejte prosÃm jméno organizace, které se použije v základnÃm DN vaÅ¡eho LDAP " +"adresáře." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Administrátorské heslo:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "Zadejte prosÃm heslo pro administrátorský záznam v LDAP adresáři." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Potvrzenà hesla:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Zadejte prosÃm znovu administrátorské heslo k LDAP adresáři, abyste se " +"ujistili, že jste jej zadali správnÄ›." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Hesla nesouhlasÃ" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Zadaná hesla nejsou stejná. Zkuste to znovu." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Chcete pÅ™i vyÄiÅ¡tÄ›nà balÃku slapd ze systému smazat i databázi?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "slapcat bÄ›hem aktualizace selhal" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "PÅ™i pokusu o aktualizaci LDAP adresáře se vyskytla chyba." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"Program „slapcat“ selhal. Tuto chybu může způsobit tÅ™eba chybný konfiguraÄnà " +"soubor. (NapÅ™Ãklad pokud chybà pÅ™ÃsluÅ¡né řádky „moduleload“ pro backend " +"databáze, která uchovává obsah LDAP adresáře.)" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Tato chyba pozdÄ›ji způsobà také selhánà pÅ™Ãkazu „slapadd“. Staré databázové " +"soubory budou pÅ™esunuty do /var/backups. Budete-li chtÃt pozdÄ›ji zkusit " +"provést tuto aktualizaci znovu, pÅ™esuňte staré databázové soubory zpÄ›t na " +"jejich původnà mÃsto, spravte pÅ™ÃÄinu toho, proÄ slapcat selhal a spusÅ¥te:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Poté pÅ™esuňte databázové soubory zpÄ›t mezi zálohy a zkuste spustit slapadd z " +"${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Databázový backend:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB i BDB ukládajà data obdobnÄ›, ale HDB pÅ™idává podporu pro pÅ™ejmenovánà " +"podstromů. Oba backendy podporujà stejné konfiguraÄnà parametry." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"DoporuÄenou volbou je backend MDB. MDB použÃvá nový formát úložiÅ¡tÄ› a " +"vyžaduje ménÄ› nastavovánà než BDB enbo HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Ve vÅ¡ech pÅ™Ãpadech byste mÄ›li zkontrolovat, zda nastavenà databáze odpovÃdá " +"vaÅ¡im potÅ™ebám. VÃce informacà naleznete v souboru /usr/share/doc/slapd/" +"README.Debian.gz." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "PotenciálnÄ› nebezpeÄné nastavenà pÅ™Ãstupu slapd" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Jedna nebo vÃce nakonfigurovaných databázà obsahuje pravidlo, které umožňuje " +"uživatelům mÄ›nit vÄ›tÅ¡inu jejich vlastnÃch atributů. V závislosti na způsobu " +"použÃvánà databáze to může být nebezpeÄné." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"V pÅ™ÃpadÄ› pÅ™Ãstupových pravidel slapd zaÄÃnajÃcÃch „to *“ je doporuÄeno " +"odstranit výskyty „by self write“, aby uživatelé mohli mÄ›nit pouze " +"explicitnÄ› povolené atributy." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "VÃce informacà naleznete v /usr/share/doc/slapd/README.Debian.gz." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "pÅ™eruÅ¡it instalaci" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "pÅ™esto pokraÄovat" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Je doporuÄeno aktualizovat ppolicy schéma ruÄnÄ›" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Nová verze politiky hesel (ppolicy) vyžaduje, aby schéma definovalo typ " +"atributu pwdMaxRecordedFailure, který nenà v aktuálnÄ› použÃvaném schématu " +"pÅ™Ãtomný. DoporuÄujeme nynà pÅ™eruÅ¡it aktualizaci a aktualizovat ppolicy " +"schéma ruÄnÄ› pÅ™ed samotnou aktualizacà slapd. Pokud využÃváte replikaci, " +"mÄ›li byste pÅ™ed pokraÄovánÃm aktualizovat schéma na vÅ¡ech serverech." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "Byl vytvoÅ™en LDIF soubor se zmÄ›nami potÅ™ebnými pro aktualizaci:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"pokud slapd použÃvá výchozà pÅ™Ãstupová oprávnÄ›nÃ, můžete zmÄ›ny aplikovat " +"pÅ™Ãkazem (po spuÅ¡tÄ›nà slapd):" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Jestliže se rozhodnete pokraÄovat v instalaci, bude nový typ atributu pÅ™idán " +"automaticky, avÅ¡ak slapd overlaye tuto zmÄ›nu nezaregistrujà a může to mÃt " +"vliv i na replikaci s ostatnÃmi servery." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Povolit protokol LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "Zastaralý protokol LDAPv2 je nynà v slapd implicitnÄ› zakázán. Programy i " +#~ "uživatelé by mÄ›li pÅ™ejÃt na LDAPv3. Máte-li staré programy, které " +#~ "nezvládajà LDAPv3, povolte tuto možnost, což do souboru slapd.conf pÅ™idá " +#~ "řádek „allow bind_v2“." + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "slurpd je zastaralý, repliky se musà znovu nastavit ruÄnÄ›" + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "PÅ™i aktualizaci byla v konfiguraÄnÃm souboru slapd nalezena nejménÄ› jedna " +#~ "volba „replica“ pro slurpd. Protože je slurpd od OpenLDAPu verze 2.4 " +#~ "pÅ™ekonaný, budete muset své repliky pÅ™evést, aby mÃsto toho použÃvaly " +#~ "protokol syncrepl." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "Konverzi ze slurpd na protokol syncrepl (založený na technologii pull) " +#~ "nelze provést automaticky a budete muset své replikaÄnà servery nastavit " +#~ "ruÄnÄ›. Podrobnosti naleznete na http://www.openldap.org/doc/admin24/" +#~ "syncrepl.html." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "Hodnota TLSCipherSuite se zmÄ›nila" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "PÅ™i aktualizaci byla ve vaÅ¡em konfiguraÄnÃm souboru programu slapd " +#~ "nalezena volba „TLSCipherSuite“. PÅ™Ãpustné hodnoty, které můžete v této " +#~ "volbÄ› použÃt, jsou urÄeny použitou implementacà SSL. Ta se zmÄ›nila z " +#~ "OpenSSL na GnuTLS, což znamená, že stávajÃcà nastavenà TLSCipherSuite " +#~ "nebude s tÃmto balÃkem fungovat." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Toto nastavenà bylo automaticky zakomentováno. Máte-li speciálnà " +#~ "požadavky, které vyžadujà opÄ›tovné zapnutà této volby, zjistÄ›te si prosÃm " +#~ "seznam Å¡ifer podporovaných v GnuTLS (napÅ™. pÅ™Ãkazem „gnutls-cli -l“, " +#~ "který se nacházà v balÃku gnutls-bin)." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "Zazálohovat stávajÃcà databázi a vytvoÅ™it novou?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "Zadali jste pÅ™Ãponu adresáře (doménu), která neodpovÃdá té v souboru /etc/" +#~ "ldap/slapd.conf. ZmÄ›na pÅ™Ãpony adresáře vyžaduje odsunutà stávajÃcà LDAP " +#~ "databáze a vytvoÅ™enà nové. PotvrÄte prosÃm, zda chcete zazálohovat a " +#~ "opustit stávajÃcà databázi." diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 0000000..e4e3ef9 --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,428 @@ +# Danish translation openldap. +# Copyright (C) 2017 openldap & nedenstÃ¥ende oversættere. +# This file is distributed under the same license as the openldap package. +# Claus Hindsgaul <claus.hindsgaul@gmail.com>, 2005, 2006. +# Joe Hansen <joedalton2@yahoo.dk>, 2010, 2014, 2017. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-10 05:26+0100\n" +"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" +"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Undlad opsætning af OpenLDAP-server?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Hvis du aktiverer denne indstilling, vil der ikke blive oprettet en " +"begyndelsesopsætning eller -database for dig." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "altid" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "nÃ¥r nødvendigt" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "aldrig" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Læg databaser i fil ved opgradering:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Inden du opgraderer til en ny version af OpenLDAP-serveren, kan dine LDAP-" +"mappers data blive lagt som rene tekstfiler i formatet LDAP Data Interchange." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Angivelse af »altid«, vil fÃ¥ databaserne til at blive dumpet uden " +"betingelser før en opgradering. Valg af »nÃ¥r nødvendigt« vil kun dumpe " +"databasen, hvis den nye version er inkompatibel med det gamle " +"databaseformat, og den skal genimporteres. Hvis du vælger »aldrig«, vil der " +"ikke blive udført en dumpning." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Mappe til de dumpede databaser:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Angiv den mappe, LDAP-databasen skal eksporteres til. I denne mappe vil der " +"blive oprettet adskillige LDIF-filer, som svarer til den søgedatabase, der " +"ligger pÃ¥ serveren. Sørg for at du har nok fri plads pÃ¥ den partition, " +"mappen ligger pÃ¥. Første forekomst af strengen »VERSION« erstattes med den " +"serverversion, du opgraderer fra." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Flyt gammel database?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Der er stadig filer i /var/lib/ldap, som sikkert vil forstyrre " +"opsætningsprocessen. Hvis du aktiverer denne indstilling, vil " +"vedligeholdelsesskriptene flytte de gamle filer, før de opretter en ny " +"database." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Gentag opsætningen?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"Den opsætning, du har angivet, er ikke gyldig. Sørg for at DNS-domænenavnet " +"har en gyldig syntaks, at organisationen er udfyldt, og at administrator-" +"adgangskoderne er ens. Hvis du vælger ikke at gentage opsætningen af LDAP-" +"serveren, vil den ikke blive sat op. Kør 'dpkg-reconfigure slapd', hvis du " +"vil prøve igen senere." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "DNS-domænenavn:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"Domænenavnet bruges til at opbygge basis-DN for din LDAP-mappe. For eksempel " +"vil 'foo.eksempel.org' oprette mappen med 'dc=foo, dc=eksempel, dc=org' som " +"basis-DN." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Organisationsnavn:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Indtast venligst navnet pÃ¥ organisationen som skal bruges i basis-DN'en pÃ¥ " +"din LDAP-mappe." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Administratoradgangskode:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "Angiv administratoropslagets adgangskode i din LDAP-mappe." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Bekræft administratoradgangskode:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Indtast venligst administratoradgangskoden pÃ¥ din LDAP-mappe igen for at " +"bekræfte, at du har tastet den korrekt." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Adgangskoderne var ikke ens" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "De to adgangskoder, du indtastede, var ikke ens. Prøv igen." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Ønsker du at databasen bliver fjernet, nÃ¥r slapd bliver afinstalleret?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "slapcatfejl under opgraderingen" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Der opstod en fejl under opgradering af din LDAP-mappe." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"Programmet 'slapcat' fejlede under udtrækning af LDAP-mappen. Fejlen kan " +"skyldes en fejlbehæftet opsætningsfil (f.eks. kan de korrekte " +"'moduleloadlinjer' til understøttelse af din motors database mangle)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Denne fejl vil ogsÃ¥ senere fÃ¥ 'slapadd' til at fejle. De gamle databasefiler " +"er ved at blive flyttet til /var/backups. Hvis du vil forsøge denne " +"opgradering igen, sÃ¥ flyt de gamle databasefiler tilbage, ret den fejl, der " +"fik slapcat til at fejle, og kør:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Flyt derefter databasefilerne tilbage til et sikkerhedskopiomrÃ¥de, og prøv " +"at køre slapadd fra ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Databasemotor at bruge:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB og BDB bruger lignende lagerformater, men HDB tilføjer understøttelse af " +"omdøbning af undertræer. Begge understøtter de samme " +"konfigurationsindstillinger." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"MDB-motoren anbefales. MDB bruger et nyt lagerformat og kræver mindre " +"konfiguration end BDB eller HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Uanset hvad bør du gennemse databasekonfigurationen for dine behov. Se /usr/" +"share/doc/slapd/README.Debian.gz for yderligere detaljer." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Potentiel usikker slapd-adgangskontrolkonfiguration" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"En eller flere af de konfigurerede databaser har en adgangskontrolregel, som " +"giver brugere mulighed for at ændre deres egne attributter. Dette kan være " +"usikkert, afhængig af hvordan databasen bruges." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"I tilfældet med slapd-adgangsregler som begynder med »to *«, anbefales det " +"at fjerne alle instanser af »by self write«, sÃ¥ at brugerne kun kan ændre " +"specifikt tilladte attributter." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Se /usr/share/doc/slapd/README.Debian.gz for yderligere detaljer." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "afbryd installation" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "fortsæt alligevel" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Manuel ppolicy-skemaopdatering anbefales" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Den nye version af Password Policy-dækket (ppolicy) kræver skemaet for at " +"definere attributtypen pwdMaxRecordedFailure, som ikke er til stede i " +"skemaet i brug i øjeblikket. Det anbefales at afbryde opgraderingen nu, og " +"opdatere ppolicy-skemaet før opgradering af slapd. Hvis replikering er i " +"brug, sÃ¥ skal skemaopdateringen bruges pÃ¥ alle servere før opgraderingen " +"fortsættes." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" +"En LDIF-fil er blevet oprettet med ændringerne krævet for opgraderingen:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"sÃ¥ hvis slapd bruger standardreglerne for adgangskontrol, sÃ¥ kan disse " +"ændringer anvendes (efter start af slapd) ved at bruge kommandoen:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Hvis du i stedet for vælger at fortsætte installationen, sÃ¥ vil den nye " +"attributtype blive tilføjet automatisk, men der vil ikke blive handlet pÃ¥ " +"ændringen af slapd-overdækker, og replikering med andre servere kan blive " +"pÃ¥virket." diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 0000000..971292e --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,528 @@ +# Translation of openldap debconf templates to German +# Copyright (C) Helge Kreutzmann <debian@helgefjell.de>, 2006-2008, 2010, 2014, 2017. +# This file is distributed under the same license as the openldap package. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.44+dfsg-4\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-15 14:12+0100\n" +"Last-Translator: Helge Kreutzmann <debian@helgefjell.de>\n" +"Language-Team: de <debian-l10n-german@lists.debian.org>\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "OpenLDAP-Server-Konfiguration auslassen?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Falls Sie diese Option aktivieren, wird keine Startkonfiguration oder " +"Datenbank für Sie erstellt." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "immer" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "wenn benötigt" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "nie" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Datenbank beim Upgrade in Datei ausgeben (»dump«):" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Bevor Sie ein Upgrade auf eine neue Version des OpenLDAP-Servers " +"durchführen, können die Daten Ihres LDAP-Verzeichnisses in reine Text-" +"Dateien im standardisierten »LDAP Data Interchange Format« ausgegeben werden." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Die Auswahl von »immer« führt dazu, dass die Datenbanken bedingungslos vor " +"Upgrades ausgegeben werden. Die Auswahl von »wenn benötigt« führt dazu, dass " +"die Datenbank nur ausgegeben wird, falls die neue Version nicht mit dem " +"alten Datenbankformat kompatibel ist und die Datenbank re-importiert werden " +"muss. Die »nie«-Auswahl führt dazu, dass keine Ausgabe der Daten erfolgt." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Verzeichnis für Datenbank-Ausgaben (»dumps«):" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Bitte geben Sie ein Verzeichnis an, in das die Datenbanken exportiert " +"werden. Innerhalb dieses Verzeichnisses werden mehrere LDIF-Dateien " +"erstellt, die zu den im Server befindlichen Suchbasen korrespondieren. " +"Stellen Sie sicher, dass Sie genug freien Platz auf der Partition haben, auf " +"der sich das Verzeichnis befindet. Das erste Auftreten der Zeichenkette " +"»VERSION« wird durch die Server-Version ersetzt, von der aus Sie das Upgrade " +"durchführen." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Alte Datenbank verschieben?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Es sind noch Dateien in /var/lib/ldap, die wahrscheinlich den " +"Konfigurationsprozess durcheinander bringen werden. Wird diese Option " +"aktiviert, dann werden die Betreuerskripte die alten Datenbankdateien " +"beiseite schieben, bevor sie eine neue Datenbank erstellen." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Konfiguration erneut versuchen?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"Die von Ihnen eingegebene Konfiguration ist ungültig. Stellen Sie sicher, " +"dass der DNS-Domainname einer gültigen Syntax folgt, das Feld für die " +"Organisation nicht leer geblieben ist und dass die Administratorpasswörter " +"übereinstimmen. Falls Sie sich entscheiden, die Konfiguration nicht erneut " +"zu versuchen, wird der LDAP-Server nicht eingerichtet. Führen Sie »dpkg-" +"reconfigure slapd« aus, falls Sie die Konfiguration später erneut versuchen " +"wollen." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "DNS-Domainname:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"Der DNS-Domainname wird zur Erzeugung des Basis-DN Ihres LDAP-Verzeichnisses " +"verwendet. Zum Beispiel erstellt »foo.example.org« das Verzeichnis mit der " +"Basis-DN »dc=foo, dc=example, dc=org«." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Name der Organisation:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Bitte geben Sie den Namen der Organisation ein, die im Basis-DN Ihres LDAP-" +"Verzeichnisses verwendet werden soll." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Administrator-Passwort:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"Bitte geben Sie das Passwort für den Administrator-Eintrag in Ihrem LDAP-" +"Verzeichnis ein." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Passwort bestätigen:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Bitte geben Sie das Passwort für den Administrator-Eintrag Ihres LDAP-" +"Verzeichnisses nochmal ein, um sicher zu gehen, dass Sie es richtig " +"eingegeben haben." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Passwörter stimmen nicht überein" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" +"Die beiden eingegebenen Passwörter sind nicht gleich. Bitte versuchen Sie es " +"noch einmal." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "" +"Soll die Datenbank entfernt werden, wenn slapd vollständig gelöscht wird?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "slapcat-Fehlschlag beim Upgrade" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "" +"Während des Versuchs, ein Upgrade des LDAP-Verzeichnisses durchzuführen, " +"trat ein Fehler auf." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"Das Programm »slapcat« schlug beim Versuch, das LDAP-Verzeichnis zu " +"extrahieren, fehl. Dies könnte durch eine inkorrekte Konfigurationsdatei " +"verursacht worden sein (beispielsweise fehlende »moduleload«-Zeilen, um die " +"Backend-Datenbank zu unterstützen)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Dieser Fehlschlag wird später dazu führen, dass auch »slapadd« fehlschlägt. " +"Die alten Datenbankdateien werden jetzt nach /var/backups verschoben. Falls " +"Sie dieses Upgrade erneut versuchen wollen, sollten Sie die alten " +"Datenbankdateien wieder zurück an ihren Platz verschieben, den Grund für den " +"Fehlschlag von slapcat beheben und folgendes ausführen:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Verschieben Sie dann die Datenbankdateien zurück in den Sicherungsbereich " +"und versuchen Sie, Slapadd von ${location} auszuführen." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Zu verwendendes Datenbank-Backend:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB und BDB verwenden ähnliche Speicherformate, aber HDB enthält zusätzlich " +"Unterstützung für Teilbaum-Umbenennungen. Beide unterstützen die gleichen " +"Konfigurationsoptionen." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"Das MDB-Backend wird empfohlen. MDB verwendet ein neues Speicherformat und " +"benötigt weniger Konfiguration als BDB oder HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"In jedem Fall sollten Sie die erstellte Datenbankkonfiguration im Hinblick " +"auf Ihre Anforderungen prüfen. Lesen Sie /usr/share/doc/slapd/README.Debian." +"gz für weitere Details." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Möglicherweise unsichere Slapd-Zugriffssteuerkonfiguration" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Eine oder mehrere der konfigurierten Datenbanken hat eine " +"Zugriffssteuerregel, die Benutzern erlaubt, die meisten ihrer eigenen " +"Konfigurationsoptionen zu verändern. Dies kann unsicher sein, abhängig " +"davon, wie die Datenbank verwandt wird." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"Im Falle der mit »to *« beginnenden Slapd-Zugriffsregeln, wird empfohlen, " +"alle Instanzen von »by self write« zu entfernen, so dass Benutzer nur in der " +"Lage sind, speziell erlaubte Attribute zu ändern." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Lesen Sie /usr/share/doc/slapd/README.Debian.gz für weitere Details." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "Installation abbrechen" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "Trotzdem fortfahren" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Manuelle Aktualisierung des Ppolicy-Schematas empfohlen" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Die neue Version der Passwort-Richtlinien-Einblendung (Ppolicy) verlangt, " +"dass im Schema der Attributstyp pwdMaxRecordedFailure definiert wird, der im " +"aktuell benutzten Schema nicht vorhanden ist. Es wird empfohlen, die " +"Aktualisierung jetzt abzubrechen und das Ppolicy-Schema zu aktualisieren, " +"bevor das Upgrade von Slapd durchgeführt wird. Falls Replizierung verwandt " +"wird, sollte die Schema-Aktualisierung auf jedem Server angewandt werden, " +"bevor mit dem Upgrade fortgefahren wird." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" +"Eine LDIF-Datei wurde mit den für das Upgrade benötigten Änderungen erstellt:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"Falls Slapd daher die Standardzugriffssteuerungsregeln verwendet, können " +"diese Änderungen (nach dem Start von Slapd) mittels des folgenden Befehls " +"angewandt werden:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Falls Sie sich stattdessen entscheiden, mit der Installation fortzufahren, " +"wird der neue Attributstyp automatisch hinzugefügt, aber auf die Änderung " +"wird nicht durch die Slapd-Überblendungen reagiert und die Replizierung mit " +"anderen Servern könnte betroffen sein." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "LDAPv2-Protokoll erlauben?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "Das veraltete LDAPv2-Protokoll ist standardmäßig in slapd deaktiviert. " +#~ "Programme und Benutzer sollten ein Upgrade auf LDAPv3 durchführen. Falls " +#~ "Sie alte Programme haben, die LDAPv3 nicht benutzen können, sollten Sie " +#~ "diese Option wählen und »allow bind_v2« wird zu der Datei slapd.conf " +#~ "hinzugefügt." + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "Slurpd ist veraltet; Replikas müssen von Hand rekonfiguriert werden" + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "In Ihrer Konfiguration wurde beim Upgrade eine oder mehrere »replica«-" +#~ "Optionen gefunden. Da slurpd beginnend mit OpenLDAP 2.4 veraltet ist, " +#~ "müssen Sie Ihre Repliken auf die Verwendung des Syncrepl-Protokolls " +#~ "migrieren." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "Die Umstellung von slurpd auf das »pull«-basierte Syncrepl-Protokoll kann " +#~ "nicht automatisch geschehen und Sie müssen Ihre Repliken-Server von Hand " +#~ "konfigurieren. Bitte lesen Sie http://www.openldap.org/doc/admin24/" +#~ "syncrepl.html für Details." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "TLSCipherSuite-Werte haben sich geändert" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "Eine Option »TLSCipherSuite« wurde beim Upgrade in Ihrer Slapd-" +#~ "Konfiguration gefunden. Die erlaubten Werte hierfür hängen von der " +#~ "verwendeten SSL-Implementation ab, die von OpenSSL auf GnuTLS geändert " +#~ "wurde. Im Ergebnis werden Ihre existierenden TLSCipherSuite-Einstellungen " +#~ "nicht mit diesem Paket funktionieren." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Diese Einstellung wurde für Sie automatisch auskommentiert. Falls Sie " +#~ "spezielle Anforderung an die Verschlüsselung haben, bei denen diese " +#~ "Option wieder aktiviert werden muss, lesen Sie die Ausgabe von »gnutls-" +#~ "cli -l« aus dem Paket Gnutls-bin für die Liste der von GnuTLS " +#~ "unterstützen Chiffren." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "Die aktuelle Datenbank sichern und eine neue erstellen?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "Die von Ihnen angegebene Verzeichnisendung (Domain) passt nicht zu der " +#~ "aktuell in /etc/ldap/slapd.conf eingetragenen. Eine Änderung der " +#~ "Verzeichnisendung verlangt, dass die aktuelle LDAP-Datenbank beiseite " +#~ "geschoben und eine neue erstellt wird. Bitte bestätigen Sie, ob Sie die " +#~ "aktuelle Datenbank sichern und aufgeben wollen." diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 0000000..6a5093c --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,538 @@ +# openldap po-debconf translation to Spanish +# Copyright 2006 Rudy Godoy <rudy@kernel-panik.org> +# Copyright 2008 Steve Langasek <vorlon@debian.org> +# Copyright (C) 2009, 2010 Software in the Public Interest +# This file is distributed under the same license as the openldap package. +# +# Changes: +# - Initial translation +# Rudy Godoy <rudy@kernel-panik.org>, 2006 +# +# - Reviewer +# Javier Fernandez-Sanguino +# +# - Updates +# Steve Langasek <vorlon@debian.org>, 2008 +# Francisco Javier Cuadrado <fcocuadrado@gmail.com>, 2009, 2010 +# Camaleón <noelamac@gmail.com>, 2014 +# +# Traductores, si no conocen el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/coordinacion +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guÃa de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.23-3exp1\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2014-11-20 17:45+0100\n" +"Last-Translator: Camaleón <noelamac@gmail.com>\n" +"Language-Team: Debian Spanish <debian-l10n-spanish@lists.debian.org>\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Virtaal 0.7.1\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "¿Desea omitir la configuración del servidor OpenLDAP?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"No se creará la configuración ni la base de datos inicial si habilita esta " +"opción." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "siempre" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "cuando se necesite" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "nunca" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Volcar las bases de datos a un fichero al actualizar:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Antes de que actualice a una nueva versión del servidor OpenLDAP, se puede " +"volcar la información de sus directorios LDAP en ficheros de texto plano en " +"el formato estandarizado «LDAP Data Interchange Format» (formato de " +"intercambio de datos de LDAP)." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Si selecciona «siempre» se volcarán sus bases de datos de forma " +"incondicional antes de cada actualización. Si selecciona «cuando se " +"necesite» sólo se hará un volcado si la nueva versión es incompatible con el " +"formato de la base de datos antigua y la información se debe volver a " +"importar. Si selecciona «nunca» no se hará ningún volcado." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Directorio donde volcar las bases de datos:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Especifique el directorio donde se exportarán las bases de datos de LDAP. En " +"éste se crearán diversos ficheros LDIF que corresponden a las bases de datos " +"ubicadas en el servidor. Asegúrese de que tiene suficiente espacio libre en " +"la partición donde se ubica el directorio. La primera ocurrencia de la " +"cadena «VERSION» se reemplaza con la versión del servidor desde la cual va a " +"actualizar." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "¿Desea mover la base de datos antigua?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Existen ficheros en «/var/lib/ldap» que probablemente interrumpan el proceso " +"de configuración. Si activa esta opción, se moverán los ficheros de las " +"bases de datos antiguas antes de crear una nueva base de datos." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "¿Desea volver a intentar la configuración?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"La configuración que ha introducido no es válida. Asegúrese de que el nombre " +"de dominio DNS es válido, que el campo de la organización no está en blanco " +"y que las claves del administrador coinciden. El servidor LDAP quedará sin " +"configurar si decide no volver a intentar la configuración. Ejecute «dpkg-" +"reconfigure slapd» si desea volver a intentarlo más tarde." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Introduzca el nombre de dominio DNS:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"El nombre de dominio DNS se utiliza para construir el DN base del directorio " +"LDAP. Por ejemplo, si introduce «foo.example.org» el directorio se creará " +"con un DN base de «dc=foo, dc=example, dc=org»." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Nombre de la organización:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Introduzca el nombre de la organización a utilizar en el DN base del " +"directorio LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Contraseña del administrador:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"Introduzca la contraseña para la entrada de administrador de su directorio " +"LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Confirme la contraseña:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Introduzca de nuevo la misma contraseña de administrador para su directorio " +"LDAP para verificar que la introdujo correctamente." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Las contraseñas no coinciden" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" +"Las dos contraseñas que ha introducido son distintas. Inténtelo de nuevo." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "" +"¿Desea que se borre la base de datos cuando se purgue el paquete slapd?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "fallo de slapcat durante la actualización" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Se produjo un error mientras se actualizaba su directorio LDAP." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"El programa «slapcat» falló mientras extraÃa el directorio LDAP. Este fallo " +"puede deberse a un fichero de configuración incorrecto (por ejemplo, que " +"falte alguna lÃnea «moduleload» necesaria para el motor del base de datos)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Este fallo hará que también falle «slapadd» más adelante. Se van a mover los " +"ficheros de la base de datos antigua a «/var/backups». Si desea volver a " +"intentar la actualización debe mover los ficheros de la base de datos a su " +"ubicación normal, arreglar lo que hizo que fallara «slapcat» y ejecutar:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Mueva los ficheros de la base de datos de nuevo al área de la copia de " +"seguridad e intente ejecutar «slapadd» desde «${location}»." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Motor de base de datos a utilizar:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"Los motores HDB y BDB utilizan formatos de almacenamiento semejantes, pero " +"HDB permite realizar cambios de nombre de subárboles («subtree renames»). " +"Los dos permiten las mismas opciones de configuración." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"Se recomienda utilizar MDB. El motor MDB utiliza un nuevo formato de " +"almacenamiento y requiere menos configuración que BDB o HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"En cualquier caso, debe revisar la configuración de la base de datos. " +"Consulte «/usr/share/doc/slapd/README.Debian.gz» para más detalles." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Configuración potencialmente insegura en el control de acceso de slapd" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Una o varias de las bases de datos configuradas contiene una regla de " +"control de acceso que permite a los usuarios modificar la mayorÃa de sus " +"propios atributos. Esta configuración puede ser insegura dependiendo de cómo " +"se utilice la base de datos." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"Se recomienda que elimine cualquier instancia «by self write» en las reglas " +"de acceso de slapd que empiecen con «to *» para que los usuarios sólo puedan " +"modificar los atributos que se hayan permitido expresamente." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Consulte «/usr/share/doc/slapd/README.Debian.gz» para más detalles." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "¿Desea permitir el protocolo LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "El protocolo obsoleto LDAPv2 se ha desactivado de manera predeterminada " +#~ "en slapd. Los programas y los usuarios deberÃan actualizarse a LDAPv3. " +#~ "Debe seleccionar esta opción si aún tiene programas antiguos que no " +#~ "utilicen LDAPv3. Si lo hace, se añadirá la opción «allow bind_v2» al " +#~ "fichero de configuración «slapd.conf»." + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "slurpd es obsoleto; hay que configurar las réplicas a mano" + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "Se han encontrado una o más opciones de «replica» de slurpd en la " +#~ "configuración de slapd durante la actualización. Ya que slurpd está " +#~ "obsoleto desde la versión 2.4 de OpenLDAP, tendrá que migrar sus réplicas " +#~ "para utilizar el protocolo syncrepl." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "La conversión desde slurpd al protocolo syncrepl no se puede realizar " +#~ "automáticamente y tendrá que configurar sus servidores de réplica a mano. " +#~ "Visite «http://www.openldap.org/doc/admin24/syncrepl.html» para más " +#~ "información." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "Los valores de TLSCipherSuite han cambiado" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "Se ha encontrado una opción «TLSCipherSuite» en la configuración de slapd " +#~ "durante la actualización. Los valores permitidos para esta opción vienen " +#~ "determinados por la implementación de SSL utilizada, que ha cambiado de " +#~ "OpenSSL a GnuTLS. Como resultado, su configuración actual de " +#~ "TLSCipherSuite no funcionará con este paquete." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Este valor se ha comentado automáticamente. Si necesita alguna opción de " +#~ "cifrado especÃfica que requiera esta reactivar esta opción, consulte la " +#~ "salida de «gnutls -cli -l», del paquete gnutls-bin, para la lista de " +#~ "cifrados que puede utilizar GnuTLS." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "" +#~ "¿Desea crear una copia de seguridad de la base de datos actual y crear " +#~ "una nueva?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "El sufijo de directorio (dominio) que ha especificado no coincide con el " +#~ "que ahora está definido en «/etc/ldap/slapd.conf». Debe mover la base de " +#~ "datos LDAP actual y crear una nueva si cambia el sufijo del directorio. " +#~ "¿Está seguro de que quiere hacer una copia de seguridad de la base de " +#~ "datos actual y dejar de utilizarla?" diff --git a/debian/po/eu.po b/debian/po/eu.po new file mode 100644 index 0000000..43b83b8 --- /dev/null +++ b/debian/po/eu.po @@ -0,0 +1,448 @@ +# Basque translation for openldap_2.4.40-2_eu.po +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide <pi@beobide.net>, 2008. +# Iñaki Larrañaga Murgoitio <dooteo@zundan.com>, 2010, 2014, 2017. +msgid "" +msgstr "" +"Project-Id-Version: openldap_2.4.40-2_eu\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-10 12:14+0100\n" +"Last-Translator: Iñaki Larrañaga Murgoitio <dooteo@zundan.com>\n" +"Language-Team: Basque <debian-l10n-basque@lists.debian.org>\n" +"Language: eu\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.5\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Ez konfiguratu OpenLDAP zerbitzaria?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Aukera hau gaitzen baduzu, ez da hasierako konfigurazio edo datu-baserik " +"sortuko." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "beti" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "beharrezkoa denean" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "inoiz ere ez" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Irauli datu-baseak fitxategi batetara bertsio-berritzean:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"OpenLDAP zerbitzariaren bertsio berri batetara bertsio-berritu aurretik, " +"zure LDAP direktorioak testu lau fitxategietara irauliko dira LDAPen datuen " +"elkartrukatzeko formatu estandarra erabiliz." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"\"Beti\" hautatzean, datu-baseak baldintzarik gabe irauliko dira bertsio-" +"berritze baten aurretik. \"Beharrezkoa denean\" hautatuz, bertsio berria " +"datu-base zaharraren formatuarekin bateragarria ez denean eta berriro " +"inportatu behar denean bakarrik irauliko da datu-basea. \"Inoiz ere ez\" " +"hautatzen baduzu, inoiz ez da datu-basea irauliko." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Datu-baseak iraultzean erabiliko den direktorioa:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Zehaztu LDAP esportatzeko erabiliko den direktorioa. Direktorio honetan " +"zerbitzariko datu-base ezberdinei dagozkien LDIF fitxategiak sortuko dira. " +"Ziurtatu zaitez direktorioaren partizioan behar duzun bezainbeste leku libre " +"duzula. \"VERSION\" katearen lehenengo agerpena zerbitzariaren jatorrizko " +"bertsio zenbakiagatik ordeztuko da." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Aldatu datu-base zaharra lekuz?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Konfigurazioko prozesua apur dezaketen fitxategiak daude oraindik /var/lib/" +"ldap direktorioan. Aukera hau gaitzen baduzu mantentzailearen script-ek datu-" +"base zaharreko fitxategiak hortik kenduko ditu datu-base berria sortu " +"aurretik." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Berriz saiatu konfigurazioa egiten?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"Zuk sartutako konfigurazioa baliogabea da. Ziurtatu DNSaren domeinu-izena " +"sintaktikoki zuzena dela, erakundeari dagokion eremua ezin da hutsik egon " +"eta LDAPeko administratzailearen pasahitzak berdinak izan behar dira. " +"Konfigurazioa ez berregitea hautatzen baduzu, LDAP zerbitzaria ez da " +"konfiguratuko. Beranduago konfigurazioa egin nahi izanez gero, exekutatu " +"'dpkg-reconfigure slapd'." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "DNSaren domeinu-izena:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"DNSaren domeinu-izena LDAP direktorioaren DN oinarria eraikitzeko erabiliko " +"da. Adibidez, 'proba.adibide.org' erabiliz DN oinarri gisa 'dc=proba, " +"dc=example, dc=org' edukiarekin sortuko du direktorioa." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Erakundearen izena:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Idatzi LDAP direktorioko DN oinarrian erabiliko den erakundearen izena." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Administratzailearen pasahitza:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "Idatzi LDAP direktorioko administratzailearen sarrerarako pasahitza." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Berretsi pasahitza:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Idatzi LDAP direktorioko administratzailearen sarrerarako pasahitza berriro " +"ondo idatzi duzula ziurtatzeko." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Pasahitzak ez dira berdinak" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Idatzitako bi pasahitzak ez dira berdinak. Saiatu berriro." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Slapd kentzen bada, datu-basea ere ezabatzea nahi duzu?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "slapcat-ek huts egin du bertsio-berritzean" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Errorea gertatu da LDAP direktorioa bertsio-berritzean." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"'slapcat' programak huts egin du LDAP direktorioa erauztean. Konfigurazioko " +"fitxategia oker egoteagatik gerta daiteke (adibidez, datu-basearen motorra " +"onartzeko 'moduleload' lerroak falta badira)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Hutsegite honek 'slapdd'-ek lehenago edo beranduago hutsegitea eragingo du. " +"Datu-base zaharra /var/backups karpetara eramango da. Bertsio-berritze hau " +"berriro saiatzea nahi izanez gero, datu-base zaharreko fitxategiak aurreko " +"kokalekura eraman beharko dituzu. Konpondu slapcat-en hutsegitea eragin " +"duena eta exekutatu honako komandoa:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Ondoren, eraman datu-basearen fitxategiak babeskopiako kokaleku batera, eta " +"saiatu slapadd ${location}(e)tik exekutatzen." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Datu-basearen motorra:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB eta BDB motorrek antzeko biltegiratze formatuak erabiltzen dituzte, " +"baina HDB-ek azpizuhaitzak berrizendatzeko euskarria dauka. Biek " +"konfigurazioko aukera berdinak onartzen dituzte." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"MDB motorra gomendatzen da. MDB-ek biltegiratze formatu berri bat erabiltzen " +"du, eta BDB edo HDB baino konfigurazio gutxiago eskatzen du." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Edozein kasutan, sortutako datu-basearen konfigurazioa gainbegiratu beharko " +"zenuke zure beharrei erantzuten diela ziurtatzeko. Irakurri /usr/share/doc/" +"slapd/README.Debian.gz xehetasun gehiagorako." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Potentzialki ez-segurua den slapd atzitzeko kontrolaren konfigurazioa" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Konfiguratutako datu-base batek (edo gehiagok) erabiltzaileek beraien " +"atributu gehienak aldatzeko baimentzen duen atzipeneko kontrol-arau bat du. " +"Hau ez-segurua izan daiteke, datu-basea nola erabiltzen den arabera." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"slapd-ren \"to *\"-rekin hasten diren atzipen arauen kasuan, \"by self write" +"\"-ren instantziak kentzea gomendatzen da. Horrela, erabiltzaileek bereziki " +"baimendutako atributuak soilik alda ditzakete." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Irakurri /usr/share/doc/slapd/README.Debian.gz xehetasun gehiagorako." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "utzi bertan behera instalazioa" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "jarraitu dena den" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "ppolicy eskema eskuz eguneratzea gomendatzen da" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Pasahitzen politikaren (Password Policy, ppolicy) gainjarpenaren bertsio " +"berriak eskema behar du, erabiltzen ari den uneko eskeman aurkitzen ez den " +"\"pwdMaxRecordedFailure\" atributu mota definitzeko. Bertsio-berritzea " +"oraintxe bertan behera botatzea gomendatzen da, eta \"ppolicy\" eskema " +"eguneratu slapd bertsio-berritu aurretik. Erreplikazioa erabiltzen ari bada, " +"eskemaren eguneraketa zerbitzari bakoitzean aplikatu beharko litzateke " +"bertsio-berritzearekin jarraitu aurretik." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" +"LDIF fitxategia sortu da bertsio-berritzeak eskatzen dituen aldaketekin:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"'slapd'-ek sarbidetzaren kontrolaren arau lehenetsiak erabiltzen baditu, " +"aldaketa hauek aplikatzeko (slapd abiarazi ostean) erabili komando hau:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Horren ordez, instalazioarekin aurrera jarraitzea erabakitzen baduzu, " +"atributu mota berria automatikoki gehituko da, baina aldaketak ez du " +"eraginik izango slapd-ren gainjarpenetan, eta beste zerbitzariekin " +"erreplikazioek eragina jasan dezakete." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Onartu LDAPv2 protokoloa?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "Lehenespenez slapd-en LDAPv2 protokolo zaharkitua desgaituta dago. " +#~ "Programa eta erabiltzaileak LDAPv3-ra migratu beharko lirateke. Hautatu " +#~ "aukera hau baldin eta LDAPv3 erabili ezin duten programa zaharrak " +#~ "badituzu, eta slapd.conf fitxategiari 'allow bind_v2' gehituko zaio." diff --git a/debian/po/fi.po b/debian/po/fi.po new file mode 100644 index 0000000..dbb0809 --- /dev/null +++ b/debian/po/fi.po @@ -0,0 +1,509 @@ +msgid "" +msgstr "" +"Project-Id-Version: openldap\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2008-04-09 20:55+0200\n" +"Last-Translator: Esko Arajärvi <edu@iki.fi>\n" +"Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Ohitetaanko OpenLDAP-palvelimen asetus?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "Jos valitset tämän vaihtoehdon, asetuksia ja tietokantaa ei luoda." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "aina" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "tarvittaessa" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "ei koskaan" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Vedosta tietokannat tiedostoon päivitettäessä:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Ennen päivitystä OpenLDAP-palvelimen uuteen versioon, LDAP-hakemistoista " +"voidaan tallentaa vedos standardissa LDAP-tiedonsiirtomuodossa oleviin " +"tekstitiedostoihin." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Valinta â€aina†merkitsee, että tietokannat vedostetaan tilanteesta " +"riippumatta ennen päivitystä. Valinta â€tarvittaessa†merkitsee, että " +"tietokannoista otetaan vedos vain, jos uusi versio ei ole yhteensopiva " +"vanhan tietokantamuodon kanssa ja tiedot tulee tuoda kantaan uudelleen. " +"Valittaessa â€ei koskaan†vedostusta ei tehdä." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Tietokantavedosten hakemisto:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Anna hakemisto, johon LDAP-tietokannat vedostetaan. Hakemistoon luodaan " +"useita LDIF-tiedostoja, joiden sisältö vastaa palvelimen hakukantoja. " +"Varmista, että valitulla levyosiolla on tarpeeksi vapaata tilaa. Merkkijonon " +"â€VERSION†ensimmäinen esiintymä korvataan päivitettävän palvelimen " +"versionumerolla." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Siirretäänkö vanha tietokanta?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Hakemistossa /var/lib/ldap on vielä tiedostoja ja ne luultavasti hajoavat " +"asetusprosessissa. Jos valitset tämän vaihtoehdon, vanhat " +"tietokantatiedostot siirretään syrjään ennen uuden tietokannan luomista." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Yritetäänkö asetusten tekoa uudelleen?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +#, fuzzy +#| msgid "" +#| "The configuration you entered is invalid. Make sure that the DNS domain " +#| "name is syntactically valid, the organization is not left empty and the " +#| "admin passwords match. If you decide not to retry the configuration the " +#| "LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want " +#| "to retry later." +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"Antamasi asetukset ovat epäkelpoja. Varmista, että DNS-aluenimen syntaksi on " +"oikea, organisaatiokenttä ei ole tyhjä ja että ylläpitosalasanat täsmäävät. " +"Jos päätät olla yrittämättä asetusten tekemistä uudelleen, LDAP-palvelimen " +"asetukset eivät ole valmiit. Voit tehdä asetukset myöhemmin ajamalla " +"komennon â€dpkg-reconfigure slapdâ€." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "DNS-aluenimi:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"DNS-aluenimeä käytetään perus-DN:n (erittelevä nimi) luomisessa LDAP-" +"hakemistolle. Esimerkiksi â€foo.esimerkki.fi†luo hakemiston, jonka perus-DN " +"on â€dc=foo, dc=esimerkki, dc=fiâ€." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Organisaation nimi:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "Anna LDAP-hakemiston perus-DN:ssä käytettävä organisaation nimi." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Ylläpitosalasana:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "Anna LDAP-hakemiston ylläpitosalasana." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Vahvista salasana:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Syötä LDAP-hakemiston ylläpitosalasana uudelleen varmistaaksesi, että " +"kirjoitit sen oikein." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Salasanat eivät täsmää" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Syöttämäsi kaksi salasanaa eivät olleet sama. Yritä uudelleen." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Haluatko, että tietokanta poistetaan siivottaessa paketti slapd?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "Toimintahäiriö ohjelmassa slapcat päivityksen aikana" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Päivitettäessä LDAP-hakemistoa tapahtui virhe." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"LDAP-hakemiston tuottavassa ohjelmassa â€slapcat†tapahtui toimintahäiriö. " +"Tämä saattaa johtua virheellisestä asetustiedostosta (esimerkiksi " +"puuttuvista, taustatietokannan tuen lisäävistä â€moduleloadâ€-riveistä)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Tämän toimintahäiriön takia ohjelmassa â€slapadd†tulee myöhemmin ilmenemään " +"toimintahäiriö. Vanhat tietokantatiedostot siirretään hakemistoon /var/" +"backups. Jos haluat yrittää päivittämistä uudelleen, vanhat " +"tietokantatiedostot tulisi siirtää takaisin paikoilleen, korjata " +"toimintahäiriön aiheuttanut virhe ja ajaa:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +#, fuzzy +#| msgid "" +#| "Then move the database files back to a backup area and then try running " +#| "slapadd from $location." +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Siirrä tämän jälkeen tietokantatiedostot takaisin varmuuskopiohakemistoon ja " +"aja slapadd sijainnista $location." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Käytettävä taustatietokanta:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +#, fuzzy +#| msgid "" +#| "The HDB backend is recommended. HDB and BDB use similar storage formats, " +#| "but HDB adds support for subtree renames. Both support the same " +#| "configuration options." +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB-taustatietokantaa suositellaan. HDB ja BDB käyttävät samantapaisia " +"tallennusmuotoja, mutta HDB tukee lisäksi puun osien uudelleennimeämistä. " +"Molemmat tukevat samoja asetusvalintoja." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +#, fuzzy +#| msgid "" +#| "The HDB backend is recommended. HDB and BDB use similar storage formats, " +#| "but HDB adds support for subtree renames. Both support the same " +#| "configuration options." +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"HDB-taustatietokantaa suositellaan. HDB ja BDB käyttävät samantapaisia " +"tallennusmuotoja, mutta HDB tukee lisäksi puun osien uudelleennimeämistä. " +"Molemmat tukevat samoja asetusvalintoja." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +#, fuzzy +#| msgid "" +#| "In either case, you should review the resulting database configuration " +#| "for your needs. See /usr/share/doc/slapd/README.DB_CONFIG.gz for more " +#| "details." +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Joka tapauksessa tulisi tarkistaa, että tuloksena olevat tietokanta-" +"asetukset vastaavat tarpeita. Tiedostosta /usr/share/doc/slapd/README." +"DB_CONFIG.gz löytyy lisätietoja (englanniksi)." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Sallitaanko LDAPv2-yhteyskäytäntö?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "Vanhentunut LDAPv2-yhteyskäytäntö on slapdissa oletuksena poissa " +#~ "käytöstä. Järjestelmät ja ohjelmat päivittää käyttämään LDAPv3:a. Jos " +#~ "jotkin vanhat ohjelmat eivät voi käyttää LDAPv3-yhteyskäytäntöä, valitse " +#~ "tämä lisätäksesi asetuksen â€allow bind_v2†tiedostoon slapd.conf" + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "" +#~ "slurpd on vanhentunut; kopioiden asetukset tulee tehdä käsin uudelleen" + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "Päivitettäessä slapdin asetuksista löytyi yksi tai useampia â€replicaâ€-" +#~ "asetuksia. Koska slurpd on vanhentunut OpenLDAPin versiosta 2.4 alkaen, " +#~ "tulee kopiot vaihtaa käyttämään syncrepl-yhteyskäytäntöä." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "Muunnosta slurpdista vetoon perustuvaan syncrepl-yhteyskäytäntöön ei " +#~ "voida tehdä automaattisesti ja kopiopalvelimien asetukset tulee tehdä " +#~ "käsin. Lisätietoja (englanniksi) löytyy tiedostosta http://www.openldap." +#~ "org/doc/admin24/syncrepl.html." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "TLSCipherSuite-arvot ovat muuttuneet" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "Asetus â€TLSCipherSuite†löydettiin päivitettäessä slapdin asetuksista. " +#~ "Tämän asetuksen sallitut arvot riippuvat käytetystä SSL-toteutuksesta. " +#~ "Käytetty toteutus on vaihdettu OpenSSL:stä GnuTLS:ään. Tämän seurauksena " +#~ "nykyinen TLSCipherSuite-asetus ei toimi tämän paketin kanssa." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Tämä asetus on automaattisesti kommentoitu pois käytöstä. Jos on tarpeen " +#~ "asettaa tietty salaus tällä asetuksella, lista GnuTLS:n tukemista " +#~ "salauksista voidaan tulostaa paketin gnutls-bin avulla komennolla â€gnutls-" +#~ "cli -lâ€." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "Tehdäänkö nykyisestä tietokannasta varmuuskopio ja luodaanko uusi?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "Annettu hakemistopääte (verkkotunnus) ei täsmää tiedostossa /etc/ldap/" +#~ "slapd.conf olevaan. Hakemistopäätteen muuttaminen vaatii, että nykyinen " +#~ "LDAP-tietokanta siirretään syrjään ja luodaan uusi. Vahvista haluatko " +#~ "tehdä tehdä varmuuskopion nykyisestä tietokannasta ja hylätä sen." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 0000000..214e9a3 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,532 @@ +# Translation of openldap debconf templates to French +# Copyright (C) 2006-2010 Christian Perrier <bubulle@debian.org> +# This file is distributed under the same license as the openldap package. +# +# +# Christian Perrier <bubulle@debian.org>, 2006-2010, 2014. +# Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>, 2017. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-21 16:28+0100\n" +"Last-Translator: Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>\n" +"Language-Team: French <debian-l10n-french@lists.debian.org>\n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.5\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Voulez-vous omettre la configuration d'OpenLDAP ?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Si vous choisissez cette option, aucune configuration par défaut et aucune " +"base de données ne seront créées." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "Toujours" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "Lorsque nécessaire" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "Jamais" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "" +"Sauvegarde des bases de données dans un fichier pour la mise à niveau :" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Avant la mise à niveau du serveur OpenLDAP, les données des annuaires LDAP " +"peuvent être exportées dans des fichiers au format texte LDIF (« LDAP Data " +"Interchange Format » : format d'échange de données LDAP)." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Si vous choisissez l'option « Toujours », les données seront " +"systématiquement exportées avant une mise à niveau. Si vous choisissez " +"« Lorsque nécessaire », elles ne seront exportées que lorsque la nouvelle " +"version utilisera un format incompatible avec l'ancienne, ce qui imposera de " +"réimporter les données. Si vous choisissez « Jamais », les données ne seront " +"jamais exportées." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Répertoire où exporter les bases de données :" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Veuillez indiquer le répertoire où les bases de données LDAP seront " +"exportées. Plusieurs fichiers LDIF seront créés dans ce répertoire. Ils " +"correspondent aux bases de recherche présentes sur le serveur. Veuillez " +"vérifier que la partition où se trouve ce répertoire comporte suffisamment " +"de place disponible. La première occurrence de « VERSION » dans le nom de ce " +"répertoire sera remplacée par la version d'OpenLDAP utilisée avant la mise à " +"niveau." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Faut-il déplacer l'ancienne base de données ?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Des fichiers présents dans /var/lib/ldap vont probablement provoquer l'échec " +"de la procédure de configuration. Si vous choisissez cette option, les " +"scripts de configuration déplaceront les anciens fichiers des bases de " +"données avant de créer une nouvelle base de données." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Faut-il recommencer la configuration ?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"La configuration que vous avez indiquée n'est pas valable. Veuillez vérifier " +"que le nom de domaine DNS utilise une syntaxe correcte, que « organisation » " +"n'est pas vide et que les mots de passe d'administrateur correspondent. Si " +"vous choisissez de ne pas recommencer la configuration, le serveur LDAP ne " +"sera pas configuré. Si vous voulez recommencer ce processus, utilisez la " +"commande « dpkg-reconfigure slapd »." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Nom de domaine :" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"Le nom de domaine DNS est utilisé pour établir le nom distinctif de base " +"(« base DN » ou « Distinguished Name ») de l'annuaire LDAP. Par exemple, si " +"vous indiquez « toto.example.org » ici, le nom distinctif de base sera " +"« dc=toto, dc=example, dc=org »." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Nom d'entité (« organization ») :" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Veuillez indiquer la valeur qui sera utilisée comme nom d'entité " +"(« organization ») dans le nom distinctif de base de l'annuaire LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Mot de passe de l'administrateur :" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"Veuillez indiquer le mot de passe de l'administrateur de l'annuaire LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Mot de passe de l'administrateur :" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Veuillez entrer à nouveau le mot de passe de l'administrateur de l'annuaire " +"LDAP afin de vérifier qu'il a été saisi correctement." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Erreur de saisie du mot de passe" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" +"Les deux mots de passe que vous avez entrés sont différents. Veuillez " +"recommencer." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Faut-il supprimer la base de données lors de la purge du paquet ?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "Échec de slapcat durant la mise à niveau" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Une erreur s'est produite lors de la mise à niveau de l'annuaire LDAP." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"Le programme « slapcat » a échoué en extrayant les données du répertoire " +"LDAP. Cela peut être dû à un fichier de configuration non valable (par " +"exemple l'absence de lignes « moduleload » permettant de gérer les divers " +"types de bases de données)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Cet échec provoquera l'échec ultérieur de « slapadd ». Les anciens fichiers " +"de bases de données seront déplacés dans /var/backups. Si vous souhaitez " +"tenter à nouveau la mise à jour, vous devrez les remettre en place, corriger " +"l'erreur qui a provoqué l'échec de slapcat et utiliser la commande suivante :" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Déplacez ensuite les bases de données vers un emplacement de sauvegarde et " +"tentez d'utiliser la commande « slapadd » depuis ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Module de base de données à utiliser :" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB et BDB utilisent des formats de stockage analogues. Par contre, HDB gère " +"les renommages de sous-arbres. Les deux formats utilisent les mêmes options " +"de configuration." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"Le module MDB est recommandé. Il utilise un nouveau format de stockage et " +"est plus simple à configurer que BDB ou HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Quel que soit votre choix, vous devriez vérifier les options de " +"configuration de la base de données. Pour plus d'informations, veuillez " +"consulter le fichier /usr/share/doc/slapd/README.Debian.gz." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Configuration potentiellement peu sûre du contrôle d'accès de slapd" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Une ou plusieurs des bases de données configurées comportent une règle de " +"contrôle d'accès qui permet aux utilisateurs de modifier un ou plusieurs de " +"leurs propres paramètres. Cela peut être peu sûr, selon la façon dont la " +"base de données est configurée." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"Pour les règles d'accès à slapd qui commencent par « to * », il est " +"recommandé de supprimer toute occurrence de « by self write », afin que les " +"utilisateurs ne puissent modifier que des paramètres explicitement autorisés." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Veuillez consulter le fichier /usr/share/doc/slapd/README.Debian.gz pour " +"plus d'informations." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "Abandonner l'installation" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "Continuer quand même" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Mise à jour manuelle du schéma ppolicy recommandée" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"La nouvelle version de la surcouche Password Policy (ppolicy – politique de " +"mot de passe) nécessite que le schéma définisse le type d'attribut " +"pwdMaxRecordedFailure qui n'est pas présent dans le schéma actuel. Il est " +"recommandé d'abandonner la mise à niveau maintenant, et de mettre à jour le " +"schéma ppolicy avant de mettre à niveau slapd. Si vous utilisez une " +"réplication, la mise à jour du schéma doit être appliquée sur chaque serveur " +"avant de poursuivre la mise à niveau." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" +"Un fichier LDAP a été créé avec les modifications requises pour la mise à " +"jour :" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"aussi, si slapd utilise les règles de contrôle d'accès par défaut, ces " +"modifications peuvent être appliquées (après le démarrage de slapd) avec la " +"commande :" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Si vous choisissez plutôt de poursuivre l'installation, le nouveau type " +"d'attribut sera ajouté automatiquement, mais la modification ne sera pas " +"appliquée par les surcouches de slapd, et la réplication sur d'autres " +"serveurs peut être affectée." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Faut-il autoriser le protocole LDAPv2 ?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "L'ancien protocole LDAPv2 est désactivé dans slapd. Il est conseillé de " +#~ "migrer les programmes et les utilisateurs vers la version LDAPv3. Si vous " +#~ "utilisez d'anciens programmes qui ne gèrent pas encore LDAPv3, vous " +#~ "devriez choisir cette option, ce qui ajoutera l'option « allow bind_v2 » " +#~ "au fichier slapd.conf." + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "Programme slurpd obsolète : reconfiguration manuelle des réplicats" + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "Une ou plusieurs options « replica » de slurpd ont été trouvée dans le " +#~ "fichier de configuration lors de la mise à niveau. Le programme slurpd " +#~ "est obsolète à partir de la version 2.4 d'OpenLDAP et il est nécessaire " +#~ "de migrer les réplicats pour qu'ils utilisent le protocole syncrepl à la " +#~ "place." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "Cette conversion ne peut se faire automatiquement et vous devez " +#~ "configurer les serveurs réplicats vous-même. Veuillez consulter http://" +#~ "www.openldap.org/doc/admin24/syncrepl.html pour plus d'informations." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "Changement des valeurs possibles pour « TLSCipherSuite »" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "L'option « TLSCipherSuite » a été trouvée dans le fichier de " +#~ "configuration de slapd lors de la mise à niveau. Les valeurs possibles " +#~ "pour cette option dépendent de l'implémentation de SSL qui est utilisée. " +#~ "Comme OpenSSL a été remplacé par GnuTLS, les réglages actuels de " +#~ "« TLSCipherSuite » ne fonctionnent plus avec cette version du paquet." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Ce réglage a été automatiquement mis en commentaire. Si une méthode " +#~ "spécifique de chiffrement impose de la réactiver, vous devriez consulter " +#~ "l'affichage de la commande « gnutls-cli -l » du paquet gnutls-bin pour " +#~ "une liste des méthodes de chiffrement gérées par GnuTLS." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "" +#~ "Faut-il sauvegarder l'ancienne base de données et en créer une nouvelle ?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "Le suffixe d'annuaire (domaine) indiqué ne correspond pas à celui qui est " +#~ "actuellement mentionné dans /etc/ldap/slapd.conf. Le changement du " +#~ "suffixe d'annuaire nécessite de déplacer la base de données actuelle et " +#~ "d'en créer une nouvelle. Veuillez confirmer si vous voulez délaisser la " +#~ "base de données actuelle (une sauvegarde sera effectuée)." diff --git a/debian/po/gl.po b/debian/po/gl.po new file mode 100644 index 0000000..9ca2f79 --- /dev/null +++ b/debian/po/gl.po @@ -0,0 +1,502 @@ +# translation of openldap_2.4.23-2_gl.po to Galician +# Galician translation of openldap's debconf templates. +# This file is distributed under the same license as the openldap package. +# +# Jacobo Tarrio <jtarrio@debian.org>, 2006. +# Jorge Barreiro <yortx.barry@gmail.com>, 2010, 2014. +msgid "" +msgstr "" +"Project-Id-Version: openldap_2.4.40-2_gl\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2014-11-17 00:40+0100\n" +"Last-Translator: Jorge Barreiro <yortx.barry@gmail.com>\n" +"Language-Team: Galician <proxecto@trasno.net>\n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.4\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Omitir a configuración do servidor OpenLDAP?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Se escolle esta opción non se creará ningunha configuración ou base de datos " +"inicial." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "sempre" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "cando se precise" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "nunca" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Envorcar as bases de datos a un ficheiro na actualización:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Antes de actualizar a unha nova versión do servidor OpenLDAP, pódense " +"envorcar os datos dos seus directorios LDAP a ficheiros de texto normal no " +"formato estándar LDIF, formato de intercambio de datos LDAP." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"A opción «sempre» fará que as bases de datos se envorquen incondicionalmente " +"antes dunha actualización. Se escolle «cando se precise» só se ha envorcar a " +"base de datos se a nova versión é incompatÃbel co formato antigo da base de " +"datos e hai que reimportala. Se escolle «nunca» non se ha envorcar a base de " +"datos." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Directorio para as bases de datos envorcadas:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Especifique o directorio no que se han exportar as bases de datos LDAP. " +"Neste directorio hanse crear varios ficheiros LDIF que se corresponden coas " +"bases de busca almacenadas no servidor. Asegúrese de ter espazo libre " +"dabondo na partición na que reside o directorio. A primeira aparición da " +"cadea «VERSION» substitúese pola versión do servidor a partires da que se " +"actualiza." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Trasladar a base de datos antiga?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"AÃnda hai ficheiros en /var/lib/ldap que probablemente fagan fallar o " +"proceso de configuración. Se activa esta opción, os «scripts» do mantedor " +"apartarán os ficheiros da base de datos antiga antes de crear unha nova base " +"de datos." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Volver tentar a configuración?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"A configuración que introduciu non é válida. Asegúrese de que o nome de " +"dominio DNS teña unha sintaxe válida, o campo para a organización non quede " +"baleiro e os contrasinais do administrador coincidan. Se decide non volver " +"tentar a configuración non se ha configurar o servidor LDAP. Execute «dpkg-" +"reconfigure slapd» se quere volver a tentalo noutro momento." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Nome de dominio DNS:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"O nome de dominio DNS emprégase para construÃr o DN base do directorio LDAP. " +"Por exemplo, «foo.example.org» creará o directorio con «dc=foo, dc=example, " +"dc=org» coma DN base." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Nome da organización:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Introduza aquà o nome da organización a empregar no DN base do seu " +"directorio LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Contrasinal do administrador:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"Introduza o contrasinal para a entrada do administrador no directorio LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Confirme o contrasinal:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Volva introducir o contrasinal do administrador do seu directorio LDAP para " +"comprobar que o introduciu correctamente." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Contrasinais distintos" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Os dous contrasinais que introduciu non son iguais. Volva tentalo." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Quere que se elimine a base de datos ao purgar slapd?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "Fallou a execución de slapcat durante a actualización" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Produciuse un erro ao actualizar o directorio LDAP." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"O programa «slapcat» fallou ao extraer o directorio LDAP. Isto pode estar " +"causado por un ficheiro de configuración incorrecto (por exemplo, se non hai " +"liñas «moduleload» para o uso da base de datos)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Este fallo fará que «slapadd» tamén falle. Trasladaranse os ficheiros de " +"base de datos antigos a /var/backups. Se quere volver tentar a " +"actualización, deberÃa mover os ficheiros da base de datos antiga ao seu " +"sitio, arranxar o que fixo que fallara slapcat, e executar:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Despois volva trasladar os ficheiros da base de datos a unha zona de copias " +"de seguridade e probe a executar slapadd desde ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Motor de base de datos a empregar:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB e BDB empregan formatos de almacenamento semellantes, pero HDB permite " +"ademais o cambio de nome de subárbores. Ãmbolos dous permiten usar as mesmas " +"opcións de configuración." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"Recoméndase o motor MDB. MDB usa un formato de almacenamento novo e precisa " +"menos configuración que BDB ou HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"En calquera caso, deberÃa revisar que a configuración da base de datos se " +"axusta ás súas necesidades. Pode obter máis información en /usr/share/doc/" +"slapd/README.Debian.gz ." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "" +"A configuración de control de acceso de slapd é potencialmente insegura" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Polo menos unha das bases de datos configuradas ten unha regra de control de " +"acceso que permite aos usuarios modificar a maiorÃa dos atributos. Isto pode " +"ser inseguro dependendo da maneira en que se use a base de datos." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"No caso das regras de acceso de «slapd» que comezan con «to *», " +"recoméndaselle eliminar calquera instancia de «by self write», de maneira " +"que os usuarios só poidan modificar os atributos especificamente permitidos." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Pode obter máis información en /usr/share/doc/slapd/README.Debian.gz ." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Admitir o protocolo LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "O protocolo obsoleto LDAPv2 está desactivado por defecto en slapd. Os " +#~ "programas e os usuarios deberÃanse actualizar a LDAPv3. Se ten programas " +#~ "antigos que non poidan empregar LDAPv3 deberÃa escoller esta opción, que " +#~ "fará que se engada «allow bind_v2» ao ficheiro slapd.conf ." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "¿Facer unha copia da base de datos actual e crear unha nova?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "O sufixo de directorio (dominio) que especificou non coincide co que hai " +#~ "en /etc/ldap/slapd.conf. Para cambiar o sufixo do directorio hai que " +#~ "apartar a base de datos LDAP actual e crear unha nova. Confirme se quere " +#~ "facer unha copia de seguridade da base de datos actual e abandonala." + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "slurpd está obsoleto; é preciso reconfigurar as réplicas á man" + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "Atopouse unha ou máis opcións \"replica\" na configuración de slapd ao " +#~ "actualizar. Como slurpd está obsoleto a partires de OpenLDAP 2.4, ha ter " +#~ "que migrar as súas réplicas para que empreguen no seu canto o protocolo " +#~ "syncrepl." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "Non se pode realizar automaticamente a conversión de slurpd ao protocolo " +#~ "syncrepl baseado en pull, e ha ter que configurar manualmente os seus " +#~ "servidores réplica. Consulte http://www.openldap.org/doc/admin24/syncrepl." +#~ "html para máis detalles." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "Os valores de TLSCipherSuite cambiaron" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "Atopouse unha opción \"TLSCipherSuite\" na configuración de slapd ao " +#~ "actualizar. Os valores admitidos para esta opción están determinados pola " +#~ "implementación de SSL en uso, que se cambiou de OpenSSL a GnuTLS. Coma " +#~ "resultado, a configuración actual de TLSCipherSuite non ha funcionar con " +#~ "este paquete." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Anulouse cun comentario esta configuración por vostede. Se ten " +#~ "necesidades de cifrado especÃficas que precisan de que se volva activar " +#~ "esta opción, consulte a saÃda de \"gnutls-cli -l\" no paquete gnutls-bin " +#~ "para obter a lista de sistemas de cifrado soportados por GnuTLS." diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 0000000..7fbb0a9 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,447 @@ +# Italian (it) translation of debconf templates for openldap +# This file is distributed under the same license as the openldap package. +# Luca Monducci <luca.mo@tiscali.it>, 2007-2017. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.40-2 italian debconf templates\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-21 11:42+0100\n" +"Last-Translator: Luca Monducci <luca.mo@tiscali.it>\n" +"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Omettere la configurazione del server OpenLDAP?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Se si accetta, non verranno creati la configurazione iniziale né il database." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "sempre" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "quando necessario" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "mai" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Fare il dump su file dei database prima dell'aggiornamento:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Prima dell'aggiornamento a una nuova versione del server OpenLDAP, è " +"possibile fare il dump delle proprie directory LDAP in dei semplici file di " +"testo in formato LDIF (lo standard per lo scambio di dati LDAP)." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Selezionando \"sempre\" il dump dei database verrà effettuato prima di ogni " +"aggiornamento. Con \"quando necessario\" il dump dei database verrà fatto " +"solo quando la nuova versione è incompatibile con il vecchio formato del " +"database e quindi deve essere reimportato. Infine con \"mai\" il dump dei " +"database non verrà mai fatto." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Directory per il dump dei database:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Indicare la directory in cui verranno esportati i database LDAP. In questa " +"directory verrà creato un file LDIF per ogni base di ricerca presente sul " +"server. Assicurarsi di avere spazio libero sufficiente sulla partizione che " +"contiene la directory indicata. La prima occorrenza della stringa \"VERSION" +"\" viene sostituita con la versione del server che si sta aggiornando." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Spostare il vecchio database?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Ci sono ancora dei file in /var/lib/ldap che potrebbero intralciare il " +"processo di configurazione. Se si accetta, gli script di installazione " +"toglieranno di mezzo i file dei vecchi database prima di creare il nuovo " +"database." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Ripetere la configurazione?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"La configurazione inserita non è valida. Assicurarsi che il nome di dominio " +"DNS sia sintatticamente corretto, che il campo per il nome " +"dell'organizzazione non sia stato lasciato in bianco e che le password di " +"amministrazione coincidano. Se si decide di non riprovare la configurazione, " +"il server LDAP non verrà impostato. In seguito, per riprovare la " +"configurazione, usare \"dpkg-reconfigure slapd\"." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Nome di dominio DNS:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"Il nome DNS di dominio è usato per costruire la base DN della directory " +"LDAP. Per esempio con \"pippo.esempio.org\" sarà creata una directory con " +"\"dc=pippo, dc=esempio, dc=org\" come base DN." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Nome dell'organizzazione:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Inserire il nome dell'organizzazione da usare nella base DN della propria " +"directory LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Password dell'amministratore:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"Inserire la password per l'amministrazione della propria directory LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Conferma della password:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Inserire di nuovo la password per l'amministrazione della propria directory " +"LDAP, per verificare che sia stata digitata correttamente." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Le password non coincidono" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Le due password inserite non sono uguali; si prega di riprovare." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Eliminare il database in caso di rimozione completa di slapd?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "Problema con slapcat durante l'aggiornamento" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "" +"Si è verificato un errore durante l'aggiornamento della directory LDAP." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"Il programma \"slapcat\" ha riportato un errore durante l'estrazione della " +"directory LDAP. L'errore potrebbe essere causato da un file di " +"configurazione sbagliato (per esempio, la mancanza delle righe \"moduleload" +"\" per il supporto al database di backend)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Questo errore provocherà anche il successivo fallimento di \"slapadd\". I " +"file del vecchio database saranno spostati in /var/backups. Per riprovare " +"l'aggiornamento è necessario riportare i file nella posizione originale, " +"correggere ciò che ha causato il fallimento di slapcat ed eseguire:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Poi spostare i file del database in un'area di backup e provare a eseguire " +"slapadd da ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Database di backend da usare:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB e BDB usano un formato di memorizzazione simile ma HDB dispone in più " +"del supporto per rinominare i sottoalberi. Entrambi hanno le stesse opzioni " +"da configurare." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"Si raccomanda MDB come backend. MDB usa un formato di memorizzazione nuovo e " +"richiede la configurazione di un minor numero di opzioni rispetto a BDB e " +"HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"In ogni caso è opportuno rivedere la configurazione del database in base " +"alle proprie necessità . Consultare /usr/share/doc/slapd/README.Debian.gz per " +"maggiori informazioni." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Configurazione degli accessi di slapd potenzialmente non sicura" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Uno o più dei database configurati hanno una regola di accesso che permette " +"agli utenti di modificare la maggior parte dei propri attributi. Ciò è non " +"sicuro, il livello di pericolosità dipende da qual è l'uso del database." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"Se esistono regole di accesso che iniziano con \"to *\", si raccomanda di " +"togliere tutti i \"by self write\" in modo che gli utenti possano modificare " +"solo gli attributi a loro consentiti." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Consultare /usr/share/doc/slapd/README.Debian.gz per maggiori informazioni." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "interrompi l'installazione" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "continua comunque" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Aggiornamento manuale dello schema ppolicy" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"La nuova versione dell'overlay Password Policy (ppolicy) richiede la " +"definizione nello schema del tipo di attributo pwdMaxRecordedFailure il " +"quale non è presente nello schema attualmente in uso. Si raccomanda di " +"interrompere adesso l'aggiornamento e di preparare lo schema ppolicy prima " +"di aggiornare slapd. Nel caso si utilizzi la replica, occorre preparare lo " +"schema su ogni server prima di continuare con l'aggiornamento." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "È stato generato un file LDIF con le necessarie modifiche allo schema:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"se slapd sta usando le regole di controllo d'accesso predefinite, le " +"modifiche possono essere applicate (dopo aver avviato slapd) usando il " +"comando:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Nel caso si decida di continuare l'installazione, il nuovo tipo di attributo " +"verrà aggiunto automaticamente ma la modifica non agirà sul funzionamento " +"degli overlay di slapd e potrebbe influenzare la replica con altri server." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Abilitare il protocollo LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "Con la configurazione predefinita di slapd il vecchio protocollo LDAPv2 è " +#~ "disabilitato. I programmi e gli utenti dovrebbero aggiornarsi a LDAPv3. " +#~ "Se si usa qualche vecchio programma che non può usare LDAPv3, si dovrebbe " +#~ "accettare in modo da aggiungere \"allow bind_v2\" al file di " +#~ "configurazione slapd.conf." diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 0000000..4c06f8e --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,427 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-15 13:46+0900\n" +"Last-Translator: Kenshi Muto <kmuto@debian.org>\n" +"Language-Team: Japanese <debian-japanese@lists.debian.org>\n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "OpenLDAP サーãƒã®è¨å®šã‚’çœç•¥ã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "ã“ã“ã§ã€Œã¯ã„ã€ã‚’é¸ã¶ã¨ã€åˆæœŸè¨å®šã‚„データベースã¯ä½œæˆã•ã‚Œã¾ã›ã‚“。" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "常ã«" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "å¿…è¦ãªã¨ãã«" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "è¡Œã‚ãªã„" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "更新時ã«ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’ファイルã«ãƒ€ãƒ³ãƒ—:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"OpenLDAP サーãƒã®æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¸ã®æ›´æ–°ã®å‰ã«ã€LDAP ディレクトリã®ãƒ‡ãƒ¼ã‚¿" +"ã‚’ã€æ¨™æº– LDAP データ交æ›ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã®ãƒ—レインテã‚ストファイルã«ãƒ€ãƒ³ãƒ—ã§ãã¾" +"ã™ã€‚" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"「常ã«ã€ã‚’é¸ã¶ã¨ã€ç„¡æ¡ä»¶ã«æ›´æ–°ã®å‰ã«ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’ダンプã™ã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚" +"「必è¦ãªã¨ãã«ã€ã‚’é¸ã¶ã¨ã€æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒå¤ã„データベースフォーマットã¨éž" +"互æ›ã§ã€å†ã‚¤ãƒ³ãƒãƒ¼ãƒˆãŒå¿…è¦ãªã¨ãã«ã€ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’ダンプã—ã¾ã™ã€‚「行ã‚ãªã„ã€" +"ã‚’é¸ã¶ã¨ã€ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã®ãƒ€ãƒ³ãƒ—ã‚’è¡Œã„ã¾ã›ã‚“。" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "データベースã®ãƒ€ãƒ³ãƒ—ã«ä½¿ã†ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒª:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"LDAP データベースをエã‚スãƒãƒ¼ãƒˆã™ã‚‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’指定ã—ã¦ãã ã•ã„。ã“ã®ãƒ‡ã‚£ãƒ¬" +"クトリã®ä¸ã«ã¯ã€ã‚µãƒ¼ãƒä¸Šã«é…ç½®ã•ã‚ŒãŸæ¤œç´¢ãƒ™ãƒ¼ã‚¹ã«é–¢é€£ã™ã‚‹ã„ãã¤ã‹ã® LDIF ファ" +"イルãŒä½œæˆã•ã‚Œã¾ã™ã€‚ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’æ ¼ç´ã™ã‚‹ãƒ‘ーティションã«å分ãªç©ºãé ˜åŸŸãŒã‚" +"ã‚‹ã“ã¨ã‚’確èªã—ã¦ãã ã•ã„。最åˆã«å‡ºç¾ã™ã‚‹æ–‡å—列 \"VERSION\" ã¯ã€æ›´æ–°å¯¾è±¡ã®ã‚µãƒ¼" +"ãƒã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™ã€‚" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "å¤ã„データベースを移動ã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"ãŠãらãè¨å®šæ‰‹é †ã‚’壊ã™ã¨æ€ã‚れるファイルãŒã€/var/lib/ldap ã«ã¾ã ã‚ã‚Šã¾ã™ã€‚ã“" +"ã®é¸æŠžè‚¢ã§ã€Œã¯ã„ã€ã‚’é¸ã¶ã¨ã€ãƒ¡ãƒ³ãƒ†ãƒŠã‚¹ã‚¯ãƒªãƒ—トã¯æ–°ã—ã„データベースを作æˆã™ã‚‹" +"å‰ã«å¤ã„データベースファイルを別ã®å ´æ‰€ã«ç§»å‹•ã—ã¾ã™ã€‚" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "è¨å®šã‚’å†è©¦è¡Œã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"入力ã•ã‚ŒãŸè¨å®šã¯ç„¡åŠ¹ã§ã™ã€‚DNS ドメインåãŒæœ‰åŠ¹ãªæ–‡æ³•ã«ãªã£ã¦ã„ã‚‹ã“ã¨ã€çµ„ç¹”å" +"ã®ãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰ãŒç©ºã«ãªã£ã¦ã„ãªã„ã“ã¨ã¨ã€ç®¡ç†è€…パスワードãŒåˆã£ã¦ã„ã‚‹ã“ã¨ã‚’確èª" +"ã—ã¦ãã ã•ã„。è¨å®šã‚’å†è©¦è¡Œã—ãªã„ã¨ã€LDAP サーãƒã¯ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ã•ã‚Œã¾ã›ã‚“。ã‚ã¨" +"ã§å†è©¦è¡Œã™ã‚‹ã¨ãã«ã¯ã€\"dpkg-reconfigure slapd\" を実行ã—ã¦ãã ã•ã„。" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "DNS ドメインå:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"DNS ドメインå㯠LDAP ディレクトリã®ãƒ™ãƒ¼ã‚¹ DN ã‚’å½¢æˆã™ã‚‹ã®ã«ä½¿ã‚ã‚Œã¾ã™ã€‚ãŸã¨" +"ãˆã°ã€'foo.example.org' ã¯ã€ãƒ™ãƒ¼ã‚¹ DN ã¨ã—㦠'dc=foo, dc=example, dc=org' ã®" +"ディレクトリを作æˆã—ã¾ã™ã€‚" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "組織å:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "LDAP ディレクトリã®ãƒ™ãƒ¼ã‚¹ DN 内ã§ä½¿ã†çµ„ç¹”ã®åå‰ã‚’入力ã—ã¦ãã ã•ã„。" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "管ç†è€…ã®ãƒ‘スワード:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"ã‚ãªãŸã® LDAP ディレクトリã§ã®ç®¡ç†è€…エントリã®ãƒ‘スワードを入力ã—ã¦ãã ã•ã„。" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "パスワードã®ç¢ºèª:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"æ£ã—ãタイプã—ãŸã‹ã®ç¢ºèªã®ãŸã‚ã«ã€å…ˆã»ã©å…¥åŠ›ã—ãŸã®ã¨åŒã˜ LDAP ディレクトリ用" +"ã® admin ã®ãƒ‘スワードをå†åº¦å…¥åŠ›ã—ã¦ãã ã•ã„。" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "パスワードãŒåˆè‡´ã—ã¾ã›ã‚“" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "2回入力ã•ã‚ŒãŸãƒ‘スワードã¯åŒã˜ã§ã¯ã‚ã‚Šã¾ã›ã‚“。å†åº¦å…¥åŠ›ã—ã¦ãã ã•ã„。" + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "slapd をパージã—ãŸã¨ãã«ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’削除ã—ã¾ã™ã‹?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "æ›´æ–°ä¸ã« slapcat ãŒå¤±æ•—" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "LDAP ディレクトリã®æ›´æ–°ä¸ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"LDAP ディレクトリã®å±•é–‹ä¸ã« 'slapcat' プãƒã‚°ãƒ©ãƒ ãŒå¤±æ•—ã—ã¾ã—ãŸã€‚ã“ã‚Œã¯ä¸æ£ãª" +"è¨å®šãƒ•ã‚¡ã‚¤ãƒ« (ãŸã¨ãˆã°ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã® " +"'moduleload' è¡ŒãŒãªã„ãªã©) ã«ã‚ˆã£ã¦å¼•ãèµ·ã“ã•ã‚ŒãŸå¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"ã“ã®å¤±æ•—ã¯ã€å¾Œã§ 'slapadd' を失敗ã•ã›ã‚‹ã“ã¨ã«ãªã‚Šã¾ã™ã€‚å¤ã„データベースファイ" +"ル㯠/var/backups ã«ç§»å‹•ã•ã‚Œã¾ã™ã€‚æ›´æ–°ã‚’å†è©¦è¡Œã—ãŸã„ã®ã§ã‚ã‚Œã°ã€å¤ã„データ" +"ベースファイルを元ã®å ´æ‰€ã«æˆ»ã—㦠slapcat ãŒå¤±æ•—ã™ã‚‹åŽŸå› ã‚’ä¿®æ£ã—ã€æ¬¡ã®ã‚ˆã†ã«å®Ÿ" +"è¡Œã—ã¾ã™:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"ãã—ã¦ã€ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—é ˜åŸŸã«æˆ»ã—ã€slapadd ã‚’ ${location} " +"ã‹ã‚‰å®Ÿè¡Œã—ã¦ã¿ã¾ã™ã€‚" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "利用ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB 㨠BDB ã¯ä¼¼ãŸã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚’使ã„ã¾ã™ãŒã€HDB ã«ã¯ã‚µãƒ–ツリーã®åå‰" +"変更ã®ã‚µãƒãƒ¼ãƒˆãŒåŠ ã‚ã£ã¦ã„ã¾ã™ã€‚å…±ã«ã€åŒã˜è¨å®šã‚ªãƒ—ションをサãƒãƒ¼ãƒˆã—ã¾ã™ã€‚" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"MDB ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚MDB ã¯æ–°ã—ã„ストレージフォーマットを採用ã—ã¦" +"ãŠã‚Šã€BDB ã‚„ HDB よりも少ãªã„è¨å®šã§æ¸ˆã¿ã¾ã™ã€‚" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"ã„ãšã‚Œã®å ´åˆã§ã‚‚ã€å¿…è¦ã«å¿œã˜ã¦ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹è¨å®šã®çµæžœã‚’å†ç¢ºèªã™ã¹ãã§ã™ã€‚詳細" +"ã«ã¤ã„ã¦ã¯ /usr/share/doc/slapd/README.Debian.gz ã‚’å‚ç…§ã—ã¦ãã ã•ã„。" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "潜在的ã«å®‰å…¨ã§ãªã„ slapd ã®ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡è¨å®šã§ã™" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"è¨å®šã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã«ã¯ã€ãƒ¦ãƒ¼ã‚¶ã«è‡ªèº«ã®å±žæ€§ã®ã»ã¨ã‚“ã©ã®å¤‰æ›´ã‚’許容ã™ã‚‹ 1 ã¤" +"以上ã®ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ãƒ«ãƒ¼ãƒ«ãŒã‚ã‚Šã¾ã™ã€‚ã“ã‚Œã¯ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã®ä½¿ã„よã†ã«ã‚ˆã£ã¦ã¯å®‰" +"å…¨ã§ãªã„å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚" + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"\"to *\" ã§å§‹ã¾ã‚‹ slapd アクセスルールãŒã‚ã‚‹å ´åˆã€å„ \"by self write\" 記述を" +"削除ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ãã†ã™ã‚Œã°ã€ãƒ¦ãƒ¼ã‚¶ãŒå¤‰æ›´ã§ãã‚‹ã®ã¯æ˜Žç¤ºçš„ã«è¨±å¯ã•" +"ã‚ŒãŸå±žæ€§ã®ã¿ã«ãªã‚Šã¾ã™ã€‚" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"詳細ã«ã¤ã„ã¦ã¯ /usr/share/doc/slapd/README.Debian.gz ã‚’å‚ç…§ã—ã¦ãã ã•ã„。" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "インストールã®ä¸æ¢" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "ã‹ã¾ã‚ãšç¶šã‘ã‚‹" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "手動㮠ppolicy スã‚ーマ更新ã®æŽ¨å¥¨" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Password Policy (ppolicy) オーãƒãƒ¬ã‚¤ã®æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯ã€ç¾åœ¨ä½¿ç”¨ã—ã¦ã„るス" +"ã‚ーマã«å˜åœ¨ã—ãªã„ pwdMaxRecordedFailure 属性型をスã‚ーマã«å®šç¾©ã™ã‚‹å¿…è¦ãŒã‚ã‚Š" +"ã¾ã™ã€‚アップグレードを今ã™ãä¸æ¢ã—ã€slapd をアップグレードã™ã‚‹å‰ã« ppolicy ス" +"ã‚ーマを更新ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚レプリケーションãŒä½¿ã‚ã‚Œã¦ã„ã‚‹å ´åˆã€ã“ã®" +"アップグレードを続ã‘ã‚‹å‰ã«ã‚¹ã‚ーマã®æ›´æ–°ã‚’å„サーãƒã«é©ç”¨ã—ã¦ãŠãã¹ãã§ã™ã€‚" + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "アップグレードã«å¿…è¦ãªå¤‰æ›´ä»˜ãã® LDIF ファイルãŒç”Ÿæˆã•ã‚Œã¾ã—ãŸ:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"slapd ãŒãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ãƒ«ãƒ¼ãƒ«ã‚’使ã£ã¦ã„ã‚‹ã®ã§ã‚ã‚Œã°ã€ã“れらã®å¤‰æ›´ã¯ " +"(slapd ãŒé–‹å§‹ã—ãŸå¾Œã«) 以下ã®ã‚³ãƒžãƒ³ãƒ‰ã«ã‚ˆã£ã¦é©ç”¨ã§ãã¾ã™:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"インストールを続ã‘ã‚‹ã“ã¨ã‚’é¸ã¶ã¨ã€æ–°ã—ã„属性型ã¯è‡ªå‹•çš„ã«è¿½åŠ ã•ã‚Œã¾ã™ãŒã€ã“ã®" +"変更㯠slapd オーãƒãƒ¬ã‚¤ã§å®Ÿè¡Œã•ã‚Œãšã€ä»–ã®ã‚µãƒ¼ãƒã¨ã®ãƒ¬ãƒ—リケーションã«å½±éŸ¿ã™ã‚‹" +"å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚" diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 0000000..a02b7bf --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,462 @@ +# Dutch translation of openldap debconf templates. +# Copyright (C) 2008-2011 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openldap package. +# Bart Cornelis <cobaco@skolelinux.no>, 2008. +# Jeroen Schot <schot@a-eskwadraat.nl>, 2011. +# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014, 2017. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.44+dfsg-4\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-12 14:24+0100\n" +"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n" +"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Gtranslator 2.91.6\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Wilt u het configureren van de OpenLDAP-server overslaan?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Wanneer u deze optie kiest, worden er geen initiële configuratie en databank " +"voor u aangemaakt." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "altijd" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "wanneer nodig" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "nooit" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Bij de opwaardering de databanken exporteren naar bestand:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Vooraleer een opwaardering naar een nieuwe versie van de OpenLDAP-server " +"uitgevoerd wordt, kunnen de data in uw LDAP-catalogi geëxporteerd worden " +"naar een gewoon tekstbestand in LDIF-indeling (dit is het gestandaardiseerde " +"'LDAP Data Interchange Format')." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Wanneer u 'altijd' selecteert, worden de databanken voor elke opwaardering " +"onvoorwaardelijk naar een bestand geëxporteerd. Wanneer u 'wanneer nodig' " +"selecteert, worden de databanken enkel geëxporteerd wanneer de nieuwe " +"databank-indeling incompatibel is met de oude indeling en de data opnieuw " +"geïmporteerd moeten worden. Wanneer u 'nooit' kiest wordt er geen databank-" +"export gemaakt." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Voor databank-exports te gebruiken map:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Geef de map op waarnaar LDAP-databanken geëxporteerd moeten worden. In deze " +"map worden verschillende LDIF-bestanden aangemaakt die overeenkomen met de " +"zoekbasissen op de server. U dient ervoor te zorgen dat u genoeg vrije " +"ruimte heeft op de partitie waar de map zich bevindt. Het eerste voorkomen " +"van de tekst 'VERSION' wordt vervangen door de server-versie vanwaar u " +"opwaardeert." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Wilt u de oude databank verplaatsen?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Er bevinden zich nog bestanden in /var/lib/ldap die het configuratieproces " +"waarschijnlijk zullen verstoren. Als u voor deze optie kiest, zullen de " +"scripts van de pakketbeheerder de oude databankbestanden wegzetten voordat " +"ze de nieuwe databank aanmaken." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Configuratie opnieuw proberen?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"De door u ingevoerde configuratie is ongeldig. Zorg ervoor dat: de DNS-" +"domeinnaam een geldige syntaxis heeft, het veld voor de organisatie niet " +"leeg is, en de beheerderswachtwoorden overeenkomen. Wanneer u ervoor kiest " +"om de configuratie niet opnieuw te proberen, wordt uw LDAP-server niet " +"ingesteld. U kunt later altijd 'dpkg-reconfigure slapd' uitvoeren om de " +"configuratie opnieuw te proberen. " + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "DNS-domeinnaam:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"De DNS-domeinnaam wordt gebruikt als de basis-DN van uw LDAP-catalogus. foo." +"example.org invoeren geeft u de basis-DN dc=foo, dc=example, dc=org." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Organisatienaam:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Geef op welke organisatienaam gebruikt moet worden in de basis-DN van uw " +"LDAP-catalogus." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Beheerderswachtwoord:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"Gelieve het wachtwoord op te geven voor het beheerdersaccount in uw LDAP-" +"catalogus." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Bevestig het wachtwoord:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Gelieve het beheerderswachtwoord van uw LDAP-catalogus nogmaals in te tikken " +"(dit om tikfouten tegen te gaan)." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Wachtwoorden komen niet overeen" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" +"De twee door u ingevoerde wachtwoorden kwamen niet overeen. Gelieve nogmaals " +"te proberen." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Wilt u dat de databank verwijderd wordt wanneer slapd gewist wordt?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "slapcat gaf een fout tijdens de opwaardering" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "" +"Er is een fout opgetreden tijdens het opwaarderen van uw LDAP-catalogus." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"Bij het uitpakken van de LDAP-catalogus signaleerde het programma 'slapcat' " +"een fout. Dit kan veroorzaakt worden door een onjuist configuratiebestand " +"(bv. het ontbreken van 'moduleload'-regels voor het ondersteunen van de " +"backenddatabank)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Deze mislukking zorgt ervoor dat 'slapadd' zo meteen ook mislukt. De oude " +"databankbestanden worden verplaatst naar /var/backups . Als u deze " +"opwaardering opnieuw wilt proberen, dient u eerst de oude databankbestanden " +"terug te plaatsen, daarna de oorzaak van het mislukken van slapcat op te " +"lossen, en tenslotte de volgende opdracht uit te voeren:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Vervolgens verplaatst u de databankbestanden terug naar de reservekopie-map " +"en probeert u slapadd uit te voeren vanaf ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Te gebruiken databankbackend:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB en BDB gebruiken een gelijkaardige opslagindeling, maar HDB ondersteunt " +"ook het hernoemen van deelbomen. Beide ondersteunen dezelfde " +"configuratieopties." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"Het MDB-backend is de aanbevolen keuze. MDB maakt gebruik van een nieuw " +"opslagformaat en vraagt minder configuratie dan BDB of HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"In elk geval is het een goed idee om te controleren of de resulterende " +"databankconfiguratie aan uw noden voldoet. Meer informatie vindt u in /usr/" +"share/doc/slapd/README.Debian.gz." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "De configuratie van de slapd-toegangscontrole is mogelijk onveilig" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Een of meer van de geconfigureerde databanken gebruikt bij de " +"toegangscontrole een regel die gebruikers toelaat om het grootste deel van " +"hun eigen attributen te wijzigen. Afhankelijk van de wijze waarop de " +"databank gebruikt wordt, is dit mogelijk onveilig." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"In het geval er slapd-toegangsregels van toepassing zijn die met \"to *\" " +"beginnen, wordt aanbevolen om elk voorkomen van \"by self write\" te " +"verwijderen, waardoor gebruikers enkel die attributen kunnen wijzigen " +"waarvoor dit expliciet toegestaan wordt." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Raadpleeg /usr/share/doc/slapd/README.Debian.gz voor meer details." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "de installatie afbreken" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "desondanks toch voortgaan" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Het handmatig bijwerken van het ppolicy schema wordt aanbevolen" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"De nieuwe versie van de Password Policy (ppolicy) overlay vereist dat het " +"schema het attribuuttype pwdMaxRecordedFailure definieert, maar dit komt " +"niet voor in het schema dat momenteel in gebruik is. Het wordt aanbevolen om " +"de opwaardering nu af te breken en het ppolicy-schema bij te werken " +"vooraleer slapd opgewaardeerd wordt. Indien replicatie toegepast wordt, moet " +"het bijwerken van het schema op elke server uitgevoerd worden voor u " +"voortgaat met de opwaardering." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" +"Er werd een LDIF-bestand gegenereerd met de voor de opwaardering vereiste " +"wijzigingen:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"dus als slapd de standaardregels voor toegangscontrole gebruikt, kunnen deze " +"wijzigingen toegepast worden door (na het starten van slapd) de volgende " +"opdracht uit te voeren:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Indien u er integendeel voor kiest de installatie voort te zetten, zal het " +"nieuwe attribuuttype automatisch toegevoegd worden, maar zullen de slapd-" +"overlays geen rekening houden met de aanpassing en dit kan de replicatie met " +"andere servers beïnvloeden." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "LDAPv2-protocol toelaten?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "Het verouderde LDAPv2-protocol is standaard uitgeschakeld in slapd. " +#~ "Programma's en gebruikers dienen op te waarderen naar LDAPv3. Als u oude " +#~ "programma's heeft die geen LDAPv3 aankunnen, dient u deze optie te kiezen " +#~ "(hierdoor wordt 'allow bind_v2' toegevoegd aan uw 'slapd.conf'-bestand)." diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 0000000..3dd6172 --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,537 @@ +# Portuguese translation for openldap debconf messages. +# Copyright (C) Tiago Fernandes <tjg.fernandes@gmail.com>, 2006 +# This file is distributed under the same license as the openldap package. +# +# Tiago Fernandes <tjg.fernandes@gmail.com>, 2006,2008,2010. +# Rui Branco - DebianPT <ruipb@debianpt.org>, 2017. +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.44+dfsg-3\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-04-10 22:08+0000\n" +"Last-Translator: Rui Branco - DebianPT <ruipb@debianpt.org>\n" +"Language-Team: Portuguese <traduz@debianpt.org>\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2;\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Omitir a configuração do servidor OpenLDAP?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Se activar esta opção, não será criada inicialmente uma configuração ou base " +"de dados para si." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "sempre" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "quando necessário" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "nunca" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Despejar as bases de dados para ficheiro durante a actualização:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Antes de actualizar para uma nova versão do servidor OpenLDAP, os dados dos " +"seu directórios LDAP podem ser despejados para ficheiros de texto simples no " +"formato padronizado LDAP Data Interchange Format." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Seleccionar \"sempre\" fará com as bases de dados sejam despejadas " +"incondicionalmente antes de uma actualização. Seleccionar \"quando necessário" +"\" irá apenas despejar a base de dados se a nova versão for incompatÃvel com " +"o formato da base de dados antiga e for necessário reimportar-la. Se " +"seleccionar \"nunca\", não será feito qualquer despejo." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Directório a utilizar para bases de dados despejadas:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Por favor, especifique o directório para onde as bases de dados LDAP serão " +"exportadas. Dentro deste directório serão criados vários ficheiros LDIF que " +"correspondem à s bases de pesquisas localizadas no servidor. Assegure-se que " +"tem espaço livre suficiente na partição onde se encontra o directório. A " +"primeira ocorrência da string \"VERSION\" é substituÃda com a versão do " +"servidor que está a actualizar." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Mover a base de dados antiga?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Ainda existem ficheiros em /var/lib/ldap que provavelmente irão parar o " +"processo de configuração. Se activar esta opção, os scripts do maintainer " +"irão mover os ficheiros antigos da base de dados para fora do caminho, antes " +"de criar a nova base de dados." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Tentar novamente a configuração?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"A configuração que inseriu é inválida. Assegure-se que o nome do domÃnio DNS " +"tem uma sintaxe válida, que a organização é preenchida e que as palavras-" +"chave de administrador coincidem. Se decidir não tentar novamente a " +"configuração, o servidor de LDAP não ficará configurado. Corra \"dpkg-" +"reconfigure slapd\" se quiser tentar novamente mais tarde." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Nome do domÃnio DNS:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"O nome do domÃnio DNS é usado para construir o DN base do seu directório " +"LDAP. Por exemplo, 'foo.exemplo.org' irá criar o directório com 'dc=foo," +"dc=exemplo,dc=org' como DN base." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Nome da Organização:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Por favor, insira o nome da organização a usar, no DN base do seu directório " +"LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Palavra-passe do administrador:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"Por favor, insira a palavra-passe para a entrada admin do seu directório " +"LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Confirme a palavra-passe:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Por favor introduza novamente a palavra-passe de admin do seu directório " +"LDAP, para verificar se a introduziu correctamente." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "A palavra-passe não coincide" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" +"As duas palavra-passe que você introduziu não são iguais. Por favor, tente " +"novamente." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Quer que a base de dados seja removida quando o slapd for purgado?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "Falha do slapcat durante a actualização" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Ocorreu um erro durante a actualização do directório LDAP." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"O programa 'slapcat' falhou enquanto extraÃa o directório LDAP. Isto pode " +"ter sido causado por um ficheiro de configuração incorrecto (por exemplo, " +"linhas 'moduleload' em falta para suportar o backend da base de dados)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Esta falha irá fazer com que o 'slapadd' falhe também mais tarde. Os " +"ficheiros antigos da base de dados serão movidos para /var/backups. Se " +"quiser tentar novamente esta actualização, deverá mover os ficheiros antigos " +"da base de dados antiga de volta para o seu lugar, corrigir o que possa ter " +"causado a falha do slapcat, e executar:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Depois mova os ficheiros da base de dados de volta para a área de backup e a " +"seguir tente correr o slapadd a partir de ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Backend a usar para a base de dados:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB e BDB usam formatos similares de armazenamento, mas o HDB adiciona " +"suporte para renomeação de sub-árvores. Ambos suportam as mesmas opções de " +"configuração." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"É recomendado o backend MDB. MDB utiliza um novo formato de armazenamento e " +"requer menos configurações do que BDB ou HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Em qualquer caso, deverá rever a configuração da base de dados resultante, " +"para as suas necessidades. Ver /usr/share/doc/slapd/README.Debian.gz para " +"mais detalhes." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Configuração de controlo de acesso ao slapd potencialmente insegura" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Uma ou mais das bases de dados configuradas têm uma regra de controlo de " +"acesso que permite os utilizadores modificarem os seus próprios atributos. " +"Isto pode ser inseguro, dependendo de como a base de dados é utilizada." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"No caso das regras de acesso do slapd que começam com \" até *\", é " +"recomendado que se remova qualquer instância de \"by self write\", de " +"maneira a que os utilizadores possam modificar especificamente atributos " +"permitidos." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Ver /usr/share/doc/slapd/README.Debian.gz para mais detalhes." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "abortar a instalação" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "continuar de qualquer forma " + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Recomendada actualização manual do esquema ppolicy" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"A nova versão do overlay da politica de palavra-chave (ppolicy) requer ao " +"esquema que seja definida um tipo de atributo pwdMaxRecordedFailure, o qual " +"não está presente no esquema em uso. É recomendadoabortar a instalação neste " +"momento, e actualizar o esquema ppolicy antes de actualizar o slapd. Se a " +"replicação está em uso, a actualização do esquema deverá ser efectuada em " +"cada servidor antes de continuar a actualização." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" +"Um ficheiro LDIF foi criado com as alterações requeridas para a actualização:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"assim se o slapd estiver a usar as regras de controlo de acesso por " +"predefinição, estas alterações podem ser aplicadas (depois de iniciar o " +"slapd) ao usar o seguinte comando:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Se escolher continuar a instalação, o novo tipo de atributo será " +"automaticamente adicionado, mas a alteração não terá efeito nos overlays " +"slapd, e replicação com outros servidores pode ser afectada." + +#~ msgid "" +#~ "In the version of slapd about to be installed, the ppolicy overlay " +#~ "requires the new pwdMaxRecordedFailure attribute to be defined in the " +#~ "ppolicy schema. The schema contained in the cn=config database does not " +#~ "currently include this attribute." +#~ msgstr "" +#~ "Na versão do slapd prestes a ser instalada, o 'overlay' ppolicy requer a " +#~ "definição de um novo atributo pwdMaxRecordedFailure no esquema ppolicy. " +#~ "O esquema contido na base de dados cn=config não inclui actualmente este " +#~ "atributo." + +#~ msgid "" +#~ "The ppolicy schema can be updated by applying the changes found in the " +#~ "following LDIF file:" +#~ msgstr "" +#~ "O esquema ppolicy pode ser actualizado aplicando as alterações " +#~ "encontradas no seguinte ficheiro LDIF:" + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Permitir o protocolo LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "O protocolo obsoleto LDAPv2 está desactivado por pré-definição no slapd. " +#~ "Os programas e utilizadores devem actualizar para LDAPv3. Se tiver " +#~ "programas antigos que não conseguem usar LDAPv3, deverá seleccionar esta " +#~ "opção e será adicionado 'allow bind_v2' ao seu ficheiro slapd.conf." + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "o slurpd está obsoleto; as réplicas terão de ser configuradas á mão" + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "Foi encontrada, durante a actualização, uma ou mais opções \"replica\" do " +#~ "slurpd na sua configuração do slapd. Devido ao slurpd estar obsoleto a " +#~ "partir do OpenLDAP 2.4, terá de migrar as suas réplicas para usar o " +#~ "protocolo syncrepl, em seu lugar." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "A conversão do slurpd para o protocolo syncrepl (pull-based) não poderá " +#~ "ser feita automaticamente e terá de configurar manualmente os seus " +#~ "servidores replicados. Por favor, para mais detalhes veja http://www." +#~ "openldap.org/doc/admin24/syncrepl.html ." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "Os valores para TLSCipherSuite foram alterados" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "Durante a actualização a opção \"TLSCipherSuite\" foi encontrada na " +#~ "configuração do seu slapd. Os valores permitidos para esta opção são " +#~ "determinados pela implementação SSL usada, a qual foi alterada de OpenSSL " +#~ "para GnuTLS. Como resultado, a sua actual opção TLSCipherSuite não irá " +#~ "funcionar com este pacote." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Esta opção foi comentada automaticamente para si. Se tiver necessidades " +#~ "especÃficas de encriptação que necessitem que esta opção seja reactivada, " +#~ "veja o output de 'gnutls-cli -l' que existe no pacote gnutls-bin, para " +#~ "obter a lista de cifras suportadas pelo GnuTLS." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "Fazer cópia de segurança da base de dados actual e criar uma nova?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "O sufixo de directório (domÃnio) que especificou não coincide com o " +#~ "actual em /etc/ldap/slapd.conf. Alterar o sufixo do directório requer " +#~ "mover para outro local a actual base de dados LDAP e criar uma nova. Por " +#~ "favor, confirme se deseja fazer cópia de segurança e abandonar a base de " +#~ "dados actual." diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 0000000..86e8ac2 --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,526 @@ +# openldap Brazilian Portuguese translation +# Copyright (C) 2007 THE openldap'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openldap package. +# André LuÃs Lopes <andrelop@debian.org>, 2003-2006. +# Felipe Augusto van de Wiel (faw) <faw@debian.org>, 2007. +# Steve Langasek <vorlon@debian.org>, 2008. +# Eder L. Marques (frolic) <frolic@debian-ce.org>, 2008. +# Adriano Rafael Gomes <adrianorg@debian.org>, 2011-2017. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.44+dfsg-4\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-10 10:28-0200\n" +"Last-Translator: Adriano Rafael Gomes <adrianorg@debian.org>\n" +"Language-Team: l10n Portuguese <debian-l10n-portuguese@lists.debian.org>\n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Omitir a configuração do servidor OpenLDAP?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Se você habilitar esta opção, nenhuma configuração inicial ou base de dados " +"será criada para você." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "sempre" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "quando necessário" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "nunca" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Descarregar as bases de dados para arquivos na atualização:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Antes de atualizar para uma nova versão do servidor OpenLDAP, os dados dos " +"seus diretórios LDAP podem ser descarregados em arquivos texto plano no " +"formato padrão \"LDAP Interchange Format\" (Formato de Intercâmbio LDAP)." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Selecionar \"sempre\" fará com que as bases de dados sejam descarregadas " +"incondicionalmente antes de atualizar. Selecionar \"quando necessário\" só " +"descarregará a base de dados se a nova versão for incompatÃvel com o formato " +"da antiga base de dados e tiver que ser importada novamente. Se você " +"selecionar \"nunca\", nenhum descarregamento será feito." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Diretório para descarregar suas bases de dados:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Por favor, especifique o diretório onde as bases de dados LDAP serão " +"exportadas. Nesse diretório, vários arquivos LDIF serão criados " +"correspondendo à s bases de procura localizadas no servidor. Tenha certeza de " +"ter espaço livre suficiente na partição onde este diretório está localizado. " +"A primeira ocorrência da string \"VERSION\" é substituÃda com a versão do " +"servidor a partir da qual você está atualizando." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Mover a base de dados antiga?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Ainda há arquivos em /var/lib/ldap que provavelmente quebrarão o processo de " +"configuração. Se você habilitar esta opção, os scripts do mantenedor moverão " +"os arquivos da antiga base de dados para fora do caminho antes de criar uma " +"nova base de dados." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Tentar novamente a configuração?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"A configuração que você informou é inválida. Tenha certeza de que o nome de " +"domÃnio DNS tem uma sintaxe válida, o campo para a organização não foi " +"deixado vazio e as senhas do admin conferem. Se você decidir não tentar " +"novamente a configuração, o servidor LDAP não será configurado. Execute " +"\"dpkg-reconfigure slapd\" se você quiser tentar novamente mais tarde." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Nome do domÃnio DNS:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"O nome do domÃnio DNS é usado para construir a base DN de seu diretório " +"LDAP. Por exemplo, \"foo.example.org\" criará o diretório com \"dc=foo, " +"dc=example, dc=org\" como base DN." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Nome da organização:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Por favor, informe o nome da organização para usar na base DN de seu " +"diretório LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Senha do administrador:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" +"Por favor, informe a senha para a entrada administrativa em seu diretório " +"LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Confirme a senha:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Por favor, informe novamente a senha para a entrada administrativa de seu " +"diretório LDAP para verificar se você a digitou corretamente." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "As senhas não conferem" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" +"As duas senhas que você informou não foram as mesmas. Por favor, tente " +"novamente." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "" +"Você deseja que a base de dados seja removida quando o pacote slapd for " +"expurgado (\"purged\")?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "Falha do slapcat durante a atualização" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Um erro ocorreu durante a atualização do diretório LDAP." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"O programa \"slapcat\" falhou ao extrair o diretório LDAP. Isso pode ter " +"sido causado por um arquivo de configuração incorreto (por exemplo, se " +"estiverem faltando as linhas \"moduleload\" para suportar o \"backend\" da " +"base de dados)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Esta falha fará com que o \"slapadd\" também falhe posteriormente. Os " +"arquivos da antiga base de dados serão movidos para /var/backups. Se você " +"quer tentar esta atualização novamente, você deve mover os arquivos da " +"antiga base de dados de volta para o local original, corrigir o que quer que " +"tenha causado a falha do slapcat e executar:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Então mova os arquivos da base de dados de volta para uma área de backup e " +"depois tente executar slapadd a partir de ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "\"Backend\" de base de dados a ser usado:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"O HDB e o BDB usam formatos de armazenamento similares, mas o HDB adiciona " +"suporte para renomeação de subárvores. Ambos suportam as mesmas opções de " +"configuração." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"O \"backend\" MDB é recomendado. O MDB usa um novo formato de armazenamento " +"e requer menos configuração que o BDB e o HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Em qualquer caso, você deve revisar a configuração resultante da base de " +"dados para que atenda as suas necessidades. Veja /usr/share/doc/slapd/README." +"Debian.gz para mais detalhes." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Configuração de controle de acesso do slapd potencialmente insegura" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Uma ou mais das bases de dados configuradas tem uma regra de controle de " +"acesso que permite que usuários modifiquem a maioria dos seus próprios " +"atributos. Isso pode ser inseguro, dependendo de como a base de dados é " +"usada." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"No caso das regras de acesso do slapd que comecem com \"to *\", é " +"recomendado remover quaisquer instâncias de \"by self write\", de modo que " +"os usuários possam modificar somente atributos especificamente permitidos." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Veja /usr/share/doc/slapd/README.Debian.gz para mais detalhes." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "cancelar a instalação" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "continuar independentemente" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Recomendada a atualização manual do esquema ppolicy" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"A nova versão da sobreposição \"Password Policy\" (ppolicy) exige que o " +"esquema defina o tipo do atributo pwdMaxRecordedFailure, o qual não está " +"presente no esquema atualmente em uso. É recomendado cancelar a atualização " +"agora e atualizar o esquema ppolicy antes de atualizar o slapd. Se a " +"replicação estiver em uso, a atualização do esquema deverá ser aplicada em " +"cada servidor antes de continuar com a atualização." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" +"Um arquivo LDIF foi gerado com as modificações necessárias para a " +"atualização:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"então se o slapd estiver usando as regras padrão de controle de acesso, " +"essas modificações podem ser aplicadas (depois de iniciar o slapd) usando o " +"comando:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Se em vez disso você escolher continuar a instalação, o tipo do novo " +"atributo será adicionado automaticamente, mas a modificação não sofrerá " +"ações por sobreposições do slapd, e a replicação com outros servidores pode " +"ser afetada." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Permitir o protocolo LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "O protocolo obsoleto LDAPv2 é desabilitado por padrão no slapd. Os " +#~ "programas e usuários devem atualizar-se para o LDAPv3. Se você tem " +#~ "programas antigos que não usam LDAPv3, você deve selecionar esta opção e " +#~ "\"allow bind_v2\" será adicionado ao seu arquivo slapd.conf." + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "" +#~ "O slurpd está obsoleto, réplicas devem ser configuradas manualmente." + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "Uma ou mais opções slurpd \"replica\" foram encontradas em seu arquivo de " +#~ "configuração slapd quando estava atualizando. Por causa de o slurpd está " +#~ "obsoleto a partir do OpenLDAP 2.4, em vez disso você precisará migrar " +#~ "suas replicas para usar o protocolo syncrepl." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "A conversão de slurpd para o protocolo syncrepl baseado no método de " +#~ "puxar (\"pull\") atualizações, não pode ser feito automaticamente e você " +#~ "precisará configurar seus servidores de réplica manualmente. Por favor, " +#~ "veja http://www.openldap.org/doc/admin24/syncrepl.html para detalhes." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "Os valores da TLSCipherSuite mudou" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "Uma opção \"TLSCipherSuite\" foi encontrada em seu arquivo slapd durante " +#~ "a atualização. Os valores permitidos para esta opção são determinados " +#~ "pela implementação SSL utilizada, a qual foi alterada de OpenSSL para " +#~ "GnuTLS. Como resultado, sua configuração TLSCipherSuite existente não irá " +#~ "funcionar com este pacote." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Esta configuração foi automaticamente comentada para você. Se você tem " +#~ "necessidades especÃficas de criptografia que requerem que esta opção seja " +#~ "reabilitada, veja a saÃda do comando 'gnutls-cli -l' no pacote gnutls-bin " +#~ "para uma lista das cifras suportadas pelo GnuTLS." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "Fazer backup da base de dados atual e criar uma nova?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "O sufixo de diretório (domÃnio) que você especificou não confere com o " +#~ "atual em /etc/ldap/slapd.conf. Mudar o sufixo do diretório requer mover a " +#~ "atual base de dados LDAP e criar uma nova. Por favor, confirme se você " +#~ "quer fazer um backup da base de dados atual e abandoná-la." diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 0000000..174a16c --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,519 @@ +# translation of openldap_2.4.21-1_ru.po to Russian +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Yuri Kozlov <kozlov.y@gmail.com>, 2007, 2008. +# Yuri Kozlov <yuray@komyakino.ru>, 2010, 2014, 2017. +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.44+dfsg-4\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-10 19:00+0300\n" +"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" +"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 2.0\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Ðе выполнÑÑ‚ÑŒ наÑтройку Ñервера OpenLDAP?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"ЕÑли вы ответите утвердительно, Ð½Ð°Ñ‡Ð°Ð»ÑŒÐ½Ð°Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ð¸Ð»Ð¸ база данных " +"ÑоздаватьÑÑ Ð½Ðµ будет." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "вÑегда" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "только при необходимоÑти" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "никогда" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "При обновлении ÑохранÑÑ‚ÑŒ данные из базы данных в файл:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Перед обновлением до новой верÑии Ñервера OpenLDAP данные из ваших каталогов " +"LDAP могут быть Ñохранены в текÑтовые файлы в Ñтандартизованном формате " +"обмена данных LDAP." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"ЕÑли выбрать \"вÑегда\", то перед обновлением данные из баз будут " +"обÑзательно Ñохранены. ЕÑли выбрать \"только при необходимоÑти\", то база " +"данных будет Ñохранена, только еÑли Ð½Ð¾Ð²Ð°Ñ Ð²ÐµÑ€ÑÐ¸Ñ Ð½Ðµ ÑовмеÑтима Ñо Ñтарым " +"форматом базы данных и должна быть импортирована повторно. ЕÑли выбрать " +"\"никогда\", то Ñохранение базы будет пропущено." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Каталог ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ð´Ð°Ð½Ð½Ñ‹Ñ… из баз:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Укажите каталог, куда будут ÑкÑпортированы базы данных LDAP. Ð’ Ñтом каталоге " +"будет Ñоздано неÑколько файлов LDIF, которые ÑоответÑтвуют поиÑковым базам, " +"раÑположенным на Ñервере. УбедитеÑÑŒ, что у Ð²Ð°Ñ Ð´Ð¾Ñтаточно меÑта на разделе, " +"где раÑположен каталог. Первое поÑвление Ñтроки Ñо Ñловом \"VERSION\" " +"заменÑетÑÑ Ð½Ð° верÑию Ñервера, Ñ ÐºÐ¾Ñ‚Ð¾Ñ€Ð¾Ð¹ производитÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "ПеремеÑтить Ñтарую базу данных?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Ð’ каталоге /var/lib/ldap находÑÑ‚ÑÑ Ñ„Ð°Ð¹Ð»Ñ‹, которые, вероÑтно, негативно " +"повлиÑÑŽÑ‚ на процеÑÑ Ð½Ð°Ñтройки. ЕÑли вы ответите утвердительно, то " +"Ñопровождающие Ñценарии, перед тем как Ñоздать новую базу, перемеÑÑ‚ÑÑ‚ Ñтарые " +"файлы базы данных в другое меÑто." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Повторить наÑтройку?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"Ð’Ð²ÐµÐ´Ñ‘Ð½Ð½Ð°Ñ Ð²Ð°Ð¼Ð¸ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð°. УбедитеÑÑŒ, что доменное Ð¸Ð¼Ñ DNS " +"запиÑано в правильном формате, что поле Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ Ð¾Ñ€Ð³Ð°Ð½Ð¸Ð·Ð°Ñ†Ð¸Ð¸ непуÑтое и что " +"пароль админиÑтратора верен. ЕÑли вы не Ñтанете повторÑÑ‚ÑŒ наÑтройку, то " +"Ñервер LDAP оÑтанетÑÑ Ð½Ðµ наÑтроенным. ЕÑли позднее вы захотите выполнить " +"наÑтройку, запуÑтите команду «dpkg-reconfigure slapd»." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Доменное Ð¸Ð¼Ñ DNS:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"Доменное Ð¸Ð¼Ñ DNS иÑпользуетÑÑ Ð´Ð»Ñ Ð¿Ð¾ÑÑ‚Ñ€Ð¾ÐµÐ½Ð¸Ñ Ð±Ð°Ð·Ð¾Ð²Ð¾Ð³Ð¾ DN каталога LDAP. " +"Ðапример, еÑли ввеÑти «foo.bar.org», то Ñто даÑÑ‚ базовый DN «dc=foo, dc=bar, " +"dc=org»." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Ðазвание организации:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Введите название организации Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð² базовом DN каталога LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Пароль админиÑтратора:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "Введите пароль Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñи admin в каталоге LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Повторите ввод паролÑ:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Введите тот же пароль Ð´Ð»Ñ admin в каталоге LDAP ещё раз, чтобы убедитьÑÑ Ð² " +"правильноÑти ввода." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Пароли не Ñовпадают" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Введённые вами пароли не Ñовпадают. Попробуйте ещё раз." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "УдалÑÑ‚ÑŒ базу данных при вычиÑтке slapd?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "Ошибка slapcat при обновлении" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Возникла ошибка при попытке Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ ÐºÐ°Ñ‚Ð°Ð»Ð¾Ð³Ð° LDAP." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"Ошибка возникла при выполнении программы «slapcat», ÐºÐ¾Ñ‚Ð¾Ñ€Ð°Ñ Ð¿Ñ‹Ñ‚Ð°Ð»Ð°ÑÑŒ " +"раÑпаковать каталог LDAP. Ðто могло произойти из-за некорректного файла " +"конфигурации (например, в Ñлучае отÑутÑÑ‚Ð²Ð¸Ñ Ñтрок «moduleload» Ð´Ð»Ñ Ð²Ð°ÑˆÐµÐ³Ð¾ " +"типа Ñервера базы данных)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Ð’ дальнейшем, Ñто также вызовет отказ в работе «slapadd». Старые файлы базы " +"данных были перенеÑены в каталог /var/backups. ЕÑли вы хотите попытатьÑÑ " +"выполнить обновление ещё раз, перемеÑтите Ñтарые файлы базы данных обратно, " +"иÑправьте ошибку, вызывающую отказ работы «slapcat» и выполните:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"ПеремеÑтите файлы базы данных обратно в меÑто Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ñ€ÐµÐ·ÐµÑ€Ð²Ð½Ð¾Ð¹ копии и " +"затем попытайтеÑÑŒ запуÑтить slapadd из ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "ИÑпользуемые Ñерверы баз данных:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB и BDB иÑпользуют Ñхожие форматы хранениÑ, но в HDB добавлена поддержка " +"Ð¿ÐµÑ€ÐµÐ¸Ð¼ÐµÐ½Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€ÐµÐ²ÑŒÐµÐ². Оба типа Ñервера поддерживают одинаковые " +"параметры наÑтройки." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"РекомендуетÑÑ Ð¸Ñпользовать Ñервер MDB. MDB иÑпользует новый формат Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ " +"и требует меньше наÑтроек чем BDB или HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Ð’ любом Ñлучае, убедитеÑÑŒ в ÑоответÑтвии получившихÑÑ Ð½Ð°Ñтроек базы данных " +"вашим требованиÑм. Подробней о наÑтройке Ñмотрите в файле /usr/share/doc/" +"slapd/README.Debian.gz." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Потенциально небезопаÑÐ½Ð°Ñ Ð½Ð°Ñтройка ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð´Ð¾Ñтупом slapd" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Ð’ одной или более базах данных наÑтроено правило ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð´Ð¾Ñтупа, которое " +"позволÑет пользователÑм изменÑÑ‚ÑŒ не только ÑобÑтвенные атрибуты. Ðто может " +"быть небезопаÑно, в завиÑимоÑти от иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð±Ð°Ð·Ñ‹ данных." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"Ð’ Ñлучае, когда правила доÑтупа slapd начинаютÑÑ Ñ Â«to *», рекомендуетÑÑ " +"удалÑÑ‚ÑŒ вÑе ÑкземплÑры «by self write» Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, чтобы пользователи могли " +"изменÑÑ‚ÑŒ только Ñвно разрешённые атрибуты." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Смотрите подробноÑти в файле /usr/share/doc/slapd/README.Debian.gz." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "прервать уÑтановку" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "продолжить" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "РекомендуетÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ñхемы ppolicy вручную" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Ð”Ð»Ñ Ð½Ð¾Ð²Ð¾Ð¹ верÑии Ð¾Ð²ÐµÑ€Ð»ÐµÑ Password Policy (ppolicy) требуетÑÑ Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»ÐµÐ½Ð¸Ðµ " +"типа атрибутов pwdMaxRecordedFailure, который отÑутÑтвует в иÑпользуемой в " +"данной момент Ñхеме. РекомендуетÑÑ Ð¿Ñ€ÐµÑ€Ð²Ð°Ñ‚ÑŒ уÑтановку прÑмо ÑÐµÐ¹Ñ‡Ð°Ñ Ð¸ " +"обновить Ñхему ppolicy перед обновлением slapd. ЕÑли иÑпользуетÑÑ " +"репликациÑ, то обновление Ñхемы должно быть выполнено на каждом Ñервере " +"перед продолжением обновлениÑ." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "Был Ñоздан файл LDIF Ñ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñми, требующимиÑÑ Ð´Ð»Ñ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"и еÑли в slapd иÑпользуютÑÑ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð´Ð¾Ñтупом по умолчанию, то Ñти " +"Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ применить (поÑле запуÑка slapd) командой:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"ЕÑли вы выберете продолжение уÑтановки, то новый тип атрибута будет добавлен " +"автоматичеÑки, но изменение не будет применено в оверлеÑÑ… slapd, и Ñто может " +"повлиÑÑ‚ÑŒ на другие Ñерверы при репликации." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Включить протокол LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "По умолчанию в slapd Ñтарый протокол LDAPv2 выключен. КлиентÑкие " +#~ "программы нужно обновить до верÑий Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶ÐºÐ¾Ð¹ LDAPv3. ЕÑли у Ð²Ð°Ñ ÐµÑÑ‚ÑŒ " +#~ "Ñтарые программы, которые не могут иÑпользовать LDAPv3, то вы должны " +#~ "ответить утвердительно, и в файл slapd.conf будет добавлена запиÑÑŒ «allow " +#~ "bind_v2»." + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "slurpd уÑтарел; реплики должны быть перенаÑтроены вручную" + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "При обновлении в вашем конфигурационном файле Ð´Ð»Ñ slapd найден один или " +#~ "неÑколько параметров \"replica\" Ð´Ð»Ñ slurpd. Так как slurpd уÑтарел " +#~ "Ð½Ð°Ñ‡Ð¸Ð½Ð°Ñ Ñ OpenLDAP верÑии 2.4, Ð´Ð»Ñ Ñ€ÐµÐ¿Ð»Ð¸Ðº вам нужно перейти на протокол " +#~ "syncrepl." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "ÐвтоматичеÑкое преобразование наÑтроек slurpd в наÑтройки оÑнованного на " +#~ "вытÑгивании протокола syncrepl невозможно, и поÑтому вы должны наÑтроить " +#~ "Ñвои Ñерверы реплик вручную. Подробней об Ñтом Ñмотрите на Ñтранице " +#~ "http://www.openldap.org/doc/admin24/syncrepl.html." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "ИзменилиÑÑŒ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð´Ð»Ñ TLSCipherSuite" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "При обновлении в наÑтройке slapd был найден параметр \"TLSCipherSuite\". " +#~ "ДопуÑтимые Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ñтого параметра, определÑемые авторами SSL, были " +#~ "изменены при переходе Ñ OpenSSL на GnuTLS. Ð’ результате, имеющаÑÑÑ " +#~ "наÑтройка TLSCipherSuite не заработает Ñ Ñтим пакетом." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Ð”Ð°Ð½Ð½Ð°Ñ Ð½Ð°Ñтройка будет автоматичеÑки закомментирована. ЕÑли Ð´Ð»Ñ ÐºÐ°ÐºÐ¾Ð³Ð¾-то " +#~ "Ñпецифичного ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð²Ð°Ð¼ требуетÑÑ ÐµÑ‘ иÑпользовать, то ÑпиÑок " +#~ "поддерживаемых GnuTLS алгоритмов можно поÑмотреть, запуÑтив команду " +#~ "'gnutls-cli -l' из пакета gnutls-bin." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "Сделать резервную копию имеющейÑÑ Ð±Ð°Ð·Ñ‹ данных и Ñоздать новую?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "Ð’Ñ‹ указали ÑÑƒÑ„Ñ„Ð¸ÐºÑ ÐºÐ°Ñ‚Ð°Ð»Ð¾Ð³Ð° (домен), который не Ñовпадает Ñ Ð¸Ð¼ÐµÑŽÑ‰Ð¸Ð¼ÑÑ Ð² /" +#~ "etc/ldap/slapd.conf. Изменение ÑуффикÑа каталога требует Ð¿ÐµÑ€ÐµÐ¼ÐµÑ‰ÐµÐ½Ð¸Ñ " +#~ "имеющейÑÑ Ð±Ð°Ð·Ñ‹ данных LDAP и Ñоздание новой. Подтвердите, что хотите " +#~ "Ñделать резервную копию базы данных и отказатьÑÑ Ð¾Ñ‚ имеющейÑÑ." diff --git a/debian/po/sk.po b/debian/po/sk.po new file mode 100644 index 0000000..a601991 --- /dev/null +++ b/debian/po/sk.po @@ -0,0 +1,443 @@ +# Slovak translations for openldap package +# Slovenské preklady pre balÃk openldap. +# Copyright (C) 2011 THE openldap'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Slavko <linux@slavino.sk>, 2011. +# Ivan Masár <helix84@centrum.sk>, 2017. +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.23-7\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-10 10:01+0200\n" +"Last-Translator: Ivan Masár <helix84@centrum.sk>\n" +"Language-Team: x\n" +"Language: sk\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" +"X-Generator: Virtaal 0.7.1\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "VynechaÅ¥ nastavenia servera OpenLDAP?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Ak zvolÃte túto možnosÅ¥, nebude vytvorené poÄiatoÄné nastavenie ani databáza." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "vždy" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "keÄ je treba" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "nikdy" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Pri aktualizácii uložiÅ¥ databázy do súboru:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Pred aktualizáciou na novÅ¡iu verziu servera OpenLDAP môžu byÅ¥ vaÅ¡e dáta z " +"adresárov LDAP uložené do textových súborov vo formáte LDAP Data Interchange " +"Format, Äo je Å¡tandardizovaný formát na popis týchto dát." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Výberom „vždy“ zaistÃte, že budú databázy uložené do súborov pred každou " +"aktualizáciou. Voľba „keÄ je treba“ znamená, že budú databázy uložené len v " +"prÃpade, že je nová verzia nekompatibilná s formátom starej databázy, a teda " +"bude potrebné opätovné nahratie dát. Ak zvolÃte „nikdy“, dáta sa nebudú " +"ukladaÅ¥." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Adresár pre exportované databázy:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"ProsÃm, zadajte adresár, kam majú byÅ¥ uložené databázy LDAP. V tomto " +"adresári bude vytvorených niekoľko súborov LDIF, jeden pre každý koreň " +"adresárov LDAP daného servera. PresvedÄte sa, že je na zvolenej oblasti " +"dostatok miesta. Prvý výskyt reÅ¥azca „VERSION†bude nahradený verziou " +"servera LDAP, z ktorej aktualizujete." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Presunúť starú databázu?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Vo /var/lib/ldap stále existujú súbory, ktoré pravdepodobne naruÅ¡ia proces " +"nastavenia. Ak zvolÃte túto možnosÅ¥, inÅ¡talaÄné skripty pred vytvorenÃm " +"novej databázy najprv presunú staré databázové súbory inam." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "OpakovaÅ¥ nastavenie?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"Zadali ste neplatné nastavenie. Skontrolujte, Äi je zadané doménové meno " +"(DNS) v platnom tvare, že je vyplnené pole organizácie a heslá " +"administrátora súhlasia. Ak sa rozhodnete neopakovaÅ¥ nastavenie, ostane " +"server LDAP nenastavený. Ak budete chcieÅ¥ opakovaÅ¥ nastavenie neskôr, " +"spustite „dpkg-reconfigure slapdâ€." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Meno domény (DNS):" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"Meno domény (DNS) sa použije na vytvorenie základného DN adresára LDAP. " +"NaprÃklad „foo.example.org“ vytvorà adresár so základným DN „dc=foo, " +"dc=example, dc=org“." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Názov organizácie:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"ProsÃm, zadajte názov organizácie, ktorý sa použije v základnom DN vášho " +"adresára LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Heslo správcu:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "ProsÃm zadajte heslo správcu vášho adresára LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Overenie hesla:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"ProsÃm, zadajte znova heslo správcu vášho adresára LDAP na overenie, že ste " +"ho napÃsali správne." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Heslá sa nezhodujú" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Zadané heslá nie sú rovnaké. ProsÃm, skúste to znova." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Chcete aby pri odstránenà balÃka slapd bola odstránená aj databáza?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "Zlyhanie slapcat poÄas aktualizácie" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Pri aktualizácii adresára LDAP nastala chyba." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"Program „slapcat“ zlyhal pri práci s adresárom LDAP. Táto chyba môže byÅ¥ " +"spôsobená chybným konfiguraÄným súborom (naprÃklad chýbajúce riadky " +"„moduleload“ s podporou backend databázy)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Táto chyba bude maÅ¥ za následok, že „slapadd“ neskôr tiež zlyhá. Súbory " +"starej databázy budú presunuté do /var/backups. Ak budete chcieÅ¥ skúsiÅ¥ túto " +"aktualizáciu neskôr znova, mali by ste najprv presunúť súbory starej " +"databázy naspäť, opraviÅ¥ prÃÄinu zlyhania slapcat a spustiÅ¥:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Potom presuňte súbory databázy späť medzi zálohy a až potom skúste spustiÅ¥ " +"slapadd z ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "PoužiÅ¥ backend databázy:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB a BDB použÃvajú podobné formáty úložiska, ale HDB pridáva podporu " +"premenovania podstromov. Oba podporujú rovnaké konfiguraÄné voľby." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"OdporúÄa sa použiÅ¥ backend MDB. MDB použÃva nový formát úložiska a vyžaduje " +"menej konfigurácie ako BDB Äi HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"V každom prÃpade by ste mali skontrolovaÅ¥, Äi výsledné nastavenie databázy " +"zodpovedá vaÅ¡im potrebám. ÄŽalÅ¡ie informácie nájdete v súbore /usr/share/doc/" +"slapd/README.Debian.gz." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Potenciálne nebezpeÄná konfigurácia riadenia prÃstupu slapd" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Jedna alebo viac z nastavených databáz obsahuje pravidlo riadenia prÃstupu, " +"ktoré umožňuje použÃvateľom meniÅ¥ väÄÅ¡inu svojich vlastných atribútov. To " +"môže byÅ¥ nebezpeÄné podľa toho ako sa databáza použÃva." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"V prÃpade pravidiel riadenia prÃstupu slapd, ktoré zaÄÃnajú na „to *“ sa " +"odporúÄa odstrániÅ¥ vÅ¡etky prÃpady „by self write“, aby použÃvatelia mohli " +"meniÅ¥ iba konkrétne povolené atribúty." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"ÄŽalÅ¡ie informácie nájdete v súbore /usr/share/doc/slapd/README.Debian.gz." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "preruÅ¡iÅ¥ inÅ¡taláciu" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "napriek tomu pokraÄovaÅ¥" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "OdporúÄa sa manuálna aktualizácia schémy ppolicy" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Nová verzia prekrytia politiky hesla (ppolicy; Password Policy) vyžaduje, " +"aby schéma definovala typ atribútu pwdMaxRecordedFailure, ktorý v momentálne " +"použÃvanej schéme nie je prÃtomný. OdporuÄa sa teraz preruÅ¡iÅ¥ inÅ¡taláciu a " +"aktualizovaÅ¥ schému ppolicy pred aktualizáciou slapd. Ak použÃvate " +"replikáciu, aktualizáciu schémy by ste mali použiÅ¥ na každom serveri " +"predtým, než budete pokraÄovaÅ¥ v aktualizácii." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "Bol vytvorený súbor LDIF so zmenami potrebnými na aktualizáciu:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"takže ak slapd použÃva predvolené pravidlá riadenia prÃstupu, tieto zmeny je " +"možné použiÅ¥ (po spustenà slapd) prÃkazom:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Ak sa namiesto toho rozhodnete pokraÄovaÅ¥ v inÅ¡talácii, nový typ atribúty sa " +"pridá automaticky, ale zmena sa neprejavà v prekrytiach slapd a môže to " +"ovplyvniÅ¥ replikáciu s ostatnými servermi." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "PovoliÅ¥ protokol LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "Zastaraný protokol LDAPv2 je v slapd predvolene zakázaný. Programy a " +#~ "použÃvatelia by mali prejsÅ¥ na LDAPv3. Ak máte staré programy, ktoré " +#~ "nedokážu použÃvaÅ¥ LDAPv3, mali by ste povoliÅ¥ túto možnosÅ¥ a do " +#~ "konfiguraÄného súboru slapd.conf bude pridaný riadok „allow bind_v2â€." diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 0000000..2b40572 --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,537 @@ +# Translation of openldap debconf template to Swedish +# Copyright (C) 2010, 2017 Martin Bagge <brother@bsnet.se> +# This file is distributed under the same license as the openldap package. +# +# Martin Ã…gren <martin.agren@gmail.com>, 2008. +# Martin Bagge <brother@bsnet.se>, 2010, 2017 +msgid "" +msgstr "" +"Project-Id-Version: openldap_2.4.10-2_sv\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-12 14:59+0100\n" +"Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n" +"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.8.11\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Utelämna konfiguration av OpenLDAP-servern?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Om du aktiverar det här alternativet kommer ingen initial konfiguration " +"eller databas att skapas Ã¥t dig." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "alltid " + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "vid behov" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "aldrig" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Dumpa databaser till fil vid uppgradering:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Innan du uppgraderar till en ny version av OpenLDAP-servern, kan datat frÃ¥n " +"dina LDAP-kataloger dumpas till klartextfiler i standardformatet LDAP Data " +"Interchange Format." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Väljer du \"alltid\" kommer databaserna alltid att dumpas före en " +"uppgradering. Väljer du \"vid behov\" kommer databasen bara dumpas om den " +"nya versionen är inkompatibel med det gamla databasformatet och mÃ¥ste " +"Ã¥terimporteras. Om du väljer \"aldrig\", kommer ingen dump göras." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Katalog att dumpa databaser i:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Ange den katalog dit LDAP-databaser ska exporteras. I denna katalog kommer " +"flera LDIF-filer att skapas som svarar mot sökbaserna pÃ¥ servern. Se till " +"att du har tillräckligt med ledigt utrymme pÃ¥ den partition där katalogen " +"finns. Den första förekomsten av strängen \"VERSION\" ersätts med den " +"serverversion du uppgraderar frÃ¥n." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Flytta gammal databas?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Det finns fortfarande filer i /var/lib/ldap/ som troligen kommer göra att " +"konfigurationsprocessen inte fungerar. Om du aktiverar detta val, kommer " +"administrationsskripten att flytta den gamla databasfilen ur vägen innan en " +"ny databas skapas." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Försöka konfigurera igen?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"Konfigurationen du angav är ogiltig. Säkerställ att DNS-domännamnet är " +"syntaktiskt giltigt, att organisationsfältet inte lämnats tomt och att " +"administratörslösenorden överensstämmer. Om du väljer att inte försöka " +"konfigurera igen kommer LDAP-servern inte att ha korrekta inställningar. Kör " +"\"dpkg-reconfigure slapd\" om du vill försöka igen senare." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "DNS-domännamn:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"DNS-domännamnet används för att konstruera bas-DN:et för LDAP-katalogen. " +"Till exempel kommer \"foo.example.org\" att skapa en katalog med \"dc=foo, " +"dc=example, dc=org\" som bas-DN." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Organisationsnamn:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Ange namnet pÃ¥ organisationen som ska användas i bas-DN:et för din LDAP-" +"katalog." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Administratörslösenord:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "Ange lösenordet för admin-posten i LDAP-katalogen." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Bekräfta lösenordet:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Ange administratörslösenordet för din LDAP-katalog igen för att verifiera " +"att du har skrivit in det korrekt." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Lösenorden matchar inte" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "De tvÃ¥ lösenord du har angett var inte lika. Försök igen." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Vill du att databasen ska tas bort när slapd rensas bort?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "slapcat-fel vid uppgradering" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Ett fel inträffade när LDAP-katalogen uppgraderades." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"Programmet \"slapcat\" misslyckades när det extraherade LDAP-katalogen. " +"Detta kan bero pÃ¥ en felaktig konfigurationsfil (till exempel, saknade " +"\"moduleload\"-rader för att stödja bakändsdatabasen)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Detta fel kommer göra att \"slapadd\" misslyckas även senare. Den gamla " +"databasen kommer flyttas till /var/backups. Om du vill försöka utföra den " +"här uppgraderingen igen, behöver du flytta tillbaka de gamla databasfilerna, " +"korrigera det som har fÃ¥tt slapcat att misslyckas och köra:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Flytta sedan tillbaka databasfilerna till ett utrymme för säkerhetskopior " +"och kör slapadd frÃ¥n ${location}." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Databasbakända att använda:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB och BDB använder liknande lagringsformat, men HDB lägger till stöd för " +"namnbyten pÃ¥ underträd. BÃ¥da stödjer samma konfigurationsalternativ." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"MDB-bakändan är rekommenderad. MDB använder ett nytt lagringsformat och " +"behöver mindre inställningar än BDB eller HDB." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"I vilket fall, behöver du se över den resulterande databaskonfigurationen " +"för dina behov. Se /usr/share/doc/slapd/README.Debian.gz för fler detaljer." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Potentiellt osäker rättighetsinställning för slapd" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"En eller flera av de inställda databaserna har rättighetsinställningar som " +"innebär att användare tillÃ¥ts att ändra de flesta av sina attribut. Detta " +"kan vara osäkert, beroende pÃ¥ hur databasen används." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"I fallen där rättighetsinställningarna börjar med \"to *\" är det " +"rekommenderat att ta bort \"by self write\" i förekommande fall. Det fÃ¥r " +"till följd att användare bara fÃ¥r justera specifikt tillÃ¥tna attribut." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Läs /usr/share/doc/slapd/README.Debian.gz för detaljerad information." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "avbryt installation" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "fortsätt oavsett" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Manuell uppdatering av ppolicy-schema rekommenderas" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Den nya versionen av överbryggningen av lösenordspolicyn (ppolicy, password " +"policy) kräver att schemat definierar attributtypen pwdMaxRecordedFailure " +"vilket inte är med i nuvarande schema. Det är rekommenderat att avbryta " +"uppgraderingen nu och uppdatera ppolicy-schemat före uppgraderingen av " +"slapd. Om replikering används mÃ¥ste schemauppdateringen appliceras pÃ¥ alla " +"servrar innan uppgraderingen genomförs." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "En LDIF-fil har skapats med ändringarna som krävs för uppgraderingen:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"om slapd använder standardregler för Ã¥tkomsthantering kan dessa ändringar " +"appliceras (efter att slapd startats) genom följande kommando:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Om du istället fortsätter med installationen kommer den nya attributtypen " +"att läggas till automatiskt men ändringen kommer inte leda till att " +"överbryggad slapd agerar pÃ¥ detta. Replikering till andra servrar kan " +"pÃ¥verkas." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "TillÃ¥t LDAPv2-protokollet?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "Det inte längre aktuella LDAPv2-protokollet är som standard avaktiverat i " +#~ "slapd. Program och använder ska uppgradera till LDAPv3. Om du har gamla " +#~ "program som inte kan använda LDAPv3, behöver du välja detta vilket gör " +#~ "att \"allow bin_v2\" läggs till i din slapd.conf-fil." + +#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand" +#~ msgstr "slurpd är inte aktuell; repliker mÃ¥ste konfigureras för hand" + +#~ msgid "" +#~ "One or more slurpd \"replica\" options were found in your slapd config " +#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, " +#~ "you will need to migrate your replicas to use the syncrepl protocol " +#~ "instead." +#~ msgstr "" +#~ "En eller flera av slurpds \"replica\"-val har hittats i din slapd-" +#~ "konfiguration vid uppgraderingen. Eftersom slurpd inte är aktuell längre " +#~ "frÃ¥n och med OpenLDAP 2.4, kommer du behöva migrera dina repliker till " +#~ "att använda syncrepl-protokollet istället." + +#~ msgid "" +#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be " +#~ "done automatically and you will need to configure your replica servers by " +#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for " +#~ "details." +#~ msgstr "" +#~ "Konverteringen frÃ¥n slurpd till det frÃ¥gebaserade syncrepl-protokollet " +#~ "kan inte göras automatiskt och du kommer behöva konfigurera dina replica-" +#~ "servrar för hand. Se http://www.openldap.org/doc/admin24/syncrepl.html " +#~ "för detaljer." + +#~ msgid "TLSCipherSuite values have changed" +#~ msgstr "Värden pÃ¥ TLSCipherSuite har ändrats" + +#~ msgid "" +#~ "A \"TLSCipherSuite\" option was found in your slapd config when " +#~ "upgrading. The values allowed for this option are determined by the SSL " +#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a " +#~ "result, your existing TLSCipherSuite setting will not work with this " +#~ "package." +#~ msgstr "" +#~ "Ett \"TLSCipherSuite\"-val hittades i din slapd-konfiguration vid " +#~ "uppgraderingen. De värden som tillÃ¥ts för detta val avgörs av den SSL-" +#~ "implementation som används och detta har ändrats frÃ¥n OpenSSL till " +#~ "GnuTLS. Som en följd av detta kommer inte din befintliga TLSCipherSuite-" +#~ "inställning att fungera med det här paketet." + +#~ msgid "" +#~ "This setting has been automatically commented out for you. If you have " +#~ "specific encryption needs that require this option to be re-enabled, see " +#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of " +#~ "ciphers supported by GnuTLS." +#~ msgstr "" +#~ "Den inställning har automatiskt kommenterats ut Ã¥t dig. Om du har " +#~ "särskilda krypteringsbehov som kräver att detta val Ã¥teraktiveras, se " +#~ "utdatat frÃ¥n \"gnutls-cli -l\" i gnutls-bin-paketet för en lista över " +#~ "krypton som stöds av GnuTLS." + +#~ msgid "Back up current database and create a new one?" +#~ msgstr "Säkerhetskopiera aktuell databas och skapa en ny?" + +#~ msgid "" +#~ "The directory suffix (domain) you specified doesn't match the one " +#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires " +#~ "moving aside the current LDAP database and creating a new one. Please " +#~ "confirm whether you want to back up and abandon the current database." +#~ msgstr "" +#~ "Katalogsuffixet (domänen) du angett matchar inte den som för tillfället " +#~ "anges i /etc/ldap/slapd.conf. Om du ändrar katalogsuffixet krävs att du " +#~ "flyttar den nuvarande LDAP-databasen Ã¥ sidan och skapar en ny. Bekräfta " +#~ "att du vill säkerhetskopiera och överge den nuvarande databasen." + +#~ msgid "Change backend type from LDBM to BDB?" +#~ msgstr "Ändra bakändstyp frÃ¥n LDBM till BDB?" + +#~ msgid "" +#~ "The LDBM backend type has serious stability problems and has been " +#~ "deprecated by OpenLDAP as of 2.2. It is no longer supported by the " +#~ "OpenLDAP packages." +#~ msgstr "" +#~ "LDBM-bakändstypen har allvarliga stabilitetsproblem och har blivit " +#~ "utdaterad av OpenLDAP frÃ¥n och med 2.2. Den stöds inte längre av OpenLDAP-" +#~ "paketen." + +#~ msgid "" +#~ "When the BDB backend is used, it must be configured properly. For more " +#~ "information, see /usr/share/doc/slapd/README.DB_CONFIG.gz." +#~ msgstr "" +#~ "När BDB-bakändan används, mÃ¥ste den konfigureras ordentligt. För mer " +#~ "information, se /usr/share/doc/slapd/README.DB_CONFIG.gz." + +#~ msgid "" +#~ "If you enable this option, an attempt will be made to update the " +#~ "configuration to use BDB instead of LDBM and convert the databases. If " +#~ "you do not enable this option, the upgrade will be aborted." +#~ msgstr "" +#~ "Om du aktiverar detta val, kommer ett försök göras att uppdatera " +#~ "konfigurationen till att använda BDB istället för LDBM och konvertera " +#~ "databaserna. Om du inte aktiverar detta val, kommer uppgraderingen att " +#~ "avbrytas." diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000..7936eae --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,363 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openldap package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: openldap\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "" + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" diff --git a/debian/po/tr.po b/debian/po/tr.po new file mode 100644 index 0000000..c99e9fd --- /dev/null +++ b/debian/po/tr.po @@ -0,0 +1,448 @@ +# Turkish debconf templates translation for openldap +# This file is distributed under the same license as the openldap package. +# Atila KOÇ <koc@artielektronik.com.tr>, 2012, 2014, 2017. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-01-13 18:42+0300\n" +"Last-Translator: Atila KOÇ <koc@artielektronik.com.tr>\n" +"Language-Team: Turkish <debian-l10n-turkish@lists.debian.org>\n" +"Language: tr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.8.7.1\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "OpenLDAP sunucu yapılandırması atlansın mı?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Bu seçeneÄŸi seçmeniz durumunda sizin için ne bir ön yapılandırma yapılacak " +"ne de bir veritabanı yaratılacak. " + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "her zaman" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "gerektiÄŸinde" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "hiçbir zaman" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Yükseltme sırasında veritabanlarının dökümü yapılsın mı?:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"Makineniz yeni OpenLDAP sunucu sürümüne yükseltilmeden önce, LDAP " +"dizinlerindeki verileriniz LDAP Veri DeÄŸiÅŸimi Biçimi'nde (LDIF) metin " +"dosyalarına yedeklenebilir." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"\"her zaman\" seçimi veritabanlarının yükseltme öncesinde kayıtsız ÅŸartsız " +"bir dökümünü saÄŸlayacaktır. \"gerektiÄŸinde\" seçimi yeni ile eski sürüm " +"arasında veritabanı biçim farklılığı varsa ve bu nedenle yeni veritabanına " +"eski verilerin sonradan alınması gerekirse döküm yapacaktır. \"hiçbir zaman" +"\" seçeneÄŸini seçerseniz döküm yapılmayacaktır." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "Veritabanı dökümü için kullanılacak dizin:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"LDAP veritabanlarının dışa aktarımı için bir dizin belirtiniz. Bu dizine " +"sunucuda varolan arama tabanlarına karşılık gelen bir çok LDIF dosyası " +"kaydedilecektir. Ä°lgili dizinin bulunduÄŸu disk bölümünde yeterince boÅŸ alan " +"olduÄŸundan emin olunuz. \"VERSION\" dizgesi ilk görüldüğü yerde yükseltme " +"iÅŸleminden önceki sunucu sürümünüzle deÄŸiÅŸtirilecektir." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Eski veritabanı taşınsın mı?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"/var/lib/ldap dizininde yapılandırma sürecini bozabilecek bazı dosyalar " +"bulunmaktadır. Bu seçeneÄŸi seçerseniz, bakımcı betikleri yeni bir veritabanı " +"yaratmadan önce bu eski veritabanı dosyalarını baÅŸka bir yere taşıyacaktır." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Yapılandırma yeniden denensin mi?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"GirdiÄŸiniz yapılandırma ayarları geçersiz. DNS alan adının sözdizimsel " +"olarak geçerli olduÄŸundan, örgüt adı için ayrılmış alanın boÅŸ olmadığından " +"ve yönetici parolalarının uyumlu olduÄŸundan emin olunuz. Yapılandırmayı " +"yeniden denemeyi seçmezseniz LDAP sunucu kurulmayacaktır. Kurulumu sonra " +"denemek isterseniz, 'dpkg-reconfigure slapd' komutunu çalıştırın." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "DNS alan adı:" + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"DNS alan adı LDAP dizinin temel DN yapılandırması için kullanılmıştır. " +"ÖrneÄŸin, 'gecici.example.org' alan adı 'dc=gecici, dc=example, dc=org' temel " +"DN'ye sahip dizini yaratacaktır." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Örgüt adı:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "LDAP dizininizin temel DN'si olarak kullanılacak örgüt adını giriniz." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Yönetici parolası:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "LDAP dizini yöneticisi için parola giriniz." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Parolayı doÄŸrulayınız:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"LDAP dizini yönetici parolasını tekrar giriniz ve doÄŸru yazdığınızdan emin " +"olunuz." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Parola uyumsuzluÄŸu" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "GirdiÄŸiniz iki parola aynı deÄŸil, lütfen tekrar deneyiniz." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "" +"slapd paketi tamamen kaldırıldığında veritabanının da kaldırılmasını ister " +"misiniz?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "Yükseltme sırasında 'slapcat' hatası" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "LDAP dizini yükseltilirken bir hata oluÅŸtu." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"'slapcat' programı LDAP dizinini dışa aktarırken baÅŸarısız oldu. Buna hatalı " +"bir yapılandırma dosyası neden olmuÅŸ olabilir (örneÄŸin, arka uç " +"veritabanlarını desteklemek için gerekli 'moduleload' satırlarının eksik " +"olması gibi)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Bu hata 'slapadd' programının da hata vermesine neden olacaktır. Eski " +"veritabanı dosyaları /var/backups dizinine taşınacaktır. EÄŸer bu yükseltmeyi " +"yeniden denemek isterseniz, eski veritabanı dosyalarını yerlerine geri " +"almalı, 'slapcat' programının hatasına neden olan her ne ise düzeltmeli ve " +"aÅŸağıdaki komutu çalıştırmalısınız:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Daha sonra veritabanı dosyalarını bir yedekleme alanına geri taşıyın ve " +"${location} konumundan 'slapadd' komutunu çalıştırınız." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Kullanılacak veritabanı arka ucu:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB ve BDB benzer depolama biçimleri kullanırlar, fakat HDB alt aÄŸaç yeniden " +"adlandırmalarına olanak tanır. Her ikisi de aynı yapılandırma seçeneklerini " +"desteklerler." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"MDB arka ucu önerilir. MDB yeni bir depolama biçimi kullanır ve BDB ya da " +"HDB'ye göre daha az yapılandırma gerektirir." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Her durumda sonuçlanan veritabanı yapılandırmasının gereksinimlerinize " +"uyduÄŸundan emin olmalısınız. Daha fazla bilgi için /usr/share/doc/slapd/" +"README.Debian.gz dosyasını okuyunuz." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Olası güvensiz slapd eriÅŸim denetimi yapılandırması" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Yapılandırılmış bir ya da daha fazla veritabanında, kullanıcıların " +"kendilerine ait bir çok özelliÄŸi deÄŸiÅŸtirmesine izin veren bir eriÅŸim " +"denetimi kuralı var. Bu durum, veritabanı kullanım ÅŸekline baÄŸlı olarak, " +"güvenli olmayabilir." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"\"to *\" ile baÅŸlayan slapd eriÅŸim kurallarında, kullanıcıların yalnızca " +"deÄŸiÅŸtirilmesine izin verilmiÅŸ özellikleri deÄŸiÅŸtirebilmeleri için, tüm \"by " +"self write\" alanlarının kaldırılması önerilir." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Daha fazla bilgi için /usr/share/doc/slapd/README.Debian.gz dosyasını " +"okuyunuz." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "kurulumdan çık" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "yine de sürdür" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "ppolicy ÅŸemasının elle yükseltilmesi öneriliyor" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Parola ilkesi katmanının (ppolicy) yeni sürümü, ÅŸu anda kullanılmakta olan " +"ÅŸemanın içermediÄŸi pwdMaxRecordedFailure özniteliÄŸinin ÅŸemada tanımlanmasını " +"gerektiriyor. Åžimdi kurulumdan çıkmanız ve slapd yükseltmesine baÅŸlamadan " +"önce ppolicy ÅŸemasını güncellemeniz önerilir. EÄŸer dizinlerinizi kopyalayan " +"baÅŸka sunucular varsa, yükseltmeye baÅŸlamadan önce bütün sunuculardaki " +"ÅŸemaları güncellemeniz gerekiyor." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "" +"Yükseltme için gerekli deÄŸiÅŸiklikleri içeren bir LDIF dosyası oluÅŸturuldu:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"EÄŸer slapd öntanımlı eriÅŸim denetimi kurallarını kullanıyorsa, bu " +"deÄŸiÅŸiklikler slapd baÅŸlatıldıktan sonra aÅŸağıdaki komutu çalıştırarak " +"uygulanabilir:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"EÄŸer kurulumu sürdürmeyi yeÄŸlerseniz, yeni öznitelik kendiliÄŸinden eklenecek " +"fakat bu deÄŸiÅŸim slapd katmanlarında hayata geçmeyecek ve dizinleri " +"kopyalayan sunucular varsa bu durumdan etkilenebileceklerdir." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "LDAPv2 iletiÅŸim kuralına izin verilsin mi?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "EskimiÅŸ LDAPv2 iletiÅŸim kuralı slapd yapılandırmasında öntanımlı olarak " +#~ "devre dışı bırakılmıştır. Programlar ve kullanıcılar LDAPv3 iletiÅŸim " +#~ "kuralına geçmelidirler. LDAPv3 iletiÅŸim kuralına geçemeyecek eski " +#~ "programlarınız varsa slapd.conf dosyasına 'allow bind_v2' satırını " +#~ "ekleyecek olan bu seçeneÄŸi seçmelisiniz." diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100644 index 0000000..99bddf9 --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,446 @@ +# Vietnamese translation for OpenLDAP. +# Copyright © 2010 Free Software Foundation, Inc. +# Clytie Siddall <clytie@riverland.net.au>, 2005-2010. +# Trần Ngá»c Quân <vnwildman@gmail.com>, 2014, 2017. +# +msgid "" +msgstr "" +"Project-Id-Version: openldap 2.4.44+dfsg-4\n" +"Report-Msgid-Bugs-To: openldap@packages.debian.org\n" +"POT-Creation-Date: 2017-06-25 02:57+0000\n" +"PO-Revision-Date: 2017-02-09 13:57+0700\n" +"Last-Translator: Trần Ngá»c Quân <vnwildman@gmail.com>\n" +"Language-Team: Vietnamese <debian-l10n-vietnamese@lists.debian.org>\n" +"Language: vi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Gtranslator 2.91.7\n" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "Omit OpenLDAP server configuration?" +msgstr "Bá» qua bÆ°á»›c cấu hình trình phục vụ OpenLDAP?" + +#. Type: boolean +#. Description +#: ../slapd.templates:1001 +msgid "" +"If you enable this option, no initial configuration or database will be " +"created for you." +msgstr "" +"Báºt tùy chá»n nà y thì không tạo cho bạn cấu hình hay cÆ¡ sở dữ liệu đầu tiên." + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "always" +msgstr "luôn luôn" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "when needed" +msgstr "khi cần thiết" + +#. Type: select +#. Choices +#: ../slapd.templates:2001 +msgid "never" +msgstr "không bao giá»" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "Dump databases to file on upgrade:" +msgstr "Äổ các cÆ¡ sở dữ liệu và o táºp tin khi nâng cấp:" + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Before upgrading to a new version of the OpenLDAP server, the data from your " +"LDAP directories can be dumped into plain text files in the standard LDAP " +"Data Interchange Format." +msgstr "" +"TrÆ°á»›c khi nâng cấp lên phiên bản má»›i của trình phục vụ OpenLDAP, dữ liệu nằm " +"trong các thÆ° mục LDAP có thể được đổ và o táºp tin nháºp thô theo định dạng " +"trao đổi dữ liệu LDAP tiêu chuẩn." + +#. Type: select +#. Description +#: ../slapd.templates:2002 +msgid "" +"Selecting \"always\" will cause the databases to be dumped unconditionally " +"before an upgrade. Selecting \"when needed\" will only dump the database if " +"the new version is incompatible with the old database format and it needs to " +"be reimported. If you select \"never\", no dump will be done." +msgstr "" +"Chá»n mục “luôn luôn†thì gây ra các cÆ¡ sở dữ liệu bị đổ má»™t cách không Ä‘iá»u " +"kiện trÆ°á»›c khi nâng cấp. Chá»n “khi cần thiết†thì chỉ đổ cÆ¡ sở dữ liệu nếu " +"phiên bản má»›i không tÆ°Æ¡ng thÃch vá»›i định dạng cÆ¡ sở dữ liệu cÅ© và cần phải " +"nháºp lại nó. Còn chá»n “không bao giá»â€ thì không đổ gì." + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "Directory to use for dumped databases:" +msgstr "ThÆ° mục dùng để đổ cÆ¡ sở dữ liệu:" + +#. Type: string +#. Description +#: ../slapd.templates:3001 +msgid "" +"Please specify the directory where the LDAP databases will be exported. In " +"this directory, several LDIF files will be created which correspond to the " +"search bases located on the server. Make sure you have enough free space on " +"the partition where the directory is located. The first occurrence of the " +"string \"VERSION\" is replaced with the server version you are upgrading " +"from." +msgstr "" +"Ghi rõ tên thÆ° mục và o đó cần xuất các cÆ¡ sở dữ liệu LDAP. Trong thÆ° mục nà y " +"thì tạo và i táºp tin LDIF tÆ°Æ¡ng ứng vá»›i những cÆ¡ bản tìm kiếm nằm trên máy " +"phục vụ. Hãy kiểm tra xem vẫn có đủ sức chứa trống trong phân vùng đó. Lần " +"đầu tiên gặp chuá»—i “VERSION†(phiên bản) thì được thay thế bằng phiên bản từ " +"đó bạn Ä‘ang nâng cấp." + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "Move old database?" +msgstr "Di chuyển cÆ¡ sở dữ liệu cÅ©?" + +#. Type: boolean +#. Description +#: ../slapd.templates:4001 +msgid "" +"There are still files in /var/lib/ldap which will probably break the " +"configuration process. If you enable this option, the maintainer scripts " +"will move the old database files out of the way before creating a new " +"database." +msgstr "" +"Vẫn còn có má»™t số táºp tin nằm trong thÆ° mục “/var/lib/ldap†mà rất có thể " +"là m há»ng tiến trình cấu hình. Báºt tùy chá»n nà y thì văn lệnh bảo trì chuyển " +"các táºp tin cÆ¡ sở dữ liệu ra trÆ°á»›c khi tạo má»™t cÆ¡ sở dữ liệu má»›i." + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "Retry configuration?" +msgstr "Thá» cấu hình lại?" + +#. Type: boolean +#. Description +#: ../slapd.templates:5001 +msgid "" +"The configuration you entered is invalid. Make sure that the DNS domain name " +"is syntactically valid, the field for the organization is not left empty and " +"the admin passwords match. If you decide not to retry the configuration the " +"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to " +"retry later." +msgstr "" +"Bạn đã nháºp má»™t cấu hình không hợp lệ. Hãy kiểm tra lại tên miá»n DNS có cú " +"pháp đúng, không bá» trống trÆ°á»ng tổ chức, và có hai máºt khẩu quản lý trùng " +"nhau. Nếu bạn quyết định không nên thá» lại là m bÆ°á»›c cấu hình thì không cà i " +"đặt trình phục vụ LDAP. Muốn thá» lại vá» sau thì chạy lệnh cấu hình lại “dpkg-" +"reconfigure slapdâ€." + +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "DNS domain name:" +msgstr "Tên miá»n DNS:" + +# The DNS domain name is used to construct the base DN of your LDAP +# directory. Entering foo.bar.org will give you the base DN dc=foo, dc=bar, +# dc=org. +#. Type: string +#. Description +#: ../slapd.templates:6001 +msgid "" +"The DNS domain name is used to construct the base DN of the LDAP directory. " +"For example, 'foo.example.org' will create the directory with 'dc=foo, " +"dc=example, dc=org' as base DN." +msgstr "" +"Tên miá»n DNS được dùng để cấu trúc tên miá»n cÆ¡ bản của thÆ° mục LDAP. Chẳng " +"hạn, “foo.thÃ_dụ.org†sẽ tạo thÆ° mục có “dc=foo, dc=thÃ_dụ, dc=org†là tên " +"miá»n cÆ¡ bản." + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "Organization name:" +msgstr "Tên tổ chức:" + +#. Type: string +#. Description +#: ../slapd.templates:7001 +msgid "" +"Please enter the name of the organization to use in the base DN of your LDAP " +"directory." +msgstr "" +"Hãy nháºp tên của tổ chức cần dùng trong tên miá»n cÆ¡ bản của thÆ° mục LDAP." + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Administrator password:" +msgstr "Máºt khẩu quản trị:" + +#. Type: password +#. Description +#: ../slapd.templates:8001 +msgid "Please enter the password for the admin entry in your LDAP directory." +msgstr "Hãy nháºp máºt khẩu cho mục nháºp quản trị trong thÆ° mục LDAP của bạn." + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "Confirm password:" +msgstr "Xác nháºn máºt khẩu:" + +#. Type: password +#. Description +#: ../slapd.templates:9001 +msgid "" +"Please enter the admin password for your LDAP directory again to verify that " +"you have typed it correctly." +msgstr "" +"Hãy nháºp lại máºt khẩu quản trị cho thÆ° mục LDAP để xác nháºn lại bạn đã gõ " +"đúng." + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "Password mismatch" +msgstr "Máºt khẩu không khá»›p" + +#. Type: note +#. Description +#: ../slapd.templates:10001 +msgid "The two passwords you entered were not the same. Please try again." +msgstr "Bạn đã gõ hai máºt khẩu khác nhau. Hãy thá» lại." + +#. Type: boolean +#. Description +#: ../slapd.templates:11001 +msgid "Do you want the database to be removed when slapd is purged?" +msgstr "Khi tẩy gói phần má»m slapd, bạn có muốn xóa bá» cÆ¡ sở dữ liệu Ä‘i không?" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "slapcat failure during upgrade" +msgstr "slapcat gặp lá»—i trong khi nâng cấp" + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "An error occurred while upgrading the LDAP directory." +msgstr "Gặp lá»—i trong khi nâng cấp thÆ° mục LDAP." + +#. Type: error +#. Description +#: ../slapd.templates:14001 +msgid "" +"The 'slapcat' program failed while extracting the LDAP directory. This may " +"be caused by an incorrect configuration file (for example, missing " +"'moduleload' lines to support the backend database)." +msgstr "" +"ChÆ°Æ¡ng trình “slapcat†bị lá»—i trong khi giải nén thÆ° mục LDAP. Có thể do má»™t " +"táºp tin cấu hình sai (v.d. thiếu dòng “moduleload†để há»— trợ cÆ¡ sở dữ liệu " +"ứng dụng chạy phÃa sau)." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph +#. containing a command line +#: ../slapd.templates:14001 +msgid "" +"This failure will cause 'slapadd' to fail later as well. The old database " +"files will be moved to /var/backups. If you want to try this upgrade again, " +"you should move the old database files back into place, fix whatever caused " +"slapcat to fail, and run:" +msgstr "" +"Lá»—i nà y cÅ©ng sẽ là nguyên nhân là m cho tiến trình “slapadd†thất bại vá» sau. " +"Các táºp tin cÆ¡ sở dữ liệu cÅ© sẽ được di chuyển và o thÆ° mục “/var/backupsâ€. " +"Muốn thá» lại tiến trình nâng cấp thì bạn nên di chuyển các táºp tin cÆ¡ sở dữ " +"liệu cÅ© vá» nÆ¡i gốc, sá»a chữa những gì là m cho slapcat bị lá»—i, và chạy câu " +"lệnh:" + +#. Type: error +#. Description +#. Translators: keep "${location}" unchanged. This is a variable that +#. will be replaced by a directory name at execution +#: ../slapd.templates:14001 +msgid "" +"Then move the database files back to a backup area and then try running " +"slapadd from ${location}." +msgstr "" +"Sau đó, hãy di chuyển các táºp tin cÆ¡ sở dữ liệu sang má»™t vùng sao lÆ°u, và " +"thá» chạy trình slapadd từ vị trà “${location}â€." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "Database backend to use:" +msgstr "Ứng dụng chạy cÆ¡ sở dữ liệu cần dùng:" + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"HDB and BDB use similar storage formats, but HDB adds support for subtree " +"renames. Both support the same configuration options." +msgstr "" +"HDB và BDB dùng định dạng lÆ°u trữ tÆ°Æ¡ng tá»± nhau, nhÆ°ng HDB thêm há»— trợ để " +"thay đổi tên của cây con. Cả hai há»— trợ cùng những tùy chá»n cấu hình." + +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"The MDB backend is recommended. MDB uses a new storage format and requires " +"less configuration than BDB or HDB." +msgstr "" +"Khuyên bạn dùng ứng dụng chạy phÃa sau MDB. MDB dùng định dạng lÆ°u trữ má»›i " +"và phần cấu hình cÅ©ng Ãt hÆ¡n là BDB hay HDB." + +# The BDB backend is the recommended choice of the OpenLDAP developers. +# When using the BDB backend make sure that you configure the underlying +# database for your requirements. Look into /usr/share/doc/slapd/README. +# DB_CONFIG.gz +#. Type: select +#. Description +#: ../slapd.templates:15001 +msgid "" +"In any case, you should review the resulting database configuration for your " +"needs. See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "" +"Trong má»—i trÆ°á»ng hợp, bạn nên xem lại cấu hình cÆ¡ sở dữ liệu kết quả có " +"thÃch hợp vá»›i nhu cầu của bạn. Xem tà i liệu Äá»c Äi “/usr/share/doc/slapd/" +"README.DB_CONFIG.gz†để tìm chi tiết." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "Potentially unsafe slapd access control configuration" +msgstr "Cấu hình Ä‘iá»u khiển truy cáºp slapd tiá»m ẩn sá»± thiếu an toà n" + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "" +"One or more of the configured databases has an access control rule that " +"allows users to modify most of their own attributes. This may be unsafe, " +"depending on how the database is used." +msgstr "" +"Có má»™t hay hÆ¡n cÆ¡ sở dữ liệu cấu hình có chứa quy tắc Ä‘iá»u khiển truy cáºp mà " +"nó lại cho phép ngÆ°á»i dùng sá»a đổi phần lá»›n các thuá»™c tÃnh mà há» sở hữu. NhÆ° " +"váºy là thiếu an toà n, còn tùy thuá»™c và o cÆ¡ sở dữ liệu dùng để là m gì." + +#. Type: note +#. Description +#. Translators: keep "by self write" and "to *" unchanged. These are part +#. of the slapd configuration and are not translatable. +#: ../slapd.templates:16001 +msgid "" +"In the case of slapd access rules that begin with \"to *\", it is " +"recommended to remove any instances of \"by self write\", so that users are " +"only able to modify specifically allowed attributes." +msgstr "" +"Trong trÆ°á»ng hợp quy tắc truy cáºp slapd mà bắt đầu bằng \"to *\", khuyên bạn " +"nên xóa bá» má»i thá»±c thể \"by self write\", nhÆ° thế ngÆ°á»i dùng chỉ có thể sá»a " +"các thuá»™c tÃnh cho phép đã chỉ ra." + +#. Type: note +#. Description +#: ../slapd.templates:16001 +msgid "See /usr/share/doc/slapd/README.Debian.gz for more details." +msgstr "Äá»c /usr/share/doc/slapd/README.Debian.gz để biết thêm chi tiết." + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "abort installation" +msgstr "hủy bá» cà i đặt" + +#. Type: select +#. Choices +#: ../slapd.templates:17001 +msgid "continue regardless" +msgstr "vẫn tiếp tục" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "Manual ppolicy schema update recommended" +msgstr "Khuyến khÃch cáºp nháºt lược đồ ppolicy" + +#. Type: select +#. Description +#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#: ../slapd.templates:17002 +msgid "" +"The new version of the Password Policy (ppolicy) overlay requires the schema " +"to define the pwdMaxRecordedFailure attribute type, which is not present in " +"the schema currently in use. It is recommended to abort the upgrade now, and " +"to update the ppolicy schema before upgrading slapd. If replication is in " +"use, the schema update should be applied on every server before continuing " +"with the upgrade." +msgstr "" +"Phiên bản má»›i của overlay ChÃnh sách Máºt khẩu (ppolicy) cần lược đồ để định " +"nghÄ©a kiểu thuá»™c tÃnh pwdMaxRecordedFailure, cái mà không hiện diện trong " +"lược đồ hiện Ä‘ang dùng. Khuyến khÃch bạn bây giá» bãi bá» nâng cấp, và cáºp " +"nháºt lược đồ trÆ°á»›c khi nâng cấp slapd. Nếu bản sao Ä‘ang dùng, cáºp nháºt lược " +"đồ có thể được áp dụng cho má»i máy phục vụ trÆ°á»›c khi tiếp tục vá»›i nâng cấp." + +#. Type: select +#. Description +#. This paragraph is followed by the path to the generated file (not +#. translatable). The sentence continues in the following paragraph. +#: ../slapd.templates:17002 +msgid "" +"An LDIF file has been generated with the changes required for the upgrade:" +msgstr "Má»™t táºp tin LDIF đã được tạo vá»›i các thay đổi theo yêu cầu cáºp nháºt:" + +#. Type: select +#. Description +#. This paragraph continues the sentence started in the previous +#. paragraph. It is followed by a command line. +#: ../slapd.templates:17002 +msgid "" +"so if slapd is using the default access control rules, these changes can be " +"applied (after starting slapd) by using the command:" +msgstr "" +"nhÆ° váºy nếu slapd Ä‘ang sá» dụng các quy tắc Ä‘iá»u khiển truy cáºp mặc định, " +"những thay đổi có thể được áp dụng (sau khi khởi Ä‘á»™ng slapd) bằng cách dùng " +"lệnh:" + +#. Type: select +#. Description +#: ../slapd.templates:17002 +msgid "" +"If instead you choose to continue the installation, the new attribute type " +"will be added automatically, but the change will not be acted on by slapd " +"overlays, and replication with other servers may be affected." +msgstr "" +"Nếu thay và o đó bạn chá»n tiếp tục cà i đặt, kiểu thuá»™c tÃnh má»›i sẽ được thêm " +"má»™t cách tá»± Ä‘á»™ng, nhÆ°ng thay đổi sẽ không được thá»±c hiện trên các overlay " +"slapd, và bản sao vá»›i các máy phục vụ khác có thể chịu tác Ä‘á»™ng." + +#~ msgid "Allow LDAPv2 protocol?" +#~ msgstr "Cho phép giao thức LDAPv2?" + +#~ msgid "" +#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs " +#~ "and users should upgrade to LDAPv3. If you have old programs which can't " +#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be " +#~ "added to your slapd.conf file." +#~ msgstr "" +#~ "Giao thức LDAPv2 (phiên bản 2) cÅ© bị tắt theo mặc định trong slapd. Các " +#~ "chÆ°Æ¡ng trình và ngÆ°á»i dùng Ä‘á»u nên nâng cấp lên LDAPv3 (phiên bản 3). Có " +#~ "chÆ°Æ¡ng trình cÅ© không thể dùng LDAPv3 thì bạn nên báºt tùy chá»n nà y và " +#~ "thêm chuá»—i “allow bind_v2†và o táºp tin cấu hình “slapd.confâ€." diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..b6283e2 --- /dev/null +++ b/debian/rules @@ -0,0 +1,226 @@ +#!/usr/bin/make -f + +# Set this variable if you're building packages outside of Debian and don't +# want the checks for DFSG-freeness. +#DFSG_NONFREE = 1 + +export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE +export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow + +# Workaround for bad glibc behavior when resolving localhost +export RESOLV_MULTI = off + +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) +DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) + +CONFIG = $(shell grep -v "^\#" debian/configure.options) +ifeq ($(DEB_HOST_ARCH_OS),hurd) + CONFIG += --disable-bdb --disable-hdb --disable-mdb +endif +ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),) + CONFIG += --disable-slapd +endif + +CONTRIB_MODULES = autogroup lastbind passwd passwd/pbkdf2 passwd/sha2 smbk5pwd + +# Ensure CC is set correctly for cross builds, unless it has already +# been set explicitly. +ifeq ($(origin CC),default) + export CC := $(DEB_HOST_GNU_TYPE)-gcc +endif + +installdir := $(CURDIR)/debian/tmp +builddir := $(CURDIR)/debian/build +slapddir := $(CURDIR)/debian/slapd/usr/sbin + +MAKEVARS := STRIP= + +# Standard variables used in contrib Makefiles. +# We override these in make invocations rather than patch every one. +CONTRIB_MAKEVARS := \ + LDAP_BUILD='$(builddir)' \ + prefix=/usr \ + ldap_subdir=/ldap \ + moduledir='$$(libdir)$$(ldap_subdir)' + +# These variables are used only by get-orig-source, which will normally only +# be run by maintainers. +VERSION = $(shell dpkg-parsechangelog |grep Version| sed 's/.*: //;s/\+dfsg//;s/-.*//') +URL = http://www.openldap.org/software/download/OpenLDAP/openldap-release/ + +# Download the upstream source and make changes as required for DFSG reasons. +# Assumes wget is available, as this is generally only used by the package +# maintainers. +get-orig-source: + @if [ ! -d "debian/schema" ] ; then \ + echo 'Run this from the top directory of the Debian source' >&2; \ + exit 1; \ + fi + wget $(URL)/openldap-$(VERSION).tgz + tar xzf openldap-$(VERSION).tgz + rm -r openldap-$(VERSION)/doc/drafts + rm -r openldap-$(VERSION)/doc/rfc + set -e; for schema in debian/schema/*.schema debian/schema/*.ldif ; do \ + file=`basename "$$schema"`; \ + rm openldap-$(VERSION)/servers/slapd/schema/$$file; \ + done + mv openldap-$(VERSION) openldap-$(VERSION)+dfsg + tar cf openldap_$(VERSION)+dfsg.orig.tar openldap-$(VERSION)+dfsg + rm -r openldap-$(VERSION)+dfsg + gzip -9 openldap_$(VERSION)+dfsg.orig.tar + +DH = dh $@ --builddirectory=$(builddir) +.PHONY: build +build: + $(DH) +%: + $(DH) + +# Only contrib/ldapc++ uses Automake, so special care is needed to update +# config.guess and config.sub at the top level. +autoreconf: + autoreconf -f -i . contrib/ldapc++ + cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub build/ + +override_dh_autoreconf: + dh_autoreconf debian/rules -- autoreconf + +override_dh_auto_configure: + # Check if we include the RFCs, Internet-Drafts, or upstream schemas + # with RFC text (which are non DFSG-free). You can set DFSG_NONFREE + # to build the packages from the unchanged upstream sources but Debian + # can not ship the RFCs in main so this test is here to make sure it + # does not get in by accident again. -- Torsten + if [ -z "$(DFSG_NONFREE)" ]; then \ + if [ -e doc/drafts ] || [ -e doc/rfc ]; then exit 1; fi; \ + if [ -e servers/slapd/schema/core.schema ] \ + && grep -q 'RFC 4519 definition' servers/slapd/schema/core.schema; \ + then \ + exit 1; \ + fi; \ + fi + + # Copy our stripped schema versions into where upstream expects them. + if [ -z "$(DFSG_NONFREE)" ]; then \ + cp debian/schema/*.schema debian/schema/*.ldif \ + servers/slapd/schema/; \ + fi + + dh_auto_configure -- $(CONFIG) + +override_dh_auto_build: + dh_auto_build -- $(MAKEVARS) +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) + for mod in $(CONTRIB_MODULES); do \ + dh_auto_build -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) || exit $$?; \ + done +endif + +override_dh_auto_test: +ifeq ($(DEB_HOST_ARCH),ppc64el) + # Disable test060-mt-host on ppc64el until #866122 is fixed. + rm -f tests/scripts/test060-mt-hot +endif + dh_auto_test + +override_dh_auto_install: + dh_auto_install -- $(MAKEVARS) +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) + for mod in $(CONTRIB_MODULES); do \ + dh_auto_install -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) || exit $$?; \ + done + + # Empty the dependency_libs file in the .la files. + for F in $(installdir)/usr/lib/ldap/*.la; do \ + sed -i "s/^dependency_libs=.*/dependency_libs=''/" $$F; \ + done +endif + + # Check all built libraries for unresolved symbols except for the + # libslapi library. It is a special case since the SLAPI interface + # depends on symbols defined in slapd itself. Those symbols will + # remain unresolved until the plugin is loaded into slapd. + for F in $(installdir)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.*.*.*; do \ + if echo "$$F" | grep -q libslapi ; then \ + continue; \ + fi; \ + if LD_LIBRARY_PATH=$(installdir)/usr/lib/$(DEB_HOST_MULTIARCH) ldd -d -r $$F 2>&1 | grep '^undefined symbol:'; then \ + echo; \ + echo "library $$F has undefined references. Please fix this before continuing."; \ + exit 1; \ + fi; \ + done + + # Upstream manpages are section 8C but installed as section 8 + find $(installdir)/usr/share/man -name \*.8 \ + | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#' + +override_dh_installinit: + dh_installinit -- "defaults 19 80" + +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) +override_dh_installman: + dh_installman + rm -f $(CURDIR)/debian/slapd/usr/share/man/man5/slapo-smbk5pwd.* + +override_dh_fixperms-arch: + dh_fixperms + chmod +x $(CURDIR)/debian/slapd/usr/share/slapd/ldiftopasswd +endif + +override_dh_strip: + dh_strip -plibldap-2.4-2 --dbgsym-migration='libldap-2.4-2-dbg (<< 2.4.45+dfsg-1~)' +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) + dh_strip -pslapd --dbgsym-migration='slapd-dbg (<< 2.4.45+dfsg-1~)' +endif + dh_strip --remaining-packages +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) + # hardlink these so not confined by apparmor; do this here and not + # in dh_link so that dh_strip doesn't get confused and put the wrong + # binary in the debug package. + for f in slapacl slapadd slapauth slapcat slapdn slapindex slappasswd slaptest slapschema ; do \ + ln -f $(slapddir)/slapd $(slapddir)/$$f ; \ + done +endif + +override_dh_link: + for pkg in libldap2-dev libldap-2.4-2; do \ + sed -e"s/\$${DEB_HOST_MULTIARCH}/$(DEB_HOST_MULTIARCH)/g" < debian/$$pkg.links.in > debian/$$pkg.links; \ + done + dh_link + +override_dh_makeshlibs: +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) + echo "slapd:Provides=$$(objdump -p debian/slapd/usr/lib/$(DEB_HOST_MULTIARCH)/libslapi-*.so.* \ + | sed -ne '/SONAME/ { s/[[:space:]]*SONAME[[:space:]]*//; \ + s/\.so\./-/; p; q }' \ + )" >> debian/slapd.substvars + dh_makeshlibs -pslapd -X/usr/lib/ldap/ -V "$$(sed -ne's/slapd:Provides=//p' debian/slapd.substvars)" +endif + dh_makeshlibs --remaining-packages + +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) +override_dh_installdeb: + dh_installdeb + perl -w debian/dh_installscripts-common -p slapd +endif + +override_dh_auto_clean: + dh_auto_clean + # Update translation templates for debconf + debconf-updatepo +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) + # Remove our stripped schema from the upstream source area. + if [ -z "$(DFSG_NONFREE)" ]; then \ + set -e; for s in debian/schema/*.schema debian/schema/*.ldif; do \ + rm -f servers/slapd/schema/`basename $$s`; \ + done; \ + fi + + # Clean the contrib directory + for mod in $(CONTRIB_MODULES); do \ + dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \ + done +endif diff --git a/debian/schema/README b/debian/schema/README new file mode 100644 index 0000000..e601c45 --- /dev/null +++ b/debian/schema/README @@ -0,0 +1,15 @@ +This directory contains stripped versions of schema files that the +OpenLDAP distribution includes in servers/slapd/schema. The original +versions as distributed upstream contain text from the RFCs embedded as +comments, and that text is covered by the Internet Society license which +does not meet the Debian Free Software Guidelines. (It doesn't permit +creation and distribution of modified versions.) Accordingly, Debian +cannot include the original versions of these files in Debian packages. + +Instead, in this directory are equivalent versions of those files with all +of the text taken from IETF RFCs or Internet-Drafts removed and only the +functional schema definition retained. + +Where possible, the schema files as distributed by the OpenLDAP project +are retained. This is only done where RFC or Internet-Draft text is +embedded in the schema file and covered by the Internet Society license. diff --git a/debian/schema/collective.schema b/debian/schema/collective.schema new file mode 100644 index 0000000..c3dc1a1 --- /dev/null +++ b/debian/schema/collective.schema @@ -0,0 +1,65 @@ +# collective.schema -- Collective attribute schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.2 2007/08/31 23:14:06 quanah Exp $ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2007 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 3671, at (among other +# places): http://www.ietf.org/rfc/rfc3671.txt + +attributeType ( 2.5.4.7.1 NAME 'c-l' + SUP l COLLECTIVE ) + +attributeType ( 2.5.4.8.1 NAME 'c-st' + SUP st COLLECTIVE ) + +attributeType ( 2.5.4.9.1 NAME 'c-street' + SUP street COLLECTIVE ) + +attributeType ( 2.5.4.10.1 NAME 'c-o' + SUP o COLLECTIVE ) + +attributeType ( 2.5.4.11.1 NAME 'c-ou' + SUP ou COLLECTIVE ) + +attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress' + SUP postalAddress COLLECTIVE ) + +attributeType ( 2.5.4.17.1 NAME 'c-PostalCode' + SUP postalCode COLLECTIVE ) + +attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox' + SUP postOfficeBox COLLECTIVE ) + +attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' + SUP physicalDeliveryOfficeName COLLECTIVE ) + +attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber' + SUP telephoneNumber COLLECTIVE ) + +attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber' + SUP telexNumber COLLECTIVE ) + +attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' + SUP facsimileTelephoneNumber COLLECTIVE ) + +attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' + SUP internationalISDNNumber COLLECTIVE ) + diff --git a/debian/schema/compare-schema b/debian/schema/compare-schema new file mode 100755 index 0000000..ce6b80c --- /dev/null +++ b/debian/schema/compare-schema @@ -0,0 +1,26 @@ +#!/bin/sh +# +# Compare the stripped versions of the schema with the unmodified versions +# from the source as distributed upstream and find any non-comment changes +# so that our stripped versions can be updated. +# +# Takes the directory containing our stripped schema and the directory +# containing the upstream schema. Uses the first directory as a working +# area. + +set -e + +ours="$1" +theirs="$2" +if [ -z "$ours" ] || [ -z "$theirs" ] ; then + echo 'Usage: compare-schema <debian-schema-dir> <openldap-schema-dir>' >&2 + exit 1 +fi + +cd $ours +for schema in *.schema *.ldif ; do + grep -v '^#' "$schema" | grep -v '^ *$' > "${schema}.debian" + grep -v '^#' "$theirs/$schema" | grep -v '^ *$' > "${schema}.upstream" + diff -u "${schema}.debian" "${schema}.upstream" + rm "${schema}.debian" "${schema}.upstream" +done diff --git a/debian/schema/corba.schema b/debian/schema/corba.schema new file mode 100644 index 0000000..918e9df --- /dev/null +++ b/debian/schema/corba.schema @@ -0,0 +1,61 @@ +# corba.schema -- Corba Object Schema +# depends upon core.schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $ +# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2007 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 2714, at (among other +# places): http://www.ietf.org/rfc/rfc2714.txt + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14 + NAME 'corbaIor' + DESC 'Stringified interoperable object reference of a CORBA object' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15 + NAME 'corbaRepositoryId' + DESC 'Repository ids of interfaces implemented by a CORBA object' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10 + NAME 'corbaContainer' + DESC 'Container for a CORBA object' + SUP top + STRUCTURAL + MUST cn ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9 + NAME 'corbaObject' + DESC 'CORBA object representation' + SUP top + ABSTRACT + MAY ( corbaRepositoryId $ description ) ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11 + NAME 'corbaObjectReference' + DESC 'CORBA interoperable object reference' + SUP corbaObject + AUXILIARY + MUST corbaIor ) diff --git a/debian/schema/core.ldif b/debian/schema/core.ldif new file mode 100644 index 0000000..cc1811f --- /dev/null +++ b/debian/schema/core.ldif @@ -0,0 +1,603 @@ +# OpenLDAP Core schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text claiming copyright by the Internet Society and including +# the IETF RFC license, which does not meet Debian's Free Software +# Guidelines. However, apart from short and obvious comments, the text of +# this file is purely a functional interface specification, which is not +# subject to that license and is not copyrightable under US law. +# +# The license statement is retained below so as not to remove credit, but +# as best as we can determine, it is not applicable to the contents of +# this file. + +## Portions Copyright (C) The Internet Society (1997-2003). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +# +# +# +# Includes LDAPv3 schema items from: +# RFC 2252/2256 (LDAPv3) +# +# Select standard track schema items: +# RFC 1274 (uid/dc) +# RFC 2079 (URI) +# RFC 2247 (dc/dcObject) +# RFC 2587 (PKI) +# RFC 2589 (Dynamic Directory Services) +# +# Select informational schema items: +# RFC 2377 (uidObject) +# +# +# Standard attribute types from RFC 2256 +# +dn: cn=core,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: core +# +# system schema +#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' +# DESC 'RFC2256: object classes of the entity' +# EQUALITY objectIdentifierMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) +# DESC 'RFC2256: name of aliased object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation' + DESC 'RFC2256: knowledge information' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) +# DESC 'RFC2256: common name(s) for which the entity is known by' +# SUP name ) +# +olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) + DESC 'RFC2256: last (family) name(s) for which the entity is known by' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber' + DESC 'RFC2256: serial number of the entity' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) +# +# RFC 4519 definition ('countryName' in X.500 and RFC2256) +olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' ) + DESC 'RFC4519: two-letter ISO-3166 country code' + SUP name + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' ) + DESC 'RFC2256: locality which this object resides in' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) + DESC 'RFC2256: state or province which this object resides in' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) + DESC 'RFC2256: street address of this object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' ) + DESC 'RFC2256: organization this object belongs to' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) + DESC 'RFC2256: organizational unit this object belongs to' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.12 NAME 'title' + DESC 'RFC2256: title associated with the entity' + SUP name ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.13 NAME 'description' +# DESC 'RFC2256: descriptive information' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) +# +# Deprecated by enhancedSearchGuide +olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide' + DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) +# +olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory' + DESC 'RFC2256: business category' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress' + DESC 'RFC2256: postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +# +olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode' + DESC 'RFC2256: postal code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) +# +olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox' + DESC 'RFC2256: Post Office Box' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) +# +olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' + DESC 'RFC2256: Physical Delivery Office Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) +# +olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber' + DESC 'RFC2256: Telephone Number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) +# +olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber' + DESC 'RFC2256: Telex Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) +# +olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier' + DESC 'RFC2256: Teletex Terminal Identifier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) +# +olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) + DESC 'RFC2256: Facsimile (Fax) Telephone Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) +# +olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address' + DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) +# +olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber' + DESC 'RFC2256: international ISDN number' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) +# +olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress' + DESC 'RFC2256: registered postal address' + SUP postalAddress + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) +# +olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator' + DESC 'RFC2256: destination indicator' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) +# +olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod' + DESC 'RFC2256: preferred delivery method' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress' + DESC 'RFC2256: presentation address' + EQUALITY presentationAddressMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 + SINGLE-VALUE ) +# +olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext' + DESC 'RFC2256: supported application context' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) +# +olcAttributeTypes: ( 2.5.4.31 NAME 'member' + DESC 'RFC2256: member of a group' + SUP distinguishedName ) +# +olcAttributeTypes: ( 2.5.4.32 NAME 'owner' + DESC 'RFC2256: owner (of the object)' + SUP distinguishedName ) +# +olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant' + DESC 'RFC2256: occupant of role' + SUP distinguishedName ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' +# DESC 'RFC2256: DN of related object' +# SUP distinguishedName ) +# +# system schema +#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' +# DESC 'RFC2256/2307: password of user' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) +# +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate' + DESC 'RFC2256: X.509 user certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) +# +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate' + DESC 'RFC2256: X.509 CA certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList' + DESC 'RFC2256: X.509 authority revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList' + DESC 'RFC2256: X.509 certificate revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +# Must be stored and requested in the binary form +olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair' + DESC 'RFC2256: X.509 cross certificate pair, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) +# +# 2.5.4.41 is defined above as it's used for subtyping +#olcAttributeTypes: ( 2.5.4.41 NAME 'name' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) + DESC 'RFC2256: first name(s) for which the entity is known by' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.43 NAME 'initials' + DESC 'RFC2256: initials of some or all of names, but not the surname(s).' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier' + DESC 'RFC2256: name qualifier indicating a generation' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier' + DESC 'RFC2256: X.500 unique identifier' + EQUALITY bitStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) +# +olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier' + DESC 'RFC2256: DN qualifier' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) +# +olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide' + DESC 'RFC2256: enhanced search guide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) +# +olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation' + DESC 'RFC2256: protocol information' + EQUALITY protocolInformationMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) +# +# 2.5.4.49 is defined above as it's used for subtyping +#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +# +olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember' + DESC 'RFC2256: unique member of a group' + EQUALITY uniqueMemberMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) +# +olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier' + DESC 'RFC2256: house identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms' + DESC 'RFC2256: supported algorithms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) +# +# Must be transferred using ;binary +olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList' + DESC 'RFC2256: delta revocation list; use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) +# +olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName' + DESC 'RFC2256: name of DMD' + SUP name ) +# +olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym' + DESC 'X.520(4th): pseudonym for the object' + SUP name ) +# +# Standard object classes from RFC2256 +# +# system schema +#olcObjectClasses: ( 2.5.6.1 NAME 'alias' +# DESC 'RFC2256: an alias' +# SUP top STRUCTURAL +# MUST aliasedObjectName ) +# +olcObjectClasses: ( 2.5.6.2 NAME 'country' + DESC 'RFC2256: a country' + SUP top STRUCTURAL + MUST c + MAY ( searchGuide $ description ) ) +# +olcObjectClasses: ( 2.5.6.3 NAME 'locality' + DESC 'RFC2256: a locality' + SUP top STRUCTURAL + MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.4 NAME 'organization' + DESC 'RFC2256: an organization' + SUP top STRUCTURAL + MUST o + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit' + DESC 'RFC2256: an organizational unit' + SUP top STRUCTURAL + MUST ou + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.6 NAME 'person' + DESC 'RFC2256: a person' + SUP top STRUCTURAL + MUST ( sn $ cn ) + MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) +# +olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson' + DESC 'RFC2256: an organizational person' + SUP person STRUCTURAL + MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) +# +olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole' + DESC 'RFC2256: an organizational role' + SUP top STRUCTURAL + MUST cn + MAY ( x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames' + DESC 'RFC2256: a group of names (DNs)' + SUP top STRUCTURAL + MUST ( member $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) +# +olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson' + DESC 'RFC2256: an residential person' + SUP person STRUCTURAL + MUST l + MAY ( businessCategory $ x121Address $ registeredAddress $ + destinationIndicator $ preferredDeliveryMethod $ telexNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l ) ) +# +olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess' + DESC 'RFC2256: an application process' + SUP top STRUCTURAL + MUST cn + MAY ( seeAlso $ ou $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity' + DESC 'RFC2256: an application entity' + SUP top STRUCTURAL + MUST ( presentationAddress $ cn ) + MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ + description ) ) +# +olcObjectClasses: ( 2.5.6.13 NAME 'dSA' + DESC 'RFC2256: a directory system agent (a server)' + SUP applicationEntity STRUCTURAL + MAY knowledgeInformation ) +# +olcObjectClasses: ( 2.5.6.14 NAME 'device' + DESC 'RFC2256: a device' + SUP top STRUCTURAL + MUST cn + MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) +# +olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' + DESC 'RFC2256: a strong authentication user' + SUP top AUXILIARY + MUST userCertificate ) +# +olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority' + DESC 'RFC2256: a certificate authority' + SUP top AUXILIARY + MUST ( authorityRevocationList $ certificateRevocationList $ + cACertificate ) MAY crossCertificatePair ) +# +olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' + DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' + SUP top STRUCTURAL + MUST ( uniqueMember $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) +# +olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' + DESC 'RFC2256: a user security information' + SUP top AUXILIARY + MAY ( supportedAlgorithms ) ) +# +olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' + SUP certificationAuthority + AUXILIARY MAY ( deltaRevocationList ) ) +# +olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( certificateRevocationList $ authorityRevocationList $ + deltaRevocationList ) ) +# +olcObjectClasses: ( 2.5.6.20 NAME 'dmd' + SUP top STRUCTURAL + MUST ( dmdName ) + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) +# +# +# Object Classes from RFC 2587 +# +olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser' + DESC 'RFC2587: a PKI user' + SUP top AUXILIARY + MAY userCertificate ) +# +olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA' + DESC 'RFC2587: PKI certificate authority' + SUP top AUXILIARY + MAY ( authorityRevocationList $ certificateRevocationList $ + cACertificate $ crossCertificatePair ) ) +# +olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL' + DESC 'RFC2587: PKI user' + SUP top AUXILIARY + MAY deltaRevocationList ) +# +# +# Standard Track URI label schema from RFC 2079 +# system schema +#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' +# DESC 'RFC2079: Uniform Resource Identifier with optional label' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +# +olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' + DESC 'RFC2079: object that contains the URI attribute type' + MAY ( labeledURI ) + SUP top AUXILIARY ) +# +# +# Derived from RFC 1274, but with new "short names" +# +#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 +# NAME ( 'uid' 'userid' ) +# DESC 'RFC1274: user identifier' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) +# +olcAttributeTypes: ( 0.9.2342.19200300.100.1.3 + NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# +olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' + DESC 'RFC1274: simple security object' + SUP top AUXILIARY + MUST userPassword ) +# +# RFC 1274 + RFC 2247 +olcAttributeTypes: ( 0.9.2342.19200300.100.1.25 + NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +# +# RFC 2247 +olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' + DESC 'RFC2247: domain component object' + SUP top AUXILIARY MUST dc ) +# +# RFC 2377 +olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' + DESC 'RFC2377: uid object' + SUP top AUXILIARY MUST uid ) +# +# From COSINE Pilot +olcAttributeTypes: ( 0.9.2342.19200300.100.1.37 + NAME 'associatedDomain' + DESC 'RFC1274: domain associated with object' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# +# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) +olcAttributeTypes: ( 1.2.840.113549.1.9.1 + NAME ( 'email' 'emailAddress' 'pkcs9email' ) + DESC 'RFC3280: legacy attribute for email addresses in DNs' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +# diff --git a/debian/schema/core.schema b/debian/schema/core.schema new file mode 100644 index 0000000..cf0968a --- /dev/null +++ b/debian/schema/core.schema @@ -0,0 +1,622 @@ +# OpenLDAP Core schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text claiming copyright by the Internet Society and including +# the IETF RFC license, which does not meet Debian's Free Software +# Guidelines. However, apart from short and obvious comments, the text of +# this file is purely a functional interface specification, which is not +# subject to that license and is not copyrightable under US law. +# +# The license statement is retained below so as not to remove credit, but +# as best as we can determine, it is not applicable to the contents of +# this file. + +## Portions Copyright (C) The Internet Society (1997-2006). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +# +# +# Includes LDAPv3 schema items from: +# RFC 2252/2256 (LDAPv3) +# +# Select standard track schema items: +# RFC 1274 (uid/dc) +# RFC 2079 (URI) +# RFC 2247 (dc/dcObject) +# RFC 2587 (PKI) +# RFC 2589 (Dynamic Directory Services) +# RFC 4524 (associatedDomain) +# +# Select informational schema items: +# RFC 2377 (uidObject) + +# +# Standard attribute types from RFC 2256 +# + +# system schema +#attributetype ( 2.5.4.0 NAME 'objectClass' +# DESC 'RFC2256: object classes of the entity' +# EQUALITY objectIdentifierMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +# system schema +#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) +# DESC 'RFC2256: name of aliased object' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) + +attributetype ( 2.5.4.2 NAME 'knowledgeInformation' + DESC 'RFC2256: knowledge information' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +# system schema +#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) +# DESC 'RFC2256: common name(s) for which the entity is known by' +# SUP name ) + +attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) + DESC 'RFC2256: last (family) name(s) for which the entity is known by' + SUP name ) + +attributetype ( 2.5.4.5 NAME 'serialNumber' + DESC 'RFC2256: serial number of the entity' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) + +# RFC 4519 definition ('countryName' in X.500 and RFC2256) +attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) + DESC 'RFC4519: two-letter ISO-3166 country code' + SUP name + SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 + SINGLE-VALUE ) + +#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) +# DESC 'RFC2256: ISO-3166 country 2-letter code' +# SUP name SINGLE-VALUE ) + +attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) + DESC 'RFC2256: locality which this object resides in' + SUP name ) + +attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) + DESC 'RFC2256: state or province which this object resides in' + SUP name ) + +attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) + DESC 'RFC2256: street address of this object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) + DESC 'RFC2256: organization this object belongs to' + SUP name ) + +attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) + DESC 'RFC2256: organizational unit this object belongs to' + SUP name ) + +attributetype ( 2.5.4.12 NAME 'title' + DESC 'RFC2256: title associated with the entity' + SUP name ) + +# system schema +#attributetype ( 2.5.4.13 NAME 'description' +# DESC 'RFC2256: descriptive information' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) + +# Deprecated by enhancedSearchGuide +attributetype ( 2.5.4.14 NAME 'searchGuide' + DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) + +attributetype ( 2.5.4.15 NAME 'businessCategory' + DESC 'RFC2256: business category' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.16 NAME 'postalAddress' + DESC 'RFC2256: postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 2.5.4.17 NAME 'postalCode' + DESC 'RFC2256: postal code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attributetype ( 2.5.4.18 NAME 'postOfficeBox' + DESC 'RFC2256: Post Office Box' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) + +attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' + DESC 'RFC2256: Physical Delivery Office Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 2.5.4.20 NAME 'telephoneNumber' + DESC 'RFC2256: Telephone Number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) + +attributetype ( 2.5.4.21 NAME 'telexNumber' + DESC 'RFC2256: Telex Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) + +attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' + DESC 'RFC2256: Teletex Terminal Identifier' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) + +attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) + DESC 'RFC2256: Facsimile (Fax) Telephone Number' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) + +attributetype ( 2.5.4.24 NAME 'x121Address' + DESC 'RFC2256: X.121 Address' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) + +attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' + DESC 'RFC2256: international ISDN number' + EQUALITY numericStringMatch + SUBSTR numericStringSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) + +attributetype ( 2.5.4.26 NAME 'registeredAddress' + DESC 'RFC2256: registered postal address' + SUP postalAddress + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 2.5.4.27 NAME 'destinationIndicator' + DESC 'RFC2256: destination indicator' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) + +attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' + DESC 'RFC2256: preferred delivery method' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 + SINGLE-VALUE ) + +attributetype ( 2.5.4.29 NAME 'presentationAddress' + DESC 'RFC2256: presentation address' + EQUALITY presentationAddressMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 + SINGLE-VALUE ) + +attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' + DESC 'RFC2256: supported application context' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +attributetype ( 2.5.4.31 NAME 'member' + DESC 'RFC2256: member of a group' + SUP distinguishedName ) + +attributetype ( 2.5.4.32 NAME 'owner' + DESC 'RFC2256: owner (of the object)' + SUP distinguishedName ) + +attributetype ( 2.5.4.33 NAME 'roleOccupant' + DESC 'RFC2256: occupant of role' + SUP distinguishedName ) + +# system schema +#attributetype ( 2.5.4.34 NAME 'seeAlso' +# DESC 'RFC2256: DN of related object' +# SUP distinguishedName ) + +# system schema +#attributetype ( 2.5.4.35 NAME 'userPassword' +# DESC 'RFC2256/2307: password of user' +# EQUALITY octetStringMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) + +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +attributetype ( 2.5.4.36 NAME 'userCertificate' + DESC 'RFC2256: X.509 user certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# Must be transferred using ;binary +# with certificateExactMatch rule (per X.509) +attributetype ( 2.5.4.37 NAME 'cACertificate' + DESC 'RFC2256: X.509 CA certificate, use ;binary' + EQUALITY certificateExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.38 NAME 'authorityRevocationList' + DESC 'RFC2256: X.509 authority revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.39 NAME 'certificateRevocationList' + DESC 'RFC2256: X.509 certificate revocation list, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +# Must be stored and requested in the binary form +attributetype ( 2.5.4.40 NAME 'crossCertificatePair' + DESC 'RFC2256: X.509 cross certificate pair, use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) + +# system schema +#attributetype ( 2.5.4.41 NAME 'name' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) + DESC 'RFC2256: first name(s) for which the entity is known by' + SUP name ) + +attributetype ( 2.5.4.43 NAME 'initials' + DESC 'RFC2256: initials of some or all of names, but not the surname(s).' + SUP name ) + +attributetype ( 2.5.4.44 NAME 'generationQualifier' + DESC 'RFC2256: name qualifier indicating a generation' + SUP name ) + +attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' + DESC 'RFC2256: X.500 unique identifier' + EQUALITY bitStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) + +attributetype ( 2.5.4.46 NAME 'dnQualifier' + DESC 'RFC2256: DN qualifier' + EQUALITY caseIgnoreMatch + ORDERING caseIgnoreOrderingMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) + +attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' + DESC 'RFC2256: enhanced search guide' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) + +attributetype ( 2.5.4.48 NAME 'protocolInformation' + DESC 'RFC2256: protocol information' + EQUALITY protocolInformationMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) + +# system schema +#attributetype ( 2.5.4.49 NAME 'distinguishedName' +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 2.5.4.50 NAME 'uniqueMember' + DESC 'RFC2256: unique member of a group' + EQUALITY uniqueMemberMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) + +attributetype ( 2.5.4.51 NAME 'houseIdentifier' + DESC 'RFC2256: house identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' + DESC 'RFC2256: supported algorithms' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) + +# Must be transferred using ;binary +attributetype ( 2.5.4.53 NAME 'deltaRevocationList' + DESC 'RFC2256: delta revocation list; use ;binary' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) + +attributetype ( 2.5.4.54 NAME 'dmdName' + DESC 'RFC2256: name of DMD' + SUP name ) + +attributetype ( 2.5.4.65 NAME 'pseudonym' + DESC 'X.520(4th): pseudonym for the object' + SUP name ) + +# Standard object classes from RFC2256 + +# system schema +#objectclass ( 2.5.6.0 NAME 'top' +# DESC 'RFC2256: top of the superclass chain' +# ABSTRACT +# MUST objectClass ) + +# system schema +#objectclass ( 2.5.6.1 NAME 'alias' +# DESC 'RFC2256: an alias' +# SUP top STRUCTURAL +# MUST aliasedObjectName ) + +objectclass ( 2.5.6.2 NAME 'country' + DESC 'RFC2256: a country' + SUP top STRUCTURAL + MUST c + MAY ( searchGuide $ description ) ) + +objectclass ( 2.5.6.3 NAME 'locality' + DESC 'RFC2256: a locality' + SUP top STRUCTURAL + MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) + +objectclass ( 2.5.6.4 NAME 'organization' + DESC 'RFC2256: an organization' + SUP top STRUCTURAL + MUST o + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.5 NAME 'organizationalUnit' + DESC 'RFC2256: an organizational unit' + SUP top STRUCTURAL + MUST ou + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) + +objectclass ( 2.5.6.6 NAME 'person' + DESC 'RFC2256: a person' + SUP top STRUCTURAL + MUST ( sn $ cn ) + MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) + +objectclass ( 2.5.6.7 NAME 'organizationalPerson' + DESC 'RFC2256: an organizational person' + SUP person STRUCTURAL + MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ + postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) + +objectclass ( 2.5.6.8 NAME 'organizationalRole' + DESC 'RFC2256: an organizational role' + SUP top STRUCTURAL + MUST cn + MAY ( x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) + +objectclass ( 2.5.6.9 NAME 'groupOfNames' + DESC 'RFC2256: a group of names (DNs)' + SUP top STRUCTURAL + MUST ( member $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +objectclass ( 2.5.6.10 NAME 'residentialPerson' + DESC 'RFC2256: an residential person' + SUP person STRUCTURAL + MUST l + MAY ( businessCategory $ x121Address $ registeredAddress $ + destinationIndicator $ preferredDeliveryMethod $ telexNumber $ + teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ + facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ + postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l ) ) + +objectclass ( 2.5.6.11 NAME 'applicationProcess' + DESC 'RFC2256: an application process' + SUP top STRUCTURAL + MUST cn + MAY ( seeAlso $ ou $ l $ description ) ) + +objectclass ( 2.5.6.12 NAME 'applicationEntity' + DESC 'RFC2256: an application entity' + SUP top STRUCTURAL + MUST ( presentationAddress $ cn ) + MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ + description ) ) + +objectclass ( 2.5.6.13 NAME 'dSA' + DESC 'RFC2256: a directory system agent (a server)' + SUP applicationEntity STRUCTURAL + MAY knowledgeInformation ) + +objectclass ( 2.5.6.14 NAME 'device' + DESC 'RFC2256: a device' + SUP top STRUCTURAL + MUST cn + MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) + +objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' + DESC 'RFC2256: a strong authentication user' + SUP top AUXILIARY + MUST userCertificate ) + +objectclass ( 2.5.6.16 NAME 'certificationAuthority' + DESC 'RFC2256: a certificate authority' + SUP top AUXILIARY + MUST ( authorityRevocationList $ certificateRevocationList $ + cACertificate ) MAY crossCertificatePair ) + +objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' + DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' + SUP top STRUCTURAL + MUST ( uniqueMember $ cn ) + MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) + +objectclass ( 2.5.6.18 NAME 'userSecurityInformation' + DESC 'RFC2256: a user security information' + SUP top AUXILIARY + MAY ( supportedAlgorithms ) ) + +objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' + SUP certificationAuthority + AUXILIARY MAY ( deltaRevocationList ) ) + +objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( certificateRevocationList $ authorityRevocationList $ + deltaRevocationList ) ) + +objectclass ( 2.5.6.20 NAME 'dmd' + SUP top STRUCTURAL + MUST ( dmdName ) + MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ + x121Address $ registeredAddress $ destinationIndicator $ + preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ + telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ + street $ postOfficeBox $ postalCode $ postalAddress $ + physicalDeliveryOfficeName $ st $ l $ description ) ) + +# +# Object Classes from RFC 2587 +# +objectclass ( 2.5.6.21 NAME 'pkiUser' + DESC 'RFC2587: a PKI user' + SUP top AUXILIARY + MAY userCertificate ) + +objectclass ( 2.5.6.22 NAME 'pkiCA' + DESC 'RFC2587: PKI certificate authority' + SUP top AUXILIARY + MAY ( authorityRevocationList $ certificateRevocationList $ + cACertificate $ crossCertificatePair ) ) + +objectclass ( 2.5.6.23 NAME 'deltaCRL' + DESC 'RFC2587: PKI user' + SUP top AUXILIARY + MAY deltaRevocationList ) + +# +# Standard Track URI label schema from RFC 2079 +# system schema +#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' +# DESC 'RFC2079: Uniform Resource Identifier with optional label' +# EQUALITY caseExactMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' + DESC 'RFC2079: object that contains the URI attribute type' + SUP top AUXILIARY + MAY ( labeledURI ) ) + +# +# Derived from RFC 1274, but with new "short names" +# +#attributetype ( 0.9.2342.19200300.100.1.1 +# NAME ( 'uid' 'userid' ) +# DESC 'RFC1274: user identifier' +# EQUALITY caseIgnoreMatch +# SUBSTR caseIgnoreSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.3 + NAME ( 'mail' 'rfc822Mailbox' ) + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' + DESC 'RFC1274: simple security object' + SUP top AUXILIARY + MUST userPassword ) + +# RFC 1274 + RFC 2247 +attributetype ( 0.9.2342.19200300.100.1.25 + NAME ( 'dc' 'domainComponent' ) + DESC 'RFC1274/2247: domain component' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# RFC 2247 +objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' + DESC 'RFC2247: domain component object' + SUP top AUXILIARY MUST dc ) + +# RFC 2377 +objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' + DESC 'RFC2377: uid object' + SUP top AUXILIARY MUST uid ) + +# RFC 4524 +# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] +# host names [RFC1123] that are associated with an object. That is, +# values of this attribute should conform to the following ABNF: +# +# domain = root / label *( DOT label ) +# root = SPACE +# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] +# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z" +# SPACE = %x20 ; space (" ") +# HYPHEN = %x2D ; hyphen ("-") +# DOT = %x2E ; period (".") +attributetype ( 0.9.2342.19200300.100.1.37 + NAME 'associatedDomain' + DESC 'RFC1274: domain associated with object' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) +attributetype ( 1.2.840.113549.1.9.1 + NAME ( 'email' 'emailAddress' 'pkcs9email' ) + DESC 'RFC3280: legacy attribute for email addresses in DNs' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + diff --git a/debian/schema/cosine.schema b/debian/schema/cosine.schema new file mode 100644 index 0000000..a0f5ae2 --- /dev/null +++ b/debian/schema/cosine.schema @@ -0,0 +1,404 @@ +# RFC1274: Cosine and Internet X.500 schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2007 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +# RFC1274: Cosine and Internet X.500 schema +# +# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" +# schema. As this schema was defined for X.500(89), some +# oddities were introduced in the mapping to LDAPv3. The +# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt +# (a work in progress) +# +# Note: It seems that the pilot schema evolved beyond what was +# described in RFC1274. However, this document attempts to describes +# RFC1274 as published. +# +# Depends on core.schema + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 1274, at (among other +# places): http://www.ietf.org/rfc/rfc1274.txt + +#(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) +## EQUALITY caseIgnoreMatch +## SUBSTR caseIgnoreSubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +#(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) +## EQUALITY caseIgnoreIA5Match +## SUBSTR caseIgnoreIA5SubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' + DESC 'RFC1274: general information' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) + +attributetype ( 0.9.2342.19200300.100.1.5 + NAME ( 'drink' 'favouriteDrink' ) + DESC 'RFC1274: favorite drink' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' + DESC 'RFC1274: room number' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' + DESC 'RFC1274: photo (G3 fax)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) + +attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' + DESC 'RFC1274: category of user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' + DESC 'RFC1274: host computer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' + DESC 'RFC1274: DN of manager' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' + DESC 'RFC1274: unique identifier of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' + DESC 'RFC1274: title of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' + DESC 'RFC1274: version of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' + DESC 'RFC1274: DN of author of document' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' + DESC 'RFC1274: location of document original' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.20 + NAME ( 'homePhone' 'homeTelephoneNumber' ) + DESC 'RFC1274: home telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' + DESC 'RFC1274: DN of secretary' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) + +## Deprecated in favor of modifyTimeStamp +#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' +# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp' +# OBSOLETE +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 +# USAGE directoryOperation ) + +## Deprecated in favor of modifiersName +#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' +# DESC 'RFC1274: last modifier, replaced by modifiersName' +# OBSOLETE +# EQUALITY distinguishedNameMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 +# USAGE directoryOperation ) + +##(in core.schema) +##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) +## EQUALITY caseIgnoreIA5Match +## SUBSTR caseIgnoreIA5SubstringsMatch +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +## incorrect syntax? +attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## missing from RFC1274 +## incorrect syntax? +attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +## incorrect syntax!! +attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' +# EQUALITY caseIgnoreIA5Match +# SUBSTR caseIgnoreIA5SubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' + DESC 'RFC1274: DN of entry associated with domain' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' + DESC 'RFC1274: home postal address' + EQUALITY caseIgnoreListMatch + SUBSTR caseIgnoreListSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) + +attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' + DESC 'RFC1274: personal title' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.41 + NAME ( 'mobile' 'mobileTelephoneNumber' ) + DESC 'RFC1274: mobile telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +attributetype ( 0.9.2342.19200300.100.1.42 + NAME ( 'pager' 'pagerTelephoneNumber' ) + DESC 'RFC1274: pager telephone number' + EQUALITY telephoneNumberMatch + SUBSTR telephoneNumberSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) + +attributetype ( 0.9.2342.19200300.100.1.43 + NAME ( 'co' 'friendlyCountryName' ) + DESC 'RFC1274: friendly country name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' + DESC 'RFC1274: unique identifer' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' + DESC 'RFC1274: organizational status' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' + DESC 'RFC1274: Janet mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + +attributetype ( 0.9.2342.19200300.100.1.47 + NAME 'mailPreferenceOption' + DESC 'RFC1274: mail preference option' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' + DESC 'RFC1274: name of building' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' + DESC 'RFC1274: DSA Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) + +attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' + DESC 'RFC1274: Single Level Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' + DESC 'RFC1274: Subtree Mininum Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' + DESC 'RFC1274: Subtree Maximun Quality' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) + +attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' + DESC 'RFC1274: Personal Signature (G3 fax)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) + +attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' + DESC 'RFC1274: DIT Redirect' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) + +attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' + DESC 'RFC1274: audio (u-law)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) + +attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' + DESC 'RFC1274: publisher of document' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' +# DESC 'RFC1274: pilot object' +# SUP top AUXILIARY +# MAY ( info $ photo $ manager $ uniqueIdentifier $ +# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio ) +# ) + +objectclass ( 0.9.2342.19200300.100.4.4 + NAME ( 'pilotPerson' 'newPilotPerson' ) + SUP person STRUCTURAL + MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ + favouriteDrink $ roomNumber $ userClass $ + homeTelephoneNumber $ homePostalAddress $ secretary $ + personalTitle $ preferredDeliveryMethod $ businessCategory $ + janetMailbox $ otherMailbox $ mobileTelephoneNumber $ + pagerTelephoneNumber $ organizationalStatus $ + mailPreferenceOption $ personalSignature ) + ) + +objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' + SUP top STRUCTURAL + MUST userid + MAY ( description $ seeAlso $ localityName $ + organizationName $ organizationalUnitName $ host ) + ) + +objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' + SUP top STRUCTURAL + MUST documentIdentifier + MAY ( commonName $ description $ seeAlso $ localityName $ + organizationName $ organizationalUnitName $ + documentTitle $ documentVersion $ documentAuthor $ + documentLocation $ documentPublisher ) + ) + +objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' + SUP top STRUCTURAL + MUST commonName + MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) + ) + +objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' + SUP top STRUCTURAL + MUST commonName + MAY ( description $ seeAlso $ telephonenumber $ + localityName $ organizationName $ organizationalUnitName ) + ) + +objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' + SUP top STRUCTURAL + MUST domainComponent + MAY ( associatedName $ organizationName $ description $ + businessCategory $ seeAlso $ searchGuide $ userPassword $ + localityName $ stateOrProvinceName $ streetAddress $ + physicalDeliveryOfficeName $ postalAddress $ postalCode $ + postOfficeBox $ streetAddress $ + facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ + preferredDeliveryMethod $ destinationIndicator $ + registeredAddress $ x121Address ) + ) + +objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' + SUP domain STRUCTURAL + MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ + physicalDeliveryOfficeName $ postalAddress $ postalCode $ + postOfficeBox $ streetAddress $ + facsimileTelephoneNumber $ internationalISDNNumber $ + telephoneNumber $ teletexTerminalIdentifier $ + telexNumber $ preferredDeliveryMethod $ destinationIndicator $ + registeredAddress $ x121Address ) + ) + +objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' + SUP domain STRUCTURAL + MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ + SOARecord $ CNAMERecord ) + ) + +objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' + DESC 'RFC1274: an object related to an domain' + SUP top AUXILIARY + MUST associatedDomain ) + +objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' + SUP country STRUCTURAL + MUST friendlyCountryName ) + +## (in core.schema) +## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' +## SUP top AUXILIARY +## MUST userPassword ) + +objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' + SUP ( organization $ organizationalUnit ) STRUCTURAL + MAY buildingName ) + +objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' + SUP dsa STRUCTURAL + MAY dSAQuality ) + +objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' + SUP top AUXILIARY + MUST dsaQuality + MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) + ) diff --git a/debian/schema/duaconf.schema b/debian/schema/duaconf.schema new file mode 100644 index 0000000..8c1683f --- /dev/null +++ b/debian/schema/duaconf.schema @@ -0,0 +1,153 @@ +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +# DUA schema from draft-joslin-config-schema (a work in progress) + +# Contents of this file are subject to change (including deletion) +# without notice. +# +# Not recommended for production use! +# Use with extreme caution! + +## Notes: +## - The matching rule for attributes followReferrals and dereferenceAliases +## has been changed to booleanMatch since their syntax is boolean +## - There was a typo in the name of the dereferenceAliases attributeType +## in the DUAConfigProfile objectClass definition +## - Credit goes to the original Authors + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF Internet-Draft explaining the schema. +# Unfortunately, that text is covered by a license that doesn't meet +# Debian's Free Software Guidelines. This is a stripped version of the +# schema that contains only the functional schema definition, not the text +# of the Internet-Draft. +# +# For an explanation of this schema, see +# draft-joslin-config-schema-07.txt. + +objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1 + +attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList' + DESC 'Default LDAP server host address used by a DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase' + DESC 'Default LDAP base DN used by a DUA' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList' + DESC 'Preferred LDAP server host addresses to be used by a + DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit' + DESC 'Maximum time in seconds a DUA should allow for a + search to complete' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit' + DESC 'Maximum time in seconds a DUA should allow for the + bind operation to complete' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals' + DESC 'Tells DUA if it should follow referrals + returned by a DSA search result' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases' + DESC 'Tells DUA if it should dereference aliases' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod' + DESC 'A keystring which identifies the type of + authentication method used to contact the DSA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL' + DESC 'Time to live, in seconds, before a client DUA + should re-read this configuration profile' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor' + DESC 'LDAP search descriptor list used by a DUA' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap' + DESC 'Attribute mappings used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel' + DESC 'Identifies type of credentials a DUA should + use when binding to the LDAP server' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap' + DESC 'Objectclass mappings used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope' + DESC 'Default search scope used by a DUA' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel' + DESC 'Identifies type of credentials a DUA + should use when binding to the LDAP server for a + specific service' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod' + DESC 'Authentication method used by a service of the DUA' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile' + SUP top STRUCTURAL + DESC 'Abstraction of a base configuration for a DUA' + MUST ( cn ) + MAY ( defaultServerList $ preferredServerList $ + defaultSearchBase $ defaultSearchScope $ + searchTimeLimit $ bindTimeLimit $ + credentialLevel $ authenticationMethod $ + followReferrals $ dereferenceAliases $ + serviceSearchDescriptor $ serviceCredentialLevel $ + serviceAuthenticationMethod $ objectclassMap $ + attributeMap $ profileTTL ) ) diff --git a/debian/schema/inetorgperson.schema b/debian/schema/inetorgperson.schema new file mode 100644 index 0000000..34c3bf8 --- /dev/null +++ b/debian/schema/inetorgperson.schema @@ -0,0 +1,113 @@ +# inetorgperson.schema -- InetOrgPerson (RFC2798) +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# +# InetOrgPerson (RFC2798) +# +# Depends upon +# Definition of an X.500 Attribute Type and an Object Class to Hold +# Uniform Resource Identifiers (URIs) [RFC2079] +# (core.schema) +# +# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] +# (core.schema) +# +# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema) + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 2798, at (among other +# places): http://www.ietf.org/rfc/rfc2798.txt + +attributetype ( 2.16.840.1.113730.3.1.1 + NAME 'carLicense' + DESC 'RFC2798: vehicle license or registration plate' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 2.16.840.1.113730.3.1.2 + NAME 'departmentNumber' + DESC 'RFC2798: identifies a department within an organization' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 2.16.840.1.113730.3.1.241 + NAME 'displayName' + DESC 'RFC2798: preferred name to be used when displaying entries' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113730.3.1.3 + NAME 'employeeNumber' + DESC 'RFC2798: numerically identifies an employee within an organization' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 2.16.840.1.113730.3.1.4 + NAME 'employeeType' + DESC 'RFC2798: type of employment for a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 0.9.2342.19200300.100.1.60 + NAME 'jpegPhoto' + DESC 'RFC2798: a JPEG image' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) + +attributetype ( 2.16.840.1.113730.3.1.39 + NAME 'preferredLanguage' + DESC 'RFC2798: preferred written or spoken language for a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary +attributetype ( 2.16.840.1.113730.3.1.40 + NAME 'userSMIMECertificate' + DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) + +## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary +attributetype ( 2.16.840.1.113730.3.1.216 + NAME 'userPKCS12' + DESC 'RFC2798: personal identity information, a PKCS #12 PFX' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) + +objectclass ( 2.16.840.1.113730.3.2.2 + NAME 'inetOrgPerson' + DESC 'RFC2798: Internet Organizational Person' + SUP organizationalPerson + STRUCTURAL + MAY ( + audio $ businessCategory $ carLicense $ departmentNumber $ + displayName $ employeeNumber $ employeeType $ givenName $ + homePhone $ homePostalAddress $ initials $ jpegPhoto $ + labeledURI $ mail $ manager $ mobile $ o $ pager $ + photo $ roomNumber $ secretary $ uid $ userCertificate $ + x500uniqueIdentifier $ preferredLanguage $ + userSMIMECertificate $ userPKCS12 ) + ) diff --git a/debian/schema/java.schema b/debian/schema/java.schema new file mode 100644 index 0000000..24c1f1b --- /dev/null +++ b/debian/schema/java.schema @@ -0,0 +1,109 @@ +# java.schema -- Java Object Schema +# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2007 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# +# Java Object Schema (defined in RFC 2713) +# depends upon core.schema +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF RFC explaining the schema. Unfortunately, +# that text is covered by a license that doesn't meet Debian's Free +# Software Guidelines. This is a stripped version of the schema that +# contains only the functional schema definition, not the text of the +# RFC. +# +# For an explanation of this schema, see RFC 2713, at (among other +# places): http://www.ietf.org/rfc/rfc2713.txt + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6 + NAME 'javaClassName' + DESC 'Fully qualified name of distinguished Java class or interface' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7 + NAME 'javaCodebase' + DESC 'URL(s) specifying the location of class definition' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13 + NAME 'javaClassNames' + DESC 'Fully qualified Java class or interface name' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8 + NAME 'javaSerializedData' + DESC 'Serialized form of a Java object' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10 + NAME 'javaFactory' + DESC 'Fully qualified Java class name of a JNDI object factory' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11 + NAME 'javaReferenceAddress' + DESC 'Addresses associated with a JNDI Reference' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12 + NAME 'javaDoc' + DESC 'The Java documentation for the class' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1 + NAME 'javaContainer' + DESC 'Container for a Java object' + SUP top + STRUCTURAL + MUST cn ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4 + NAME 'javaObject' + DESC 'Java object representation' + SUP top + ABSTRACT + MUST javaClassName + MAY ( javaClassNames $ javaCodebase $ + javaDoc $ description ) ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5 + NAME 'javaSerializedObject' + DESC 'Java serialized object' + SUP javaObject + AUXILIARY + MUST javaSerializedData ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8 + NAME 'javaMarshalledObject' + DESC 'Java marshalled object' + SUP javaObject + AUXILIARY + MUST javaSerializedData ) + +objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7 + NAME 'javaNamingReference' + DESC 'JNDI reference' + SUP javaObject + AUXILIARY + MAY ( javaReferenceAddress $ javaFactory ) ) diff --git a/debian/schema/pmi.schema b/debian/schema/pmi.schema new file mode 100644 index 0000000..bc3ca0b --- /dev/null +++ b/debian/schema/pmi.schema @@ -0,0 +1,476 @@ +# OpenLDAP X.509 PMI schema +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2014 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text claiming copyright by the Internet Society and including +# the IETF RFC license, which does not meet Debian's Free Software +# Guidelines. However, apart from short and obvious comments, the text of +# this file is purely a functional interface specification, which is not +# subject to that license and is not copyrightable under US law. +# +# The license statement is retained below so as not to remove credit, but +# as best as we can determine, it is not applicable to the contents of +# this file. + +## Portions Copyright (C) The Internet Society (1997-2006). +## All Rights Reserved. +## +## This document and translations of it may be copied and furnished to +## others, and derivative works that comment on or otherwise explain it +## or assist in its implementation may be prepared, copied, published +## and distributed, in whole or in part, without restriction of any +## kind, provided that the above copyright notice and this paragraph are +## included on all such copies and derivative works. However, this +## document itself may not be modified in any way, such as by removing +## the copyright notice or references to the Internet Society or other +## Internet organizations, except as needed for the purpose of +## developing Internet standards in which case the procedures for +## copyrights defined in the Internet Standards process must be +## followed, or as required to translate it into languages other than +## English. +## +## The limited permissions granted above are perpetual and will not be +## revoked by the Internet Society or its successors or assigns. +## +## This document and the information contained herein is provided on an +## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +# +# +# Includes LDAPv3 schema items from: +# ITU X.509 (08/2005) +# +## X.509 (08/2005) pp. 120-121 +## +## -- object identifier assignments -- +## -- object classes -- +## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24} +## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25} +## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26} +## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27} +## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32} +## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33} +## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34} +## -- directory attributes -- +## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58} +## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59} +## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61} +## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62} +## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63} +## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71} +## id-at-role OBJECT IDENTIFIER ::= {id-at 72} +## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73} +## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74} +## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75} +## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76} +## -- attribute certificate extensions -- +## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} +## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} +## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} +## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} +## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} +## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} +## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} +## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} +## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} +## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} +## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} +## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} +## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} +## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} +## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} +## -- PMI matching rules -- +## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42} +## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45} +## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46} +## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53} +## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54} +## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55} +## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56} +## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57} +## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58} +## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59} +## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61} +## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66} +## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67} +## +## +## X.509 (08/2005) pp. 71, 86-89 +## +## 14.4.1 Role attribute +## role ATTRIBUTE ::= { +## WITH SYNTAX RoleSyntax +## ID id-at-role } +## RoleSyntax ::= SEQUENCE { +## roleAuthority [0] GeneralNames OPTIONAL, +## roleName [1] GeneralName } +## +## 14.5 XML privilege information attribute +## xmlPrivilegeInfo ATTRIBUTE ::= { +## WITH SYNTAX UTF8String -- contains XML-encoded privilege information +## ID id-at-xMLPrivilegeInfo } +## +## 17.1 PMI directory object classes +## +## 17.1.1 PMI user object class +## pmiUser OBJECT-CLASS ::= { +## -- a PMI user (i.e., a "holder") +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {attributeCertificateAttribute} +## ID id-oc-pmiUser } +## +## 17.1.2 PMI AA object class +## pmiAA OBJECT-CLASS ::= { +## -- a PMI AA +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {aACertificate | +## attributeCertificateRevocationList | +## attributeAuthorityRevocationList} +## ID id-oc-pmiAA } +## +## 17.1.3 PMI SOA object class +## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {attributeCertificateRevocationList | +## attributeAuthorityRevocationList | +## attributeDescriptorCertificate} +## ID id-oc-pmiSOA } +## +## 17.1.4 Attribute certificate CRL distribution point object class +## attCertCRLDistributionPt OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN { attributeCertificateRevocationList | +## attributeAuthorityRevocationList } +## ID id-oc-attCertCRLDistributionPts } +## +## 17.1.5 PMI delegation path +## pmiDelegationPath OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN { delegationPath } +## ID id-oc-pmiDelegationPath } +## +## 17.1.6 Privilege policy object class +## privilegePolicy OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {privPolicy } +## ID id-oc-privilegePolicy } +## +## 17.1.7 Protected privilege policy object class +## protectedPrivilegePolicy OBJECT-CLASS ::= { +## SUBCLASS OF {top} +## KIND auxiliary +## MAY CONTAIN {protPrivPolicy } +## ID id-oc-protectedPrivilegePolicy } +## +## 17.2 PMI Directory attributes +## +## 17.2.1 Attribute certificate attribute +## attributeCertificateAttribute ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-attributeCertificate } +## +## 17.2.2 AA certificate attribute +## aACertificate ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-aACertificate } +## +## 17.2.3 Attribute descriptor certificate attribute +## attributeDescriptorCertificate ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-attributeDescriptorCertificate } +## +## 17.2.4 Attribute certificate revocation list attribute +## attributeCertificateRevocationList ATTRIBUTE ::= { +## WITH SYNTAX CertificateList +## EQUALITY MATCHING RULE certificateListExactMatch +## ID id-at-attributeCertificateRevocationList} +## +## 17.2.5 AA certificate revocation list attribute +## attributeAuthorityRevocationList ATTRIBUTE ::= { +## WITH SYNTAX CertificateList +## EQUALITY MATCHING RULE certificateListExactMatch +## ID id-at-attributeAuthorityRevocationList } +## +## 17.2.6 Delegation path attribute +## delegationPath ATTRIBUTE ::= { +## WITH SYNTAX AttCertPath +## ID id-at-delegationPath } +## AttCertPath ::= SEQUENCE OF AttributeCertificate +## +## 17.2.7 Privilege policy attribute +## privPolicy ATTRIBUTE ::= { +## WITH SYNTAX PolicySyntax +## ID id-at-privPolicy } +## +## 17.2.8 Protected privilege policy attribute +## protPrivPolicy ATTRIBUTE ::= { +## WITH SYNTAX AttributeCertificate +## EQUALITY MATCHING RULE attributeCertificateExactMatch +## ID id-at-protPrivPolicy } +## +## 17.2.9 XML Protected privilege policy attribute +## xmlPrivPolicy ATTRIBUTE ::= { +## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information +## ID id-at-xMLPprotPrivPolicy } +## + +## -- object identifier assignments -- +## -- object classes -- +objectidentifier id-oc-pmiUser 2.5.6.24 +objectidentifier id-oc-pmiAA 2.5.6.25 +objectidentifier id-oc-pmiSOA 2.5.6.26 +objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27 +objectidentifier id-oc-privilegePolicy 2.5.6.32 +objectidentifier id-oc-pmiDelegationPath 2.5.6.33 +objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34 +## -- directory attributes -- +objectidentifier id-at-attributeCertificate 2.5.4.58 +objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59 +objectidentifier id-at-aACertificate 2.5.4.61 +objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62 +objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63 +objectidentifier id-at-privPolicy 2.5.4.71 +objectidentifier id-at-role 2.5.4.72 +objectidentifier id-at-delegationPath 2.5.4.73 +objectidentifier id-at-protPrivPolicy 2.5.4.74 +objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75 +objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76 +## -- attribute certificate extensions -- +## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38} +## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} +## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} +## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} +## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} +## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} +## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} +## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} +## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} +## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} +## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} +## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} +## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61} +## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62} +## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64} +## -- PMI matching rules -- +objectidentifier id-mr 2.5.13 +objectidentifier id-mr-attributeCertificateMatch id-mr:42 +objectidentifier id-mr-attributeCertificateExactMatch id-mr:45 +objectidentifier id-mr-holderIssuerMatch id-mr:46 +objectidentifier id-mr-authAttIdMatch id-mr:53 +objectidentifier id-mr-roleSpecCertIdMatch id-mr:54 +objectidentifier id-mr-basicAttConstraintsMatch id-mr:55 +objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56 +objectidentifier id-mr-timeSpecMatch id-mr:57 +objectidentifier id-mr-attDescriptorMatch id-mr:58 +objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59 +objectidentifier id-mr-delegationPathMatch id-mr:61 +objectidentifier id-mr-sOAIdentifierMatch id-mr:66 +objectidentifier id-mr-indirectIssuerMatch id-mr:67 +## -- syntaxes -- +## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP +## to this work in progress +objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1 +objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9 +objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4 +objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5 +objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6 +# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired) +#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5 +#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10 +#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17 +#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13 +## +## Substitute syntaxes +## +## AttCertPath +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4 + NAME 'AttCertPath' + DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## PolicySyntax +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5 + NAME 'PolicySyntax' + DESC 'X.509 PMI policy syntax' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## RoleSyntax +ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6 + NAME 'RoleSyntax' + DESC 'X.509 PMI role syntax' + X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' ) +## +## X.509 (08/2005) pp. 71, 86-89 +## +## 14.4.1 Role attribute +attributeType ( id-at-role + NAME 'role' + DESC 'X.509 Role attribute, use ;binary' + SYNTAX RoleSyntax ) +## +## 14.5 XML privilege information attribute +## -- contains XML-encoded privilege information +attributeType ( id-at-xMLPrivilegeInfo + NAME 'xmlPrivilegeInfo' + DESC 'X.509 XML privilege information attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +## +## 17.2 PMI Directory attributes +## +## 17.2.1 Attribute certificate attribute +attributeType ( id-at-attributeCertificate + NAME 'attributeCertificateAttribute' + DESC 'X.509 Attribute certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.2 AA certificate attribute +attributeType ( id-at-aACertificate + NAME 'aACertificate' + DESC 'X.509 AA certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.3 Attribute descriptor certificate attribute +attributeType ( id-at-attributeDescriptorCertificate + NAME 'attributeDescriptorCertificate' + DESC 'X.509 Attribute descriptor certificate attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.4 Attribute certificate revocation list attribute +attributeType ( id-at-attributeCertificateRevocationList + NAME 'attributeCertificateRevocationList' + DESC 'X.509 Attribute certificate revocation list attribute, use ;binary' + SYNTAX CertificateList + X-EQUALITY 'certificateListExactMatch, not implemented yet' ) +## +## 17.2.5 AA certificate revocation list attribute +attributeType ( id-at-attributeAuthorityRevocationList + NAME 'attributeAuthorityRevocationList' + DESC 'X.509 AA certificate revocation list attribute, use ;binary' + SYNTAX CertificateList + X-EQUALITY 'certificateListExactMatch, not implemented yet' ) +## +## 17.2.6 Delegation path attribute +attributeType ( id-at-delegationPath + NAME 'delegationPath' + DESC 'X.509 Delegation path attribute, use ;binary' + SYNTAX AttCertPath ) +## AttCertPath ::= SEQUENCE OF AttributeCertificate +## +## 17.2.7 Privilege policy attribute +attributeType ( id-at-privPolicy + NAME 'privPolicy' + DESC 'X.509 Privilege policy attribute, use ;binary' + SYNTAX PolicySyntax ) +## +## 17.2.8 Protected privilege policy attribute +attributeType ( id-at-protPrivPolicy + NAME 'protPrivPolicy' + DESC 'X.509 Protected privilege policy attribute, use ;binary' + SYNTAX AttributeCertificate + EQUALITY attributeCertificateExactMatch ) +## +## 17.2.9 XML Protected privilege policy attribute +## -- contains XML-encoded privilege policy information +attributeType ( id-at-xMLPprotPrivPolicy + NAME 'xmlPrivPolicy' + DESC 'X.509 XML Protected privilege policy attribute' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +## +## 17.1 PMI directory object classes +## +## 17.1.1 PMI user object class +## -- a PMI user (i.e., a "holder") +objectClass ( id-oc-pmiUser + NAME 'pmiUser' + DESC 'X.509 PMI user object class' + SUP top + AUXILIARY + MAY ( attributeCertificateAttribute ) ) +## +## 17.1.2 PMI AA object class +## -- a PMI AA +objectClass ( id-oc-pmiAA + NAME 'pmiAA' + DESC 'X.509 PMI AA object class' + SUP top + AUXILIARY + MAY ( aACertificate $ + attributeCertificateRevocationList $ + attributeAuthorityRevocationList + ) ) +## +## 17.1.3 PMI SOA object class +## -- a PMI Source of Authority +objectClass ( id-oc-pmiSOA + NAME 'pmiSOA' + DESC 'X.509 PMI SOA object class' + SUP top + AUXILIARY + MAY ( attributeCertificateRevocationList $ + attributeAuthorityRevocationList $ + attributeDescriptorCertificate + ) ) +## +## 17.1.4 Attribute certificate CRL distribution point object class +objectClass ( id-oc-attCertCRLDistributionPts + NAME 'attCertCRLDistributionPt' + DESC 'X.509 Attribute certificate CRL distribution point object class' + SUP top + AUXILIARY + MAY ( attributeCertificateRevocationList $ + attributeAuthorityRevocationList + ) ) +## +## 17.1.5 PMI delegation path +objectClass ( id-oc-pmiDelegationPath + NAME 'pmiDelegationPath' + DESC 'X.509 PMI delegation path' + SUP top + AUXILIARY + MAY ( delegationPath ) ) +## +## 17.1.6 Privilege policy object class +objectClass ( id-oc-privilegePolicy + NAME 'privilegePolicy' + DESC 'X.509 Privilege policy object class' + SUP top + AUXILIARY + MAY ( privPolicy ) ) +## +## 17.1.7 Protected privilege policy object class +objectClass ( id-oc-protectedPrivilegePolicy + NAME 'protectedPrivilegePolicy' + DESC 'X.509 Protected privilege policy object class' + SUP top + AUXILIARY + MAY ( protPrivPolicy ) ) + diff --git a/debian/schema/ppolicy.schema b/debian/schema/ppolicy.schema new file mode 100644 index 0000000..3207658 --- /dev/null +++ b/debian/schema/ppolicy.schema @@ -0,0 +1,167 @@ +# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2004-2007 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +# +## Portions Copyright (C) The Internet Society (2004). +## Please see full copyright statement below. + +# Definitions from Draft behera-ldap-password-policy-07 (a work in progress) +# Password Policy for LDAP Directories +# With extensions from Hewlett-Packard: +# pwdCheckModule etc. + +# Contents of this file are subject to change (including deletion) +# without notice. +# +# Not recommended for production use! +# Use with extreme caution! + +# The version of this file as distributed by the OpenLDAP Foundation +# contains text from an IETF Internet-Draft explaining the schema. +# Unfortunately, that text is covered by a license that doesn't meet +# Debian's Free Software Guidelines. This is a stripped version of the +# schema that contains only the functional schema definition, not the text +# of the Internet-Draft. +# +# For an explanation of this schema, see +# draft-behera-ldap-password-policy-08.txt. + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1 + NAME 'pwdAttribute' + EQUALITY objectIdentifierMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2 + NAME 'pwdMinAge' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3 + NAME 'pwdMaxAge' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4 + NAME 'pwdInHistory' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5 + NAME 'pwdCheckQuality' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6 + NAME 'pwdMinLength' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7 + NAME 'pwdExpireWarning' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8 + NAME 'pwdGraceAuthNLimit' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9 + NAME 'pwdLockout' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10 + NAME 'pwdLockoutDuration' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11 + NAME 'pwdMaxFailure' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12 + NAME 'pwdFailureCountInterval' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13 + NAME 'pwdMustChange' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14 + NAME 'pwdAllowUserChange' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15 + NAME 'pwdSafeModify' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.42.2.27.8.1.30 + NAME 'pwdMaxRecordedFailure' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.4754.1.99.1 + NAME 'pwdCheckModule' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + DESC 'Loadable module that instantiates check_password() function' + SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.4754.2.99.1 + NAME 'pwdPolicyChecker' + SUP top + AUXILIARY + MAY ( pwdCheckModule ) ) + +objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1 + NAME 'pwdPolicy' + SUP top + AUXILIARY + MUST ( pwdAttribute ) + MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ + pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout + $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ + pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $ + pwdMaxRecordedFailure ) ) diff --git a/debian/slapd-contrib.examples b/debian/slapd-contrib.examples new file mode 100644 index 0000000..2db0324 --- /dev/null +++ b/debian/slapd-contrib.examples @@ -0,0 +1,2 @@ +contrib/slapd-modules/passwd/apr1-atol.pl +contrib/slapd-modules/passwd/apr1-ltoa.pl diff --git a/debian/slapd-contrib.install b/debian/slapd-contrib.install new file mode 100644 index 0000000..20c9ac0 --- /dev/null +++ b/debian/slapd-contrib.install @@ -0,0 +1,8 @@ +usr/lib/ldap/pw-apr1.so* +usr/lib/ldap/pw-apr1.la +usr/lib/ldap/pw-netscape.so* +usr/lib/ldap/pw-netscape.la +usr/lib/ldap/pw-pbkdf2.so* +usr/lib/ldap/pw-pbkdf2.la +usr/lib/ldap/smbk5pwd.so* +usr/lib/ldap/smbk5pwd.la diff --git a/debian/slapd-contrib.lintian-overrides b/debian/slapd-contrib.lintian-overrides new file mode 100644 index 0000000..fa931f0 --- /dev/null +++ b/debian/slapd-contrib.lintian-overrides @@ -0,0 +1,4 @@ +# #204975 +slapd-contrib: package-has-unnecessary-activation-of-ldconfig-trigger +# rpath set by krb5-config.heimdal; #868840 +binary-or-shlib-defines-rpath usr/lib/ldap/smbk5pwd.so.0.0.0 /usr/lib/*/heimdal diff --git a/debian/slapd-contrib.manpages b/debian/slapd-contrib.manpages new file mode 100644 index 0000000..75021b6 --- /dev/null +++ b/debian/slapd-contrib.manpages @@ -0,0 +1,2 @@ +debian/slapo-pw-pbkdf2.5 +debian/tmp/usr/share/man/man5/slapo-smbk5pwd.5 diff --git a/debian/slapd.NEWS b/debian/slapd.NEWS new file mode 100644 index 0000000..a3496b9 --- /dev/null +++ b/debian/slapd.NEWS @@ -0,0 +1,27 @@ +openldap (2.4.44+dfsg-1) unstable; urgency=medium + + The slapd package no longer includes OpenSLP support. The + openslp-dfsg package is being retired due to lack of maintenance and + security concerns. Please see <https://bugs.debian.org/795428> for + more information. + + -- Ryan Tandy <ryan@nardis.ca> Tue, 15 Mar 2016 03:59:27 +0000 + +openldap (2.4.23-3) unstable; urgency=low + + The OpenLDAP packages in Debian now use the slapd.d LDIF-based + configuration model by default. Please see README.Debian for more + information. + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 19 Jul 2010 10:48:19 +0200 + +openldap2.3 (2.3.23-1) unstable; urgency=low + + The Debian slapd package no longer includes support for the LDBM backend. + It has been disabled as a result of concerns over data loss and lack of + upstream support. For more information, see: + http://www.openldap.org/faq/index.cgi?_highlightWords=ldbm&file=756 + The BDB backend is now the main backend to use. This backend is supported + upstream and has several fixes included for known problems. + + -- Matthijs Mohlmann <matthijs@cacholong.nl> Sun, 26 Feb 2006 20:05:44 +0100 diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian new file mode 100644 index 0000000..a5e307f --- /dev/null +++ b/debian/slapd.README.Debian @@ -0,0 +1,281 @@ +Notes about Debian's slapd package +---------------------------------- + + Please see the bottom of this file for the ways in which the Debian + OpenLDAP packages differ from the upstream OpenLDAP releases. Please + report any bugs that may be related to those changes to Debian via + reportbug and not to upstream; upstream is not responsible for changes + made in the Debian package. + + In addition to the man pages shipped with this package, please consult + the OpenLDAP Admin Guide for more information, including configuration + examples for common use cases. <http://www.openldap.org/doc/admin24/> + +The OpenLDAP configuration + + Since version 2.4.23-3 the configuration of OpenLDAP has been changed to + /etc/ldap/slapd.d by default. The OpenLDAP packages in Debian provide an + automatic migration to the new configuration style. With the new + configuration style it is possible to change values on the fly without + restarting slapd. Changes are made through the use of ldif files and + ldap{add,modify}. In Debian you can use the following command to search + the configuration: + + ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" + + To modify configuration use the command: + + ldapmodify -Y EXTERNAL -H ldapi:/// -f <file.ldif> + + For configuration options see the several manpages that exist or the + documentation provided upstream. + +Using the MDB Backend + + MDB is a new database backend using the LMDB library created by the + OpenLDAP developers. The MDB backend has fewer configuration + parameters than HDB/BDB and generally does not require hand tuning. + + The database is stored in a sparse file with a specified maximum size. + The size should be set larger than the database is ever anticipated to + grow, but can be increased later if needed. When the MDB backend is + chosen during initial configuration, the Debian package configures the + automatically created database with a maximum size of 1 GiB. + + The space currently used by the database can be found using du(1); for + example: du -h /var/lib/ldap/data.mdb + +Using BDB/HDB Backends + + HDB was the recommended backend before MDB was developed. It's the + same as BDB but allows some additional operations. + + slapd BDB and HDB backends rely on libdb to store data on your disks. + libdb uses a configuration file to tune database specific + parameters. This file is called DB_CONFIG, and should be created in each + directory containing one of your ldap databases, usually /var/lib/ldap. + + It is VERY IMPORTANT to correctly setup a DB_CONFIG file. It is not + just a matter of performance: depending on the version of slapd and + libdb being used, your slapd may just hang and stop answering queries. + + To correctly set up your DB_CONFIG file, please refer to + README.DB_CONFIG.gz in this directory. + +BerkeleyDB Version + + slapd has been built against version 5.3.28 of BerkeleyDB. + + slapd will automatically handle database recovery, so you generally do + not need the BerkeleyDB utilities. However, if you want to perform + other operations directly on the raw database without using the slapd + tools, install db5.3-util and use those BerkeleyDB utilities. Utilities + from other db*-util packages will not work correctly and may render the + database unusable by slapd. + +BerkeleyDB database format upgrades + + When upgrading slapd to a new version where the Berkeley DB library's + storage format has changed, the database has to be backed up using + slapcat(8) before upgrading and restored using slapadd(8) afterwards. + Normally the maintainer scripts will handle this automatically, + performing the dump and restore as needed. + + If, after upgrading, slapd fails to start and you see the message + "Program version doesn't match environment version" in syslog, then + the DB version may have changed without a dump and reload. This should + be reported as a bug in the slapd package. In this case you will have + to downgrade slapd to the previous version as the new tools are unable + to dump the old database, and the same error would prevent you from + upgrading to the fixed version. Old package versions can be + found at <http://snapshot.debian.org> if needed. + +Logging + + slapd logs to the facility local4. If you want to direct slapd's logs to + a separate log file, add a line like: + + local4.debug /var/log/slapd.log + + to /etc/syslog.conf. You may also want to add ";local4.none" to the + catch-all entry that logs to /var/log/messages so that it doesn't + continue to receive slapd logs. + +SASL Configuration + + To enable GSSAPI (Kerberos) authentication to slapd, install either the + libsasl2-modules-gssapi-mit or libsasl2-modules-gssapi-heimdal packages + depending on which Kerberos implementation you want to use. + + SASL configuration files may be placed either in /usr/lib/sasl2 (the + standard path, but not a great place for configuration files) or in + /etc/ldap/sasl2. A SASL configuration file should be named after the + program that will use it. So, for instance, to configure SASL for + slapd, create a file named slapd.conf in /etc/ldap/sasl2 or in + /usr/lib/sasl2. + +TCP Wrappers + + The Debian slapd package is compiled with TCP wrappers. This means that + you are able to restrict access to the LDAP server using /etc/hosts.deny + or /etc/hosts.allow. + +Running slapd under a Different UID/GID + + By default, slapd runs as openldap in the openldap group. Keeping the + default is easiest. If for some reason you need to run slapd as a + different user: + + - Create the user/group for slapd -- usually: + + adduser --system --group <group> --disabled-login <user> + + - Stop slapd: + + /etc/init.d/slapd stop + + - Tell slapd to run under a different UID by editing /etc/default/slapd + and setting SLAPD_USER and SLAPD_GROUP. (For example, + SLAPD_USER="ldap", SLAPD_GROUP="ldap") + + - Tell linux slapd can access all database files -- usually: + + chown -R <user>:<group> /var/lib/ldap + + - Tell linux slapd can access configuration files -- usually: + + chgrp <group> /etc/ldap/slapd.conf + chmod 0640 /etc/ldap/slapd.conf + + - Tell linux slapd can access /var/run/slapd and write a PID file: + + chgrp <group> /var/run/slapd + chmod 0770 /var/run/slapd + + - Start slapd -- /etc/init.d/slapd start + + Once you have done so, remember to always run any utilities that access + or update the database (such as slapadd) as the same user that slapd is + running as. If you forget, you will need to redo the chown noted above. + +If slapd Depends on Other Service + + In the event that you are running slapd with a different back-end module + that depends on other programs (such as an SQL database) you may need to + adjust the runlevels of slapd to start after the SQL database. + +Creating NSS Flat Files from LDAP + + If you have need to create passwd/shadow/etc files from an LDAP + directory there is now a script included with these Debian packages + which may help you. The script is in /usr/share/slapd/ and is named + ldiftopasswd. In general you should be able to do: + + ldapsearch | ldiftopasswd + + and it will generate the files for you. You will need appropriate + privileges, of course, and appropriate arguments to ldapsearch. + +Modifications Compared to Upstream + + Compared to stock OpenLDAP as shipped by the OpenLDAP project, the + Debian packages make the following modifications. If you see any + problems caused by or related to these modifications, please report them + via the Debian bug tracking system using reportbug, not to the OpenLDAP + project. + + * The only LDAP library installed is libldap_r, which in the upstream + release is only used for slapd, and libldap is a symlink to it. This + library has thread safety for use with slapd, but that thread safety + is not checked for any application other than slapd by upstream. + Upstream does not support using libldap_r for programs other than + slapd. The current library installation strategy in the Debian + packages is an attempt to deal with problems caused by symbol + conflicts between libldap and libldap_r when both are pulled in by the + same process (most commonly by libnss-ldap) and the number of packages + that use libldap in threaded code expecting thread safety. + + * libldap and libber have symbol versioning added to prevent problems + during partial upgrades from older versions of the libraries. + + * slapindex has been patched to warn when run as root and the man page + has been patched to notify users that slapindex should be run as the + user slapd runs as. There is some upstream discussion of a better + fix. + + * slapd is configured to look in /etc/ldap/sasl2 in addition to + /usr/lib/sasl2 for SASL configuration files. + + * libldap has been patched to work around what may be a bug in GnuTLS in + calculating the length of subjectAltName in TLS certificates. See + <http://bugs.debian.org/465197>. + + * The libldap library is patched to add two functions used by + evolution-exchange for NTLM authentication to Active Directory. See + <http://bugs.debian.org/457374>. + + * Several paths have been adjusted to fit Debian file permissions and + for Filesystem Hierarchy Standard compliance, namely: + - The ldapi socket is in /var/run/slapd + - The slapi error log has been moved to /var/log/slapi-errors + - The slapd database location is /var/lib/ldap + + In addition, upstream patches from CVS may be applied to fix bugs in the + current release and will not be noted here unless they're not expected + to be in the next release. + + Finally, note that the Debian OpenLDAP packages have been compiled + against GnuTLS instead of OpenSSL to avoid licensing problems for + GPL-covered packages that use the LDAP libraries. This is a supported + configuration, but it's not widely used outside of Debian. + + For the exact patches applied to the upstream source and references to + the relevant upstream ITS numbers, Debian bugs, and upstream + synchronization status, see the debian/patches directory in the + openldap source package. + + -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800 + +Unsafe access control rule installed by default in previous versions + + Versions of slapd before 2.4.40-1 configured the default database with + an access control rule of the form: + + to * + by self write + by dn="cn=admin,dc=example,dc=com" write + by * read + + Depending on how the database and client applications are configured, + users might be able to impersonate others by editing attributes such + as their Unix user and group numbers, or other application-specific + attributes. + + New installations no longer include "by self write", but existing + configurations will not be automatically modified. + + To list your current access control rules, use the command: + + ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=config' '(olcAccess=*)' olcAccess + + To fix the problem, create an LDIF file to replace the rules as + needed. For example: + + dn: olcDatabase={1}hdb,cn=config + delete: olcAccess + olcAccess: {2} + - + add: olcAccess + olcAccess: {2}to * by dn="cn=admin,dc=example,dc=com" write by * read + + Adjust the database DN, the administrative DN, and the rule numbers + according to your configuration, following the output from ldapsearch. + + Next, apply the configuration changes from the file: + + ldapmodify -Y EXTERNAL -H ldapi:/// -f mods.ldif + + For more information about access control rules, refer to the + slapd.access(5) man page. + + -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700 diff --git a/debian/slapd.backup b/debian/slapd.backup new file mode 100644 index 0000000..4046f8c --- /dev/null +++ b/debian/slapd.backup @@ -0,0 +1,62 @@ +#!/bin/bash +# +# Backup LDAP directories +# +# This script can be put in cron to create backups. +# +# Author: Matthijs Mohlmann <matthijs@cacholong.nl> +# Date: Sat, 15 Jul 2006 21:13:14 +0200 +# License: GPLv2 + +# Make sure the backups are secured. +umask 077 + +BACKUPDIR="/var/backups/slapd" +DEFAULTS="/etc/default/slapd" + +# Check if there is a directory slapd, otherwise create it. +if [ ! -d "$BACKUPDIR" ]; then + mkdir -p -m 0700 "$BACKUPDIR" +fi + +# Load default settings. +if [ -e "$DEFAULTS" ]; then + . "$DEFAULTS" +fi + +# Specify a slapd.conf if not specified. +if [ -z "$SLAPD_CONF" ]; then + SLAPD_CONF="/etc/ldap/slapd.conf" +fi + +# Set IFS to end of line. +ORIGIFS=$IFS +IFS=`echo -en "\n\b"` + +# Backup recursive through all configfiles all suffix's in the form: +# suffix.ldif in /var/backups/slapd +function backupDirectories() { + local conf=$1 + local directory="" + local include="" + + suffix=`grep "^suffix" $conf | sed -e "s/\(^suffix\s\+\|\"\|\'\)//g"` + for directory in "$suffix"; do + if [ ! -z "$suffix" ]; then + slapcat -l "$BACKUPDIR/$suffix.ldif" -b "$suffix" + fi + done + + includes=`grep "^include" $conf | awk '{print $2}'` + for include in $includes; do + backupDirectories "$include" + done +} + +backupDirectories "$SLAPD_CONF" + +# Put IFS back. +IFS=$ORIGIFS + +exit 0 + diff --git a/debian/slapd.conf b/debian/slapd.conf new file mode 100644 index 0000000..260a190 --- /dev/null +++ b/debian/slapd.conf @@ -0,0 +1,133 @@ +# This is the main slapd configuration file. See slapd.conf(5) for more +# info on the configuration options. + +####################################################################### +# Global Directives: + +# Schema and objectClass definitions +include /etc/ldap/schema/core.schema +include /etc/ldap/schema/cosine.schema +include /etc/ldap/schema/nis.schema +include /etc/ldap/schema/inetorgperson.schema + +# Where the pid file is put. The init.d script +# will not stop the server if you change this. +pidfile /var/run/slapd/slapd.pid + +# List of arguments that were passed to the server +argsfile /var/run/slapd/slapd.args + +# Read slapd.conf(5) for possible values +loglevel none + +# Where the dynamically loaded modules are stored +modulepath /usr/lib/ldap +moduleload back_@BACKEND@ + +# The maximum number of entries that is returned for a search operation +sizelimit 500 + +# The tool-threads parameter sets the actual amount of cpu's that is used +# for indexing. +tool-threads 1 + +####################################################################### +# Specific Backend Directives for @BACKEND@: +# Backend specific directives apply to this backend until another +# 'backend' directive occurs +backend @BACKEND@ + +####################################################################### +# Specific Backend Directives for 'other': +# Backend specific directives apply to this backend until another +# 'backend' directive occurs +#backend <other> + +####################################################################### +# Specific Directives for database #1, of type @BACKEND@: +# Database specific directives apply to this databasse until another +# 'database' directive occurs +database @BACKEND@ + +# The base of your directory in database #1 +suffix "@SUFFIX@" + +# rootdn directive for specifying a superuser on the database. This is needed +# for syncrepl. +# rootdn "cn=admin,@SUFFIX@" + +# Where the database file are physically stored for database #1 +directory "/var/lib/ldap" + +# The dbconfig settings are used to generate a DB_CONFIG file the first +# time slapd starts. They do NOT override existing an existing DB_CONFIG +# file. You should therefore change these settings in DB_CONFIG directly +# or remove DB_CONFIG and restart slapd for changes to take effect. + +# For the Debian package we use 2MB as default but be sure to update this +# value if you have plenty of RAM +dbconfig set_cachesize 0 2097152 0 + +# Sven Hartge reported that he had to set this value incredibly high +# to get slapd running at all. See http://bugs.debian.org/303057 for more +# information. + +# Number of objects that can be locked at the same time. +dbconfig set_lk_max_objects 1500 +# Number of locks (both requested and granted) +dbconfig set_lk_max_locks 1500 +# Number of lockers +dbconfig set_lk_max_lockers 1500 + +# Indexing options for database #1 +index objectClass eq + +# Save the time that the entry gets modified, for database #1 +lastmod on + +# Checkpoint the BerkeleyDB database periodically in case of system +# failure and to speed slapd shutdown. +checkpoint 512 30 + +# The userPassword by default can be changed +# by the entry owning it if they are authenticated. +# Others should not be able to see it, except the +# admin entry below +# These access lines apply to database #1 only +access to attrs=userPassword,shadowLastChange + by dn="@ADMIN@" write + by anonymous auth + by self write + by * none + +# Ensure read access to the base for things like +# supportedSASLMechanisms. Without this you may +# have problems with SASL not knowing what +# mechanisms are available and the like. +# Note that this is covered by the 'access to *' +# ACL below too but if you change that as people +# are wont to do you'll still need this if you +# want SASL (and possible other things) to work +# happily. +access to dn.base="" by * read + +# The admin dn has full write access, everyone else +# can read everything. +access to * + by dn="@ADMIN@" write + by * read + +# For Netscape Roaming support, each user gets a roaming +# profile for which they have write access to +#access to dn=".*,ou=Roaming,o=morsnet" +# by dn="@ADMIN@" write +# by dnattr=owner write + +####################################################################### +# Specific Directives for database #2, of type 'other' (can be @BACKEND@ too): +# Database specific directives apply to this databasse until another +# 'database' directive occurs +#database <other> + +# The base of your directory for database #2 +#suffix "dc=debian,dc=org" diff --git a/debian/slapd.config b/debian/slapd.config new file mode 100644 index 0000000..8225b77 --- /dev/null +++ b/debian/slapd.config @@ -0,0 +1,169 @@ +#! /bin/sh + +set -e + +# Load debconf +. /usr/share/debconf/confmodule + +# This will be replaced with debian/slapd.scripts-common which includes +# various helper functions and $OLD_VERSION and $SLAPD_CONF +#SCRIPTSCOMMON# + +# Check if the user wants to configure slapd manually +want_manual_configuration() { + db_input medium slapd/no_configuration || true + db_go || true + db_get slapd/no_configuration + no_configuration="$RET" + + if [ "$no_configuration" = "true" ]; then + return 0 + fi + return 1 +} + +# Make sure the values entered make sense +validate_initial_config() { + local invalid + invalid="" + + # Make sure the domain name is valid + # The regexp doesn't work for UTF-8 domain names, but for that to + # work, we would also need to Base64 encode it in the LDIF; since + # we're not doing it at the moment, this should be fine for now + db_get slapd/domain + if [ -z "$RET" ] || ! echo "$RET" | grep -q '^[a-zA-Z0-9.-]*$'; then + db_fset slapd/domain seen false + invalid=true + fi + + # Suffix and Organization may not be empty + db_get shared/organization + if [ -z "$RET" ]; then + db_fset shared/organization seen false + invalid=true + fi + + # Make sure the passwords match + local pass1 pass2 + db_get slapd/password1 + pass1="$RET" + db_get slapd/password2 + pass2="$RET" + + if [ "$pass1" != "$pass2" ]; then + db_fset slapd/password1 seen false + db_fset slapd/password2 seen false + invalid=true + fi + + # Tell the user + if [ "$invalid" ]; then + db_fset slapd/invalid_config seen false + db_input critical slapd/invalid_config || true + db_go || true + db_get slapd/invalid_config + if [ "$RET" != "true" ]; then + db_set slapd/no_configuration true + invalid= + fi + fi + + if [ "$invalid" ]; then + return 1 + else + return 0 + fi +} + +# Query the information we need to create an initial directory +query_initial_config() { + while true; do + db_input medium slapd/domain || true + db_input medium shared/organization || true + db_input high slapd/password1 || true + db_input high slapd/password2 || true + db_input low slapd/backend || true + db_input low slapd/purge_database || true + # XXX - should be done more general, but for now this should do + # the trick + if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then + db_input low slapd/move_old_database || true + fi + db_go || true + + if validate_initial_config; then + break + fi + done +} + +# ----- Configuration of LDIF dumping and reloading--------------------- {{{ +# +# Dumping the database can have negative effects on the system we are +# running on. If there is a lot of data dumping it might fill a partition +# for example. Therefore we must give the user exact control over what we +# are doing. + +configure_dumping() { # {{{ +# Ask the user for the configuration of the dumping component +# Usage: configure_dumping + + # Look if the user wants to migrate to the BDB backend + if ! database_dumping_enabled; then + return 0 + fi + + # Configure if and where to dump the LDAP databases + db_input medium slapd/dump_database || true + db_go || true + db_get slapd/dump_database + + # Abort if the user does not want dumping + if [ "$RET" = never ]; then + return 0 + fi + + db_input medium slapd/dump_database_destdir || true + db_go || true + + # If the user entered the empty value, go back to the default + db_get slapd/dump_database_destdir + if [ "$RET" = "" ]; then + db_reset slapd/dump_database_destdir + fi +} + +# }}} +# }}} + +warn_about_selfwrite_acl() { # {{{ +# Warn about databases having an acl beginning with "to * by self +# write", installed by default in previous versions of slapd.init.ldif +# but having possible security implications. + if [ -d "$SLAPD_CONF" ]; then + if grep -q '^olcAccess: {[0-9]*}to \* by self write' \ + "$SLAPD_CONF"/cn\=config/olcDatabase*.ldif 2>/dev/null; then + db_input high slapd/unsafe_selfwrite_acl || true + fi + fi +} +# }}} + +# Create an initial directory on fresh install +if is_initial_configuration "$@"; then + if ! want_manual_configuration; then + set_defaults_for_unseen_entries + query_initial_config + fi +fi + +# Configure the dumping component if we are upgrading some older version. +if [ "$1" = configure ] && [ -n "$2" ]; then + configure_dumping + warn_about_selfwrite_acl +fi + +db_go || true + +exit 0 diff --git a/debian/slapd.default b/debian/slapd.default new file mode 100644 index 0000000..372b8f4 --- /dev/null +++ b/debian/slapd.default @@ -0,0 +1,45 @@ +# Default location of the slapd.conf file or slapd.d cn=config directory. If +# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to +# /etc/ldap/slapd.conf). +SLAPD_CONF= + +# System account to run the slapd server under. If empty the server +# will run as root. +SLAPD_USER="openldap" + +# System group to run the slapd server under. If empty the server will +# run in the primary group of its user. +SLAPD_GROUP="openldap" + +# Path to the pid file of the slapd server. If not set the init.d script +# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by +# default) +SLAPD_PIDFILE= + +# slapd normally serves ldap only on all TCP-ports 389. slapd can also +# service requests on TCP-port 636 (ldaps) and requests via unix +# sockets. +# Example usage: +# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" +SLAPD_SERVICES="ldap:/// ldapi:///" + +# If SLAPD_NO_START is set, the init script will not start or restart +# slapd (but stop will still work). Uncomment this if you are +# starting slapd via some other means or if you don't want slapd normally +# started at boot. +#SLAPD_NO_START=1 + +# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists, +# the init script will not start or restart slapd (but stop will still +# work). Use this for temporarily disabling startup of slapd (when doing +# maintenance, for example, or through a configuration management system) +# when you don't want to edit a configuration file. +SLAPD_SENTINEL_FILE=/etc/ldap/noslapd + +# For Kerberos authentication (via SASL), slapd by default uses the system +# keytab file (/etc/krb5.keytab). To use a different keytab file, +# uncomment this line and change the path. +#export KRB5_KTNAME=/etc/krb5.keytab + +# Additional options to pass to slapd +SLAPD_OPTIONS="" diff --git a/debian/slapd.dirs b/debian/slapd.dirs new file mode 100644 index 0000000..31018f3 --- /dev/null +++ b/debian/slapd.dirs @@ -0,0 +1,4 @@ +var/lib/slapd +usr/share/slapd +usr/share/lintian/overrides +etc/ldap/sasl2 diff --git a/debian/slapd.docs b/debian/slapd.docs new file mode 100644 index 0000000..2ead1c2 --- /dev/null +++ b/debian/slapd.docs @@ -0,0 +1 @@ +debian/README.DB_CONFIG diff --git a/debian/slapd.examples b/debian/slapd.examples new file mode 100644 index 0000000..d97949d --- /dev/null +++ b/debian/slapd.examples @@ -0,0 +1 @@ +debian/slapd.backup diff --git a/debian/slapd.init b/debian/slapd.init new file mode 100644 index 0000000..581f0a4 --- /dev/null +++ b/debian/slapd.init @@ -0,0 +1,202 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: slapd +# Required-Start: $remote_fs $network $syslog +# Required-Stop: $remote_fs $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: OpenLDAP standalone server (Lightweight Directory Access Protocol) +### END INIT INFO + +# Specify path variable +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +. /lib/lsb/init-functions + +# Kill me on all errors +set -e + +# Set the paths to slapd as a variable so that someone who really +# wants to can override the path in /etc/default/slapd. +SLAPD=/usr/sbin/slapd + +# Stop processing if slapd is not there +[ -x $SLAPD ] || exit 0 + +# debconf may have this file descriptor open and it makes things work a bit +# more reliably if we redirect it as a matter of course. db_stop will take +# care of this, but this won't hurt. +exec 3>/dev/null + +# Source the init script configuration +if [ -f "/etc/default/slapd" ]; then + . /etc/default/slapd +fi + +# Load the default location of the slapd config file +if [ -z "$SLAPD_CONF" ]; then + if [ -e /etc/ldap/slapd.d ]; then + SLAPD_CONF=/etc/ldap/slapd.d + else + SLAPD_CONF=/etc/ldap/slapd.conf + fi +fi + +# Stop processing if the config file is not there +if [ ! -r "$SLAPD_CONF" ]; then + log_warning_msg "No configuration file was found for slapd at $SLAPD_CONF." + # if there is no config at all, we should assume slapd is not running + # and exit 0 on stop so that unconfigured packages can be removed. + [ "x$1" = xstop ] && exit 0 || exit 1 +fi + +# extend options depending on config type +if [ -f "$SLAPD_CONF" ]; then + SLAPD_OPTIONS="-f $SLAPD_CONF $SLAPD_OPTIONS" +elif [ -d "$SLAPD_CONF" ] ; then + SLAPD_OPTIONS="-F $SLAPD_CONF $SLAPD_OPTIONS" +fi + +# Find out the name of slapd's pid file +if [ -z "$SLAPD_PIDFILE" ]; then + # If using old one-file configuration scheme + if [ -f "$SLAPD_CONF" ] ; then + SLAPD_PIDFILE=`sed -ne 's/^pidfile[[:space:]]\+\(.\+\)/\1/p' \ + "$SLAPD_CONF"` + # Else, if using new directory configuration scheme + elif [ -d "$SLAPD_CONF" ] ; then + SLAPD_PIDFILE=`sed -ne \ + 's/^olcPidFile:[[:space:]]\+\(.\+\)[[:space:]]*/\1/p' \ + "$SLAPD_CONF"/'cn=config.ldif'` + fi +fi + +# XXX: Breaks upgrading if there is no pidfile (invoke-rc.d stop will fail) +# -- Torsten +if [ -z "$SLAPD_PIDFILE" ]; then + log_failure_msg "The pidfile for slapd has not been specified" + exit 1 +fi + +# Pass the user and group to run under to slapd +if [ "$SLAPD_USER" ]; then + SLAPD_OPTIONS="-u $SLAPD_USER $SLAPD_OPTIONS" +fi + +if [ "$SLAPD_GROUP" ]; then + SLAPD_OPTIONS="-g $SLAPD_GROUP $SLAPD_OPTIONS" +fi + +# Check whether we were configured to not start the services. +check_for_no_start() { + if [ -n "$SLAPD_NO_START" ]; then + echo 'Not starting slapd: SLAPD_NO_START set in /etc/default/slapd' >&2 + exit 0 + fi + if [ -n "$SLAPD_SENTINEL_FILE" ] && [ -e "$SLAPD_SENTINEL_FILE" ]; then + echo "Not starting slapd: $SLAPD_SENTINEL_FILE exists" >&2 + exit 0 + fi +} + +# Tell the user that something went wrong and give some hints for +# resolving the problem. +report_failure() { + log_end_msg 1 + if [ -n "$reason" ]; then + log_failure_msg "$reason" + else + log_failure_msg "The operation failed but no output was produced." + + if [ -n "$SLAPD_OPTIONS" -o \ + -n "$SLAPD_SERVICES" ]; then + if [ -z "$SLAPD_SERVICES" ]; then + if [ -n "$SLAPD_OPTIONS" ]; then + log_failure_msg "Command line used: slapd $SLAPD_OPTIONS" + fi + else + log_failure_msg "Command line used: slapd -h '$SLAPD_SERVICES' $SLAPD_OPTIONS" + fi + fi + fi +} + +# Start the slapd daemon and capture the error message if any to +# $reason. +start_slapd() { + # Make sure /var/run/slapd exists with correct permissions + if [ ! -d /var/run/slapd ]; then + mkdir -p /var/run/slapd + [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" /var/run/slapd + [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" /var/run/slapd + fi + + # Make sure the pidfile directory exists with correct permissions + piddir=`dirname "$SLAPD_PIDFILE"` + if [ ! -d "$piddir" ]; then + mkdir -p "$piddir" + [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" "$piddir" + [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" "$piddir" + fi + + if [ -z "$SLAPD_SERVICES" ]; then + reason="`start-stop-daemon --start --quiet --oknodo \ + --pidfile "$SLAPD_PIDFILE" \ + --exec $SLAPD -- $SLAPD_OPTIONS 2>&1`" + else + reason="`start-stop-daemon --start --quiet --oknodo \ + --pidfile "$SLAPD_PIDFILE" \ + --exec $SLAPD -- -h "$SLAPD_SERVICES" $SLAPD_OPTIONS 2>&1`" + fi + + # Backward compatibility with OpenLDAP 2.1 client libraries. + if [ ! -h /var/run/ldapi ] && [ ! -e /var/run/ldapi ] ; then + ln -s slapd/ldapi /var/run/ldapi + fi +} + +# Stop the slapd daemon and capture the error message (if any) to +# $reason. +stop_slapd() { + reason="`start-stop-daemon --stop --quiet --oknodo --retry TERM/10 \ + --pidfile "$SLAPD_PIDFILE" \ + --exec $SLAPD 2>&1`" +} + +# Start the OpenLDAP daemons +start_ldap() { + trap 'report_failure' 0 + log_daemon_msg "Starting OpenLDAP" "slapd" + start_slapd + trap "-" 0 + log_end_msg 0 +} + +# Stop the OpenLDAP daemons +stop_ldap() { + trap 'report_failure' 0 + log_daemon_msg "Stopping OpenLDAP" "slapd" + stop_slapd + trap "-" 0 + log_end_msg 0 +} + +case "$1" in + start) + check_for_no_start + start_ldap ;; + stop) + stop_ldap ;; + restart|force-reload) + check_for_no_start + stop_ldap + start_ldap + ;; + status) + status_of_proc -p $SLAPD_PIDFILE $SLAPD slapd + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif new file mode 100644 index 0000000..163a8d8 --- /dev/null +++ b/debian/slapd.init.ldif @@ -0,0 +1,101 @@ +# Global config: +dn: cn=config +objectClass: olcGlobal +cn: config +# Where the pid file is put. The init.d script +# will not stop the server if you change this. +olcPidFile: /var/run/slapd/slapd.pid +# List of arguments that were passed to the server +olcArgsFile: /var/run/slapd/slapd.args +# Read slapd-config(5) for possible values +olcLogLevel: none +# The tool-threads parameter sets the actual amount of cpu's that is used +# for indexing. +olcToolThreads: 1 + +# Frontend settings +dn: olcDatabase={-1}frontend,cn=config +objectClass: olcDatabaseConfig +objectClass: olcFrontendConfig +olcDatabase: {-1}frontend +# The maximum number of entries that is returned for a search operation +olcSizeLimit: 500 +# Allow unlimited access to local connection from the local root user +olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break +# Allow unauthenticated read access for schema and base DN autodiscovery +olcAccess: {1}to dn.exact="" by * read +olcAccess: {2}to dn.base="cn=Subschema" by * read + +# Config db settings +dn: olcDatabase=config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: config +# Allow unlimited access to local connection from the local root user +olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break +olcRootDN: cn=admin,cn=config + +# Load schemas +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +include: file:///etc/ldap/schema/core.ldif +include: file:///etc/ldap/schema/cosine.ldif +include: file:///etc/ldap/schema/nis.ldif +include: file:///etc/ldap/schema/inetorgperson.ldif + +# Load module +dn: cn=module{0},cn=config +objectClass: olcModuleList +cn: module{0} +# Where the dynamically loaded modules are stored +olcModulePath: /usr/lib/ldap +olcModuleLoad: back_@BACKEND@ + +# Set defaults for the backend +dn: olcBackend=@BACKEND@,cn=config +objectClass: olcBackendConfig +olcBackend: @BACKEND@ + +# The database definition. +dn: olcDatabase=@BACKEND@,cn=config +objectClass: olcDatabaseConfig +objectClass: @BACKENDOBJECTCLASS@ +olcDatabase: @BACKEND@ +# Checkpoint the database periodically in case of system +# failure and to speed slapd shutdown. +olcDbCheckpoint: 512 30 +@BACKENDOPTIONS@ +# Save the time that the entry gets modified, for database #1 +olcLastMod: TRUE +# The base of your directory in database #1 +olcSuffix: @SUFFIX@ +# Where the database file are physically stored for database #1 +olcDbDirectory: /var/lib/ldap +# olcRootDN directive for specifying a superuser on the database. This +# is needed for syncrepl. +olcRootDN: cn=admin,@SUFFIX@ +olcRootPW: @PASSWORD@ +# Indexing options for database #1 +olcDbIndex: objectClass eq +olcDbIndex: cn,uid eq +olcDbIndex: uidNumber,gidNumber eq +olcDbIndex: member,memberUid eq +# The userPassword by default can be changed by the entry owning it if +# they are authenticated. Others should not be able to see it, except +# the admin entry above. +olcAccess: to attrs=userPassword + by self write + by anonymous auth + by * none +# Allow update of authenticated user's shadowLastChange attribute. +# Updating it on password change is implemented at least by libpam-ldap, +# libpam-ldapd, and the slapo-smbk5pwd overlay. +olcAccess: to attrs=shadowLastChange + by self write + by * read +# The admin dn (olcRootDN) bypasses ACLs and so has total access, +# everyone else can read everything. +olcAccess: to * + by * read + diff --git a/debian/slapd.install b/debian/slapd.install new file mode 100644 index 0000000..2e7c999 --- /dev/null +++ b/debian/slapd.install @@ -0,0 +1,59 @@ +etc/ldap/schema +usr/lib/slapd usr/sbin +usr/lib/*/libslapi-*.so.* +debian/ldiftopasswd usr/share/slapd +debian/DB_CONFIG usr/share/slapd +debian/slapd.conf usr/share/slapd +debian/slapd.init.ldif usr/share/slapd + +usr/lib/ldap/back_*.so* +usr/lib/ldap/back_*.la + +usr/lib/ldap/accesslog*.so* +usr/lib/ldap/accesslog.la +usr/lib/ldap/auditlog*.so* +usr/lib/ldap/auditlog.la +usr/lib/ldap/constraint*.so* +usr/lib/ldap/constraint.la +usr/lib/ldap/dds*.so* +usr/lib/ldap/dds.la +usr/lib/ldap/deref*.so* +usr/lib/ldap/deref.la +usr/lib/ldap/dyngroup*.so* +usr/lib/ldap/dyngroup.la +usr/lib/ldap/dynlist*.so* +usr/lib/ldap/dynlist.la +usr/lib/ldap/memberof*.so* +usr/lib/ldap/memberof.la +usr/lib/ldap/pcache*.so* +usr/lib/ldap/pcache.la +usr/lib/ldap/collect*.so* +usr/lib/ldap/collect.la +usr/lib/ldap/ppolicy*.so* +usr/lib/ldap/ppolicy.la +usr/lib/ldap/refint*.so* +usr/lib/ldap/refint.la +usr/lib/ldap/retcode*.so* +usr/lib/ldap/retcode.la +usr/lib/ldap/rwm*.so* +usr/lib/ldap/rwm.la +usr/lib/ldap/seqmod*.so* +usr/lib/ldap/seqmod.la +usr/lib/ldap/sssvlv*.so* +usr/lib/ldap/sssvlv.la +usr/lib/ldap/syncprov*.so* +usr/lib/ldap/syncprov.la +usr/lib/ldap/translucent*.so* +usr/lib/ldap/translucent.la +usr/lib/ldap/unique*.so* +usr/lib/ldap/unique.la +usr/lib/ldap/valsort*.so* +usr/lib/ldap/valsort.la + +# contrib modules installed in main package +usr/lib/ldap/autogroup.so* +usr/lib/ldap/autogroup.la +usr/lib/ldap/lastbind.so* +usr/lib/ldap/lastbind.la +usr/lib/ldap/pw-sha2.so* +usr/lib/ldap/pw-sha2.la diff --git a/debian/slapd.links b/debian/slapd.links new file mode 100644 index 0000000..f043f04 --- /dev/null +++ b/debian/slapd.links @@ -0,0 +1,2 @@ +usr/share/slapd/DB_CONFIG usr/share/doc/slapd/examples/DB_CONFIG +usr/share/slapd/slapd.conf usr/share/doc/slapd/examples/slapd.conf diff --git a/debian/slapd.lintian-overrides b/debian/slapd.lintian-overrides new file mode 100644 index 0000000..e727c9a --- /dev/null +++ b/debian/slapd.lintian-overrides @@ -0,0 +1,3 @@ +# libslapi is a special case, used only for writing extension modules for +# slapd, and is therefore shipped with slapd. +slapd: package-name-doesnt-match-sonames libslapi-2.4-2 diff --git a/debian/slapd.manpages b/debian/slapd.manpages new file mode 100644 index 0000000..ffd3243 --- /dev/null +++ b/debian/slapd.manpages @@ -0,0 +1,45 @@ +debian/tmp/usr/share/man/man5/slapd.*.5 +debian/tmp/usr/share/man/man8/slap*.8 + +debian/tmp/usr/share/man/man5/slapd-bdb.5 +debian/tmp/usr/share/man/man5/slapd-config.5 +debian/tmp/usr/share/man/man5/slapd-dnssrv.5 +debian/tmp/usr/share/man/man5/slapd-hdb.5 +debian/tmp/usr/share/man/man5/slapd-ldap.5 +debian/tmp/usr/share/man/man5/slapd-ldif.5 +debian/tmp/usr/share/man/man5/slapd-mdb.5 +debian/tmp/usr/share/man/man5/slapd-meta.5 +debian/tmp/usr/share/man/man5/slapd-monitor.5 +debian/tmp/usr/share/man/man5/slapd-ndb.5 +debian/tmp/usr/share/man/man5/slapd-null.5 +debian/tmp/usr/share/man/man5/slapd-passwd.5 +debian/tmp/usr/share/man/man5/slapd-perl.5 +debian/tmp/usr/share/man/man5/slapd-relay.5 +debian/tmp/usr/share/man/man5/slapd-shell.5 +debian/tmp/usr/share/man/man5/slapd-sock.5 +debian/tmp/usr/share/man/man5/slapd-sql.5 + +debian/tmp/usr/share/man/man5/slapo-accesslog.5 +debian/tmp/usr/share/man/man5/slapo-auditlog.5 +debian/tmp/usr/share/man/man5/slapo-chain.5 +debian/tmp/usr/share/man/man5/slapo-collect.5 +debian/tmp/usr/share/man/man5/slapo-constraint.5 +debian/tmp/usr/share/man/man5/slapo-dds.5 +debian/tmp/usr/share/man/man5/slapo-dyngroup.5 +debian/tmp/usr/share/man/man5/slapo-dynlist.5 +debian/tmp/usr/share/man/man5/slapo-memberof.5 +debian/tmp/usr/share/man/man5/slapo-pbind.5 +debian/tmp/usr/share/man/man5/slapo-pcache.5 +debian/tmp/usr/share/man/man5/slapo-ppolicy.5 +debian/tmp/usr/share/man/man5/slapo-refint.5 +debian/tmp/usr/share/man/man5/slapo-retcode.5 +debian/tmp/usr/share/man/man5/slapo-rwm.5 +debian/tmp/usr/share/man/man5/slapo-sock.5 +debian/tmp/usr/share/man/man5/slapo-sssvlv.5 +debian/tmp/usr/share/man/man5/slapo-syncprov.5 +debian/tmp/usr/share/man/man5/slapo-translucent.5 +debian/tmp/usr/share/man/man5/slapo-unique.5 +debian/tmp/usr/share/man/man5/slapo-valsort.5 + +# contrib modules installed in main package +debian/tmp/usr/share/man/man5/slapo-lastbind.5 diff --git a/debian/slapd.postinst b/debian/slapd.postinst new file mode 100644 index 0000000..2f5c550 --- /dev/null +++ b/debian/slapd.postinst @@ -0,0 +1,174 @@ +#! /bin/sh + +set -e + +. /usr/share/debconf/confmodule + +# This will be replaced with debian/slapd.scripts-common which includes +# various helper functions and $OLD_VERSION and $SLAPD_CONF +#SCRIPTSCOMMON# + +postinst_upgrade_cn_config() { # {{{ + if previous_version_older '2.4.44+dfsg-1~'; then + upgrade_cnconfig_ppolicy_schema + fi +} +# }}} +postinst_initial_configuration() { # {{{ +# Configure slapd for the first time (when first installed) +# Usage: postinst_initial_configuration + + if manual_configuration_wanted; then + echo " Omitting slapd configuration as requested." >&2 + else + crypt_admin_pass + create_new_configuration + fi +} + +# }}} +postinst_upgrade_configuration() { # {{{ +# Handle upgrading slapd from some older version +# Usage: postinst_upgrade_configuration + + # Better back up the config file in any case + backup_config_once + + # Complete any config updates before trying to use slapadd + if [ -d "$SLAPD_CONF" ]; then + postinst_upgrade_cn_config + fi + + # Check if the database format has changed. + if database_format_changed; then + + # During upgrading we have to load the old data + move_incompatible_databases_away + load_databases + fi + + # Move to slapd.d configuration style. + migrate_to_slapd_d_style + + # One-time upgrade fix for olcAccess on cn=Subschema + if previous_version_older 2.4.23-5 && previous_version_newer 2.4.23-3 \ + && [ -e "$SLAPD_CONF/cn=config/olcDatabase={-1}frontend.ldif" ] \ + && ! grep -i 'olcAccess:.*subschema' "$SLAPD_CONF/cn=config/olcDatabase={-1}frontend.ldif" + then + sed -i '/olcAccess: {0}/a\ +olcAccess: {1}to dn.exact="" by * read\ +olcAccess: {2}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif" + fi + + # Update permissions of all database directories and /var/run/slapd + update_databases_permissions + update_permissions /var/run/slapd + + # Versions prior to 2.4.7-1 could create a slapd.conf that wasn't + # readable by the openldap user. + update_permissions "${SLAPD_CONF}" +} + +# }}} + +upgrade_cnconfig_ppolicy_schema() { # {{{ +# Add a new required attribute to the ppolicy schema embedded in the +# cn=config database when upgrading to 2.4.43 or later. +# slapd.conf users get schema updates through the regular conffile +# handling. + local dumped_ldif working_ldif ppolicy_dn tmp_slapd_d failed + + if ! [ -d "$SLAPD_CONF" ]; then + return 0 + fi + + if ! previous_version_older '2.4.44+dfsg-1~'; then + return 0 + fi + + # The config should have been dumped in preinst. + # If not, hope for the best. + dumped_ldif="$(database_dumping_destdir)/cn=config.ldif" + if ! [ -f "$dumped_ldif" ]; then + echo "Saved configuration not found at $dumped_ldif. Skipping configuration updates." >&2 + return 0 + fi + + # Create a working copy with lines unwrapped. + working_ldif="$(mktemp --tmpdir slapd-XXXXXXXX.ldif)" + trap "trap - INT EXIT; rm -f '$working_ldif'" INT EXIT + normalize_ldif "$dumped_ldif" > "$working_ldif" + + # Check whether the schema is loaded and needs an update. + ppolicy_dn="$(find_old_ppolicy_schema "$working_ldif")" + if [ -z "$ppolicy_dn" ]; then + return + fi + + echo -n "Adding pwdMaxRecordedFailure attribute to ${ppolicy_dn}... " >&2 + + # Add the pwdMaxRecordedFailure attribute to the ppolicy schema. + # Let slapadd update modifiersName and modifyTimestamp so these + # reflect reality, and entryCSN so replication is aware of the change. + perl -i -ne ' + BEGIN { my $nextidx; } + if (/^dn: cn=\{\d+\}ppolicy,cn=schema,cn=config/ .. /^$/) { + if (/^entryCSN:/ or /^modifiersName:/ or /^modifyTimestamp:/) { + next; + } elsif (/^olcAttributeTypes: \{(\d+)\}/) { + $nextidx = $1 + 1; + } elsif (/^olcObjectClasses: .*NAME '\''pwdPolicy'\''/) { + s/MAY \( ([^)]+) \)/MAY ( $1 \$ pwdMaxRecordedFailure )/; + } elsif (/^$/) { + print "olcAttributeTypes: {$nextidx}( 1.3.6.1.4.1.42.2.27.8.1.30 NAME '\''pwdMaxRecordedFailure'\'' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )\n"; + } + } + print; + ' "$working_ldif" + + # Import the modified config into a temporary location. + tmp_slapd_d="$(mktemp -d --tmpdir slapd-XXXXXXXX)" + trap "trap - INT EXIT; rm -rf '$tmp_slapd_d' '$working_ldif'" INT EXIT + capture_diagnostics slapadd -F "$tmp_slapd_d" -n0 -l "$working_ldif" || failed=1 + if [ "$failed" ]; then + cat >&2 <<-eof +failed. + +Updating the slapd configuration failed with the following error +while running slapadd: +eof + release_diagnostics + exit 1 + fi + + # Replace the old config with the updated one. + # The current config has already been backed up earlier. + rm -r "$SLAPD_CONF/cn=config.ldif" "$SLAPD_CONF/cn=config" + mv "$tmp_slapd_d/cn=config.ldif" "$tmp_slapd_d/cn=config" "$SLAPD_CONF/" + + echo 'done.' >&2 +} +# }}} + +# Create a new user. Don't create the user, however, if the local +# administrator has already customized slapd to run as a different user. +if [ "$MODE" = "configure" ] || [ "$MODE" = "reconfigure" ] ; then + if [ "openldap" = "$SLAPD_USER" ] ; then + create_new_user + fi +fi + +# Configuration. +if is_initial_configuration "$@"; then + postinst_initial_configuration +else + postinst_upgrade_configuration +fi + +db_stop || true + +#DEBHELPER# + +exit 0 + +# vim: set sw=8 foldmethod=marker: diff --git a/debian/slapd.postrm b/debian/slapd.postrm new file mode 100644 index 0000000..4d7917a --- /dev/null +++ b/debian/slapd.postrm @@ -0,0 +1,38 @@ +#!/bin/sh + +set -e + +# Load debconf if available (might have been removed before purging +# slapd) + +if [ -e "/usr/share/debconf/confmodule" ]; then + . /usr/share/debconf/confmodule +fi + +# Check if the user wants the database removed on purging slapd +remove_database_on_purge() { + db_get slapd/purge_database || RET=false + if [ "$RET" = "true" ]; then + return 0 + else + return 1 + fi +} + +if [ "$1" = "purge" ]; then + echo -n "Removing slapd configuration... " + rm -f /etc/ldap/slapd.conf 2>/dev/null || true + rm -rf /etc/ldap/slapd.d 2>/dev/null || true + echo "done." + + if remove_database_on_purge; then + echo -n "Purging OpenLDAP database... " + rm -rf /var/lib/ldap || true + echo done + fi +fi + +#DEBHELPER# + +exit 0 + diff --git a/debian/slapd.preinst b/debian/slapd.preinst new file mode 100755 index 0000000..4729c06 --- /dev/null +++ b/debian/slapd.preinst @@ -0,0 +1,126 @@ +#! /bin/sh + +set -e + +. /usr/share/debconf/confmodule + +# This will be replaced with debian/slapd.scripts-common which includes +# various helper functions and $OLD_VERSION and $SLAPD_CONF +#SCRIPTSCOMMON# + +ppolicy_schema_needs_update() { # {{{ +# Provide an LDIF to add the pwdMaxRecordedFailure attribute to the +# ppolicy schema, and recommend the user apply it before continuing with +# the slapd upgrade. + local update_ldif + + update_ldif="$(mktemp --tmpdir ppolicy-schema-update-XXXXXXXX.ldif)" + cat > "$update_ldif" << eof +dn: $1 +changetype: modify +add: olcAttributeTypes +olcAttributeTypes: {16}( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailure' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +- +delete: olcObjectClasses +olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXILIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) ) +- +add: olcObjectClasses +olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXILIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $ pwdMaxRecordedFailure ) ) + +eof + + db_subst slapd/ppolicy_schema_needs_update ldif "$update_ldif" + db_fset slapd/ppolicy_schema_needs_update seen false + db_input critical slapd/ppolicy_schema_needs_update || true + db_go || true + db_get slapd/ppolicy_schema_needs_update + if [ "$RET" = 'abort installation' ]; then + db_stop + exit 1 + fi +} +# }}} +check_ppolicy_schema() { # {{{ +# When upgrading to 2.4.43 or later, if the cn=config database contains +# an old version of the ppolicy schema, check that it is safe to upgrade +# it automatically in postinst, or instruct the user to do so before +# upgrading. + local config_ldif="$1" + + # Check whether the schema is loaded and needs an update. + local ppolicy_dn="$(find_old_ppolicy_schema "$config_ldif")" + if [ -z "$ppolicy_dn" ]; then + return + fi + + # If either the config or frontend databases have any overlays + # or syncrepl clients on them, don't assume it's safe to change + # the config offline. + # As well, if a content database is a sync provider, we want to + # recommend that the schema be updated on every server before + # going through with the upgrade. + if grep -q -e '^dn: olcOverlay=.\+,olcDatabase={-1}frontend,cn=config$' -e '^dn: olcOverlay=.\+,olcDatabase={0}config,cn=config$' "$config_ldif" \ + || sed -n '/^dn: olcDatabase={-1}frontend,cn=config$/,// p' "$config_ldif" | grep -q '^olcSyncrepl:' \ + || sed -n '/^dn: olcDatabase={0}config,cn=config$/,//p' "$config_ldif" | grep -q '^olcSyncrepl:' \ + || grep -q '^dn: olcOverlay={[0-9]\+}syncprov,olcDatabase=.\+,cn=config' "$config_ldif"; then + ppolicy_schema_needs_update "$ppolicy_dn" + fi + + # If we made it this far, it should be safe to upgrade the + # schema automatically in postinst. +} +# }}} +preinst_check_config() { # {{{ +# Check whether manual config changes are required before upgrading + if ! previous_version_older '2.4.44+dfsg-1~'; then + # no pre-checks required + return 0 + fi + + if ! [ -d "$SLAPD_CONF" ]; then + # no checks needed for slapd.conf at this time + return 0 + fi + + # If slapd was previously removed and a newer version is being + # installed, the config must have already been dumped during + # remove, or we cannot proceed. + if [ "$MODE" = upgrade ]; then + dump_config + fi + + # Locate the file exported by dump_config. + local dumped_ldif="$(database_dumping_destdir)/cn=config.ldif" + if [ ! -f "$dumped_ldif" ]; then + echo "Expected to find a configuration backup in $dumped_ldif but it is missing. Please retry the upgrade." >&2 + exit 1 + fi + + # Create a working copy with lines unwrapped. + local config_ldif="$(mktemp --tmpdir slapd.XXXXXXXX.ldif)" + trap "trap - INT EXIT; rm -f '$config_ldif'" INT EXIT + normalize_ldif "$dumped_ldif" > "$config_ldif" + + check_ppolicy_schema "$config_ldif" +} +# }}} + +# If we are upgrading from an old version then stop slapd and attempt to +# slapcat out the data so we can use it in postinst to do the upgrade. +# If slapd was removed and is being reinstalled, slapcat is not +# available at this time, so the data should have been dumped before the +# old slapd was removed. + +if [ "$MODE" = upgrade ] || [ "$MODE" = install -a -n "$OLD_VERSION" ]; then + preinst_check_config +fi + +if [ "$MODE" = upgrade ]; then + dump_databases +fi + +#DEBHELPER# + +exit 0 + +# vim: set sw=8 foldmethod=marker: diff --git a/debian/slapd.prerm b/debian/slapd.prerm new file mode 100755 index 0000000..ce7d281 --- /dev/null +++ b/debian/slapd.prerm @@ -0,0 +1,34 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +# This will be replaced with debian/slapd.scripts-common which includes +# various helper functions and $OLD_VERSION and $SLAPD_CONF +#SCRIPTSCOMMON# + +#DEBHELPER# + +# Dump config and data to LDIF before removing slapd. +# If a later version is reinstalled without being purged first, the LDIF +# files may be required for the upgrade, and the old slapcat won't be +# available any more. +# During an upgrade, the new preinst will be in a better position to +# control whether dumping is needed. + +# If the config is badly broken, slapcat may fail, but this should not +# prevent the package from being removed or purged. +set +e + +if [ "$MODE" = remove ]; then + # scripts-common sets OLD_VERSION incorrectly for remove + OLD_VERSION="$(dpkg-query -W -f '${Version}' slapd)" + + dump_config + dump_databases +fi + +exit 0 + +# vim: set foldmethod=marker: diff --git a/debian/slapd.scripts-common b/debian/slapd.scripts-common new file mode 100644 index 0000000..071610d --- /dev/null +++ b/debian/slapd.scripts-common @@ -0,0 +1,847 @@ +# -*- sh -*- +# This file can be included with #SCRIPTSCOMMON# + + +# ===== Dumping and reloading using LDIF files ========================= {{{ +# +# If incompatible changes are done to the database underlying a LDAP +# directory we need to dump the contents and reload the data into a newly +# created database after the new server was installed. The following +# functions deal with this functionality. + + +# ----- Configuration of this component -------------------------------- {{{ +# +# Dumping the database can have negative effects on the system we are +# running on. If there is a lot of data dumping it might fill a partition +# for example. Therefore we must give the user exact control over what we +# are doing. + +database_dumping_enabled() { # {{{ +# Check if the user has enabled database dumping for the current situation. +# Return success if yes. +# Usage: if database_dumping_enabled; then ... fi + + # If the package is being removed, dump unconditionally as we + # don't know whether the next version will require reload. + [ "$MODE" = remove ] && return 0 + + db_get slapd/dump_database + case "$RET" in + always) + ;; + "when needed") + database_format_changed || return 1 + ;; + never) + return 1 + ;; + *) + echo >&2 "Unknown value for slapd/dump_database: $RET" + echo >&2 "Please report!" + exit 1 + ;; + esac +} + +# }}} +database_format_changed() { # {{{ +# Check if the database format has changed since the old installed version +# Return success if yes. +# Usage: if database_format_changed; then + + if dpkg --compare-versions "$OLD_VERSION" lt-nl 2.4.39-1; then + return 0 + else + return 1 + fi +} + +# }}} +database_dumping_destdir() { # {{{ +# Figure out the directory we are dumping the database to and create it +# if it does not exist. +# Usage: destdir=`database_dumping_destdir` + + local dir + db_get slapd/dump_database_destdir + dir=`echo "$RET"|sed -e "s/VERSION/$OLD_VERSION/"` + mkdir -p -m 700 "$dir" + echo $dir +} + +# }}} +create_new_user() { # {{{ + if [ -z "`getent group openldap`" ]; then + addgroup --quiet --system openldap + fi + if [ -z "`getent passwd openldap`" ]; then + echo -n " Creating new user openldap... " >&2 + adduser --quiet --system --home /var/lib/ldap --shell /bin/false \ + --ingroup openldap --disabled-password --disabled-login \ + --gecos "OpenLDAP Server Account" openldap + echo "done." >&2 + fi +} +# }}} +create_ldap_directories() { # {{{ + if [ ! -d /var/lib/ldap ]; then + mkdir -m 0700 /var/lib/ldap + fi + if [ ! -d /var/run/slapd ]; then + mkdir -m 0755 /var/run/slapd + fi + update_permissions /var/lib/ldap + update_permissions /var/run/slapd +} +# }}} +update_permissions() { # {{{ + local dir + dir="$1" + if [ -d "$dir" ]; then + [ -z "$SLAPD_USER" ] || chown -R -H "$SLAPD_USER" "$dir" + [ -z "$SLAPD_GROUP" ] || chgrp -R -H "$SLAPD_GROUP" "$dir" + fi +} +# }}} +update_databases_permissions() { # {{{ + get_suffix | while read -r suffix; do + dbdir=`get_directory "$suffix"` + update_permissions "$dbdir" + done +} +# }}} +# }}} +# ----- Dumping and loading the data ------------------------------------ {{{ + +migrate_to_slapd_d_style() { # {{{ + + # Check if we need to migrate to the new style. + if previous_version_older 2.4.23-3 && [ -f "${SLAPD_CONF}" ] \ + && ! [ -d /etc/ldap/slapd.d ] + then + + # Create the new configuration directory + mkdir /etc/ldap/slapd.d + + echo -n " Migrating slapd.conf to slapd.d configuration style... " >&2 + capture_diagnostics slaptest -f ${SLAPD_CONF} -F /etc/ldap/slapd.d || failed=1 + if [ "$failed" ]; then + + echo "failed." >&2 + echo >&2 + cat <<-EOF +Migrating slapd.conf file (${SLAPD_CONF}) to slapd.d failed with the following +error while running slaptest: +EOF + release_diagnostics " " + rm -rf /etc/ldap/slapd.d + exit 1 + fi + + # Backup the old slapd.conf + mv ${SLAPD_CONF} ${SLAPD_CONF}.old + SLAPD_CONF=/etc/ldap/slapd.d + + # Add olcAccess control to grant local root connections access + sed -i '/^olcDatabase: {-1}frontend/a\ +olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break\ +olcAccess: {1}to dn.exact="" by * read\ +olcAccess: {2}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif" + sed -i '/^olcDatabase: {0}config/a\ +olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break' "${SLAPD_CONF}/cn=config/olcDatabase={0}config.ldif" + + # TODO: Now we are doing something that is not allowed by policy but it + # has to be done. + sed -i -e "/^[[:space:]]*SLAPD_CONF=.*/ s/^/#/" /etc/default/slapd + echo "done." >&2 + fi +} + +# }}} +dump_config() { # {{{ +# Dump the cn=config database to the backup directory. +# This is not the same as backup_config_once, which copies the slapd.d +# directory verbatim. + local dir + + [ -d "$SLAPD_CONF" ] || return 0 + + dir="$(database_dumping_destdir)" + echo "Saving current slapd configuration to $dir..." >&2 + slapcat -F "$SLAPD_CONF" -n0 -l "$dir/cn=config.ldif" +} +# }}} +dump_databases() { # {{{ +# If the user wants us to dump the databases they are dumped to the +# configured directory. + + local db suffix file dir failed + + database_dumping_enabled || return 0 + + dir=`database_dumping_destdir` + echo >&2 " Dumping to $dir: " + (get_suffix | while read -r suffix; do + dbdir=`get_directory "$suffix"` + if [ -n "$dbdir" ]; then + file="$dir/$suffix.ldif" + printf ' - directory %s... ' "$suffix" >&2 + # Need to support slapd.d migration from preinst + if [ -f "${SLAPD_CONF}" ]; then + slapcat_opts="-g -f ${SLAPD_CONF}" + else + slapcat_opts="-g -F ${SLAPD_CONF}" + fi + slapcat ${slapcat_opts} -b "$suffix" > "$file" || failed=1 + if [ "$failed" ]; then + rm -f "$file" + echo "failed." >&2 + db_subst slapd/upgrade_slapcat_failure location "$dir" <&5 + db_input critical slapd/upgrade_slapcat_failure <&5 || true + db_go <&5 || true + exit 1 + fi + echo "done." >&2 + fi + done) 5<&0 </dev/null +} + +# }}} +load_databases() { # {{{ + local dir file db dbdir backupdir slapadd_opts + + dir=`database_dumping_destdir` + echo >&2 " Loading from $dir: " + # restore by increasing suffix length due to possibly glued databases + get_suffix | awk '{ print length, $0 }' | sort -n | cut -d ' ' -f 2- \ + | while read -r suffix; do + dbdir=`get_directory "$suffix"` + if [ -z "$dbdir" ]; then + continue + fi + if ! is_empty_dir "$dbdir"; then + echo >&2 \ + " Directory $dbdir for $suffix not empty, aborting." + exit 1 + fi + + file="$dir/$suffix.ldif" + printf ' - directory %s... ' "$suffix" >&2 + + # If there is an old DB_CONFIG file, restore it before + # running slapadd + backupdir="$(compute_backup_path -n "$dbdir" "$suffix")" + if [ -e "$backupdir"/DB_CONFIG ]; then + cp -a "$backupdir"/DB_CONFIG "$dbdir"/ + fi + + if [ -f "${SLAPD_CONF}" ]; then + slapadd_opts="-g -f ${SLAPD_CONF}" + else + slapadd_opts="-g -F ${SLAPD_CONF}" + fi + capture_diagnostics slapadd ${slapadd_opts} \ + -q -b "$suffix" -l "$file" || failed=1 + if [ "$failed" ]; then + rm -f "$dbdir"/* + echo "failed." >&2 + echo >&2 + cat <<-EOF + Loading the database from the LDIF dump failed with the following + error while running slapadd: +EOF + release_diagnostics " " + exit 1 + fi + echo "done." >&2 + + if [ -n "$SLAPD_USER" ] || [ -n "$SLAPD_GROUP" ]; then + echo -n " - chowning database directory ($SLAPD_USER:$SLAPD_GROUP)... " + update_permissions "$dbdir" + echo "done"; + fi + done +} + +# }}} +move_incompatible_databases_away() { # {{{ + echo >&2 " Moving old database directories to /var/backups:" + (get_suffix | while read -r suffix; do + dbdir=`get_directory "$suffix"` + move_old_database_away "$dbdir" "$suffix" <&5 + done) 5<&0 </dev/null +} +# }}} +# }}} +# }}} + +# ===== Parsing the slapd configuration file ============================ {{{ +# +# For some operations we have to know the slapd configuration. These +# functions are for parsing the slapd configuration file. + +# The following two functions need to support slapd.conf installations +# as long as upgrading from slapd.conf environment is supported. +# They're used to dump database in preinst which may have a slapd.conf file. +get_suffix() { # {{{ + if [ -f "${SLAPD_CONF}" ]; then + for f in `get_all_slapd_conf_files`; do + sed -n -e '/^suffix[[:space:]]/ { s/^suffix[[:space:]]\+"*\([^"]\+\)"*/\1/; s/\\\\/\\/g; p }' $f + done + else + grep -h ^olcSuffix ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif | cut -d: -f 2 + fi | sort -u +} +# }}} +get_directory() { # {{{ +# Returns the db directory for a given suffix + if [ -d "${SLAPD_CONF}" ] && get_suffix | grep -Fq "$1" ; then + sed -n 's/^olcDbDirectory: *//p' `grep -Flx "olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif` + elif [ -f "${SLAPD_CONF}" ]; then + # Extract the directory for the given suffix ($1) + # Quote backslashes once for slapd.conf parser, again for awk + quoted="$(printf '%s' "$1" | sed 's/\\/\\\\\\\\/g')" + for f in `get_all_slapd_conf_files`; do + awk ' BEGIN { DB=0; SUF=""; DIR="" } ; + /^database/ { DB=1; SUF=""; DIR="" } ; + DB==1 && /^suffix[ \t]+"?'"$quoted"'"?$/ { SUF=$2 ; } ; + DB==1 && /^directory/ { DIR=$2 ;} ; + DB==1 && SUF!="" && DIR!="" { sub(/^"/,"",DIR) ; sub(/"$/,"",DIR) ; print DIR; SUF=""; DIR="" }' "${f}" | \ + sed -e's/\([^\\]\|^\)"/\1/g; s/\\"/"/g; s/\\\\/\\/g' + + done + else + return 1 + fi +} +# }}} +get_all_slapd_conf_files() { # {{{ +# Returns the list of all the config files: slapd.conf and included files. + echo ${SLAPD_CONF} + awk ' +BEGIN { I=0 } +/^include/ { + sub(/include/," "); + I=1; +} +I==1 && /^[ \t]+/ { + split($0,F) ; + for (f in F) + if (!match(F[f],/schema/)) { + print F[f] + } ; + next; +} +I==1 { I=0 } +' ${SLAPD_CONF} +} +# }}} +# }}} + +compute_backup_path() { # {{{ +# Compute the path to backup a database directory +# Usage: compute_backup_path [-n] <dir> <basedn> + +# XXX: should ask the user via debconf + + local dirname basedn ok_exists + if [ "$1" = "-n" ]; then + ok_exists=yes + shift + fi + dirname="$1" + basedn="$2" + + # Computing the name of the backup directory from the old version, + # the suffix etc. all makes me feel worried. I'd rather have a + # directory name which is not going to exist. So the simple + # scheme we are using now is to compute the filename from the + # directory name and appending date and time. And we check if it + # exists to be really sure... -- Torsten + + local target + local id + id="$OLD_VERSION" + [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S` + target="/var/backups/$basedn-$id.ldapdb" + if [ -e "$target" ] && [ -z "$ok_exists" ]; then + echo >&2 + echo >&2 " Backup path $target exists. Giving up..." + exit 1 + fi + + printf '%s' "$target" +} + +# }}} +move_old_database_away() { # {{{ +# Move the old database away if it is still there +# +# In fact this function makes sure that the database directory is empty +# with the exception of any DB_CONFIG file +# and can be populated with a new database. If something is in the way +# it is moved to a backup directory if the user accepted the debconf +# option slapd/move_old_database. Otherwise we output a warning and let +# the user fix it himself. +# Usage: move_old_database_away <dbdir> [<basedn>] + + local databasedir backupdir + databasedir="$1" + suffix="${2:-unknown}" + + if [ ! -e "$databasedir" ] || is_empty_dir "$databasedir"; then + return 0 + fi + + # Note that we can't just move the database dir as it might be + # a mount point. Instead me move the content which might + # include mount points as well anyway, but it's much less likely. + db_get slapd/move_old_database + if [ "$RET" = true ]; then + backupdir="$(compute_backup_path "$databasedir" "$suffix")" + printf ' - directory %s... ' "$suffix" >&2 + mkdir -p "$backupdir" + find -H "$databasedir" -mindepth 1 -maxdepth 1 -type f \ + -exec mv {} "$backupdir" \; + echo done. >&2 + else + cat >&2 <<EOF + There are leftover files in $databasedir. This will probably break + creating the initial directory. If that's the case please move away + stuff in there and retry the configuration. +EOF + fi +} +# }}} +manual_configuration_wanted() { # {{{ +# Check if the user wants to configure everything himself (queries debconf) +# Returns success if yes. + + db_get slapd/no_configuration + if [ "$RET" = "true" ]; then + return 0 + else + return 1 + fi +} +# }}} +copy_example_DB_CONFIG() { # {{{ +# Copy an example DB_CONFIG file +# copy_example_DB_CONFIG <directory> + local directory srcdir + + directory="$1" + srcdir="/usr/share/slapd" + + if ! [ -f "${directory}/DB_CONFIG" ] && [ -d "$directory" ]; then + cp $srcdir/DB_CONFIG "${directory}/DB_CONFIG" + fi +} + +# }}} +create_new_configuration() { # {{{ +# Create a new configuration and directory + + local basedn dc backend + + # For the domain really.argh.org we create the basedn + # dc=really,dc=argh,dc=org with the dc entry dc: really + db_get slapd/domain + basedn="dc=`echo $RET | sed 's/^\.//; s/\.$//; s/\./,dc=/g'`" + dc="`echo $RET | sed 's/^\.//; s/\..*$//'`" + + db_get slapd/backend + backend="`echo $RET|tr A-Z a-z`" + + backup_config_once + if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then + echo >&2 " Moving old database directory to /var/backups:" + move_old_database_away /var/lib/ldap + fi + create_ldap_directories + create_new_slapd_conf "$basedn" "$backend" + create_new_directory "$basedn" "$dc" + + # Put the right permissions on this directory. + update_permissions /var/lib/ldap + + # Now that we created the new directory we don't need the passwords in the + # debconf database anymore. So wipe them. + wipe_admin_pass +} +# }}} +create_new_slapd_conf() { # {{{ +# Create the new slapd.d directory (configuration) +# Usage: create_new_slapd_conf <basedn> <backend> + + local initldif failed basedn backend backendobjectclass backendoptions adminpass + + # Fetch configuration + basedn="$1" + backend="$2" + if [ "$backend" = "mdb" ]; then + backendoptions="olcDbMaxSize: 1073741824" + backendobjectclass="olcMdbConfig" + else + backendoptions="olcDbConfig: set_cachesize 0 2097152 0\nolcDbConfig: set_lk_max_objects 1500\nolcDbConfig: set_lk_max_locks 1500\nolcDbConfig: set_lk_max_lockers 1500" + if [ "$backend" = "hdb" ]; then + backendobjectclass="olcHdbConfig" + else + backendobjectclass="olcBdbConfig" + fi + fi + db_get slapd/internal/adminpw + adminpass="$RET" + + echo -n " Creating initial configuration... " >&2 + + # Create the slapd.d directory. + rm -rf ${SLAPD_CONF}/cn=config ${SLAPD_CONF}/cn=config.ldif + mkdir -p ${SLAPD_CONF} + initldif=`mktemp -t slapadd.XXXXXX` + cat /usr/share/slapd/slapd.init.ldif > ${initldif} + + # Change some defaults + sed -i -e "s|@BACKEND@|$backend|g" ${initldif} + sed -i -e "s|@BACKENDOBJECTCLASS@|$backendobjectclass|g" ${initldif} + sed -i -e "s|@BACKENDOPTIONS@|$backendoptions|g" ${initldif} + sed -i -e "s|@SUFFIX@|$basedn|g" ${initldif} + sed -i -e "s|@PASSWORD@|$adminpass|g" ${initldif} + + capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "cn=config" \ + -l "${initldif}" || failed=1 + if [ "$failed" ]; then + cat <<-EOF +Loading the initial configuration from the ldif file (${init_ldif}) failed with +the following error while running slapadd: +EOF + release_diagnostics " " + exit 1 + fi + + update_permissions "${SLAPD_CONF}" + rm -f "${initldif}" + echo "done." >&2 +} +# }}} +encode_utf8() { #{{{ +# Make the value utf8 encoded. Takes one argument and utf8 encode it. +# Usage: val=`encode_utf8 <value>` + perl -e 'use Encode; print encode_utf8($ARGV[0]);' "$1" +} #}}} +create_new_directory() { # {{{ +# Create a new directory. Takes the basedn and the dc value of that entry. +# Other information is extracted from debconf. +# Usage: create_new_directory <basedn> <dc> + + local basedn dc organization adminpass + basedn="$1" + dc="$2" + + # Encode to utf8 and base64 encode the organization. + db_get shared/organization + organization=`encode_utf8 "$RET"` + db_get slapd/internal/adminpw + adminpass="$RET" + + echo -n " Creating LDAP directory... " >&2 + + initldif=`mktemp -t slapadd.XXXXXX` + cat <<-EOF > "${initldif}" + dn: $basedn + objectClass: top + objectClass: dcObject + objectClass: organization + o: $organization + dc: $dc + + dn: cn=admin,$basedn + objectClass: simpleSecurityObject + objectClass: organizationalRole + cn: admin + description: LDAP administrator + userPassword: $adminpass + EOF + + capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "${basedn}" \ + -l "${initldif}" || failed=1 + if [ "$failed" ]; then + rm -f ${initldif} + echo "failed." >&2 + cat <<-EOF +Loading the initial configuration from the ldif file (${init_ldif}) failed with +the following error while running slapadd: +EOF + release_diagnostics " " + exit 1 + fi + + rm -f ${initldif} + echo "done." >&2 +} +# }}} +backup_config_once() { # {{{ +# Create a backup of the current configuration files. +# Usage: backup_config_once + + local backupdir + + if [ -z "$FLAG_CONFIG_BACKED_UP" ]; then + if [ -e "$SLAPD_CONF" ]; then + backupdir=`database_dumping_destdir` + echo -n " Backing up $SLAPD_CONF in ${backupdir}... " >&2 + cp -a "$SLAPD_CONF" "$backupdir" + echo done. >&2 + fi + FLAG_CONFIG_BACKED_UP=yes + fi +} + +# }}} +normalize_ldif() { # {{{ +# Unwrap LDIF lines and strip comments. + perl -00 -pe 's/\n[ \t]//g; s/^#.*\n//mg' "$@" +} +# }}} + + +set_defaults_for_unseen_entries() { # {{{ +# Set up the defaults for our templates + DOMAIN=`hostname -d 2>/dev/null` || true + if [ -z "$DOMAIN" ]; then DOMAIN='nodomain'; fi + + db_fget slapd/domain seen + if [ "$RET" = false ]; then + db_set slapd/domain "$DOMAIN" + fi + + db_fget shared/organization seen + if [ "$RET" = false ]; then + db_set shared/organization "$DOMAIN" + fi +} +# }}} +crypt_admin_pass() { # {{{ +# Store the encrypted admin password into the debconf db +# Usage: crypt_admin_pass + + local adminpw; + + db_get slapd/password1 + if [ ! -z "$RET" ]; then + db_set slapd/internal/adminpw `create_password_hash "$RET"` + else + + # Set the password. + adminpw=`generate_admin_pass` + db_set slapd/internal/generated_adminpw $adminpw + db_set slapd/internal/adminpw `create_password_hash "$adminpw"` + fi +} + +generate_admin_pass() { +# Generate a password, if no password given then generate one. +# Usage: generate_admin_pass + + perl << 'EOF' +# -------- +sub generatePassword { + $length = shift; + $possible = 'abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ'; + $password = ''; + while(length($password) < $length) { + $password.= substr($possible, (int(rand(length($possible)))), 1); + } + return $password; +} +print generatePassword(15); +EOF +# -------- +} + +wipe_admin_pass() { +# Remove passwords after creating the initial ldap database. +# Usage: wipe_admin_pass + db_set slapd/password1 "" + db_set slapd/password2 "" + db_set slapd/internal/adminpw "" + db_set slapd/internal/generated_adminpw "" +} + +# }}} +create_password_hash() { # {{{ +# Create the password hash for the given password +# Usage: hash=`create_password_hash "$password"` + + slappasswd -s "$1" +} + +# }}} +previous_version_older() { # {{{ +# Check if the previous version is newer than the reference version passed. +# If we are not upgrading the previous version is assumed to be newer than +# any reference version. +# Usage: previous_version_older <package version> + + if dpkg --compare-versions "$OLD_VERSION" lt-nl "$1"; then + return 0 + else + return 1 + fi +} + +# }}} +previous_version_newer() { # {{{ +# Check if the previous version is newer than the reference version passed. +# If we are not upgrading the previous version is assumed to be newer than +# any reference version. +# Usage: previous_version_newer <package version> + + if dpkg --compare-versions "$OLD_VERSION" gt-nl "$1"; then + return 0 + else + return 1 + fi +} # }}} + +is_initial_configuration() { # {{{ +# Check if this is the initial configuration and not an upgrade of an +# existing configuration +# Usage: if is_initial_configuration "$@"; then ... fi from top level + + # Plain installation + if [ "$1" = configure ] && [ -z "$2" ]; then + return 0 + fi + # Configuration via dpkg-reconfigure + if [ "$1" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]; then + return 0 + fi + # Upgrade but slapd.conf doesn't exist. If the user is doing this + # intentionally because they want to put it somewhere else, they + # should select manual configuration in debconf. + if [ "$1" = configure ] && [ ! -e "${SLAPD_CONF}" ]; then + return 0 + fi + return 1 +} + +# }}} +is_empty_dir() { # {{{ +# Check if a path refers to a directory that is "empty" from the POV of slapd +# (i.e., contains no files except for an optional DB_CONFIG). +# Usage: if is_empty_dir "$dir"; then ... fi + + output=`find -H "$1" -mindepth 1 -maxdepth 1 -type f \! -name DB_CONFIG 2>/dev/null` + if [ -n "$output" ]; then + return 1 + else + return 0 + fi +} + +# }}} + +find_old_ppolicy_schema() { # {{{ +# Helper for the ppolicy schema update in 2.4.43. Checks whether the +# exported config includes an old version of the ppolicy schema that +# needs the new attribute added. If such a schema is found, echos its DN +# to stdout. If the schema is not loaded or is already up-to-date, +# returns nothing. The provided LDIF should have its lines unwrapped +# already. +# Usage: ppolicy_dn="$(find_old_ppolicy_schema "$exported_ldif")" + local ppolicy_dn + + # Is the ppolicy schema loaded? + if ! ppolicy_dn="$(grep '^dn: cn={[0-9]\+}ppolicy,cn=schema,cn=config$' "$1")"; then + return + fi + + # Has the pwdMaxRecordedFailure attribute already been added? + # It might have been replicated from a newer server. + if grep -q '^olcAttributeTypes: .*NAME '\''pwdMaxRecordedFailure'\' "$1"; then + return + fi + + # The schema is loaded and needs to be updated. + ppolicy_dn="${ppolicy_dn#dn: }" + echo "$ppolicy_dn" +} +# }}} + +# ===== Global variables ================================================ {{{ +# +# At some points we need to know which version we are upgrading from if +# any. More precisely we only care about the configuration and data we +# might have laying around. Some parts also want to know which mode the +# script is running in. + +MODE="$1" # install, upgrade, etc. - see debian-policy +OLD_VERSION="$2" + +# Source the init script configuration +# See example file debian/slapd.default for variables defined here +if [ -f "/etc/default/slapd" ]; then + . /etc/default/slapd +fi + +# Load the default location of the slapd config file +if [ -z "$SLAPD_CONF" ]; then + if [ -f "/etc/ldap/slapd.conf" ] && \ + [ ! -e "/etc/ldap/slapd.d" ] + then + SLAPD_CONF="/etc/ldap/slapd.conf" + else + SLAPD_CONF="/etc/ldap/slapd.d" + fi +fi + +# }}} + +# ----- Handling diagnostic output ------------------------------------ {{{ +# +# Often you want to run a program while you are showing progress +# information to the user. If the program you are running outputs some +# diagnostics it will mess up your screen. +# +# This is what the following functions are designed for. When running the +# program, use capture_diagnostics to store what the program outputs to +# stderr and use release_diagnostics to write out the captured output. + + +capture_diagnostics() { # {{{ +# Run the command passed and capture the diagnostic output in a temporary +# file. You can dump that file using release_diagnostics. + + # Create the temporary file + local tmpfile + tmpfile=`mktemp` + exec 7<>"$tmpfile" + rm "$tmpfile" + + # Run the program and capture stderr. If the program fails the + # function fails with the same status. + "$@" 2>&7 || return $? +} + +# }}} +release_diagnostics() { # {{{ +# Dump the diagnostic output captured via capture_diagnostics, optionally +# prefixing each line. +# Usage: release_diagnostics "prefix" + + local script + script=' + seek STDIN, 0, 0; + print "$ARGV[0]$_" while (<STDIN>);'; + perl -e "$script" "$1" <&7 +} + +# }}} + + +# }}} + +# vim: set sw=8 foldmethod=marker: + diff --git a/debian/slapd.templates b/debian/slapd.templates new file mode 100644 index 0000000..e4ad154 --- /dev/null +++ b/debian/slapd.templates @@ -0,0 +1,185 @@ +Template: slapd/no_configuration +Type: boolean +Default: false +_Description: Omit OpenLDAP server configuration? + If you enable this option, no initial configuration or database will be + created for you. + +Template: slapd/dump_database +Type: select +__Choices: always, when needed, never +Default: when needed +_Description: Dump databases to file on upgrade: + Before upgrading to a new version of the OpenLDAP server, the data from + your LDAP directories can be dumped into plain text files in the + standard LDAP Data Interchange Format. + . + Selecting "always" will cause the databases to be dumped + unconditionally before an upgrade. Selecting "when needed" will only + dump the database if the new version is incompatible with the old + database format and it needs to be reimported. If you select "never", + no dump will be done. + +Template: slapd/dump_database_destdir +Type: string +Default: /var/backups/slapd-VERSION +_Description: Directory to use for dumped databases: + Please specify the directory where the LDAP databases will be exported. + In this directory, several LDIF files will be created which correspond + to the search bases located on the server. Make sure you have enough + free space on the partition where the directory is located. The first + occurrence of the string "VERSION" is replaced with the server version + you are upgrading from. + +Template: slapd/move_old_database +Type: boolean +Default: true +_Description: Move old database? + There are still files in /var/lib/ldap which will probably break + the configuration process. If you enable this option, the maintainer + scripts will move the old database files out of the way before + creating a new database. + +Template: slapd/invalid_config +Type: boolean +Default: true +_Description: Retry configuration? + The configuration you entered is invalid. Make sure that the DNS domain name + is syntactically valid, the field for the organization is not left empty and + the admin passwords match. If you decide not to retry the configuration the + LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to + retry later. + +Template: slapd/domain +Type: string +_Description: DNS domain name: + The DNS domain name is used to construct the base DN of the LDAP directory. + For example, 'foo.example.org' will create the directory with + 'dc=foo, dc=example, dc=org' as base DN. + +Template: shared/organization +Type: string +_Description: Organization name: + Please enter the name of the organization to use in the base DN of your + LDAP directory. + +Template: slapd/password1 +Type: password +_Description: Administrator password: + Please enter the password for the admin entry in your LDAP directory. + +Template: slapd/password2 +Type: password +_Description: Confirm password: + Please enter the admin password for your LDAP directory again to verify + that you have typed it correctly. + +Template: slapd/password_mismatch +Type: note +_Description: Password mismatch + The two passwords you entered were not the same. Please try again. + +Template: slapd/purge_database +Type: boolean +Default: false +_Description: Do you want the database to be removed when slapd is purged? + +Template: slapd/internal/adminpw +Type: password +Description: Encrypted admin password: + Internal template, should never be displayed to users. + +Template: slapd/internal/generated_adminpw +Type: password +Description: Generated admin password: + Internal template, should never be displayed to users. + +Template: slapd/upgrade_slapcat_failure +Type: error +#flag:translate!:5 +#flag:comment:4 +# This paragraph is followed by a (non translatable) paragraph +# containing a command line +#flag:comment:6 +# Translators: keep "${location}" unchanged. This is a variable that +# will be replaced by a directory name at execution +_Description: slapcat failure during upgrade + An error occurred while upgrading the LDAP directory. + . + The 'slapcat' program failed while extracting the LDAP directory. This + may be caused by an incorrect configuration file (for example, missing + 'moduleload' lines to support the backend database). + . + This failure will cause 'slapadd' to fail later as well. The old database + files will be moved to /var/backups. If you want to try this upgrade + again, you should move the old database files back into place, fix + whatever caused slapcat to fail, and run: + . + slapcat > ${location} + . + Then move the database files back to a backup area and then try running + slapadd from ${location}. + +Template: slapd/backend +Type: select +Choices: BDB, HDB, MDB +Default: MDB +_Description: Database backend to use: + HDB and BDB use similar storage formats, but HDB adds support for + subtree renames. Both support the same configuration options. + . + The MDB backend is recommended. MDB uses a new storage format and + requires less configuration than BDB or HDB. + . + In any case, you should review the resulting database configuration for + your needs. See /usr/share/doc/slapd/README.Debian.gz for more details. + +Template: slapd/unsafe_selfwrite_acl +Type: note +#flag:comment:3 +# Translators: keep "by self write" and "to *" unchanged. These are part +# of the slapd configuration and are not translatable. +_Description: Potentially unsafe slapd access control configuration + One or more of the configured databases has an access control rule that + allows users to modify most of their own attributes. This may be + unsafe, depending on how the database is used. + . + In the case of slapd access rules that begin with "to *", it is + recommended to remove any instances of "by self write", so that users + are only able to modify specifically allowed attributes. + . + See /usr/share/doc/slapd/README.Debian.gz for more details. + +Template: slapd/ppolicy_schema_needs_update +Type: select +__Choices: abort installation, continue regardless +DefaultChoice: abort installation +#flag:comment:2 +# "ppolicy" and "pwdMaxRecordedFailure" are not translatable. +#flag:comment:3 +# This paragraph is followed by the path to the generated file (not +# translatable). The sentence continues in the following paragraph. +#flag:comment:5 +# This paragraph continues the sentence started in the previous +# paragraph. It is followed by a command line. +#flag:translate!:4,6 +_Description: Manual ppolicy schema update recommended + The new version of the Password Policy (ppolicy) overlay requires the + schema to define the pwdMaxRecordedFailure attribute type, which is not + present in the schema currently in use. It is recommended to abort the + upgrade now, and to update the ppolicy schema before upgrading slapd. + If replication is in use, the schema update should be applied on every + server before continuing with the upgrade. + . + An LDIF file has been generated with the changes required for the upgrade: + . + ${ldif} + . + so if slapd is using the default access control rules, these changes can be + applied (after starting slapd) by using the command: + . + ldapmodify -H ldapi:/// -Y EXTERNAL -f ${ldif} + . + If instead you choose to continue the installation, the new attribute + type will be added automatically, but the change will not be acted on + by slapd overlays, and replication with other servers may be affected. diff --git a/debian/slapi-dev.install b/debian/slapi-dev.install new file mode 100644 index 0000000..aa8a25d --- /dev/null +++ b/debian/slapi-dev.install @@ -0,0 +1,2 @@ +usr/include/slapi-plugin.h +usr/lib/*/libslapi.so diff --git a/debian/slapo-pw-pbkdf2.5 b/debian/slapo-pw-pbkdf2.5 new file mode 100644 index 0000000..e5dd5de --- /dev/null +++ b/debian/slapo-pw-pbkdf2.5 @@ -0,0 +1,112 @@ +.TH SLAPO-PW-PBKDF2 5 "RELEASEDATE" "OpenLDAP LDVERSION" +.\" Copyright 2015-2018 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" $OpenLDAP$ +.SH NAME +slapo-pw-pbkdf2 \- PBKDF2 password module to slapd +.SH SYNOPSIS +ETCDIR/slapd.conf +.RS +.LP +.B moduleload +.B pw-pbkdf2 +.RE +.SH DESCRIPTION +.LP +The +.B pw-pbkdf2 +module to +.BR slapd (8) +provides support for the use of the key stretching function +PBKDF2 (Password-Based Key Derivation Function 2) following RFC 2898 +in hashed passwords in OpenLDAP. +.LP +It does so by providing the following additional password schemes for use in slapd: +.RS +.TP +.B {PBKDF2} +alias to {PBKDF2-SHA1} +.TP +.B {PBKDF2-SHA1} +PBKDF2 using HMAC-SHA-1 as the underlying pseudorandom function +.TP +.B {PBKDF2-SHA256} +PBKDF2 using HMAC-SHA-256 as the underlying pseudorandom function +.TP +.B {PBKDF2-SHA512} +PBKDF2 using HMAC-SHA-512 as the underlying pseudorandom function +.RE + +.SH CONFIGURATION +The +.B pw-pbkdf2 +module does not need any configuration. +.LP +After loading the module, the password schemes +{PBKDF2}, {PBKDF2-SHA1}, {PBKDF2-SHA256}, and {PBKDF2-SHA512} +will be recognised in values of the +.I userPassword +attribute. +.LP +You can then instruct OpenLDAP to use these schemes when processing +the LDAPv3 Password Modify (RFC 3062) extended operations by using the +.BR password-hash +option in +.BR slapd.conf (5). + +.SH NOTES +If you want to use the schemes described here with +.BR slappasswd (8), +remember to load the module using its command line options. +The relevant option/value is: +.RS +.LP +.B \-o +.BR module\-load = pw-pbkdf2 +.LP +.RE +Depending on +.BR pw-pbkdf2 's +location, you may also need: +.RS +.LP +.B \-o +.BR module\-path = \fIpathspec\fP +.RE + +.SH EXAMPLES +All of the userPassword LDAP attributes below encode the password +.RI ' secret '. +.EX +.LP +userPassword: {PBKDF2-SHA512}10000$/oQ4xZi382mk7kvCd3ZdkA$2wqjpuyV2l0U/a1QwoQPOtlQL.UcJGNACj1O24balruqQb/NgPW6OCvvrrJP8.SzA3/5iYvLnwWPzeX8IK/bEQ +.LP +userPassword: {PBKDF2-SHA256}10000$jq40ImWtmpTE.aYDYV1GfQ$mpiL4ui02ACmYOAnCjp/MI1gQk50xLbZ54RZneU0fCg +.LP +userPassword: {PBKDF2-SHA1}10000$QJTEclnXgh9Cz3ChCWpdAg$9.s98jwFJM.NXJK9ca/oJ5AyoAQ +.EE +.LP +To make {PBKDF2-SHA512} the password hash used in Password Modify extended operations, +simply set this line in slapd.conf(5): +.EX +.LP +password-hash {PBKDF2-SHA512} +.EX + +.SH SEE ALSO +.BR slapd.conf (5), +.BR ldappasswd (1), +.BR slappasswd (8), +.BR ldap (3), +.LP +"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) +.LP + +.SH ACKNOWLEDGEMENTS +This manual page has been written by Peter Marschall based on the +module's README file written by HAMANO Tsukasa <hamano@osstech.co.jp> +.LP +.B OpenLDAP +is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). +.B OpenLDAP +is derived from University of Michigan LDAP 3.3 Release. diff --git a/debian/source.lintian-overrides b/debian/source.lintian-overrides new file mode 100644 index 0000000..d642a59 --- /dev/null +++ b/debian/source.lintian-overrides @@ -0,0 +1,10 @@ +# this file lists copyright notices applying to the schemas +openldap source: license-problem-non-free-RFC servers/slapd/schema/README +# RFC text removed, files contain functional interface definitions only +# Copyright notices have been retained to preserve attribution +openldap source: license-problem-non-free-RFC debian/schema/core.ldif +openldap source: license-problem-non-free-RFC debian/schema/core.schema +openldap source: license-problem-non-free-RFC debian/schema/pmi.schema +# internal templates, not shown to users +openldap source: untranslatable-debconf-templates slapd.templates: 89 +openldap source: untranslatable-debconf-templates slapd.templates: 94 diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tests/check_upgradepath b/debian/tests/check_upgradepath new file mode 100755 index 0000000..d1f2578 --- /dev/null +++ b/debian/tests/check_upgradepath @@ -0,0 +1,173 @@ +#! /bin/sh + +set -e + +# WARNING: This script is obsolete and will require a fair bit of work to get +# working again. It assumes woody, uses debconf questions that don't exist +# any more, and probably doesn't check everything that you would want to +# check. Preserved just because I haven't done the work to see if puiparts +# can now do the same thing in a cleaner way. + +# Setup +: ${chroot_dir:=../chroot} +: ${debmirror:=http://ftp.de.debian.org/debian} +: ${proxy:=http://proxy.galaxy:3128/} +unset LC_ALL +unset LC_CTYPE +unset LC_MESSAGES +# XXX: comment out when testing new versions. Needed so libc6 does not +# ask for restarting services. +export DEBIAN_FRONTEND=noninteractive + +woodytar=$chroot_dir/woody_base.tar.gz + +# List our packages +list_packages() { + local p ver + ver=`dpkg-parsechangelog|sed -ne 's/^Version: //p'` + for p in `dh_listpackages`; do + (cd .. && echo ${p}_$ver*deb) + done +} + +# Run a command inside the chroot + +in_target() { + chroot $chroot_dir/woody "$@" +} + +# Set a debconf variable inside the chroot + +debconf_set() { + local name=$1 + shift + cat >>$chroot_dir/woody/var/cache/debconf/config.dat <<EOF +Name: $name +Template: $name +Flags: seen +Value: $@ + +EOF +} + +# Setup a woody chroot + +setup_chroot() { + # Kill an existing chroot + rm -Rf $chroot_dir/woody + + # If there is a tar archive with a base system we use it + if [ -e $woodytar ]; then + mkdir $chroot_dir/woody + echo -n "Unpacking system from $woodytar" + tar -C $chroot_dir/woody -xzf $woodytar + echo "done." + # Otherwise we need to create a new base system and save it + # to a tar for the next time + else + debootstrap woody $chroot_dir/woody $debmirror | \ + shtool prop -p "Creating base system from $debmirror" + tar -C $chroot_dir/woody -czvf $woodytar . | \ + shtool prop -p "Saving system to $woodytar" + fi + + # Install a suitable apt configuration + echo "deb $debmirror woody main" \ + > $chroot_dir/woody/etc/apt/sources.list + echo "Acquire::HTTP::Proxy \"$proxy\";" \ + > $chroot_dir/woody/etc/apt/apt.conf + in_target apt-get update + in_target mount -t proc none /proc + + # We don't want any debconf interaction + #debconf_set debconf/frontend Noninteractive +} + +# These are our example configurations for testing the upgrade + +conf_domain_or_host() { + debconf_set slapd/fill_method auto + debconf_set slapd/suffix_type "domain or host" + debconf_set slapd/domain "some.example.net" + debconf_set slapd/replicate false + debconf_set shared/organization Some Organization +} + + +check_domain_or_host() { + sleep 2 # wait for slapd to startup + in_target ldapsearch -h localhost -b dc=some,dc=example,dc=net -x \ + objectclass=\* +} + +conf_location() { + debconf_set slapd/fill_method auto + debconf_set slapd/suffix_type "location" + debconf_set shared/locale/countrycode de + debconf_set shared/organization "Sample Organization" + debconf_set slapd/replicate false + debconf_set shared/organization Some Organization +} + +check_location() { + sleep 2 # wait for slapd to startup + in_target ldapsearch -h localhost -b "o=Some Organization, c=de" \ + -x objectclass=\* +} +# Install slapd inside the chroot + +install_slapd() { + in_target apt-get -y install slapd ldap-utils +} + +# Do an upgrade of our packages inside the chroot + +upgrade() { + # Link our packages into the chroot + for p in `list_packages`; do + ln ../$p $chroot_dir/woody/root/ + done + + # Create a packages file + (cd $chroot_dir/woody/root && dpkg-scanpackages . /dev/null >Packages) + + # Switch to unstable + echo "deb $debmirror unstable main" \ + > $chroot_dir/woody/etc/apt/sources.list + echo "deb file:/root ./" >> $chroot_dir/woody/etc/apt/sources.list + + # Update package lists + in_target apt-get update + + # Tell our scripts to fix the config + debconf_set slapd/fix_directory true + debconf_set slapd/password1 foobar + debconf_set slapd/allow_ldap_v2 + + # Do an upgrade of our packages + in_target apt-get install -y `dh_listpackages` +} + +# Checks if upgrading a woody system with slapd configured with the +# command given works. + +check_upgrade() { + setup_chroot + conf_$1 + debconf_set slapd/password1 foobar + debconf_set slapd/password2 foobar + install_slapd + check_$1 + upgrade + check_$1 + in_target /etc/init.d/slapd stop + in_target umount /proc +} + +# Try upgrading our example setups + +for i in location domain_or_host; do + check_upgrade $i +done + +echo "SUCCESS testing upgrading from woody" diff --git a/debian/tests/create_account b/debian/tests/create_account new file mode 100755 index 0000000..a5051af --- /dev/null +++ b/debian/tests/create_account @@ -0,0 +1,24 @@ +#! /usr/bin/perl -w + +# Shows how to create an entry on the LDAP server + +$host = "localhost"; # LDAP server +$basedn = "dc=galaxy"; # Base DN +$admindn = "cn=admin, $basedn"; # Admin entry +$adminpass = "foo"; # Password + +use Net::LDAP; + +$ldap = Net::LDAP->new("$host", onerror => "die"); +$ldap->bind($admindn, password => $adminpass); + +# Create "ou=People" entry if not there + +$results = $ldap->search(base => "$basedn", + filter => "ou=People", scope => "one"); +unless ($results->count > 0) { + $ldap->add("ou=People, $basedn", attr => [ + ou => "People", + objectClass => [ "top", "organizationalUnit" ] + ]); +} diff --git a/debian/tests/find_unused_functions b/debian/tests/find_unused_functions new file mode 100755 index 0000000..bd31d45 --- /dev/null +++ b/debian/tests/find_unused_functions @@ -0,0 +1,30 @@ +#! /usr/bin/perl -w + +use autouse Data::Dumper, qw{Dumper}; + +# Script to find the unused shell functions in slapd.scripts-common + +our @code; + +# Get all shell code from maintainer scripts + +foreach my $file ((<slapd.*rm>, <slapd.*inst>, <slapd.config>, + <slapd.scripts-common>)) { + open SCRIPT, "<$file" or + die "Can't open $file: $!"; + push @code, <SCRIPT>; + close SCRIPT; +} + +# Find all function declarations + +our @functions = map { /^(\w+)\s*\(\).*$/; } @code; + +# Find unused functions + +foreach $function (@functions) { + @occurences = grep /$function/, @code; + @invocations = grep { !/^$function\s*\(\)/ and !/#.*$function/ } + @occurences; + print "$function\n" if @invocations == 0; +} diff --git a/debian/tests/hammer_slapd b/debian/tests/hammer_slapd new file mode 100755 index 0000000..9ad7f99 --- /dev/null +++ b/debian/tests/hammer_slapd @@ -0,0 +1,98 @@ +#! /usr/bin/perl -w + +use Net::LDAP; +use Data::Dumper; + +$host = "localhost"; # LDAP server +$basedn = "dc=galaxy"; # Base DN +$admindn = "cn=admin, $basedn"; # Admin entry +$adminpass = "foo"; # Password +$group = $ARGV[0] || "People"; + +$ldap = Net::LDAP->new("$host", onerror => "die"); +$ldap->bind($admindn, password => $adminpass); + +sub create_group { + $results = $ldap->search(base => "$basedn", + filter => "ou=$group", scope => "one"); + unless ($results->count > 0) { + $ldap->add("ou=$group, $basedn", attr => [ + ou => "$group", + objectClass => [ "top", "organizationalUnit" ] + ]); + } +} + +sub invent_name { + our @words; + unless (@words) { + open WORDS, "/usr/share/dict/british-english-large"; + @words = grep /^[A-Z]\w{0,11}$/, <WORDS>; + map { chomp } @words; + close WORDS; + } + + my $index = int(rand(@words)); + $index = int(rand(@words)) while not defined $words[$index]; + my $word = $words[$index]; + delete $words[$index]; + return $word; +} + +sub invent_names { + our @names; + + foreach (1..1000) { + push @names, { cn => invent_name, sn => invent_name }; + } +} + +sub create_entries { + foreach my $name (@names) { + create_account(%$name); + } +} + +sub create_account { + our $uid; + $uid = 1000 if not defined $uid; + + my %id = @_; + my $login = $id{cn}; + $login =~ tr/A-Z/a-z/; + $ldap->add("uid=$login, ou=$group, $basedn", attr => [ + %id, + objectClass => [ "top", "person", "posixAccount" ], + uid => $login, + uidNumber => $uid++, + gidNumber => 1000, + homeDirectory => "/home/$login" ]); +} + +sub delete_entries { + foreach my $name (@names) { + delete_account(%$name); + } +} + +sub delete_account { + my %id = @_; + my $login = $id{cn}; + $login =~ tr/A-Z/a-z/; + $ldap->delete("uid=$login, ou=$group, $basedn"); +} + +sub search_entries { + foreach (1..10000) { + my $num = int(rand(@names)); + $login = $names[$num]->{cn}; + $login =~ tr/A-Z/a-z/; + $ldap->search(base => "$basedn", filter => "uid=$login"); + } +} + +create_group; +invent_names; +create_entries; +search_entries; +delete_entries; diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..9f48fdf --- /dev/null +++ b/debian/watch @@ -0,0 +1,6 @@ +# debian/watch -- Rules for uscan to find new upstream versions. + +version=3 +opts=dversionmangle=s/\+dfsg// \ +https://www.openldap.org/software/download/ \ + (?:.*/)?openldap-?_?([\d+\.]+)\.tgz |