summaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/DB_CONFIG78
-rw-r--r--debian/README.DB_CONFIG187
-rw-r--r--debian/TODO32
-rw-r--r--debian/USE-CASES7
-rw-r--r--debian/changelog3300
-rw-r--r--debian/clean2
-rw-r--r--debian/compat1
-rw-r--r--debian/configure.options204
-rw-r--r--debian/control125
-rw-r--r--debian/copyright466
-rwxr-xr-xdebian/dh_installscripts-common22
-rw-r--r--debian/ldap-utils.README.Debian5
-rw-r--r--debian/ldap-utils.dirs2
-rw-r--r--debian/ldap-utils.install10
-rw-r--r--debian/ldap-utils.manpages11
-rwxr-xr-xdebian/ldiftopasswd174
-rw-r--r--debian/libldap-2.4-2.README.Debian22
-rw-r--r--debian/libldap-2.4-2.install4
-rw-r--r--debian/libldap-2.4-2.links.in1
-rw-r--r--debian/libldap-2.4-2.lintian-overrides4
-rw-r--r--debian/libldap-2.4-2.shlibs9
-rw-r--r--debian/libldap-2.4-2.symbols646
-rw-r--r--debian/libldap-common.install1
-rw-r--r--debian/libldap-common.manpages1
-rw-r--r--debian/libldap2-dev.dirs0
-rw-r--r--debian/libldap2-dev.install12
-rw-r--r--debian/libldap2-dev.links.in12
-rw-r--r--debian/libldap2-dev.manpages1
-rw-r--r--debian/patches/ITS-8964-Do-not-free-original-filter.patch36
-rw-r--r--debian/patches/ITS-9038-Another-test028-typo.patch25
-rw-r--r--debian/patches/ITS-9038-Fix-typo-in-test-script.patch25
-rw-r--r--debian/patches/ITS-9038-Update-test028-to-test-this-is-enforced.patch102
-rw-r--r--debian/patches/ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch36
-rw-r--r--debian/patches/ITS-9052-zero-out-sasl_ssf-in-connection_init.patch25
-rw-r--r--debian/patches/ITS-9202-limit-depth-of-nested-filters.patch125
-rw-r--r--debian/patches/ITS-9370-check-for-equality-rule-on-old_rdn.patch27
-rw-r--r--debian/patches/ITS-9383-remove-assert-in-certificateListValidate.patch26
-rw-r--r--debian/patches/ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch27
-rw-r--r--debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch58
-rw-r--r--debian/patches/ITS-9406-9407-remove-saslauthz-asserts.patch69
-rw-r--r--debian/patches/ITS-9406-fix-debug-msg.patch33
-rw-r--r--debian/patches/ITS-9408-fix-vrfilter-double-free.patch28
-rw-r--r--debian/patches/ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch25
-rw-r--r--debian/patches/ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch25
-rw-r--r--debian/patches/ITS-9411-fix-thisUpdate-check.patch25
-rw-r--r--debian/patches/ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch42
-rw-r--r--debian/patches/ITS-9413-fix-slap_parse_user.patch38
-rw-r--r--debian/patches/ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch48
-rw-r--r--debian/patches/ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch25
-rw-r--r--debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch45
-rw-r--r--debian/patches/ITS-9427-fix-issuerAndThisUpdateCheck.patch25
-rw-r--r--debian/patches/ITS-9428-fix-cancel-exop.patch28
-rw-r--r--debian/patches/ITS-9454-fix-issuerAndThisUpdateCheck.patch25
-rw-r--r--debian/patches/ITS-9815-slapd-sql-escape-filter-values.patch268
-rw-r--r--debian/patches/ITS6035-olcauthzregex-needs-restart.patch13
-rw-r--r--debian/patches/add-tlscacert-option-to-ldap-conf10
-rw-r--r--debian/patches/contrib-makefiles159
-rw-r--r--debian/patches/do-not-second-guess-sonames68
-rw-r--r--debian/patches/evolution-ntlm222
-rw-r--r--debian/patches/fix-build-top-mk11
-rw-r--r--debian/patches/getaddrinfo-is-threadsafe43
-rw-r--r--debian/patches/index-files-created-as-root37
-rw-r--r--debian/patches/lastbind-makefile-manpage46
-rw-r--r--debian/patches/ldap-conf-tls-cacertdir29
-rw-r--r--debian/patches/ldapi-socket-place16
-rw-r--r--debian/patches/libldap-symbol-versions161
-rw-r--r--debian/patches/man-slapd60
-rw-r--r--debian/patches/no-AM_INIT_AUTOMAKE25
-rw-r--r--debian/patches/no-bdb-ABI-second-guessing42
-rw-r--r--debian/patches/no-gnutls_global_set_mutex77
-rw-r--r--debian/patches/sasl-default-path55
-rw-r--r--debian/patches/series48
-rw-r--r--debian/patches/set-maintainer-name16
-rw-r--r--debian/patches/slapi-errorlog-file16
-rw-r--r--debian/patches/smbk5pwd-makefile-manpage251
-rw-r--r--debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff40
-rw-r--r--debian/patches/wrong-database-location74
-rw-r--r--debian/po/POTFILES.in1
-rw-r--r--debian/po/ca.po453
-rw-r--r--debian/po/cs.po512
-rw-r--r--debian/po/da.po428
-rw-r--r--debian/po/de.po528
-rw-r--r--debian/po/es.po538
-rw-r--r--debian/po/eu.po448
-rw-r--r--debian/po/fi.po509
-rw-r--r--debian/po/fr.po532
-rw-r--r--debian/po/gl.po502
-rw-r--r--debian/po/it.po447
-rw-r--r--debian/po/ja.po427
-rw-r--r--debian/po/nl.po462
-rw-r--r--debian/po/pt.po537
-rw-r--r--debian/po/pt_BR.po526
-rw-r--r--debian/po/ru.po519
-rw-r--r--debian/po/sk.po443
-rw-r--r--debian/po/sv.po537
-rw-r--r--debian/po/templates.pot363
-rw-r--r--debian/po/tr.po448
-rw-r--r--debian/po/vi.po446
-rwxr-xr-xdebian/rules226
-rw-r--r--debian/schema/README15
-rw-r--r--debian/schema/collective.schema65
-rwxr-xr-xdebian/schema/compare-schema26
-rw-r--r--debian/schema/corba.schema61
-rw-r--r--debian/schema/core.ldif603
-rw-r--r--debian/schema/core.schema622
-rw-r--r--debian/schema/cosine.schema404
-rw-r--r--debian/schema/duaconf.schema153
-rw-r--r--debian/schema/inetorgperson.schema113
-rw-r--r--debian/schema/java.schema109
-rw-r--r--debian/schema/pmi.schema476
-rw-r--r--debian/schema/ppolicy.schema167
-rw-r--r--debian/slapd-contrib.examples2
-rw-r--r--debian/slapd-contrib.install8
-rw-r--r--debian/slapd-contrib.lintian-overrides4
-rw-r--r--debian/slapd-contrib.manpages2
-rw-r--r--debian/slapd.NEWS27
-rw-r--r--debian/slapd.README.Debian281
-rw-r--r--debian/slapd.backup62
-rw-r--r--debian/slapd.conf133
-rw-r--r--debian/slapd.config169
-rw-r--r--debian/slapd.default45
-rw-r--r--debian/slapd.dirs4
-rw-r--r--debian/slapd.docs1
-rw-r--r--debian/slapd.examples1
-rw-r--r--debian/slapd.init202
-rw-r--r--debian/slapd.init.ldif101
-rw-r--r--debian/slapd.install59
-rw-r--r--debian/slapd.links2
-rw-r--r--debian/slapd.lintian-overrides3
-rw-r--r--debian/slapd.manpages45
-rw-r--r--debian/slapd.postinst174
-rw-r--r--debian/slapd.postrm38
-rwxr-xr-xdebian/slapd.preinst126
-rwxr-xr-xdebian/slapd.prerm34
-rw-r--r--debian/slapd.scripts-common847
-rw-r--r--debian/slapd.templates185
-rw-r--r--debian/slapi-dev.install2
-rw-r--r--debian/slapo-pw-pbkdf2.5112
-rw-r--r--debian/source.lintian-overrides10
-rw-r--r--debian/source/format1
-rwxr-xr-xdebian/tests/check_upgradepath173
-rwxr-xr-xdebian/tests/create_account24
-rwxr-xr-xdebian/tests/find_unused_functions30
-rwxr-xr-xdebian/tests/hammer_slapd98
-rw-r--r--debian/watch6
145 files changed, 23776 insertions, 0 deletions
diff --git a/debian/DB_CONFIG b/debian/DB_CONFIG
new file mode 100644
index 0000000..302dcfa
--- /dev/null
+++ b/debian/DB_CONFIG
@@ -0,0 +1,78 @@
+# WARNING: Before tuning the following parameters, _PLEASE READ_
+# /usr/share/doc/slapd/README.DB_CONFIG.gz
+
+# Set the database in memory cache size.
+#
+# set_cachesize <gbytes> <bytes> <ncache>
+# Sets the database in memory cache size.
+# Database entries and indexes will be stored in this cache to
+# avoid disk access during database read and write operations.
+# Tuning this value can greatly effect your database performance.
+# The parameters are:
+# <gbytes>: The number of gigabytes of memory to allocate to the cache.
+# <bytes>: The number of bytes of memory to allocate to the cache.
+# <ncache>: The number of cache segments to use. If this value is set to
+# 0 or 1 then Berkeley DB will try to allocate one contiguous section
+# of memory for the cache. If this value is greater than 1, the cache
+# will be split into that number of segments.
+#set_cachesize 0 52428800 0
+
+# For the Debian package we use 2MB as default but be sure to update this
+# value if you have plenty of RAM
+set_cachesize 0 2097152 0
+
+# Sets the database startup flags.
+#
+# set_flags <flag>
+# There are various flag options that may be set. The DB_TXN_NOSYNC flag
+# tells the database not to immediately flush transaction buffers to disk.
+# Setting this flag can help speed up database access during periods of
+# database write activity BUT at expense of data safety. Enable it only
+# to load data with slapadd, while slapd is not running.
+#set_flags DB_TXN_NOSYNC
+
+
+# Set the maximum in memory cache in <bytes> for database file name caching.
+#
+# set_lg_regionmax <bytes>
+# This value should be increased as the number of database files increases
+# (tables and indexes).
+#set_lg_regionmax 1048576
+
+# Set the maximum size of log files in <bytes>.
+#
+# set_lg_max <bytes>
+# Logs will be rotated when <bytes> amount of data have been written to
+# one log file. This value should be at least four times the size of
+# set_lg_bsize.
+#set_lg_max 10485760
+
+# Set the in memory cache for log information.
+#
+# set_lg_bsize <bytes>
+# When <bytes> amount of logging information have been written to this
+# cache it will be flushed to disk.
+#set_lg_bsize 2097152
+# For the Debian package we use 512kByte which should suffice for typical
+# directory usage (read often, write seldom)
+set_lg_bsize 524288
+
+# Set the log file directory to <directory>.
+#
+# set_lg_dir /usr/local/var/openldap-logs
+# Log files should preferably be on a different disk than the
+# database files. This both improves reliability (for disastrous
+# recovery) and speed of the database.
+#set_lg_dir <directory>
+
+
+# Sven Hartge reported that he had to set this value incredibly high
+# to get slapd running at all. See http://bugs.debian.org/303057
+# for more information.
+
+# Number of objects that can be locked at the same time.
+set_lk_max_objects 5000
+# Number of locks (both requested and granted)
+set_lk_max_locks 5000
+# Number of lockers
+set_lk_max_lockers 5000
diff --git a/debian/README.DB_CONFIG b/debian/README.DB_CONFIG
new file mode 100644
index 0000000..f8ee5f1
--- /dev/null
+++ b/debian/README.DB_CONFIG
@@ -0,0 +1,187 @@
+For good performance using the BDB backend, a good DB_CONFIG file in the
+database directory (usually /var/lib/ldap) is crucial. The following two
+articles should help you to determine a good configuration for your
+requirements. A standard DB_CONFIG is installed but it may not be adequate
+for your system.
+
+The current version of OpenLDAP supports putting DB_CONFIG parameters into
+slapd.conf instead by prefixing those options with dbconfig. See the
+slapd-bdb(5) man page for more information. If there is no DB_CONFIG file
+when slapd starts and there are dbconfig lines in slapd.conf, slapd will
+write out a DB_CONFIG file with those settings before initializing the
+database.
+
+With the current version of OpenLDAP, any changes to DB_CONFIG will take
+effect automatically after restarting slapd. Running db_recover is no
+longer required.
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 29 May 2005 18:08:10 +0200
+ Russ Allbery <rra@debian.org> Fri, 01 Jun 2007 23:57:33 -0700
+
+How do I configure the BDB backend?
+-----------------------------------
+(Taken from http://www.openldap.org/faq/data/cache/893.html, author unknown)
+
+The BDB backend ("back-bdb") uses a lot of special features of Sleepycat's
+Berkeley DB library, and there are a lot of details that must be set correctly
+to get the best results from it. Even though the LDBM backend ("back-ldbm") can
+use the BerkeleyDB library, the BDB and LDBM backends have some very important
+differences, as already noted in (Xref) What are the different backends? What
+are their differences?.
+
+Because back-bdb is transaction-based and uses write-ahead logging to ensure
+data consistency, it has much heavier I/O demands than back-ldbm. Also, the
+transaction log files accumulate as data is written to the directory, and these
+log files must be cleaned out periodically. Otherwise the log files will
+consume enormous amounts of disk space. The cleanup procedures are described in
+(Xref) How to maintain Berkeley DB (logs etc.) ?.
+
+The information needed to fully understand things and to properly configure
+back-bdb is divided among the slapd-bdb(5) manual page and the SleepyCat
+BerkeleyDB documentation (http://www.sleepycat.com/docs/).
+
+You should read the entire slapd-bdb(5) manpage before proceeding. The only
+mandatory keyword is "directory" for setting the location of the database
+files. The other keywords control tradeoffs between data reliability,
+performance, and memory use. To ensure that committed transactions actually get
+flushed to disk, you should use the "checkpoint" keyword, otherwise your data
+is vulnerable to loss due to system failures. See the SleepyCat documentation
+for more information about checkpoints. (In fact, you should read all of
+chapter 9 "Berkeley DB Transactional Data Store Applications" in the SleepyCat
+reference manual. At least, read sections 1-3 and 13-24.)
+
+The "dbnosync" keyword is provided for compatibility with back-ldbm; the
+preferred method of setting this is to use the BDB DB_CONFIG file option
+set_flags DB_TXN_NOSYNC. The "lockdetect" keyword is also deprecated, you
+should instead use the BDB DB_CONFIG file set_lk_detect keyword. (It's safe to
+leave this at the default setting.)
+
+A number of important items must be configured in the BDB DB_CONFIG file and
+not in slapd.conf. You should, at least, read about these items:
+
+set_cachesize
+ The BDB library maintains its own cache separate from the back-bdb entry
+ cache. You must set this cache to a size appropriate for your database and
+ physical memory size. Note that this is a persistent setting - after you
+ set it the first time, further changes will be ignored until you recreate
+ the environment using db_recover.
+set_lg_dir
+ Set the directory for storing transaction logs. For best performance,
+ the transaction logs must be located on a different physical disk from
+ the database files.
+set_lg_bsize
+ Set the buffer size for the transaction log. Larger is better, but it
+ doesn't have much effect unless you're also using the DB_TXN_NOSYNC
+ option. With a default log file size of 10MB I usually set this to 2MB.
+ The default is only 32K, which is too small for back-bdb.
+
+On a very busy system you might see error messages talking about running out of
+locks, lockers, or lock objects. Usually the default values are plenty, and in
+older versions of the BDB library the errors were more likely due to library
+bugs than actual system load. However, it is possible that you have actually
+run out of lock resources due to heavy system usage. If this happens, you
+should read about the set_lk_max_lockers, set_lk_max_locks, and
+set_lk_max_objects keywords.
+
+How do I determine the proper BDB/HDB database cache size?
+----------------------------------------------------------
+(Taken from http://www.openldap.org/faq/data/cache/1075.html, written by
+hyc@openldap.org, Kurt@OpenLDAP.org)
+
+Not having a proper database cache size will cause performance issues. (Note:
+in older versions of Berkeley DB, an improper database case size could also
+cause the server to hang.)
+
+These issues are not an indication of corruption occurring in the database. It
+is merely the fact that the cache is thrashing itself that causes
+performance/response time to slowdown. If you take the time to read and
+understand the Berkeley DB documentation, measure the library performance using
+db_stat, and tune your settings, you will avoid these problems.
+
+It is not absolutely necessary to configure a BerkeleyDB cache equal in size to
+your entire database. All that you need is a cache that's large enough for your
+"working set." That means, large enough to hold all of the most frequently
+accessed data, plus a few less-frequently accessed items.
+
+You should really read the BDB documentation referenced above, but let me spell
+out what that really means here, in detail. The discussion here is focused on
+back-bdb and back-hdb, but most of it also applies to back-ldbm when using
+BerkeleyDB as the underlying database engine.
+
+Start with the most obvious - the back-bdb database lives in two main files,
+dn2id.bdb and id2entry.bdb. These are B-tree databases. We have never
+documented the back-bdb internal layout before, because it didn't seem like
+something anyone should have to worry about, nor was it necessarily cast in
+stone. But here's how it works today, in OpenLDAP 2.1 and 2.2. (All of the
+database files in back-ldbm are B-trees by default.)
+
+A B-tree is a balanced tree; it stores data in its leaf nodes and bookkeeping
+data in its interior nodes. (If you don't know what tree data structures look
+like in general, Google for some references, because that's getting far too
+elementary for the purposes of this discussion.)
+
+For decent performance, you need enough cache memory to contain all the nodes
+along the path from the root of the tree down to the particular data item
+you're accessing. That's enough cache for a single search. For the general
+case, you want enough cache to contain all the internal nodes in the database.
+"db_stat -d" will tell you how many internal pages are present in a database.
+You should check this number for both dn2id and id2entry.
+
+Also note that id2entry always uses 16KB per "page", while dn2id uses whatever
+the underlying filesystem uses, typically 4 or 8KB. To avoid thrashing the
+cache and triggering these infinite hang bugs in BDB 4.1.25, your cache must be
+at least as large as the number of internal pages in both the dn2id and
+id2entry databases, plus some extra space to accomodate the actual leaf data
+pages.
+
+For example, in my OpenLDAP 2.2 test database, I have an input LDIF file that's
+about 360MB. With the back-hdb backend this creates a dn2id.bdb that's 68MB,
+and an id2entry that's 800MB. db_stat tells me that dn2id uses 4KB pages, has
+433 internal pages, and 6378 leaf pages. The id2entry uses 16KB pages, has 52
+internal pages, and 45912 leaf pages. In order to efficiently retrieve any
+single entry in this database, the cache should be at least
+
+(433+1) * 4KB + (52+1) * 16KB in size: 1736KB + 848KB =~ 2.5MB.
+
+This doesn't take into account other library overhead, so this is even lower
+than the barest minimum. The default cache size, when nothing is configured, is
+only 256KB. If you tried to do much of anything with this database and only
+default settings, BDB 4.1.25 would lock up in an infinite loop.
+
+This 2.5MB number also doesn't take indexing into account. Each indexed
+attribute uses another database file of its own, using a Hash structure.
+(Again, in back-ldbm, the indexes also use B-trees by default, so this part of
+the discussion doesn't apply unless back-ldbm was explicitly compiled to use
+Hashes instead. Also, in OpenLDAP 2.2 onward, all of the indexes use B-trees,
+there are no more Hash database files. So just use the B-tree information above
+and ignore this Hash discussion.)
+
+Unlike the B-trees, where you only need to touch one data page to find an entry
+of interest, doing an index lookup generally touches multiple keys, and the
+point of a hash structure is that the keys are evenly distributed across the
+data space. That means there's no convenient compact subset of the database
+that you can keep in the cache to insure quick operation, you can pretty much
+expect references to be scattered across the whole thing. My strategy here
+would be to provide enough cache for at least 50% of all of the hash data.
+(Number of hash buckets + number of overflow pages + number of duplicate pages)
+* page size / 2.
+
+The objectClass index for my example database is 5.9MB and uses 3 hash buckets
+and 656 duplicate pages. So ( 3 + 656 ) * 4KB / 2 =~ 1.3MB.
+
+With only this index enabled, I'd figure at least a 4MB cache for this backend.
+(Of course you're using a single cache shared among all of the database files,
+so the cache pages will most likely get used for something other than what you
+accounted for, but this gives you a fighting chance.)
+
+With this 4MB cache I can slapcat this entire database on my 1.3GHz PIII in 1
+minute, 40 seconds. With the cache doubled to 8MB, it still takes the same
+1:40s. Once you've got enough cache to fit the B-tree internal pages,
+increasing it further won't have any effect until the cache really is large
+enough to hold 100% of the data pages. I don't have enough free RAM to hold all
+the 800MB id2entry data, so 4MB is good enough.
+
+With back-bdb and back-hdb you can use "db_stat -m" to check how well the
+database cache is performing. Unfortunately you can't do this with back-ldbm,
+as the statistics are not accessible when slapd is running, nor are they saved
+anywhere when slapd is stopped. (Yet another reason not to use back-ldbm.)
diff --git a/debian/TODO b/debian/TODO
new file mode 100644
index 0000000..768674c
--- /dev/null
+++ b/debian/TODO
@@ -0,0 +1,32 @@
+openldap2.2 (2.2.23-4) unstable; urgency=low
+
+ * debian/slapd.NEWS: Summarize the upstream changes and make clear that
+ the upgrade may be problemated. Sketch the upgrade procedure.
+ * debian/README.Debian: Explain what to check for if upgrading fails and
+ how to recover.
+ * CARLO: debian/slapd.scripts-common: Handle all UTF-8 supported characters
+ in organization field by converting the locale specific input into
+ utf-8 and base64 encoding the result (closes: #236097).
+ * Maintainer scripts: Handle the configuration to enable ldif dumping
+ correctly: Dump if requested and only slapadd the data if it is
+ supposed to be there.
+ * Check ITS#3267 (possible data loss) and apply the patch to the
+ package.
+ * CARLO: Escape special chars in the names of backup LDIF files using
+ the %xx syntax.
+ * Check lintian warning: Postinst uses db_input. I think the usage is
+ okay as it is an error message IIRC which is also output using cat
+ in case debconf is not available.
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 3 Apr 2005 20:24:52 +0200
+
+openldap2.2 (2.2.23-5) unstable; urgency=low
+
+ * Refactoring of the maintainer scripts. Goals:
+ + No more direct access to global variables but accessor functions
+ to check for invalid uses. Example: Don't use $OLD_VERSION but
+ `get_previous_version`. That way invalid uses can easily be flagged
+ if that information is not available anymore.
+ * Remove perl script to hash a password and use slappasswd instead.
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 3 Apr 2005 20:24:52 +0200
diff --git a/debian/USE-CASES b/debian/USE-CASES
new file mode 100644
index 0000000..e073fae
--- /dev/null
+++ b/debian/USE-CASES
@@ -0,0 +1,7 @@
+Some ideas what to check and what the desired results would be:
+
+- running dpkg-reconfigure with an already configured slapd
+
+ Should either backup the database or ask before killing it.
+ Same for slapd.conf. Neither old configuration or old database
+ should be lost without the user confirming that this is what he wants.
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..6b42763
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,3300 @@
+openldap (2.4.47+dfsg-3+deb10u7) buster-security; urgency=high
+
+ * Fix SQL injection in back-sql (ITS#9815) (CVE-2022-29155)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 14 May 2022 11:35:44 -0700
+
+openldap (2.4.47+dfsg-3+deb10u6) buster-security; urgency=high
+
+ * Fix slapd assertion failure in Certificate List Exact Assertion validation
+ (ITS#9454) (CVE-2021-27212)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 14 Feb 2021 10:32:34 -0800
+
+openldap (2.4.47+dfsg-3+deb10u5) buster-security; urgency=high
+
+ * Fix slapd crashes in Certificate Exact Assertion processing
+ (ITS#9404, ITS#9424) (CVE-2020-36221)
+ * Fix slapd assertion failures in saslAuthzTo validation
+ (ITS#9406, ITS#9407) (CVE-2020-36222)
+ * Fix slapd crash in Values Return Filter control handling
+ (ITS#9408) (CVE-2020-36223)
+ * Fix slapd crashes in saslAuthzTo processing (ITS#9409, ITS#9412, ITS#9413)
+ (CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
+ * Fix slapd assertion failure in X.509 DN parsing
+ (ITS#9423) (CVE-2020-36230)
+ * Fix slapd crash in X.509 DN parsing (ITS#9425) (CVE-2020-36229)
+ * Fix slapd crash in Certificate List Exact Assertion processing
+ (ITS#9427) (CVE-2020-36228)
+ * Fix slapd infinite loop with Cancel operation (ITS#9428) (CVE-2020-36227)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 21 Jan 2021 19:54:40 -0800
+
+openldap (2.4.47+dfsg-3+deb10u4) buster-security; urgency=high
+
+ * Fix slapd abort due to assertion failure in Certificate List syntax
+ validation (ITS#9383) (CVE-2020-25709)
+ * Fix slapd abort due to assertion failure in CSN normalization with invalid
+ input (ITS#9384) (CVE-2020-25710)
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Nov 2020 17:23:45 -0800
+
+openldap (2.4.47+dfsg-3+deb10u3) buster-security; urgency=high
+
+ * Fix slapd normalization handling with modrdn
+ (ITS#9370) (CVE-2020-25692)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 29 Oct 2020 18:36:26 -0700
+
+openldap (2.4.47+dfsg-3+deb10u2) buster-security; urgency=high
+
+ * Fix slapd to limit depth of nested expressions in search filters
+ (ITS#9202) (CVE-2020-12243)
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 20 Apr 2020 11:19:54 -0700
+
+openldap (2.4.47+dfsg-3+deb10u1) buster; urgency=medium
+
+ * Fix slapd to restrict rootDN proxyauthz to its own databases
+ (CVE-2019-13057) (ITS#9038) (Closes: #932997)
+ * Fix slapd to enforce sasl_ssf ACL statement on every connection
+ (CVE-2019-13565) (ITS#9052) (Closes: #932998)
+ * Fix slapo-rwm to not free original filter when rewritten filter is invalid
+ (ITS#8964) (Closes: #934277, LP: #1838370)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 10 Aug 2019 11:58:18 -0700
+
+openldap (2.4.47+dfsg-3) unstable; urgency=medium
+
+ * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
+ individually in the relevant command lines instead of overriding OPT. The
+ change to use OPT caused FTBFS on some ports arches where PIE enablement
+ uses spec files, by mixing compile-time and link-time flags.
+ (Closes: #919136)
+ * Fix architecture-specific path in smbk5pwd's binary-or-shlib-defines-rpath
+ Lintian override.
+ * Skip exporting cn=config to LDIF in preinst for upgrades where nothing
+ needs to be checked in it.
+ * Update Standards-Version to 4.3.0.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
+
+openldap (2.4.47+dfsg-2) unstable; urgency=medium
+
+ * Reintroduce slapi-dev binary package. (Closes: #711469)
+ Thanks to Florian Schlichting.
+ * Do not call gnutls_global_set_mutex(). (Closes: #803197)
+ * Use dh_auto_* to build and install contrib modules.
+ - Stop patching the clean rule in smbk5pwd's Makefile.
+ * Explicitly list overlays and man pages installed by slapd package in
+ slapd.install and slapd.manpages files.
+ * Set common variables for contrib Makefiles by make(1) command line instead
+ of patching every Makefile.
+ * Build and install more contrib plugins in a new slapd-contrib package:
+ - pw-apr1 and pw-netscape (Closes: #592362)
+ - pw-pbkdf2 (Closes: #794999)
+ * Import the slapo-pw-pbkdf2 man page from upstream git master and install
+ it with the slapd-contrib package.
+ * Add smbk5pwd to slapd-contrib and turn slapd-smbk5pwd into a transitional
+ package. Drop smbk5pwd README since it now has a man page which is a
+ better resource for users.
+ - Use Breaks to ensure that slapd is not upgraded in between removing the
+ old smbk5pwd module and installing the new one.
+ * Include the apr1-atol.pl and apr1-lota.pl helper scripts in the
+ slapd-contrib package as examples.
+ * Merge remaining contrib Makefile patches into a single contrib-makefiles
+ patch.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 12 Jan 2019 11:18:03 -0800
+
+openldap (2.4.47+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - reverted GnuTLS handshake change in libldap as it regressed slapd
+ (Reopens: #861838)
+ * Update Standards-Version to 4.2.1.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
+
+openldap (2.4.46+dfsg-5) unstable; urgency=medium
+
+ * Restore slapd-smbk5pwd now that libldap is installable in unstable.
+ This reverts the changes from -3 and -4.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 16:12:27 -0700
+
+openldap (2.4.46+dfsg-4) unstable; urgency=medium
+
+ * Disable building the smbk5pwd plugin temporarily.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 08:06:58 -0700
+
+openldap (2.4.46+dfsg-3) unstable; urgency=medium
+
+ * Build without heimdal temporarily to resolve BD-Uninstallable loop.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
+
+openldap (2.4.46+dfsg-2) unstable; urgency=medium
+
+ * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 14:16:49 -0700
+
+openldap (2.4.46+dfsg-1) unstable; urgency=medium
+
+ * Move the repository to Salsa.
+ Update debian/control Vcs-* fields.
+ * Remove Matthijs Möhlmann from Uploaders. (Closes: #891308)
+ Thank you Matthijs for your past contributions.
+ * New upstream release.
+ - fixed slapd out-of-sync issue with delta-MMR and memberof overlay
+ (ITS#8444) (Closes: #877166)
+ * Rebase patch no-AM_INIT_AUTOMAKE to apply cleanly.
+ * Drop patch ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN, applied
+ upstream.
+ * Really fix upgrades when the config contains backslash-escaped special
+ characters. The previous fix was incomplete and didn't fully fix upgrades
+ involving a database reload. (Closes: #864719)
+ * Update Standards-Version to 4.1.4.
+ - Change the Priority of libldap-2.4-2 and libldap-common to optional.
+ * Change download URL in debian/watch to https. Fixes a Lintian info.
+ * Override the binary-or-shlib-defines-rpath Lintian tag for slapd-smbk5pwd.
+ The rpath is set by krb5-config.heimdal; see bug #868840.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
+
+openldap (2.4.45+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - fixed a use-after-free in GnuTLS options handling
+ (ITS#8385) (Closes: #820244) (LP: #1557248)
+ - fixed unsafe concurrent SASL calls causing memory corruption
+ (ITS#8648) (Closes: #860947) (LP: #1688575)
+ - fixed syncrepl infinite looping with multi-master delta-syncrepl
+ (ITS#8432) (Closes: #868753)
+ * Rebase patches to apply cleanly:
+ - do-not-second-guess-sonames
+ - no-AM_INIT_AUTOMAKE
+ * Drop patches applied upstream:
+ - ITS-8554-kFreeBSD-is-like-BSD.patch
+ - ITS-8644-wait-for-slapd-to-start-in-test064.patch
+ - ITS-8655-paged-results-double-free.patch
+ * Upgrade to debhelper compat level 10.
+ - Depend on debhelper 10.
+ - Stop enabling parallel and autoreconf explicitly. They are now enabled
+ by default.
+ - Drop dh-autoreconf from build-depends since debhelper requires it.
+ * Add -Wno-format-extra-args to CFLAGS to reduce the noise in the build
+ logs, as this warning is emitted on each use of the Debug() macro.
+ * Drop libldap-2.4-4-dbg and slapd-dbg binary packages in favour of
+ automatic dbgsym packages.
+ * Update Standards-Version to 4.0.0; no changes required.
+ * Drop Priority and Section from binary package stanzas when they only
+ duplicate information from the source stanza.
+ * Update Priority of slapd-smbk5pwd and libldap2-dev to optional to match
+ the archive.
+ * Remove retired developer, Roland Bauerschmidt, from Uploaders.
+ (Closes: #856422)
+ * Remove Timo Aaltonen from Uploaders, with his agreement.
+ * debian/patches/ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN.patch:
+ If gnutls_handshake() returns EAGAIN, call it again. Fixes TLS handshake
+ failures when the ServerHello message exceeds 16K.
+ (ITS#8650) (Closes: #861838)
+ * Drop time from Build-Depends. The upstream testsuite no longer calls it.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
+
+openldap (2.4.44+dfsg-8) unstable; urgency=medium
+
+ * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
+ the underlying kernel bug #866122 is fixed.
+ * Fix FTBFS with Heimdal 7.2.0: Drop patch heimdal-fix as the
+ hdb_generate_key_set_password change was reverted in heimdal. Depend on an
+ appropriate minimum version of heimdal.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
+
+openldap (2.4.44+dfsg-7) unstable; urgency=medium
+
+ * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
+ later versions. (Closes: #860774)
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
+
+openldap (2.4.44+dfsg-6) unstable; urgency=medium
+
+ * Update the list of non-translatable strings for the
+ slapd/ppolicy_schema_needs_update template. Thanks Ferenc Wágner.
+ * Fix upgrade failure when olcSuffix contains a backslash. (Closes: #864719)
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
+
+openldap (2.4.44+dfsg-5) unstable; urgency=medium
+
+ * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
+ intermittently failing test by waiting for slapd to start before running
+ tests. (ITS#8644) (Closes: #770890)
+ * debian/patches/ITS-8655-paged-results-double-free.patch: Fix a double free
+ in the MDB backend on a search including the Paged Results control with a
+ page size of 0. (ITS#8655) (CVE-2017-9287) (Closes: #863563)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
+
+openldap (2.4.44+dfsg-4) unstable; urgency=medium
+
+ * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
+ Justin B Rye for the review.
+ * Update Catalan debconf translation. (Closes: #851905)
+ Thanks to Innocent De Marchi.
+ * Update Czech debconf translation. (Closes: #852190)
+ Thanks to Miroslav Kure.
+ * Update Danish debconf translation. (Closes: #850859)
+ Thanks to Joe Dalton.
+ * Update German debconf translation. (Closes: #851480)
+ Thanks to Helge Kreutzmann.
+ * Update Basque debconf translation. (Closes: #850812)
+ Thanks to Iñaki Larrañaga Murgoitio.
+ * Update French debconf translation. (Closes: #852459)
+ Thanks to Jean-Pierre Giraud.
+ * Update Italian debconf translation. (Closes: #852074)
+ Thanks to Luca Monducci.
+ * Update Japanese debconf translation. (Closes: #851457)
+ Thanks to Kenshi Muto.
+ * Update Dutch debconf translation. (Closes: #852405)
+ Thanks to Frans Spiesschaert.
+ * Update Brazilian Portuguese debconf translation. (Closes: #852443)
+ Thanks to Adriano Rafael Gomes.
+ * Update Russian debconf translation. (Closes: #850833)
+ Thanks to Yuri Kozlov.
+ * Update Slovak debconf translation. (Closes: #850796)
+ Thanks to Ivan Masár.
+ * Update Swedish debconf translation. (Closes: #851168)
+ Thanks to Martin Bagge.
+ * Update Turkish debconf translation. (Closes: #851470)
+ Thanks to Atila KOÇ.
+ * Update Vietnamese debconf translation.
+ Thanks to Trần Ngá»c Quân.
+ * Update Build-Depends on debhelper to ensure shlibs files are installed at
+ the expected time during build. (Closes: #854158)
+ * Update Portuguese debconf translation. (Closes: #859943)
+ Thanks to Rui Branco and DebianPT.
+ * Dump the configuration and databases to LDIF before removing slapd, so
+ that they are available if a newer version requiring migration is
+ installed later. (Closes: #665199)
+ * When creating a new configuration with dpkg-reconfigure, back up the old
+ configuration before overwriting it.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
+
+openldap (2.4.44+dfsg-3) unstable; urgency=medium
+
+ * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
+ * Restore heimdal support to the smbk5pwd overlay.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 01 Jan 2017 19:47:36 -0800
+
+openldap (2.4.44+dfsg-2) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * Update Standards-Version to 3.9.8; no changes required.
+ * Enable dh_makeshlibs for libldap-2.4-2. Remove libldap-2.4-2.postinst, now
+ replaced by the automatic ldconfig trigger.
+ * Don't execute slapd's override_dh_install when building only
+ arch-independent packages. (Closes: #845506)
+ * Override lintian false positives on slapd.README.Debian,
+ slapd-smbk5pwd.postinst, and slapd-smbk5pwd triggering ldconfig.
+ * Perform permissions changes in override_dh_fixperms instead of in
+ override_dh_install.
+ * Remove manual chmod of schema files since dh_fixperms sets correct
+ permissions automatically.
+ * Fix slapd-smbk5pwd failing to upgrade when there are no instances of the
+ overlay configured.
+
+ [ Helmut Grohne ]
+ * Fix FTCBFS: Pass CC to make explicitly. (Closes: #839251)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 01 Dec 2016 19:40:20 -0800
+
+openldap (2.4.44+dfsg-1) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * New upstream release.
+ - Fixed ppolicy not unlocking policy entry after initialization failure
+ (ITS#7537) (Closes: #702414)
+ * Drop ITS8240-remove-obsolete-assert.patch, included upstream.
+ * Update debian/schema/ppolicy.schema to add the pwdMaxRecordedFailure
+ attribute.
+ * Update libldap-2.4-2.symbols with new ldap_build_*_req symbols.
+ * Mark the build target in debian/rules as phony, since the upstream source
+ includes a build/ directory.
+ * Correct the list of files to be cleaned for the pw-sha2 contrib module.
+ * Fix a typo (slpad -> slapd) in the Catalan debconf translation.
+ * Disable OpenSLP support and remove libslp-dev from Build-Depends.
+ (Closes: #815364)
+ * Ensure /var/run/slapd exists when starting slapd, even if the pid file is
+ somewhere else. Thanks to Dave Beach for the report. (Closes: #815571)
+ * Create the pidfile directory when starting slapd, but not when running the
+ init script in other modes.
+ * Remove support for enabling the obsolete LDAPv2 protocol via debconf.
+ * debian/copyright: Update the OpenLDAP copyright and license.
+ * debian/control: Update VCS URIs to the modern canonical form.
+ * Override Lintian errors about schema files derived from RFC documents.
+ Copyrightable content has been removed from these files; however, the
+ copyright notices have been retained to preserve attribution.
+ * On upgrade, if the cn=config database contains the ppolicy schema, add the
+ new pwdMaxRecordedFailure attribute to it.
+ * Add debian/patches/set-maintainer-name to omit the builder's username and
+ working directory from version strings and thereby make the build
+ reproducible. Thanks to Daniel Shahaf for the patch. (Closes: #833179)
+ * Build smbk5pwd without Kerberos support and drop the build-dependency on
+ heimdal. (Closes: #836885)
+ * On upgrade, comment the krb5 setting on any instances of the smbk5pwd
+ overlay in slapd.conf. Require cn=config users to disable krb5 manually
+ before upgrading.
+
+ [ Helmut Grohne ]
+ * Fix policy 8.2 violation (Closes: #330695)
+ + Move /etc/ldap/ldap.conf and manpage to new package libldap-common.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
+
+openldap (2.4.42+dfsg-2) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as
+ recommended by lintian.
+ * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile.
+ This allows the dependency loop with heimdal to be broken for
+ bootstrapping, and the dependency on libperl-dev to be avoided for
+ cross-building. Thanks Daniel Schepler and Helmut Grohne.
+ (Closes: #724518)
+ * Apply wrap-and-sort to the Build-Depends field.
+ * Drop libncurses5-dev from Build-Depends, no longer needed since the ud
+ tool was removed in OpenLDAP 2.1.4.
+ * Drop libltdl3-dev as an alternate Build-Depends, since that package was
+ removed after lenny.
+ * Annotate Build-Depends on perl with :any to allow running the system perl
+ interpreter during cross builds.
+ * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne.
+ * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for
+ restriction formula support.
+ * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is
+ actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a
+ false positive; see #687022.
+ * Include the smbk5pwd man page in the slapd-smbk5pwd package.
+ * Allow anonymous read access to the shadowLastChange attribute by default,
+ allowing nss-ldap/nss-ldapd to handle password expiry correctly even when
+ bound anonymously. This was the only restricted shadow attribute, the
+ others were already world-readable. (Closes: #669235)
+ * Drop the redundant default ACL for dn.base="" from the database entry.
+ It's already covered by the fallback case below.
+ * Copy more comments from the slapd.conf template to slapd.init.ldif. Also
+ comment the shadowLastChange access rule.
+ * Import upstream patch to remove an unnecessary assert(0) that could be
+ triggered remotely by an unauthenticated user by sending a malformed BER
+ element. (ITS#8240) (CVE-2015-6908) (Closes: #798622)
+
+ [ Peter Marschall ]
+ * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
+ install the new manual page. (Closes: #794998)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 10 Sep 2015 20:13:17 -0700
+
+openldap (2.4.42+dfsg-1) unstable; urgency=medium
+
+ [ Peter Marschall ]
+ * slapd.scripts-common:
+ - Use update_permissions instead of direct calls to chown and chgrp.
+ - Make variables only used within a function local to that function.
+ - Restore databases ordered by increasing suffix path length.
+ This should help configurations with databases glued together using the
+ 'subordinate' keyword / 'olcSubordinate' attribute in slapd's
+ configuration.
+ (Closes: #794996)
+ * Install slapo-lastbind.5 man page. (Closes: #794997)
+
+ [ Ryan Tandy ]
+ * slapd.scripts-common: Delete an outdated comment.
+ * New upstream release.
+ * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library
+ provides all the required interfaces, and the test suite now passes.
+ Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have
+ not yet been implemented.
+ * Disable the BDB/HDB backends on the Hurd. BDB requires record locks
+ (F_SETLK), which have not yet been implemented; see #693971.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
+
+openldap (2.4.41+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Update patches for upstream changes, drop patches included upstream.
+ * debian/rules: Adjust get-orig-source target to add +dfsg to version.
+ * Convert to source format 3.0 (quilt).
+ * debian/slapd.scripts-common: Fix nesting of fold markers.
+
+ -- Ryan Tandy <ryan@nardis.ca> Wed, 08 Jul 2015 21:07:24 -0700
+
+openldap (2.4.40+dfsg-2) unstable; urgency=medium
+
+ * Actually install libldap-2.4-2.symbols.
+ * Update Standards-Version to 3.9.6.
+ * Build-Depend on debhelper (>= 9) to fix a Lintian warning.
+ * Import upstream patch to fix FTBFS with gcc-5. (Addresses #778045)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
+
+openldap (2.4.40+dfsg-1) unstable; urgency=medium
+
+ * Remove inetorgperson.schema from the upstream source. Replace it with a
+ copy stripped of RFC text. (Closes: #780283)
+ * Adjust debian/watch for +dfsg versioning.
+ * debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream
+ patch to fix scope=onelevel searches wrongly including the search base in
+ results under the MDB backend. (ITS#7975) (Closes: #782212)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 09 Apr 2015 08:38:38 -0700
+
+openldap (2.4.40-4) unstable; urgency=medium
+
+ * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
+ patch to fix a crash when a search includes the Deref control with an
+ empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
+ * debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
+ patch to fix a double free triggered by certain search queries using the
+ Matched Values control. (ITS#8046) (CVE-2015-1546, Closes: #776991)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 08 Feb 2015 20:19:11 +0000
+
+openldap (2.4.40-3) unstable; urgency=medium
+
+ * Remove trailing spaces from slapd.templates.
+ * Update Vietnamese debconf translation.
+ Thanks to Trần Ngá»c Quân.
+ * Update Danish debconf translation.
+ Thanks to Joe Hansen. (Closes: #766848)
+ * Update Japanese debconf translation.
+ Thanks to Kenshi Muto. (Closes: #766824)
+ * Update Russian debconf translation.
+ Thanks to Yuri Kozlov. (Closes: #766825)
+ * Update Basque translation.
+ Thanks to Iñaki Larrañaga Murgoitio. (Closes: #767070)
+ * Update French debconf translation.
+ Thanks to Christian Perrier. (Closes: #767634)
+ * Update German debconf translation.
+ Thanks to Helge Kreutzmann. (Closes: #767686)
+ * Update Portuguese debconf translation.
+ Thanks to Ricardo Silva. (Closes: #768085)
+ * Update Italian debconf translation.
+ Thanks to Luca Monducci. (Closes: #768195)
+ * Update Turkish debconf translation.
+ Thanks to Atila KOÇ. (Closes: #768409)
+ * Update Czech debconf translation.
+ Thanks to Miroslav Kure. (Closes: #768591)
+ * Update Catalan debconf translation.
+ Thanks to Innocent De Marchi. (Closes: #768605)
+ * Update Dutch debconf translation.
+ Thanks to Frans Spiesschaert. (Closes: #769024)
+ * Update Brazilian Portuguese debconf translation.
+ Thanks to Adriano Rafael Gomes. (Closes: #769717)
+ * Update Galician debconf translation.
+ Thanks to Jorge Barreiro.
+ * Update Swedish debconf translation.
+ Thanks to Martin Bagge / brother. (Closes: #769867)
+ * Update Spanish debconf translation.
+ Thanks to Camaleón. (Closes: #770715)
+ * Fix doubled spaces in po files, caused by trailing spaces in the templates
+ file.
+ * Run debconf-updatepo to refresh PO files.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Nov 2014 10:33:10 -0800
+
+openldap (2.4.40-2) unstable; urgency=medium
+
+ * Fix typo (chmod/chgrp) in previous changelog, spotted by Ferenc Wagner.
+ * debian/patches/contrib-modules-use-dpkg-buildflags: Also use CPPFLAGS from
+ dpkg-buildflags. Spotted by Lintian.
+ * debian/slapd.init.ldif: Don't bother explicitly granting rights to the
+ rootdn, since it already has unlimited privileges. Thanks Ferenc Wagner.
+ * Recommend MDB for new installations, per upstream's recommendation.
+ * Don't re-create the default DB_CONFIG if there wasn't one in the backup,
+ for example if the active backend doesn't use it. Thanks Ferenc Wagner.
+ * On upgrade, if an access rule begins with "to * by self write", show a
+ debconf note warning that it should be changed. (Closes: #761406)
+ * Build and install the lastbind contrib module. (Closes: #701111)
+ * Build and install the passwd/sha2 contrib module. (Closes: #746727)
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 20 Oct 2014 22:19:24 -0700
+
+openldap (2.4.40-1) unstable; urgency=low
+
+ [ Ryan Tandy ]
+ * New upstream release.
+ - fixed ldap_get_dn(3) ldap_ava definition (ITS#7860) (Closes: #465024)
+ - fixed slapcat with external schema (ITS#7895) (Closes: #599235)
+ - fixed double free with invalid ciphersuite (ITS#7500) (Closes: #640384)
+ - fixed modrdn crash on naming attr with no matching rule (ITS#7850)
+ (Closes: #666515)
+ - fixed slapacl causing unclean database (ITS#7827) (Closes: #741248)
+ * slapd.scripts-common:
+ - Anchor grep patterns to avoid matching commented lines in ldif files
+ under cn=config. (Closes: #723957)
+ - Don't silently ignore nonexistent directories that should be dumped.
+ - Invoke find, chown, and chgrp with -H in case /var/lib/ldap is a
+ symlink. (Closes: #742862)
+ - When upgrading a database, ignore extra nested directories as they might
+ contain other databases. Patch from Kenny Millington. (LP: #1003854)
+ - Fix dumping and reloading when multiple databases hold the same suffix,
+ thanks Peder Stray. (Closes: #759596, LP: #1362481)
+ - Remove trailing dot from slapd/domain. (Closes: #637996)
+ * debian/rules:
+ - Enable parallel building.
+ - Copy libldap-2.4-2.shlibs into place manually, as a workaround for
+ #676168. (Closes: #742841)
+ * debian/slapd.README.Debian: Add a note about database format upgrades and
+ the consequences of missing one. (Closes: #594711)
+ * Build with GnuTLS 3 (Closes: #745231, #760559).
+ * Drop debian/patches/fix-ftbfs-binutils-gold, no longer needed.
+ * Drop debconf-utils from Build-Depends, no longer used (replaced by
+ po-debconf). Thanks Johannes Schauer.
+ * Acknowledge NMU fixing #729367, thanks to Michael Gilbert.
+ * Offer the MDB backend as a choice during initial configuration. (Closes:
+ #750022)
+ * debian/slapd.init.ldif:
+ - Disallow modifying one's own entry by default, except specific
+ attributes. (Closes: #761406)
+ - Index some more common search attributes by default. (Closes: #762111)
+ * Introduce a symbols file for libldap-2.4-2.
+ * debian/schema/pmi.schema: Add a copyright clarification. There does not
+ appear to be any copyrighted text in this file, only ASN.1 assignments and
+ LDAP schema definitions. Fixes a Lintian error on the original.
+ * debian/schema/duaconf.schema: Strip Internet-Draft text from
+ duaconf.schema.
+ * Drop debian/patches/CVE-2013-4449.patch, applied upstream.
+ * Update debian/patches/no-AM_INIT_AUTOMAKE with upstream changes.
+ * debian/schema/ppolicy.schema: Update with ordering rules added in
+ draft-behera-ldap-password-policy-11.
+ * Suggest GSSAPI SASL modules. (Closes: #762424)
+ * debian/patches/ITS6035-olcauthzregex-needs-restart.patch: Document in
+ slapd-config.5 the fact that changes to olcAuthzRegexp only take effect
+ after the server is restarted. (Closes: #761407)
+ * Add myself to Uploaders.
+
+ [ Jelmer Vernooij ]
+ * Depend on heimdal-multidev rather than heimdal-dev. (Closes: #745356,
+ #706123)
+
+ [ Updated debconf translations ]
+ * Turkish, thanks to Atila KOÇ <akoc@artielektronik.com.tr>.
+ (Closes: #661641)
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 17 Oct 2014 08:19:28 -0700
+
+openldap (2.4.39-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2013-4449: reference counting logic issue (closes: #729367).
+
+ -- Michael Gilbert <mgilbert@debian.org> Sat, 09 Aug 2014 09:26:51 +0000
+
+openldap (2.4.39-1) unstable; urgency=low
+
+ [ Peter Marschall ]
+ * debian/patches/wrong-database-location: fix database location in
+ doc/man/man5/slapd-mdb.5
+ * debian/configure.options: add info on --enable-mdb
+
+ [ Russ Allbery ]
+ * Remove myself from Uploaders.
+
+ [ Steve Langasek ]
+ * Remove Stephen Frost from Uploaders, per discussion with him. Thanks for
+ your contributions, Stephen!
+ * Adjust dh_autoreconf usage to update all config.sub/config.guess
+ instances in the source, so that we can be forwards-compatible with new
+ ports. Thanks to Colin Watson <cjwatson@ubuntu.com> for the patch.
+ Closes: #725824.
+ * Add Timo to Uploaders.
+ * Update Vcs-* fields to point at the new git repo; thanks to Timo for
+ driving this migration!
+ * Rebuild against db5.3, with a corresponding dump/restore of the database
+ on upgrade. Closes: #738641.
+
+ [ Timo Aaltonen ]
+ * contrib-modules-use-dpkg-buildflags, autogroup-makefile,
+ smbk5pwd-makefile:
+ - Updated for current upstream.
+ * Refresh patches to apply cleanly.
+ * rules: Use dpkg-parsechangelog to determine the upstream version for
+ get-orig-source.
+ * source: Add lintian overrides for non-transatable internal
+ templates.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
+
+openldap (2.4.31-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes a denial of service attack, CVE-2012-1164, when using the rwm
+ overlay. Closes: #663644.
+ - Fixes a bug with ldap_result always returning -1 when called from
+ sssd. Closes: #666230.
+ - Fix a build failure on armel due to unaligned memory access.
+ Closes: #677158.
+ * Incorporate NMU (thanks, Julien Cristau, Mattias Ellert):
+ - Disable the mdb backend on non-Linux, it looks like it doesn't work
+ with linuxthreads (closes: #654824).
+ - Backport fix for shell backend configuration. Closes: #662940.
+
+ [ Peter Marschall ]
+ * debian/slapd.scripts-common: avoid grep warnings
+ * debian/patches/heimdal-fix: fix arguments of
+ hdb_generate_key_set_password(). Closes: #664930
+
+ [ Steve Langasek ]
+ * debian/patches/contrib-modules-use-dpkg-buildflags: pass CFLAGS to
+ contrib builds. Thanks to Simon Ruderich <simon@ruderich.org>.
+ Closes: #663724.
+
+ -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
+
+openldap (2.4.28-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes CVE-2011-4079. Closes: #647610.
+ - Fixes support for proxy authorization with SASL-GSSAPI.
+ Closes: #608815.
+ - Drop patch service-operational-before-detach, which came from upstream.
+ - Drop patch fix-its6898-locking-issue, included upstream.
+ - Refresh other patches as needed.
+ * debian/slapd.scripts-common: quote the argument to slappasswd, to cope
+ with shell characters in the string. Thanks to Nicolai Ehemann
+ <en@englightened.de> for the patch. Closes: #635931.
+ * Install ldif.h in libldap2-dev, now that it's been blessed upstream.
+ Closes: #644985.
+ * debian/patches/no-bdb-ABI-second-guessing: don't force an exact match on
+ the upstream version of libdb; this is redundant with our packaging
+ system, and causes spurious errors when there's a non-ABI-breaking
+ BDB upstream release. Closes: #651333.
+ * Build-conflict with the ancient autoconf2.13, which is incompatible with
+ dh-autoreconf. (Maybe dh-autoreconf itself should conflict with it?)
+ Closes: #651598.
+
+ [ Updated debconf translations ]
+ * Dutch, thanks to Jeroen Schot <schot@A-Eskwadraat.nl>. Closes: #651400.
+
+ -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
+
+openldap (2.4.25-4) unstable; urgency=low
+
+ * Drop explicit depends on libdb4.8, since we're now linking against
+ libdb5.1. Thanks to Peter Marschall for catching. Closes: #621403
+ again.
+ * Rebuild against cyrus-sasl2 2.1.25. Closes: #628237.
+ * Use dh_autoreconf instead of a locally-patched autogen.sh.
+ * debian/patches/no-AM_INIT_AUTOMAKE: don't use AM_INIT_AUTOMAKE macro
+ when we aren't using automake.
+ * Convert debian/rules to dh(1).
+ * use DEB_CFLAGS_MAINT_APPEND with appropriate versioned dependency on
+ debhelper and dpkg-dev, so we can pick up dpkg-buildflags for our
+ policy-mandated flags - as well as our security-enhancing ones!
+ Closes: #644427.
+ * Also set hardening=+pie,+bindnow buildflags options for maximum
+ security, since this is a security-sensitive daemon dealing with
+ untrusted input. Ubuntu has been building with these flags for a
+ while via hardening-wrappers, so the change is presumed safe.
+ * Drop debian/check_config. The upstream configure script now enforces
+ --with-cyrus-sasl, so there's no need for a second check.
+ * debian/po/es.po: tweak an ambiguous string in the Spanish debconf
+ translation, noticed in response to a submitted Catalan translation
+ * debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff:
+ Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
+ Thanks to Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de> for the
+ patch. Closes: #327585.
+
+ [ Updated debconf translations ]
+ * Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com>.
+ Closes: #644274.
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
+
+openldap (2.4.25-3) unstable; urgency=low
+
+ * Brown paper bag: really fix the .links.in handling, so we don't generate
+ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 15 Aug 2011 09:50:37 +0000
+
+openldap (2.4.25-2) unstable; urgency=low
+
+ [ Matthijs Möhlmann ]
+ * Change to bdb 5.1 (Closes: #621403)
+ * Add note to ldap-utils package how to unfold lines. (Closes: #530519)
+ (Thanks to Peter Marschall and Javier Barroso)
+
+ [ Steve Langasek ]
+ * Acknowledge NMU for bug #596343; thanks to Thijs Kinkhorst for the fix!
+ * Bump to compat level 7, so we don't have to spell out debian/tmp in
+ every single .install file
+ * Build for multiarch.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
+
+openldap (2.4.25-1.1) unstable; urgency=low
+
+ * Non-maintainer upload to fix RC bug.
+ * Fix "dpkg-reconfigure slapd". Closes: #596343
+
+ -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
+
+openldap (2.4.25-1) unstable; urgency=low
+
+ * New upstream version (Closes: #617606, #618904, #606815, #608813)
+ - Fixes CVE-2011-1024, CVE-2011-1025, CVE-2011-1081
+ - slapd server process frequently hangs during everyday usage is fixed in
+ newer versions of openldap according to the bug submitter
+ * Refresh all patches
+ * Remove manpage-tlscyphersuite-additions, applied upstream
+ * Remove issue-6534-patch, applied upstream
+ * Add Slovak translation, thanks Slavko <linux@slavino.sk> (Closes: #608699)
+ * Add debian specific patch for ldap.conf. Add TLS_CACERT option and set it
+ by default to /etc/ssl/certs/ca-certificates.crt (Closes: #555409, #616703)
+ * Add patch to fix a FTBFS with binutils-gold (Closes: #555867)
+ * Add slapschema, just hardlink it (Closes: #601569)
+ * Update patch service-operational-before-detach (Closes: #616164, #598361)
+ * Add ldif_* symbols to libldap-2.4-2
+ * Add upstream patch for a locking issue in libldap_r
+ * Fix build failure, use @SHELL@ instead of hardcoded /bin/sh (build/top.mk)
+ (Closes: #621925)
+
+ -- Matthijs Möhlmann <matthijs@cacholong.nl> Mon, 11 Apr 2011 22:10:14 +0200
+
+openldap (2.4.23-7) unstable; urgency=low
+
+ * Updated vietnamese translation, thanks Clytie Siddall
+ (Closes: #601537, #598575)
+ * Updated portuguese translation, thanks Traduz (Closes: #599760)
+ * Updated danish translation, thanks Joe Dalton (Closes: #599835)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
+
+openldap (2.4.23-6) unstable; urgency=high
+
+ * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 23 Sep 2010 10:17:50 +0200
+
+openldap (2.4.23-5) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * High-urgency upload for RC bugfix.
+ * debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
+ get_suffix(), which causes us to incorrectly parse any slapd.conf that
+ uses tabs instead of spaces. Closes: #595672.
+ * debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
+ set in /etc/default/slapd, we should always set a default value, giving
+ precedence to slapd.d and falling back to slapd.conf. Users who don't
+ want to use an existing slapd.d should point at slapd.conf explicitly.
+ Closes: #594714, #596343.
+ * debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
+ absence of a slapd configuration; we should still exit 0 so that the
+ package can be removed gracefully. Closes: #596100.
+ * drop build-conflicts with libssl-dev; we explicitly pass
+ --with-tls=gnutls to configure, so there's no risk of a misbuild here.
+ * debian/slapd.default: now that we have a sensible default behavior in
+ both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
+ save pain later.
+ * debian/slapd.scripts-common: ... and do the same in
+ migrate_to_slapd_d_style, we just need to comment out the user's
+ previous entry instead of blowing it away.
+ * debian/slapd.scripts-common: call get_suffix in a way that lets us
+ separate responses by newlines, to properly handle the case when a
+ DN has embedded spaces. Introduces a few more stupid fd tricks to work
+ around possible problems with debconf. Closes: #595466.
+ * debian/slapd.scripts-common: when parsing the names of includes, handle
+ double-quotes and escape characters as described in slapd.conf(5).
+ Closes: #595784.
+ * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
+ versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
+ otherwise is blocked by our added olcAccess settings. Closes: #596326.
+ * debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
+ too.
+ * Likewise, grant access to dn.exact="" so that base dn autodiscovery
+ works as intended. Closes: #596049.
+ * debian/slapd.init.ldif: synchronize our behavior on new installs with
+ that on upgrades, avoiding the non-standard cn=localroot,cn=config.
+ * debian/slapd.scripts-common: don't run the migration code if slapd.d
+ already exists. Closes: #593965.
+
+ [ Matthijs Mohlmann ]
+ * Remove upgrade_supported_from_backend, implemented patch from
+ Peter Marschall <peter@adpm.de> to automatically detect if an upgrade is
+ supported. (Closes: #594712)
+
+ [ Peter Marschall ]
+ * debian/slapd.init: correctly set the slapd.conf argument even when
+ SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880.
+ * debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
+ subordinate databases aren't incorrectly included in the dump/restore of
+ the parent database. Closes: #594821.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 13 Sep 2010 06:59:11 +0000
+
+openldap (2.4.23-4) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Bump the database upgrade version check to 2.4.23-4; should have been
+ set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
+ clean up. Closes: #593550.
+
+ [ Matthijs Mohlmann ]
+ * Fix root access to cn=config on upgrades from configuration style slapd.conf
+ Thanks to Mathias Gug (Closes: #593566, #593878)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 26 Aug 2010 20:30:51 +0200
+
+openldap (2.4.23-3) unstable; urgency=low
+
+ * Configure the newly installed openldap package using slapd.d instead of
+ slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
+ * Update the debconf templates by running debconf-updatepo.
+ * We do not support upgrades from older releases then lenny, so removed some
+ upgrade functions from slapd.scripts-common.
+ * Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
+ * Updated czech translation, thanks Miroslav Kure (Closes: #589569)
+ * Update slapd.README.Debian and slapd.NEWS and note the new configuration
+ style.
+ * Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
+ * Update italian translation, thanks Luca Monducci (Closes: #590154)
+ * Update spanish translation, thanks Francisco Javier Cuadrado
+ (Closes: #590829)
+ * Update basque translation, thanks Iñaki Larrañaga Murgoitio
+ * Bump Standards-Version to 3.9.1
+ * Added debian specific patch to wait until slapd is operational before
+ detaching to the terminal (Closes: #589915)
+ * Add a lintian overrides for libldap.
+ * Empty dependency_libs line in .la files. (Closes: #591550)
+ * Update galician translation, thanks Jorge Barreiro (Closes: #592815)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Tue, 17 Aug 2010 22:00:16 +0200
+
+openldap (2.4.23-2) unstable; urgency=medium
+
+ * Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
+ * Urgency previous as previous version fixes a RC bug.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Wed, 14 Jul 2010 10:17:27 +0200
+
+openldap (2.4.23-1) unstable; urgency=low
+
+ * New upstream version
+ * Change to build dependency libdb4.8-dev instead of libdb4.7-dev
+ * Updated french translation thanks Christian Perrier (Closes: #579192)
+ * Updated swedish translation thanks Martin Bagge (Closes: #580145)
+ * Updated german translation thanks Helge Kreutzmann (Closes: #579582)
+ * Updated russian translation thanks Yuri Kozlov (Closes: #585688)
+ * Fix bashisms in debian/rules (Closes: #581454)
+ * Add documentation patch (Closes: #513270)
+ * Refreshed all quilt patches.
+ * Bump Standards-Version to 3.9.0
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
+
+openldap (2.4.21-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream version
+ (Closes: #561144, #465024, #502769, #528695, #564686, #504728)
+ * Add upstream manpage for ldapexop; thanks to Peter Marschall
+ <peter@adpm.de>. Closes: #549291.
+
+ [ Matthijs Mohlmann ]
+ * Ack NMU (Closes: #553432)
+ * Update Standards-Version to 3.8.4
+ * Fix NEWS entry to have the correct version number
+ * Improve the wording for the slapd/invalid_config question (Closes: #452834)
+ * Make lintian a bit more happy (Closes: #518660)
+ * Fix bashism (Closes: #518657)
+ * Refresh all patches
+ * Add patch from upstream (Closes: #549642)
+ * Reworked the configure.options a bit to include some more options
+ * Enable dynamic acls
+ * Use slappasswd to create a secure password (Closes: #490930)
+ * Set a rootdn and rootpw if no password is given by debconf (Closes: #231950)
+ * Better document the TLSCipherSuite in slapd.conf manpage (Closes: #563113)
+ * Better document the TLS_CIPHER_SUITE in ldap.conf manpage (Closes: #510346)
+ * Add smbk5pwd slapd module, used patch from Mark Hymers (Closes: #443073)
+ * Add autogroup slapd module, used patch from Mathieu Parent (Closes: #575900)
+ * Add lsb logging, used patch from David Härdeman (Closes: #385898)
+ * Use dh_lintian to install the lintian-overrides
+ * Added critical error report when slapcat fails (Closes: #226090)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
+
+openldap (2.4.17-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
+ character in subject Common Name (Closes: #553432)
+
+ -- Giuseppe Iuculano <iuculano@debian.org> Tue, 10 Nov 2009 19:09:45 +0100
+
+openldap (2.4.17-2) unstable; urgency=low
+
+ * Fix up the lintian warnings:
+ - add missing misc-depends on all packages
+ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
+ overrides
+ - bump Standards-Version to 3.8.2, no changes required.
+ * slapd.scripts-common: fix upgrade to correctly handle multiple database
+ declarations; thanks, Peter Marschall <peter@adpm.de>! Closes: #517556
+ * Add 'status' argument to init script; thanks to Peter Eisentraut
+ <petere@debian.org>. Closes: #545898.
+ * New patch, do-not-second-guess-sonames, to remove an incorrect check for
+ the Cyrus SASL version number at runtime. If there's any reason this is
+ needed, it needs to be addressed in the cyrus-sasl soname and Debian
+ shlibs, not here. Closes: #546885.
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
+
+openldap (2.4.17-1) unstable; urgency=low
+
+ * New upstream version.
+ - Fixes FTBFS on ia64 with -fPIE. Closes: #524770.
+ - Fixes some TLS issues with GnuTLS. Closes: #505191.
+ * Update priority of libldap-2.4-2 to match the archive override.
+ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
+ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
+ Closes: #496749.
+ * Bump build-dependency on debhelper to 6 instead of 5, since that's
+ what we're using. Closes: #498116.
+ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
+ the built-in default of ldap:/// only.
+ * Build-depend on libltdl-dev | libltdl3-dev (>= 1.4.3), for the package
+ name change. Closes: #522965.
+
+ [ Updated debconf translations ]
+ * Spanish, thanks to Francisco Javier Cuadrado <fcocuadrado@gmail.com>.
+ Closes: #521804.
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
+
+openldap (2.4.15-1) unstable; urgency=low
+
+ * New upstream version
+ - Fixes a bug with the pcache overlay not returning cached entries
+ (closes: #497697)
+ - Update evolution-ntlm patch to apply to current Makefiles.
+ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
+ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
+ patch from the bug report, so this should be watched for regressions.
+ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
+ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
+ installed in the build environment.
+ * Add -D_GNU_SOURCE to CFLAGS, apparently required for building with
+ current headers in unstable
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
+
+openldap (2.4.11-1) unstable; urgency=low
+
+ * New upstream version (closes: #499560).
+ - Fixes a crash with syncrepl and delcsn (closes: #491066).
+ - Fix CRL handling with GnuTLS (closes: #498410).
+ - Drop patches no_backend_inter-linking,
+ CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied
+ upstream.
+
+ [ Russ Allbery ]
+ * New patch, back-perl-init, which updates the calling conventions
+ around initialization and shutdown of the Perl interpreter to match
+ the current perlembed recommendations. Fixes probable hangs on HPPA
+ in back-perl. Thanks, Niko Tyni. (Closes: #495069)
+
+ [ Steve Langasek ]
+ * Drop the conflict with libldap2, which is not the standard means of
+ handling symbol conflicts in Debian and which causes serious upgrade
+ problems from etch. Closes: #487211.
+
+ -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
+
+openldap (2.4.10-3) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New patch, CVE-2008-2952_BER-decoding-assertion, to fix a remote DoS
+ vulnerability in the BER decoder. Addresses CVE-2008-2952,
+ closes: #488710.
+ * debian/slapd.scripts-common, debian/slapd.postinst: drop
+ update_path_argsfile_pidfile function, not needed for updates from etch
+ or newer.
+ * Drop the code to check for and upgrade ldbm databases. The etch
+ release of slapd had already dropped support for them and direct
+ upgrades from sarge are not supported.
+
+ [ Russ Allbery ]
+ * Apply upstream patch to convert GnuTLS cipher strength from bytes to
+ bits, as expected by OpenLDAP. (Closes: #473796)
+ * Add Build-Depends on time, used by the test suite and only a shell
+ built-in with bash. Thanks, Daniel Schepler. (Closes: #490754)
+ * Refresh all patches, convert all patches to -p1, and remove extraneous
+ Index: lines. (Closes: #485263)
+ * Unless DFSG_NONFREE is set, also check whether the upstream schemas
+ with RFC comments are included.
+ * Update standards version to 3.8.0.
+ - Include debian/README.source pointing to the quilt README.source.
+ - Wrap Uploaders for readability.
+ * Wrap slapd's Depends for readability.
+
+ [ Updated debconf translations ]
+ * Swedish, thanks to Martin Ã…gren <martin.agren@gmail.com>.
+ Closes: #492748.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
+
+openldap (2.4.10-2) unstable; urgency=low
+
+ * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
+ build time
+ * Hack around glibc behavior when resolving localhost, by exporting
+ RESOLV_MULTI=off when invoking the test suite
+ * Reclaim the 'openldap' source package name; openldap2.3 has been a
+ misnomer for some time, causing undue confusion, so switch to a
+ permanent source package name that we won't need to change again later.
+ - Along the way, kill off non-DFSG-compliant schema files that snuck
+ back into the archive due to my bad merge of 2.4.10.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
+
+openldap2.3 (2.4.10-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream release.
+ - Clean up ld_defconn if it was freed, fixing an assertion failure in
+ various clients. Closes: #469232.
+ - Fixes slapd syncrepl hang on back-config. Closes: #471253.
+ - Drop patch hurd-path-max, integrated upstream.
+ * Drop spurious build-dependency on heimdal-dev, introduced accidentally
+ as part of an aborted attempt to build the smbk5pwd overlay.
+ * Use hardlinks instead of symlinks for the various slap* commands; this
+ is functionally equivalent for us, and reduces divergence from
+ derivatives such as Ubuntu that use apparmor. Closes: #488409.
+ * New patch, no_backend_inter-linking, to fix the meta backend to not
+ try to look up symbols in external objects (back_ldap) that it
+ doesn't link against.
+ * Turn on 'make test' during builds, now that back_meta is fixed.
+
+ [ Matthijs Mohlmann ]
+ * All manpages in category 5 were missing, wrong directory.
+ (Closes: #474976, #483631, #483633)
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
+
+openldap2.3 (2.4.9-1) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * French, thanks to Christian Perrier <bubulle@debian.org>.
+ Closes: #471792.
+ * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #475238.
+ * Czech, thanks to Miroslav Kure <kurem@upcase.info.upol.cz>.
+ Closes: #480138.
+ * Basque, thanks to Piarres Beobide <pi+debian@beobide.net>.
+ Closes: #480177.
+ * Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>.
+ Closes: #480181.
+ * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>. Closes: #480218.
+ * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #480247.
+ * Italian, thanks to Luca Monducci <luca.mo@tiscali.it>. (Closes: #477718)
+ * Brazilian Portuguese, thanks to Eder L. Marques <eder@edermarques.net>
+ (Closes: #480172)
+ * Portuguese, thanks to Tiago Fernandes <tjg.fernandes@gmail.com>
+ (Closes: #481126)
+ * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com> (Closes: #481214)
+ * Dutch, thanks to "cobaco (aka Bart Cornelis)" <cobaco@skolelinux.no>.
+ Closes: #483014.
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ - Bad entryUUID no longer crashes slapd. (Closes: #471867)
+ - Fix assertion failure in some modify operations. (Closes: #474161)
+ - Mention index in slapd.conf's man page. (Closes: #414650)
+ - Fixes to slapd include handling. (Closes: #457261)
+ - Fix syncrepl cookie truncation. (Closes: #464024)
+ - Fix memory allocation in ldap_parse_page_control. (Closes: #464877)
+ - Fix slapd crash when accessed by multiple threads. (Closes: #479237)
+ * Acknowledge NMU.
+ (Closes: #474976, #471225, #475856, #474652, #465875)
+ * Bump Standards-Version to 3.7.3
+ * Add versioned build dependency on libgnutls-dev (Closes: #466558)
+ * Bump debhelper compat level to 6.
+
+ [ Russ Allbery ]
+ * Use MAXPATHLEN rather than PATH_MAX, since OpenLDAP defines the
+ former and the latter isn't defined on GNU Hurd. Thanks, Samuel
+ Thibault. (Closes: #475744)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 26 May 2008 22:34:16 +0200
+
+openldap2.3 (2.4.7-6.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Install all slapd relevant manpages into slapd package.
+ (closes: #474976)
+ * Make libldap-2.4-2 conflict against libldap2. (closes: #475856)
+
+ -- Bastian Blank <waldi@debian.org> Tue, 29 Apr 2008 18:00:23 +0200
+
+openldap2.3 (2.4.7-6.2) unstable; urgency=low
+
+ * Non-maintainer upload to solve release goal issues.
+ * Add LSB dependency header to init.d scripts (Closes: #474652)
+
+ -- Petter Reinholdtsen <pere@debian.org> Wed, 16 Apr 2008 08:04:49 +0200
+
+openldap2.3 (2.4.7-6.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * Fix possible remote denial of service vulnerability in the BDB backend
+ via a modrdn operation with a NOOP control
+ (CVE-2008-0658; Closes: #465875).
+
+ -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
+
+openldap2.3 (2.4.7-6) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no>. Closes: #452950.
+ * Brazilian Portuguese, thanks to Eder L. Marques <frolic@debian-ce.org>.
+ Closes: #463460.
+ * German, thanks to Helge Kreutzmann <debian@helgefjell.de>.
+ Closes: #465784.
+
+ [ Steve Langasek ]
+ * Relax build-dependency on libsasl2-dev now that the versioned dependency
+ is satisfied by all extant versions (including in oldstable), fixing a
+ lintian warning about versioned build-deps on Debian revisions.
+ * Avoid using a mutex around getaddrinfo() and getnameinfo() calls, which
+ are guaranteed by glibc to be threadsafe; this fixes a deadlock when
+ using nss_ldap for host lookups. Closes: #340601.
+ * debian/libldap2-dev.manpages: install all of man3/* instead of
+ enumerating specific manpages to install. Closes: #320073.
+ * Add new patch, sasl-cleartext-strncasecmp, to correct a regression that
+ prevented the use of the {CLEARTEXT} password scheme with SASL.
+ Closes LP: #191563.
+ * drop LGPL from debian/copyright; there is no longer any code under this
+ license in the package.
+ * Drop patch gnutls-altname-nulterminated; it's been determined that the
+ "length" discrepancy was a bug in gnutls, and fixed in that package.
+ * debian/configure.options: explicitly pass --with-odbc=unixodbc, so
+ that we depend on the right ODBC implementation when both happen to
+ be installed at build time.
+
+ [ Russ Allbery ]
+ * Add a stamp file for the configure rule to avoid rerunning configure
+ needlessly. Closes: #465588.
+ * Don't create the openldap user if slapd has been configured to run as
+ a different user. If slapd has been configured to run as openldap, do
+ create the user on reconfigure. Closes: #452438.
+ * Reformat, reorganize, and update slapd's README.Debian.
+ - Include SASL configuration information.
+ - Remove LDBM information, since upstream no longer even ships LDBM
+ and the debconf prompting and maintainer scripts already take care
+ of any lingering databases.
+ - Document the differences between the Debian OpenLDAP packages and
+ upstream.
+
+ -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
+
+openldap2.3 (2.4.7-5) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #462688.
+ * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>. Closes: #462987.
+ * French, thanks to Christian Perrier <bubulle@debian.org>.
+ Closes: #463149.
+ * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>. Closes: #463442.
+ * Czech, thanks to Miroslav Kure <kurem@debian.cz>. Closes: #463472.
+ * German, thanks to Helge Kreutzmann <debian@helgefjell.de>.
+ Closes: #464718.
+
+ [ Steve Langasek ]
+ * Fix various regressions related to the introduction of GnuTLS:
+ - Add new patch, gnutls-ciphers, to fix support for specifying multiple
+ ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle
+ Moffett <kyle@moffetthome.net> for the patch. Closes LP: #188200.
+ - Add new patch, slapd-tlsverifyclient-default, to set the intended
+ default value of "TLSVerifyClient never" in the right place.
+ - Add new patch, gnutls-altname-nulterminated, to account for differences
+ in how the "length" is returned for commonName vs. subjectAltName.
+ - Comment out TLSCipherSuite settings on upgrade from all versions prior
+ to 2.4.7-5, and throw a debconf error to the user notifying them of
+ this, since all OpenSSL cipher suite values are incompatible with
+ GnuTLS.
+ Closes: #462588.
+ * Add new patch from upstream, entryCSN-backwards-compatibility, to support
+ auto-converting entryCSN attributes in a previously supported old format,
+ fixing an upgrade failure. Closes: #462099.
+ * Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the
+ latter resorts to a SIGKILL and may corrupt backend data; whereas the
+ former will exit non-zero if slapd is still running but won't directly
+ cause data-loss. Thanks to Mark McDonald for the patch. LP: #92139.
+ * Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for
+ reporting. Closes: #463971.
+ * Fix a superfluous space in the debconf templates, due to a trailing space
+ in the templates. Closes: #464719.
+
+ -- Steve Langasek <vorlon@debian.org> Sat, 09 Feb 2008 14:25:55 -0800
+
+openldap2.3 (2.4.7-4) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * Build-conflict with libicu-dev, for consistent dependencies in all
+ build environments.
+ * Fix an oversight in the checkpoint migration, which caused the checkpoint
+ option to not be moved far enough down. Closes: #462304, LP: #185257.
+ * Build-depend on unixodbc instead of iODBC.
+
+ [ Updated debconf translations ]
+ * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #462191.
+
+ -- Steve Langasek <vorlon@debian.org> Fri, 25 Jan 2008 02:17:23 -0800
+
+openldap2.3 (2.4.7-3) unstable; urgency=low
+
+ * Add missing build-dependency on groff-base, to allow use of soelim during
+ build.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 15:18:27 -0800
+
+openldap2.3 (2.4.7-2) unstable; urgency=low
+
+ * Temporarily drop slapi-dev from the package to get through NEW; this
+ functionality should be readded later, either by restoring the slapi-dev
+ package or by moving it to libldap2-dev, depending on the outcome of
+ discussion with the ftp-masters.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 06:13:21 -0800
+
+openldap2.3 (2.4.7-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream version; closes: #449354.
+ - remove another schema from upstream source, collective.schema,
+ that contains text from the IETF RFCs and include a stripped copy
+ in debian/schema.
+ - drop patches slurpd-in-spool and man-slurpd, since slurpd is no
+ longer provided upstream.
+ - libldap2.3-0 is now libldap2.4-2
+ - build libldap2-dev from this source package now, superseding
+ openldap2; closes: #428385, #260118, #262539, #391899, #393215.
+ - lastmod and denyop have been moved to contrib upstream and are no
+ longer shipped as supported overlays
+ - drop dependency on libldap2 and take ownership of the
+ /etc/ldap/ldap.conf conffile, since libldap2 is now obsolete
+ - need to dump and reload databases again for the upgrade from 2.3.39.
+ - ldap_init(3) no longer attempts to document the internals of the
+ LDAP opaque type. Closes: #320072.
+ - ldap-utils utilities find LDAP servers via SRV records when given a
+ URL with -H and no host in the URL. Closes: #221173.
+ - if the old slapd.conf included any replica commands, automatically
+ enable syncprov for the corresponding database and print an error
+ with debconf.
+ * slapd.conf and DB_CONFIG are used in the postinst, they shouldn't be
+ shipped under doc/examples because /usr/share/doc can't be depended
+ on per policy; ship the files under /usr/share/slapd and symlink the
+ /other/ way, which also spares us from dh_compress trying to gzip
+ slapd.conf. Closes: #452749.
+ * Drop libldap.so as was done for libldap2, making it a link to
+ libldap_r.so to avoid unfortunate symbol collisions.
+ * Add new patch, libldap-symbol-versions, to build libldap and liblber
+ with symbol versions; needed to avoid segfaults when applications
+ manage to pull both libldap2 and the new libldap-2.4-2 into the same
+ process (as during a partial upgrade or the initial soname
+ transition), and also when the library soname changes again in the
+ future (as it's likely to do).
+ * Reintroduce add-autogen-sh patch, with build deps on libtool, automake,
+ and autoconf, required due to the previous patch; this time around, take
+ care to clean up the autogenerated files in the clean target as well
+ * Build-depend on libgnutls-dev instead of on libssl-dev, so that at long
+ last we can build the server and lib from the same source package again
+ without licensing problems. Closes: #457182, #407334, #428468, #381788.
+ Closes: #412706.
+ * slapd.prerm, slapd.postinst: drop no-longer-needed upgrade code for
+ openldap < 2.1.22
+ * Ask about ldbm to bdb migration in the preinst, since there is no
+ guarantee that the debconf config script will be run before the unpack
+ phase.
+ * Don't stop slapd in the preinst by hand, the prerm already stops the
+ old slapd using the standard interfaces.
+ * Don't build with LAN Manager password support; these passwords are more
+ insecure than traditional Unix crypt, and only relevant when talking to
+ Windows 98.
+ * Move libslapi into the slapd package and provide a virtual package for
+ library dependencies, since this is expected to stay lockstep with the
+ server.
+ * Split slapi dev support into a new libslapi-dev package, as this is
+ unrelated to libldap; and drop libslapi.a since it would be insane to try
+ to statically link a dynamically-loaded slapi plugin.
+ * "checkpoint" directives are no longer supported as part of the backend
+ config, only as part of the database config; move the lines around in
+ slapd.conf on upgrade.
+ * "schemacheck" directives are no longer supported; comment them out
+ on upgrade since this option was set by default in sarge.
+ * Package description updates; thanks to Christian Perrier
+ <bubulle@debian.org> and the Smith review project for these
+ improvements.
+ * Incorporate debconf template changes suggested by the debian-l10n-english
+ team as part of the Smith review project. Closes: #447224.
+
+ [ Russ Allbery ]
+ * Removed fix_ldif and all remaining code to try running it on LDIF
+ dumps. Schema checking has been imposed since 2.1 and it's highly
+ unlikely that anyone still needs this.
+ * Move the checkpoint directive in the default slapd.conf below the
+ database and suffix directives for the primary database. This is now
+ required for OpenLDAP 2.4.
+ * Create /etc/ldap/slapd.conf owned by the openldap group and mode 640
+ by default so that slapindex and friends can read it when run as the
+ openldap user. Fix permissions on upgrade if slapd.conf is owned by
+ root and mode 600. Closes: #432662.
+ * Drop slapd patch to read slapd.conf before dropping privileges, since
+ slapd.conf should now be readable by SLAPD_GROUP.
+ * If SLAPD_CONF is set to a directory in /etc/default/slapd, assume
+ the cn=config backend is used and start slapd with the appropriate
+ options. Based on a patch from Mike Burr. Closes: #411413.
+ * Rework slapd's README.Debian:
+ - Document the BerkeleyDB version. Closes: #438127.
+ - Document how to direct slapd's logs to another file. Closes: #258931.
+ - Remove obsolete information about TLS/SSL and OpenLDAP 2.0 upgrades.
+ - Recommend HDB instead of BDB.
+ - Generally reformat and reorganize.
+ * Patch cleanup:
+ - Combine the NTLM patches for Evolution into a single patch.
+ - Add explanatory comments to every patch.
+ - Refresh all patches to remove diff garbage and trailing whitespace.
+ * debian/rules cleanup:
+ - Fix patch dependencies for parallel build (hopefully).
+ - Tell configure the system type.
+ - Rewrite upstream_strip_nondfsg.sh as a get-orig-source target.
+ - Remove stamp files as the first step of the clean target.
+ - Add trivial build-arch and build-indep targets.
+ - Remove dead code and unnecessary comments.
+ * Remove postrm code to delete /var/lib/slapd/upgrade* flag files. We
+ haven't used those since the 2.1 upgrade.
+ * Update Vcs-* headers for new repository layout.
+ * Remove versioned dependency on an ancient dpkg-dev.
+ * Wrap and reorder Build-Depends for readability.
+
+ [ Updated debconf translations ]
+ * Czech, thanks to Miroslav Kure <kurem@debian.cz>. Closes: #458215.
+ * German, thanks to Helge Kreutzmann <debian@helgefjell.de>.
+ Closes: #452833.
+ * Spanish
+ * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #448061.
+ * French, thanks to Christian Perrier <bubulle@debian.org>.
+ Closes: #452632.
+ * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>.
+ Closes: #451158.
+ * Italian, thanks to Luca Monducci <luca.mo@tiscali.it>. Closes: #449442.
+ * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #451325.
+ * Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no>. Closes: #448935.
+ * Brazilian Portuguese
+ * Portuguese, thanks to Tiago Fernandes <tjg.fernandes@gmail.com>.
+ Closes: #453341.
+ * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>. Closes: #453318.
+ * Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>.
+ Closes: #453411.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 04:58:24 -0800
+
+openldap2.3 (2.3.39-1) unstable; urgency=medium
+
+ * Medium severity due to denial of service fix.
+ * New upstream release.
+ - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache
+ (the overlay for proxy caching). (Closes: #448644)
+ - Multiple additional more minor bug fixes.
+ * Document in the default slapd.conf that dbconfig options only generate
+ the DB_CONFIG file on first slapd start and have no effect afterwards
+ unless DB_CONFIG is removed. (Closes: #442191)
+ * Inline the checkpoint and BerkeleyDB backend settings in the default
+ slapd.conf rather than generating them dynamically in postinst. All
+ the allowable default database choices are now BerekelyDB variants and
+ will probably continue to be so for the forseeable future, and this is
+ easier to maintain.
+ * Drop debconf questions, warnings, and maintainer script functions
+ dealing with upgrades from OpenLDAP 2.1, which is now too hold for
+ supported direct upgrades. (Closes: #444806)
+ * Add a watch file. Thanks, Fernando Ribeiro. (Closes: #435290)
+ * Add Homepage, Vcs-Svn, and Vcs-Browser control fields.
+
+ -- Russ Allbery <rra@debian.org> Mon, 12 Nov 2007 16:00:47 -0800
+
+openldap2.3 (2.3.38-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Drop debian/patches/use-lpthread, which is no longer needed on mips*
+ because gcc has been fixed.
+ * Drop debian/patches/add-autogen-sh, also no longer needed now that
+ the above patch is gone.
+
+ [ Matthijs Mohlmann ]
+ * Fix bashism in initscript. (Closes: #428883)
+ * Drop upstream patches ITS4924, ITS4925 and ITS4966.
+ * Add patch for objectClasses which causes slapd to crash. (Closes: #440632)
+ - CVE-2007-5707.
+ - Upstream bug ITS5119.
+ * Change default loglevel to none, to log high priority messages.
+ (Closes: #442000)
+ * Tighten up the build dependencies, now that autogen patch is removed.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 17 Sep 2007 22:58:54 +0200
+
+openldap2.3 (2.3.35-2) unstable; urgency=low
+
+ * Enable LAN Manager password support in slapd. (Closes: #245341)
+ * If automatic configuration is selected and slapd.conf doesn't exist
+ during an upgrade, treat this as a fresh installation rather than
+ aborting with an error. Also try to provide a better error message if
+ the user has deleted /etc/ldap/schema but we just generated a new
+ configuration that references it. These cases can occur if someone
+ removes (rather than purges) the package, manually deletes /etc/ldap,
+ and then reinstalls. (Closes: #205010)
+ * Don't fail in slapd's postrm if /etc/ldap/schema has already been
+ deleted.
+ * Remove slapd conflicts with libbind-dev and bind-dev. There no longer
+ appears to be anything in those packages that would break slapd's
+ resolver. (Closes: #225896)
+ * Add libldap-2.3-0-dbg and slapd-dbg packages with detached debugging
+ information.
+ * db_recover is no longer required after changing DB_CONFIG; slapd now
+ detects changes itself and does the right thing. Also note in
+ README.DB_CONFIG the existence of the dbconfig slapd.conf parameter
+ and slapd's DB_CONFIG writing support. (Closes: #412575)
+ * Add options to /etc/default/slapd to let the system administrator tell
+ the init script to not start slapd on boot. (Closes: #254999)
+ * Redirect fd 3 to /dev/null in the slapd init script for additional
+ robustness when debconf is running. (Closes: #227482)
+ * Add to /etc/default/slapd a commented-out example of how to change the
+ keytab file used for GSSAPI authentication. (Closes: #412017)
+ * Use variables in /etc/init.d/slapd for the paths to slapd and slurpd
+ so that someone who really wants to can override them in
+ /etc/default/slapd. (Closes: #403948)
+ * Allow people building packages for outside Debian to skip the checks
+ for non-DFSG-free material by setting a variable. Thanks, Peter
+ Marschall. (Closes: #427245)
+ * Remove duplicate libldap-2.3-0 dependencies. (Closes: #408987)
+ * Use binary:Version instead of Source-Version for the tight
+ dependencies between slapd and ldap-utils and libldap-2.3-0.
+
+ -- Russ Allbery <rra@debian.org> Mon, 11 Jun 2007 20:26:26 -0700
+
+openldap2.3 (2.3.35-1) unstable; urgency=low
+
+ * New upstream release with many bug fixes.
+ - Allow syncprov to follow aliases. (Closes: #422087)
+ * Apply upstream patches:
+ - ITS#4924: client crash on incorrectly tagged result from server.
+ - ITS#4925: NOOP modify with BDB backend crashed slapd.
+ - ITS#4966: Delete of valsort-controlled entries crashed slapd.
+ * Enable SLAPI support. (Closes: #390954)
+ * Re-enable use of the epoll system call since Debian no longer supports
+ 2.4 kernels. This means that the OpenLDAP packages will not work on
+ pre-2.6 kernels.
+ * Remove schema files that contain text from IETF RFCs from the upstream
+ source since that text is not DFSG-free. Instead, install stripped
+ versions of those schema files containing only the functional
+ interface specifications, a comment explaining why this is needed, and
+ a pointer to the relevant RFC. (Closes: #361846)
+ * Document the repackaging of the upstream source in debian/copyright.
+ * Update config.guess and config.sub during the build instead of in the
+ clean target and remove them in the clean target for a clean diff.
+ Build-depend on autotools-dev so that we can unconditionally copy over
+ the latest versions.
+ * Added commentary and upstream ITS numbers for several patches
+ applicable upstream.
+ * Use debian/compat rather than the deprecated DH_COMPAT rules setting.
+ * Update to debhelper compatibility level V5 (no changes required).
+
+ -- Russ Allbery <rra@debian.org> Wed, 30 May 2007 22:42:28 -0700
+
+openldap2.3 (2.3.30-5) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Add Portuguese debconf translation; thanks to Tiago Fernandes.
+ Closes: #409632.
+ * Re-add .la files to the slapd package, for greater compatibility
+ with upstream documentation.
+
+ [ Russ Allbery ]
+ * When starting slapd, create a symlink from /var/run/ldapi to
+ /var/run/slapd/ldapi for compatibility with 2.1 client libraries.
+ Closes: #385809.
+ * Apply upstream patch to prevent a race condition in slapd when
+ shutting down connections.
+ * Update the Brazilian Portuguese debconf translation; thanks to Felipe
+ Augusto van de Wiel.
+
+ -- Russ Allbery <rra@debian.org> Thu, 8 Mar 2007 18:21:02 -0800
+
+openldap2.3 (2.3.30-4) unstable; urgency=low
+
+ * Ok, argh, it helps to check that the function being re-added to the
+ preinst hasn't been removed again from the common include. Re-add
+ break_on_ldbm_to_bdb_migration_disagree, because by all appearances
+ we /should/ be using this in the preinst. Closes: #411474.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 19 Feb 2007 03:55:22 -0800
+
+openldap2.3 (2.3.30-3) unstable; urgency=medium
+
+ [ Matthijs Mohlmann ]
+ * Added spanish translation. (Closes: #404250)
+ * Documentation updates backported from upstream.
+ * Fix a security bug in kerberos kbind code. (Only used when enabling with
+ --enable-kbind option) But better safe then sorry.
+ * Backported a mem leak fix on failed binds.
+ * Added patch from upstream that fixes a memory leak in ACLs that use sets.
+
+ [ Steve Langasek ]
+ * *Really* abort in preinst if the user doesn't accept the upgrade
+ from ldbm to bdb. Closes: #392747.
+ * Set the name of debian/slapd.NEWS right so that it gets
+ installed in the binary package. Closes: #409923.
+ * Add Russian debconf translation; thanks to Yuri Kozlov.
+ Closes: #405706.
+ * Add Galician debconf translation; thanks to Jacobo Tarrio.
+ Closes: #407267.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 18 Feb 2007 16:47:16 -0800
+
+openldap2.3 (2.3.30-2) unstable; urgency=low
+
+ * Make sure that the pidfile directory doesn't exist in the init script.
+ (Closes: #402705)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Tue, 12 Dec 2006 21:34:44 +0100
+
+openldap2.3 (2.3.30-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixed authzTo/authzFrom URL matching.
+ - Fixed syncrepl consumer memory leaks.
+ - Fixed slapd-hdb livelock.
+ - Fixed slapo-ppolicy external quality check.
+ - Fixed ldapsearch(1) man page acknowledgement.
+ * Added patch to make sure that the pidfile directory exists.
+ (Closes: #390337)
+ * Do not ask the question allow ldap v2 logins when user wants manual
+ configuration. (Closes: #401003)
+ * Add patch to look also in /etc/ldap/sasl2 for sasl configuration.
+ (Closes: #398657)
+ * Removed db4.2-util recommend, the slapd binary includes checking code to
+ fix DB errors.
+ * Updated README in schema directory. It doesn't list collective.schema
+ anymore. (Closes: #287358)
+ * Updated manpages to point to right paths. (Closes: #398790)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 9 Dec 2006 20:50:58 +0100
+
+openldap2.3 (2.3.29-1) unstable; urgency=medium
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ - Fixes Denial of Service through a certain combination of LDAP BIND
+ requests (CVE-2006-5779) (Closes: #397673)
+ * LSB section added to the init script.
+ * Updated README.Debian about running as non-root user (Closes: #389369)
+ * Updated de translation (Closes: #396096)
+ * Added some documentation / warning when running slapindex as root.
+ * Remove drafts and rfc from the tarball. (Closes: #393404)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 11 Nov 2006 11:24:42 +0100
+
+openldap2.3 (2.3.27-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ * pidfile location is changed 3 years ago, when people are upgrading from
+ back then they have a broken slapd because the openldap user is not able
+ to write to /var/run. (Closes: #380687)
+ * Patches by Quanah Gibson-Mount <quanah@stanford.edu>
+ - Fix one time memleak on startup in the accesslog db.
+ * Changed priority of libldap-2.3-0 to optional as it is only used by slapd.
+
+ [ Torsten Landschoff ]
+ * Remove RFC documents as they do not meet the DFSG.
+ + debian/rules: Check that the RFCs are gone to make sure it does not
+ get included again by accident.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 2 Sep 2006 00:33:44 +0200
+
+openldap2.3 (2.3.25-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release:
+ - Accepts 'require none' in slapd.conf (closes: #370023).
+ - Added patch to fix a bold issue in the manpage ldapsearch. Thanks to
+ Matt Kraai. (Closes: #355670)
+ * Added commented out rootdn parameter in slapd.conf. (Closes: #303245)
+ * Make the scripts output a bit more consistent.
+ * Fix a regression in the slapd packages. Data directory is /var/lib/ldap
+ and not /var/openldap-data, also adjust the manpages to reflect these
+ change. Thanks to Peter Marschall. (Closes: #368891)
+ * Removed script move_files, dh_install is used instead. (Closes: #368896)
+ * Dutch translation already updated. Closes: #375101)
+ * Documented that slapd is compiled with TCP wrappers (Closes: #351428)
+ * dpkg-reconfigure slapd now just reinstalls slapd and moves old databases
+ to /var/backups. Already done in previous version (Closes: #230366, #208056)
+
+ [ Torsten Landschoff ]
+ * debian/libldap-2.3-0.install: Ignore version information when installing
+ libraries. This way it does not need updating for each new upstream
+ release.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Wed, 26 Jul 2006 18:05:40 +0200
+
+openldap2.3 (2.3.24-2) unstable; urgency=low
+
+ * Switch slapd from running as root to running as user.
+ (Closes: #292845, #261696)
+ * Changing configuration in slapd.conf by the postinst will now also follow
+ includes. (Closes: #304488)
+ * Patches by Quanah Gibson-Mount <quanah@stanford.edu>
+ - fix a lock bug with a virtual root entry in the BDB backend.
+ - fix boolean logic in the overlays.
+ - fix that slurpd can use ldaps.
+ - fix initialization of auditdb.
+ - fix TLS concurrency issues.
+ - fix exop password change that didn't reset pwdMustChange.
+ - fix syncrepl that fails when no rootdn is defined.
+ * Add dependency on adduser.
+ * Specify the PATH variable in the init script. (Closes: #367981)
+ * Added patch to read config before dropping privileges.
+ * epoll(4) system call is missing on kernels <2.6, this causes slapd to
+ not work on 2.4 kernels. Added patch that remove the #define in
+ portable.in (Closes: #369352, #372194, #373233)
+ * In 2.3.24 slapd won't segfault if the moduleload directive appears
+ somewhere else. (Closes: #349011)
+ * Removed fileutils dependency, it's superseeded in Sarge already.
+ (Closes: #370013)
+ * Use find in combination with mv to move an old directory away.
+ (Closes: #306435)
+ * Updated Dutch debconf translation (Closes: #365172)
+ * Added an example backup script that can be put into cron (Closes: #319477)
+ * Make the db directories 0700. On new installations this is the default.
+ (Closes: #354450)
+ * Get rid of a '.' in front of a domain. (Closes: #318143)
+ * Added shadowLastChange to the ACL in the default slapd.conf
+ (Closes: #370550)
+ * Updated Japanese translation (Closes: #378565)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 17 Jul 2006 18:22:45 +0200
+
+openldap2.3 (2.3.24-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream version. (Closes: #369544)
+ * Update patch slurpd-in-spool. (Closes: #368586, #368709, #368889)
+ * Added slapi-errorlog-file to be into /var/log (Closes: #368895)
+ * Removed patch configure.in-fix, incorporated upstream.
+ * Move debian/configure.options.new to debian/configure.options.
+ * Added patch to put ldapi socket in /var/run/slapd.
+ * Removed bdb recovery from the init.d script. This was introduced to fix
+ bug #255276. Now that slapd has the ability to check and recover from bdb
+ failures, this function is not needed anymore. (Closes: #369484, #369093)
+ * Updated the lintian overrides.
+
+ [ Torsten Landschoff ]
+ * Include man pages for accesslog and auditlog overlays, patch by
+ Peter Marschall (closes: #368888).
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 1 Jun 2006 08:16:02 +0200
+
+openldap2.3 (2.3.23-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release. (Closes: #308906, #310282, #353877, #335618, #315158)
+ (Closes: #310282, #319155)
+ * OpenLDAP checks database before starting up.
+ (Closes: #190165, #195079, #294701, #308416)
+ * move_old_database_away isn't called in a while loop anymore (which would
+ kill debconf interaction) (Closes: #299100)
+ * BDB_CONFIG file will be installed on new installations (Closes: #301292)
+ * Move to dh_install.
+ * Move to quilt patch system.
+ * Fix manpage.
+ * Make ldiftopasswd and fix_ldif executable. (fixes lintian warnings)
+ * Wipe passwords after we created the initial configuration.
+ * The config scripts is runned twice, this causes the password in
+ slapd/internal/adminpw to be empty. This fixes the issue with having an
+ empty password in the ldap database. (Closes: #343113, #347725)
+ * Added #DEBHELPER# token to fix a lintian warning.
+ * bdb has changed between major versions, so dump the database and import it
+ again for versions before 2.3.19.
+ * Remove comments from debian/control (The out commented control information
+ is actually in debian/control.dev)
+ * Enable all backends and overlays with: --enable-backends=mod and
+ --enable-overlays=mod
+ * Add | debconf-2.0 to unblock cdebconf transition (Closes: #332053)
+ * Added Danish debconf translation (Closes: #353897)
+ * Updated French debconf translation (Closes: #320739)
+ * Updated Vietnamese debconf translation (Closes: #319706)
+ * Updated Czech debconf translation (Closes: #356554)
+ * Encode the organization to utf8 (Closes: #236097)
+ * Disabled the LDBM backend. Break in preinstallation if user doesn't want
+ to migrate to BDB backend.
+ * Removed choice for LDBM backend from slapd templates. And some explanation
+ in that question about the LDBM backend.
+ * Add sizelimit and tool-threads and some documentation to slapd.conf
+ (Closes: #327808)
+ * slapd.scripts-common had two functions with the same name.
+ * Don't return a error message if hostname fails.
+ * Backup the config only once on upgrade.
+ * For new installations do not install a DB_CONFIG file but use the
+ slapd.conf as file for BDB/HDB configuration parameters. See: slapd-bdb(5)
+ * Added various "exit 0" to the installation scripts.
+ * Add configure.in patch to fix C comparison what should be bash (ITS#4416)
+ * Raise debconf configuration level from low to medium for
+ slapd/no_configuration.
+ * Updated Standards-Version to 3.7.2.0
+ * Added build-dependency on perl which is used in the debian/rules file.
+ Considered by lintian.
+ * Added lintian override for too-long-extended-description-in-templates, it
+ is an explanation about the backends.
+
+ [ Steve Langasek ]
+ * debian/slapd.templates: Fix typo durin -> during; re-run
+ debconf-updatepo, fixing up the fuzzies (closes: #319596).
+
+ [ Torsten Landschoff ]
+ * debian/slapd.scripts-common: Rename backend_supported to
+ upgrade_supported_from_backend for more clarity.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 13 May 2006 00:28:11 +0200
+
+openldap2.2 (2.2.26-4) unstable; urgency=low
+
+ * [l10n] Vietnamese translations by Clytie Siddall (closes: #316623).
+ * debian/slapd.templates: Fix typos occured -> occurred (closes: #316624).
+ * libraries/libldap/url.c: Apply patch from upstream CVS to fix URI
+ parsing (closes: #317100).
+
+ -- Torsten Landschoff <torsten@debian.org> Tue, 19 Jul 2005 20:52:17 +0200
+
+openldap2.2 (2.2.26-3) unstable; urgency=low
+
+ * [SECURITY] Applied the patch available at
+ http://bugzilla.padl.com/show_bug.cgi?id=210
+ to force libldap to really use TLS when requested in /etc/ldap/ldap.conf
+ (cf. CAN-2005-2069). Clients still will use libldap2 from openldap2
+ source package so this is only to prepare unleashing the libraries of
+ OpenLDAP 2.2 for unstable...
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 3 Jul 2005 10:41:37 +0200
+
+openldap2.2 (2.2.26-2) unstable; urgency=low
+
+ * Assembled changes from patches supplied by Peter Marschall (thanks,
+ Peter):
+ | debian/move_files: Move slapd and slurpd to /usr/sbin and adjust symlinks
+ (closes: #316354).
+ + debian/slapd.links: Remove symlinks from /usr/sbin to /usr/lib.
+ | debian/rules: Don't install cron jobs needed for GnuTLS as long as we are
+ using OpenSSL.
+ | debian/control: Remove build-dependencies needed for GnuTLS
+ (closes: #316355).
+ + Require libsasl >= 2.1.18 as recommended by OpenLDAP project.
+ | Update quicktool patch from Quanah Gibson-Mount (closes: #316361).
+ | debian/slapd.init: Use /bin/sh as shell when running db_recover
+ (closes: #316350).
+ | debian/configure.options: Enabled dynlist and proxycache overlays
+ (closes: #316351).
+
+ * debian/po/de.po: Apply typo correction patch (closes: #313809).
+ * debian/po/fr.po: Apply updates by Christian Perrier (closes: #315122).
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 1 Jul 2005 12:53:18 +0200
+
+openldap2.2 (2.2.26-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/slapd.init: Run db_recover as the user configured for slapd
+ (closes: #311331).
+ * debian/po/cs.po: Add Czech translation by Miroslav Kure (closes: #312064).
+ * Run debconf-updatepo, oh my :(
+ * Update configure via libtoolize -cf; aclocal-1.4; autoconf2.50.
+ * configure.in: Try to fix memcmp check (probably does not work anymore, but
+ we should have a working memcmp on all Debian systems anyway).
+ * debian/rules: Remove config.{sub,guess} before installing new versions
+ (just in case there were symlinks for them...).
+
+ -- Torsten Landschoff <torsten@debian.org> Tue, 21 Jun 2005 12:06:40 +0200
+
+openldap2.2 (2.2.23-8) unstable; urgency=low
+
+ * debian/DB_CONFIG: Fixed the log cache configuration (used the wrong
+ command so there was about no effect).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:48:10 +0200
+
+openldap2.2 (2.2.23-7) unstable; urgency=low
+
+ * debian/slapd.scripts-common: Install the default DB_CONFIG for each
+ database loaded from LDIF which didn't have a DB_CONFIG before.
+ * (automatic) Updated config.sub and config.guess from autotools-dev.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:08:37 +0200
+
+openldap2.2 (2.2.23-6) unstable; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/po/ja.po: Merge updates from Kenshi Muto (closes: #303505).
+ * debian/po/fr.po: Merge updates from Christian Perrier (closes: #306229).
+ * debian/slapd.scripts-common: If the user enters the empty value for
+ the database dumping directory use the default value. Seems like the
+ readline interface does not care about the default value
+ (closes: #308234).
+ * debian/slapd.postinst: Make sure the debhelper commands are executed
+ in all cases (closes: #310422).
+ * Merged suggested changes by Eugene Konev to automatically run
+ db_recover before starting slapd (closes: #255276).
+ + debian/slapd.init: Run db_recover if enabled and available and no
+ slapd process running.
+ + debian/slapd.default: Add configuration option to disable it.
+ * Applied and improved patch by Matthijs Mohlmann to support migration
+ from ldbm to bdb backend.
+ + debian/slapd.config: Ask if migration is wanted.
+ + debian/slapd.postinst: Update configuration from ldbm to bdb if yes.
+ + debian/slapd.scripts-common: Implemented some parts in their own
+ functions.
+ * Add a README.DB_CONFIG.gz and reference it where referring to BDB
+ configuration.
+ * Update default DB_CONFIG with some senseful values.
+
+ Steve Langasek <vorlon@debian.org>:
+ * libraries/libldap_r/Makefile.in: make sure the ximian-connector ntlm
+ patch is applied to libldap_r, not just to libldap
+ * debian/move_files: make libldap a symlink to libldap_r, as carrying
+ two versions of this library around is more trouble than it's worth,
+ and can cause glorious segfaults down the line
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:07:49 +0200
+
+openldap2.2 (2.2.23-5) unstable; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/lintian-overrides: Add. Contains lintian warnings/errors to
+ override for each package (plus comments).
+ + debian/move_files: Automatically install applying overrides into
+ each package.
+
+ Steve Langasek <vorlon@debian.org>:
+ * configure.in: reinstate the remainder of the fix for 195990 from
+ 2.1.22-2: give preference to -lpthread over -pthread in configure.in,
+ because some archs (mipsel, at least) don't like -pthread.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 24 Apr 2005 05:01:02 -0700
+
+openldap2.2 (2.2.23-4) unstable; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/control: Make the requirement for debconf a pre-dependency as
+ we are using it from the maintainer scripts.
+ * debian/slapd.preinst: Always use debconf (don't check for availability).
+ * debian/slapd.scripts-common: Remove the alert_user function which
+ was there to output an error message in case debconf is not available.
+
+ Steve Langasek <vorlon@debian.org>:
+ * debian/fix_ldif: Add code to fix up oddly formatted integer attribs;
+ limited use because it only fixes those attributes that we have
+ prior knowledge of (i.e., those in the default schemas we ship), but
+ it's something at least. Closes: #302629.
+ * debian/fix_ldif: Also change fix_ldif to not chew up everything that
+ has a # in the line: treat lines beginning with # as comments, but #
+ is a valid character in an attribute value.
+ * debian/rules: Fix the check for missing lib symbols to use
+ LD_LIBRARY_PATH, so the package builds on systems that don't already
+ have libldap-2.2-7 installed. Closes: #305785.
+ * debian/po/ja.po: Use the partial translation provided by Kenshi Muto.
+
+ Stephen Frost <sfrost@debian.org>:
+ * debian/slapd.scripts-common: Make sure - ends up at the end of the
+ bracket expression given to grep so it's not treated as a range
+ (closes: #302743).
+
+ -- Steve Langasek <vorlon@debian.org> Sat, 23 Apr 2005 22:01:20 -0700
+
+openldap2.2 (2.2.23-3) unstable; urgency=low
+
+ Steve Langasek <vorlon@debian.org>
+ * libraries/libldap_r/Makefile.in: Code that uses pthreads *must* be
+ linked with -pthread, even if it's a library; without this, the
+ libldap_r library ends up with dangling unversioned reference to
+ pthread_create() which gets resolved to a wrong version that causes
+ segfaults on 64-bit platforms. Closes: #304549.
+ * debian/rules: error out on build if an installed library has
+ undefined symbols; future-proofing against a repeat of #304549.
+ * debian/slapd.postinst: don't dump and reload directories unless we
+ know we're upgrading from an incompatible version! Closes: #304840.
+ * debian/slapd.scripts-common: don't use merge_logical_lines for
+ functions that will be writing back to the config; the code is not
+ as pretty now, but the output is much less ugly. Closes: #303243.
+ * debian/slapd.examples, debian/slapd.scripts-common,
+ debian/slapd.links, debian/move_files: install DB_CONFIG in
+ /usr/share/slapd/ instead of /usr/share/doc/slapd/examples/; this
+ simplifies the code, and ensures users who don't install
+ /usr/share/doc aren't penalized. Create links for the DB_CONFIG and
+ slapd.confg templates to /usr/share/doc/slapd/examples, since these
+ are worthwhile examples as well.
+ * Updated maintainer scripts to keep DB_CONFIG for LDAP databases over
+ upgrades (closes: #265860).
+ * Move slappasswd to the slapd package, since it's now a symlink and
+ isn't actually useful without the slapd binary (closes: #304339).
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 21 Apr 2005 01:29:57 +0200
+
+openldap2.2 (2.2.23-2) unstable; urgency=low
+
+ * debian/configure.options: Change localstatedir to /var from /var/run
+ as the current upstream version adds /run to that during runtime for
+ slapi sockets etc. Problem: The database location is specified relative
+ to localstatedir/openldap-data. Another thing to fix...
+ (closes: #298271, #304491).
+ * debian/slapd.scripts-common (load_databases): Reimplement automatic
+ fixing of LDIF data via the fix_ldif script. Only tried if an
+ initial slapadd using the original LDIF data fails. With this change
+ upgrading from woody for some simple cases does work again.
+ * Disabled the version check for Berkeley DB in upstream code. Any
+ libdb4.2 package should work but of course using the latest will give
+ you the best results (closes: #300851).
+ * debian/slapd.scripts-common (import_database): Removed, no longer used.
+ * debian/slapd.scripts-common: Store the diagnostic output from
+ slapadd and output it before aborting if the command failed.
+ * debian/po/fr.po: Use the translations provided by Christian Perrier
+ (closes: #304141).
+ * debian/slapd.scripts-common: Use the -q option during slapadd to
+ improve performance.
+ * debian/slapd.templates (slapd/dump_database_destdir): Apply rewording
+ changes from Thomas Prokosch. Gives the user more information about
+ the usage of that directory.
+ + Run debconf-updatepo to update the translation templates.
+ * debian/slapd.templates: Clean up the debconf templates of the slapd
+ packages by merging the changes suggested by Christian Perrier
+ (closes: #302829). Thanks, Christian!
+ + Changed the wording of some of the templates.
+ + Adapt to the DTSG (Debconf Templates Style Guide).
+ + Removed item slapd/admin which is not used anymore.
+ + Run debconf-updatepo and send new fr.po to Christian Perrier.
+ * debian/slapd.postinst: Make a backup copy of slapd.conf before changing
+ anything (closes: #304485).
+ * Trivial improvements:
+ + Don't ask to move contents of /var/lib/ldap if it does not even
+ exist (but also is not an empty directory...) in initial config.
+ + Move check for current installation status out of configure_dumping.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 14 Apr 2005 19:57:11 +0200
+
+openldap2.2 (2.2.23-1) unstable; urgency=low
+
+ * debian/slapd.scripts-common: Move all shell functions of the maintainer
+ scripts here to have it all in one place.
+ * Another pass over the maintainer scripts to remove cruft and tidy up
+ the code a bit. Fixed some bugs on the way.
+ * Test upgrade and installation revealed some bugs, mostly typos:
+ + return in shell actually is "return $?", not "return 0" as I though
+ + Referenced $src where $srcdir was meant.
+ + Only load old directories on upgrade and not during initial
+ installation.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 1 Apr 2005 18:50:21 +0200
+
+openldap2.2 (2.2.23-0.pre6) experimental; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/slapd.postinst: Add a testing interface to test the helper
+ functions.
+ * debian/slapd.postinst: Make sure that debconf actually displays the
+ error message even if the user has already seen it before.
+ * debian/slapd.postinst (compute_backup_path): Make function more robust
+ in case we don't know the old version or the suffix of the database.
+ Converted the backup dir to a more simple scheme which should be save
+ against accidental overwriting.
+ * Rewrote part of the maintainer scripts for correct handling of
+ directory dumps in preinst. New debconf questions etc.
+ * Move the manpage of slappasswd to ldap-utils where slappasswd itself
+ is included (closes: #300212).
+ + debian/control: Add Replaces: slapd << 2.2.23-0.pre6 to ldap-utils.
+ + debian/move_files: Move slappasswd manpage into ldap-utils.
+ * debian/slapd.config: Don't fail if hostname is unset (pulled from
+ Ubuntu, thanks to Jeff Bailey).
+ * Applied patch by Quanah Gibson-Mount (directory administrator of Stanford)
+ to add -q option to some tools for quick operation without updating
+ logs. This is mostly for importing directories from LDIF backups.
+ * Go back to libdb4.2 as OpenLDAP is known to have problems with BDB 4.3.
+ + debian/control: Update dependencies for BDB 4.2.
+ + debian/slapd.scripts-common: Mark all databases before this version
+ as incompatible.
+ * Fix some bashisms in maintainer scripts.
+ * debian/slapd.postinst: Include the version of the backup in the
+ backup of a database directory.
+
+ Carlo Contavalli <ccontavalli@debian.org>:
+ * debian/slapd.init: Print command line if starting a daemon failed.
+ * debian/slapd.postinst: Handle hdb backend just as if it was bdb.
+ * debian/README.Debian: Add some notes about DB_CONFIG and how to run
+ slapd under a different uid/gid.
+ * Install an example DB_CONFIG file during initial configuration
+ + slapd.postinst: Add a function to implement this and hook it into
+ create_new_configuration.
+ + debian/DB_CONFIG: Example DB_CONFIG that is installed.
+ + debian/slapd.examples: Mark DB_CONFIG as an example.
+ * servers/slapd/daemon.c: Actually change the permissions of the
+ unix socket if requested using an ldapi url with x-mod.
+ * debian/slapd.scripts-common: change privileges of upgraded databases
+ as indicated by SLAPD_USER and SLAPD_GROUP variables.
+ * debian/slapd.scripts-common,slapd.postinst: corrected some minor
+ typos.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 1 Apr 2005 12:26:35 +0200
+
+openldap2.2 (2.2.23-0.pre5) experimental; urgency=low
+
+ * Apply NTLM patch from ximian-connector source package.
+ * debian/slapd.postinst: Fix small typo leading to upgrade failures.
+ Added some notes while wading through maintainer scripts.
+ * debian/slapd.postinst: Make slapadd more noisy, writing the new
+ directory to stderr if something goes wrong (should help for
+ bug #236097).
+ * Make slapd.init idempotent by adding --oknodo to start-stop-daemon
+ invocations (closes: #298741). Kudos to Bill Allombert for this
+ patch.
+ * slapd.postinst: Try to fix slapd.conf for syntactic and semantic changes
+ introduced upstream into 2.2.x.
+ * slapd.scripts-common: Make sure directories before 2.2.23 are dumped
+ and reloaded on upgrade.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 11 Mar 2005 18:54:57 +0100
+
+openldap2.2 (2.2.23-0.pre4) experimental; urgency=low
+
+ * Rename libldap2.2 to libldap-2.2-7 to match soname. Updated
+ debian/{control,rules,...}.
+ * Checked the usage of the ucdata files shipped with libldap2 before.
+ Actually they stem from liblunicode which is only linked to slapd.
+ Therefore those files are shipped with slapd now. This change is
+ relevant so that multiple libldap-2.2-x packages can coexist later.
+ * debian/control: Updated for slapd replacing files from libldap2.
+ * debian/control: Recommend db4.3-util instead of db4.2-util as we are
+ using the former version now for slapd.
+ * debian/control: Add Build-Depends for libperl-dev, this time for
+ real. I wonder what went wrong last time as it built correctly with
+ pdebuild (closes: #297123).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 28 Feb 2005 15:17:52 +0100
+
+openldap2.2 (2.2.23-0.pre3) experimental; urgency=low
+
+ * debian/slapd.prerm: Reformat and fix double stopping of slapd. Find
+ out which bug we are working around and document it.
+ * debian/configure.options: Enable ACI support (closes: #101602).
+ Looked through the source code and it seems to be properly
+ insulated to not make a difference when not used.
+ * .../Makefile.in: Remove -s option from install invocations and let
+ dh_strip handle stripping binaries (closes: #264448).
+ * debian/slapd.postinst: Code cleanup and reading, unused and duplicate
+ code removed. Main body still needs fixing.
+ * debian/slapd.postinst: Fixed chmod --reference calls to keep the
+ permissions of slapd.conf. Putting data into the file using shell
+ redirection recreates the file with default umask and owner, killing
+ the permissions we applied using chod --reference after creating the
+ file. Instead we change the permissions directly before renaming the
+ file now. Wrapped it into a function and update the owner as well.
+ How do we do this correctly for ACLs etc.!? Thanks to Carlo Contavalli
+ for pointing this out.
+ * servers/slapd/main.c: Log a warning if writing the pidfile or writing
+ the arguments file fails (closes: #261696).
+ * debian/control: Add missing build dependency for perl development
+ library (closes: #297123).
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 27 Feb 2005 17:44:03 +0100
+
+openldap2.2 (2.2.23-0.pre2) experimental; urgency=low
+
+ * servers/slurpd/slurp.h: Relocate the default spool directory to
+ /var/spool/slurpd again.
+ * Merged some changes done by Fabio M. Di Nitto for the ubuntu
+ distribution (thanks, Fabio!):
+ + debian/slapd.{postinst,conf}: Checkpoint BDB databases every 512kb
+ or 30 minutes by default.
+ + debian/slapd.scripts-common: Make is_empty_dir less noisy on first
+ install (cosmetic).
+ * Applied some changes suggested by Ondrej Sury:
+ + debian/rules: Add MAKEVARS variable and set datadir =
+ /usr/share/libldap2.2/ucdata instead of changing build/top.mk as
+ suggested.
+ + debian/move_files: Install /usr/share/libldap2.2 into libldap2.2
+ and remove duplicate ldap.conf manpage.
+ + debian/control: Let libldap2.2 dependon libldap2 for config files.
+ * Also in Ondrej's patch:
+ + doc/man/man8/slapd.8: Refer to slapd.conf instead of ldap.h for
+ loglevel documentation. Changed by ubuntu? I don't know...
+ * debian/slapd.README.Debian: Update TLS/SSL information.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 25 Feb 2005 14:44:59 +0100
+
+openldap2.2 (2.2.23-0.pre1) experimental; urgency=low
+
+ * Merge new upstream release 2.2.23.
+ * Change name of source package to openldap2.2.
+ * configure.in: Fix AC_LIBOBJ for configure2.50.
+ * Run libtoolize, aclocal-1.4 and autoconf2.50 to get a working
+ configure script.
+ * debian/slapd.init: Output failure reasons using "$failure" so that
+ no glob substitution is done. Had a hard time grokking why slapd
+ would mention the contents of the current directory in its error
+ message...
+ * debian/rules: Disable building -dev packages as we don't want
+ other packages to link against the new libraries before sarge.
+ Remove the binary-indep target from the binary dependends list.
+ * debian/control: Move packages that are no longer build into control-dev.
+ * debian/configure.options: Build against OpenSSL with --with-tls
+ (this can only be done for slapd itself, we need GnuTLS support
+ before enabling this for libldap2.2-dev).
+ * debian/control: Update build dependencies for libdb4.3 and OpenSSL.
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 23 Feb 2005 19:29:38 +0100
+
+openldap2 (2.2.18-0.pre2) experimental; urgency=low
+
+ * debian/check_config: Make sasl2 check more robust against file
+ format changes in config.status.
+ * debian/libldap2.shlibs: Remove.
+ * Update configure script using libtoolize, aclocal-1.4 and autoconf2.50
+ to fix wrong shared library dependency in libldap2.2 (depended on
+ libldap2 by linking against the system's liblber).
+ * debian/libldap2.README.Debian: Move to libldap2.2.README.Debian.
+ * Lintian cleanup:
+ + Run debconf-updatepo for debian/rules clean and manually as
+ requested.
+ + Update config.guess and config.sub in debian/rules clean as well.
+ First update done.
+ + debian/rules (install): Fix the manpage section of the admin commands
+ from 8C to 8.
+ + debian/rules (binary-arch): Run dh_fixperms to fix the permissions
+ on shared libraries.
+
+ -- Torsten Landschoff <torsten@pulsar.galaxy> Thu, 13 Jan 2005 11:53:28 +0100
+
+openldap2 (2.2.18-0.pre1) experimental; urgency=low
+
+ * New upstream release.
+ * Disable TLS for now.
+ * debian/rules: Don't run autoheader and autoconf.
+ * debian/configure.options: Recreated and updated for new setup.
+ * debian/rules: Move slapd, slurpd from /usr/lib to /usr/sbin.
+ * Rename library packages to include the OpenLDAP version.
+ * Remove /etc/ldap/ldap*.conf from libldap2.2 to avoid clash with
+ libldap2. Also add Replaces entry for libldap2 to allow overwriting
+ for now. Needs fixing...
+ * Instead of moving slapd from /usr/lib to /usr/sbin create a symlink.
+ Seems like slapadd etc. are now all included in the slapd binary
+ and all link to its binary.
+ * debian/rules: Run dh_link for arch dependend packages.
+ * configure: Fix broken libdb checking which forced static building of
+ back-bdb.
+ * debian/slapd.conf: Fix access directive to use "attrs=" instead of
+ "attribute=" which wasn't officially supported anyway.
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 3 Nov 2004 09:57:14 +0100
+
+openldap2 (2.1.30-3) unstable; urgency=high
+
+ * Urgeny high since previous releases were hardly usable (at least
+ with TLS).
+ * Roland Bauerschmidt <rb@debian.org>
+ + libraries/libldap/gnutls.c, libraries/libldap/tls.c,
+ include/ldap_pvt_gnutls.h: Use callback with
+ gnutls_certificate_set_params_function to generate dh_params and
+ rsa_params (this is also the way, it's done with OpenSSL). We need
+ GNUTLS 1.0.9 for this. With the new version of libgcrypt, we also
+ need to initialize threading explicitly. The previous
+ segmentation faults resulted from the *global* param structure
+ being recreated and freed for every session. Many thanks to
+ Matthias Urlichs who helped debugging a lot and also packaged
+ GNUTLS 1.0.16 very quickly... Closes: #244827.
+ + debian/control: Add build dependency to libgcrypt11-dev (we're
+ initializing it directly now) and change libgnutls10-dev to
+ libgnutls11-dev.
+ + libraries/libldap/gnutls.c: in tls_gnutls_need_{dh,rsa}_params
+ (formerly ldap_gnutls_need_...), create temp files more securely,
+ doing unlink before opening and opening them with O_EXCL. This is
+ necessary because under Linux 2.6 all threads have the same PID.
+ Thanks to Andrew Suffield for pointing this out.
+ + debian/slapd.cron.daily: cron job to remove GNUTLS rsa_export and
+ dh param cache files every day.
+ + debian/slapd.README.Debian: add note that we use GNUTLS rather
+ than OpenSSL.
+
+ -- Roland Bauerschmidt <rb@debian.org> Mon, 26 Jul 2004 18:41:23 +0200
+
+openldap2 (2.1.30-2) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/slapd.scripts-common: add missing space before !
+ Closes: #251036, #253633, #257513.
+ * Torsten Landschoff <torsten@debian.org>
+ + Applied patch by Ralf Hack to support non-standard config file
+ location in /etc/default/slapd (closes: #229195).
+ + Applied patch to fix handling of abandoned commands
+ (closes: #254183). Thanks to Peter Marschall for submitting it.
+ + Applied patch to fix memory leak after search (closes: #254184).
+ Thanks again, Peter!
+ + Applied trivial patch to support logging to DAEMON facility
+ as well as LOCAL* (closes: #254186). Here you are, Peter ;)
+
+ -- Roland Bauerschmidt <rb@debian.org> Fri, 09 Jul 2004 15:56:06 +0200
+
+openldap2 (2.1.30-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/control: Have slapd conflict with libltdl3 version 1.5.4-1
+ as with that version loading of .so files is broken which breaks
+ slapd (closes: #249152).
+ + Applied patch to fix Perl backend (closes: #245347). Kudos
+ to Peter Marschall.
+ + debian/configure.options: Enable building of Perl backend.
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/slapd.templates: replace 'domain' with 'DNS domain name'
+ which is little more specific
+ + debian/slapd.config: check if the domain has a valid syntax to
+ prevent slapadd from failing. Closes: #235749.
+ + New upstream version with fix for NS-MTA-MD5 hash length
+ checking. Closes: #226583.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 24 May 2004 23:33:21 +0200
+
+openldap2 (2.1.29-2) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/rules: Revert change to install ldapadd as symlink.
+ Somehow, with that change, ldapadd didn't get installed at all.
+ Closes: #243537.
+
+ -- Roland Bauerschmidt <rb@debian.org> Tue, 13 Apr 2004 19:49:55 +0200
+
+openldap2 (2.1.29-1) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>
+ + libraries/gnutls.c: Generate and store RSA/DH parameters,
+ based off a patch by Petr Vandrovec (though changed alot).
+ Closes: #234639, #234593
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + Merged new upstream release.
+ + debian/slapd.prerm: add #DEBHELPER# token.
+ + debian/control: have slapd depend on debconf (>= 0.5) to ensure
+ it supports the seen flag.
+ + debian/rules: ldapadd is installed as a hardlink to ldapmodify;
+ use a symlink instead.
+ + debian/slapd.{scripts-common,postinst,preinst,config}: Add new
+ function read_slapd_conf that evaluates include statements.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 12 Apr 2004 15:27:55 +0200
+
+openldap2 (2.1.26-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + Merged new upstream release.
+ + debian/slapd.templates (slapd/purge_database): Set default value to
+ false.
+ + debian/slapd.config (manual_configuration_wanted): Don't exit
+ from the script directly if the user wants to configure
+ slapd manually (exit 0 -> return 0).
+ + Build-depend on libgnutls10-dev instead of libgnutls7-dev and
+ rebuild (closes: #233833).
+ + Move previous content of /var/lib/ldap away during creation of
+ an initial directory (closes: #228886, #233512).
+ + debian/slapd.postrm: Remove flag files in /var/lib/slapd on purge.
+ + Removed functionality (verbose error messages) from gnutls.c until
+ it compiled with libgnutls10-dev :-((
+ + debian/slapd.postinst: Overwrite existing /etc/ldap/slapd.conf (only
+ reached during initial installation/dpkg-reconfigure).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 23 Feb 2004 09:36:32 +0100
+
+openldap2 (2.1.25-1) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + New upstream version.
+ - Build against libdb4.2. Hopefully, this resolves the BDB
+ lock ups when configured improperly.
+ + debian/control: Have ldap-utils depend on the same version of
+ libldap2, and libldap2 conflict with ldap-utils (<= 2.1.23-1).
+ Closes: #216661.
+ + debian/slapd.{templates,config}: Check if there are slave
+ databases in slapd.conf lacking an updateref option, and warn
+ about it. Closes: #216797.
+ + debian/slapd.{templates,config,postinst,conf}: Ask which
+ database backend to use (BDB or LDBM).
+ + debian/slapd.README.Debian: cleanup
+ + servers/slapd/back-bdb/dbcache.c: Turn off subdatabases. This
+ is an incompatible database format change, but according to
+ Howard Chu "using them (subdatabases) is known to cause deadlocks
+ on multiprocessor machines, among other issues."
+ + debian/control: add Recommends: db4.2-util to slapd
+ + debian/control: add Recommends: libsasl2-modules to slapd and
+ ldap-utils. Closes: #224058.
+ + debian/slapd.{scripts-common,preinst,postinst}: Extended dump
+ and restore code to deal with different versions for different
+ backends.
+ + debian/control: Geez, centipede seems to have vanished a long
+ time ago. So don't claim it's included in the slapd package.
+ + debian/slapd.docs: created with servers/slapd/back-sql/
+ rdbms_depends. Closes: #225807.
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/move_files: Install slappasswd into ldap-utils instead
+ of slapd as it's useful without slapd as well (closes: #228705).
+ + debian/control: Make ldap-utils Replaces: slapd < 2.1.25 because
+ of that change.
+ + debian/control: Use libdb4.2-dev instead of libdb4.1-dev as a
+ number of problems seem to be related to DB 4.1.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 6 Feb 2004 20:48:22 +0100
+
+openldap2 (2.1.23-1) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + New upstream version.
+ + Applied fix for admin password breakage from Michael Beattie
+ <mjb@debian.org>. Closes: #214270.
+ + Added Dutch Debconf template translation by cobaco@linux.be.
+ Closes: #215373.
+ + Bumped Standards-Version (no changes needed).
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/move_files: Install slappasswd into ldap-utils instead
+ of slapd (closes: #228705).
+
+ -- Roland Bauerschmidt <rb@debian.org> Sat, 18 Oct 2003 19:56:54 +0200
+
+openldap2 (2.1.22-3) unstable; urgency=low
+
+ * Call perl -w to run debian/dh_installscripts-common. Closes: #214054.
+
+ -- Roland Bauerschmidt <rb@debian.org> Sat, 4 Oct 2003 14:22:11 +0200
+
+openldap2 (2.1.22-2) unstable; urgency=high
+
+ * Stephen Frost <sfrost@debian.org>
+ + servers/slapd/daemon.c: Apply patch from head for select handling.
+ + debian/rules: Fix build options to optimize correctly and to use
+ DEB_BUILD_OPTIONS (Policy, 10.1). Closes: #202306
+ + debian/slapd.conf: Add in ACL for root DSE explicitly.
+ + debian/slapd.init: Add --oknodo in stop_slurpd. Closes: #202592
+ + debian/rules: Need quotes around $(CFLAGS) on configure line.
+ + debian/slapd.init: Remove \'s before quotes around pidfile.
+ + debian/slapd.init: Add support for -h slapd flag. Closes: #201991
+ + debian/slapd.default: Add variable $SLAPD_SERVICES for slapd -h.
+ + libraries/libldap/tls.c: Apply patch from asuffield in #202741 to
+ fix subjectAltName usage. Closes: #202741
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + Fix invocation of "head" in maintainer scripts and replace usage of
+ [ foo -a bar ] by [ foo ] && [ bar ] (closes: #203292).
+ + debian/slapd.postrm: Small cleanup, only remove the directory, not
+ the backups, on purge.
+ + debian/rules: Don't run the upstream install target if we did not
+ rebuild the whole tree. Makes debugging maintainer script much more
+ tolerable.
+ + debian/slapd.config: Cleaned up and restructured for readability.
+ + debian/slapd.templates: Replaced the invalid_suffix template with
+ invalid_config which is more general and can be used for any
+ inconsistency in the initial configuration.
+ + debian/slapd.postinst: Rewritten to eliminate all that spaghetti.
+ Did not yet implement all old features again...
+ - Now the #DEBHELPER# part is always reached so that the daemon
+ will be restarted even if no automatic configuration is wanted
+ (closes: #204008).
+ + Fixed the undefined symbols in libldap_r.so.2 (closes: #195990).
+ | configure.in: Try -lpthread before -pthread to link the thread
+ library. libtool does not pass -pthread through, -lpthread seems
+ to work though.
+ | libraries/libldap_r/Makefile.in: Add $(LTHREAD_LIBS) to
+ UNIX_LINK_LIBS so that pthread is linked when creating a shared library
+ as well.
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + debian/configure.options: change --localstatedir=/var/lib to
+ --localstatedir=/var/run. Since localstatedir isn't used anywhere
+ in the code, except for the ldapi socket (and examples in the
+ manpages which are correct at the moment anyway), all this change
+ does should be changing the default location of the ldapi socket
+ from /var/lib/ldapi to /var/run/ldapi. Closes: #160965.
+ + libraries/libldap/tls.c: In get_ca_list, walk through CACERTDIR
+ manually if building against GNUTLS (since there is no equivalent
+ to SSL_add_dir_cert_subjects_to_stack). Closes: #205609.
+ + debian/slapd.preinst: create /var/backups/ldap/$oldver with
+ permissions 0700. Also change permissions for /var/backups/ldap
+ to 0700 if it already exists. Closes: #209019.
+ + Added Japanese translation of Debconf templates by Kenshi Muto
+ <kmuto@debian.org>. Closes: #210731.
+ + debian/slapd.{postinst,preinst,config}: Replaced duplicate
+ implementations of the same functions with one version and moved
+ those into debian/slapd.scripts-common which will be included by
+ debian/dh_installscripts-common.
+ + debian/slapd.preinst: before dumping the database, check if the
+ backend is supported
+ + debian/slapd.postinst:
+ - add -q to grep call for allow bind_v2
+ - readded pre-2.1 (woody) upgrade path (that is, dumping, fixing
+ and reimporting the database)
+
+ -- Roland Bauerschmidt <rb@debian.org> Fri, 3 Oct 2003 15:35:29 +0200
+
+openldap2 (2.1.22-1) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>:
+ + New upstream version (minor changes).
+ + debian/control: Change build-deps to autoconf2.13, Closes: #201482
+ + debian/rules: Add dh_compress -i for binary-indep.
+ + debian/slapd.postinst: Give variable for read (avoids bashism).
+ + configure/.in: Use upstream's version of back-meta/back-ldap fix.
+
+ -- Stephen Frost <sfrost@debian.org> Wed, 16 Jul 2003 08:42:23 -0400
+
+openldap2 (2.1.21-2) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>:
+ + debian/slapd.preinst: slapcat here if possible, if slapcat not
+ available then slapcat in postinst. Also remove old unused
+ function.
+ + debian/slapd.postinst: Check if slapcat in preinst worked and use
+ those results in preference. Also moved to using /var/backups/ldap.
+ + servers/slapd/daemon.c: Provide more information on socket/bind
+ failures. Patch submitted upstream. Closes: #94967.
+ + ./configure, ./configure.in: Fix check for back_ldap in back_meta.
+ back_ldap now included as module. back_ldap and back_meta appear
+ to load fine, though order may matter. Closes: #196995.
+ + debian/control: Add versioned Depends on perl, need recent version
+ for migration script.
+ + debian/slapd.{pre,post}inst: Allow for whitespace in postinst
+ before database definitions
+ + debian/control: Drop the libldap2-dev Depends that aren't actually
+ necessary.
+ + debian/slapd.preinst: Add create_sed_script to create the script to
+ deal with multi-line commands in slapd.conf. Modify things to use
+ sed script to preprocess slapd.conf before using it. Remove
+ support for whitespace preceeding commands.
+ + debian/slapd.postinst: Add create_sed_script here too and modify
+ everything to use it as necessary. Also change everything to
+ reference $SLAPD_CONF instead of /etc/ldap/slapd.conf everywhere.
+ Remove support for whitespace preceeding commands.
+ + debian/slapd.postinst: Removed all tabs. Changed all sed scripts
+ to used [:space:] instead of [space tab].
+ + debian/slapd.postinst: Removed debugging statements from ldap_v2
+ support handling code.
+ + debian/slapd.preinst: Changed to use mktemp for sed script.
+ + debian/slapd.postinst: Changed to use mktemp for sed script.
+ + debian/slapd.config: If no hostname set just use debian.org.
+ + contrib/ldapc++/config.{sub,guess}: Resync back to upstream, no
+ reason not to, we don't even build this stuff...
+ + debian/control: Change build-depends to libgnutls7-dev instead of
+ libssl-dev.
+ + debian/rules: Now run autoconf && autoheader to pick up on the
+ configure.in changes needed for GNU TLS.
+ + debian/copyright: Added Steve Langasek (SL) copyright statement.
+ + Patch from Steve Langasek for GNU TLS support, Closes: #198553
+ | include/ldap_pvt_gnutls.h: Added for GNU TLS
+ | configure.in: Now uses GNU TLS where available.
+ | servers/slapd/schema_init.c: Modified for GNU TLS- some functions
+ removed because GNU TLS layer does not support them yet.
+ | build/install-sh: Added for new autoconf.
+ | libraries/libldap/Makefile.in: Changed to compile GNU TLS portions.
+ | libraries/libldap/getdn.c: Stub function added, GNU TLS layer does
+ not support TLS certificates for authentication yet.
+ | libraries/libldap/tls.c: Now calls GNU TLS functions instead of
+ OpenSSL.
+ | libraries/libldap/gnutls.c: Added to support GNU TLS in place of
+ OpenSSL for TLS connections.
+ | libraries/libldap_r/Makefile.in: Changed to compile GNU TLS portions.
+ + debian/slapd.postinst: remove temp file if upgrading or doing a
+ reconfigure but the OLDSUFFIX and basedn match so that we do not
+ move an empty file overtop of slapd.conf. Closes: #190797.
+ + debian/slapd.init: Inform user when not starting slapd due to
+ no configuration file found. Deals with users who select to not
+ configure slapd during installation.
+ + debian/slapd.init: Removed cat <<-EOF and got rid of associated
+ tabs; best to not depend on tab vs. space distinction.
+ + debian/slapd.config: Change debconf question names to be fully
+ qualified in the $var from the for loop- organization is under
+ shared/ and domain is under slapd/, not both under slapd/.
+ + debian/slapd.postrm: Can not depend on debconf being around in
+ postrm so check before attempting to source it. Also protect
+ against failure from db_get.
+ + debian/slapd.postinst: Check for old directory and move it out
+ of the way if it exists on new configure or reconfigure.
+ + debian/slapd.postinst: Fix db_input's for error messages,
+ should be high priority and need to || true them.
+ + debian/slapd.postinst: Do not error exit once we've told the
+ user about the problem, if there was one, with slapcat/slapadd.
+ + debian/slapd.postinst: Make sure we get the organization before
+ we attempt to fix_ldif on old slapcat output. Default to unknown
+ if the organization is not set.
+ + debian/slapd.postinst: Be sure that slapd has been stopped before
+ attempting to fix and slapadd old slapcat.
+ + debian/slapd.postinst: Do not use --exec with s-s-d in postinst.
+ + debian/slapd.postinst: grep calls need to be || true'd when no
+ matching lines found is possible (this case is handled).
+ + debian/slapd.postinst: Be very sure slapd has stopped before
+ attempting to upgrade database.
+ + debian/slapd.preinst: Use either the pidfile or exec if pidfile
+ is not available when stopping. Do not put \"\" around pidfile.
+ Use $oldver instead of $2.
+ + debian/slapd.config: Reask questions on a reconfigure. Use the
+ same logic as slapd.postinst for when to ask questions regarding
+ the db. Be sure to db_go after db_input's.
+ + debian/slapd.templates: Fix allow_bind_v2 short description to
+ make more sense since the default is off.
+ + debian/slapd.preinst: Use perl instead of sed for handling conf.
+ + debian/slapd.postinst: Use perl instead of sed for handling conf,
+ use old sed method to insert \n's, user invoke-rc.d when slapd
+ needs to be stopped. Assume preinst shuts slapd down for upgrade.
+ + debian/slapd.postinst: Only stop slapd on reconfigure.
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + doc/man/man8/slapd.8: Refer to slapd.conf(5) for a description of
+ the debugging level (closes: #176980).
+ + debian/move_files: Kill of the static archives of our backend
+ modules as they are of absolutely no use.
+
+ * Steve Langasek <vorlon@debian.org>:
+ + debian/slapd.postinst: Add a new function, get_database_list, that
+ prints out the list of configured databases from slapd.conf
+ one row at a time. Move all of the upgrade handling into a
+ loop, and iterate through the configured databases. Since the
+ while loop is in fact a subshell, be sure to handle errors
+ correctly. We also have to look at the configured directory
+ for each database, instead of assuming /var/lib/ldap.
+ Closes: #190155, #190156.
+ + debian/slapd.preinst: Simplify the handling of error status: if
+ the slapcat fails, just remove the ldif file. Also, add the
+ suffix to the name of the output file, and add the
+ get_database_list function here as well.
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + debian/rules: call dh_makeshlibs with -plibldap2 rather than just
+ with libldap2
+ + debian/slapd.postinst: Add question about no configuration.
+ + debian/slapd.templates: Add template for no config question.
+ + debian/slapd.templates: Add template for invalid suffix.
+ + debian/slapd.config: Add no configuration option. Closes: #87986
+ + debian/slapd.config: Complain to the user on invalid domain/org.
+
+ -- Stephen Frost <sfrost@debian.org> Tue, 15 Jul 2003 12:37:05 -0400
+
+openldap2 (2.1.21-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + Merged new upstream release.
+
+ * Stephen Frost <sfrost@debian.org>:
+ + debian/control: Add libbind-dev and bind-dev to the conflicts for
+ slapd, the libs in them can end up being used even when not
+ compiled against causing getaddrinfo() to fail. Closes: #166777
+ + debian/copyright: Flush out the copyright file to include all found
+ copyrights and updates to those.
+ + debian/copyright: Add clarification of MA license
+ + debian/copyright: Add clarification of JC license
+ + debian/slapd.templates: More clearly inform users of important
+ config change. Closes: #194192.
+ + debian/control: Remove patch from build-depends (dpkg-dev depends on it)
+ + debian/fix_ldif: Correctly handle base64-encoded DNs. Closes: #197014.
+ + debian/slapd.templates: Added templates for asking about LDAPv2 support
+ and telling the user of slapcat/slapadd failures during upgrade.
+ + debian/slapd.postinst: Added support for adding LDAPv2 support
+ + debian/slapd.postinst: Modified to handle slapcat/slapadd failure.
+ In the event of an upgrade failure the database will be left untouched
+ and the user notified. Closes: #192431
+ + debian/slapd.postinst: Use ldif_dump_location in more places...
+ + debian/slapd.prerm: Check if upgrade failed and assume bad old init.d
+ script was used and attempt to shut down slapd with --oknodo in case
+ slapd isn't running. Closes: #193854. (Again)
+ + debian/slapd.conf: Add commented out allow line
+ + debian/rules: Tell dh_installinit to not touch slapd.prerm now.
+ + debian/slapd.postinst: Do a dry-run with slapadd first and check if
+ that worked or not. If it did not work then tell the user, otherwise
+ do a real slapadd which should work.
+ + debian/slapd.postinst: Make sure slapd is stopped before doing
+ slapadd/slapcat's and the like. (Note: The woody version does not
+ stop slapd). Closes: #189777.
+ + debian/slapd.postinst: Check if directories exist before attempting
+ to mkdir them. Closes: #189947
+ + debian/slapd.README.debian: Add note about runlevel issue.
+ Closes: #175736
+ + debian/move_files: Copy ldiftopasswd into /usr/share/slapd for users
+ to use, if they find it useful. Closes: #94963.
+ + debian/slapd.README.Debian: Added note about ldiftopasswd.
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + debian/slapd.postinst: fixed typos and check for the existence of
+ slapd.conf before reading it.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 19 Jun 2003 17:35:32 +0200
+
+openldap2 (2.1.17-3) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>:
+ + debian/slapd.init: Add --oknodo for stopping slapd. Closes: #192423, #193854.
+ + debian/slapd.init: Change START_SLURPD to SLURPD_START. Closes: #190724.
+ + debian/libldap2.shlibs: Bump to 2.1.17- 2.1.12 never hit the archive.
+ These should only be bumped when new symbols are added so we should
+ figure out a way to handle checking that.
+ + debian/slapd.dirs: Added /var/run/slapd for pidfile
+ + debian/slapd.conf: Moved pidfile to /var/run/slapd; Needed if running
+ non-root.
+ + debian/slapd.conf: Clean up config file, be more explicit about what
+ directives are 'general', 'backend', and 'database'. Moved and
+ commented out 'replogfile' since it is database specific, wasn't doing
+ anything where it was and use of it depends on slurpd usage.
+ I consider this solving #151511 since we don't ask if you want to use
+ replication anymore anyway. Closes: #151511
+ + debian/copy_slapd_dev_files: Added to copy the include files for
+ building slapd back-ends.
+ + debian/control: Add warning about libslapd2-dev
+ + debian/control: Add build-depend on po-debconf for dh_installdebconf
+ + debian/slapd.default: Add option for settings SLAPD_CONF file
+ + debian/slapd.init: Changed to use SLAPD_CONF, setting it to
+ /etc/ldap/slapd.conf if it is not specified. Closes: #91318
+ + debian/control: Added libslapd2-dev to control file. Closes: #192163.
+ + debian/rules: Added binary-indep to the binary: build line and flushed
+ it out to build the libslapd2-dev deb. Added -k to dh_clean since we're
+ building arch and indep debs now.
+ + Maintainer upload, acknowledge NMU. Closes: #98039.
+ + Add debian/po/fr.po from 194740. Closes: #194740
+ + Add space before ']' on line 113 of postinst. Closes: #194192, #194943
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/control: Enforce libldap2 to be the same version as slapd
+ as slapd (legitimately) uses internal functions of that library
+ (closes: #190164).
+ + debian/slapd.postinst: Fix the regexp for finding the database
+ definitions.
+
+ * Steve Langasek <vorlon@debian.org>:
+ + debian/slapd.preinst: don't use debconf or ldapsearch in the
+ preinst, as this is a policy violation (even if a previous
+ version was installed, it could've been removed-but-not-purged).
+ Closes: #189811, #195029.
+ + debian/slapd.{pre,post}inst: dump & fix up the directory in the
+ postinst, not in the preinst -- using slapcat/slapadd, not
+ ldapmodify. This ensures that the dump will succeed whenever the
+ database is present, rather than depending on access to an admin
+ dn. Closes: #190085.
+ + debian/fix_ldif, debian/move_files, debian/copyright: add Dave
+ Horsfall's dn-fixing script, to handle objectClass upgrading
+ + debian/slapd.postinst: Skip the duplicate prompting for the
+ organization name; we're guaranteed to always have one.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 6 Jun 2003 16:56:16 +0200
+
+openldap2 (2.1.17-2) unstable; urgency=low
+
+ * The who-says-slavery-is-dead upload.
+ * Steve Langasek <vorlon@debian.org>:
+ + debian/slapd.postinst: Fix the database regexp.
+ + debian/slapd.postinst: Only add moduleload lines *once* on upgrade
+ from 2.0. Wrap the backup code with a check for
+ /var/lib/slapd/upgrade_2.0, to guarantee idempotency.
+ Closes: #190401.
+ + debian/slapd.{config,templates,postinst}: On dpkg-reconfigure,
+ don't wipe out an existing config; only merge in any requested
+ changes. Also, prompt before wiping out the existing db.
+ Closes: #190799.
+ + debian/slapd.{postinst,examples},debian/rules: Move slapd.conf
+ from doc/slapd/examples to /usr/share/slapd, per policy.
+ + debian/slapd.postinst: make sure slapd.conf is always created
+ atomically.
+ + debian/slapd.postrm: If removing databases on package purge,
+ remove any database backups as well.
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/configure.options: Disable ACIs because they are still
+ experimental.
+ + debian/control: Change section and priority of libldap2-dev to
+ libdevel and extra respectively (dinstall message).
+ + debian/slapd.preinst: Only query the object classes of the root
+ dn if there was no error parsing the config.
+ + Update templates for po-debconf using the patch submitted by
+ Andre Luis Lopes (closes: #189933).
+ + Use [[:space:]] instead of [\t ] in sed invocations since the
+ latter does not seem to work (reported by Daniel Lutz).
+ + debian/control: Add Replaces: entry for openldapd since ldif.5.gz
+ was included in the potato package of that name (closes: #190660).
+ + debian/control: Tighten the build dependency on libtldl3-dev as
+ versions before 1.4.3 required the .la file for dynamic binding
+ (thanks to Josip Rodin for pointing this out).
+
+ -- Torsten Landschoff <torsten@debian.org> Sat, 19 Apr 2003 02:28:32 +0200
+
+openldap2 (2.1.17-1) unstable; urgency=low
+
+ * New upstream release.
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/slapd.init: Improve the error reporting. If nothing is output
+ by the failing command don't leave the user alone but print a hint
+ to look into the logfile etc.
+ + debian/control: Require at least version 2.1.3 of libsasl2-dev
+ as this is what the configure script checks for. Pointed out by
+ Norbert Tretkowski.
+ + debian/slapd.{pre,post}inst: Small cleanups, added some comments,
+ adapted for the removal of the .la files in slapd package.
+
+ -- Torsten Landschoff <torsten@debian.org> Sat, 19 Apr 2003 01:59:26 +0200
+
+openldap2.1 (2.1.16-1) unstable; urgency=low
+
+ * New upstream release.
+ + build/top.mk: Remove patch to omit "-static" at linking time. Upstream
+ now respects the --enable-shared flag used at configuration time.
+ + debian/slapd.postinst: Automagically add the module load directives
+ after upgrade as needed.
+ + debian/slapd.config:
+ - Only ask questions to create a new directory on fresh install.
+ - Ask wether the right modules should automatically be loaded in
+ slapd.conf.
+ + debian/slapd.templates: Add the templates for autoloading modules
+ and fixing the directory.
+ + debian/slapd.preinst: New script to support upgrading from 2.0.
+ The old prerm did not stop the daemon so we have to do it here.
+ Also a first attempt to fix broken LDAP directories not acceptable
+ to 2.1.
+ - Conditionally load debconf when upgrading as it only has to
+ be available in that case.
+ + debian/slapd.preinst: Dump database before upgrade.
+ + debian/slapd.postinst: Recreate database from dump after upgrade.
+ Move old database out of the way.
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/slapd.README.Debian: mention that backend database modules are
+ now compiled as shared objects
+
+ * Stephen Frost <sfrost@debian.org>
+ + debian/slapd.conf: Drop the '.la' file extension
+ + debian/move_files: Drop and rm the .la files, they aren't necessary.
+ + debian/slapd.README.Debian: Dropped the .la from the module_load line.
+ + servers/slapd/daemon.c: check slapd_srvurls is not NULL before
+ deref; included in upstream CVS.
+ + servers/slapd/back-*/init.c: Change the munged symbol names to
+ init_module, they do not need to be munged, and cause problems when
+ they are and not using .la files (which cause other problems)
+ + servers/slapd/module.c: Change to use lt_dlopenext() so we don't
+ need the .la files
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 26 Mar 2003 20:34:35 +0100
+
+openldap2.1 (2.1.12-1) experimental; urgency=low
+
+ * Initial release of OpenLDAP 2.1 packages. Closes: #167566, #178014.
+ - this includes support for the >= and <= operators. Closes: #159078.
+ - fixes various upstream bugs. Closes: #171008.
+
+ * Torsten Landschoff <torsten@debian.org>
+ - debian/check_config: Added script to check if OpenLDAP was configured
+ the way we want it.
+ - Don't build special TLS packages anymore - SSL is enabled in the
+ stock ldap library. Everything else will just give me more headaches.
+ - Build against libsasl2 instead of libsasl1. Closes: #176462.
+ - debian/control:
+ - Build-depend on debhelper 4.0 as debian/rules uses DH_COMPAT=4.
+ - Depend on coreutils | fileutils. Closes: #175704, #185676.
+ - Make libldap2 conflict with libldap2-tls which is obsolete now.
+ - debian/rules: Move the long list of configure options to a new
+ file debian/configure.options and read $(CONFIG) from that file.
+ - configure with --enable-aci. Closes: #101602.
+ - debian/slapd.init: Rewrite and add comments.
+ - Add support for running as non-root (closes: #111765, #157037).
+ - servers/slapd/main.c (main): Remove pid file on exit (closes: #162284).
+ - servers/slurpd/slurp.h: Change the default spool directory to
+ /var/spool/slurpd (avoids passing it via -t in init.d).
+ - servers/{slapd,slurpd}/Makefile.in: Install binaries into sbindir
+ instead of libexecdir.
+ - debian/control: Add Stephen Frost to the Uploaders field. Thanks
+ for your help, Stephen!
+ - contrib/ldapc++/config.{guess,sub}: Replaced with current files from
+ autotools-dev (lintian). Not actually neccessary since this part of
+ the package is not currently built but I think this is the best way
+ to shut up lintian :)
+ - build/mod.mk: Use -m 644 instead of -m 755 in installing shared
+ libraries. Shared libraries should not be marked as executable
+ (lintian).
+ - debian/libldap2.conffiles: Remove, since we are using version 4
+ of debhelper which tags everything in /etc as conffile by default.
+ - debian/rules: Change the mode of everything upstream installed into
+ /etc to 0644 as required by policy (lintian).
+ - debian/rules: Call dh_installdeb later in the binary target so that
+ the conffiles are already there for listing. Without this nothing in
+ /etc gets tagged as conffile... (lintian).
+ - debian/rules: Pass the start and stop priority of slapd to
+ dh_installinit in preparation for a postinst supported by debhelper.
+ - debian/rules: Call dh_installdirs again.
+ - Rewrite slapd.config, slapd.postinst, slapd.templates - a first try
+ in getting slapd to configure itself. Way to go.
+
+ * Roland Bauerschmidt <rb@debian.org>
+ - debian/control:
+ - build-depend on libdb4.1-dev instead of libdb4.0-dev
+ - conflict, replace, and provide libldap2-tls (libldap2)
+ - removed ldap-gateways binary package
+ - drop suggestion to obsolete openldap-guide. Closes: #171894, #146968.
+ - debian/rules:
+ - build with BDB backend
+ - run dh_installdeb
+ - only run dh_makeshlibs for libldap2
+ - debian/slapd.dirs: added to create /var/lib/ldap and /var/spool/slurpd
+ - debian/slapd.postinst:
+ - properly remove temporary files on errors. Closes: #160412.
+ - install init.d link if slapd.conf already exists. Closes: #159542.
+ - run db_stop even if package isn't configured for the first time. This
+ prevents hanging during upgrades.
+ - added debian/slapd.default and use it from debian/slapd.init.
+ Closes: #160964, #176832.
+ - added debian/slapd.README.Debian
+ - added versioned dependency on coreutils to make lintian quiet.
+ - added debian/slapd.postrm
+ - remove slapd.conf when package is purged
+ - remove /var/lib/ldap when slapd/purge_database is true
+ - remove /etc/ldap/schema if empty. Closes: #185173.
+ - debian/templates: added slapd/purge_database template
+ - build/top.mk: link against libcrypt before other SECURITY_LIBS
+ - debian/libldap2.shlibs: tighten dependencies. Closes: #181168.
+
+ * Stephen Frost <sfrost@debian.org>
+ - debian/control: added libltdl2-dev and libslp-dev to the build-depends
+ - Correct typo for back-sql init routine; already in OpenLDAP upstream
+ CVS
+ - Correct free of SASL interact results; already in OpenLDAP upstream CVS
+ - Duplicate the DN from SASL to ensure '\0' termination; already in
+ OpenLDAP upstream CVS
+ - debian/control: added Replaces: slapd (<< 2.1) for ldap-utils due to
+ ldif.5 move.
+ - Add modulepath /usr/lib/ldap to default slapd config
+ - Add moduleload back_bdb to default slapd config
+ - Changed libexecdir to ${prefix}/lib
+ - Add usr/lib/ldap to slapd portion of move_files
+ - Modified backend types to be built as modules for dynamic loading
+ - Fixed pt_BR translation
+
+ -- Roland Bauerschmidt <rb@debian.org> Sat, 15 Mar 2003 21:35:24 +0100
+
+openldap2 (2.0.27-3) unstable; urgency=high
+
+ * [SECURITY]: Apply the patch used by SuSE in SuSE-SA:2002:047
+ (or rather the parts of it not yet included upstream).
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 20 Dec 2002 04:47:15 +0100
+
+openldap2 (2.0.27-2) unstable; urgency=low
+
+ * debian/control: Make libldap2-dev depend on libssl-dev and
+ libsasl-dev, since those libs are pulled via the libldap.la file
+ (closes: #164791).
+ * debian/control: Add shlibs:Depends to libldap2-tls as well. Most
+ of those depends are pulled via libldap2 but of course libssl
+ is not among those. (closes: #169950).
+ * debian/libldap2-tls: Remove old divertions on "configure" and not
+ on "upgrade" - the latter is not really called.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 22 Nov 2002 00:35:29 +0100
+
+openldap2 (2.0.27-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 6 Nov 2002 01:12:06 +0100
+
+openldap2 (2.0.23-14) unstable; urgency=low
+
+ * debian/rules: Remove search paths from .la files using some perl
+ trickery (closes: #110479).
+ * debian/libldap2.README.debian: Document the NSS problem which stops /usr
+ from being unmounted cleanly when using libnss-ldap (for more info
+ see bug#159771).
+
+ * Started cleaning up the maintainer scripts:
+ - Remove creation of the /usr/doc symlinks (lintian).
+ - Don't run ldconfig in prerm scripts (lintian).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 Sep 2002 12:10:05 +0200
+
+openldap2 (2.0.23-13) unstable; urgency=low
+
+ * As Ashley Clark found out the preinst of libldap-tls fails for a new
+ install. My fault - I did not check that (removing ldap is cumbersome
+ if you are using it... :) and the scripts were only checked without
+ "set -e" in effect.
+ + debian/libldap2-tls.preinst: Apply Ashley's patch (thanks a lot,
+ Ashley. closes: #162123).
+ + Coincidently the other installation scripts seem to be okay, the
+ failing command is in the middle of a pipe and therefore ignored.
+
+ -- Torsten Landschoff <torsten@debian.org> Tue, 24 Sep 2002 12:56:18 +0200
+
+openldap2 (2.0.23-12) unstable; urgency=low
+
+ * Apply the patch from upstream ITS#2012 to support MD5 hashes. Problem
+ is that OpenSSL comes with its own version of the crypt() function
+ which is linked in instead of the system's version from libcrypt.
+ The patch changes the link order so that slapd takes the system's
+ implementation.
+ * debian/rules: Pass --enable-crypt-first to configure to enable the
+ patch (closes: #160763).
+ * Fix the diversion handling of libldap2-tls:
+ - preinst: Only install diversions that are not there.
+ - postrm: Remove this package's diversions.
+ - postinst: Remove obsolete diversions after upgrade.
+ - Removal of diversions is done in reverted order of the installation.
+
+ * Enable DNSSRV support as requested by Turbo. No Kerberos for now, sorry.
+ * debian/control: Updates Standards-Version to 3.5.7 and fix running
+ of ldconfig in maintainer scripts.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 23 Sep 2002 12:18:40 +0200
+
+openldap2 (2.0.23-11) unstable; urgency=low
+
+ * debian/rules: Build with --with-tls (closes: #80591, #155937).
+ * debian/control:
+ + Add build dependency on libssl-dev.
+ + Specify Roland Bauerschmidt as co maintainer.
+ * Added the trickery to have libldap2 without TLS and libldap2-tls
+ with the TLS stuff. Otherwise we have to change the base system,
+ and god knows how long that would take.
+
+ Most of the changes done by Roland Bauerschmidt. We now build the
+ source two times - with and without ssl. We mostly use the ssl enabled
+ stuff with the exception of a libldap2 package which does not have
+ support for that. If you need TLS support you have to install
+ libldap2-tls, which diverts the libraries from libldap2 out of the
+ way and replaces them with the TLS enabled version.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 29 Aug 2002 13:35:39 +0200
+
+openldap2 (2.0.23-10) unstable; urgency=low
+
+ * debian/control: Build depend on libdb4.0-dev instead of libdb3-dev.
+ This should fix the index corruption problems (closes: #152959).
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 18 Aug 2002 19:47:02 +0200
+
+openldap2 (2.0.23-9) unstable; urgency=low
+
+ * debian/slapd.init: Wait for the daemons to actually terminate for
+ the stop action (which is used for restart) and trap all errors
+ (closes: #148033).
+ * debian/rules: Build with -D_FILE_OFFSET_BITS=64 to support files
+ bigger than 2GB on all architectures (closes: #155197). As off_t is
+ about never used in the source that should not create any problems.
+ * debian/control: Make libldap2-dev depend on libsasl-dev
+ (closes: #135223, #96957).
+ * doc/man/man1/ldapmodify.1: Fix typo (closes: #105905).
+ * debian/rules: Create symlinks for some manpages (closes: #99547).
+ * Fix spelling error in description of ldap-gateways (closes: #124859).
+ * debian/copyright: Include the full content of the LICENSE file
+ (closes: #151222).
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 8 Aug 2002 15:54:46 +0200
+
+openldap2 (2.0.23-8) unstable; urgency=low
+
+ * New maintainer.
+ * debian/control: Build-Conflict with libbind-dev to use the right
+ resolver library everywhere (closes: #112459). Of course, the
+ real solution must be to fix the configure script to not detect
+ libbind-dev and use the right resolver all the time. But a work around
+ is better than nothing I would say...
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 7 Aug 2002 14:53:39 +0200
+
+openldap2 (2.0.23-7) unstable; urgency=low
+
+ * Add Brazilian translation for debconf templates. Closes: Bug#114021
+ * Fix hostless LDAP URLs, patch from Lamont Jones. Closes: Bug#140387
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sat, 4 May 2002 20:05:32 +0200
+
+openldap2 (2.0.23-6) unstable; urgency=high
+
+ * Make slapd.config idempotent, so that calling it once (during
+ preconfiguration) and again (during postinst) doesn't break things.
+ Patch from Anthony Towns. Closes: Bug#137552).
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 14 Apr 2002 19:10:50 +0200
+
+openldap2 (2.0.23-5) unstable; urgency=high
+
+ * Fix slurpd invocation in slapd.init. Closes: Bug#141959
+ * Ask for admin DN when using LDIF initialization as well.
+ Lets hope this finally Closes: Bug#137552
+ * Merge German translation for debconf templates. Closes: Bug#141712
+ * Add Build-Depends on debconf-utils since we use debconf-mergetemplate
+ * Remove bogus error from slapd.init. Closes: Bug#137718
+
+ -- Wichert Akkerman <wakkerma@debian.org> Tue, 9 Apr 2002 14:49:27 +0200
+
+openldap2 (2.0.23-4) unstable; urgency=high
+
+ * Only show already-configured note on initial installs. Closes: Bug#137100
+ * Supply -t option to slurpd when starting it, not when stopping it.
+ Closes: Bug#136240
+ * Use db_input instead of db_get for notes in the slapd postinst.
+ * Only fetch password from debconf when not using ldif initialization.
+ Closes: Bug#138558,#137552
+ * Check if slapd.conf exists in slapd postinst. Closes: Bug#138136
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sat, 6 Apr 2002 23:02:42 +0200
+
+openldap2 (2.0.23-3) unstable; urgency=high
+
+ * If can not get a password for the admin entry when installing slapd
+ generate one randomly. Closes: Bug#134774
+ * Bump shlibs dependency to 2.0.23
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 21 Feb 2002 23:23:57 +0100
+
+openldap2 (2.0.23-2) unstable; urgency=high
+
+ * Create /var/spool/slurpd and tell slurpd to use that as temporary
+ directory. Closes: Bug#134564
+ * Improve debconf prompts a bit. Closes: Bug#134945
+ * Properly set default value for domain
+ * Clear crypted password from debconf after creating the LDAP directory
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 17 Feb 2002 16:07:18 +0100
+
+openldap2 (2.0.23-1) unstable; urgency=high
+
+ * Upstream updated config.{guess,sub} so we are back to zero patches
+ again.
+ * Apply fix from Klaus Duscher for the missing password problem: the
+ config script did not check if it was run twice without slapd.conf
+ being generated in between and would abort with a missing password
+ error. Closes: Bug#132566
+ * Change slapd priority for boot sequence to start earlier and stop
+ later so people can use LDAP for NSS purposes. Closes: Bug#130277
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 17 Feb 2002 16:07:18 +0100
+
+openldap2 (2.0.22-2) unstable; urgency=low
+
+ * Update config.{guess,sub} again. Closes: Bug#131469
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 7 Feb 2002 22:33:01 +0100
+
+openldap2 (2.0.22-1) unstable; urgency=low
+
+ * New upstream version
+ * Build properly as non-native package
+
+ -- Wichert Akkerman <wakkerma@debian.org> Wed, 6 Feb 2002 00:17:20 +0100
+
+openldap2 (2.0.21-3) unstable; urgency=high
+
+ * Add logic to config and postinst to configure replication as well
+ * Don't fail in slapd postinst if we can't stop slapd. Closes: Bug#131617
+ * Change localstatedir to /var/lib
+ * Remove /var/lib/ldap when purging slapd
+ * Don't remove user-supplied ldif file after creating the directory
+ * Set default replogfile
+ * Fix typo in severity for no_password note
+ * Encrypt admin password and remove it from the debconf database
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 31 Jan 2002 17:03:36 +0100
+
+openldap2 (2.0.21-2) unstable; urgency=medium
+
+ * Update config.{guess,sub} and forwarded upstream (ITS#1567).
+ Closes: Bug#131469
+ * Remove -x from slapd postinst. Closes: Bug#131502
+
+ -- Wichert Akkerman <wakkerma@debian.org> Wed, 30 Jan 2002 10:53:45 +0100
+
+openldap2 (2.0.21-1) unstable; urgency=high
+
+ * New upstream version,
+ * Update copyright
+ * Update config.guess and config.sub
+ * Redone packaging, no more dbs or debhelper
+ * Drop all patches, they are either unnecessary or alternatives have
+ been made upstream
+
+ -- Wichert Akkerman <wakkerma@debian.org> Tue, 29 Jan 2002 17:04:10 +0100
+
+openldap2 (2.0.14-1) unstable; urgency=high
+
+ * New upstream version, which includes a billion second bug.
+ Closes: Bug#111833
+ * Drop 005_libldbm_dbopen, upgrading the database in place no longer works
+ with the new db-env code.
+ * Redo 008_porting_maxpathlen
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sat, 15 Sep 2001 13:39:46 +0200
+
+openldap2 (2.0.11-2) unstable; urgency=low
+
+ * Test if /etc/init.d/slapd is executable when purging slapd.
+ Closes: Bug#100938
+ * Update 008_porting_maxpathlen. Closes: Bug#100584
+ * Don't use four11 as referral example anymore. Closes: Bug#99998
+ * Fix synopsis of slapindex manpage. Added to 002_man_fixes.
+ Closes: Bug#98805
+ * Removed stray backup file from 002_man_fixes
+
+ -- Wichert Akkerman <wakkerma@debian.org> Tue, 19 Jun 2001 01:01:17 +0200
+
+openldap2 (2.0.11-1) unstable; urgency=low
+
+ * New upstream version
+ * Add autoconf to Build-Depends. Closes: Bug#99440
+ * Fix new db upgrade patch. Closes: Bug#98853
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 3 Jun 2001 00:25:47 +0200
+
+openldap2 (2.0.10-2) unstable; urgency=low
+
+ * Tighten shlibs dependency to >= 2.0.1-1. Closes: Bug#98683
+
+ -- Wichert Akkerman <wakkerma@debian.org> Fri, 25 May 2001 16:32:35 +0200
+
+openldap2 (2.0.10-1) unstable; urgency=low
+
+ * New upstream version
+ * New maintainer
+ * Remove useless LINE_WIDTH bit from patch 000_clients
+ * Patch 004_ssl_fix has been merged upstream, removed
+ * Redo 005_db3_upgrade
+ * Rediff all other patches
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 24 May 2001 14:56:02 +0200
+
+openldap2 (2.0.7-6) unstable; urgency=low
+
+ * Make sure autoconf is run if configure.in is changed (for Hurd patch),
+ closes: #96145
+ * Fix slapd.postinst in the case of using an ldif file, closes: #95600
+ * Use a var for slapd.conf in slapd init script. Partially fixes bug
+ 91318.
+ * Fixed hurd patch for strrchr in replog.c, closes: #93605
+
+ -- Ben Collins <bcollins@debian.org> Mon, 7 May 2001 23:00:27 -0400
+
+openldap2 (2.0.7-5) unstable; urgency=low
+
+ * Fixed db3 upgrade code, closes: #92331, #92916
+ * m68k should compile fine with db3 now, closes: #90165
+ * Included provided patch for Hurd compilation, closes: #88079
+
+ -- Ben Collins <bcollins@debian.org> Wed, 4 Apr 2001 17:46:47 -0400
+
+openldap2 (2.0.7-4) unstable; urgency=low
+
+ * slapd.conf is no longer a conffile, and not provided by the package.
+ Instead, it is only generated. closes: #81359
+ * Fixed by previous upload, closes: #71852, #78950, #82491
+ * Actually install the netscape schema, closes: #90323
+ * Add comment to README.Debian about being compiled with libwrap,
+ closes: #84954
+ * Provide example sasl config file, closes: #90855
+ * Conflict replace openldap-utils (ldap-utils), and libopenldap-dev
+ (libldap2-dev), closes: #71471
+ * Revert to using some code to upgrade previous db's. Remove slapd's dep
+ on db3-util, and remove postinst code that upgrades the db's.
+
+ -- Ben Collins <bcollins@debian.org> Sat, 24 Mar 2001 21:59:20 -0500
+
+openldap2 (2.0.7-3) unstable; urgency=low
+
+ * netscape-profile.schema: new schema for old roaming support
+ * 004_ssl_fix.diff: Fix for SSL support (not compiled in, but some
+ people use it).
+ * slapd.config: FINALLY fix the "dc=" base bug.
+ * Build-Depend on libdb3-dev now that it is available.
+ * Now that we use db3, make sure we upgrade existing databases to the
+ db3 format with db3_upgrade.
+
+ -- Ben Collins <bcollins@debian.org> Sun, 11 Mar 2001 23:36:34 -0500
+
+openldap2 (2.0.7-2) unstable; urgency=low
+
+ * slapd.postinst: fix debhelper wraper so it gets the right @argv,
+ closes: #71854
+ * sendmail appears to be compiled against glibc2.2/libdb2 now,
+ closes: #71602
+ * %strace ldapsearch cn=admin | & grep /etc | grep ldap
+ open("/etc/ldap/ldap.conf", O_RDONLY) = 3
+ closes: #71716
+ * ldap_first_attribute.3: s/ber_free(3)/ber_free/. closes: #76719
+ * init.d/slapd: fix reference to pidfile, and also remove the pidfile
+ after killing the daemon, closes: #77633, #77635
+ * Fix fgets buffer size thinko in slurpd. closes: #78003
+ * slapd.8: s/ldap.h/slapd.conf(5)/. closes: #80457
+
+ -- Ben Collins <bcollins@debian.org> Sun, 31 Dec 2000 00:02:46 -0500
+
+openldap2 (2.0.7-1) unstable; urgency=low
+
+ * New upstream
+ * Removed hack for shlibs now that dpkg 1.7 is available, added dpkg-dev
+ 1.7.1 to build-depends.
+ * start using DH_COMPAT=2
+
+ -- Ben Collins <bcollins@debian.org> Fri, 10 Nov 2000 18:53:25 -0500
+
+openldap2 (2.0.2-2) unstable; urgency=low
+
+ * Recompile against libdb2/glibc 2.1.94/sasl
+
+ -- Ben Collins <bcollins@debian.org> Wed, 27 Sep 2000 11:31:59 -0400
+
+openldap2 (2.0.2-1) unstable; urgency=low
+
+ * New upstream version, includes some patches from me that fix some
+ stability issues
+ * debian/control:Build-Depends: change libwrap-dev to libwrap0-dev for
+ clarity, closes: #71366
+ * debian/rules: make sure mail500 docs do not get installed under bogus
+ subdirs, closes: #71473
+ * debian/README.build,debian/scripts/dbs-build.mk: Fix and document
+ build system better, closes: #71584
+ * debian/local/slapd.conf: Setup default ACL's to work with openldap2
+ correctly, closes: #71127, #71131
+ * debian/README: document how to access OpenLDAP 1 servers via
+ ldap-utils, closes: #71469
+ * debian/rules:CFLAGS: add -I/usr/include/db2 to make sure we get the
+ right <db.h> header, closes: #71470
+ * I cannot reproduce this. In debian/rules I have done exactly what is
+ needed to keep it from happening, and sparc, i386 and powerpc builds
+ do not show it, closes: #71472
+
+ -- Ben Collins <bcollins@debian.org> Wed, 13 Sep 2000 22:32:35 -0400
+
+openldap2 (2.0.1-2) unstable; urgency=low
+
+ * Fixed up depend for libldap2 on itself
+
+ -- Ben Collins <bcollins@debian.org> Wed, 6 Sep 2000 13:24:06 -0400
+
+openldap2 (2.0.1-1) unstable; urgency=low
+
+ * New upstream version
+ * Added libsasl-dev to build-deps, closes: #70923
+
+ -- Ben Collins <bcollins@debian.org> Tue, 5 Sep 2000 06:49:05 -0400
+
+openldap2 (2.0-1) unstable; urgency=low
+
+ * Initial release of OpenLDAP 2 test code
+
+ -- Ben Collins <bcollins@debian.org> Tue, 29 Aug 2000 14:28:39 -0400
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 0000000..42e651c
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1,2 @@
+debian/libldap-2.4-2.links
+debian/libldap2-dev.links
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..f599e28
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/debian/configure.options b/debian/configure.options
new file mode 100644
index 0000000..08a55e0
--- /dev/null
+++ b/debian/configure.options
@@ -0,0 +1,204 @@
+#`configure' configures this package to adapt to many kinds of systems.
+#
+#Usage: ./configure [OPTION]... [VAR=VALUE]...
+#
+#To assign environment variables (e.g., CC, CFLAGS...), specify them as
+#VAR=VALUE. See below for descriptions of some of the useful variables.
+#
+#Defaults for the options are specified in brackets.
+#
+#Configuration:
+# -h, --help display this help and exit
+# --help=short display options specific to this package
+# --help=recursive display the short help of all the included packages
+# -V, --version display version information and exit
+# -q, --quiet, --silent do not print `checking...' messages
+# --cache-file=FILE cache test results in FILE [disabled]
+# -C, --config-cache alias for `--cache-file=config.cache'
+# -n, --no-create do not create output files
+# --srcdir=DIR find the sources in DIR [configure dir or `..']
+#
+#Installation directories:
+# --prefix=PREFIX install architecture-independent files in PREFIX
+# [/usr/local]
+--prefix=/usr
+# --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+# [PREFIX]
+#
+#By default, `make install' will install all the files in
+#`/usr/local/bin', `/usr/local/lib' etc. You can specify
+#an installation prefix other than `/usr/local' using `--prefix',
+#for instance `--prefix=$HOME'.
+#
+#For better control, use the options below.
+#
+#Fine tuning of the installation directories:
+# --bindir=DIR user executables [EPREFIX/bin]
+# --sbindir=DIR system admin executables [EPREFIX/sbin]
+# --libexecdir=DIR program executables [EPREFIX/libexec]
+--libexecdir='${prefix}/lib'
+# --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+--sysconfdir=/etc
+# --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+# --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+--localstatedir=/var
+# --libdir=DIR object code libraries [EPREFIX/lib]
+# --includedir=DIR C header files [PREFIX/include]
+# --oldincludedir=DIR C header files for non-gcc [/usr/include]
+# --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+# --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+# --infodir=DIR info documentation [DATAROOTDIR/info]
+# --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+# --mandir=DIR man documentation [DATAROOTDIR/man]
+--mandir='${prefix}/share/man'
+# --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
+# --htmldir=DIR html documentation [DOCDIR]
+# --dvidir=DIR dvi documentation [DOCDIR]
+# --pdfdir=DIR pdf documentation [DOCDIR]
+# --psdir=DIR ps documentation [DOCDIR]
+#
+#Program names:
+# --program-prefix=PREFIX prepend PREFIX to installed program names
+# --program-suffix=SUFFIX append SUFFIX to installed program names
+# --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+#
+#System types:
+# --build=BUILD configure for building on BUILD [guessed]
+# --host=HOST cross-compile to build programs to run on HOST [BUILD]
+# --target=TARGET configure for building compilers for TARGET [HOST]
+#
+#Optional Features:
+# --disable-option-checking ignore unrecognized --enable/--with options
+# --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+# --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+# --enable-debug enable debugging no|yes|traditional [yes]
+--enable-debug
+# --enable-dynamic enable linking built binaries with dynamic libs [no]
+--enable-dynamic
+# --enable-syslog enable syslog support [auto]
+--enable-syslog
+# --enable-proctitle enable proctitle support [yes]
+--enable-proctitle
+# --enable-ipv6 enable IPv6 support [auto]
+--enable-ipv6
+# --enable-local enable AF_LOCAL (AF_UNIX) socket support [auto]
+--enable-local
+#
+#SLAPD (Standalone LDAP Daemon) Options:
+# --enable-slapd enable building slapd [yes]
+--enable-slapd
+# --enable-dynacl enable run-time loadable ACL support (experimental) [no]
+--enable-dynacl
+# --enable-aci enable per-object ACIs (experimental) no|yes|mod [no]
+--enable-aci
+# --enable-cleartext enable cleartext passwords [yes]
+--enable-cleartext
+# --enable-crypt enable crypt(3) passwords [no]
+--enable-crypt
+# --enable-lmpasswd enable LAN Manager passwords [no]
+--disable-lmpasswd
+# --enable-spasswd enable (Cyrus) SASL password verification [no]
+--enable-spasswd
+# --enable-modules enable dynamic module support [no]
+--enable-modules
+# --enable-rewrite enable DN rewriting in back-ldap and rwm overlay [auto]
+--enable-rewrite
+# --enable-rlookups enable reverse lookups of client hostnames [no]
+--enable-rlookups
+# --enable-slapi enable SLAPI support (experimental) [no]
+--enable-slapi
+# --enable-slp enable SLPv2 support [no]
+--disable-slp
+# --enable-wrappers enable tcp wrapper support [no]
+--enable-wrappers
+#
+#SLAPD Backend Options:
+# --enable-backends enable all available backends no|yes|mod
+--enable-backends=mod
+# --enable-bdb enable Berkeley DB backend no|yes|mod [yes]
+# --enable-dnssrv enable dnssrv backend no|yes|mod [no]
+# --enable-hdb enable Hierarchical DB backend no|yes|mod [yes]
+# --enable-ldap enable ldap backend no|yes|mod [no]
+# --enable-mdb enable mdb database backend no|yes|mod [yes]
+# --enable-meta enable metadirectory backend no|yes|mod [no]
+# --enable-monitor enable monitor backend no|yes|mod [yes]
+# --enable-ndb enable MySQL NDB Cluster backend no|yes|mod [no]
+--disable-ndb
+# --enable-null enable null backend no|yes|mod [no]
+# --enable-passwd enable passwd backend no|yes|mod [no]
+# --enable-perl enable perl backend no|yes|mod [no]
+# --enable-relay enable relay backend no|yes|mod [yes]
+# --enable-shell enable shell backend no|yes|mod [no]
+# --enable-sock enable sock backend no|yes|mod [no]
+# --enable-sql enable sql backend no|yes|mod [no]
+#
+#SLAPD Overlay Options:
+# --enable-overlays enable all available overlays no|yes|mod
+--enable-overlays=mod
+# --enable-accesslog In-Directory Access Logging overlay no|yes|mod [no]
+# --enable-auditlog Audit Logging overlay no|yes|mod [no]
+# --enable-collect Collect overlay no|yes|mod [no]
+# --enable-constraint Attribute Constraint overlay no|yes|mod [no]
+# --enable-dds Dynamic Directory Services overlay no|yes|mod [no]
+# --enable-deref Dereference overlay no|yes|mod [no]
+# --enable-dyngroup Dynamic Group overlay no|yes|mod [no]
+# --enable-dynlist Dynamic List overlay no|yes|mod [no]
+# --enable-memberof Reverse Group Membership overlay no|yes|mod [no]
+# --enable-ppolicy Password Policy overlay no|yes|mod [no]
+# --enable-proxycache Proxy Cache overlay no|yes|mod [no]
+# --enable-refint Referential Integrity overlay no|yes|mod [no]
+# --enable-retcode Return Code testing overlay no|yes|mod [no]
+# --enable-rwm Rewrite/Remap overlay no|yes|mod [no]
+# --enable-seqmod Sequential Modify overlay no|yes|mod [no]
+# --enable-sssvlv ServerSideSort/VLV overlay no|yes|mod [no]
+# --enable-syncprov Syncrepl Provider overlay no|yes|mod [yes]
+# --enable-translucent Translucent Proxy overlay no|yes|mod [no]
+# --enable-unique Attribute Uniqueness overlay no|yes|mod [no]
+# --enable-valsort Value Sorting overlay no|yes|mod [no]
+#
+#Library Generation & Linking Options
+# --enable-static[=PKGS] build static libraries [default=yes]
+# --enable-shared[=PKGS] build shared libraries [default=yes]
+# --enable-fast-install[=PKGS]
+# optimize for fast installation [default=yes]
+# --disable-dependency-tracking speeds up one-time build
+# --enable-dependency-tracking do not reject slow dependency extractors
+# --disable-libtool-lock avoid locking (might break parallel builds)
+#
+#Optional Packages:
+# --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+# --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+# --with-subdir=DIR change default subdirectory used for installs
+--with-subdir=ldap
+# --with-cyrus-sasl with Cyrus SASL support [auto]
+--with-cyrus-sasl
+# --with-fetch with fetch(3) URL support [auto]
+# --with-threads with threads [auto]
+--with-threads
+# --with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]
+--with-tls=gnutls
+# --with-yielding-select with implicitly yielding select [auto]
+# --with-mp with multiple precision statistics auto|longlong|long|bignum|gmp [auto]
+# --with-odbc with specific ODBC support iodbc|unixodbc|odbc32|auto [auto]
+--with-odbc=unixodbc
+# --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+# --with-pic try to use only PIC/non-PIC objects [default=use
+# both]
+# --with-tags[=TAGS] include additional configurations [automatic]
+#
+#See INSTALL file for further details.
+#
+#Some influential environment variables:
+# CC C compiler command
+# CFLAGS C compiler flags
+# LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+# nonstandard directory <lib dir>
+# LIBS libraries to pass to the linker, e.g. -l<library>
+# CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+# you have headers in a nonstandard directory <include dir>
+# CPP C preprocessor
+#
+#Use these variables to override the choices made by `configure' or to help
+#it to find libraries and programs with nonstandard names/locations.
+#
+#Report bugs to the package provider.
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..b1784eb
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,125 @@
+Source: openldap
+Section: net
+Priority: optional
+Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
+Uploaders: Steve Langasek <vorlon@debian.org>,
+ Torsten Landschoff <torsten@debian.org>,
+ Ryan Tandy <ryan@nardis.ca>
+Build-Depends: debhelper (>= 10),
+ dpkg-dev (>= 1.17.14),
+ groff-base,
+ heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!stage1>,
+ libdb5.3-dev <!stage1>,
+ libgnutls28-dev,
+ libltdl-dev <!stage1>,
+ libperl-dev (>= 5.8.0) <!stage1>,
+ libsasl2-dev,
+ libwrap0-dev <!stage1>,
+ nettle-dev <!stage1>,
+ perl:any,
+ po-debconf,
+ unixodbc-dev <!stage1>
+Build-Conflicts: libbind-dev, bind-dev, libicu-dev, autoconf2.13
+Standards-Version: 4.3.0
+Homepage: http://www.openldap.org/
+Vcs-Git: https://salsa.debian.org/openldap-team/openldap.git
+Vcs-Browser: https://salsa.debian.org/openldap-team/openldap
+
+Package: slapd
+Architecture: any
+Build-Profiles: <!stage1>
+Pre-Depends: debconf (>= 0.5) | debconf-2.0, ${misc:Pre-Depends}
+Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}),
+ coreutils (>= 4.5.1-1), psmisc, perl (>> 5.8.0) | libmime-base64-perl,
+ adduser, lsb-base (>= 3.2-13), ${misc:Depends}
+Recommends: libsasl2-modules
+Suggests: ldap-utils,
+ libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
+Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
+Replaces: libldap2, ldap-utils (<< 2.2.23-3)
+Provides: ldap-server, ${slapd:Provides}
+Description: OpenLDAP server (slapd)
+ This is the OpenLDAP (Lightweight Directory Access Protocol) server
+ (slapd). The server can be used to provide a standalone directory
+ service.
+
+Package: slapd-contrib
+Architecture: any
+Build-Profiles: <!stage1>
+Depends: slapd (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Provides: slapd-smbk5pwd
+Breaks: slapd-smbk5pwd (<< 2.4.47+dfsg-2~)
+Replaces: slapd-smbk5pwd (<< 2.4.47+dfsg-2~)
+Description: contributed plugins for OpenLDAP slapd
+ This package contains a number of slapd overlays and plugins contributed by
+ the OpenLDAP community. While distributed as part of OpenLDAP Software, they
+ are not necessarily supported by the OpenLDAP Project.
+
+Package: slapd-smbk5pwd
+Architecture: all
+Section: oldlibs
+Build-Profiles: <!stage1>
+Depends: slapd-contrib, ${misc:Depends}
+Breaks: slapd (<< 2.4.47+dfsg-2~)
+Description: transitional package for slapd-contrib
+ This is a transitional package from slapd-smbk5pwd to slapd-contrib. It can be
+ safely removed.
+
+Package: ldap-utils
+Architecture: any
+Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}), ${misc:Depends}
+Recommends: libsasl2-modules
+Suggests: libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
+Conflicts: umich-ldap-utils, openldap-utils, ldap-client
+Replaces: openldap-utils, slapd (<< 2.2.23-0.pre6), openldapd
+Provides: ldap-client, openldap-utils
+Description: OpenLDAP utilities
+ This package provides utilities from the OpenLDAP (Lightweight
+ Directory Access Protocol) package. These utilities can access a
+ local or remote LDAP server and contain all the client programs
+ required to access LDAP servers.
+
+Package: libldap-2.4-2
+Section: libs
+Architecture: any
+Multi-Arch: same
+Conflicts: ldap-utils (<= 2.1.23-1)
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, libldap-common
+Replaces: libldap2, libldap-2.3-0
+Description: OpenLDAP libraries
+ These are the run-time libraries for the OpenLDAP (Lightweight Directory
+ Access Protocol) servers and clients.
+
+Package: libldap-common
+Section: libs
+Architecture: all
+Multi-Arch: foreign
+Depends: ${misc:Depends}
+Replaces: libldap-2.4-2 (<< 2.4.44+dfsg-1)
+Description: OpenLDAP common files for libraries
+ These are common files for the run-time libraries for the OpenLDAP
+ (Lightweight Directory Access Protocol) servers and clients.
+
+Package: libldap2-dev
+Section: libdevel
+Architecture: any
+Multi-Arch: same
+Conflicts: libldap-dev, libopenldap-dev
+Replaces: libopenldap-dev
+Provides: libldap-dev
+Depends: libldap-2.4-2 (= ${binary:Version}), ${misc:Depends}
+Description: OpenLDAP development libraries
+ This package allows development of LDAP applications using the OpenLDAP
+ libraries. It includes headers, libraries and links to allow static and
+ dynamic linking.
+
+Package: slapi-dev
+Section: libdevel
+Architecture: any
+Build-Profiles: <!stage1>
+Depends: slapd (= ${binary:Version}), ${misc:Depends}
+Description: development libraries for OpenLDAP SLAPI plugin interface
+ This package allows development of plugins for the OpenLDAP slapd server
+ using the SLAPI interface. It includes the headers and libraries needed
+ to build such plugins.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..b52383e
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,466 @@
+This package was downloaded from:
+
+ <http://www.openldap.org/>
+
+The upstream distribution has been repackaged to remove the RFCs and
+Internet-Drafts included in the upstream distribution, since the Internet
+Society license does not meet the Debian Free Software Guidelines. The
+schema files that contain verbatim text from RFCs or Internet-Drafts have
+similarly been removed and are replaced during the package build with
+versions stripped of the literal RFC or Internet-Draft text.
+
+Copyright:
+
+Copyright 1998-2016 The OpenLDAP Foundation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Individual files and/or contributed packages may be copyright by
+other parties and/or subject to additional restrictions.
+
+This work is derived from the University of Michigan LDAP v3.3
+distribution. Information concerning this software is available
+at <http://www.umich.edu/~dirsvcs/ldap/ldap.html>.
+
+This work also contains materials derived from public sources.
+
+Additional information about OpenLDAP can be obtained at
+<http://www.openldap.org/>.
+
+---
+
+The OpenLDAP Public License
+ Version 2.8, 17 August 2003
+
+Redistribution and use of this software and associated documentation
+("Software"), with or without modification, are permitted provided
+that the following conditions are met:
+
+1. Redistributions in source form must retain copyright statements
+ and notices,
+
+2. Redistributions in binary form must reproduce applicable copyright
+ statements and notices, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution, and
+
+3. Redistributions must contain a verbatim copy of this document.
+
+The OpenLDAP Foundation may revise this license from time to time.
+Each revision is distinguished by a version number. You may use
+this Software under terms of this license revision or under the
+terms of any subsequent revision of the license.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+The names of the authors and copyright holders must not be used in
+advertising or otherwise to promote the sale, use or other dealing
+in this Software without specific, written prior permission. Title
+to copyright in this Software shall at all times remain with copyright
+holders.
+
+---
+Noted above is that various files can be copyrighted individually.
+The licenses found in the OpenLDAP tree are as follows:
+
+CRL
+-----------------------------------
+# Copyright 1999 Computing Research Labs, New Mexico State University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+-----------------------------------
+
+
+FSF
+-----------------------------------
+# Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+-----------------------------------
+
+
+HC
+-----------------------------------
+ * Permission is granted to anyone to use this software for any purpose
+ * on any computer system, and to alter it and redistribute it, subject
+ * to the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission. Since few users ever read sources,
+ * credits should appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software. Since few users
+ * ever read sources, credits should appear in the
+ * documentation.
+ *
+ * 4. This notice may not be removed or altered.
+
+-----------------------------------
+
+
+IBM
+-----------------------------------
+ * Portions Copyright (c) 1995 by International Business Machines, Inc.
+ *
+ * International Business Machines, Inc. (hereinafter called IBM) grants
+ * permission under its copyrights to use, copy, modify, and distribute this
+ * Software with or without fee, provided that the above copyright notice and
+ * all paragraphs of this notice appear in all copies, and that the name of IBM
+ * not be used in connection with the marketing of any product incorporating
+ * the Software or modifications thereof, without specific, written prior
+ * permission.
+ *
+ * To the extent it has a right to do so, IBM grants an immunity from suit
+ * under its patents, if any, for the use, sale or manufacture of products to
+ * the extent that such products are used for performing Domain Name System
+ * dynamic updates in TCP/IP networks by means of the Software. No immunity is
+ * granted for any product per se or for any other function of any product.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+ * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+-----------------------------------
+
+
+IS
+-----------------------------------
+# Full Copyright Statement
+#
+# Copyright (C) The Internet Society (1999). All Rights Reserved.
+#
+# This document and translations of it may be copied and furnished to
+# others, and derivative works that comment on or otherwise explain it
+# or assist in its implementation may be prepared, copied, published
+# and distributed, in whole or in part, without restriction of any
+# kind, provided that the above copyright notice and this paragraph are
+# included on all such copies and derivative works. However, this
+# document itself may not be modified in any way, such as by removing
+# the copyright notice or references to the Internet Society or other
+# Internet organizations, except as needed for the purpose of
+# developing Internet standards in which case the procedures for
+# copyrights defined in the Internet Standards process must be
+# followed, or as required to translate it into languages other than
+# English.
+#
+# The limited permissions granted above are perpetual and will not be
+# revoked by the Internet Society or its successors or assigns.
+#
+# This document and the information contained herein is provided on an
+# "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+# TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+# BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+# HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+# MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+This license was present in the copies of several schema files and one
+LDIF file as distributed upstream. The relevant content has been removed
+except where it is purely functional (descriptions of an LDAP schema).
+The copyright notice has been retained with a clarifying comment. The
+provisions in the above license that prohibit modification therefore
+should no longer apply to any files distributed with the Debian package.
+
+Several files in libraries/libldap also reference this license as the
+copyright on ABNF sequences embedded as comments in those files. These
+too are purely functional interface specifications distributed as part of
+the LDAP protocol standard and do not contain creative work such as
+free-form text.
+-----------------------------------
+
+
+ISC
+-----------------------------------
+ * Copyright (c) 1996, 1998 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+
+-----------------------------------
+
+
+JC
+-----------------------------------
+ * This software is not subject to any license of Silicon Graphics
+ * Inc. or Purdue University.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * without restriction or fee of any kind as long as this notice
+ * is preserved.
+
+The following is additional information from Juan C. Gomez on how
+this license is to be interpreted:
+-----
+Local-Date: Fri, 06 Jun 2003 13:18:52 -0400
+Date: Fri, 6 Jun 2003 10:18:52 -0700
+From: Juan Gomez <juang@us.ibm.com>
+To: Stephen Frost <sfrost@debian.org>
+X-Mailer: Lotus Notes Release 5.0.2a (Intl) 23 November 1999
+Subject: Re: Juan C. Gomez license in OpenLDAP Source
+
+Stephen,
+
+"There is no restriction on modifications and derived works" on the work I
+did for the openldap server as long as this is consistent with the openldap
+license. Please forward this email to Kurt so he does the appropriate
+changes to the files to reflect this.
+
+
+Regards, Juan
+-----------------------------------
+
+
+MA
+-----------------------------------
+ * Copyright (c) 2000, Mark Adamson, Carnegie Mellon. All rights reserved.
+ * This software is not subject to any license of Carnegie Mellon University.
+ *
+ * Redistribution and use in source and binary forms are permitted without
+ * restriction or fee of any kind as long as this notice is preserved.
+ *
+ * The name "Carnegie Mellon" must not be used to endorse or promote
+ * products derived from this software without prior written permission.
+
+The following is additional information from Mark Adamson on how this license
+is to be interpreted:
+------
+Local-Date: Thu, 05 Jun 2003 16:53:32 -0400
+Date: Thu, 5 Jun 2003 16:53:32 -0400 (EDT)
+From: Mark Adamson <adamson@andrew.cmu.edu>
+To: Stephen Frost <sfrost@debian.org>
+Subject: Re: Mark Adamson license in OpenLDAP source
+
+Hi Stephen,
+
+ I don't see how this conflicts with the Debian FSG. The first statement
+in the copyright pertaining to CMU say only that we don't license out the
+software. The second mention denies the right to say things like,
+"Now! Powered by software from Carnegie Mellon!" There is no restriction
+on modifications and derived works.
+
+-Mark
+------
+-----------------------------------
+
+
+MIT
+-----------------------------------
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission. M.I.T. makes no representations about the
+# suitability of this software for any purpose. It is provided "as is"
+# without express or implied warranty.
+
+-----------------------------------
+
+
+OL2
+-----------------------------------
+Copyright 1999-2001 The OpenLDAP Foundation, Redwood City,
+California, USA. All Rights Reserved. Permission to copy and
+distribute verbatim copies of this document is granted.
+-----------------------------------
+
+
+PM
+-----------------------------------
+ * Copyright (C) 2000 Pierangelo Masarati, <ando@sys-net.it>
+ * All rights reserved.
+ *
+ * Permission is granted to anyone to use this software for any purpose
+ * on any computer system, and to alter it and redistribute it, subject
+ * to the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission. Since few users ever read sources,
+ * credits should appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software. Since few users
+ * ever read sources, credits should appear in the documentation.
+ *
+ * 4. This notice may not be removed or altered.
+ *
+-----------------------------------
+
+
+PM2
+-----------------------------------
+ * Redistribution and use in source and binary forms are permitted only
+ * as authorized by the OpenLDAP Public License. A copy of this
+ * license is available at http://www.OpenLDAP.org/license.html or
+ * in file LICENSE in the top-level directory of the distribution.
+-----------------------------------
+
+
+UoC
+-----------------------------------
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley. The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+NOTE: The Regents have since retroactively removed the advertising
+clause from above.
+
+-----------------------------------
+
+
+UoC2
+-----------------------------------
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+
+NOTE: The Regents have since retroactively removed the advertising
+clause from above.
+See:
+ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+
+-----------------------------------
+
+
+UoM
+-----------------------------------
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+---
+After discussing this license with the OpenLDAP Foundation we received
+clarification on it:
+---
+
+ * To: Stephen Frost <sfrost@snowman.net>
+ * Subject: Re: OpenLDAP Licenseing issues
+ * From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
+ * Date: Wed, 28 May 2003 10:55:44 -0700
+ * Cc: Steve Langasek <vorlon@netexpress.net>,debian-legal@lists.debian.org, openldap-devel@OpenLDAP.org
+ * In-reply-to: <20030528162613.GB8524@ns.snowman.net>
+ * Message-id: <5.2.0.9.0.20030528094229.02924780@127.0.0.1>
+ * Old-return-path: <Kurt@OpenLDAP.org>
+
+Steven,
+
+The OpenLDAP Foundation believes it the Regents' statement grants a
+license to redistribute derived works and is confident that the University,
+who is quite aware of our actions (as they actively participate in them),
+does not consider our actions to infringe on their rights. You are
+welcomed to your opinions. I suggest, however, that before you rely
+on your or other people's opinions (including ours), that you consult
+with a lawyer familiar with applicable law and the particulars of your
+situation.
+
+The Foundation sees no reason for it to expend its limited resources
+seeking clarifications which it believes are unnecessary. You are,
+of course, welcomed to expend time and energy seeking clarifications
+you think are necessary. I suggest you contact University's general
+counsel office (http://www.umich.edu/~vpgc/).
+
+Regards, Kurt
+-----------------------------------
+
+
diff --git a/debian/dh_installscripts-common b/debian/dh_installscripts-common
new file mode 100755
index 0000000..9936b4f
--- /dev/null
+++ b/debian/dh_installscripts-common
@@ -0,0 +1,22 @@
+#!/usr/bin/perl -w
+
+use strict;
+use Debian::Debhelper::Dh_Lib;
+
+init();
+
+foreach my $package (@{$dh{DOPACKAGES}}) {
+ my $tmp=tmpdir($package);
+ my $ext=pkgext($package);
+
+ if (! -d "$tmp/DEBIAN") {
+ next;
+ }
+
+ foreach my $file (qw{postinst preinst prerm postrm config}) {
+ my $f="$tmp/DEBIAN/$file";
+ if ($f) {
+ complex_doit("perl -pe 's~#SCRIPTSCOMMON#~qx{cat debian/${ext}scripts-common}~eg' -i $f");
+ }
+ }
+}
diff --git a/debian/ldap-utils.README.Debian b/debian/ldap-utils.README.Debian
new file mode 100644
index 0000000..83e979a
--- /dev/null
+++ b/debian/ldap-utils.README.Debian
@@ -0,0 +1,5 @@
+If you want to play with shell and ldapsearch output, be sure your dn
+entries are one per line. A perl script could be:
+
+ ldapsearch ... | perl -p -0040 -e 's/\n //'
+
diff --git a/debian/ldap-utils.dirs b/debian/ldap-utils.dirs
new file mode 100644
index 0000000..a65408f
--- /dev/null
+++ b/debian/ldap-utils.dirs
@@ -0,0 +1,2 @@
+usr/bin
+usr/share/man
diff --git a/debian/ldap-utils.install b/debian/ldap-utils.install
new file mode 100644
index 0000000..7a0238a
--- /dev/null
+++ b/debian/ldap-utils.install
@@ -0,0 +1,10 @@
+debian/tmp/usr/bin/ldapadd usr/bin
+debian/tmp/usr/bin/ldapdelete usr/bin
+debian/tmp/usr/bin/ldapmodrdn usr/bin
+debian/tmp/usr/bin/ldapsearch usr/bin
+debian/tmp/usr/bin/ldapcompare usr/bin
+debian/tmp/usr/bin/ldapmodify usr/bin
+debian/tmp/usr/bin/ldappasswd usr/bin
+debian/tmp/usr/bin/ldapwhoami usr/bin
+debian/tmp/usr/bin/ldapexop usr/bin
+debian/tmp/usr/bin/ldapurl usr/bin
diff --git a/debian/ldap-utils.manpages b/debian/ldap-utils.manpages
new file mode 100644
index 0000000..b7778fe
--- /dev/null
+++ b/debian/ldap-utils.manpages
@@ -0,0 +1,11 @@
+debian/tmp/usr/share/man/man1/ldapcompare.1
+debian/tmp/usr/share/man/man1/ldapdelete.1
+debian/tmp/usr/share/man/man1/ldapexop.1
+debian/tmp/usr/share/man/man1/ldapmodify.1
+debian/tmp/usr/share/man/man1/ldapmodrdn.1
+debian/tmp/usr/share/man/man1/ldappasswd.1
+debian/tmp/usr/share/man/man1/ldapsearch.1
+debian/tmp/usr/share/man/man1/ldapwhoami.1
+debian/tmp/usr/share/man/man1/ldapurl.1
+debian/tmp/usr/share/man/man1/ldapadd.1
+debian/tmp/usr/share/man/man5/ldif.5
diff --git a/debian/ldiftopasswd b/debian/ldiftopasswd
new file mode 100755
index 0000000..543bdd5
--- /dev/null
+++ b/debian/ldiftopasswd
@@ -0,0 +1,174 @@
+#!/usr/bin/perl -w
+#
+#
+# Comments on usage from the email we received:
+# I showed a friend the following script. He said I should submit it for
+# inclusion in openldap, because it might useful for others.
+#
+# The attached perl script, when used like
+#
+# ldapsearch | ldiftopasswd
+#
+# will automatically:
+#
+# 1. create /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow
+#
+# 2. append /etc/passwd.top, /etc/shadow.top, /etc/group.top, and /etc/gshadow.top to respective files.
+#
+# 3. use data from ldap to create the files (note: gshadow isn't really
+# supported, because I don't use it, nor could I find any
+# documentation. Adding support for other files should be easy).
+#
+# (of course you need access to all fields including the password field
+# for this, so use correct parameters to ldapsearch).
+#
+# This could be useful for instance on laptop computers where you don't
+# want to run a slave slapd server for some reason (perhaps memory
+# constraints).
+# ----------------------------------------
+use strict;
+use Getopt::Long;
+use MIME::Base64;
+use IO::File;
+
+my $passwdfile="/etc/passwd";
+my $shadowfile="/etc/shadow";
+my $groupfile="/etc/group";
+my $gshadowfile="/etc/gshadow";
+my $help;
+GetOptions (
+ '--passwd=s',\$passwdfile,
+ '--shadow=s',\$shadowfile,
+ '--group=s',\$groupfile,
+ '--gshadow=s',\$gshadowfile,
+ '--help',\$help,
+ ) or die "Bad options\n";
+
+if ($help or $#ARGV != -1) {
+ print STDERR "usage: $0 [etcfile=filename] [--help]\n";
+ exit 255;
+}
+
+sub start_file($) {
+ my ($file) = @_;
+ my $outhandle = new IO::File;
+ $outhandle->open(">$file") or die "Cannot open $file for writing";
+
+ open(TMP,"<$file.top") or die "cannot open $file.top for reading";
+ while (<TMP>) { $outhandle->print($_); }
+ close(TMP) or die "cannot close $file for reading";
+
+ return($outhandle);
+}
+
+my $PASSWD = start_file($passwdfile);
+my $SHADOW = start_file($shadowfile);
+my $GROUP = start_file($groupfile);
+my $GSHADOW = start_file($gshadowfile);
+
+sub dopasswd($) {
+ my ($record) = @_;
+ my $userPassword="*";
+
+ $PASSWD->print(
+ $record->{"uid"},":",
+ "x",":",
+ $record->{"uidNumber"},":",
+ $record->{"gidNumber"},":",
+ $record->{"gecos"},":",
+ $record->{"homeDirectory"},":",
+ $record->{"loginShell"},"\n");
+
+ if (defined($record->{"userPassword"}) &&
+ $record->{"userPassword"} =~ /^{(crypt)}(.*)$/)
+ { $userPassword = $2; }
+
+ $SHADOW->print(
+ $record->{"uid"},":",
+ $userPassword,":",
+ $record->{"shadowLastChange"} || "10706",":",
+ $record->{"shadowMin"} || "0",":",
+ $record->{"shadowMax"} || "99999",":",
+ $record->{"shadowWarning"} || "7",":",
+ $record->{"shadowInactive"} || "",":",
+ $record->{"shadowExpire"} || "",":",
+ "","\n");
+}
+
+sub dogroup($) {
+ my ($record) = @_;
+ my $userPassword="*";
+
+ my $members="";
+ if (defined($record->{"memberUid"})) {
+ $members = join(",",@{$record->{"memberUid"}});
+ }
+
+ $GROUP->print(
+ $record->{"cn"},":",
+ "x",":",
+ $record->{"gidNumber"},":",
+ $members,"\n");
+
+ if (defined($record->{"userPassword"}) &&
+ $record->{"userPassword"} =~ /^{(crypt)}(.*)$/)
+ { $userPassword = $2; }
+
+# !FIXME!
+# $GSHADOW->print
+# $record->{"cn"},":",
+# "*",":",
+# "",":",
+# "","\n";
+}
+
+
+my %record;
+my $user=0;
+my $group=0;
+
+while (<>) {
+ if (/^$/) {
+ if ($user) {
+ dopasswd(\%record);
+ }
+ if ($group) {
+ dogroup(\%record);
+ }
+
+ $user = $group = 0;
+ %record=();
+ }
+ elsif (/^objectClass: posixAccount$/) {
+ $user = 1;
+ }
+ elsif (/^objectClass: posixGroup$/) {
+ $group = 1;
+ }
+ elsif (/^(uid|uidNumber|gidNumber|gecos|homeDirectory|loginShell): (.*)$/) {
+ if (!defined($record{$1})) { $record{$1} = $2; }
+ }
+ elsif (/^(userPassword|shadowLastChange|shadowMin|shadowMax|shadowWarning|shadowInactive|shadowExpire): (.*)$/) {
+ if (!defined($record{$1})) { $record{$1} = $2; }
+ }
+ elsif (/^(cn): (.*)$/) {
+ if (!defined($record{$1})) { $record{$1} = $2; }
+ }
+ elsif (/^(uniqueMember): (.*)$/) {
+ push @{$record{$1}},$2;
+ if ($2 =~ /uid=([a-zA-Z]*),/) {
+ push @{$record{"memberUid"}},$1;
+ }
+ }
+ elsif (/^(memberUid): (.*)$/) {
+ push @{$record{$1}},$2;
+ }
+ elsif (/^(userPassword):: (.*)$/) {
+ $record{$1} = decode_base64($2);
+ }
+}
+
+$PASSWD->close or die "Cannot close $passwdfile for writing";
+$SHADOW->close or die "Cannot close $shadowfile for writing";
+$GROUP->close or die "Cannot close $groupfile for writing";
+$GSHADOW->close or die "Cannot close $gshadowfile for writing";
diff --git a/debian/libldap-2.4-2.README.Debian b/debian/libldap-2.4-2.README.Debian
new file mode 100644
index 0000000..151703c
--- /dev/null
+++ b/debian/libldap-2.4-2.README.Debian
@@ -0,0 +1,22 @@
+Notes about Debian's libldap2 package
+-------------------------------------
+
+It has been reported that using libnss-ldap can cause a failure to
+unmount /usr on system shutdown. The reason is that the nss module
+uses libldap from /usr and is used by the shell in the system
+scripts executed on shutdown/reboot.
+
+More precisely bash uses the getpwuid function to get the data of
+the current user which pulls in the nss modules which includes
+the ldap libraries if you are using that module.
+
+Possible solutions to this problem are:
+
+a) use another shell that does not utilize getpwuid for getting info
+ about the current user (take dash for example).
+b) make sure that the nsswitch.conf is replaced by a version which does
+ not mention ldap before the system is shut down (and have a startup
+ script that installs the "full" version of that file).
+c) move the libraries to /lib (not recommended).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 Sep 2002 11:06:22 +0200
diff --git a/debian/libldap-2.4-2.install b/debian/libldap-2.4-2.install
new file mode 100644
index 0000000..35b0d96
--- /dev/null
+++ b/debian/libldap-2.4-2.install
@@ -0,0 +1,4 @@
+usr/lib/*/liblber-2.4.so.2
+usr/lib/*/liblber-2.4.so.2.*.*
+usr/lib/*/libldap_r-2.4.so.2
+usr/lib/*/libldap_r-2.4.so.2.*.*
diff --git a/debian/libldap-2.4-2.links.in b/debian/libldap-2.4-2.links.in
new file mode 100644
index 0000000..c81df26
--- /dev/null
+++ b/debian/libldap-2.4-2.links.in
@@ -0,0 +1 @@
+usr/lib/${DEB_HOST_MULTIARCH}/libldap_r-2.4.so.2 usr/lib/${DEB_HOST_MULTIARCH}/libldap-2.4.so.2
diff --git a/debian/libldap-2.4-2.lintian-overrides b/debian/libldap-2.4-2.lintian-overrides
new file mode 100644
index 0000000..f5baab4
--- /dev/null
+++ b/debian/libldap-2.4-2.lintian-overrides
@@ -0,0 +1,4 @@
+libldap-2.4-2: package-name-doesnt-match-sonames liblber-2.4-2 libldap-r-2.4-2
+# #687022
+libldap-2.4-2: dev-pkg-without-shlib-symlink */liblber-2.4.so.* *
+libldap-2.4-2: dev-pkg-without-shlib-symlink */libldap_r-2.4.so.* *
diff --git a/debian/libldap-2.4-2.shlibs b/debian/libldap-2.4-2.shlibs
new file mode 100644
index 0000000..13fdedb
--- /dev/null
+++ b/debian/libldap-2.4-2.shlibs
@@ -0,0 +1,9 @@
+# While only libldap_r is packaged, the client programs are linked
+# against libldap during build. This is here just to satisfy
+# dpkg-shlibdeps for ldap-utils: libldap is not around when
+# dpkg-gensymbols runs, so it's not listed in the symbols file. A better
+# long-term workaround will be to patch the upstream build system so the
+# client programs are linked against libldap_r.
+liblber-2.4 2 libldap-2.4-2 (>= 2.4.7)
+libldap-2.4 2 libldap-2.4-2 (>= 2.4.7)
+libldap_r-2.4 2 libldap-2.4-2 (>= 2.4.7)
diff --git a/debian/libldap-2.4-2.symbols b/debian/libldap-2.4-2.symbols
new file mode 100644
index 0000000..d42ccec
--- /dev/null
+++ b/debian/libldap-2.4-2.symbols
@@ -0,0 +1,646 @@
+liblber-2.4.so.2 libldap-2.4-2 #MINVER#
+ OPENLDAP_2.4_2@OPENLDAP_2.4_2 2.4.7
+ ber_alloc@OPENLDAP_2.4_2 2.4.7
+ ber_alloc_t@OPENLDAP_2.4_2 2.4.7
+ ber_bprint@OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_add@OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_add_x@OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_dup_x@OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_free@OPENLDAP_2.4_2 2.4.7
+ ber_bvarray_free_x@OPENLDAP_2.4_2 2.4.7
+ ber_bvdup@OPENLDAP_2.4_2 2.4.7
+ ber_bvecadd@OPENLDAP_2.4_2 2.4.7
+ ber_bvecadd_x@OPENLDAP_2.4_2 2.4.7
+ ber_bvecfree@OPENLDAP_2.4_2 2.4.7
+ ber_bvecfree_x@OPENLDAP_2.4_2 2.4.7
+ ber_bvfree@OPENLDAP_2.4_2 2.4.7
+ ber_bvfree_x@OPENLDAP_2.4_2 2.4.7
+ ber_bvreplace@OPENLDAP_2.4_2 2.4.7
+ ber_bvreplace_x@OPENLDAP_2.4_2 2.4.7
+ ber_decode_oid@OPENLDAP_2.4_2 2.4.7
+ ber_dump@OPENLDAP_2.4_2 2.4.7
+ ber_dup@OPENLDAP_2.4_2 2.4.7
+ ber_dupbv@OPENLDAP_2.4_2 2.4.7
+ ber_dupbv_x@OPENLDAP_2.4_2 2.4.7
+ ber_encode_oid@OPENLDAP_2.4_2 2.4.7
+ ber_errno_addr@OPENLDAP_2.4_2 2.4.7
+ ber_error_print@OPENLDAP_2.4_2 2.4.7
+ ber_first_element@OPENLDAP_2.4_2 2.4.7
+ ber_flatten2@OPENLDAP_2.4_2 2.4.7
+ ber_flatten@OPENLDAP_2.4_2 2.4.7
+ ber_flush2@OPENLDAP_2.4_2 2.4.7
+ ber_flush@OPENLDAP_2.4_2 2.4.7
+ ber_free@OPENLDAP_2.4_2 2.4.7
+ ber_free_buf@OPENLDAP_2.4_2 2.4.7
+ ber_get_bitstringa@OPENLDAP_2.4_2 2.4.7
+ ber_get_boolean@OPENLDAP_2.4_2 2.4.7
+ ber_get_enum@OPENLDAP_2.4_2 2.4.7
+ ber_get_int@OPENLDAP_2.4_2 2.4.7
+ ber_get_next@OPENLDAP_2.4_2 2.4.7
+ ber_get_null@OPENLDAP_2.4_2 2.4.7
+ ber_get_option@OPENLDAP_2.4_2 2.4.7
+ ber_get_stringa@OPENLDAP_2.4_2 2.4.7
+ ber_get_stringa_null@OPENLDAP_2.4_2 2.4.7
+ ber_get_stringal@OPENLDAP_2.4_2 2.4.7
+ ber_get_stringb@OPENLDAP_2.4_2 2.4.7
+ ber_get_stringbv@OPENLDAP_2.4_2 2.4.7
+ ber_get_stringbv_null@OPENLDAP_2.4_2 2.4.7
+ ber_get_tag@OPENLDAP_2.4_2 2.4.7
+ ber_init2@OPENLDAP_2.4_2 2.4.7
+ ber_init@OPENLDAP_2.4_2 2.4.7
+ ber_init_w_nullc@OPENLDAP_2.4_2 2.4.7
+ ber_int_errno_fn@OPENLDAP_2.4_2 2.4.7
+ ber_int_log_proc@OPENLDAP_2.4_2 2.4.7
+ ber_int_memory_fns@OPENLDAP_2.4_2 2.4.7
+ ber_int_options@OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_close@OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_destroy@OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_init@OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_read@OPENLDAP_2.4_2 2.4.7
+ ber_int_sb_write@OPENLDAP_2.4_2 2.4.7
+ ber_len@OPENLDAP_2.4_2 2.4.7
+ ber_log_bprint@OPENLDAP_2.4_2 2.4.7
+ ber_log_dump@OPENLDAP_2.4_2 2.4.7
+ ber_log_sos_dump@OPENLDAP_2.4_2 2.4.7
+ ber_mem2bv@OPENLDAP_2.4_2 2.4.7
+ ber_mem2bv_x@OPENLDAP_2.4_2 2.4.7
+ ber_memalloc@OPENLDAP_2.4_2 2.4.7
+ ber_memalloc_x@OPENLDAP_2.4_2 2.4.7
+ ber_memcalloc@OPENLDAP_2.4_2 2.4.7
+ ber_memcalloc_x@OPENLDAP_2.4_2 2.4.7
+ ber_memfree@OPENLDAP_2.4_2 2.4.7
+ ber_memfree_x@OPENLDAP_2.4_2 2.4.7
+ ber_memrealloc@OPENLDAP_2.4_2 2.4.7
+ ber_memrealloc_x@OPENLDAP_2.4_2 2.4.7
+ ber_memvfree@OPENLDAP_2.4_2 2.4.7
+ ber_memvfree_x@OPENLDAP_2.4_2 2.4.7
+ ber_next_element@OPENLDAP_2.4_2 2.4.7
+ ber_peek_element@OPENLDAP_2.4_2 2.4.21
+ ber_peek_tag@OPENLDAP_2.4_2 2.4.7
+ ber_printf@OPENLDAP_2.4_2 2.4.7
+ ber_ptrlen@OPENLDAP_2.4_2 2.4.7
+ ber_put_berval@OPENLDAP_2.4_2 2.4.7
+ ber_put_bitstring@OPENLDAP_2.4_2 2.4.7
+ ber_put_boolean@OPENLDAP_2.4_2 2.4.7
+ ber_put_enum@OPENLDAP_2.4_2 2.4.7
+ ber_put_int@OPENLDAP_2.4_2 2.4.7
+ ber_put_null@OPENLDAP_2.4_2 2.4.7
+ ber_put_ostring@OPENLDAP_2.4_2 2.4.7
+ ber_put_seq@OPENLDAP_2.4_2 2.4.7
+ ber_put_set@OPENLDAP_2.4_2 2.4.7
+ ber_put_string@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_err_file@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_log_output@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_log_print@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_log_printf@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_opt_on@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_buf_destroy@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_buf_init@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_copy_out@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_do_write@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_sb_grow_buffer@OPENLDAP_2.4_2 2.4.7
+ ber_pvt_socket_set_nonblock@OPENLDAP_2.4_2 2.4.7
+ ber_read@OPENLDAP_2.4_2 2.4.7
+ ber_realloc@OPENLDAP_2.4_2 2.4.7
+ ber_remaining@OPENLDAP_2.4_2 2.4.7
+ ber_reset@OPENLDAP_2.4_2 2.4.7
+ ber_rewind@OPENLDAP_2.4_2 2.4.7
+ ber_scanf@OPENLDAP_2.4_2 2.4.7
+ ber_set_option@OPENLDAP_2.4_2 2.4.7
+ ber_skip_data@OPENLDAP_2.4_2 2.4.7
+ ber_skip_element@OPENLDAP_2.4_2 2.4.21
+ ber_skip_tag@OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_add_io@OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_alloc@OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_ctrl@OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_free@OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_io_debug@OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_io_fd@OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_io_readahead@OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_io_tcp@OPENLDAP_2.4_2 2.4.7
+ ber_sockbuf_remove_io@OPENLDAP_2.4_2 2.4.7
+ ber_sos_dump@OPENLDAP_2.4_2 2.4.7
+ ber_start@OPENLDAP_2.4_2 2.4.7
+ ber_start_seq@OPENLDAP_2.4_2 2.4.7
+ ber_start_set@OPENLDAP_2.4_2 2.4.7
+ ber_str2bv@OPENLDAP_2.4_2 2.4.7
+ ber_str2bv_x@OPENLDAP_2.4_2 2.4.7
+ ber_strdup@OPENLDAP_2.4_2 2.4.7
+ ber_strdup_x@OPENLDAP_2.4_2 2.4.7
+ ber_strndup@OPENLDAP_2.4_2 2.4.7
+ ber_strndup_x@OPENLDAP_2.4_2 2.4.7
+ ber_strnlen@OPENLDAP_2.4_2 2.4.17
+ ber_write@OPENLDAP_2.4_2 2.4.7
+ der_alloc@OPENLDAP_2.4_2 2.4.7
+ lutil_debug@OPENLDAP_2.4_2 2.4.7
+ lutil_debug_file@OPENLDAP_2.4_2 2.4.7
+libldap_r-2.4.so.2 libldap-2.4-2 #MINVER#
+ OPENLDAP_2.4_2@OPENLDAP_2.4_2 2.4.7
+ ldap_X509dn2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_abandon@OPENLDAP_2.4_2 2.4.7
+ ldap_abandon_ext@OPENLDAP_2.4_2 2.4.7
+ ldap_add@OPENLDAP_2.4_2 2.4.7
+ ldap_add_ext@OPENLDAP_2.4_2 2.4.7
+ ldap_add_ext_s@OPENLDAP_2.4_2 2.4.7
+ ldap_add_result_entry@OPENLDAP_2.4_2 2.4.7
+ ldap_add_s@OPENLDAP_2.4_2 2.4.7
+ ldap_alloc_ber_with_options@OPENLDAP_2.4_2 2.4.7
+ ldap_append_referral@OPENLDAP_2.4_2 2.4.7
+ ldap_attributetype2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_attributetype2name@OPENLDAP_2.4_2 2.4.7
+ ldap_attributetype2str@OPENLDAP_2.4_2 2.4.7
+ ldap_attributetype_free@OPENLDAP_2.4_2 2.4.7
+ ldap_bind@OPENLDAP_2.4_2 2.4.7
+ ldap_bind_s@OPENLDAP_2.4_2 2.4.7
+ ldap_build_add_req@OPENLDAP_2.4_2 2.4.43
+ ldap_build_bind_req@OPENLDAP_2.4_2 2.4.43
+ ldap_build_compare_req@OPENLDAP_2.4_2 2.4.43
+ ldap_build_delete_req@OPENLDAP_2.4_2 2.4.43
+ ldap_build_extended_req@OPENLDAP_2.4_2 2.4.43
+ ldap_build_moddn_req@OPENLDAP_2.4_2 2.4.43
+ ldap_build_modify_req@OPENLDAP_2.4_2 2.4.43
+ ldap_build_search_req@OPENLDAP_2.4_2 2.4.7
+ ldap_bv2dn@OPENLDAP_2.4_2 2.4.7
+ ldap_bv2dn_x@OPENLDAP_2.4_2 2.4.7
+ ldap_bv2escaped_filter_value@OPENLDAP_2.4_2 2.4.7
+ ldap_bv2escaped_filter_value_len@OPENLDAP_2.4_2 2.4.7
+ ldap_bv2escaped_filter_value_x@OPENLDAP_2.4_2 2.4.7
+ ldap_bv2rdn@OPENLDAP_2.4_2 2.4.7
+ ldap_bv2rdn_x@OPENLDAP_2.4_2 2.4.7
+ ldap_cancel@OPENLDAP_2.4_2 2.4.7
+ ldap_cancel_s@OPENLDAP_2.4_2 2.4.7
+ ldap_charray2str@OPENLDAP_2.4_2 2.4.7
+ ldap_charray_add@OPENLDAP_2.4_2 2.4.7
+ ldap_charray_dup@OPENLDAP_2.4_2 2.4.7
+ ldap_charray_free@OPENLDAP_2.4_2 2.4.7
+ ldap_charray_inlist@OPENLDAP_2.4_2 2.4.7
+ ldap_charray_merge@OPENLDAP_2.4_2 2.4.7
+ ldap_chase_referrals@OPENLDAP_2.4_2 2.4.7
+ ldap_chase_v3referrals@OPENLDAP_2.4_2 2.4.7
+ ldap_clear_select_write@OPENLDAP_2.4_2 2.4.31
+ ldap_compare@OPENLDAP_2.4_2 2.4.7
+ ldap_compare_ext@OPENLDAP_2.4_2 2.4.7
+ ldap_compare_ext_s@OPENLDAP_2.4_2 2.4.7
+ ldap_compare_s@OPENLDAP_2.4_2 2.4.7
+ ldap_connect_to_host@OPENLDAP_2.4_2 2.4.7
+ ldap_connect_to_path@OPENLDAP_2.4_2 2.4.7
+ ldap_contentrule2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_contentrule2name@OPENLDAP_2.4_2 2.4.7
+ ldap_contentrule2str@OPENLDAP_2.4_2 2.4.7
+ ldap_contentrule_free@OPENLDAP_2.4_2 2.4.7
+ ldap_control_create@OPENLDAP_2.4_2 2.4.7
+ ldap_control_dup@OPENLDAP_2.4_2 2.4.7
+ ldap_control_find@OPENLDAP_2.4_2 2.4.7
+ ldap_control_free@OPENLDAP_2.4_2 2.4.7
+ ldap_controls_dup@OPENLDAP_2.4_2 2.4.7
+ ldap_controls_free@OPENLDAP_2.4_2 2.4.7
+ ldap_count_entries@OPENLDAP_2.4_2 2.4.7
+ ldap_count_messages@OPENLDAP_2.4_2 2.4.7
+ ldap_count_references@OPENLDAP_2.4_2 2.4.7
+ ldap_count_values@OPENLDAP_2.4_2 2.4.7
+ ldap_count_values_len@OPENLDAP_2.4_2 2.4.7
+ ldap_create@OPENLDAP_2.4_2 2.4.7
+ ldap_create_assertion_control@OPENLDAP_2.4_2 2.4.11
+ ldap_create_assertion_control_value@OPENLDAP_2.4_2 2.4.11
+ ldap_create_control@OPENLDAP_2.4_2 2.4.7
+ ldap_create_deref_control@OPENLDAP_2.4_2 2.4.15
+ ldap_create_deref_control_value@OPENLDAP_2.4_2 2.4.15
+ ldap_create_page_control@OPENLDAP_2.4_2 2.4.7
+ ldap_create_page_control_value@OPENLDAP_2.4_2 2.4.7
+ ldap_create_passwordpolicy_control@OPENLDAP_2.4_2 2.4.7
+ ldap_create_session_tracking_control@OPENLDAP_2.4_2 2.4.28
+ ldap_create_session_tracking_value@OPENLDAP_2.4_2 2.4.28
+ ldap_create_sort_control@OPENLDAP_2.4_2 2.4.7
+ ldap_create_sort_control_value@OPENLDAP_2.4_2 2.4.7
+ ldap_create_sort_keylist@OPENLDAP_2.4_2 2.4.7
+ ldap_create_vlv_control@OPENLDAP_2.4_2 2.4.7
+ ldap_create_vlv_control_value@OPENLDAP_2.4_2 2.4.7
+ ldap_dcedn2dn@OPENLDAP_2.4_2 2.4.7
+ ldap_delete@OPENLDAP_2.4_2 2.4.7
+ ldap_delete_ext@OPENLDAP_2.4_2 2.4.7
+ ldap_delete_ext_s@OPENLDAP_2.4_2 2.4.7
+ ldap_delete_result_entry@OPENLDAP_2.4_2 2.4.7
+ ldap_delete_s@OPENLDAP_2.4_2 2.4.7
+ ldap_derefresponse_free@OPENLDAP_2.4_2 2.4.15
+ ldap_destroy@OPENLDAP_2.4_2 2.4.25
+ ldap_dn2ad_canonical@OPENLDAP_2.4_2 2.4.7
+ ldap_dn2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_dn2bv_x@OPENLDAP_2.4_2 2.4.7
+ ldap_dn2dcedn@OPENLDAP_2.4_2 2.4.7
+ ldap_dn2domain@OPENLDAP_2.4_2 2.4.7
+ ldap_dn2str@OPENLDAP_2.4_2 2.4.7
+ ldap_dn2ufn@OPENLDAP_2.4_2 2.4.7
+ ldap_dn_normalize@OPENLDAP_2.4_2 2.4.7
+ ldap_dnfree@OPENLDAP_2.4_2 2.4.7
+ ldap_dnfree_x@OPENLDAP_2.4_2 2.4.7
+ ldap_domain2dn@OPENLDAP_2.4_2 2.4.7
+ ldap_domain2hostlist@OPENLDAP_2.4_2 2.4.7
+ ldap_dump_connection@OPENLDAP_2.4_2 2.4.7
+ ldap_dump_requests_and_responses@OPENLDAP_2.4_2 2.4.7
+ ldap_dup@OPENLDAP_2.4_2 2.4.25
+ ldap_err2string@OPENLDAP_2.4_2 2.4.7
+ ldap_explode_dn@OPENLDAP_2.4_2 2.4.7
+ ldap_explode_rdn@OPENLDAP_2.4_2 2.4.7
+ ldap_extended_operation@OPENLDAP_2.4_2 2.4.7
+ ldap_extended_operation_s@OPENLDAP_2.4_2 2.4.7
+ ldap_find_control@OPENLDAP_2.4_2 2.4.7
+ ldap_find_request_by_msgid@OPENLDAP_2.4_2 2.4.7
+ ldap_first_attribute@OPENLDAP_2.4_2 2.4.7
+ ldap_first_entry@OPENLDAP_2.4_2 2.4.7
+ ldap_first_message@OPENLDAP_2.4_2 2.4.7
+ ldap_first_reference@OPENLDAP_2.4_2 2.4.7
+ ldap_free_connection@OPENLDAP_2.4_2 2.4.7
+ ldap_free_request@OPENLDAP_2.4_2 2.4.7
+ ldap_free_select_info@OPENLDAP_2.4_2 2.4.7
+ ldap_free_sort_keylist@OPENLDAP_2.4_2 2.4.7
+ ldap_free_urldesc@OPENLDAP_2.4_2 2.4.7
+ ldap_free_urllist@OPENLDAP_2.4_2 2.4.7
+ ldap_get_attribute_ber@OPENLDAP_2.4_2 2.4.7
+ ldap_get_dn@OPENLDAP_2.4_2 2.4.7
+ ldap_get_dn_ber@OPENLDAP_2.4_2 2.4.7
+ ldap_get_entry_controls@OPENLDAP_2.4_2 2.4.7
+ ldap_get_message_ber@OPENLDAP_2.4_2 2.4.7
+ ldap_get_option@OPENLDAP_2.4_2 2.4.7
+ ldap_get_values@OPENLDAP_2.4_2 2.4.7
+ ldap_get_values_len@OPENLDAP_2.4_2 2.4.7
+ ldap_gssapi_bind@OPENLDAP_2.4_2 2.4.15
+ ldap_gssapi_bind_s@OPENLDAP_2.4_2 2.4.15
+ ldap_host_connected_to@OPENLDAP_2.4_2 2.4.7
+ ldap_init@OPENLDAP_2.4_2 2.4.7
+ ldap_init_fd@OPENLDAP_2.4_2 2.4.7
+ ldap_initialize@OPENLDAP_2.4_2 2.4.7
+ ldap_install_tls@OPENLDAP_2.4_2 2.4.7
+ ldap_int_bisect_delete@OPENLDAP_2.4_2 2.4.7
+ ldap_int_bisect_find@OPENLDAP_2.4_2 2.4.7
+ ldap_int_bisect_insert@OPENLDAP_2.4_2 2.4.7
+ ldap_int_check_async_open@OPENLDAP_2.4_2 2.4.28
+ ldap_int_client_controls@OPENLDAP_2.4_2 2.4.7
+ ldap_int_connect_cbs@OPENLDAP_2.4_2 2.4.15
+ ldap_int_error_init@OPENLDAP_2.4_2 2.4.7
+ ldap_int_flush_request@OPENLDAP_2.4_2 2.4.7
+ ldap_int_global_options@OPENLDAP_2.4_2 2.4.7
+ ldap_int_gmtime_mutex@OPENLDAP_2.4_2 2.4.23
+ ldap_int_hostname@OPENLDAP_2.4_2 2.4.7
+ ldap_int_hostname_mutex@OPENLDAP_2.4_2 2.4.39
+ ldap_int_inet4or6@OPENLDAP_2.4_2 2.4.7
+ ldap_int_initialize@OPENLDAP_2.4_2 2.4.7
+ ldap_int_initialize_global_options@OPENLDAP_2.4_2 2.4.7
+ ldap_int_msgtype2str@OPENLDAP_2.4_2 2.4.7
+ ldap_int_open_connection@OPENLDAP_2.4_2 2.4.7
+ ldap_int_parse_numericoid@OPENLDAP_2.4_2 2.4.7
+ ldap_int_parse_ruleid@OPENLDAP_2.4_2 2.4.7
+ ldap_int_poll@OPENLDAP_2.4_2 2.4.7
+ ldap_int_put_controls@OPENLDAP_2.4_2 2.4.7
+ ldap_int_resolv_mutex@OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_bind@OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_close@OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_config@OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_external@OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_get_option@OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_init@OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_open@OPENLDAP_2.4_2 2.4.7
+ ldap_int_sasl_set_option@OPENLDAP_2.4_2 2.4.7
+ ldap_int_select@OPENLDAP_2.4_2 2.4.7
+ ldap_int_thread_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_int_thread_initialize@OPENLDAP_2.4_2 2.4.7
+ ldap_int_thread_pool_shutdown@OPENLDAP_2.4_2 2.4.7
+ ldap_int_thread_pool_startup@OPENLDAP_2.4_2 2.4.7
+ ldap_int_timeval_dup@OPENLDAP_2.4_2 2.4.7
+ ldap_int_tls_config@OPENLDAP_2.4_2 2.4.7
+ ldap_int_tls_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_int_tls_impl@OPENLDAP_2.4_2 2.4.15
+ ldap_int_tls_start@OPENLDAP_2.4_2 2.4.7
+ ldap_int_utils_init@OPENLDAP_2.4_2 2.4.7
+ ldap_is_ldap_url@OPENLDAP_2.4_2 2.4.7
+ ldap_is_ldapi_url@OPENLDAP_2.4_2 2.4.7
+ ldap_is_ldaps_url@OPENLDAP_2.4_2 2.4.7
+ ldap_is_read_ready@OPENLDAP_2.4_2 2.4.7
+ ldap_is_write_ready@OPENLDAP_2.4_2 2.4.7
+ ldap_ld_free@OPENLDAP_2.4_2 2.4.7
+ ldap_log_printf@OPENLDAP_2.4_2 2.4.7
+ ldap_mark_select_clear@OPENLDAP_2.4_2 2.4.7
+ ldap_mark_select_read@OPENLDAP_2.4_2 2.4.7
+ ldap_mark_select_write@OPENLDAP_2.4_2 2.4.7
+ ldap_matchingrule2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_matchingrule2name@OPENLDAP_2.4_2 2.4.7
+ ldap_matchingrule2str@OPENLDAP_2.4_2 2.4.7
+ ldap_matchingrule_free@OPENLDAP_2.4_2 2.4.7
+ ldap_matchingruleuse2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_matchingruleuse2name@OPENLDAP_2.4_2 2.4.7
+ ldap_matchingruleuse2str@OPENLDAP_2.4_2 2.4.7
+ ldap_matchingruleuse_free@OPENLDAP_2.4_2 2.4.7
+ ldap_memalloc@OPENLDAP_2.4_2 2.4.7
+ ldap_memcalloc@OPENLDAP_2.4_2 2.4.7
+ ldap_memfree@OPENLDAP_2.4_2 2.4.7
+ ldap_memrealloc@OPENLDAP_2.4_2 2.4.7
+ ldap_memvfree@OPENLDAP_2.4_2 2.4.7
+ ldap_modify@OPENLDAP_2.4_2 2.4.7
+ ldap_modify_ext@OPENLDAP_2.4_2 2.4.7
+ ldap_modify_ext_s@OPENLDAP_2.4_2 2.4.7
+ ldap_modify_s@OPENLDAP_2.4_2 2.4.7
+ ldap_modrdn2@OPENLDAP_2.4_2 2.4.7
+ ldap_modrdn2_s@OPENLDAP_2.4_2 2.4.7
+ ldap_modrdn@OPENLDAP_2.4_2 2.4.7
+ ldap_modrdn_s@OPENLDAP_2.4_2 2.4.7
+ ldap_mods_free@OPENLDAP_2.4_2 2.4.7
+ ldap_msgdelete@OPENLDAP_2.4_2 2.4.7
+ ldap_msgfree@OPENLDAP_2.4_2 2.4.7
+ ldap_msgid@OPENLDAP_2.4_2 2.4.7
+ ldap_msgtype@OPENLDAP_2.4_2 2.4.7
+ ldap_nameform2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_nameform2name@OPENLDAP_2.4_2 2.4.7
+ ldap_nameform2str@OPENLDAP_2.4_2 2.4.7
+ ldap_nameform_free@OPENLDAP_2.4_2 2.4.7
+ ldap_new_connection@OPENLDAP_2.4_2 2.4.7
+ ldap_new_select_info@OPENLDAP_2.4_2 2.4.7
+ ldap_next_attribute@OPENLDAP_2.4_2 2.4.7
+ ldap_next_entry@OPENLDAP_2.4_2 2.4.7
+ ldap_next_message@OPENLDAP_2.4_2 2.4.7
+ ldap_next_reference@OPENLDAP_2.4_2 2.4.7
+ ldap_ntlm_bind@OPENLDAP_2.4_2 2.4.7
+ ldap_objectclass2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_objectclass2name@OPENLDAP_2.4_2 2.4.7
+ ldap_objectclass2str@OPENLDAP_2.4_2 2.4.7
+ ldap_objectclass_free@OPENLDAP_2.4_2 2.4.7
+ ldap_open@OPENLDAP_2.4_2 2.4.7
+ ldap_open_defconn@OPENLDAP_2.4_2 2.4.7
+ ldap_open_internal_connection@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_deref_control@OPENLDAP_2.4_2 2.4.15
+ ldap_parse_derefresponse_control@OPENLDAP_2.4_2 2.4.15
+ ldap_parse_extended_result@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_intermediate@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_ntlm_bind_result@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_page_control@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_pageresponse_control@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_passwd@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_passwordpolicy_control@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_reference@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_refresh@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_result@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_sasl_bind_result@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_session_tracking_control@OPENLDAP_2.4_2 2.4.28
+ ldap_parse_sortresponse_control@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_vlvresponse_control@OPENLDAP_2.4_2 2.4.7
+ ldap_parse_whoami@OPENLDAP_2.4_2 2.4.7
+ ldap_passwd@OPENLDAP_2.4_2 2.4.7
+ ldap_passwd_s@OPENLDAP_2.4_2 2.4.7
+ ldap_passwordpolicy_err2txt@OPENLDAP_2.4_2 2.4.7
+ ldap_perror@OPENLDAP_2.4_2 2.4.7
+ ldap_put_vrFilter@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_bv2scope@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_csnstr@OPENLDAP_2.4_2 2.4.23
+ ldap_pvt_ctime@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_discard@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_filter_value_unescape@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_find_wildcard@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_get_controls@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_get_fqdn@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_get_hname@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_gethostbyaddr_a@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_gethostbyname_a@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_gettime@OPENLDAP_2.4_2 2.4.23
+ ldap_pvt_hex_unescape@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_put_control@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_put_filter@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_find@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_insert@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_isrunning@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_next_sched@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_persistent_backload@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_remove@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_resched@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_runtask@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_runqueue_stoptask@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_generic_install@OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_sasl_generic_remove@OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_sasl_getmechs@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_install@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_mutex_dispose@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_mutex_lock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_mutex_new@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_mutex_unlock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_remove@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_secprops@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_sasl_secprops_unparse@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_scope2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_scope2str@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_search@OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_search_s@OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_sockbuf_io_sasl_generic@OPENLDAP_2.4_2 2.4.15
+ ldap_pvt_str2lower@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_str2lowerbv@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_str2scope@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_str2upper@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_str2upperbv@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_strtok@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_broadcast@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_init@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_signal@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_cond_wait@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_create@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_exit@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_get_concurrency@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_initialize@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_join@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_key_create@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_key_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_key_getdata@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_key_setdata@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_kill@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_init@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_lock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_trylock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_mutex_unlock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_backload@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_context@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_context_reset@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_getkey@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_idle@OPENLDAP_2.4_2 2.4.31
+ ldap_pvt_thread_pool_init@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_maxthreads@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_pause@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_pausecheck@OPENLDAP_2.4_2 2.4.9
+ ldap_pvt_thread_pool_pausing@OPENLDAP_2.4_2 2.4.9
+ ldap_pvt_thread_pool_purgekey@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_query@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_resume@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_retract@OPENLDAP_2.4_2 2.4.17
+ ldap_pvt_thread_pool_setkey@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_submit@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_tid@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_pool_unidle@OPENLDAP_2.4_2 2.4.31
+ ldap_pvt_thread_rdwr_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_init@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_rlock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_rtrylock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_runlock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_wlock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_wtrylock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rdwr_wunlock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_init@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_lock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_trylock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_rmutex_unlock@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_self@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_set_concurrency@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_sleep@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_thread_yield@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_accept@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_check_hostname@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_ctx_free@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_get_my_dn@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_get_option@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_get_peer_dn@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_get_strength@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_init@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_init_def_ctx@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_inplace@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_sb_ctx@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_tls_set_option@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_url_scheme2proto@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_url_scheme2tls@OPENLDAP_2.4_2 2.4.7
+ ldap_pvt_url_scheme_port@OPENLDAP_2.4_2 2.4.7
+ ldap_rdn2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_rdn2bv_x@OPENLDAP_2.4_2 2.4.7
+ ldap_rdn2str@OPENLDAP_2.4_2 2.4.7
+ ldap_rdnfree@OPENLDAP_2.4_2 2.4.7
+ ldap_rdnfree_x@OPENLDAP_2.4_2 2.4.7
+ ldap_refresh@OPENLDAP_2.4_2 2.4.7
+ ldap_refresh_s@OPENLDAP_2.4_2 2.4.7
+ ldap_rename2@OPENLDAP_2.4_2 2.4.7
+ ldap_rename2_s@OPENLDAP_2.4_2 2.4.7
+ ldap_rename@OPENLDAP_2.4_2 2.4.7
+ ldap_rename_s@OPENLDAP_2.4_2 2.4.7
+ ldap_result2error@OPENLDAP_2.4_2 2.4.7
+ ldap_result@OPENLDAP_2.4_2 2.4.7
+ ldap_return_request@OPENLDAP_2.4_2 2.4.7
+ ldap_sasl_bind@OPENLDAP_2.4_2 2.4.7
+ ldap_sasl_bind_s@OPENLDAP_2.4_2 2.4.7
+ ldap_sasl_interactive_bind@OPENLDAP_2.4_2 2.4.25
+ ldap_sasl_interactive_bind_s@OPENLDAP_2.4_2 2.4.7
+ ldap_scherr2str@OPENLDAP_2.4_2 2.4.7
+ ldap_search@OPENLDAP_2.4_2 2.4.7
+ ldap_search_ext@OPENLDAP_2.4_2 2.4.7
+ ldap_search_ext_s@OPENLDAP_2.4_2 2.4.7
+ ldap_search_s@OPENLDAP_2.4_2 2.4.7
+ ldap_search_st@OPENLDAP_2.4_2 2.4.7
+ ldap_send_initial_request@OPENLDAP_2.4_2 2.4.7
+ ldap_send_server_request@OPENLDAP_2.4_2 2.4.7
+ ldap_send_unbind@OPENLDAP_2.4_2 2.4.7
+ ldap_set_ber_options@OPENLDAP_2.4_2 2.4.7
+ ldap_set_nextref_proc@OPENLDAP_2.4_2 2.4.7
+ ldap_set_option@OPENLDAP_2.4_2 2.4.7
+ ldap_set_rebind_proc@OPENLDAP_2.4_2 2.4.7
+ ldap_set_urllist_proc@OPENLDAP_2.4_2 2.4.7
+ ldap_simple_bind@OPENLDAP_2.4_2 2.4.7
+ ldap_simple_bind_s@OPENLDAP_2.4_2 2.4.7
+ ldap_sort_entries@OPENLDAP_2.4_2 2.4.7
+ ldap_sort_strcasecmp@OPENLDAP_2.4_2 2.4.7
+ ldap_sort_values@OPENLDAP_2.4_2 2.4.7
+ ldap_start_tls@OPENLDAP_2.4_2 2.4.7
+ ldap_start_tls_s@OPENLDAP_2.4_2 2.4.7
+ ldap_str2attributetype@OPENLDAP_2.4_2 2.4.7
+ ldap_str2charray@OPENLDAP_2.4_2 2.4.7
+ ldap_str2contentrule@OPENLDAP_2.4_2 2.4.7
+ ldap_str2dn@OPENLDAP_2.4_2 2.4.7
+ ldap_str2matchingrule@OPENLDAP_2.4_2 2.4.7
+ ldap_str2matchingruleuse@OPENLDAP_2.4_2 2.4.7
+ ldap_str2nameform@OPENLDAP_2.4_2 2.4.7
+ ldap_str2objectclass@OPENLDAP_2.4_2 2.4.7
+ ldap_str2rdn@OPENLDAP_2.4_2 2.4.7
+ ldap_str2structurerule@OPENLDAP_2.4_2 2.4.7
+ ldap_str2syntax@OPENLDAP_2.4_2 2.4.7
+ ldap_strdup@OPENLDAP_2.4_2 2.4.7
+ ldap_structurerule2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_structurerule2name@OPENLDAP_2.4_2 2.4.7
+ ldap_structurerule2str@OPENLDAP_2.4_2 2.4.7
+ ldap_structurerule_free@OPENLDAP_2.4_2 2.4.7
+ ldap_sync_destroy@OPENLDAP_2.4_2 2.4.7
+ ldap_sync_init@OPENLDAP_2.4_2 2.4.7
+ ldap_sync_init_refresh_and_persist@OPENLDAP_2.4_2 2.4.7
+ ldap_sync_init_refresh_only@OPENLDAP_2.4_2 2.4.7
+ ldap_sync_initialize@OPENLDAP_2.4_2 2.4.7
+ ldap_sync_poll@OPENLDAP_2.4_2 2.4.7
+ ldap_syntax2bv@OPENLDAP_2.4_2 2.4.7
+ ldap_syntax2name@OPENLDAP_2.4_2 2.4.7
+ ldap_syntax2str@OPENLDAP_2.4_2 2.4.7
+ ldap_syntax_free@OPENLDAP_2.4_2 2.4.7
+ ldap_tls_inplace@OPENLDAP_2.4_2 2.4.7
+ ldap_turn@OPENLDAP_2.4_2 2.4.7
+ ldap_turn_s@OPENLDAP_2.4_2 2.4.7
+ ldap_ucs_to_utf8s@OPENLDAP_2.4_2 2.4.7
+ ldap_unbind@OPENLDAP_2.4_2 2.4.7
+ ldap_unbind_ext@OPENLDAP_2.4_2 2.4.7
+ ldap_unbind_ext_s@OPENLDAP_2.4_2 2.4.7
+ ldap_unbind_s@OPENLDAP_2.4_2 2.4.7
+ ldap_url_desc2str@OPENLDAP_2.4_2 2.4.7
+ ldap_url_dup@OPENLDAP_2.4_2 2.4.7
+ ldap_url_duplist@OPENLDAP_2.4_2 2.4.7
+ ldap_url_list2hosts@OPENLDAP_2.4_2 2.4.7
+ ldap_url_list2urls@OPENLDAP_2.4_2 2.4.7
+ ldap_url_parse@OPENLDAP_2.4_2 2.4.7
+ ldap_url_parse_ext@OPENLDAP_2.4_2 2.4.7
+ ldap_url_parsehosts@OPENLDAP_2.4_2 2.4.7
+ ldap_url_parselist@OPENLDAP_2.4_2 2.4.7
+ ldap_url_parselist_ext@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_bytes@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_charlen2@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_charlen@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_chars@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_copy@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isalnum@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isalpha@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isascii@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isdigit@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_islower@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isspace@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isupper@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_isxdigit@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_lentab@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_mintab@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_next@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_offset@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_prev@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strchr@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strcspn@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strpbrk@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strspn@OPENLDAP_2.4_2 2.4.7
+ ldap_utf8_strtok@OPENLDAP_2.4_2 2.4.7
+ ldap_value_dup@OPENLDAP_2.4_2 2.4.7
+ ldap_value_free@OPENLDAP_2.4_2 2.4.7
+ ldap_value_free_len@OPENLDAP_2.4_2 2.4.7
+ ldap_whoami@OPENLDAP_2.4_2 2.4.7
+ ldap_whoami_s@OPENLDAP_2.4_2 2.4.7
+ ldap_x_mb_to_utf8@OPENLDAP_2.4_2 2.4.7
+ ldap_x_mbs_to_utf8s@OPENLDAP_2.4_2 2.4.7
+ ldap_x_ucs4_to_utf8@OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8_to_mb@OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8_to_ucs4@OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8_to_wc@OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8s_to_mbs@OPENLDAP_2.4_2 2.4.7
+ ldap_x_utf8s_to_wcs@OPENLDAP_2.4_2 2.4.7
+ ldap_x_wc_to_utf8@OPENLDAP_2.4_2 2.4.7
+ ldap_x_wcs_to_utf8s@OPENLDAP_2.4_2 2.4.7
+ ldif_close@OPENLDAP_2.4_2 2.4.25
+ ldif_countlines@OPENLDAP_2.4_2 2.4.25
+ ldif_debug@OPENLDAP_2.4_2 2.4.25
+ ldif_fetch_url@OPENLDAP_2.4_2 2.4.25
+ ldif_getline@OPENLDAP_2.4_2 2.4.25
+ ldif_is_not_printable@OPENLDAP_2.4_2 2.4.25
+ ldif_must_b64_encode_register@OPENLDAP_2.4_2 2.4.25
+ ldif_must_b64_encode_release@OPENLDAP_2.4_2 2.4.25
+ ldif_open@OPENLDAP_2.4_2 2.4.25
+ ldif_open_url@OPENLDAP_2.4_2 2.4.25
+ ldif_parse_line2@OPENLDAP_2.4_2 2.4.25
+ ldif_parse_line@OPENLDAP_2.4_2 2.4.25
+ ldif_put@OPENLDAP_2.4_2 2.4.25
+ ldif_put_wrap@OPENLDAP_2.4_2 2.4.25
+ ldif_read_record@OPENLDAP_2.4_2 2.4.39
+ ldif_sput@OPENLDAP_2.4_2 2.4.25
+ ldif_sput_wrap@OPENLDAP_2.4_2 2.4.25
diff --git a/debian/libldap-common.install b/debian/libldap-common.install
new file mode 100644
index 0000000..b64373e
--- /dev/null
+++ b/debian/libldap-common.install
@@ -0,0 +1 @@
+etc/ldap/ldap.conf
diff --git a/debian/libldap-common.manpages b/debian/libldap-common.manpages
new file mode 100644
index 0000000..6f9e09c
--- /dev/null
+++ b/debian/libldap-common.manpages
@@ -0,0 +1 @@
+debian/tmp/usr/share/man/man5/ldap.conf.5
diff --git a/debian/libldap2-dev.dirs b/debian/libldap2-dev.dirs
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/debian/libldap2-dev.dirs
diff --git a/debian/libldap2-dev.install b/debian/libldap2-dev.install
new file mode 100644
index 0000000..1b89c2d
--- /dev/null
+++ b/debian/libldap2-dev.install
@@ -0,0 +1,12 @@
+usr/include/lber.h
+usr/include/lber_types.h
+usr/include/ldap_cdefs.h
+usr/include/ldap_features.h
+usr/include/ldap.h
+usr/include/ldap_schema.h
+usr/include/ldap_utf8.h
+usr/include/ldif.h
+usr/lib/*/liblber.a
+usr/lib/*/liblber.so
+usr/lib/*/libldap_r.a
+usr/lib/*/libldap_r.so
diff --git a/debian/libldap2-dev.links.in b/debian/libldap2-dev.links.in
new file mode 100644
index 0000000..8ded4da
--- /dev/null
+++ b/debian/libldap2-dev.links.in
@@ -0,0 +1,12 @@
+usr/share/man/man3/lber-encode.3 usr/share/man/man3/ber_put_bitstring.3
+usr/share/man/man3/lber-encode.3 usr/share/man/man3/ber_put_boolean.3
+usr/share/man/man3/lber-encode.3 usr/share/man/man3/ber_start_seq.3
+usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memalloc.3
+usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memcalloc.3
+usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memfree.3
+usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memrealloc.3
+usr/share/man/man3/lber-types.3 usr/share/man/man3/ber_int_t.3
+usr/share/man/man3/lber-types.3 usr/share/man/man3/ber_len_t.3
+usr/share/man/man3/lber-types.3 usr/share/man/man3/ber_tag_t.3
+usr/lib/${DEB_HOST_MULTIARCH}/libldap_r.so usr/lib/${DEB_HOST_MULTIARCH}/libldap.so
+usr/lib/${DEB_HOST_MULTIARCH}/libldap_r.a usr/lib/${DEB_HOST_MULTIARCH}/libldap.a
diff --git a/debian/libldap2-dev.manpages b/debian/libldap2-dev.manpages
new file mode 100644
index 0000000..7c72677
--- /dev/null
+++ b/debian/libldap2-dev.manpages
@@ -0,0 +1 @@
+debian/tmp/usr/share/man/man3/*
diff --git a/debian/patches/ITS-8964-Do-not-free-original-filter.patch b/debian/patches/ITS-8964-Do-not-free-original-filter.patch
new file mode 100644
index 0000000..7714e0a
--- /dev/null
+++ b/debian/patches/ITS-8964-Do-not-free-original-filter.patch
@@ -0,0 +1,36 @@
+From 0f7ec3a81258bb2c33b5d7c7434ef1c11d7fa7cb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
+Date: Mon, 17 Jun 2019 12:49:25 +0200
+Subject: [PATCH] ITS#8964 Do not free original filter
+
+---
+ servers/slapd/overlays/rwm.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/servers/slapd/overlays/rwm.c b/servers/slapd/overlays/rwm.c
+index 36bceaffe..2e24f24cc 100644
+--- a/servers/slapd/overlays/rwm.c
++++ b/servers/slapd/overlays/rwm.c
+@@ -125,11 +125,15 @@ rwm_op_rollback( Operation *op, SlapReply *rs, rwm_op_state *ros )
+ break;
+ case LDAP_REQ_SEARCH:
+ op->o_tmpfree( ros->mapped_attrs, op->o_tmpmemctx );
+- filter_free_x( op, op->ors_filter, 1 );
+- op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+ op->ors_attrs = ros->ors_attrs;
+- op->ors_filter = ros->ors_filter;
+- op->ors_filterstr = ros->ors_filterstr;
++ if ( op->ors_filter != ros->ors_filter ) {
++ filter_free_x( op, op->ors_filter, 1 );
++ op->ors_filter = ros->ors_filter;
++ }
++ if ( op->ors_filterstr.bv_val != ros->ors_filterstr.bv_val ) {
++ op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
++ op->ors_filterstr = ros->ors_filterstr;
++ }
+ break;
+ case LDAP_REQ_EXTENDED:
+ if ( op->ore_reqdata != ros->ore_reqdata ) {
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9038-Another-test028-typo.patch b/debian/patches/ITS-9038-Another-test028-typo.patch
new file mode 100644
index 0000000..243e200
--- /dev/null
+++ b/debian/patches/ITS-9038-Another-test028-typo.patch
@@ -0,0 +1,25 @@
+From 0832ec02f0679cf0862dca2cca5280be1e4fdb37 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
+Date: Thu, 27 Jun 2019 00:45:29 +0200
+Subject: [PATCH] ITS#9038 Another test028 typo
+
+---
+ tests/scripts/test028-idassert | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert
+index 564a615d2..dacd68d8f 100755
+--- a/tests/scripts/test028-idassert
++++ b/tests/scripts/test028-idassert
+@@ -252,7 +252,7 @@ if test $USE_SASL != "no" ; then
+ if test $RC != 50 ; then
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+- exit $RC
++ exit 1
+ fi
+
+ echo "Filtering ldapsearch results..."
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9038-Fix-typo-in-test-script.patch b/debian/patches/ITS-9038-Fix-typo-in-test-script.patch
new file mode 100644
index 0000000..72cd9fe
--- /dev/null
+++ b/debian/patches/ITS-9038-Fix-typo-in-test-script.patch
@@ -0,0 +1,25 @@
+From c064d45c5d4551f2321276c3a5ed25b1c08e115d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
+Date: Mon, 24 Jun 2019 16:37:23 +0200
+Subject: [PATCH] ITS#9038 Fix typo in test script
+
+---
+ tests/scripts/test028-idassert | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert
+index 9e5e10724..564a615d2 100755
+--- a/tests/scripts/test028-idassert
++++ b/tests/scripts/test028-idassert
+@@ -199,7 +199,7 @@ RC=$?
+ if test $RC != 1 ; then
+ echo "ldapwhoami should have failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+- exit $RC
++ exit 1
+ fi
+
+ ID="uid=jaj,ou=People,dc=example,dc=it"
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9038-Update-test028-to-test-this-is-enforced.patch b/debian/patches/ITS-9038-Update-test028-to-test-this-is-enforced.patch
new file mode 100644
index 0000000..3e8712a
--- /dev/null
+++ b/debian/patches/ITS-9038-Update-test028-to-test-this-is-enforced.patch
@@ -0,0 +1,102 @@
+From ce5869c89a0cf1a9ec23bde014cb4c11f4d0360c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
+Date: Wed, 19 Jun 2019 18:47:32 +0200
+Subject: [PATCH] ITS#9038 Update test028 to test this is enforced
+
+---
+ tests/data/idassert.out | 5 +++++
+ tests/data/slapd-idassert.conf | 1 +
+ tests/data/test-idassert1.ldif | 6 ++++++
+ tests/scripts/test028-idassert | 24 ++++++++++++++++++++++++
+ 4 files changed, 36 insertions(+)
+
+diff --git a/tests/data/idassert.out b/tests/data/idassert.out
+index 53d76bb2e..fa51c25d6 100644
+--- a/tests/data/idassert.out
++++ b/tests/data/idassert.out
+@@ -4,6 +4,11 @@ objectClass: dcObject
+ o: Example, Inc.
+ dc: example
+
++dn: cn=Manager,o=Example,c=US
++objectClass: inetOrgPerson
++cn: Manager
++sn: Parson
++
+ dn: ou=People,o=Example,c=US
+ objectClass: organizationalUnit
+ ou: People
+diff --git a/tests/data/slapd-idassert.conf b/tests/data/slapd-idassert.conf
+index 88d66a36f..561c5ccc4 100644
+--- a/tests/data/slapd-idassert.conf
++++ b/tests/data/slapd-idassert.conf
+@@ -36,6 +36,7 @@ argsfile @TESTDIR@/slapd.1.args
+ #######################################################################
+
+ authz-policy both
++authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com"
+ authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)"
+ authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)"
+ authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)"
+diff --git a/tests/data/test-idassert1.ldif b/tests/data/test-idassert1.ldif
+index 063d6ec45..3ccbd1a22 100644
+--- a/tests/data/test-idassert1.ldif
++++ b/tests/data/test-idassert1.ldif
+@@ -4,6 +4,12 @@ objectClass: dcObject
+ o: Example, Inc.
+ dc: example
+
++dn: cn=Manager,dc=example,dc=com
++objectClass: inetOrgPerson
++cn: Manager
++sn: Parson
++userPassword: secret
++
+ dn: ou=People,dc=example,dc=com
+ objectClass: organizationalUnit
+ ou: People
+diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert
+index b1e16744a..9e5e10724 100755
+--- a/tests/scripts/test028-idassert
++++ b/tests/scripts/test028-idassert
+@@ -191,6 +191,17 @@ if test $RC != 0 ; then
+ exit $RC
+ fi
+
++AUTHZID="u:it/jaj"
++echo "Checking another DB's rootdn can't assert identity from another DB..."
++$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -e\!"authzid=$AUTHZID"
++
++RC=$?
++if test $RC != 1 ; then
++ echo "ldapwhoami should have failed ($RC)!"
++ test $KILLSERVERS != no && kill -HUP $KILLPIDS
++ exit $RC
++fi
++
+ ID="uid=jaj,ou=People,dc=example,dc=it"
+ BASE="o=Example,c=US"
+ echo "Testing ldapsearch as $ID for \"$BASE\"..."
+@@ -231,6 +242,19 @@ if test $USE_SASL != "no" ; then
+ exit $RC
+ fi
+
++ ID="manager"
++ AUTHZID="u:it/jaj"
++ echo "Checking another DB's rootdn can't assert in another (with SASL bind this time)..."
++ $LDAPSASLWHOAMI -h $LOCALHOST -p $PORT1 \
++ -Q -U "$ID" -w $PASSWD -Y $MECH -X $AUTHZID
++
++ RC=$?
++ if test $RC != 50 ; then
++ echo "ldapwhoami should have failed ($RC)!"
++ test $KILLSERVERS != no && kill -HUP $KILLPIDS
++ exit $RC
++ fi
++
+ echo "Filtering ldapsearch results..."
+ $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+ echo "Filtering original ldif used to create database..."
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch b/debian/patches/ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch
new file mode 100644
index 0000000..a63c6fe
--- /dev/null
+++ b/debian/patches/ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch
@@ -0,0 +1,36 @@
+From f120d0e461178b5974694876ba2d2bdba4f7d122 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Wed, 19 Jun 2019 12:29:02 +0100
+Subject: [PATCH] ITS#9038 restrict rootDN proxyauthz to its own DBs.
+
+Treat as normal user for any other DB.
+---
+ servers/slapd/saslauthz.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
+index 64c70537d..b3727eafe 100644
+--- a/servers/slapd/saslauthz.c
++++ b/servers/slapd/saslauthz.c
+@@ -2062,12 +2062,13 @@ int slap_sasl_authorized( Operation *op,
+ goto DONE;
+ }
+
+- /* Allow the manager to authorize as any DN. */
+- if( op->o_conn->c_authz_backend &&
+- be_isroot_dn( op->o_conn->c_authz_backend, authcDN ))
++ /* Allow the manager to authorize as any DN in its own DBs. */
+ {
+- rc = LDAP_SUCCESS;
+- goto DONE;
++ Backend *zbe = select_backend( authzDN, 1 );
++ if ( zbe && be_isroot_dn( zbe, authcDN )) {
++ rc = LDAP_SUCCESS;
++ goto DONE;
++ }
+ }
+
+ /* Check source rules */
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9052-zero-out-sasl_ssf-in-connection_init.patch b/debian/patches/ITS-9052-zero-out-sasl_ssf-in-connection_init.patch
new file mode 100644
index 0000000..ec09120
--- /dev/null
+++ b/debian/patches/ITS-9052-zero-out-sasl_ssf-in-connection_init.patch
@@ -0,0 +1,25 @@
+From 744a46a1acb93798f4e027290191d6a11dd4c18c Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Wed, 10 Jul 2019 21:29:39 +0100
+Subject: [PATCH] ITS#9052 zero out sasl_ssf in connection_init
+
+---
+ servers/slapd/connection.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
+index b85bcb4c6..704067c55 100644
+--- a/servers/slapd/connection.c
++++ b/servers/slapd/connection.c
+@@ -554,7 +554,7 @@ Connection * connection_init(
+ c->c_close_reason = "?"; /* should never be needed */
+
+ c->c_ssf = c->c_transport_ssf = ssf;
+- c->c_tls_ssf = 0;
++ c->c_tls_ssf = c->c_sasl_ssf = 0;
+
+ #ifdef HAVE_TLS
+ if ( flags & CONN_IS_TLS ) {
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9202-limit-depth-of-nested-filters.patch b/debian/patches/ITS-9202-limit-depth-of-nested-filters.patch
new file mode 100644
index 0000000..8c547d1
--- /dev/null
+++ b/debian/patches/ITS-9202-limit-depth-of-nested-filters.patch
@@ -0,0 +1,125 @@
+From 45c18dbd0b2e91841e642ffbe835c46f189f19ee Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Thu, 16 Apr 2020 01:08:19 +0100
+Subject: [PATCH] ITS#9202 limit depth of nested filters
+
+Using a hardcoded limit for now; no reasonable apps
+should ever run into it.
+---
+ servers/slapd/filter.c | 41 ++++++++++++++++++++++++++++++++---------
+ 1 file changed, 32 insertions(+), 9 deletions(-)
+
+diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
+index cf5ae3daef..e397bebe87 100644
+--- a/servers/slapd/filter.c
++++ b/servers/slapd/filter.c
+@@ -37,11 +37,16 @@
+ const Filter *slap_filter_objectClass_pres;
+ const struct berval *slap_filterstr_objectClass_pres;
+
++#ifndef SLAPD_MAX_FILTER_DEPTH
++#define SLAPD_MAX_FILTER_DEPTH 5000
++#endif
++
+ static int get_filter_list(
+ Operation *op,
+ BerElement *ber,
+ Filter **f,
+- const char **text );
++ const char **text,
++ int depth );
+
+ static int get_ssa(
+ Operation *op,
+@@ -80,12 +85,13 @@ filter_destroy( void )
+ return;
+ }
+
+-int
+-get_filter(
++static int
++get_filter0(
+ Operation *op,
+ BerElement *ber,
+ Filter **filt,
+- const char **text )
++ const char **text,
++ int depth )
+ {
+ ber_tag_t tag;
+ ber_len_t len;
+@@ -126,6 +132,11 @@ get_filter(
+ *
+ */
+
++ if( depth > SLAPD_MAX_FILTER_DEPTH ) {
++ *text = "filter nested too deeply";
++ return SLAPD_DISCONNECT;
++ }
++
+ tag = ber_peek_tag( ber, &len );
+
+ if( tag == LBER_ERROR ) {
+@@ -221,7 +232,7 @@ get_filter(
+
+ case LDAP_FILTER_AND:
+ Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
+- err = get_filter_list( op, ber, &f.f_and, text );
++ err = get_filter_list( op, ber, &f.f_and, text, depth+1 );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+@@ -234,7 +245,7 @@ get_filter(
+
+ case LDAP_FILTER_OR:
+ Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
+- err = get_filter_list( op, ber, &f.f_or, text );
++ err = get_filter_list( op, ber, &f.f_or, text, depth+1 );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+@@ -248,7 +259,7 @@ get_filter(
+ case LDAP_FILTER_NOT:
+ Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
+ (void) ber_skip_tag( ber, &len );
+- err = get_filter( op, ber, &f.f_not, text );
++ err = get_filter0( op, ber, &f.f_not, text, depth+1 );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+@@ -311,10 +322,22 @@ get_filter(
+ return( err );
+ }
+
++int
++get_filter(
++ Operation *op,
++ BerElement *ber,
++ Filter **filt,
++ const char **text )
++{
++ return get_filter0( op, ber, filt, text, 0 );
++}
++
++
+ static int
+ get_filter_list( Operation *op, BerElement *ber,
+ Filter **f,
+- const char **text )
++ const char **text,
++ int depth )
+ {
+ Filter **new;
+ int err;
+@@ -328,7 +351,7 @@ get_filter_list( Operation *op, BerElement *ber,
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &len, last ) )
+ {
+- err = get_filter( op, ber, new, text );
++ err = get_filter0( op, ber, new, text, depth );
+ if ( err != LDAP_SUCCESS )
+ return( err );
+ new = &(*new)->f_next;
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9370-check-for-equality-rule-on-old_rdn.patch b/debian/patches/ITS-9370-check-for-equality-rule-on-old_rdn.patch
new file mode 100644
index 0000000..832e41a
--- /dev/null
+++ b/debian/patches/ITS-9370-check-for-equality-rule-on-old_rdn.patch
@@ -0,0 +1,27 @@
+From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 19 Oct 2020 14:03:41 +0100
+Subject: [PATCH] ITS#9370 check for equality rule on old_rdn
+
+Just skip normalization if there's no equality rule. We accept
+DNs without equality rules already.
+---
+ servers/slapd/modrdn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
+index c73dd8dbaa..a22975540c 100644
+--- a/servers/slapd/modrdn.c
++++ b/servers/slapd/modrdn.c
+@@ -505,7 +505,7 @@ slap_modrdn2mods(
+ mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value );
+ mod_tmp->sml_values[1].bv_val = NULL;
+- if( desc->ad_type->sat_equality->smr_normalize) {
++ if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) {
+ mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ (void) (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9383-remove-assert-in-certificateListValidate.patch b/debian/patches/ITS-9383-remove-assert-in-certificateListValidate.patch
new file mode 100644
index 0000000..7000fc2
--- /dev/null
+++ b/debian/patches/ITS-9383-remove-assert-in-certificateListValidate.patch
@@ -0,0 +1,26 @@
+From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 13:12:10 +0000
+Subject: [PATCH] ITS#9383 remove assert in certificateListValidate
+
+---
+ servers/slapd/schema_init.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index ea0d67aa62..28f9e71a16 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
+ /* Optional version */
+ if ( tag == LBER_INTEGER ) {
+ tag = ber_get_int( ber, &version );
+- assert( tag == LBER_INTEGER );
+- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
+ }
+ tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch b/debian/patches/ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch
new file mode 100644
index 0000000..96f5b67
--- /dev/null
+++ b/debian/patches/ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch
@@ -0,0 +1,27 @@
+From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 16:01:14 +0000
+Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23()
+
+---
+ servers/slapd/schema_init.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 5812bc4b66..ea0d67aa62 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -5327,8 +5327,8 @@ csnNormalize23(
+ }
+ *ptr = '\0';
+
+- assert( ptr == &bv.bv_val[bv.bv_len] );
+- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
++ if ( ptr != &bv.bv_val[bv.bv_len] ||
++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch b/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch
new file mode 100644
index 0000000..de25ed2
--- /dev/null
+++ b/debian/patches/ITS-9404-fix-serialNumberAndIssuerCheck.patch
@@ -0,0 +1,58 @@
+From 38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 23 Nov 2020 17:14:00 +0000
+Subject: [PATCH] ITS#9404 fix serialNumberAndIssuerCheck
+
+Tighten validity checks
+---
+ servers/slapd/schema_init.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 834f54593d..5b577607de 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -3193,7 +3193,7 @@ serialNumberAndIssuerCheck(
+
+ if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+- if( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) {
++ if( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) {
+ /* Parse old format */
+ is->bv_val = ber_bvchr( in, '$' );
+ if( BER_BVISNULL( is ) ) return LDAP_INVALID_SYNTAX;
+@@ -3224,7 +3224,7 @@ serialNumberAndIssuerCheck(
+ HAVE_ALL = ( HAVE_ISSUER | HAVE_SN )
+ } have = HAVE_NONE;
+
+- int numdquotes = 0;
++ int numdquotes = 0, gotquote;
+ struct berval x = *in;
+ struct berval ni;
+ x.bv_val++;
+@@ -3266,11 +3266,12 @@ serialNumberAndIssuerCheck(
+ is->bv_val = x.bv_val;
+ is->bv_len = 0;
+
+- for ( ; is->bv_len < x.bv_len; ) {
++ for ( gotquote=0; is->bv_len < x.bv_len; ) {
+ if ( is->bv_val[is->bv_len] != '"' ) {
+ is->bv_len++;
+ continue;
+ }
++ gotquote = 1;
+ if ( is->bv_val[is->bv_len+1] == '"' ) {
+ /* double dquote */
+ numdquotes++;
+@@ -3279,6 +3280,8 @@ serialNumberAndIssuerCheck(
+ }
+ break;
+ }
++ if ( !gotquote ) return LDAP_INVALID_SYNTAX;
++
+ x.bv_val += is->bv_len + 1;
+ x.bv_len -= is->bv_len + 1;
+
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9406-9407-remove-saslauthz-asserts.patch b/debian/patches/ITS-9406-9407-remove-saslauthz-asserts.patch
new file mode 100644
index 0000000..a6f085c
--- /dev/null
+++ b/debian/patches/ITS-9406-9407-remove-saslauthz-asserts.patch
@@ -0,0 +1,69 @@
+From 6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Fri, 27 Nov 2020 14:37:10 +0000
+Subject: [PATCH 1/2] ITS#9406, #9407 remove saslauthz asserts
+
+---
+ servers/slapd/saslauthz.c | 19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
+index e05f3f9cf6..2e59eb5598 100644
+--- a/servers/slapd/saslauthz.c
++++ b/servers/slapd/saslauthz.c
+@@ -180,14 +180,16 @@ int slap_parse_user( struct berval *id, struct berval *user,
+ }
+
+ if ( !BER_BVISNULL( mech ) ) {
+- assert( mech->bv_val == id->bv_val + 2 );
++ if ( mech->bv_val != id->bv_val + 2 )
++ return LDAP_PROTOCOL_ERROR;
+
+ AC_MEMCPY( mech->bv_val - 2, mech->bv_val, mech->bv_len + 1 );
+ mech->bv_val -= 2;
+ }
+
+ if ( !BER_BVISNULL( realm ) ) {
+- assert( realm->bv_val >= id->bv_val + 2 );
++ if ( realm->bv_val < id->bv_val + 2 )
++ return LDAP_PROTOCOL_ERROR;
+
+ AC_MEMCPY( realm->bv_val - 2, realm->bv_val, realm->bv_len + 1 );
+ realm->bv_val -= 2;
+@@ -449,9 +451,12 @@ is_dn: bv.bv_len = in->bv_len - ( bv.bv_val - in->bv_val );
+ }
+
+ /* Grab the searchbase */
+- assert( ludp->lud_dn != NULL );
+- ber_str2bv( ludp->lud_dn, 0, 0, &bv );
+- rc = dnValidate( NULL, &bv );
++ if ( ludp->lud_dn != NULL ) {
++ ber_str2bv( ludp->lud_dn, 0, 0, &bv );
++ rc = dnValidate( NULL, &bv );
++ } else {
++ rc = LDAP_INVALID_SYNTAX;
++ }
+
+ done:
+ ldap_free_urldesc( ludp );
+@@ -813,7 +818,6 @@ is_dn: bv.bv_len = val->bv_len - ( bv.bv_val - val->bv_val );
+ }
+
+ /* Grab the searchbase */
+- assert( ludp->lud_dn != NULL );
+ if ( ludp->lud_dn ) {
+ struct berval out = BER_BVNULL;
+
+@@ -831,6 +835,9 @@ is_dn: bv.bv_len = val->bv_len - ( bv.bv_val - val->bv_val );
+ }
+
+ ludp->lud_dn = out.bv_val;
++ } else {
++ rc = LDAP_INVALID_SYNTAX;
++ goto done;
+ }
+
+ ludp->lud_port = 0;
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9406-fix-debug-msg.patch b/debian/patches/ITS-9406-fix-debug-msg.patch
new file mode 100644
index 0000000..92fc31e
--- /dev/null
+++ b/debian/patches/ITS-9406-fix-debug-msg.patch
@@ -0,0 +1,33 @@
+From 02dfc32d658fadc25e4040f78e36592f6e1e1ca0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Fri, 27 Nov 2020 14:48:26 +0000
+Subject: [PATCH 2/2] ITS#9406 fix debug msg
+
+---
+ servers/slapd/saslauthz.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
+index 2e59eb5598..982fe3120d 100644
+--- a/servers/slapd/saslauthz.c
++++ b/servers/slapd/saslauthz.c
+@@ -488,6 +488,7 @@ authzPrettyNormal(
+
+ assert( val != NULL );
+ assert( !BER_BVISNULL( val ) );
++ BER_BVZERO( normalized );
+
+ /*
+ * 2) dn[.{exact|children|subtree|onelevel}]:{*|<DN>}
+@@ -906,7 +907,7 @@ authzPretty(
+ rc = authzPrettyNormal( val, out, ctx, 0 );
+
+ Debug( LDAP_DEBUG_TRACE, "<<< authzPretty: <%s> (%d)\n",
+- out->bv_val, rc, 0 );
++ out->bv_val ? out->bv_val : "(null)" , rc, 0 );
+
+ return rc;
+ }
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9408-fix-vrfilter-double-free.patch b/debian/patches/ITS-9408-fix-vrfilter-double-free.patch
new file mode 100644
index 0000000..c4f1295
--- /dev/null
+++ b/debian/patches/ITS-9408-fix-vrfilter-double-free.patch
@@ -0,0 +1,28 @@
+From 21981053a1195ae1555e23df4d9ac68d34ede9dd Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 28 Nov 2020 15:54:17 +0000
+Subject: [PATCH] ITS#9408 fix vrfilter double-free
+
+---
+ servers/slapd/controls.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/controls.c b/servers/slapd/controls.c
+index 3455319406..28fa64eb06 100644
+--- a/servers/slapd/controls.c
++++ b/servers/slapd/controls.c
+@@ -1578,7 +1578,10 @@ static int parseValuesReturnFilter (
+ } else {
+ send_ldap_result( op, rs );
+ }
+- if( op->o_vrFilter != NULL) vrFilter_free( op, op->o_vrFilter );
++ if( op->o_vrFilter != NULL) {
++ vrFilter_free( op, op->o_vrFilter );
++ op->o_vrFilter = NULL;
++ }
+ }
+ #ifdef LDAP_DEBUG
+ else {
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch b/debian/patches/ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch
new file mode 100644
index 0000000..cae29b7
--- /dev/null
+++ b/debian/patches/ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch
@@ -0,0 +1,25 @@
+From c0b61a9486508e5202aa2e0cfb68c9813731b439 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 30 Nov 2020 11:45:46 +0000
+Subject: [PATCH 2/2] ITS#9409 saslauthz: use ch_free on normalized DN
+
+---
+ servers/slapd/saslauthz.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
+index 982fe3120d..cc5a292de7 100644
+--- a/servers/slapd/saslauthz.c
++++ b/servers/slapd/saslauthz.c
+@@ -860,7 +860,7 @@ done:
+
+ if ( lud_dn ) {
+ if ( ludp->lud_dn != lud_dn ) {
+- ber_memfree( ludp->lud_dn );
++ ch_free( ludp->lud_dn );
+ }
+ ludp->lud_dn = lud_dn;
+ }
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch b/debian/patches/ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch
new file mode 100644
index 0000000..8a2a3fd
--- /dev/null
+++ b/debian/patches/ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch
@@ -0,0 +1,25 @@
+From 554dff1927176579d652f2fe60c90e9abbad4c65 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 30 Nov 2020 16:20:18 +0000
+Subject: [PATCH] ITS#9409 saslauthz: use slap_sl_free in prev commit
+
+---
+ servers/slapd/saslauthz.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
+index cc5a292de7..4a9420b37c 100644
+--- a/servers/slapd/saslauthz.c
++++ b/servers/slapd/saslauthz.c
+@@ -860,7 +860,7 @@ done:
+
+ if ( lud_dn ) {
+ if ( ludp->lud_dn != lud_dn ) {
+- ch_free( ludp->lud_dn );
++ slap_sl_free( ludp->lud_dn, ctx );
+ }
+ ludp->lud_dn = lud_dn;
+ }
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9411-fix-thisUpdate-check.patch b/debian/patches/ITS-9411-fix-thisUpdate-check.patch
new file mode 100644
index 0000000..20a39ea
--- /dev/null
+++ b/debian/patches/ITS-9411-fix-thisUpdate-check.patch
@@ -0,0 +1,25 @@
+From 4dfeac8655d964442c00be7e69ee180cc19d1e92 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Tue, 1 Dec 2020 18:02:51 +0000
+Subject: [PATCH] ITS#9411 fix thisUpdate check
+
+---
+ servers/slapd/schema_init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 9049c1878d..2780d630e8 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -3885,7 +3885,7 @@ issuerAndThisUpdateCheck(
+ /* empty */;
+ }
+
+- if ( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
++ if ( !x.bv_len || x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
+ x.bv_val++;
+ x.bv_len--;
+
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch b/debian/patches/ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch
new file mode 100644
index 0000000..b7e32cc
--- /dev/null
+++ b/debian/patches/ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch
@@ -0,0 +1,42 @@
+From 5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Tue, 1 Dec 2020 18:32:35 +0000
+Subject: [PATCH] ITS#9412 fix AVA_Sort on invalid RDN
+
+---
+ servers/slapd/dn.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
+index 06698b089e..7a095ba9e9 100644
+--- a/servers/slapd/dn.c
++++ b/servers/slapd/dn.c
+@@ -233,6 +233,7 @@ AVA_Sort( LDAPRDN rdn, int nAVAs )
+ {
+ LDAPAVA *ava_i;
+ int i;
++ int rc = LDAP_SUCCESS;
+
+ assert( rdn != NULL );
+
+@@ -250,7 +251,7 @@ AVA_Sort( LDAPRDN rdn, int nAVAs )
+ /* RFC4512 does not allow multiple AVAs
+ * with the same attribute type in RDN (ITS#5968) */
+ if ( a == 0 )
+- return LDAP_INVALID_DN_SYNTAX;
++ rc = LDAP_INVALID_DN_SYNTAX;
+
+ if ( a > 0 )
+ break;
+@@ -259,7 +260,7 @@ AVA_Sort( LDAPRDN rdn, int nAVAs )
+ }
+ rdn[ j+1 ] = ava_i;
+ }
+- return LDAP_SUCCESS;
++ return rc;
+ }
+
+ static int
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9413-fix-slap_parse_user.patch b/debian/patches/ITS-9413-fix-slap_parse_user.patch
new file mode 100644
index 0000000..7d620e7
--- /dev/null
+++ b/debian/patches/ITS-9413-fix-slap_parse_user.patch
@@ -0,0 +1,38 @@
+From d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Tue, 1 Dec 2020 19:03:24 +0000
+Subject: [PATCH] ITS#9413 fix slap_parse_user
+
+---
+ servers/slapd/saslauthz.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
+index 4a9420b37c..b17f34a211 100644
+--- a/servers/slapd/saslauthz.c
++++ b/servers/slapd/saslauthz.c
+@@ -156,10 +156,9 @@ int slap_parse_user( struct berval *id, struct berval *user,
+ user->bv_val++;
+ user->bv_len = id->bv_len - ( user->bv_val - id->bv_val );
+
+- mech->bv_val = ber_bvchr( id, '.' );
+- if ( !BER_BVISNULL( mech ) ) {
+- mech->bv_val[ 0 ] = '\0';
+- mech->bv_val++;
++ if ( id->bv_val[1] == '.' ) {
++ id->bv_val[1] = '\0';
++ mech->bv_val = id->bv_val + 2;
+ mech->bv_len = user->bv_val - mech->bv_val - 1;
+
+ realm->bv_val = ber_bvchr( mech, '/' );
+@@ -172,6 +171,7 @@ int slap_parse_user( struct berval *id, struct berval *user,
+ }
+
+ } else {
++ BER_BVZERO( mech );
+ BER_BVZERO( realm );
+ }
+
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch b/debian/patches/ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch
new file mode 100644
index 0000000..321a57a
--- /dev/null
+++ b/debian/patches/ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch
@@ -0,0 +1,48 @@
+From 8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sun, 13 Dec 2020 21:48:45 +0000
+Subject: [PATCH] ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN
+ count
+
+---
+ libraries/libldap/tls2.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
+index ca5a44ab0c..e0c82fa9f8 100644
+--- a/libraries/libldap/tls2.c
++++ b/libraries/libldap/tls2.c
+@@ -1254,6 +1254,12 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
+ }
+ }
+
++ /* Rewind and prepare to extract */
++ ber_rewind( ber );
++ tag = ber_first_element( ber, &len, &dn_end );
++ if ( tag == LBER_DEFAULT )
++ return LDAP_DECODING_ERROR;
++
+ /* Allocate the DN/RDN/AVA stuff as a single block */
+ dnsize = sizeof(LDAPRDN) * (nrdns+1);
+ dnsize += sizeof(LDAPAVA *) * (navas+nrdns);
+@@ -1265,16 +1271,12 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
+ } else {
+ newDN = (LDAPDN)(char *)ptrs;
+ }
+-
++
+ newDN[nrdns] = NULL;
+ newRDN = (LDAPRDN)(newDN + nrdns+1);
+ newAVA = (LDAPAVA *)(newRDN + navas + nrdns);
+ baseAVA = newAVA;
+
+- /* Rewind and start extracting */
+- ber_rewind( ber );
+-
+- tag = ber_first_element( ber, &len, &dn_end );
+ for ( i = nrdns - 1; i >= 0; i-- ) {
+ newDN[i] = newRDN;
+
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch b/debian/patches/ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch
new file mode 100644
index 0000000..9874446
--- /dev/null
+++ b/debian/patches/ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch
@@ -0,0 +1,25 @@
+From 58c1748e81c843c5b6e61648d2a4d1d82b47e842 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 14 Dec 2020 19:03:27 +0000
+Subject: [PATCH] ITS#9424 fix serialNumberAndIssuerSerialCheck
+
+---
+ servers/slapd/schema_init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index d697fa108c..e035c1a6a7 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -4302,7 +4302,7 @@ serialNumberAndIssuerSerialCheck(
+ if ( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+ /* no old format */
+- if ( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX;
++ if ( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX;
+
+ x.bv_val++;
+ x.bv_len -= 2;
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch b/debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch
new file mode 100644
index 0000000..618eb3d
--- /dev/null
+++ b/debian/patches/ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch
@@ -0,0 +1,45 @@
+From 4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 14 Dec 2020 20:05:44 +0000
+Subject: [PATCH] ITS#9425 add more checks to ldap_X509dn2bv
+
+---
+ libraries/libldap/tls2.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
+index e0c82fa9f8..193d20fdfa 100644
+--- a/libraries/libldap/tls2.c
++++ b/libraries/libldap/tls2.c
+@@ -1248,6 +1248,8 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
+ for ( tag = ber_first_element( ber, &len, &rdn_end );
+ tag == LBER_SEQUENCE;
+ tag = ber_next_element( ber, &len, rdn_end )) {
++ if ( rdn_end > dn_end )
++ return LDAP_DECODING_ERROR;
+ tag = ber_skip_tag( ber, &len );
+ ber_skip_data( ber, len );
+ navas++;
+@@ -1257,7 +1259,7 @@ ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
+ /* Rewind and prepare to extract */
+ ber_rewind( ber );
+ tag = ber_first_element( ber, &len, &dn_end );
+- if ( tag == LBER_DEFAULT )
++ if ( tag != LBER_SET )
+ return LDAP_DECODING_ERROR;
+
+ /* Allocate the DN/RDN/AVA stuff as a single block */
+@@ -1370,6 +1372,10 @@ allocd:
+ /* X.690 bitString value converted to RFC4517 Bit String */
+ rc = der_to_ldap_BitString( &Val, &newAVA->la_value );
+ goto allocd;
++ case LBER_DEFAULT:
++ /* decode error */
++ rc = LDAP_DECODING_ERROR;
++ goto nomem;
+ default:
+ /* Not a string type at all */
+ newAVA->la_flags = 0;
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9427-fix-issuerAndThisUpdateCheck.patch b/debian/patches/ITS-9427-fix-issuerAndThisUpdateCheck.patch
new file mode 100644
index 0000000..3f6ddfb
--- /dev/null
+++ b/debian/patches/ITS-9427-fix-issuerAndThisUpdateCheck.patch
@@ -0,0 +1,25 @@
+From 91dccd25c347733b365adc74cb07d074512ed5ad Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Wed, 16 Dec 2020 18:52:42 +0000
+Subject: [PATCH] ITS#9427 fix issuerAndThisUpdateCheck
+
+---
+ servers/slapd/schema_init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index e035c1a6a7..cc7c816937 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -3809,7 +3809,7 @@ issuerAndThisUpdateCheck(
+
+ if ( in->bv_len < STRLENOF( "{issuer \"\",thisUpdate \"YYMMDDhhmmssZ\"}" ) ) return LDAP_INVALID_SYNTAX;
+
+- if ( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) {
++ if ( in->bv_val[0] != '{' || in->bv_val[in->bv_len-1] != '}' ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9428-fix-cancel-exop.patch b/debian/patches/ITS-9428-fix-cancel-exop.patch
new file mode 100644
index 0000000..65e2026
--- /dev/null
+++ b/debian/patches/ITS-9428-fix-cancel-exop.patch
@@ -0,0 +1,28 @@
+From 9d0e8485f3113505743baabf1167e01e4558ccf5 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sun, 20 Dec 2020 21:31:15 +0000
+Subject: [PATCH] ITS#9428 fix cancel exop
+
+---
+ servers/slapd/cancel.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/servers/slapd/cancel.c b/servers/slapd/cancel.c
+index 2060312900..b972b18fc3 100644
+--- a/servers/slapd/cancel.c
++++ b/servers/slapd/cancel.c
+@@ -65,6 +65,11 @@ int cancel_extop( Operation *op, SlapReply *rs )
+ return LDAP_PROTOCOL_ERROR;
+ }
+
++ if ( opid == op->o_msgid ) {
++ op->o_cancel = SLAP_CANCEL_DONE;
++ return LDAP_SUCCESS;
++ }
++
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+
+ if ( op->o_abandon ) {
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9454-fix-issuerAndThisUpdateCheck.patch b/debian/patches/ITS-9454-fix-issuerAndThisUpdateCheck.patch
new file mode 100644
index 0000000..a9b724a
--- /dev/null
+++ b/debian/patches/ITS-9454-fix-issuerAndThisUpdateCheck.patch
@@ -0,0 +1,25 @@
+From 9badb73425a67768c09bcaed1a9c26c684af6c30 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Sat, 6 Feb 2021 20:52:06 +0000
+Subject: [PATCH] ITS#9454 fix issuerAndThisUpdateCheck
+
+---
+ servers/slapd/schema_init.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 31be1154ef..8b1e255393 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -3900,6 +3900,8 @@ issuerAndThisUpdateCheck(
+ break;
+ }
+ }
++ if ( tu->bv_len < STRLENOF("YYYYmmddHHmmssZ") ) return LDAP_INVALID_SYNTAX;
++
+ x.bv_val += tu->bv_len + 1;
+ x.bv_len -= tu->bv_len + 1;
+
+--
+2.20.1
+
diff --git a/debian/patches/ITS-9815-slapd-sql-escape-filter-values.patch b/debian/patches/ITS-9815-slapd-sql-escape-filter-values.patch
new file mode 100644
index 0000000..28e681d
--- /dev/null
+++ b/debian/patches/ITS-9815-slapd-sql-escape-filter-values.patch
@@ -0,0 +1,268 @@
+From 87df6c19915042430540931d199a39105544a134 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Wed, 23 Mar 2022 12:43:31 +0000
+Subject: [PATCH] ITS#9815 slapd-sql: escape filter values
+
+---
+ servers/slapd/back-sql/search.c | 123 +++++++++++++++++++++++++++-----
+ 1 file changed, 105 insertions(+), 18 deletions(-)
+
+--- a/servers/slapd/back-sql/search.c
++++ b/servers/slapd/back-sql/search.c
+@@ -63,6 +63,38 @@
+ ID *lastid );
+ #endif /* ! BACKSQL_ARBITRARY_KEY */
+
++/* Look for chars that need to be escaped, return count of them.
++ * If out is non-NULL, copy escape'd val to it.
++ */
++static int
++backsql_val_escape( Operation *op, struct berval *in, struct berval *out )
++{
++ char *ptr, *end;
++ int q = 0;
++
++ ptr = in->bv_val;
++ end = ptr + in->bv_len;
++ while (ptr < end) {
++ if ( *ptr == '\'' )
++ q++;
++ ptr++;
++ }
++ if ( q && out ) {
++ char *dst;
++ out->bv_len = in->bv_len + q;
++ out->bv_val = op->o_tmpalloc( out->bv_len + 1, op->o_tmpmemctx );
++ ptr = in->bv_val;
++ dst = out->bv_val;
++ while (ptr < end ) {
++ if ( *ptr == '\'' )
++ *dst++ = '\'';
++ *dst++ = *ptr++;
++ }
++ *dst = '\0';
++ }
++ return q;
++}
++
+ static int
+ backsql_attrlist_add( backsql_srch_info *bsi, AttributeDescription *ad )
+ {
+@@ -429,6 +461,8 @@
+ backsql_info *bi = (backsql_info *)bsi->bsi_op->o_bd->be_private;
+ int i;
+ int casefold = 0;
++ int escaped = 0;
++ struct berval escval, *fvalue;
+
+ if ( !f ) {
+ return 0;
+@@ -462,50 +496,68 @@
+
+ BER_BVZERO( &bv );
+ if ( f->f_sub_initial.bv_val ) {
+- bv.bv_len += f->f_sub_initial.bv_len;
++ bv.bv_len += f->f_sub_initial.bv_len + backsql_val_escape( NULL, &f->f_sub_initial, NULL );
+ }
+ if ( f->f_sub_any != NULL ) {
+ for ( a = 0; f->f_sub_any[ a ].bv_val != NULL; a++ ) {
+- bv.bv_len += f->f_sub_any[ a ].bv_len;
++ bv.bv_len += f->f_sub_any[ a ].bv_len + backsql_val_escape( NULL, &f->f_sub_any[ a ], NULL );
+ }
+ }
+ if ( f->f_sub_final.bv_val ) {
+- bv.bv_len += f->f_sub_final.bv_len;
++ bv.bv_len += f->f_sub_final.bv_len + backsql_val_escape( NULL, &f->f_sub_final, NULL );
+ }
+ bv.bv_len = 2 * bv.bv_len - 1;
+ bv.bv_val = ch_malloc( bv.bv_len + 1 );
+
+ s = 0;
+ if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
+- bv.bv_val[ s ] = f->f_sub_initial.bv_val[ 0 ];
+- for ( i = 1; i < f->f_sub_initial.bv_len; i++ ) {
++ fvalue = &f->f_sub_initial;
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ];
++ for ( i = 1; i < fvalue->bv_len; i++ ) {
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+- bv.bv_val[ s + 2 * i ] = f->f_sub_initial.bv_val[ i ];
++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ];
+ }
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ s += 2 * i;
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ }
+
+ if ( f->f_sub_any != NULL ) {
+ for ( a = 0; !BER_BVISNULL( &f->f_sub_any[ a ] ); a++ ) {
+- bv.bv_val[ s ] = f->f_sub_any[ a ].bv_val[ 0 ];
+- for ( i = 1; i < f->f_sub_any[ a ].bv_len; i++ ) {
++ fvalue = &f->f_sub_any[ a ];
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ];
++ for ( i = 1; i < fvalue->bv_len; i++ ) {
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+- bv.bv_val[ s + 2 * i ] = f->f_sub_any[ a ].bv_val[ i ];
++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ];
+ }
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ s += 2 * i;
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ }
+ }
+
+ if ( !BER_BVISNULL( &f->f_sub_final ) ) {
+- bv.bv_val[ s ] = f->f_sub_final.bv_val[ 0 ];
+- for ( i = 1; i < f->f_sub_final.bv_len; i++ ) {
++ fvalue = &f->f_sub_final;
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
++ bv.bv_val[ s ] = fvalue->bv_val[ 0 ];
++ for ( i = 1; i < fvalue->bv_len; i++ ) {
+ bv.bv_val[ s + 2 * i - 1 ] = '%';
+- bv.bv_val[ s + 2 * i ] = f->f_sub_final.bv_val[ i ];
++ bv.bv_val[ s + 2 * i ] = fvalue->bv_val[ i ];
+ }
+- bv.bv_val[ s + 2 * i - 1 ] = '%';
++ bv.bv_val[ s + 2 * i - 1 ] = '%';
+ s += 2 * i;
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ }
+
+ bv.bv_val[ s - 1 ] = '\0';
+@@ -561,11 +613,17 @@
+ f->f_sub_initial.bv_val, 0 );
+ #endif /* BACKSQL_TRACE */
+
++ fvalue = &f->f_sub_initial;
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "b",
+- &f->f_sub_initial );
++ fvalue );
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+ }
+@@ -586,12 +644,18 @@
+ i, f->f_sub_any[ i ].bv_val );
+ #endif /* BACKSQL_TRACE */
+
++ fvalue = &f->f_sub_any[ i ];
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "bc",
+- &f->f_sub_any[ i ],
++ fvalue,
+ '%' );
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ /*
+ * Note: toupper('%') = '%'
+@@ -611,11 +675,17 @@
+ f->f_sub_final.bv_val, 0 );
+ #endif /* BACKSQL_TRACE */
+
++ fvalue = &f->f_sub_final;
++ escaped = backsql_val_escape( bsi->bsi_op, fvalue, &escval );
++ if ( escaped )
++ fvalue = &escval;
+ start = bsi->bsi_flt_where.bb_val.bv_len;
+ backsql_strfcat_x( &bsi->bsi_flt_where,
+ bsi->bsi_op->o_tmpmemctx,
+ "b",
+- &f->f_sub_final );
++ fvalue );
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
+ if ( casefold && BACKSQL_AT_CANUPPERCASE( at ) ) {
+ ldap_pvt_str2upper( &bsi->bsi_flt_where.bb_val.bv_val[ start ] );
+ }
+@@ -1183,6 +1253,8 @@
+ struct berval *filter_value = NULL;
+ MatchingRule *matching_rule = NULL;
+ struct berval ordering = BER_BVC("<=");
++ struct berval escval;
++ int escaped = 0;
+
+ Debug( LDAP_DEBUG_TRACE, "==>backsql_process_filter_attr(%s)\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+@@ -1237,6 +1309,10 @@
+ casefold = 1;
+ }
+
++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval );
++ if ( escaped )
++ filter_value = &escval;
++
+ /* FIXME: directoryString filtering should use a similar
+ * approach to deal with non-prettified values like
+ * " A non prettified value ", by using a LIKE
+@@ -1317,6 +1393,10 @@
+ casefold = 1;
+ }
+
++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval );
++ if ( escaped )
++ filter_value = &escval;
++
+ /*
+ * FIXME: should we uppercase the operands?
+ */
+@@ -1350,7 +1430,7 @@
+ &at->bam_sel_expr,
+ &ordering,
+ '\'',
+- &f->f_av_value,
++ filter_value,
+ (ber_len_t)STRLENOF( /* (' */ "')" ),
+ /* ( */ "')" );
+ }
+@@ -1374,13 +1454,17 @@
+ case LDAP_FILTER_APPROX:
+ /* we do our best */
+
++ filter_value = &f->f_av_value;
++ escaped = backsql_val_escape( bsi->bsi_op, filter_value, &escval );
++ if ( escaped )
++ filter_value = &escval;
+ /*
+ * maybe we should check type of at->sel_expr here somehow,
+ * to know whether upper_func is applicable, but for now
+ * upper_func stuff is made for Oracle, where UPPER is
+ * safely applicable to NUMBER etc.
+ */
+- (void)backsql_process_filter_like( bsi, at, 1, &f->f_av_value );
++ (void)backsql_process_filter_like( bsi, at, 1, filter_value );
+ break;
+
+ default:
+@@ -1394,6 +1478,9 @@
+
+ }
+
++ if ( escaped )
++ bsi->bsi_op->o_tmpfree( escval.bv_val, bsi->bsi_op->o_tmpmemctx );
++
+ Debug( LDAP_DEBUG_TRACE, "<==backsql_process_filter_attr(%s)\n",
+ at->bam_ad->ad_cname.bv_val, 0, 0 );
+
diff --git a/debian/patches/ITS6035-olcauthzregex-needs-restart.patch b/debian/patches/ITS6035-olcauthzregex-needs-restart.patch
new file mode 100644
index 0000000..acd3c6f
--- /dev/null
+++ b/debian/patches/ITS6035-olcauthzregex-needs-restart.patch
@@ -0,0 +1,13 @@
+--- a/doc/man/man5/slapd-config.5
++++ b/doc/man/man5/slapd-config.5
+@@ -409,6 +409,10 @@
+ and replacement patterns. The matching patterns are checked in the order they
+ appear in the attribute, stopping at the first successful match.
+
++Note that changes to
++.B olcAuthzRegexp
++take effect the next time the server is started, not immediately upon
++changing the configuration.
+ .\".B Caution:
+ .\"Because the plus sign + is a character recognized by the regular expression engine,
+ .\"and it will appear in names that include a REALM, be careful to escape the
diff --git a/debian/patches/add-tlscacert-option-to-ldap-conf b/debian/patches/add-tlscacert-option-to-ldap-conf
new file mode 100644
index 0000000..e8e731a
--- /dev/null
+++ b/debian/patches/add-tlscacert-option-to-ldap-conf
@@ -0,0 +1,10 @@
+--- a/libraries/libldap/ldap.conf
++++ b/libraries/libldap/ldap.conf
+@@ -11,3 +11,7 @@
+ #SIZELIMIT 12
+ #TIMELIMIT 15
+ #DEREF never
++
++# TLS certificates (needed for GnuTLS)
++TLS_CACERT /etc/ssl/certs/ca-certificates.crt
++
diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles
new file mode 100644
index 0000000..07256ba
--- /dev/null
+++ b/debian/patches/contrib-makefiles
@@ -0,0 +1,159 @@
+--- a/contrib/slapd-modules/passwd/Makefile
++++ b/contrib/slapd-modules/passwd/Makefile
+@@ -13,7 +13,7 @@
+ INCS = $(LDAP_INC)
+ LIBS = $(LDAP_LIB)
+
+-PROGRAMS = pw-kerberos.la pw-netscape.la pw-radius.la pw-apr1.la
++PROGRAMS = pw-netscape.la pw-apr1.la
+ LTVER = 0:0:0
+
+ prefix=/usr/local
+@@ -27,24 +27,24 @@
+ .SUFFIXES: .c .o .lo
+
+ .c.lo:
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+ all: $(PROGRAMS)
+
+ pw-kerberos.la: kerberos.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? -lkrb5
+
+ pw-netscape.la: netscape.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $?
+
+ pw-radius.la: radius.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? -lradius
+
+ pw-apr1.la: apr1.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $?
+
+ clean:
+--- a/contrib/slapd-modules/passwd/pbkdf2/Makefile
++++ b/contrib/slapd-modules/passwd/pbkdf2/Makefile
+@@ -12,7 +12,7 @@
+ #DEFS = -DSLAPD_PBKDF2_DEBUG
+
+ INCS = $(LDAP_INC)
+-LIBS = $(LDAP_LIB) -lcrypto
++LIBS = $(LDAP_LIB) -lnettle
+
+ PROGRAMS = pw-pbkdf2.la
+ LTVER = 0:0:0
+@@ -30,12 +30,12 @@
+ .SUFFIXES: .c .o .lo
+
+ .c.lo:
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+ all: $(PROGRAMS)
+
+ pw-pbkdf2.la: pw-pbkdf2.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+ clean:
+--- a/contrib/slapd-modules/smbk5pwd/Makefile
++++ b/contrib/slapd-modules/smbk5pwd/Makefile
+@@ -19,10 +19,10 @@
+ $(LDAP_BUILD)/libraries/liblber/liblber.la
+
+ SSL_INC =
+-SSL_LIB = -lcrypto
++SSL_LIB = -lnettle
+
+-HEIMDAL_INC = -I/usr/heimdal/include
+-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
++HEIMDAL_INC = $(shell krb5-config.heimdal --cflags kadm-server)
++HEIMDAL_LIB = $(shell krb5-config.heimdal --libs kadm-server)
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
+ CC = gcc
+@@ -30,7 +30,8 @@
+ # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
+ DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW
+ INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+-LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
++# put /usr/lib/heimdal before /usr/lib in case libkrb5-dev is installed, #745356
++LIBS = $(HEIMDAL_LIB) $(LDAP_LIB) $(SSL_LIB)
+
+ PROGRAMS = smbk5pwd.la
+ LTVER = 0:0:0
+@@ -46,12 +47,12 @@
+ .SUFFIXES: .c .o .lo
+
+ .c.lo:
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+ all: $(PROGRAMS)
+
+ smbk5pwd.la: smbk5pwd.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+ clean:
+--- a/contrib/slapd-modules/autogroup/Makefile
++++ b/contrib/slapd-modules/autogroup/Makefile
+@@ -27,12 +27,12 @@
+ .SUFFIXES: .c .o .lo
+
+ .c.lo:
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+ all: $(PROGRAMS)
+
+ autogroup.la: autogroup.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+ clean:
+--- a/contrib/slapd-modules/lastbind/Makefile
++++ b/contrib/slapd-modules/lastbind/Makefile
+@@ -37,12 +37,12 @@
+ .SUFFIXES: .c .o .lo
+
+ .c.lo:
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+ all: $(PROGRAMS)
+
+ lastbind.la: lastbind.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+ clean:
+--- a/contrib/slapd-modules/passwd/sha2/Makefile
++++ b/contrib/slapd-modules/passwd/sha2/Makefile
+@@ -28,12 +28,12 @@
+ .SUFFIXES: .c .o .lo
+
+ .c.lo:
+- $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++ $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+ all: $(PROGRAMS)
+
+ pw-sha2.la: slapd-sha2.lo sha2.lo
+- $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+ -rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+ clean:
diff --git a/debian/patches/do-not-second-guess-sonames b/debian/patches/do-not-second-guess-sonames
new file mode 100644
index 0000000..bbf099c
--- /dev/null
+++ b/debian/patches/do-not-second-guess-sonames
@@ -0,0 +1,68 @@
+Rip out code that second-guesses the libsasl soname / Debian shlibs. If
+cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream
+there, not kludged around upstream here!
+
+Debian bug #546885
+
+Upstream ITS #6302 filed.
+
+--- a/libraries/libldap/cyrus.c
++++ b/libraries/libldap/cyrus.c
+@@ -74,28 +74,6 @@
+ */
+ int ldap_int_sasl_init( void )
+ {
+-#ifdef HAVE_SASL_VERSION
+- /* stringify the version number, sasl.h doesn't do it for us */
+-#define VSTR0(maj, min, pat) #maj "." #min "." #pat
+-#define VSTR(maj, min, pat) VSTR0(maj, min, pat)
+-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \
+- SASL_VERSION_STEP)
+- { int rc;
+- sasl_version( NULL, &rc );
+- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) ||
+- (rc & 0xffff) < SASL_VERSION_STEP) {
+- char version[sizeof("xxx.xxx.xxxxx")];
+- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff,
+- rc & 0xffff );
+-
+- Debug( LDAP_DEBUG_ANY,
+- "ldap_int_sasl_init: SASL library version mismatch:"
+- " expected " SASL_VERSION_STRING ","
+- " got %s\n", version, 0, 0 );
+- return -1;
+- }
+- }
+-#endif
+
+ /* SASL 2 takes care of its own memory completely internally */
+ #if SASL_VERSION_MAJOR < 2 && !defined(CSRIMALLOC)
+--- a/servers/slapd/sasl.c
++++ b/servers/slapd/sasl.c
+@@ -1145,26 +1145,6 @@ int slap_sasl_init( void )
+ #endif
+
+ #ifdef HAVE_CYRUS_SASL
+-#ifdef HAVE_SASL_VERSION
+- /* stringify the version number, sasl.h doesn't do it for us */
+-#define VSTR0(maj, min, pat) #maj "." #min "." #pat
+-#define VSTR(maj, min, pat) VSTR0(maj, min, pat)
+-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \
+- SASL_VERSION_STEP)
+-
+- sasl_version( NULL, &rc );
+- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) ||
+- (rc & 0xffff) < SASL_VERSION_STEP)
+- {
+- char version[sizeof("xxx.xxx.xxxxx")];
+- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff,
+- rc & 0xffff );
+- Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version mismatch:"
+- " expected %s, got %s\n",
+- SASL_VERSION_STRING, version, 0 );
+- return -1;
+- }
+-#endif
+
+ sasl_set_mutex(
+ ldap_pvt_sasl_mutex_new,
diff --git a/debian/patches/evolution-ntlm b/debian/patches/evolution-ntlm
new file mode 100644
index 0000000..cd9bc26
--- /dev/null
+++ b/debian/patches/evolution-ntlm
@@ -0,0 +1,222 @@
+Patch from evolution-exchange (2.10.3). The ldap_ntlm_bind function is
+actually called by evolution-data-server, checked at version 1.12.2.
+Without this patch, the Exchange addressbook integration uses simple binds
+with cleartext passwords.
+
+Russ checked with openldap-software for upstream's opinion on this patch
+on 2007-12-21. Upstream had never received it as a patch submission and
+given that it's apparently only for older Exchange servers that can't do
+SASL and DIGEST-MD5, it's not very appealing.
+
+Bug#457374 filed against evolution-data-server asking if this support is
+still required on 2007-12-21.
+
+--- a/include/ldap.h
++++ b/include/ldap.h
+@@ -2517,5 +2517,25 @@ ldap_parse_deref_control LDAP_P((
+ LDAPControl **ctrls,
+ LDAPDerefRes **drp ));
+
++/*
++ * hacks for NTLM
++ */
++#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
++#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
++LDAP_F( int )
++ldap_ntlm_bind LDAP_P((
++ LDAP *ld,
++ LDAP_CONST char *dn,
++ ber_tag_t tag,
++ struct berval *cred,
++ LDAPControl **sctrls,
++ LDAPControl **cctrls,
++ int *msgidp ));
++LDAP_F( int )
++ldap_parse_ntlm_bind_result LDAP_P((
++ LDAP *ld,
++ LDAPMessage *res,
++ struct berval *challenge));
++
+ LDAP_END_DECL
+ #endif /* _LDAP_H */
+--- /dev/null
++++ b/libraries/libldap/ntlm.c
+@@ -0,0 +1,138 @@
++/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
++/*
++ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
++ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
++ */
++
++/* Mostly copied from sasl.c */
++
++#include "portable.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++
++#include <ac/socket.h>
++#include <ac/string.h>
++#include <ac/time.h>
++#include <ac/errno.h>
++
++#include "ldap-int.h"
++
++int
++ldap_ntlm_bind(
++ LDAP *ld,
++ LDAP_CONST char *dn,
++ ber_tag_t tag,
++ struct berval *cred,
++ LDAPControl **sctrls,
++ LDAPControl **cctrls,
++ int *msgidp )
++{
++ BerElement *ber;
++ int rc;
++ ber_int_t id;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( msgidp != NULL );
++
++ if( msgidp == NULL ) {
++ ld->ld_errno = LDAP_PARAM_ERROR;
++ return ld->ld_errno;
++ }
++
++ /* create a message to send */
++ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
++ ld->ld_errno = LDAP_NO_MEMORY;
++ return ld->ld_errno;
++ }
++
++ assert( LBER_VALID( ber ) );
++
++ LDAP_NEXT_MSGID( ld, id );
++ rc = ber_printf( ber, "{it{istON}" /*}*/,
++ id, LDAP_REQ_BIND,
++ ld->ld_version, dn, tag,
++ cred );
++
++ /* Put Server Controls */
++ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
++ ber_free( ber, 1 );
++ return ld->ld_errno;
++ }
++
++ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
++ ld->ld_errno = LDAP_ENCODING_ERROR;
++ ber_free( ber, 1 );
++ return ld->ld_errno;
++ }
++
++ /* send the message */
++ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
++
++ if(*msgidp < 0)
++ return ld->ld_errno;
++
++ return LDAP_SUCCESS;
++}
++
++int
++ldap_parse_ntlm_bind_result(
++ LDAP *ld,
++ LDAPMessage *res,
++ struct berval *challenge)
++{
++ ber_int_t errcode;
++ ber_tag_t tag;
++ BerElement *ber;
++ ber_len_t len;
++
++ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
++
++ assert( ld != NULL );
++ assert( LDAP_VALID( ld ) );
++ assert( res != NULL );
++
++ if ( ld == NULL || res == NULL ) {
++ return LDAP_PARAM_ERROR;
++ }
++
++ if( res->lm_msgtype != LDAP_RES_BIND ) {
++ ld->ld_errno = LDAP_PARAM_ERROR;
++ return ld->ld_errno;
++ }
++
++ if ( ld->ld_error ) {
++ LDAP_FREE( ld->ld_error );
++ ld->ld_error = NULL;
++ }
++ if ( ld->ld_matched ) {
++ LDAP_FREE( ld->ld_matched );
++ ld->ld_matched = NULL;
++ }
++
++ /* parse results */
++
++ ber = ber_dup( res->lm_ber );
++
++ if( ber == NULL ) {
++ ld->ld_errno = LDAP_NO_MEMORY;
++ return ld->ld_errno;
++ }
++
++ tag = ber_scanf( ber, "{ioa" /*}*/,
++ &errcode, challenge, &ld->ld_error );
++ ber_free( ber, 0 );
++
++ if( tag == LBER_ERROR ) {
++ ld->ld_errno = LDAP_DECODING_ERROR;
++ return ld->ld_errno;
++ }
++
++ ld->ld_errno = errcode;
++
++ return( ld->ld_errno );
++}
++
+--- a/libraries/libldap/Makefile.in
++++ b/libraries/libldap/Makefile.in
+@@ -27,7 +27,7 @@ SRCS = bind.c open.c result.c error.c co
+ init.c options.c print.c string.c util-int.c schema.c \
+ charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+ tls2.c tls_o.c tls_g.c tls_m.c \
+- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \
+ assertion.c deref.c ldif.c fetch.c
+
+ OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
+@@ -40,7 +40,7 @@ OBJS = bind.lo open.lo result.lo error.l
+ init.lo options.lo print.lo string.lo util-int.lo schema.lo \
+ charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+ tls2.lo tls_o.lo tls_g.lo tls_m.lo \
+- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \
+ assertion.lo deref.lo ldif.lo fetch.lo
+
+ LDAP_INCDIR= ../../include
+--- a/libraries/libldap_r/Makefile.in
++++ b/libraries/libldap_r/Makefile.in
+@@ -29,7 +29,7 @@ XXSRCS = apitest.c test.c \
+ init.c options.c print.c string.c util-int.c schema.c \
+ charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+ tls2.c tls_o.c tls_g.c tls_m.c \
+- turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
++ turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c ntlm.c \
+ assertion.c deref.c ldif.c fetch.c
+ SRCS = threads.c rdwr.c rmutex.c tpool.c rq.c \
+ thr_posix.c thr_cthreads.c thr_thr.c thr_nt.c \
+@@ -47,7 +47,7 @@ OBJS = threads.lo rdwr.lo rmutex.lo tpoo
+ init.lo options.lo print.lo string.lo util-int.lo schema.lo \
+ charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+ tls2.lo tls_o.lo tls_g.lo tls_m.lo \
+- turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
++ turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo ntlm.lo \
+ assertion.lo deref.lo ldif.lo fetch.lo
+
+ LDAP_INCDIR= ../../include
diff --git a/debian/patches/fix-build-top-mk b/debian/patches/fix-build-top-mk
new file mode 100644
index 0000000..418fe35
--- /dev/null
+++ b/debian/patches/fix-build-top-mk
@@ -0,0 +1,11 @@
+--- a/build/top.mk
++++ b/build/top.mk
+@@ -20,7 +20,7 @@
+ RELEASEDATE= @OPENLDAP_RELEASE_DATE@
+
+ @SET_MAKE@
+-SHELL = /bin/sh
++SHELL = @SHELL@
+
+ top_builddir = @top_builddir@
+
diff --git a/debian/patches/getaddrinfo-is-threadsafe b/debian/patches/getaddrinfo-is-threadsafe
new file mode 100644
index 0000000..ab6e2b7
--- /dev/null
+++ b/debian/patches/getaddrinfo-is-threadsafe
@@ -0,0 +1,43 @@
+Author: Steve Langasek <vorlon@debian.org>
+
+OpenLDAP upstream conservatively assumes that certain resolver functions
+(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we
+know that the glibc implementations of these functions are thread-safe, so
+we should bypass the use of this mutex. This fixes a locking problem when
+an application uses libldap and libnss-ldap is also used for hosts
+resolution.
+
+Closes Debian bug #340601.
+
+Not suitable for forwarding upstream; might be made suitable by adding a
+configure-time check for glibc and disabling the mutex only on known
+thread-safe implementations.
+
+--- a/libraries/libldap/os-ip.c
++++ b/libraries/libldap/os-ip.c
+@@ -602,13 +602,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *
+ hints.ai_socktype = socktype;
+ snprintf(serv, sizeof serv, "%d", port );
+
+- /* most getaddrinfo(3) use non-threadsafe resolver libraries */
+- LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex);
+-
+ err = getaddrinfo( host, serv, &hints, &res );
+-
+- LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex);
+-
+ if ( err != 0 ) {
+ osip_debug(ld, "ldap_connect_to_host: getaddrinfo failed: %s\n",
+ AC_GAI_STRERROR(err), 0, 0);
+--- a/libraries/libldap/util-int.c
++++ b/libraries/libldap/util-int.c
+@@ -431,9 +431,7 @@ int ldap_pvt_get_hname(
+ int rc;
+ #if defined( HAVE_GETNAMEINFO )
+
+- LDAP_MUTEX_LOCK( &ldap_int_resolv_mutex );
+ rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 );
+- LDAP_MUTEX_UNLOCK( &ldap_int_resolv_mutex );
+ if ( rc ) *err = (char *)AC_GAI_STRERROR( rc );
+ return rc;
+
diff --git a/debian/patches/index-files-created-as-root b/debian/patches/index-files-created-as-root
new file mode 100644
index 0000000..47fc88a
--- /dev/null
+++ b/debian/patches/index-files-created-as-root
@@ -0,0 +1,37 @@
+Document in the man page that slapindex should be run as the same user
+as slapd, and print a warning if it's run as root (since Debian defaults
+to running slapd as openldap).
+
+Not suitable for upstream in this form. This patch needs to be reworked
+to check the BerkeleyDB database ownership and only warn if running as
+root with a database that's not owned by root.
+
+Upstream ITS #5356 filed requesting better handling of this. Current
+upstream discussion leans towards putting the check into the database
+backend and aborting if slapd is run as a different user than the database
+owner, which is an even better fix.
+
+--- a/doc/man/man8/slapindex.8
++++ b/doc/man/man8/slapindex.8
+@@ -148,6 +148,10 @@
+ should not be running (at least, not in read-write
+ mode) when you do this to ensure consistency of the database.
+ .LP
++slapindex ought to be run as the user specified for
++.BR slapd (8)
++to ensure correct database permissions.
++.LP
+ This command provides ample opportunity for the user to obtain
+ and drink their favorite beverage.
+ .SH EXAMPLES
+--- a/servers/slapd/slapindex.c
++++ b/servers/slapd/slapindex.c
+@@ -34,6 +34,8 @@
+ int
+ slapindex( int argc, char **argv )
+ {
++ if (geteuid() == 0)
++ fprintf( stderr, "\nWARNING!\nRunnig as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n");
+ ID id;
+ int rc = EXIT_SUCCESS;
+ const char *progname = "slapindex";
diff --git a/debian/patches/lastbind-makefile-manpage b/debian/patches/lastbind-makefile-manpage
new file mode 100644
index 0000000..66e5a79
--- /dev/null
+++ b/debian/patches/lastbind-makefile-manpage
@@ -0,0 +1,46 @@
+--- a/contrib/slapd-modules/lastbind/Makefile
++++ b/contrib/slapd-modules/lastbind/Makefile
+@@ -17,6 +17,7 @@
+ $(LDAP_BUILD)/libraries/liblber/liblber.la
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
++INSTALL = /usr/bin/install
+ CC = gcc
+ OPT = -g -O2 -Wall
+ DEFS = -DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC
+@@ -25,6 +26,7 @@
+
+ PROGRAMS = lastbind.la
+ LTVER = 0:0:0
++MANPAGES = slapo-lastbind.5
+
+ prefix=/usr/local
+ exec_prefix=$(prefix)
+@@ -33,6 +35,8 @@
+ libdir=$(exec_prefix)/lib
+ libexecdir=$(exec_prefix)/libexec
+ moduledir = $(libexecdir)$(ldap_subdir)
++mandir = $(exec_prefix)/share/man
++man5dir = $(mandir)/man5
+
+ .SUFFIXES: .c .o .lo
+
+@@ -48,9 +52,17 @@
+ clean:
+ rm -rf *.o *.lo *.la .libs
+
+-install: $(PROGRAMS)
++install: install-lib install-man FORCE
++
++install-lib: $(PROGRAMS)
+ mkdir -p $(DESTDIR)$(moduledir)
+ for p in $(PROGRAMS) ; do \
+ $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+ done
+
++install-man: $(MANPAGES)
++ mkdir -p $(DESTDIR)$(man5dir)
++ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
++
++FORCE:
++
diff --git a/debian/patches/ldap-conf-tls-cacertdir b/debian/patches/ldap-conf-tls-cacertdir
new file mode 100644
index 0000000..e8aab91
--- /dev/null
+++ b/debian/patches/ldap-conf-tls-cacertdir
@@ -0,0 +1,29 @@
+--- a/doc/man/man5/ldap.conf.5
++++ b/doc/man/man5/ldap.conf.5
+@@ -317,7 +317,7 @@ certificates in separate individual file
+ .B TLS_CACERT
+ is always used before
+ .B TLS_CACERTDIR.
+-This parameter is ignored with GnuTLS.
++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS.
+
+ When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key
+ database. If <path> contains a Mozilla NSS cert/key database and
+@@ -428,7 +428,7 @@ This parameter is ignored with GnuTLS.
+ Specifies the file to obtain random bits from when /dev/[u]random is
+ not available. Generally set to the name of the EGD/PRNGD socket.
+ The environment variable RANDFILE can also be used to specify the filename.
+-This parameter is ignored with GnuTLS and Mozilla NSS.
++This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS.
+ .TP
+ .B TLS_REQCERT <level>
+ Specifies what checks to perform on server certificates in a TLS session,
+@@ -461,7 +461,7 @@ Specifies if the Certificate Revocation
+ used to verify if the server certificates have not been revoked. This
+ requires
+ .B TLS_CACERTDIR
+-parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS.
++parameter to be set. This parameter is ignored with GnuTLS and Mozilla NSS. On Debian openldap is linked against GnuTLS.
+ .B <level>
+ can be specified as one of the following keywords:
+ .RS
diff --git a/debian/patches/ldapi-socket-place b/debian/patches/ldapi-socket-place
new file mode 100644
index 0000000..a482bbf
--- /dev/null
+++ b/debian/patches/ldapi-socket-place
@@ -0,0 +1,16 @@
+Move the ldapi socket to /var/run/slapd from /var/run, since /var/run
+is only writable by root and slapd runs as openldap.
+
+Debian-specific.
+
+--- a/include/ldap_defaults.h
++++ b/include/ldap_defaults.h
+@@ -39,7 +39,7 @@
+ #define LDAP_ENV_PREFIX "LDAP"
+
+ /* default ldapi:// socket */
+-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "slapd" LDAP_DIRSEP "ldapi"
+
+ /*
+ * SLAPD DEFINITIONS
diff --git a/debian/patches/libldap-symbol-versions b/debian/patches/libldap-symbol-versions
new file mode 100644
index 0000000..fb28f49
--- /dev/null
+++ b/debian/patches/libldap-symbol-versions
@@ -0,0 +1,161 @@
+Add symbol versioning to the public LDAP libraries. This is required for
+library transitions, such as the current transition from 2.1 to 2.4,
+since programs will sometimes have both libraries loaded by different
+dependency chains during the transition.
+
+Not yet contributed upstream.
+
+Upstream ITS #5365 filed requesting symbol versioning for libldap and
+libber.
+
+--- a/libraries/libldap_r/Makefile.in
++++ b/libraries/libldap_r/Makefile.in
+@@ -61,6 +61,9 @@ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
+ XXXLIBS = $(LTHREAD_LIBS)
+ NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+ UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS)
++ifneq (,$(VERSION_OPTION))
++ VERSION_FLAGS = "$(VERSION_OPTION)$(XXDIR)/libldap.map"
++endif
+
+ .links : Makefile
+ @for i in $(XXSRCS); do \
+--- a/build/top.mk
++++ b/build/top.mk
+@@ -104,6 +104,9 @@ LTFLAGS_MOD = $(@PLAT@_LTFLAGS_MOD)
+ # LINK_LIBS referenced in library and module link commands.
+ LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS)
+
++# option to pass to $(CC) to support library symbol versioning, if any
++VERSION_OPTION = @VERSION_OPTION@
++
+ LTSTATIC = @LTSTATIC@
+
+ LTLINK = $(LIBTOOL) --mode=link \
+@@ -113,7 +116,7 @@ LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB)
+ $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c
+
+ LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
+- $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB)
++ $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(VERSION_FLAGS)
+
+ LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
+ $(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
+--- a/build/openldap.m4
++++ b/build/openldap.m4
+@@ -1136,3 +1136,54 @@ AC_DEFUN([OL_SSL_COMPAT],
+ #endif
+ ], [ol_cv_ssl_crl_compat=yes], [ol_cv_ssl_crl_compat=no])])
+ ])
++
++dnl ====================================================================
++dnl check for symbol versioning support
++AC_DEFUN([OL_SYMBOL_VERSIONING],
++[AC_CACHE_CHECK([for .symver assembler directive],
++ [ol_cv_asm_symver_directive],[
++cat > conftest.s <<EOF
++${libc_cv_dot_text}
++_sym:
++.symver _sym,sym@VERS
++EOF
++if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
++ ol_cv_asm_symver_directive=yes
++else
++ ol_cv_asm_symver_directive=no
++fi
++rm -f conftest*])
++AC_CACHE_CHECK([for ld --version-script],
++ [ol_cv_ld_version_script_option],[
++if test $ol_cv_asm_symver_directive = yes; then
++ cat > conftest.s <<EOF
++${libc_cv_dot_text}
++_sym:
++.symver _sym,sym@VERS
++EOF
++ cat > conftest.map <<EOF
++VERS_1 {
++ global: sym;
++};
++
++VERS_2 {
++ global: sym;
++} VERS_1;
++EOF
++ if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
++ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared
++ -o conftest.so conftest.o
++ -Wl,--version-script,conftest.map
++ 1>&AS_MESSAGE_LOG_FD]);
++ then
++ ol_cv_ld_version_script_option=yes
++ else
++ ol_cv_ld_version_script_option=no
++ fi
++ else
++ ol_cv_ld_version_script_option=no
++ fi
++else
++ ol_cv_ld_version_script_option=no
++fi
++rm -f conftest*])])
+--- a/configure.in
++++ b/configure.in
+@@ -1909,6 +1909,13 @@ else
+ fi
+ AC_SUBST(LTSTATIC)dnl
+
++VERSION_OPTION=""
++OL_SYMBOL_VERSIONING
++if test $ol_cv_ld_version_script_option = yes ; then
++ VERSION_OPTION="-Wl,--version-script="
++fi
++AC_SUBST(VERSION_OPTION)
++
+ dnl ----------------------------------------------------------------
+ if test $ol_enable_wrappers != no ; then
+ AC_CHECK_HEADERS(tcpd.h,[
+--- /dev/null
++++ b/libraries/libldap/libldap.map
+@@ -0,0 +1,7 @@
++OPENLDAP_2.4_2 {
++ global:
++ ldap_*;
++ ldif_*;
++ local:
++ *;
++};
+--- a/libraries/libldap/Makefile.in
++++ b/libraries/libldap/Makefile.in
+@@ -52,6 +52,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLBER_LA) $(
+ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
+ NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+ UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
++ifneq (,$(VERSION_OPTION))
++ VERSION_FLAGS = $(VERSION_OPTION)$(srcdir)/libldap.map
++endif
+
+ apitest: $(XLIBS) apitest.o
+ $(LTLINK) -o $@ apitest.o $(LIBS)
+--- a/libraries/liblber/Makefile.in
++++ b/libraries/liblber/Makefile.in
+@@ -38,6 +38,9 @@ XLIBS = $(LIBRARY) $(LDAP_LIBLUTIL_A)
+ XXLIBS =
+ NT_LINK_LIBS = $(AC_LIBS)
+ UNIX_LINK_LIBS = $(AC_LIBS)
++ifneq (,$(VERSION_OPTION))
++ VERSION_FLAGS = "$(VERSION_OPTION)$(srcdir)/liblber.map"
++endif
+
+ dtest: $(XLIBS) dtest.o
+ $(LTLINK) -o $@ dtest.o $(LIBS)
+--- /dev/null
++++ b/libraries/liblber/liblber.map
+@@ -0,0 +1,8 @@
++OPENLDAP_2.4_2 {
++ global:
++ ber_*;
++ der_alloc;
++ lutil_*;
++ local:
++ *;
++};
diff --git a/debian/patches/man-slapd b/debian/patches/man-slapd
new file mode 100644
index 0000000..5f55137
--- /dev/null
+++ b/debian/patches/man-slapd
@@ -0,0 +1,60 @@
+Patch the slapd man page to not refer to a header file that isn't
+installed with the slapd package and to reference the correct path
+for slapd.
+
+Debian-specific.
+
+--- a/doc/man/man8/slapd.8
++++ b/doc/man/man8/slapd.8
+@@ -5,7 +5,7 @@
+ .SH NAME
+ slapd \- Stand-alone LDAP Daemon
+ .SH SYNOPSIS
+-.B LIBEXECDIR/slapd
++.B /usr/sbin/slapd
+ [\c
+ .BR \-4 | \-6 ]
+ [\c
+@@ -103,11 +103,10 @@
+ will not fork or disassociate from the invoking terminal. Some general
+ operation and status messages are printed for any value of \fIdebug-level\fP.
+ \fIdebug-level\fP is taken as a bit string, with each bit corresponding to a
+-different kind of debugging information. See <ldap_log.h> for details.
+-Comma-separated arrays of friendly names can be specified to select
+-debugging output of the corresponding debugging information.
+-All the names recognized by the \fIloglevel\fP directive
+-described in \fBslapd.conf\fP(5) are supported.
++different kind of debugging information. Comma-separated arrays of friendly
++names can be specified to select debugging output of the corresponding
++debugging information. All the names recognized by the \fIloglevel\fP
++directive described in \fBslapd.conf\fP(5) are supported.
+ If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed,
+ and slapd exits.
+
+@@ -317,7 +316,7 @@
+ .LP
+ .nf
+ .ft tt
+- LIBEXECDIR/slapd
++ /usr/sbin/slapd
+ .ft
+ .fi
+ .LP
+@@ -328,7 +327,7 @@
+ .LP
+ .nf
+ .ft tt
+- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
++ /usr/sbin/slapd \-f /var/tmp/slapd.conf \-d 255
+ .ft
+ .fi
+ .LP
+@@ -336,7 +335,7 @@
+ .LP
+ .nf
+ .ft tt
+- LIBEXECDIR/slapd \-Tt
++ /usr/sbin/slapd \-Tt
+ .ft
+ .fi
+ .LP
diff --git a/debian/patches/no-AM_INIT_AUTOMAKE b/debian/patches/no-AM_INIT_AUTOMAKE
new file mode 100644
index 0000000..0976036
--- /dev/null
+++ b/debian/patches/no-AM_INIT_AUTOMAKE
@@ -0,0 +1,25 @@
+Description: don't use AM_INIT_AUTOMAKE macro when we aren't using automake
+ Calling AM_INIT_AUTOMAKE() in configure.in serves no purpose if we're not
+ using automake, and it confuses autoreconf. Use AC_INIT() instead.
+Author: Steve Langasek <vorlon@debian.org>
+
+--- a/configure.in
++++ b/configure.in
+@@ -26,7 +26,8 @@ dnl Configure.in for OpenLDAP
+ AC_COPYRIGHT([[Copyright 1998-2018 The OpenLDAP Foundation. All rights reserved.
+ Restrictions apply, see COPYRIGHT and LICENSE files.]])
+ AC_REVISION([$Id: 2a4d29f78fa5f6b25f2c5cecac2126fcc3bd8623 $])
+-AC_INIT([OpenLDAP],,[http://www.openldap.org/its/])
++AC_INIT([OpenLDAP],[$OL_VERSION],[http://www.openldap.org/its/])
++AC_PROG_MAKE_SET
+ m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>])
+ AC_CONFIG_SRCDIR(build/version.sh)dnl
+ dnl ----------------------------------------------------------------
+@@ -69,7 +70,6 @@ dnl Determine host platform
+ dnl we try not to use this for much
+ AC_CANONICAL_TARGET([])
+
+-AM_INIT_AUTOMAKE([$OL_PACKAGE],[$OL_VERSION], [no defines])dnl
+ AC_SUBST(PACKAGE)dnl
+ AC_SUBST(VERSION)dnl
+ AC_DEFINE_UNQUOTED(OPENLDAP_PACKAGE,"$PACKAGE",Package)
diff --git a/debian/patches/no-bdb-ABI-second-guessing b/debian/patches/no-bdb-ABI-second-guessing
new file mode 100644
index 0000000..db76aa7
--- /dev/null
+++ b/debian/patches/no-bdb-ABI-second-guessing
@@ -0,0 +1,42 @@
+Author: Steve Langasek <vorlon@debian.org>
+Description: don't second-guess BDB ABI
+ OpenLDAP upstream conservatively assumes that any change to the version
+ number of libdb can result in an API-breaking change that could impact
+ the database. In Debian, we know that such changes require bumping the
+ library soname and changing the package name, and demand such rigor from
+ our package maintainers even when upstreams don't deliver; so any such
+ check in the source code works against the packaging system by forcing
+ database upgrades when we know none are required. Disable this check
+ so we rely on the packaging system to do its job.
+Bug-Debian: http://bugs.debian.org/651333
+Forwarded: not-needed
+
+--- a/servers/slapd/back-bdb/init.c
++++ b/servers/slapd/back-bdb/init.c
+@@ -762,7 +762,7 @@ bdb_back_initialize(
+ bi->bi_controls = controls;
+
+ { /* version check */
+- int major, minor, patch, ver;
++ int major, minor, patch;
+ char *version = db_version( &major, &minor, &patch );
+ #ifdef HAVE_EBCDIC
+ char v2[1024];
+@@ -776,17 +776,6 @@ bdb_back_initialize(
+ version = v2;
+ #endif
+
+- ver = (major << 24) | (minor << 16) | patch;
+- if( ver != DB_VERSION_FULL ) {
+- /* fail if a versions don't match */
+- Debug( LDAP_DEBUG_ANY,
+- LDAP_XSTRING(bdb_back_initialize) ": "
+- "BDB library version mismatch:"
+- " expected " DB_VERSION_STRING ","
+- " got %s\n", version, 0, 0 );
+- return -1;
+- }
+-
+ Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(bdb_back_initialize)
+ ": %s\n", version, 0, 0 );
+ }
diff --git a/debian/patches/no-gnutls_global_set_mutex b/debian/patches/no-gnutls_global_set_mutex
new file mode 100644
index 0000000..c81f926
--- /dev/null
+++ b/debian/patches/no-gnutls_global_set_mutex
@@ -0,0 +1,77 @@
+Description: Do not call gnutls_global_set_mutex()
+ Since GnuTLS moved to implicit initialization on library load, calling
+ this function deinitializes GnuTLS and then re-initializes it.
+ .
+ When GnuTLS uses /dev/urandom as an entropy source (getrandom() not
+ available, or older versions of GnuTLS), and the application closed all
+ file descriptors at startup, this could result in GnuTLS opening
+ /dev/urandom over one of the application's file descriptors when
+ re-initialized.
+ .
+ Additionally, the custom mutex functions are never reset, so if libldap
+ is unloaded (for example via dlclose()) after calling this, its code
+ may be unmapped and the application could crash when GnuTLS calls the
+ mutex functions.
+ .
+ The default behaviour of GnuTLS, using pthreads, should be suitable on
+ all Debian systems, and is probably the same as what libldap uses
+ anyway.
+Author: Ryan Tandy <ryan@nardis.ca>
+Bug-Debian: https://bugs.debian.org/803197
+Forwarded: no
+
+--- a/libraries/libldap/tls_g.c
++++ b/libraries/libldap/tls_g.c
+@@ -67,51 +67,10 @@
+
+ #ifdef LDAP_R_COMPILE
+
+-static int
+-tlsg_mutex_init( void **priv )
+-{
+- int err = 0;
+- ldap_pvt_thread_mutex_t *lock = LDAP_MALLOC( sizeof( ldap_pvt_thread_mutex_t ));
+-
+- if ( !lock )
+- err = ENOMEM;
+- if ( !err ) {
+- err = ldap_pvt_thread_mutex_init( lock );
+- if ( err )
+- LDAP_FREE( lock );
+- else
+- *priv = lock;
+- }
+- return err;
+-}
+-
+-static int
+-tlsg_mutex_destroy( void **lock )
+-{
+- int err = ldap_pvt_thread_mutex_destroy( *lock );
+- LDAP_FREE( *lock );
+- return err;
+-}
+-
+-static int
+-tlsg_mutex_lock( void **lock )
+-{
+- return ldap_pvt_thread_mutex_lock( *lock );
+-}
+-
+-static int
+-tlsg_mutex_unlock( void **lock )
+-{
+- return ldap_pvt_thread_mutex_unlock( *lock );
+-}
+-
+ static void
+ tlsg_thr_init( void )
+ {
+- gnutls_global_set_mutex (tlsg_mutex_init,
+- tlsg_mutex_destroy,
+- tlsg_mutex_lock,
+- tlsg_mutex_unlock);
++ /* do nothing */
+ }
+ #endif /* LDAP_R_COMPILE */
+
diff --git a/debian/patches/sasl-default-path b/debian/patches/sasl-default-path
new file mode 100644
index 0000000..6d5c7b0
--- /dev/null
+++ b/debian/patches/sasl-default-path
@@ -0,0 +1,55 @@
+Add /etc/ldap/sasl2 to the SASL configuration search path.
+
+Not submitted upstream. Somewhat Debian-specific and probably not of
+interest upstream.
+
+--- a/include/ldap_defaults.h
++++ b/include/ldap_defaults.h
+@@ -63,4 +63,6 @@
+ /* dn of the default "monitor" subentry */
+ #define SLAPD_MONITOR_DN "cn=Monitor"
+
++#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP "sasl2"
++
+ #endif /* _LDAP_CONFIG_H */
+--- a/servers/slapd/sasl.c
++++ b/servers/slapd/sasl.c
+@@ -1103,12 +1103,38 @@ static const rewrite_mapper slapd_mapper
+ };
+ #endif
+
++static int
++slap_sasl_getconfpath( void * context, char ** path )
++{
++ char * sasl_default_configpath;
++ size_t len;
++
++#if SASL_VERSION_MAJOR >= 2
++ sasl_default_configpath = "/usr/lib/sasl2";
++#else
++ sasl_default_configpath = "/usr/lib/sasl";
++#endif
++
++ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ +
++ strlen(sasl_default_configpath) + 1 /* \0 */;
++ *path = malloc( len );
++ if ( *path == NULL )
++ return SASL_FAIL;
++
++ if (snprintf( *path, len, "%s:%s", SASL_CONFIGPATH,
++ sasl_default_configpath ) != len-1 )
++ return SASL_FAIL;
++
++ return SASL_OK;
++}
++
+ int slap_sasl_init( void )
+ {
+ #ifdef HAVE_CYRUS_SASL
+ int rc;
+ static sasl_callback_t server_callbacks[] = {
+ { SASL_CB_LOG, (slap_sasl_cb_ft)&slap_sasl_log, NULL },
++ { SASL_CB_GETCONFPATH, (slap_sasl_cb_ft)&slap_sasl_getconfpath, NULL },
+ { SASL_CB_GETOPT, (slap_sasl_cb_ft)&slap_sasl_getopt, NULL },
+ { SASL_CB_LIST_END, NULL, NULL }
+ };
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..85497de
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,48 @@
+man-slapd
+evolution-ntlm
+slapi-errorlog-file
+ldapi-socket-place
+wrong-database-location
+index-files-created-as-root
+sasl-default-path
+libldap-symbol-versions
+getaddrinfo-is-threadsafe
+do-not-second-guess-sonames
+contrib-makefiles
+smbk5pwd-makefile-manpage
+lastbind-makefile-manpage
+ldap-conf-tls-cacertdir
+add-tlscacert-option-to-ldap-conf
+fix-build-top-mk
+no-AM_INIT_AUTOMAKE
+switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
+no-bdb-ABI-second-guessing
+ITS6035-olcauthzregex-needs-restart.patch
+set-maintainer-name
+no-gnutls_global_set_mutex
+ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch
+ITS-9038-Update-test028-to-test-this-is-enforced.patch
+ITS-9038-Fix-typo-in-test-script.patch
+ITS-9038-Another-test028-typo.patch
+ITS-9052-zero-out-sasl_ssf-in-connection_init.patch
+ITS-8964-Do-not-free-original-filter.patch
+ITS-9202-limit-depth-of-nested-filters.patch
+ITS-9370-check-for-equality-rule-on-old_rdn.patch
+ITS-9383-remove-assert-in-certificateListValidate.patch
+ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch
+ITS-9404-fix-serialNumberAndIssuerCheck.patch
+ITS-9406-9407-remove-saslauthz-asserts.patch
+ITS-9406-fix-debug-msg.patch
+ITS-9408-fix-vrfilter-double-free.patch
+ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch
+ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch
+ITS-9411-fix-thisUpdate-check.patch
+ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch
+ITS-9413-fix-slap_parse_user.patch
+ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch
+ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch
+ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch
+ITS-9427-fix-issuerAndThisUpdateCheck.patch
+ITS-9428-fix-cancel-exop.patch
+ITS-9454-fix-issuerAndThisUpdateCheck.patch
+ITS-9815-slapd-sql-escape-filter-values.patch
diff --git a/debian/patches/set-maintainer-name b/debian/patches/set-maintainer-name
new file mode 100644
index 0000000..262b7ef
--- /dev/null
+++ b/debian/patches/set-maintainer-name
@@ -0,0 +1,16 @@
+--- a/build/mkversion
++++ b/build/mkversion
+@@ -50,12 +50,7 @@
+ fi
+
+ APPLICATION=$1
+-# Reproducible builds set SOURCE_DATE_EPOCH, want constant strings
+-if [ -n "${SOURCE_DATE_EPOCH}" ]; then
+- WHOWHERE="openldap"
+-else
+- WHOWHERE="$USER@$(uname -n):$(pwd)"
+-fi
++WHOWHERE="Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>"
+
+ cat << __EOF__
+ /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
diff --git a/debian/patches/slapi-errorlog-file b/debian/patches/slapi-errorlog-file
new file mode 100644
index 0000000..4899451
--- /dev/null
+++ b/debian/patches/slapi-errorlog-file
@@ -0,0 +1,16 @@
+The slapi error log file defaults to /var/errors given our setting
+of --localstatedir. Move it to /var/log/slapi-errors instead.
+
+Debian-specific.
+
+--- a/servers/slapd/slapi/slapi_overlay.c
++++ b/servers/slapd/slapi/slapi_overlay.c
+@@ -930,7 +930,7 @@ int slapi_over_config( BackendDB *be, Co
+ ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex );
+
+ if ( slapi_log_file == NULL )
+- slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" );
++ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "log" LDAP_DIRSEP "slapi-errors" );
+
+ rc = slapi_int_init_object_extensions();
+ if ( rc != 0 )
diff --git a/debian/patches/smbk5pwd-makefile-manpage b/debian/patches/smbk5pwd-makefile-manpage
new file mode 100644
index 0000000..8b09206
--- /dev/null
+++ b/debian/patches/smbk5pwd-makefile-manpage
@@ -0,0 +1,251 @@
+From: Peter Marschall <peter@adpm.de>
+Date: Sun, 26 Jul 2015 15:04:26 +0200
+Subject: [PATCH] contrib/smbk5pwd: add man page, install it too
+
+Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
+install the new manual page.
+
+This patch is derived from the corresponding patch upstreamed in ITS#8205
+
+---
+ contrib/slapd-modules/smbk5pwd/Makefile | 14 +-
+ contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 | 179 ++++++++++++++++++++++++
+ 2 files changed, 192 insertions(+), 1 deletion(-)
+ create mode 100644 contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
+
+diff --git a/contrib/slapd-modules/smbk5pwd/Makefile b/contrib/slapd-modules/smbk5pwd/Makefile
+index 676d914..0042a49 100644
+--- a/contrib/slapd-modules/smbk5pwd/Makefile
++++ b/contrib/slapd-modules/smbk5pwd/Makefile
+@@ -25,6 +25,7 @@
+ HEIMDAL_LIB = $(shell krb5-config.heimdal --libs kadm-server)
+
+ LIBTOOL = $(LDAP_BUILD)/libtool
++INSTALL = /usr/bin/install
+ CC = gcc
+ OPT = -g -O2 -Wall
+ # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
+@@ -34,6 +35,7 @@
+ LIBS = $(HEIMDAL_LIB) $(LDAP_LIB) $(SSL_LIB)
+
+ PROGRAMS = smbk5pwd.la
++MANPAGES = slapo-smbk5pwd.5
+ LTVER = 0:0:0
+
+ prefix=/usr/local
+@@ -43,6 +45,8 @@
+ libdir=$(exec_prefix)/lib
+ libexecdir=$(exec_prefix)/libexec
+ moduledir = $(libexecdir)$(ldap_subdir)
++mandir = $(exec_prefix)/share/man
++man5dir = $(mandir)/man5
+
+ .SUFFIXES: .c .o .lo
+
+@@ -58,9 +62,17 @@
+ clean:
+ rm -rf *.o *.lo *.la .libs
+
+-install: $(PROGRAMS)
++install: install-lib install-man FORCE
++
++install-lib: $(PROGRAMS)
+ mkdir -p $(DESTDIR)$(moduledir)
+ for p in $(PROGRAMS) ; do \
+ $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+ done
+
++install-man: $(MANPAGES)
++ mkdir -p $(DESTDIR)$(man5dir)
++ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
++
++FORCE:
++
+diff --git a/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
+new file mode 100644
+index 0000000..431a765
+--- /dev/null
++++ b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
+@@ -0,0 +1,179 @@
++.TH SLAPO-SMBK5PWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
++.\" Copyright 2015 The OpenLDAP Foundation All Rights Reserved.
++.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
++.\" $OpenLDAP$
++.SH NAME
++slapo-smbk5pwd \- Samba & Kerberos password sync overlay to slapd
++.SH SYNOPSIS
++ETCDIR/slapd.conf
++.RS
++.LP
++include
++.B "<path to>/krb5-kdc.schema"
++.LP
++include
++.B "<path to>/samba.schema"
++.LP
++moduleload
++.B smbk5pwd.so
++.LP
++ ...
++.LP
++database mdb
++.LP
++ ...
++.LP
++overlay
++.B smbk5pwd
++.RE
++
++.SH DESCRIPTION
++.LP
++The
++.B smbk5pwd
++overlay to
++.BR slapd (8)
++overloads the Password Modify Extended Operation (RFC 3062) to update
++Kerberos keys and Samba password hashes for an LDAP user, as well as
++updating password change related attributes for Kerberos, Samba and/or
++UNIX user accounts.
++.LP
++The Samba support is written using the Samba 3.0 LDAP schema;
++Kerberos support is written for Heimdal using its hdb-ldap backend.
++.LP
++Additionally, a new
++.B {K5KEY}
++password hash mechanism is provided.
++For
++.B krb5KDCEntry
++objects that have this scheme specifier in their
++.I userPassword
++attribute, Simple Binds will be checked against the Kerberos keys of the entry.
++No data is needed after the
++.B {K5KEY}
++scheme specifier in the
++.IR userPassword ,
++it is looked up from the entry directly.
++
++.SH CONFIGURATION
++The
++.B smbk5pwd
++overlay supports the following
++.B slapd.conf
++configuration options, which should appear after the
++.B overlay
++directive:
++.TP
++.BI smbk5pwd-enable " <module>"
++can be used to enable only the desired modules.
++Legal values for
++.I <module>
++are
++.LP
++.RS
++.TP
++.B krb5
++If the user has the
++.B krb5KDCEntry
++objectclass, update the
++.B krb5Key
++and
++.B krb5KeyVersionNumber
++attributes using the new password in the Password Modify operation,
++provided the Kerberos account is not expired.
++Exiration is determined by evaluating the
++.B krb5ValidEnd
++attribute.
++.TP
++.B samba
++If the user is a
++.B sambaSamAccount
++object, synchronize the
++.B sambaLMPassword
++and
++.B sambaNTPassword
++to the password entered in the Password Modify operation, and update
++.B sambaPwdLastSet
++accordingly.
++.TP
++.B shadow
++Update the attribute
++.BR shadowLastChange ,
++if the entry has the objectclass
++.BR shadowAccount .
++.LP
++By default all modules compiled in are enabled.
++Setting the config statement restricts the enabled modules to the ones
++explicitly mentioned.
++.RE
++.TP
++.BI smbk5pwd-can-change " <seconds>"
++If the
++.B samba
++module is enabled and the user is a
++.BR sambaSamAccount ,
++update the attribute
++.B sambaPwdCanChange
++to point
++.I <seconds>
++into the future, essentially denying any Samba password change until then.
++A value of
++.B 0
++disables this feature.
++.TP
++.BI smbk5pwd-must-change " <seconds>"
++If the
++.B samba
++module is enabled and the user is a
++.BR sambaSamAccount ,
++update the attribute
++.B sambaPwdMustChange
++to point
++.I <seconds>
++into the future, essentially setting the Samba password expiration time.
++A value of
++.B 0
++disables this feature.
++.LP
++Alternatively, the overlay supports table-driven configuration,
++and thus can be run-time loaded and configured via back-config.
++
++.SH EXAMPLE
++The layout of a slapd.d based, table-driven configuration entry looks like:
++.LP
++.EX
++ # {0}smbk5pwd, {1}bdb, config
++ dn: olcOverlay={0}smbk5pwd,olcDatabase={1}mdb,cn=config
++ objectClass: olcOverlayConfig
++ objectClass: olcSmbK5PwdConfig
++ olcOverlay: {0}smbk5pwd
++ olcSmbK5PwdEnable: krb5
++ olcSmbK5PwdEnable: samba
++ olcSmbK5PwdMustChange: 2592000
++.EE
++.LP
++which enables both
++.B krb5
++and
++.B samba
++modules with a Samba password expiration time of 30 days (=
++.B 2592000
++seconds).
++
++.SH SEE ALSO
++.BR slapd.conf (5),
++.BR ldappasswd (1),
++.BR ldap (3),
++.LP
++"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
++.LP
++
++.SH ACKNOWLEDGEMENTS
++This manual page has been writen by Peter Marschall based on the
++module's README file written by Howard Chu.
++.LP
++.B OpenLDAP
++is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
++.B OpenLDAP
++is derived from University of Michigan LDAP 3.3 Release.
++
+--
+2.5.0
+
diff --git a/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
new file mode 100644
index 0000000..f0dd4e1
--- /dev/null
+++ b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
@@ -0,0 +1,40 @@
+From: Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de>
+Date: Tue, 18 May 2010 17:47:05 +0200
+Subject: Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
+ Open all modules with RTLD_GLOBAL, needed so that back_perl can load
+ non-trivial Perl extensions that require symbols from back_perl.so itself.
+Bug-Debian: http://bugs.debian.org/327585
+
+---
+--- a/servers/slapd/module.c
++++ b/servers/slapd/module.c
+@@ -117,6 +117,20 @@ int module_unload( const char *file_name
+ return -1; /* not found */
+ }
+
++static lt_dlhandle slapd_lt_dlopenext_global( const char *filename )
++{
++ lt_dlhandle handle = 0;
++ lt_dladvise advise;
++
++ if (!lt_dladvise_init (&advise) && !lt_dladvise_ext (&advise)
++ && !lt_dladvise_global (&advise))
++ handle = lt_dlopenadvise (filename, advise);
++
++ lt_dladvise_destroy (&advise);
++
++ return handle;
++}
++
+ int module_load(const char* file_name, int argc, char *argv[])
+ {
+ module_loaded_t *module;
+@@ -180,7 +194,7 @@ int module_load(const char* file_name, i
+ * to calling Debug. This is because Debug is a macro that expands
+ * into multiple function calls.
+ */
+- if ((module->lib = lt_dlopenext(file)) == NULL) {
++ if ((module->lib = slapd_lt_dlopenext_global(file)) == NULL) {
+ error = lt_dlerror();
+ #ifdef HAVE_EBCDIC
+ strcpy( ebuf, error );
diff --git a/debian/patches/wrong-database-location b/debian/patches/wrong-database-location
new file mode 100644
index 0000000..25d96cb
--- /dev/null
+++ b/debian/patches/wrong-database-location
@@ -0,0 +1,74 @@
+Move the default slapd database location to /var/lib/ldap instead of
+/var/openldap-data.
+
+Debian-specific.
+
+--- a/doc/man/man5/slapd-bdb.5
++++ b/doc/man/man5/slapd-bdb.5
+@@ -131,7 +131,7 @@ Specify the directory where the BDB file
+ associated indexes live.
+ A separate directory must be specified for each database.
+ The default is
+-.BR LOCALSTATEDIR/openldap\-data .
++.BR LOCALSTATEDIR/lib/ldap .
+ .TP
+ .B dirtyread
+ Allow reads of modified but not yet committed data.
+--- a/doc/man/man5/slapd.conf.5
++++ b/doc/man/man5/slapd.conf.5
+@@ -2007,7 +2007,7 @@ suffix "dc=our\-domain,dc=com"
+ # The database directory MUST exist prior to
+ # running slapd AND should only be accessible
+ # by the slapd/tools. Mode 0700 recommended.
+-directory LOCALSTATEDIR/openldap\-data
++directory LOCALSTATEDIR/lib/ldap
+ # Indices to maintain
+ index objectClass eq
+ index cn,sn,mail pres,eq,approx,sub
+--- a/include/ldap_defaults.h
++++ b/include/ldap_defaults.h
+@@ -47,7 +47,7 @@
+ /* location of the default slapd config file */
+ #define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf"
+ #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d"
+-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data"
++#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "ldap"
+ #define SLAPD_DEFAULT_DB_MODE 0600
+ #define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata"
+ /* default max deref depth for aliases */
+--- a/servers/slapd/Makefile.in
++++ b/servers/slapd/Makefile.in
+@@ -445,9 +445,9 @@ install-conf: FORCE
+
+ install-db-config: FORCE
+ @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir)
+- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data
++ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/ldap
+ $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
+- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example
++ $(DESTDIR)$(localstatedir)/lib/ldap/DB_CONFIG.example
+ $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
+ $(DESTDIR)$(sysconfdir)/DB_CONFIG.example
+
+--- a/doc/man/man5/slapd-config.5
++++ b/doc/man/man5/slapd-config.5
+@@ -2051,7 +2051,7 @@ olcSuffix: "dc=our\-domain,dc=com"
+ # The database directory MUST exist prior to
+ # running slapd AND should only be accessible
+ # by the slapd/tools. Mode 0700 recommended.
+-olcDbDirectory: LOCALSTATEDIR/openldap\-data
++olcDbDirectory: LOCALSTATEDIR/lib/ldap
+ # Indices to maintain
+ olcDbIndex: objectClass eq
+ olcDbIndex: cn,sn,mail pres,eq,approx,sub
+--- a/doc/man/man5/slapd-mdb.5
++++ b/doc/man/man5/slapd-mdb.5
+@@ -52,7 +52,7 @@ Specify the directory where the LMDB fil
+ associated indexes live.
+ A separate directory must be specified for each database.
+ The default is
+-.BR LOCALSTATEDIR/openldap\-data .
++.BR LOCALSTATEDIR/lib/ldap .
+ .TP
+ \fBenvflags \fR{\fBnosync\fR,\fBnometasync\fR,\fBwritemap\fR,\fBmapasync\fR,\fBnordahead\fR}
+ Specify flags for finer-grained control of the LMDB library's operation.
diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in
new file mode 100644
index 0000000..07cbdde
--- /dev/null
+++ b/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] slapd.templates
diff --git a/debian/po/ca.po b/debian/po/ca.po
new file mode 100644
index 0000000..2244054
--- /dev/null
+++ b/debian/po/ca.po
@@ -0,0 +1,453 @@
+# openldap po-debconf translation to Catalan.
+# This file is distributed under the same license as the openldap package.
+# Innocent De Marchi <tangram.peces@gmail.com>, 2011-2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-19 19:35+0100\n"
+"Last-Translator: Innocent De Marchi <tangram.peces@gmail.com>\n"
+"Language-Team: catalan <debian-l10n-catalan@lists.debian.org>\n"
+"Language: ca_ES\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Voleu ometre la configuració del servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Si desactivau aquesta opció, no es generarà la configuració ni la base de "
+"dades inicial."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "quan sigui necessari"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "mai"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Bolcar les bases de dades a un fitxer en fer l'actualització:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Abans d'actualitzar a una nova versió del servidor OpenLDAP, les dades dels "
+"seus directoris LDAP poden desar-se a fitxers de text en el format estàndard "
+"d'intercanvi de dades LDAP («LDAP Data Interchange Format»)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Seleccionant «sempre» el bolcat de les bases de dades es farà sense "
+"condicions abans de l'actualització. Seleccionant «quan sigui necessari» "
+"només es farà el bolcat de les bases de dades si la nova versió és "
+"incompatible amb el format anterior de les bases de dades i és necessari re-"
+"importar-les. Si seleccionau «mai», no es farà el bolcat."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directori a fer servir en el bolcat de les bases de dades:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Seleccionau el directori d'exportació de les bases de dades LDAP. En aquest "
+"directori, es generaran diversos fitxers LDIF que es corresponen amb les "
+"bases de dades localitzades en el servidor. Comproveu que hi ha espai lliure "
+"suficient a la partició on està ubicat el directori seleccionat. La primer "
+"aparició de la cadena «VERSION» serà reemplaçada per la versió del servidor "
+"de la qual està actualitzant."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Moure la base de dades anterior?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Hi ha fitxers a «/var/lib/ldap» que probablement interrompran el procés de "
+"configuració. Si activau aquesta opció, el guió de manteniment mourà els "
+"fitxers de les bases de dades anteriors fora del directori anterior abans de "
+"generar una nova base de dades."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Tornar a intentar la configuració?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"La configuració que ha introduït no és vàlida. Comproveu que el nom de "
+"domini DNS és sintàcticament correcte, que el camp del nom de l'organització "
+"està emplenat i que les contrasenyes de l'administrador coincideixen. Si "
+"decideix no tornar a intentar la configuració, el servidor LDAP quedarà "
+"sense configurar. Executi «dpkg-reconfigure slapd» per tornar a intentar-ho "
+"més tard."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nom del domini DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"El nom de domini DNS es fa servir per construir el DN base del directori "
+"LDAP. Per exemple, si el vostre nom de domini és «elmeu.domini.org» es "
+"generarà el directori amb el DN base «dc=elmeu, dc=domini, dc=org»"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nom de l'organització:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Escriviu el nom de l'organització per fer servir en el DN base del directori "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Contrasenya de l'administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Escriviu la contrasenya per l'accés com administrador al vostre directori "
+"LDAP:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirmeu la vostra contrasenya:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Introduïu de nou la contrasenya d'administrador per al directori LDAP per "
+"comprovar que s'ha escrit correctament."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Les contrasenyes no coincideixen"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Les dues contrasenyes no coincideixen. Tornau a provar-ho."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Desitjau que s'elimini la base de dades en purgar el paquet slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "ha fallat «slapcat» durant l'actualització"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "S'ha produït un error en l'actualització del directori LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"El programa «slapcat» ha fallat en l'extracció del directori LDAP. Aquest "
+"error pot ésser causat per un fitxer de configuració incorrecte (per "
+"exemple, per que faltin línies «moduleload» necessàries pel motor de la base "
+"de dades)"
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Aquest error farà que «slapadd» torni a fallar més endavant. Els fitxers de "
+"la base de dades anterior es mouran a «/var/backups». Si desitjau tornar a "
+"intentar l'actualització, haureu de tornar a moure els fitxers de la base de "
+"dades anterior a la seva ubicació inicial, solucionar la causa de l'error i "
+"tornar a executar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"A continuació, tornau els arxius de la base de dades a la zona de seguretat "
+"i després intenteu executar «slapadd» des de ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Motor de base de dades a fer servir:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB i BDB fan servir formats d'emmagatzematge semblants, però HDB permet fer "
+"canvis de nom dels subarbres. Tots dos tenen les mateixes opcions de "
+"configuració."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"El motor MDB és el recomanat. MDB fa servir un nou format d'emmagatzematge i "
+"requereix menys tasques de configuració que BDB o HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"En qualsevol cas, heu de revisar la configuració de base de dades resultant "
+"per ajustar-la a les vostres necessitats. Consulteu «/usr/share/doc/slapd/"
+"README.Debian.gz» per a més detalls."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Configuració de control d'accés de slapd potencialment insegur"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Una o més de les bases de dades configurades té una norma de control d'accés "
+"que permet als usuaris modificar la major part dels seus atributs. Aquest "
+"situació pot ser perillosa, depenent de com s'utilitza la base de dades."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"En el cas que les normes d'accés de slapd comencin per \"to *\", és "
+"recomanable eliminar totes les instàncies a \"by self write\", de manera que "
+"els usuaris només puguin modificar els atributs específicament permesos."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Consulteu «/usr/share/doc/slapd/README.Debian.gz» per a més detalls."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "aturar la instal·lació"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "continua sense tenir en compte"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr ""
+"Es recomana l'actualització manual de la directiva de contrasenya («ppolicy»)"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"La nova versió de la superposició de directiva de contrasenya («ppolicy») "
+"requereix que l'esquema defineixi el tipus d'atribut "
+"«pwdMaxRecordedFailure», que no està inclòs en l'esquema actualment en ús. "
+"És recomana aturar ara l'actualització, i actualitzar la directiva de "
+"contrasenya abans d'actualitzar «slapd». Si la replicació està en marxa, "
+"l'actualització de l'esquema s'ha d'aplicar a cada servidor abans de "
+"continuar amb l'actualització."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+"Un s'ha generat un fitxer LDIF amb els canvis necessaris per a "
+"l'actualització:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"per que si «slapd» fa servir les regles d'accés predeterminades, aquests "
+"canvis es poden fer efectius (després d'iniciar «slapd») fent servir l'ordre:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"En canvi, si decidiu continuar amb la instal·lació, el nou tipus d'atribut "
+"s'afegirà automàticament, però el canvi no es veurà afectat per les "
+"superposicions de «slapd», i la replicació amb altres servidors es pot veure "
+"afectada."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Desitjau permetre el protocol LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "El protocol obsolet LDAPv2 està desactivat per defecte a slapd. Els "
+#~ "programes i usuaris haurien d'actualitzar-se a LDAPv3. Si teniu "
+#~ "programes antics que no poden fer servir LDAPv3, seleccioneu aquesta "
+#~ "opció i s'afegirà l'opció «allow bind_v2» al vostre fitxer de "
+#~ "configuració slapd.conf."
diff --git a/debian/po/cs.po b/debian/po/cs.po
new file mode 100644
index 0000000..bfbbff7
--- /dev/null
+++ b/debian/po/cs.po
@@ -0,0 +1,512 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-22 11:49+0100\n"
+"Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
+"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
+"Language: cs\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "PÅ™eskoÄit nastavení OpenLDAP serveru?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"PÅ™istoupíte-li na tuto možnost, nevytvoří se databáze ani poÄáteÄní "
+"nastavení."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "vždy"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "v případě potřeby"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nikdy"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Při aktualizaci uložit databáze do souboru:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Před aktualizací na novější verzi serveru OpenLDAP se mohou data z LDAP "
+"adresářů vyexportovat do textových souborů ve formátu LDAP Data Interchange "
+"Format, což je standardizovaný formát pro popis těchto dat."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Výběrem „“vždy“ zajistíte, že se databáze vyexportují do souborů před každou "
+"aktualizací. Volba „v případě potřeby“ znamená, že se databáze vyexportují "
+"pouze v případě, že je formát nové databáze nekompatibilní s předchozí verzí "
+"a tudíž je potřeba data znovu nahrát. Zvolíte-li „nikdy“, data se nebudou "
+"exportovat."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Adresář pro exportované databáze:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Zadejte prosím adresář, do kterého se budou exportovat LDAP databáze. V "
+"tomto adresáři se vytvoří několik LDIF souborů odpovídajících kořenům LDAP "
+"adresářů na daném serveru. Ujistěte se, že máte na dané oblasti dostatek "
+"místa. První výskyt řetězce \"VERSION\" se nahradí verzí LDAP serveru, ze "
+"kterého aktualizujete na novější verzi."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Přesunout starou databázi?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Ve /var/lib/ldap jsou stále soubory, které pravdÄ›podobnÄ› naruší instalaÄní "
+"proces. Budete-li souhlasit, instalaÄní skripty pÅ™ed vytvoÅ™ením nové "
+"databáze nejprve přesunou staré databázové soubory na jiné místo."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Zopakovat nastavení?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Zadané nastavení není platné. Ujistěte se, že máte doménové jméno (DNS) ve "
+"správném formátu, že je vyplněné pole pro organizaci a že administrátorská "
+"hesla souhlasí. Jestliže znovu nespustíte tohoto průvodce, LDAP server "
+"nebude nakonfigurován. Budete-li chtít balík nastavit později, použijte "
+"příkaz „dpkg-reconfigure slapd“."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS název domény:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Název domény se používá pro vytvoření základního DN vašeho LDAP adresáře. "
+"Například zadáním „foo.bar.cz“ se vytvoří adresář se základním DN „dc=foo, "
+"dc=bar, dc=cz“."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Název organizace:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Zadejte prosím jméno organizace, které se použije v základním DN vašeho LDAP "
+"adresáře."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administrátorské heslo:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Zadejte prosím heslo pro administrátorský záznam v LDAP adresáři."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Potvrzení hesla:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Zadejte prosím znovu administrátorské heslo k LDAP adresáři, abyste se "
+"ujistili, že jste jej zadali správně."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Hesla nesouhlasí"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Zadaná hesla nejsou stejná. Zkuste to znovu."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Chcete pÅ™i vyÄiÅ¡tÄ›ní balíku slapd ze systému smazat i databázi?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat během aktualizace selhal"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Při pokusu o aktualizaci LDAP adresáře se vyskytla chyba."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Program „slapcat“ selhal. Tuto chybu může způsobit tÅ™eba chybný konfiguraÄní "
+"soubor. (Například pokud chybí příslušné řádky „moduleload“ pro backend "
+"databáze, která uchovává obsah LDAP adresáře.)"
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Tato chyba později způsobí také selhání příkazu „slapadd“. Staré databázové "
+"soubory budou přesunuty do /var/backups. Budete-li chtít později zkusit "
+"provést tuto aktualizaci znovu, přesuňte staré databázové soubory zpět na "
+"jejich původní místo, spravte příÄinu toho, proÄ slapcat selhal a spusÅ¥te:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Poté přesuňte databázové soubory zpět mezi zálohy a zkuste spustit slapadd z "
+"${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Databázový backend:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB i BDB ukládají data obdobně, ale HDB přidává podporu pro přejmenování "
+"podstromů. Oba backendy podporují stejné konfiguraÄní parametry."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"DoporuÄenou volbou je backend MDB. MDB používá nový formát úložiÅ¡tÄ› a "
+"vyžaduje méně nastavování než BDB enbo HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Ve všech případech byste měli zkontrolovat, zda nastavení databáze odpovídá "
+"vašim potřebám. Více informací naleznete v souboru /usr/share/doc/slapd/"
+"README.Debian.gz."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "PotenciálnÄ› nebezpeÄné nastavení přístupu slapd"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Jedna nebo více nakonfigurovaných databází obsahuje pravidlo, které umožňuje "
+"uživatelům měnit většinu jejich vlastních atributů. V závislosti na způsobu "
+"používání databáze to může být nebezpeÄné."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"V případÄ› přístupových pravidel slapd zaÄínajících „to *“ je doporuÄeno "
+"odstranit výskyty „by self write“, aby uživatelé mohli měnit pouze "
+"explicitně povolené atributy."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Více informací naleznete v /usr/share/doc/slapd/README.Debian.gz."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "přerušit instalaci"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "pÅ™esto pokraÄovat"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Je doporuÄeno aktualizovat ppolicy schéma ruÄnÄ›"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Nová verze politiky hesel (ppolicy) vyžaduje, aby schéma definovalo typ "
+"atributu pwdMaxRecordedFailure, který není v aktuálně používaném schématu "
+"přítomný. DoporuÄujeme nyní pÅ™eruÅ¡it aktualizaci a aktualizovat ppolicy "
+"schéma ruÄnÄ› pÅ™ed samotnou aktualizací slapd. Pokud využíváte replikaci, "
+"mÄ›li byste pÅ™ed pokraÄováním aktualizovat schéma na vÅ¡ech serverech."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr "Byl vytvořen LDIF soubor se změnami potřebnými pro aktualizaci:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"pokud slapd používá výchozí přístupová oprávnění, můžete změny aplikovat "
+"příkazem (po spuštění slapd):"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Jestliže se rozhodnete pokraÄovat v instalaci, bude nový typ atributu pÅ™idán "
+"automaticky, avšak slapd overlaye tuto změnu nezaregistrují a může to mít "
+"vliv i na replikaci s ostatními servery."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Povolit protokol LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Zastaralý protokol LDAPv2 je nyní v slapd implicitně zakázán. Programy i "
+#~ "uživatelé by měli přejít na LDAPv3. Máte-li staré programy, které "
+#~ "nezvládají LDAPv3, povolte tuto možnost, což do souboru slapd.conf přidá "
+#~ "řádek „allow bind_v2“."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "slurpd je zastaralý, repliky se musí znovu nastavit ruÄnÄ›"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "PÅ™i aktualizaci byla v konfiguraÄním souboru slapd nalezena nejménÄ› jedna "
+#~ "volba „replica“ pro slurpd. Protože je slurpd od OpenLDAPu verze 2.4 "
+#~ "překonaný, budete muset své repliky převést, aby místo toho používaly "
+#~ "protokol syncrepl."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Konverzi ze slurpd na protokol syncrepl (založený na technologii pull) "
+#~ "nelze provést automaticky a budete muset své replikaÄní servery nastavit "
+#~ "ruÄnÄ›. Podrobnosti naleznete na http://www.openldap.org/doc/admin24/"
+#~ "syncrepl.html."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Hodnota TLSCipherSuite se změnila"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "PÅ™i aktualizaci byla ve vaÅ¡em konfiguraÄním souboru programu slapd "
+#~ "nalezena volba „TLSCipherSuite“. Přípustné hodnoty, které můžete v této "
+#~ "volbÄ› použít, jsou urÄeny použitou implementací SSL. Ta se zmÄ›nila z "
+#~ "OpenSSL na GnuTLS, což znamená, že stávající nastavení TLSCipherSuite "
+#~ "nebude s tímto balíkem fungovat."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Toto nastavení bylo automaticky zakomentováno. Máte-li speciální "
+#~ "požadavky, které vyžadují opětovné zapnutí této volby, zjistěte si prosím "
+#~ "seznam šifer podporovaných v GnuTLS (např. příkazem „gnutls-cli -l“, "
+#~ "který se nachází v balíku gnutls-bin)."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Zazálohovat stávající databázi a vytvořit novou?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Zadali jste příponu adresáře (doménu), která neodpovídá té v souboru /etc/"
+#~ "ldap/slapd.conf. Změna přípony adresáře vyžaduje odsunutí stávající LDAP "
+#~ "databáze a vytvoÅ™ení nové. PotvrÄte prosím, zda chcete zazálohovat a "
+#~ "opustit stávající databázi."
diff --git a/debian/po/da.po b/debian/po/da.po
new file mode 100644
index 0000000..e4e3ef9
--- /dev/null
+++ b/debian/po/da.po
@@ -0,0 +1,428 @@
+# Danish translation openldap.
+# Copyright (C) 2017 openldap & nedenstående oversættere.
+# This file is distributed under the same license as the openldap package.
+# Claus Hindsgaul <claus.hindsgaul@gmail.com>, 2005, 2006.
+# Joe Hansen <joedalton2@yahoo.dk>, 2010, 2014, 2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-10 05:26+0100\n"
+"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
+"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
+"Language: da\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Undlad opsætning af OpenLDAP-server?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Hvis du aktiverer denne indstilling, vil der ikke blive oprettet en "
+"begyndelsesopsætning eller -database for dig."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "altid"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "når nødvendigt"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "aldrig"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Læg databaser i fil ved opgradering:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Inden du opgraderer til en ny version af OpenLDAP-serveren, kan dine LDAP-"
+"mappers data blive lagt som rene tekstfiler i formatet LDAP Data Interchange."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Angivelse af »altid«, vil få databaserne til at blive dumpet uden "
+"betingelser før en opgradering. Valg af »når nødvendigt« vil kun dumpe "
+"databasen, hvis den nye version er inkompatibel med det gamle "
+"databaseformat, og den skal genimporteres. Hvis du vælger »aldrig«, vil der "
+"ikke blive udført en dumpning."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Mappe til de dumpede databaser:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Angiv den mappe, LDAP-databasen skal eksporteres til. I denne mappe vil der "
+"blive oprettet adskillige LDIF-filer, som svarer til den søgedatabase, der "
+"ligger på serveren. Sørg for at du har nok fri plads på den partition, "
+"mappen ligger på. Første forekomst af strengen »VERSION« erstattes med den "
+"serverversion, du opgraderer fra."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Flyt gammel database?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Der er stadig filer i /var/lib/ldap, som sikkert vil forstyrre "
+"opsætningsprocessen. Hvis du aktiverer denne indstilling, vil "
+"vedligeholdelsesskriptene flytte de gamle filer, før de opretter en ny "
+"database."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Gentag opsætningen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Den opsætning, du har angivet, er ikke gyldig. Sørg for at DNS-domænenavnet "
+"har en gyldig syntaks, at organisationen er udfyldt, og at administrator-"
+"adgangskoderne er ens. Hvis du vælger ikke at gentage opsætningen af LDAP-"
+"serveren, vil den ikke blive sat op. Kør 'dpkg-reconfigure slapd', hvis du "
+"vil prøve igen senere."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-domænenavn:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Domænenavnet bruges til at opbygge basis-DN for din LDAP-mappe. For eksempel "
+"vil 'foo.eksempel.org' oprette mappen med 'dc=foo, dc=eksempel, dc=org' som "
+"basis-DN."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Organisationsnavn:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Indtast venligst navnet på organisationen som skal bruges i basis-DN'en på "
+"din LDAP-mappe."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administratoradgangskode:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Angiv administratoropslagets adgangskode i din LDAP-mappe."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Bekræft administratoradgangskode:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Indtast venligst administratoradgangskoden på din LDAP-mappe igen for at "
+"bekræfte, at du har tastet den korrekt."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Adgangskoderne var ikke ens"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "De to adgangskoder, du indtastede, var ikke ens. Prøv igen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Ønsker du at databasen bliver fjernet, når slapd bliver afinstalleret?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcatfejl under opgraderingen"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Der opstod en fejl under opgradering af din LDAP-mappe."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Programmet 'slapcat' fejlede under udtrækning af LDAP-mappen. Fejlen kan "
+"skyldes en fejlbehæftet opsætningsfil (f.eks. kan de korrekte "
+"'moduleloadlinjer' til understøttelse af din motors database mangle)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Denne fejl vil også senere få 'slapadd' til at fejle. De gamle databasefiler "
+"er ved at blive flyttet til /var/backups. Hvis du vil forsøge denne "
+"opgradering igen, så flyt de gamle databasefiler tilbage, ret den fejl, der "
+"fik slapcat til at fejle, og kør:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Flyt derefter databasefilerne tilbage til et sikkerhedskopiområde, og prøv "
+"at køre slapadd fra ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Databasemotor at bruge:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB og BDB bruger lignende lagerformater, men HDB tilføjer understøttelse af "
+"omdøbning af undertræer. Begge understøtter de samme "
+"konfigurationsindstillinger."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"MDB-motoren anbefales. MDB bruger et nyt lagerformat og kræver mindre "
+"konfiguration end BDB eller HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Uanset hvad bør du gennemse databasekonfigurationen for dine behov. Se /usr/"
+"share/doc/slapd/README.Debian.gz for yderligere detaljer."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Potentiel usikker slapd-adgangskontrolkonfiguration"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"En eller flere af de konfigurerede databaser har en adgangskontrolregel, som "
+"giver brugere mulighed for at ændre deres egne attributter. Dette kan være "
+"usikkert, afhængig af hvordan databasen bruges."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"I tilfældet med slapd-adgangsregler som begynder med »to *«, anbefales det "
+"at fjerne alle instanser af »by self write«, så at brugerne kun kan ændre "
+"specifikt tilladte attributter."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Se /usr/share/doc/slapd/README.Debian.gz for yderligere detaljer."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "afbryd installation"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "fortsæt alligevel"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Manuel ppolicy-skemaopdatering anbefales"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Den nye version af Password Policy-dækket (ppolicy) kræver skemaet for at "
+"definere attributtypen pwdMaxRecordedFailure, som ikke er til stede i "
+"skemaet i brug i øjeblikket. Det anbefales at afbryde opgraderingen nu, og "
+"opdatere ppolicy-skemaet før opgradering af slapd. Hvis replikering er i "
+"brug, så skal skemaopdateringen bruges på alle servere før opgraderingen "
+"fortsættes."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+"En LDIF-fil er blevet oprettet med ændringerne krævet for opgraderingen:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"så hvis slapd bruger standardreglerne for adgangskontrol, så kan disse "
+"ændringer anvendes (efter start af slapd) ved at bruge kommandoen:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Hvis du i stedet for vælger at fortsætte installationen, så vil den nye "
+"attributtype blive tilføjet automatisk, men der vil ikke blive handlet på "
+"ændringen af slapd-overdækker, og replikering med andre servere kan blive "
+"påvirket."
diff --git a/debian/po/de.po b/debian/po/de.po
new file mode 100644
index 0000000..971292e
--- /dev/null
+++ b/debian/po/de.po
@@ -0,0 +1,528 @@
+# Translation of openldap debconf templates to German
+# Copyright (C) Helge Kreutzmann <debian@helgefjell.de>, 2006-2008, 2010, 2014, 2017.
+# This file is distributed under the same license as the openldap package.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-15 14:12+0100\n"
+"Last-Translator: Helge Kreutzmann <debian@helgefjell.de>\n"
+"Language-Team: de <debian-l10n-german@lists.debian.org>\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-15\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "OpenLDAP-Server-Konfiguration auslassen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Falls Sie diese Option aktivieren, wird keine Startkonfiguration oder "
+"Datenbank für Sie erstellt."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "immer"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "wenn benötigt"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nie"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Datenbank beim Upgrade in Datei ausgeben (»dump«):"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Bevor Sie ein Upgrade auf eine neue Version des OpenLDAP-Servers "
+"durchführen, können die Daten Ihres LDAP-Verzeichnisses in reine Text-"
+"Dateien im standardisierten »LDAP Data Interchange Format« ausgegeben werden."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Die Auswahl von »immer« führt dazu, dass die Datenbanken bedingungslos vor "
+"Upgrades ausgegeben werden. Die Auswahl von »wenn benötigt« führt dazu, dass "
+"die Datenbank nur ausgegeben wird, falls die neue Version nicht mit dem "
+"alten Datenbankformat kompatibel ist und die Datenbank re-importiert werden "
+"muss. Die »nie«-Auswahl führt dazu, dass keine Ausgabe der Daten erfolgt."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Verzeichnis für Datenbank-Ausgaben (»dumps«):"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Bitte geben Sie ein Verzeichnis an, in das die Datenbanken exportiert "
+"werden. Innerhalb dieses Verzeichnisses werden mehrere LDIF-Dateien "
+"erstellt, die zu den im Server befindlichen Suchbasen korrespondieren. "
+"Stellen Sie sicher, dass Sie genug freien Platz auf der Partition haben, auf "
+"der sich das Verzeichnis befindet. Das erste Auftreten der Zeichenkette "
+"»VERSION« wird durch die Server-Version ersetzt, von der aus Sie das Upgrade "
+"durchführen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Alte Datenbank verschieben?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Es sind noch Dateien in /var/lib/ldap, die wahrscheinlich den "
+"Konfigurationsprozess durcheinander bringen werden. Wird diese Option "
+"aktiviert, dann werden die Betreuerskripte die alten Datenbankdateien "
+"beiseite schieben, bevor sie eine neue Datenbank erstellen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Konfiguration erneut versuchen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Die von Ihnen eingegebene Konfiguration ist ungültig. Stellen Sie sicher, "
+"dass der DNS-Domainname einer gültigen Syntax folgt, das Feld für die "
+"Organisation nicht leer geblieben ist und dass die Administratorpasswörter "
+"übereinstimmen. Falls Sie sich entscheiden, die Konfiguration nicht erneut "
+"zu versuchen, wird der LDAP-Server nicht eingerichtet. Führen Sie »dpkg-"
+"reconfigure slapd« aus, falls Sie die Konfiguration später erneut versuchen "
+"wollen."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-Domainname:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Der DNS-Domainname wird zur Erzeugung des Basis-DN Ihres LDAP-Verzeichnisses "
+"verwendet. Zum Beispiel erstellt »foo.example.org« das Verzeichnis mit der "
+"Basis-DN »dc=foo, dc=example, dc=org«."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Name der Organisation:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Bitte geben Sie den Namen der Organisation ein, die im Basis-DN Ihres LDAP-"
+"Verzeichnisses verwendet werden soll."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administrator-Passwort:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Bitte geben Sie das Passwort für den Administrator-Eintrag in Ihrem LDAP-"
+"Verzeichnis ein."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Passwort bestätigen:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Bitte geben Sie das Passwort für den Administrator-Eintrag Ihres LDAP-"
+"Verzeichnisses nochmal ein, um sicher zu gehen, dass Sie es richtig "
+"eingegeben haben."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Passwörter stimmen nicht überein"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"Die beiden eingegebenen Passwörter sind nicht gleich. Bitte versuchen Sie es "
+"noch einmal."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+"Soll die Datenbank entfernt werden, wenn slapd vollständig gelöscht wird?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat-Fehlschlag beim Upgrade"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr ""
+"Während des Versuchs, ein Upgrade des LDAP-Verzeichnisses durchzuführen, "
+"trat ein Fehler auf."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Das Programm »slapcat« schlug beim Versuch, das LDAP-Verzeichnis zu "
+"extrahieren, fehl. Dies könnte durch eine inkorrekte Konfigurationsdatei "
+"verursacht worden sein (beispielsweise fehlende »moduleload«-Zeilen, um die "
+"Backend-Datenbank zu unterstützen)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Dieser Fehlschlag wird später dazu führen, dass auch »slapadd« fehlschlägt. "
+"Die alten Datenbankdateien werden jetzt nach /var/backups verschoben. Falls "
+"Sie dieses Upgrade erneut versuchen wollen, sollten Sie die alten "
+"Datenbankdateien wieder zurück an ihren Platz verschieben, den Grund für den "
+"Fehlschlag von slapcat beheben und folgendes ausführen:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Verschieben Sie dann die Datenbankdateien zurück in den Sicherungsbereich "
+"und versuchen Sie, Slapadd von ${location} auszuführen."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Zu verwendendes Datenbank-Backend:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB und BDB verwenden ähnliche Speicherformate, aber HDB enthält zusätzlich "
+"Unterstützung für Teilbaum-Umbenennungen. Beide unterstützen die gleichen "
+"Konfigurationsoptionen."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"Das MDB-Backend wird empfohlen. MDB verwendet ein neues Speicherformat und "
+"benötigt weniger Konfiguration als BDB oder HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"In jedem Fall sollten Sie die erstellte Datenbankkonfiguration im Hinblick "
+"auf Ihre Anforderungen prüfen. Lesen Sie /usr/share/doc/slapd/README.Debian."
+"gz für weitere Details."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Möglicherweise unsichere Slapd-Zugriffssteuerkonfiguration"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Eine oder mehrere der konfigurierten Datenbanken hat eine "
+"Zugriffssteuerregel, die Benutzern erlaubt, die meisten ihrer eigenen "
+"Konfigurationsoptionen zu verändern. Dies kann unsicher sein, abhängig "
+"davon, wie die Datenbank verwandt wird."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"Im Falle der mit »to *« beginnenden Slapd-Zugriffsregeln, wird empfohlen, "
+"alle Instanzen von »by self write« zu entfernen, so dass Benutzer nur in der "
+"Lage sind, speziell erlaubte Attribute zu ändern."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Lesen Sie /usr/share/doc/slapd/README.Debian.gz für weitere Details."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "Installation abbrechen"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "Trotzdem fortfahren"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Manuelle Aktualisierung des Ppolicy-Schematas empfohlen"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Die neue Version der Passwort-Richtlinien-Einblendung (Ppolicy) verlangt, "
+"dass im Schema der Attributstyp pwdMaxRecordedFailure definiert wird, der im "
+"aktuell benutzten Schema nicht vorhanden ist. Es wird empfohlen, die "
+"Aktualisierung jetzt abzubrechen und das Ppolicy-Schema zu aktualisieren, "
+"bevor das Upgrade von Slapd durchgeführt wird. Falls Replizierung verwandt "
+"wird, sollte die Schema-Aktualisierung auf jedem Server angewandt werden, "
+"bevor mit dem Upgrade fortgefahren wird."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+"Eine LDIF-Datei wurde mit den für das Upgrade benötigten Änderungen erstellt:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"Falls Slapd daher die Standardzugriffssteuerungsregeln verwendet, können "
+"diese Änderungen (nach dem Start von Slapd) mittels des folgenden Befehls "
+"angewandt werden:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Falls Sie sich stattdessen entscheiden, mit der Installation fortzufahren, "
+"wird der neue Attributstyp automatisch hinzugefügt, aber auf die Änderung "
+"wird nicht durch die Slapd-Überblendungen reagiert und die Replizierung mit "
+"anderen Servern könnte betroffen sein."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "LDAPv2-Protokoll erlauben?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Das veraltete LDAPv2-Protokoll ist standardmäßig in slapd deaktiviert. "
+#~ "Programme und Benutzer sollten ein Upgrade auf LDAPv3 durchführen. Falls "
+#~ "Sie alte Programme haben, die LDAPv3 nicht benutzen können, sollten Sie "
+#~ "diese Option wählen und »allow bind_v2« wird zu der Datei slapd.conf "
+#~ "hinzugefügt."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "Slurpd ist veraltet; Replikas müssen von Hand rekonfiguriert werden"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "In Ihrer Konfiguration wurde beim Upgrade eine oder mehrere »replica«-"
+#~ "Optionen gefunden. Da slurpd beginnend mit OpenLDAP 2.4 veraltet ist, "
+#~ "müssen Sie Ihre Repliken auf die Verwendung des Syncrepl-Protokolls "
+#~ "migrieren."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Die Umstellung von slurpd auf das »pull«-basierte Syncrepl-Protokoll kann "
+#~ "nicht automatisch geschehen und Sie müssen Ihre Repliken-Server von Hand "
+#~ "konfigurieren. Bitte lesen Sie http://www.openldap.org/doc/admin24/"
+#~ "syncrepl.html für Details."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "TLSCipherSuite-Werte haben sich geändert"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Eine Option »TLSCipherSuite« wurde beim Upgrade in Ihrer Slapd-"
+#~ "Konfiguration gefunden. Die erlaubten Werte hierfür hängen von der "
+#~ "verwendeten SSL-Implementation ab, die von OpenSSL auf GnuTLS geändert "
+#~ "wurde. Im Ergebnis werden Ihre existierenden TLSCipherSuite-Einstellungen "
+#~ "nicht mit diesem Paket funktionieren."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Diese Einstellung wurde für Sie automatisch auskommentiert. Falls Sie "
+#~ "spezielle Anforderung an die Verschlüsselung haben, bei denen diese "
+#~ "Option wieder aktiviert werden muss, lesen Sie die Ausgabe von »gnutls-"
+#~ "cli -l« aus dem Paket Gnutls-bin für die Liste der von GnuTLS "
+#~ "unterstützen Chiffren."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Die aktuelle Datenbank sichern und eine neue erstellen?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Die von Ihnen angegebene Verzeichnisendung (Domain) passt nicht zu der "
+#~ "aktuell in /etc/ldap/slapd.conf eingetragenen. Eine Änderung der "
+#~ "Verzeichnisendung verlangt, dass die aktuelle LDAP-Datenbank beiseite "
+#~ "geschoben und eine neue erstellt wird. Bitte bestätigen Sie, ob Sie die "
+#~ "aktuelle Datenbank sichern und aufgeben wollen."
diff --git a/debian/po/es.po b/debian/po/es.po
new file mode 100644
index 0000000..6a5093c
--- /dev/null
+++ b/debian/po/es.po
@@ -0,0 +1,538 @@
+# openldap po-debconf translation to Spanish
+# Copyright 2006 Rudy Godoy <rudy@kernel-panik.org>
+# Copyright 2008 Steve Langasek <vorlon@debian.org>
+# Copyright (C) 2009, 2010 Software in the Public Interest
+# This file is distributed under the same license as the openldap package.
+#
+# Changes:
+# - Initial translation
+# Rudy Godoy <rudy@kernel-panik.org>, 2006
+#
+# - Reviewer
+# Javier Fernandez-Sanguino
+#
+# - Updates
+# Steve Langasek <vorlon@debian.org>, 2008
+# Francisco Javier Cuadrado <fcocuadrado@gmail.com>, 2009, 2010
+# Camaleón <noelamac@gmail.com>, 2014
+#
+# Traductores, si no conocen el formato PO, merece la pena leer la
+# documentación de gettext, especialmente las secciones dedicadas a este
+# formato, por ejemplo ejecutando:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Equipo de traducción al español, por favor lean antes de traducir
+# los siguientes documentos:
+#
+# - El proyecto de traducción de Debian al español
+# http://www.debian.org/intl/spanish/coordinacion
+# especialmente las notas de traducción en
+# http://www.debian.org/intl/spanish/notas
+#
+# - La guía de traducción de po's de debconf:
+# /usr/share/doc/po-debconf/README-trans
+# o http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.23-3exp1\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2014-11-20 17:45+0100\n"
+"Last-Translator: Camaleón <noelamac@gmail.com>\n"
+"Language-Team: Debian Spanish <debian-l10n-spanish@lists.debian.org>\n"
+"Language: es\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Virtaal 0.7.1\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "¿Desea omitir la configuración del servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"No se creará la configuración ni la base de datos inicial si habilita esta "
+"opción."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "siempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "cuando se necesite"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nunca"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Volcar las bases de datos a un fichero al actualizar:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Antes de que actualice a una nueva versión del servidor OpenLDAP, se puede "
+"volcar la información de sus directorios LDAP en ficheros de texto plano en "
+"el formato estandarizado «LDAP Data Interchange Format» (formato de "
+"intercambio de datos de LDAP)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Si selecciona «siempre» se volcarán sus bases de datos de forma "
+"incondicional antes de cada actualización. Si selecciona «cuando se "
+"necesite» sólo se hará un volcado si la nueva versión es incompatible con el "
+"formato de la base de datos antigua y la información se debe volver a "
+"importar. Si selecciona «nunca» no se hará ningún volcado."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directorio donde volcar las bases de datos:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Especifique el directorio donde se exportarán las bases de datos de LDAP. En "
+"éste se crearán diversos ficheros LDIF que corresponden a las bases de datos "
+"ubicadas en el servidor. Asegúrese de que tiene suficiente espacio libre en "
+"la partición donde se ubica el directorio. La primera ocurrencia de la "
+"cadena «VERSION» se reemplaza con la versión del servidor desde la cual va a "
+"actualizar."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "¿Desea mover la base de datos antigua?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Existen ficheros en «/var/lib/ldap» que probablemente interrumpan el proceso "
+"de configuración. Si activa esta opción, se moverán los ficheros de las "
+"bases de datos antiguas antes de crear una nueva base de datos."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "¿Desea volver a intentar la configuración?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"La configuración que ha introducido no es válida. Asegúrese de que el nombre "
+"de dominio DNS es válido, que el campo de la organización no está en blanco "
+"y que las claves del administrador coinciden. El servidor LDAP quedará sin "
+"configurar si decide no volver a intentar la configuración. Ejecute «dpkg-"
+"reconfigure slapd» si desea volver a intentarlo más tarde."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Introduzca el nombre de dominio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"El nombre de dominio DNS se utiliza para construir el DN base del directorio "
+"LDAP. Por ejemplo, si introduce «foo.example.org» el directorio se creará "
+"con un DN base de «dc=foo, dc=example, dc=org»."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nombre de la organización:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Introduzca el nombre de la organización a utilizar en el DN base del "
+"directorio LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Contraseña del administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Introduzca la contraseña para la entrada de administrador de su directorio "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirme la contraseña:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Introduzca de nuevo la misma contraseña de administrador para su directorio "
+"LDAP para verificar que la introdujo correctamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Las contraseñas no coinciden"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"Las dos contraseñas que ha introducido son distintas. Inténtelo de nuevo."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+"¿Desea que se borre la base de datos cuando se purgue el paquete slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "fallo de slapcat durante la actualización"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Se produjo un error mientras se actualizaba su directorio LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"El programa «slapcat» falló mientras extraía el directorio LDAP. Este fallo "
+"puede deberse a un fichero de configuración incorrecto (por ejemplo, que "
+"falte alguna línea «moduleload» necesaria para el motor del base de datos)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Este fallo hará que también falle «slapadd» más adelante. Se van a mover los "
+"ficheros de la base de datos antigua a «/var/backups». Si desea volver a "
+"intentar la actualización debe mover los ficheros de la base de datos a su "
+"ubicación normal, arreglar lo que hizo que fallara «slapcat» y ejecutar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Mueva los ficheros de la base de datos de nuevo al área de la copia de "
+"seguridad e intente ejecutar «slapadd» desde «${location}»."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Motor de base de datos a utilizar:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"Los motores HDB y BDB utilizan formatos de almacenamiento semejantes, pero "
+"HDB permite realizar cambios de nombre de subárboles («subtree renames»). "
+"Los dos permiten las mismas opciones de configuración."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"Se recomienda utilizar MDB. El motor MDB utiliza un nuevo formato de "
+"almacenamiento y requiere menos configuración que BDB o HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"En cualquier caso, debe revisar la configuración de la base de datos. "
+"Consulte «/usr/share/doc/slapd/README.Debian.gz» para más detalles."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Configuración potencialmente insegura en el control de acceso de slapd"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Una o varias de las bases de datos configuradas contiene una regla de "
+"control de acceso que permite a los usuarios modificar la mayoría de sus "
+"propios atributos. Esta configuración puede ser insegura dependiendo de cómo "
+"se utilice la base de datos."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"Se recomienda que elimine cualquier instancia «by self write» en las reglas "
+"de acceso de slapd que empiecen con «to *» para que los usuarios sólo puedan "
+"modificar los atributos que se hayan permitido expresamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Consulte «/usr/share/doc/slapd/README.Debian.gz» para más detalles."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr ""
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "¿Desea permitir el protocolo LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "El protocolo obsoleto LDAPv2 se ha desactivado de manera predeterminada "
+#~ "en slapd. Los programas y los usuarios deberían actualizarse a LDAPv3. "
+#~ "Debe seleccionar esta opción si aún tiene programas antiguos que no "
+#~ "utilicen LDAPv3. Si lo hace, se añadirá la opción «allow bind_v2» al "
+#~ "fichero de configuración «slapd.conf»."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "slurpd es obsoleto; hay que configurar las réplicas a mano"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Se han encontrado una o más opciones de «replica» de slurpd en la "
+#~ "configuración de slapd durante la actualización. Ya que slurpd está "
+#~ "obsoleto desde la versión 2.4 de OpenLDAP, tendrá que migrar sus réplicas "
+#~ "para utilizar el protocolo syncrepl."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "La conversión desde slurpd al protocolo syncrepl no se puede realizar "
+#~ "automáticamente y tendrá que configurar sus servidores de réplica a mano. "
+#~ "Visite «http://www.openldap.org/doc/admin24/syncrepl.html» para más "
+#~ "información."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Los valores de TLSCipherSuite han cambiado"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Se ha encontrado una opción «TLSCipherSuite» en la configuración de slapd "
+#~ "durante la actualización. Los valores permitidos para esta opción vienen "
+#~ "determinados por la implementación de SSL utilizada, que ha cambiado de "
+#~ "OpenSSL a GnuTLS. Como resultado, su configuración actual de "
+#~ "TLSCipherSuite no funcionará con este paquete."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Este valor se ha comentado automáticamente. Si necesita alguna opción de "
+#~ "cifrado específica que requiera esta reactivar esta opción, consulte la "
+#~ "salida de «gnutls -cli -l», del paquete gnutls-bin, para la lista de "
+#~ "cifrados que puede utilizar GnuTLS."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr ""
+#~ "¿Desea crear una copia de seguridad de la base de datos actual y crear "
+#~ "una nueva?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "El sufijo de directorio (dominio) que ha especificado no coincide con el "
+#~ "que ahora está definido en «/etc/ldap/slapd.conf». Debe mover la base de "
+#~ "datos LDAP actual y crear una nueva si cambia el sufijo del directorio. "
+#~ "¿Está seguro de que quiere hacer una copia de seguridad de la base de "
+#~ "datos actual y dejar de utilizarla?"
diff --git a/debian/po/eu.po b/debian/po/eu.po
new file mode 100644
index 0000000..43b83b8
--- /dev/null
+++ b/debian/po/eu.po
@@ -0,0 +1,448 @@
+# Basque translation for openldap_2.4.40-2_eu.po
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Piarres Beobide <pi@beobide.net>, 2008.
+# Iñaki Larrañaga Murgoitio <dooteo@zundan.com>, 2010, 2014, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap_2.4.40-2_eu\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-10 12:14+0100\n"
+"Last-Translator: Iñaki Larrañaga Murgoitio <dooteo@zundan.com>\n"
+"Language-Team: Basque <debian-l10n-basque@lists.debian.org>\n"
+"Language: eu\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.5\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Ez konfiguratu OpenLDAP zerbitzaria?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Aukera hau gaitzen baduzu, ez da hasierako konfigurazio edo datu-baserik "
+"sortuko."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "beti"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "beharrezkoa denean"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "inoiz ere ez"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Irauli datu-baseak fitxategi batetara bertsio-berritzean:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"OpenLDAP zerbitzariaren bertsio berri batetara bertsio-berritu aurretik, "
+"zure LDAP direktorioak testu lau fitxategietara irauliko dira LDAPen datuen "
+"elkartrukatzeko formatu estandarra erabiliz."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"\"Beti\" hautatzean, datu-baseak baldintzarik gabe irauliko dira bertsio-"
+"berritze baten aurretik. \"Beharrezkoa denean\" hautatuz, bertsio berria "
+"datu-base zaharraren formatuarekin bateragarria ez denean eta berriro "
+"inportatu behar denean bakarrik irauliko da datu-basea. \"Inoiz ere ez\" "
+"hautatzen baduzu, inoiz ez da datu-basea irauliko."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Datu-baseak iraultzean erabiliko den direktorioa:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Zehaztu LDAP esportatzeko erabiliko den direktorioa. Direktorio honetan "
+"zerbitzariko datu-base ezberdinei dagozkien LDIF fitxategiak sortuko dira. "
+"Ziurtatu zaitez direktorioaren partizioan behar duzun bezainbeste leku libre "
+"duzula. \"VERSION\" katearen lehenengo agerpena zerbitzariaren jatorrizko "
+"bertsio zenbakiagatik ordeztuko da."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Aldatu datu-base zaharra lekuz?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Konfigurazioko prozesua apur dezaketen fitxategiak daude oraindik /var/lib/"
+"ldap direktorioan. Aukera hau gaitzen baduzu mantentzailearen script-ek datu-"
+"base zaharreko fitxategiak hortik kenduko ditu datu-base berria sortu "
+"aurretik."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Berriz saiatu konfigurazioa egiten?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Zuk sartutako konfigurazioa baliogabea da. Ziurtatu DNSaren domeinu-izena "
+"sintaktikoki zuzena dela, erakundeari dagokion eremua ezin da hutsik egon "
+"eta LDAPeko administratzailearen pasahitzak berdinak izan behar dira. "
+"Konfigurazioa ez berregitea hautatzen baduzu, LDAP zerbitzaria ez da "
+"konfiguratuko. Beranduago konfigurazioa egin nahi izanez gero, exekutatu "
+"'dpkg-reconfigure slapd'."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNSaren domeinu-izena:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNSaren domeinu-izena LDAP direktorioaren DN oinarria eraikitzeko erabiliko "
+"da. Adibidez, 'proba.adibide.org' erabiliz DN oinarri gisa 'dc=proba, "
+"dc=example, dc=org' edukiarekin sortuko du direktorioa."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Erakundearen izena:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Idatzi LDAP direktorioko DN oinarrian erabiliko den erakundearen izena."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administratzailearen pasahitza:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Idatzi LDAP direktorioko administratzailearen sarrerarako pasahitza."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Berretsi pasahitza:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Idatzi LDAP direktorioko administratzailearen sarrerarako pasahitza berriro "
+"ondo idatzi duzula ziurtatzeko."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Pasahitzak ez dira berdinak"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Idatzitako bi pasahitzak ez dira berdinak. Saiatu berriro."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Slapd kentzen bada, datu-basea ere ezabatzea nahi duzu?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat-ek huts egin du bertsio-berritzean"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Errorea gertatu da LDAP direktorioa bertsio-berritzean."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"'slapcat' programak huts egin du LDAP direktorioa erauztean. Konfigurazioko "
+"fitxategia oker egoteagatik gerta daiteke (adibidez, datu-basearen motorra "
+"onartzeko 'moduleload' lerroak falta badira)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Hutsegite honek 'slapdd'-ek lehenago edo beranduago hutsegitea eragingo du. "
+"Datu-base zaharra /var/backups karpetara eramango da. Bertsio-berritze hau "
+"berriro saiatzea nahi izanez gero, datu-base zaharreko fitxategiak aurreko "
+"kokalekura eraman beharko dituzu. Konpondu slapcat-en hutsegitea eragin "
+"duena eta exekutatu honako komandoa:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Ondoren, eraman datu-basearen fitxategiak babeskopiako kokaleku batera, eta "
+"saiatu slapadd ${location}(e)tik exekutatzen."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Datu-basearen motorra:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB eta BDB motorrek antzeko biltegiratze formatuak erabiltzen dituzte, "
+"baina HDB-ek azpizuhaitzak berrizendatzeko euskarria dauka. Biek "
+"konfigurazioko aukera berdinak onartzen dituzte."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"MDB motorra gomendatzen da. MDB-ek biltegiratze formatu berri bat erabiltzen "
+"du, eta BDB edo HDB baino konfigurazio gutxiago eskatzen du."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Edozein kasutan, sortutako datu-basearen konfigurazioa gainbegiratu beharko "
+"zenuke zure beharrei erantzuten diela ziurtatzeko. Irakurri /usr/share/doc/"
+"slapd/README.Debian.gz xehetasun gehiagorako."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Potentzialki ez-segurua den slapd atzitzeko kontrolaren konfigurazioa"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Konfiguratutako datu-base batek (edo gehiagok) erabiltzaileek beraien "
+"atributu gehienak aldatzeko baimentzen duen atzipeneko kontrol-arau bat du. "
+"Hau ez-segurua izan daiteke, datu-basea nola erabiltzen den arabera."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"slapd-ren \"to *\"-rekin hasten diren atzipen arauen kasuan, \"by self write"
+"\"-ren instantziak kentzea gomendatzen da. Horrela, erabiltzaileek bereziki "
+"baimendutako atributuak soilik alda ditzakete."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Irakurri /usr/share/doc/slapd/README.Debian.gz xehetasun gehiagorako."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "utzi bertan behera instalazioa"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "jarraitu dena den"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "ppolicy eskema eskuz eguneratzea gomendatzen da"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Pasahitzen politikaren (Password Policy, ppolicy) gainjarpenaren bertsio "
+"berriak eskema behar du, erabiltzen ari den uneko eskeman aurkitzen ez den "
+"\"pwdMaxRecordedFailure\" atributu mota definitzeko. Bertsio-berritzea "
+"oraintxe bertan behera botatzea gomendatzen da, eta \"ppolicy\" eskema "
+"eguneratu slapd bertsio-berritu aurretik. Erreplikazioa erabiltzen ari bada, "
+"eskemaren eguneraketa zerbitzari bakoitzean aplikatu beharko litzateke "
+"bertsio-berritzearekin jarraitu aurretik."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+"LDIF fitxategia sortu da bertsio-berritzeak eskatzen dituen aldaketekin:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"'slapd'-ek sarbidetzaren kontrolaren arau lehenetsiak erabiltzen baditu, "
+"aldaketa hauek aplikatzeko (slapd abiarazi ostean) erabili komando hau:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Horren ordez, instalazioarekin aurrera jarraitzea erabakitzen baduzu, "
+"atributu mota berria automatikoki gehituko da, baina aldaketak ez du "
+"eraginik izango slapd-ren gainjarpenetan, eta beste zerbitzariekin "
+"erreplikazioek eragina jasan dezakete."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Onartu LDAPv2 protokoloa?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Lehenespenez slapd-en LDAPv2 protokolo zaharkitua desgaituta dago. "
+#~ "Programa eta erabiltzaileak LDAPv3-ra migratu beharko lirateke. Hautatu "
+#~ "aukera hau baldin eta LDAPv3 erabili ezin duten programa zaharrak "
+#~ "badituzu, eta slapd.conf fitxategiari 'allow bind_v2' gehituko zaio."
diff --git a/debian/po/fi.po b/debian/po/fi.po
new file mode 100644
index 0000000..dbb0809
--- /dev/null
+++ b/debian/po/fi.po
@@ -0,0 +1,509 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2008-04-09 20:55+0200\n"
+"Last-Translator: Esko Arajärvi <edu@iki.fi>\n"
+"Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n"
+"Language: fi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Finnish\n"
+"X-Poedit-Country: FINLAND\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Ohitetaanko OpenLDAP-palvelimen asetus?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr "Jos valitset tämän vaihtoehdon, asetuksia ja tietokantaa ei luoda."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "aina"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "tarvittaessa"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "ei koskaan"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Vedosta tietokannat tiedostoon päivitettäessä:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Ennen päivitystä OpenLDAP-palvelimen uuteen versioon, LDAP-hakemistoista "
+"voidaan tallentaa vedos standardissa LDAP-tiedonsiirtomuodossa oleviin "
+"tekstitiedostoihin."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Valinta â€aina†merkitsee, että tietokannat vedostetaan tilanteesta "
+"riippumatta ennen päivitystä. Valinta â€tarvittaessa†merkitsee, että "
+"tietokannoista otetaan vedos vain, jos uusi versio ei ole yhteensopiva "
+"vanhan tietokantamuodon kanssa ja tiedot tulee tuoda kantaan uudelleen. "
+"Valittaessa â€ei koskaan†vedostusta ei tehdä."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Tietokantavedosten hakemisto:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Anna hakemisto, johon LDAP-tietokannat vedostetaan. Hakemistoon luodaan "
+"useita LDIF-tiedostoja, joiden sisältö vastaa palvelimen hakukantoja. "
+"Varmista, että valitulla levyosiolla on tarpeeksi vapaata tilaa. Merkkijonon "
+"â€VERSION†ensimmäinen esiintymä korvataan päivitettävän palvelimen "
+"versionumerolla."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Siirretäänkö vanha tietokanta?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Hakemistossa /var/lib/ldap on vielä tiedostoja ja ne luultavasti hajoavat "
+"asetusprosessissa. Jos valitset tämän vaihtoehdon, vanhat "
+"tietokantatiedostot siirretään syrjään ennen uuden tietokannan luomista."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Yritetäänkö asetusten tekoa uudelleen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+#, fuzzy
+#| msgid ""
+#| "The configuration you entered is invalid. Make sure that the DNS domain "
+#| "name is syntactically valid, the organization is not left empty and the "
+#| "admin passwords match. If you decide not to retry the configuration the "
+#| "LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want "
+#| "to retry later."
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Antamasi asetukset ovat epäkelpoja. Varmista, että DNS-aluenimen syntaksi on "
+"oikea, organisaatiokenttä ei ole tyhjä ja että ylläpitosalasanat täsmäävät. "
+"Jos päätät olla yrittämättä asetusten tekemistä uudelleen, LDAP-palvelimen "
+"asetukset eivät ole valmiit. Voit tehdä asetukset myöhemmin ajamalla "
+"komennon â€dpkg-reconfigure slapdâ€."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-aluenimi:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNS-aluenimeä käytetään perus-DN:n (erittelevä nimi) luomisessa LDAP-"
+"hakemistolle. Esimerkiksi â€foo.esimerkki.fi†luo hakemiston, jonka perus-DN "
+"on â€dc=foo, dc=esimerkki, dc=fiâ€."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Organisaation nimi:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr "Anna LDAP-hakemiston perus-DN:ssä käytettävä organisaation nimi."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Ylläpitosalasana:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Anna LDAP-hakemiston ylläpitosalasana."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Vahvista salasana:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Syötä LDAP-hakemiston ylläpitosalasana uudelleen varmistaaksesi, että "
+"kirjoitit sen oikein."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Salasanat eivät täsmää"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Syöttämäsi kaksi salasanaa eivät olleet sama. Yritä uudelleen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Haluatko, että tietokanta poistetaan siivottaessa paketti slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Toimintahäiriö ohjelmassa slapcat päivityksen aikana"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Päivitettäessä LDAP-hakemistoa tapahtui virhe."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"LDAP-hakemiston tuottavassa ohjelmassa â€slapcat†tapahtui toimintahäiriö. "
+"Tämä saattaa johtua virheellisestä asetustiedostosta (esimerkiksi "
+"puuttuvista, taustatietokannan tuen lisäävistä â€moduleloadâ€-riveistä)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Tämän toimintahäiriön takia ohjelmassa â€slapadd†tulee myöhemmin ilmenemään "
+"toimintahäiriö. Vanhat tietokantatiedostot siirretään hakemistoon /var/"
+"backups. Jos haluat yrittää päivittämistä uudelleen, vanhat "
+"tietokantatiedostot tulisi siirtää takaisin paikoilleen, korjata "
+"toimintahäiriön aiheuttanut virhe ja ajaa:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+#, fuzzy
+#| msgid ""
+#| "Then move the database files back to a backup area and then try running "
+#| "slapadd from $location."
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Siirrä tämän jälkeen tietokantatiedostot takaisin varmuuskopiohakemistoon ja "
+"aja slapadd sijainnista $location."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Käytettävä taustatietokanta:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+#, fuzzy
+#| msgid ""
+#| "The HDB backend is recommended. HDB and BDB use similar storage formats, "
+#| "but HDB adds support for subtree renames. Both support the same "
+#| "configuration options."
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB-taustatietokantaa suositellaan. HDB ja BDB käyttävät samantapaisia "
+"tallennusmuotoja, mutta HDB tukee lisäksi puun osien uudelleennimeämistä. "
+"Molemmat tukevat samoja asetusvalintoja."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+#, fuzzy
+#| msgid ""
+#| "The HDB backend is recommended. HDB and BDB use similar storage formats, "
+#| "but HDB adds support for subtree renames. Both support the same "
+#| "configuration options."
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"HDB-taustatietokantaa suositellaan. HDB ja BDB käyttävät samantapaisia "
+"tallennusmuotoja, mutta HDB tukee lisäksi puun osien uudelleennimeämistä. "
+"Molemmat tukevat samoja asetusvalintoja."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+#, fuzzy
+#| msgid ""
+#| "In either case, you should review the resulting database configuration "
+#| "for your needs. See /usr/share/doc/slapd/README.DB_CONFIG.gz for more "
+#| "details."
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Joka tapauksessa tulisi tarkistaa, että tuloksena olevat tietokanta-"
+"asetukset vastaavat tarpeita. Tiedostosta /usr/share/doc/slapd/README."
+"DB_CONFIG.gz löytyy lisätietoja (englanniksi)."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr ""
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Sallitaanko LDAPv2-yhteyskäytäntö?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Vanhentunut LDAPv2-yhteyskäytäntö on slapdissa oletuksena poissa "
+#~ "käytöstä. Järjestelmät ja ohjelmat päivittää käyttämään LDAPv3:a. Jos "
+#~ "jotkin vanhat ohjelmat eivät voi käyttää LDAPv3-yhteyskäytäntöä, valitse "
+#~ "tämä lisätäksesi asetuksen â€allow bind_v2†tiedostoon slapd.conf"
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr ""
+#~ "slurpd on vanhentunut; kopioiden asetukset tulee tehdä käsin uudelleen"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Päivitettäessä slapdin asetuksista löytyi yksi tai useampia â€replicaâ€-"
+#~ "asetuksia. Koska slurpd on vanhentunut OpenLDAPin versiosta 2.4 alkaen, "
+#~ "tulee kopiot vaihtaa käyttämään syncrepl-yhteyskäytäntöä."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Muunnosta slurpdista vetoon perustuvaan syncrepl-yhteyskäytäntöön ei "
+#~ "voida tehdä automaattisesti ja kopiopalvelimien asetukset tulee tehdä "
+#~ "käsin. Lisätietoja (englanniksi) löytyy tiedostosta http://www.openldap."
+#~ "org/doc/admin24/syncrepl.html."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "TLSCipherSuite-arvot ovat muuttuneet"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Asetus â€TLSCipherSuite†löydettiin päivitettäessä slapdin asetuksista. "
+#~ "Tämän asetuksen sallitut arvot riippuvat käytetystä SSL-toteutuksesta. "
+#~ "Käytetty toteutus on vaihdettu OpenSSL:stä GnuTLS:ään. Tämän seurauksena "
+#~ "nykyinen TLSCipherSuite-asetus ei toimi tämän paketin kanssa."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Tämä asetus on automaattisesti kommentoitu pois käytöstä. Jos on tarpeen "
+#~ "asettaa tietty salaus tällä asetuksella, lista GnuTLS:n tukemista "
+#~ "salauksista voidaan tulostaa paketin gnutls-bin avulla komennolla â€gnutls-"
+#~ "cli -lâ€."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Tehdäänkö nykyisestä tietokannasta varmuuskopio ja luodaanko uusi?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Annettu hakemistopääte (verkkotunnus) ei täsmää tiedostossa /etc/ldap/"
+#~ "slapd.conf olevaan. Hakemistopäätteen muuttaminen vaatii, että nykyinen "
+#~ "LDAP-tietokanta siirretään syrjään ja luodaan uusi. Vahvista haluatko "
+#~ "tehdä tehdä varmuuskopion nykyisestä tietokannasta ja hylätä sen."
diff --git a/debian/po/fr.po b/debian/po/fr.po
new file mode 100644
index 0000000..214e9a3
--- /dev/null
+++ b/debian/po/fr.po
@@ -0,0 +1,532 @@
+# Translation of openldap debconf templates to French
+# Copyright (C) 2006-2010 Christian Perrier <bubulle@debian.org>
+# This file is distributed under the same license as the openldap package.
+#
+#
+# Christian Perrier <bubulle@debian.org>, 2006-2010, 2014.
+# Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-21 16:28+0100\n"
+"Last-Translator: Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>\n"
+"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.5\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Voulez-vous omettre la configuration d'OpenLDAP ?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Si vous choisissez cette option, aucune configuration par défaut et aucune "
+"base de données ne seront créées."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "Toujours"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "Lorsque nécessaire"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "Jamais"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr ""
+"Sauvegarde des bases de données dans un fichier pour la mise à niveau :"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Avant la mise à niveau du serveur OpenLDAP, les données des annuaires LDAP "
+"peuvent être exportées dans des fichiers au format texte LDIF (« LDAP Data "
+"Interchange Format » : format d'échange de données LDAP)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Si vous choisissez l'option « Toujours », les données seront "
+"systématiquement exportées avant une mise à niveau. Si vous choisissez "
+"« Lorsque nécessaire », elles ne seront exportées que lorsque la nouvelle "
+"version utilisera un format incompatible avec l'ancienne, ce qui imposera de "
+"réimporter les données. Si vous choisissez « Jamais », les données ne seront "
+"jamais exportées."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Répertoire où exporter les bases de données :"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Veuillez indiquer le répertoire où les bases de données LDAP seront "
+"exportées. Plusieurs fichiers LDIF seront créés dans ce répertoire. Ils "
+"correspondent aux bases de recherche présentes sur le serveur. Veuillez "
+"vérifier que la partition où se trouve ce répertoire comporte suffisamment "
+"de place disponible. La première occurrence de « VERSION » dans le nom de ce "
+"répertoire sera remplacée par la version d'OpenLDAP utilisée avant la mise à "
+"niveau."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Faut-il déplacer l'ancienne base de données ?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Des fichiers présents dans /var/lib/ldap vont probablement provoquer l'échec "
+"de la procédure de configuration. Si vous choisissez cette option, les "
+"scripts de configuration déplaceront les anciens fichiers des bases de "
+"données avant de créer une nouvelle base de données."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Faut-il recommencer la configuration ?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"La configuration que vous avez indiquée n'est pas valable. Veuillez vérifier "
+"que le nom de domaine DNS utilise une syntaxe correcte, que « organisation » "
+"n'est pas vide et que les mots de passe d'administrateur correspondent. Si "
+"vous choisissez de ne pas recommencer la configuration, le serveur LDAP ne "
+"sera pas configuré. Si vous voulez recommencer ce processus, utilisez la "
+"commande « dpkg-reconfigure slapd »."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nom de domaine :"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Le nom de domaine DNS est utilisé pour établir le nom distinctif de base "
+"(« base DN » ou « Distinguished Name ») de l'annuaire LDAP. Par exemple, si "
+"vous indiquez « toto.example.org » ici, le nom distinctif de base sera "
+"« dc=toto, dc=example, dc=org »."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nom d'entité (« organization ») :"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Veuillez indiquer la valeur qui sera utilisée comme nom d'entité "
+"(« organization ») dans le nom distinctif de base de l'annuaire LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Mot de passe de l'administrateur :"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Veuillez indiquer le mot de passe de l'administrateur de l'annuaire LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Mot de passe de l'administrateur :"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Veuillez entrer à nouveau le mot de passe de l'administrateur de l'annuaire "
+"LDAP afin de vérifier qu'il a été saisi correctement."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Erreur de saisie du mot de passe"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"Les deux mots de passe que vous avez entrés sont différents. Veuillez "
+"recommencer."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Faut-il supprimer la base de données lors de la purge du paquet ?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Échec de slapcat durant la mise à niveau"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Une erreur s'est produite lors de la mise à niveau de l'annuaire LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Le programme « slapcat » a échoué en extrayant les données du répertoire "
+"LDAP. Cela peut être dû à un fichier de configuration non valable (par "
+"exemple l'absence de lignes « moduleload » permettant de gérer les divers "
+"types de bases de données)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Cet échec provoquera l'échec ultérieur de « slapadd ». Les anciens fichiers "
+"de bases de données seront déplacés dans /var/backups. Si vous souhaitez "
+"tenter à nouveau la mise à jour, vous devrez les remettre en place, corriger "
+"l'erreur qui a provoqué l'échec de slapcat et utiliser la commande suivante :"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Déplacez ensuite les bases de données vers un emplacement de sauvegarde et "
+"tentez d'utiliser la commande « slapadd » depuis ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Module de base de données à utiliser :"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB et BDB utilisent des formats de stockage analogues. Par contre, HDB gère "
+"les renommages de sous-arbres. Les deux formats utilisent les mêmes options "
+"de configuration."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"Le module MDB est recommandé. Il utilise un nouveau format de stockage et "
+"est plus simple à configurer que BDB ou HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Quel que soit votre choix, vous devriez vérifier les options de "
+"configuration de la base de données. Pour plus d'informations, veuillez "
+"consulter le fichier /usr/share/doc/slapd/README.Debian.gz."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Configuration potentiellement peu sûre du contrôle d'accès de slapd"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Une ou plusieurs des bases de données configurées comportent une règle de "
+"contrôle d'accès qui permet aux utilisateurs de modifier un ou plusieurs de "
+"leurs propres paramètres. Cela peut être peu sûr, selon la façon dont la "
+"base de données est configurée."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"Pour les règles d'accès à slapd qui commencent par « to * », il est "
+"recommandé de supprimer toute occurrence de « by self write », afin que les "
+"utilisateurs ne puissent modifier que des paramètres explicitement autorisés."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Veuillez consulter le fichier /usr/share/doc/slapd/README.Debian.gz pour "
+"plus d'informations."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "Abandonner l'installation"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "Continuer quand même"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Mise à jour manuelle du schéma ppolicy recommandée"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"La nouvelle version de la surcouche Password Policy (ppolicy – politique de "
+"mot de passe) nécessite que le schéma définisse le type d'attribut "
+"pwdMaxRecordedFailure qui n'est pas présent dans le schéma actuel. Il est "
+"recommandé d'abandonner la mise à niveau maintenant, et de mettre à jour le "
+"schéma ppolicy avant de mettre à niveau slapd. Si vous utilisez une "
+"réplication, la mise à jour du schéma doit être appliquée sur chaque serveur "
+"avant de poursuivre la mise à niveau."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+"Un fichier LDAP a été créé avec les modifications requises pour la mise à "
+"jour :"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"aussi, si slapd utilise les règles de contrôle d'accès par défaut, ces "
+"modifications peuvent être appliquées (après le démarrage de slapd) avec la "
+"commande :"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Si vous choisissez plutôt de poursuivre l'installation, le nouveau type "
+"d'attribut sera ajouté automatiquement, mais la modification ne sera pas "
+"appliquée par les surcouches de slapd, et la réplication sur d'autres "
+"serveurs peut être affectée."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Faut-il autoriser le protocole LDAPv2 ?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "L'ancien protocole LDAPv2 est désactivé dans slapd. Il est conseillé de "
+#~ "migrer les programmes et les utilisateurs vers la version LDAPv3. Si vous "
+#~ "utilisez d'anciens programmes qui ne gèrent pas encore LDAPv3, vous "
+#~ "devriez choisir cette option, ce qui ajoutera l'option « allow bind_v2 » "
+#~ "au fichier slapd.conf."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "Programme slurpd obsolète : reconfiguration manuelle des réplicats"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Une ou plusieurs options « replica » de slurpd ont été trouvée dans le "
+#~ "fichier de configuration lors de la mise à niveau. Le programme slurpd "
+#~ "est obsolète à partir de la version 2.4 d'OpenLDAP et il est nécessaire "
+#~ "de migrer les réplicats pour qu'ils utilisent le protocole syncrepl à la "
+#~ "place."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Cette conversion ne peut se faire automatiquement et vous devez "
+#~ "configurer les serveurs réplicats vous-même. Veuillez consulter http://"
+#~ "www.openldap.org/doc/admin24/syncrepl.html pour plus d'informations."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Changement des valeurs possibles pour « TLSCipherSuite »"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "L'option « TLSCipherSuite » a été trouvée dans le fichier de "
+#~ "configuration de slapd lors de la mise à niveau. Les valeurs possibles "
+#~ "pour cette option dépendent de l'implémentation de SSL qui est utilisée. "
+#~ "Comme OpenSSL a été remplacé par GnuTLS, les réglages actuels de "
+#~ "« TLSCipherSuite » ne fonctionnent plus avec cette version du paquet."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Ce réglage a été automatiquement mis en commentaire. Si une méthode "
+#~ "spécifique de chiffrement impose de la réactiver, vous devriez consulter "
+#~ "l'affichage de la commande « gnutls-cli -l » du paquet gnutls-bin pour "
+#~ "une liste des méthodes de chiffrement gérées par GnuTLS."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr ""
+#~ "Faut-il sauvegarder l'ancienne base de données et en créer une nouvelle ?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Le suffixe d'annuaire (domaine) indiqué ne correspond pas à celui qui est "
+#~ "actuellement mentionné dans /etc/ldap/slapd.conf. Le changement du "
+#~ "suffixe d'annuaire nécessite de déplacer la base de données actuelle et "
+#~ "d'en créer une nouvelle. Veuillez confirmer si vous voulez délaisser la "
+#~ "base de données actuelle (une sauvegarde sera effectuée)."
diff --git a/debian/po/gl.po b/debian/po/gl.po
new file mode 100644
index 0000000..9ca2f79
--- /dev/null
+++ b/debian/po/gl.po
@@ -0,0 +1,502 @@
+# translation of openldap_2.4.23-2_gl.po to Galician
+# Galician translation of openldap's debconf templates.
+# This file is distributed under the same license as the openldap package.
+#
+# Jacobo Tarrio <jtarrio@debian.org>, 2006.
+# Jorge Barreiro <yortx.barry@gmail.com>, 2010, 2014.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap_2.4.40-2_gl\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2014-11-17 00:40+0100\n"
+"Last-Translator: Jorge Barreiro <yortx.barry@gmail.com>\n"
+"Language-Team: Galician <proxecto@trasno.net>\n"
+"Language: gl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.4\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Omitir a configuración do servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Se escolle esta opción non se creará ningunha configuración ou base de datos "
+"inicial."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "cando se precise"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nunca"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Envorcar as bases de datos a un ficheiro na actualización:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Antes de actualizar a unha nova versión do servidor OpenLDAP, pódense "
+"envorcar os datos dos seus directorios LDAP a ficheiros de texto normal no "
+"formato estándar LDIF, formato de intercambio de datos LDAP."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"A opción «sempre» fará que as bases de datos se envorquen incondicionalmente "
+"antes dunha actualización. Se escolle «cando se precise» só se ha envorcar a "
+"base de datos se a nova versión é incompatíbel co formato antigo da base de "
+"datos e hai que reimportala. Se escolle «nunca» non se ha envorcar a base de "
+"datos."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directorio para as bases de datos envorcadas:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Especifique o directorio no que se han exportar as bases de datos LDAP. "
+"Neste directorio hanse crear varios ficheiros LDIF que se corresponden coas "
+"bases de busca almacenadas no servidor. Asegúrese de ter espazo libre "
+"dabondo na partición na que reside o directorio. A primeira aparición da "
+"cadea «VERSION» substitúese pola versión do servidor a partires da que se "
+"actualiza."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Trasladar a base de datos antiga?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Aínda hai ficheiros en /var/lib/ldap que probablemente fagan fallar o "
+"proceso de configuración. Se activa esta opción, os «scripts» do mantedor "
+"apartarán os ficheiros da base de datos antiga antes de crear unha nova base "
+"de datos."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Volver tentar a configuración?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"A configuración que introduciu non é válida. Asegúrese de que o nome de "
+"dominio DNS teña unha sintaxe válida, o campo para a organización non quede "
+"baleiro e os contrasinais do administrador coincidan. Se decide non volver "
+"tentar a configuración non se ha configurar o servidor LDAP. Execute «dpkg-"
+"reconfigure slapd» se quere volver a tentalo noutro momento."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nome de dominio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"O nome de dominio DNS emprégase para construír o DN base do directorio LDAP. "
+"Por exemplo, «foo.example.org» creará o directorio con «dc=foo, dc=example, "
+"dc=org» coma DN base."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nome da organización:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Introduza aquí o nome da organización a empregar no DN base do seu "
+"directorio LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Contrasinal do administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Introduza o contrasinal para a entrada do administrador no directorio LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirme o contrasinal:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Volva introducir o contrasinal do administrador do seu directorio LDAP para "
+"comprobar que o introduciu correctamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Contrasinais distintos"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Os dous contrasinais que introduciu non son iguais. Volva tentalo."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Quere que se elimine a base de datos ao purgar slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Fallou a execución de slapcat durante a actualización"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Produciuse un erro ao actualizar o directorio LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"O programa «slapcat» fallou ao extraer o directorio LDAP. Isto pode estar "
+"causado por un ficheiro de configuración incorrecto (por exemplo, se non hai "
+"liñas «moduleload» para o uso da base de datos)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Este fallo fará que «slapadd» tamén falle. Trasladaranse os ficheiros de "
+"base de datos antigos a /var/backups. Se quere volver tentar a "
+"actualización, debería mover os ficheiros da base de datos antiga ao seu "
+"sitio, arranxar o que fixo que fallara slapcat, e executar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Despois volva trasladar os ficheiros da base de datos a unha zona de copias "
+"de seguridade e probe a executar slapadd desde ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Motor de base de datos a empregar:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB e BDB empregan formatos de almacenamento semellantes, pero HDB permite "
+"ademais o cambio de nome de subárbores. Ãmbolos dous permiten usar as mesmas "
+"opcións de configuración."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"Recoméndase o motor MDB. MDB usa un formato de almacenamento novo e precisa "
+"menos configuración que BDB ou HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"En calquera caso, debería revisar que a configuración da base de datos se "
+"axusta ás súas necesidades. Pode obter máis información en /usr/share/doc/"
+"slapd/README.Debian.gz ."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr ""
+"A configuración de control de acceso de slapd é potencialmente insegura"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Polo menos unha das bases de datos configuradas ten unha regra de control de "
+"acceso que permite aos usuarios modificar a maioría dos atributos. Isto pode "
+"ser inseguro dependendo da maneira en que se use a base de datos."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"No caso das regras de acceso de «slapd» que comezan con «to *», "
+"recoméndaselle eliminar calquera instancia de «by self write», de maneira "
+"que os usuarios só poidan modificar os atributos especificamente permitidos."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Pode obter máis información en /usr/share/doc/slapd/README.Debian.gz ."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr ""
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Admitir o protocolo LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "O protocolo obsoleto LDAPv2 está desactivado por defecto en slapd. Os "
+#~ "programas e os usuarios deberíanse actualizar a LDAPv3. Se ten programas "
+#~ "antigos que non poidan empregar LDAPv3 debería escoller esta opción, que "
+#~ "fará que se engada «allow bind_v2» ao ficheiro slapd.conf ."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "¿Facer unha copia da base de datos actual e crear unha nova?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "O sufixo de directorio (dominio) que especificou non coincide co que hai "
+#~ "en /etc/ldap/slapd.conf. Para cambiar o sufixo do directorio hai que "
+#~ "apartar a base de datos LDAP actual e crear unha nova. Confirme se quere "
+#~ "facer unha copia de seguridade da base de datos actual e abandonala."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "slurpd está obsoleto; é preciso reconfigurar as réplicas á man"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Atopouse unha ou máis opcións \"replica\" na configuración de slapd ao "
+#~ "actualizar. Como slurpd está obsoleto a partires de OpenLDAP 2.4, ha ter "
+#~ "que migrar as súas réplicas para que empreguen no seu canto o protocolo "
+#~ "syncrepl."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Non se pode realizar automaticamente a conversión de slurpd ao protocolo "
+#~ "syncrepl baseado en pull, e ha ter que configurar manualmente os seus "
+#~ "servidores réplica. Consulte http://www.openldap.org/doc/admin24/syncrepl."
+#~ "html para máis detalles."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Os valores de TLSCipherSuite cambiaron"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Atopouse unha opción \"TLSCipherSuite\" na configuración de slapd ao "
+#~ "actualizar. Os valores admitidos para esta opción están determinados pola "
+#~ "implementación de SSL en uso, que se cambiou de OpenSSL a GnuTLS. Coma "
+#~ "resultado, a configuración actual de TLSCipherSuite non ha funcionar con "
+#~ "este paquete."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Anulouse cun comentario esta configuración por vostede. Se ten "
+#~ "necesidades de cifrado específicas que precisan de que se volva activar "
+#~ "esta opción, consulte a saída de \"gnutls-cli -l\" no paquete gnutls-bin "
+#~ "para obter a lista de sistemas de cifrado soportados por GnuTLS."
diff --git a/debian/po/it.po b/debian/po/it.po
new file mode 100644
index 0000000..7fbb0a9
--- /dev/null
+++ b/debian/po/it.po
@@ -0,0 +1,447 @@
+# Italian (it) translation of debconf templates for openldap
+# This file is distributed under the same license as the openldap package.
+# Luca Monducci <luca.mo@tiscali.it>, 2007-2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.40-2 italian debconf templates\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-21 11:42+0100\n"
+"Last-Translator: Luca Monducci <luca.mo@tiscali.it>\n"
+"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Omettere la configurazione del server OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Se si accetta, non verranno creati la configurazione iniziale né il database."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "quando necessario"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "mai"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Fare il dump su file dei database prima dell'aggiornamento:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Prima dell'aggiornamento a una nuova versione del server OpenLDAP, è "
+"possibile fare il dump delle proprie directory LDAP in dei semplici file di "
+"testo in formato LDIF (lo standard per lo scambio di dati LDAP)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Selezionando \"sempre\" il dump dei database verrà effettuato prima di ogni "
+"aggiornamento. Con \"quando necessario\" il dump dei database verrà fatto "
+"solo quando la nuova versione è incompatibile con il vecchio formato del "
+"database e quindi deve essere reimportato. Infine con \"mai\" il dump dei "
+"database non verrà mai fatto."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directory per il dump dei database:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Indicare la directory in cui verranno esportati i database LDAP. In questa "
+"directory verrà creato un file LDIF per ogni base di ricerca presente sul "
+"server. Assicurarsi di avere spazio libero sufficiente sulla partizione che "
+"contiene la directory indicata. La prima occorrenza della stringa \"VERSION"
+"\" viene sostituita con la versione del server che si sta aggiornando."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Spostare il vecchio database?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Ci sono ancora dei file in /var/lib/ldap che potrebbero intralciare il "
+"processo di configurazione. Se si accetta, gli script di installazione "
+"toglieranno di mezzo i file dei vecchi database prima di creare il nuovo "
+"database."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Ripetere la configurazione?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"La configurazione inserita non è valida. Assicurarsi che il nome di dominio "
+"DNS sia sintatticamente corretto, che il campo per il nome "
+"dell'organizzazione non sia stato lasciato in bianco e che le password di "
+"amministrazione coincidano. Se si decide di non riprovare la configurazione, "
+"il server LDAP non verrà impostato. In seguito, per riprovare la "
+"configurazione, usare \"dpkg-reconfigure slapd\"."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nome di dominio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Il nome DNS di dominio è usato per costruire la base DN della directory "
+"LDAP. Per esempio con \"pippo.esempio.org\" sarà creata una directory con "
+"\"dc=pippo, dc=esempio, dc=org\" come base DN."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nome dell'organizzazione:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Inserire il nome dell'organizzazione da usare nella base DN della propria "
+"directory LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Password dell'amministratore:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Inserire la password per l'amministrazione della propria directory LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Conferma della password:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Inserire di nuovo la password per l'amministrazione della propria directory "
+"LDAP, per verificare che sia stata digitata correttamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Le password non coincidono"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Le due password inserite non sono uguali; si prega di riprovare."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Eliminare il database in caso di rimozione completa di slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Problema con slapcat durante l'aggiornamento"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr ""
+"Si è verificato un errore durante l'aggiornamento della directory LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Il programma \"slapcat\" ha riportato un errore durante l'estrazione della "
+"directory LDAP. L'errore potrebbe essere causato da un file di "
+"configurazione sbagliato (per esempio, la mancanza delle righe \"moduleload"
+"\" per il supporto al database di backend)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Questo errore provocherà anche il successivo fallimento di \"slapadd\". I "
+"file del vecchio database saranno spostati in /var/backups. Per riprovare "
+"l'aggiornamento è necessario riportare i file nella posizione originale, "
+"correggere ciò che ha causato il fallimento di slapcat ed eseguire:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Poi spostare i file del database in un'area di backup e provare a eseguire "
+"slapadd da ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Database di backend da usare:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB e BDB usano un formato di memorizzazione simile ma HDB dispone in più "
+"del supporto per rinominare i sottoalberi. Entrambi hanno le stesse opzioni "
+"da configurare."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"Si raccomanda MDB come backend. MDB usa un formato di memorizzazione nuovo e "
+"richiede la configurazione di un minor numero di opzioni rispetto a BDB e "
+"HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"In ogni caso è opportuno rivedere la configurazione del database in base "
+"alle proprie necessità. Consultare /usr/share/doc/slapd/README.Debian.gz per "
+"maggiori informazioni."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Configurazione degli accessi di slapd potenzialmente non sicura"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Uno o più dei database configurati hanno una regola di accesso che permette "
+"agli utenti di modificare la maggior parte dei propri attributi. Ciò è non "
+"sicuro, il livello di pericolosità dipende da qual è l'uso del database."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"Se esistono regole di accesso che iniziano con \"to *\", si raccomanda di "
+"togliere tutti i \"by self write\" in modo che gli utenti possano modificare "
+"solo gli attributi a loro consentiti."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Consultare /usr/share/doc/slapd/README.Debian.gz per maggiori informazioni."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "interrompi l'installazione"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "continua comunque"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Aggiornamento manuale dello schema ppolicy"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"La nuova versione dell'overlay Password Policy (ppolicy) richiede la "
+"definizione nello schema del tipo di attributo pwdMaxRecordedFailure il "
+"quale non è presente nello schema attualmente in uso. Si raccomanda di "
+"interrompere adesso l'aggiornamento e di preparare lo schema ppolicy prima "
+"di aggiornare slapd. Nel caso si utilizzi la replica, occorre preparare lo "
+"schema su ogni server prima di continuare con l'aggiornamento."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr "È stato generato un file LDIF con le necessarie modifiche allo schema:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"se slapd sta usando le regole di controllo d'accesso predefinite, le "
+"modifiche possono essere applicate (dopo aver avviato slapd) usando il "
+"comando:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Nel caso si decida di continuare l'installazione, il nuovo tipo di attributo "
+"verrà aggiunto automaticamente ma la modifica non agirà sul funzionamento "
+"degli overlay di slapd e potrebbe influenzare la replica con altri server."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Abilitare il protocollo LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Con la configurazione predefinita di slapd il vecchio protocollo LDAPv2 è "
+#~ "disabilitato. I programmi e gli utenti dovrebbero aggiornarsi a LDAPv3. "
+#~ "Se si usa qualche vecchio programma che non può usare LDAPv3, si dovrebbe "
+#~ "accettare in modo da aggiungere \"allow bind_v2\" al file di "
+#~ "configurazione slapd.conf."
diff --git a/debian/po/ja.po b/debian/po/ja.po
new file mode 100644
index 0000000..4c06f8e
--- /dev/null
+++ b/debian/po/ja.po
@@ -0,0 +1,427 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-15 13:46+0900\n"
+"Last-Translator: Kenshi Muto <kmuto@debian.org>\n"
+"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
+"Language: ja\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "OpenLDAP サーãƒã®è¨­å®šã‚’çœç•¥ã—ã¾ã™ã‹?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr "ã“ã“ã§ã€Œã¯ã„ã€ã‚’é¸ã¶ã¨ã€åˆæœŸè¨­å®šã‚„データベースã¯ä½œæˆã•ã‚Œã¾ã›ã‚“。"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "常ã«"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "å¿…è¦ãªã¨ãã«"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "è¡Œã‚ãªã„"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "更新時ã«ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’ファイルã«ãƒ€ãƒ³ãƒ—:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"OpenLDAP サーãƒã®æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¸ã®æ›´æ–°ã®å‰ã«ã€LDAP ディレクトリã®ãƒ‡ãƒ¼ã‚¿"
+"ã‚’ã€æ¨™æº– LDAP データ交æ›ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã®ãƒ—レインテキストファイルã«ãƒ€ãƒ³ãƒ—ã§ãã¾"
+"ã™ã€‚"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"「常ã«ã€ã‚’é¸ã¶ã¨ã€ç„¡æ¡ä»¶ã«æ›´æ–°ã®å‰ã«ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’ダンプã™ã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚"
+"「必è¦ãªã¨ãã«ã€ã‚’é¸ã¶ã¨ã€æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒå¤ã„データベースフォーマットã¨éž"
+"互æ›ã§ã€å†ã‚¤ãƒ³ãƒãƒ¼ãƒˆãŒå¿…è¦ãªã¨ãã«ã€ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’ダンプã—ã¾ã™ã€‚「行ã‚ãªã„ã€"
+"ã‚’é¸ã¶ã¨ã€ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã®ãƒ€ãƒ³ãƒ—ã‚’è¡Œã„ã¾ã›ã‚“。"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "データベースã®ãƒ€ãƒ³ãƒ—ã«ä½¿ã†ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒª:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"LDAP データベースをエキスãƒãƒ¼ãƒˆã™ã‚‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’指定ã—ã¦ãã ã•ã„。ã“ã®ãƒ‡ã‚£ãƒ¬"
+"クトリã®ä¸­ã«ã¯ã€ã‚µãƒ¼ãƒä¸Šã«é…ç½®ã•ã‚ŒãŸæ¤œç´¢ãƒ™ãƒ¼ã‚¹ã«é–¢é€£ã™ã‚‹ã„ãã¤ã‹ã® LDIF ファ"
+"イルãŒä½œæˆã•ã‚Œã¾ã™ã€‚ディレクトリを格ç´ã™ã‚‹ãƒ‘ーティションã«å分ãªç©ºã領域ãŒã‚"
+"ã‚‹ã“ã¨ã‚’確èªã—ã¦ãã ã•ã„。最åˆã«å‡ºç¾ã™ã‚‹æ–‡å­—列 \"VERSION\" ã¯ã€æ›´æ–°å¯¾è±¡ã®ã‚µãƒ¼"
+"ãƒã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™ã€‚"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "å¤ã„データベースを移動ã—ã¾ã™ã‹?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"ãŠãらã設定手順を壊ã™ã¨æ€ã‚れるファイルãŒã€/var/lib/ldap ã«ã¾ã ã‚ã‚Šã¾ã™ã€‚ã“"
+"ã®é¸æŠžè‚¢ã§ã€Œã¯ã„ã€ã‚’é¸ã¶ã¨ã€ãƒ¡ãƒ³ãƒ†ãƒŠã‚¹ã‚¯ãƒªãƒ—トã¯æ–°ã—ã„データベースを作æˆã™ã‚‹"
+"å‰ã«å¤ã„データベースファイルを別ã®å ´æ‰€ã«ç§»å‹•ã—ã¾ã™ã€‚"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "設定をå†è©¦è¡Œã—ã¾ã™ã‹?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"入力ã•ã‚ŒãŸè¨­å®šã¯ç„¡åŠ¹ã§ã™ã€‚DNS ドメインåãŒæœ‰åŠ¹ãªæ–‡æ³•ã«ãªã£ã¦ã„ã‚‹ã“ã¨ã€çµ„ç¹”å"
+"ã®ãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰ãŒç©ºã«ãªã£ã¦ã„ãªã„ã“ã¨ã¨ã€ç®¡ç†è€…パスワードãŒåˆã£ã¦ã„ã‚‹ã“ã¨ã‚’確èª"
+"ã—ã¦ãã ã•ã„。設定をå†è©¦è¡Œã—ãªã„ã¨ã€LDAP サーãƒã¯ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ã•ã‚Œã¾ã›ã‚“。ã‚ã¨"
+"ã§å†è©¦è¡Œã™ã‚‹ã¨ãã«ã¯ã€\"dpkg-reconfigure slapd\" を実行ã—ã¦ãã ã•ã„。"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS ドメインå:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNS ドメインå㯠LDAP ディレクトリã®ãƒ™ãƒ¼ã‚¹ DN ã‚’å½¢æˆã™ã‚‹ã®ã«ä½¿ã‚ã‚Œã¾ã™ã€‚ãŸã¨"
+"ãˆã°ã€'foo.example.org' ã¯ã€ãƒ™ãƒ¼ã‚¹ DN ã¨ã—㦠'dc=foo, dc=example, dc=org' ã®"
+"ディレクトリを作æˆã—ã¾ã™ã€‚"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "組織å:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr "LDAP ディレクトリã®ãƒ™ãƒ¼ã‚¹ DN 内ã§ä½¿ã†çµ„ç¹”ã®åå‰ã‚’入力ã—ã¦ãã ã•ã„。"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "管ç†è€…ã®ãƒ‘スワード:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"ã‚ãªãŸã® LDAP ディレクトリã§ã®ç®¡ç†è€…エントリã®ãƒ‘スワードを入力ã—ã¦ãã ã•ã„。"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "パスワードã®ç¢ºèª:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"æ­£ã—ãタイプã—ãŸã‹ã®ç¢ºèªã®ãŸã‚ã«ã€å…ˆã»ã©å…¥åŠ›ã—ãŸã®ã¨åŒã˜ LDAP ディレクトリ用"
+"ã® admin ã®ãƒ‘スワードをå†åº¦å…¥åŠ›ã—ã¦ãã ã•ã„。"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "パスワードãŒåˆè‡´ã—ã¾ã›ã‚“"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "2回入力ã•ã‚ŒãŸãƒ‘スワードã¯åŒã˜ã§ã¯ã‚ã‚Šã¾ã›ã‚“。å†åº¦å…¥åŠ›ã—ã¦ãã ã•ã„。"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "slapd をパージã—ãŸã¨ãã«ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’削除ã—ã¾ã™ã‹?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "更新中㫠slapcat ãŒå¤±æ•—"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "LDAP ディレクトリã®æ›´æ–°ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"LDAP ディレクトリã®å±•é–‹ä¸­ã« 'slapcat' プログラムãŒå¤±æ•—ã—ã¾ã—ãŸã€‚ã“ã‚Œã¯ä¸æ­£ãª"
+"設定ファイル (ãŸã¨ãˆã°ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã® "
+"'moduleload' è¡ŒãŒãªã„ãªã©) ã«ã‚ˆã£ã¦å¼•ãèµ·ã“ã•ã‚ŒãŸå¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚"
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"ã“ã®å¤±æ•—ã¯ã€å¾Œã§ 'slapadd' を失敗ã•ã›ã‚‹ã“ã¨ã«ãªã‚Šã¾ã™ã€‚å¤ã„データベースファイ"
+"ル㯠/var/backups ã«ç§»å‹•ã•ã‚Œã¾ã™ã€‚æ›´æ–°ã‚’å†è©¦è¡Œã—ãŸã„ã®ã§ã‚ã‚Œã°ã€å¤ã„データ"
+"ベースファイルを元ã®å ´æ‰€ã«æˆ»ã—㦠slapcat ãŒå¤±æ•—ã™ã‚‹åŽŸå› ã‚’修正ã—ã€æ¬¡ã®ã‚ˆã†ã«å®Ÿ"
+"è¡Œã—ã¾ã™:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"ãã—ã¦ã€ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—領域ã«æˆ»ã—ã€slapadd ã‚’ ${location} "
+"ã‹ã‚‰å®Ÿè¡Œã—ã¦ã¿ã¾ã™ã€‚"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "利用ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB 㨠BDB ã¯ä¼¼ãŸã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚’使ã„ã¾ã™ãŒã€HDB ã«ã¯ã‚µãƒ–ツリーã®åå‰"
+"変更ã®ã‚µãƒãƒ¼ãƒˆãŒåŠ ã‚ã£ã¦ã„ã¾ã™ã€‚å…±ã«ã€åŒã˜è¨­å®šã‚ªãƒ—ションをサãƒãƒ¼ãƒˆã—ã¾ã™ã€‚"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"MDB ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚MDB ã¯æ–°ã—ã„ストレージフォーマットを採用ã—ã¦"
+"ãŠã‚Šã€BDB ã‚„ HDB よりも少ãªã„設定ã§æ¸ˆã¿ã¾ã™ã€‚"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"ã„ãšã‚Œã®å ´åˆã§ã‚‚ã€å¿…è¦ã«å¿œã˜ã¦ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹è¨­å®šã®çµæžœã‚’å†ç¢ºèªã™ã¹ãã§ã™ã€‚詳細"
+"ã«ã¤ã„ã¦ã¯ /usr/share/doc/slapd/README.Debian.gz ã‚’å‚ç…§ã—ã¦ãã ã•ã„。"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "潜在的ã«å®‰å…¨ã§ãªã„ slapd ã®ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡è¨­å®šã§ã™"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"設定ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã«ã¯ã€ãƒ¦ãƒ¼ã‚¶ã«è‡ªèº«ã®å±žæ€§ã®ã»ã¨ã‚“ã©ã®å¤‰æ›´ã‚’許容ã™ã‚‹ 1 ã¤"
+"以上ã®ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ãƒ«ãƒ¼ãƒ«ãŒã‚ã‚Šã¾ã™ã€‚ã“ã‚Œã¯ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã®ä½¿ã„よã†ã«ã‚ˆã£ã¦ã¯å®‰"
+"å…¨ã§ãªã„å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚"
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"\"to *\" ã§å§‹ã¾ã‚‹ slapd アクセスルールãŒã‚ã‚‹å ´åˆã€å„ \"by self write\" 記述を"
+"削除ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ãã†ã™ã‚Œã°ã€ãƒ¦ãƒ¼ã‚¶ãŒå¤‰æ›´ã§ãã‚‹ã®ã¯æ˜Žç¤ºçš„ã«è¨±å¯ã•"
+"ã‚ŒãŸå±žæ€§ã®ã¿ã«ãªã‚Šã¾ã™ã€‚"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"詳細ã«ã¤ã„ã¦ã¯ /usr/share/doc/slapd/README.Debian.gz ã‚’å‚ç…§ã—ã¦ãã ã•ã„。"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "インストールã®ä¸­æ­¢"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "ã‹ã¾ã‚ãšç¶šã‘ã‚‹"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "手動㮠ppolicy スキーマ更新ã®æŽ¨å¥¨"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Password Policy (ppolicy) オーãƒãƒ¬ã‚¤ã®æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯ã€ç¾åœ¨ä½¿ç”¨ã—ã¦ã„るス"
+"キーマã«å­˜åœ¨ã—ãªã„ pwdMaxRecordedFailure 属性型をスキーマã«å®šç¾©ã™ã‚‹å¿…è¦ãŒã‚ã‚Š"
+"ã¾ã™ã€‚アップグレードを今ã™ã中止ã—ã€slapd をアップグレードã™ã‚‹å‰ã« ppolicy ス"
+"キーマを更新ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚レプリケーションãŒä½¿ã‚ã‚Œã¦ã„ã‚‹å ´åˆã€ã“ã®"
+"アップグレードを続ã‘ã‚‹å‰ã«ã‚¹ã‚­ãƒ¼ãƒžã®æ›´æ–°ã‚’å„サーãƒã«é©ç”¨ã—ã¦ãŠãã¹ãã§ã™ã€‚"
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr "アップグレードã«å¿…è¦ãªå¤‰æ›´ä»˜ãã® LDIF ファイルãŒç”Ÿæˆã•ã‚Œã¾ã—ãŸ:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"slapd ãŒãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ãƒ«ãƒ¼ãƒ«ã‚’使ã£ã¦ã„ã‚‹ã®ã§ã‚ã‚Œã°ã€ã“れらã®å¤‰æ›´ã¯ "
+"(slapd ãŒé–‹å§‹ã—ãŸå¾Œã«) 以下ã®ã‚³ãƒžãƒ³ãƒ‰ã«ã‚ˆã£ã¦é©ç”¨ã§ãã¾ã™:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"インストールを続ã‘ã‚‹ã“ã¨ã‚’é¸ã¶ã¨ã€æ–°ã—ã„属性型ã¯è‡ªå‹•çš„ã«è¿½åŠ ã•ã‚Œã¾ã™ãŒã€ã“ã®"
+"変更㯠slapd オーãƒãƒ¬ã‚¤ã§å®Ÿè¡Œã•ã‚Œãšã€ä»–ã®ã‚µãƒ¼ãƒã¨ã®ãƒ¬ãƒ—リケーションã«å½±éŸ¿ã™ã‚‹"
+"å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚"
diff --git a/debian/po/nl.po b/debian/po/nl.po
new file mode 100644
index 0000000..a02b7bf
--- /dev/null
+++ b/debian/po/nl.po
@@ -0,0 +1,462 @@
+# Dutch translation of openldap debconf templates.
+# Copyright (C) 2008-2011 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the openldap package.
+# Bart Cornelis <cobaco@skolelinux.no>, 2008.
+# Jeroen Schot <schot@a-eskwadraat.nl>, 2011.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014, 2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-12 14:24+0100\n"
+"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
+"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Gtranslator 2.91.6\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Wilt u het configureren van de OpenLDAP-server overslaan?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Wanneer u deze optie kiest, worden er geen initiële configuratie en databank "
+"voor u aangemaakt."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "altijd"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "wanneer nodig"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nooit"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Bij de opwaardering de databanken exporteren naar bestand:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Vooraleer een opwaardering naar een nieuwe versie van de OpenLDAP-server "
+"uitgevoerd wordt, kunnen de data in uw LDAP-catalogi geëxporteerd worden "
+"naar een gewoon tekstbestand in LDIF-indeling (dit is het gestandaardiseerde "
+"'LDAP Data Interchange Format')."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Wanneer u 'altijd' selecteert, worden de databanken voor elke opwaardering "
+"onvoorwaardelijk naar een bestand geëxporteerd. Wanneer u 'wanneer nodig' "
+"selecteert, worden de databanken enkel geëxporteerd wanneer de nieuwe "
+"databank-indeling incompatibel is met de oude indeling en de data opnieuw "
+"geïmporteerd moeten worden. Wanneer u 'nooit' kiest wordt er geen databank-"
+"export gemaakt."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Voor databank-exports te gebruiken map:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Geef de map op waarnaar LDAP-databanken geëxporteerd moeten worden. In deze "
+"map worden verschillende LDIF-bestanden aangemaakt die overeenkomen met de "
+"zoekbasissen op de server. U dient ervoor te zorgen dat u genoeg vrije "
+"ruimte heeft op de partitie waar de map zich bevindt. Het eerste voorkomen "
+"van de tekst 'VERSION' wordt vervangen door de server-versie vanwaar u "
+"opwaardeert."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Wilt u de oude databank verplaatsen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Er bevinden zich nog bestanden in /var/lib/ldap die het configuratieproces "
+"waarschijnlijk zullen verstoren. Als u voor deze optie kiest, zullen de "
+"scripts van de pakketbeheerder de oude databankbestanden wegzetten voordat "
+"ze de nieuwe databank aanmaken."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Configuratie opnieuw proberen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"De door u ingevoerde configuratie is ongeldig. Zorg ervoor dat: de DNS-"
+"domeinnaam een geldige syntaxis heeft, het veld voor de organisatie niet "
+"leeg is, en de beheerderswachtwoorden overeenkomen. Wanneer u ervoor kiest "
+"om de configuratie niet opnieuw te proberen, wordt uw LDAP-server niet "
+"ingesteld. U kunt later altijd 'dpkg-reconfigure slapd' uitvoeren om de "
+"configuratie opnieuw te proberen. "
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-domeinnaam:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"De DNS-domeinnaam wordt gebruikt als de basis-DN van uw LDAP-catalogus. foo."
+"example.org invoeren geeft u de basis-DN dc=foo, dc=example, dc=org."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Organisatienaam:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Geef op welke organisatienaam gebruikt moet worden in de basis-DN van uw "
+"LDAP-catalogus."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Beheerderswachtwoord:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Gelieve het wachtwoord op te geven voor het beheerdersaccount in uw LDAP-"
+"catalogus."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Bevestig het wachtwoord:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Gelieve het beheerderswachtwoord van uw LDAP-catalogus nogmaals in te tikken "
+"(dit om tikfouten tegen te gaan)."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Wachtwoorden komen niet overeen"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"De twee door u ingevoerde wachtwoorden kwamen niet overeen. Gelieve nogmaals "
+"te proberen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Wilt u dat de databank verwijderd wordt wanneer slapd gewist wordt?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat gaf een fout tijdens de opwaardering"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr ""
+"Er is een fout opgetreden tijdens het opwaarderen van uw LDAP-catalogus."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Bij het uitpakken van de LDAP-catalogus signaleerde het programma 'slapcat' "
+"een fout. Dit kan veroorzaakt worden door een onjuist configuratiebestand "
+"(bv. het ontbreken van 'moduleload'-regels voor het ondersteunen van de "
+"backenddatabank)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Deze mislukking zorgt ervoor dat 'slapadd' zo meteen ook mislukt. De oude "
+"databankbestanden worden verplaatst naar /var/backups . Als u deze "
+"opwaardering opnieuw wilt proberen, dient u eerst de oude databankbestanden "
+"terug te plaatsen, daarna de oorzaak van het mislukken van slapcat op te "
+"lossen, en tenslotte de volgende opdracht uit te voeren:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Vervolgens verplaatst u de databankbestanden terug naar de reservekopie-map "
+"en probeert u slapadd uit te voeren vanaf ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Te gebruiken databankbackend:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB en BDB gebruiken een gelijkaardige opslagindeling, maar HDB ondersteunt "
+"ook het hernoemen van deelbomen. Beide ondersteunen dezelfde "
+"configuratieopties."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"Het MDB-backend is de aanbevolen keuze. MDB maakt gebruik van een nieuw "
+"opslagformaat en vraagt minder configuratie dan BDB of HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"In elk geval is het een goed idee om te controleren of de resulterende "
+"databankconfiguratie aan uw noden voldoet. Meer informatie vindt u in /usr/"
+"share/doc/slapd/README.Debian.gz."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "De configuratie van de slapd-toegangscontrole is mogelijk onveilig"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Een of meer van de geconfigureerde databanken gebruikt bij de "
+"toegangscontrole een regel die gebruikers toelaat om het grootste deel van "
+"hun eigen attributen te wijzigen. Afhankelijk van de wijze waarop de "
+"databank gebruikt wordt, is dit mogelijk onveilig."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"In het geval er slapd-toegangsregels van toepassing zijn die met \"to *\" "
+"beginnen, wordt aanbevolen om elk voorkomen van \"by self write\" te "
+"verwijderen, waardoor gebruikers enkel die attributen kunnen wijzigen "
+"waarvoor dit expliciet toegestaan wordt."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Raadpleeg /usr/share/doc/slapd/README.Debian.gz voor meer details."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "de installatie afbreken"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "desondanks toch voortgaan"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Het handmatig bijwerken van het ppolicy schema wordt aanbevolen"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"De nieuwe versie van de Password Policy (ppolicy) overlay vereist dat het "
+"schema het attribuuttype pwdMaxRecordedFailure definieert, maar dit komt "
+"niet voor in het schema dat momenteel in gebruik is. Het wordt aanbevolen om "
+"de opwaardering nu af te breken en het ppolicy-schema bij te werken "
+"vooraleer slapd opgewaardeerd wordt. Indien replicatie toegepast wordt, moet "
+"het bijwerken van het schema op elke server uitgevoerd worden voor u "
+"voortgaat met de opwaardering."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+"Er werd een LDIF-bestand gegenereerd met de voor de opwaardering vereiste "
+"wijzigingen:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"dus als slapd de standaardregels voor toegangscontrole gebruikt, kunnen deze "
+"wijzigingen toegepast worden door (na het starten van slapd) de volgende "
+"opdracht uit te voeren:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Indien u er integendeel voor kiest de installatie voort te zetten, zal het "
+"nieuwe attribuuttype automatisch toegevoegd worden, maar zullen de slapd-"
+"overlays geen rekening houden met de aanpassing en dit kan de replicatie met "
+"andere servers beïnvloeden."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "LDAPv2-protocol toelaten?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Het verouderde LDAPv2-protocol is standaard uitgeschakeld in slapd. "
+#~ "Programma's en gebruikers dienen op te waarderen naar LDAPv3. Als u oude "
+#~ "programma's heeft die geen LDAPv3 aankunnen, dient u deze optie te kiezen "
+#~ "(hierdoor wordt 'allow bind_v2' toegevoegd aan uw 'slapd.conf'-bestand)."
diff --git a/debian/po/pt.po b/debian/po/pt.po
new file mode 100644
index 0000000..3dd6172
--- /dev/null
+++ b/debian/po/pt.po
@@ -0,0 +1,537 @@
+# Portuguese translation for openldap debconf messages.
+# Copyright (C) Tiago Fernandes <tjg.fernandes@gmail.com>, 2006
+# This file is distributed under the same license as the openldap package.
+#
+# Tiago Fernandes <tjg.fernandes@gmail.com>, 2006,2008,2010.
+# Rui Branco - DebianPT <ruipb@debianpt.org>, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-3\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-04-10 22:08+0000\n"
+"Last-Translator: Rui Branco - DebianPT <ruipb@debianpt.org>\n"
+"Language-Team: Portuguese <traduz@debianpt.org>\n"
+"Language: pt\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2;\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Omitir a configuração do servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Se activar esta opção, não será criada inicialmente uma configuração ou base "
+"de dados para si."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "quando necessário"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nunca"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Despejar as bases de dados para ficheiro durante a actualização:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Antes de actualizar para uma nova versão do servidor OpenLDAP, os dados dos "
+"seu directórios LDAP podem ser despejados para ficheiros de texto simples no "
+"formato padronizado LDAP Data Interchange Format."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Seleccionar \"sempre\" fará com as bases de dados sejam despejadas "
+"incondicionalmente antes de uma actualização. Seleccionar \"quando necessário"
+"\" irá apenas despejar a base de dados se a nova versão for incompatível com "
+"o formato da base de dados antiga e for necessário reimportar-la. Se "
+"seleccionar \"nunca\", não será feito qualquer despejo."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directório a utilizar para bases de dados despejadas:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Por favor, especifique o directório para onde as bases de dados LDAP serão "
+"exportadas. Dentro deste directório serão criados vários ficheiros LDIF que "
+"correspondem às bases de pesquisas localizadas no servidor. Assegure-se que "
+"tem espaço livre suficiente na partição onde se encontra o directório. A "
+"primeira ocorrência da string \"VERSION\" é substituída com a versão do "
+"servidor que está a actualizar."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Mover a base de dados antiga?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Ainda existem ficheiros em /var/lib/ldap que provavelmente irão parar o "
+"processo de configuração. Se activar esta opção, os scripts do maintainer "
+"irão mover os ficheiros antigos da base de dados para fora do caminho, antes "
+"de criar a nova base de dados."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Tentar novamente a configuração?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"A configuração que inseriu é inválida. Assegure-se que o nome do domínio DNS "
+"tem uma sintaxe válida, que a organização é preenchida e que as palavras-"
+"chave de administrador coincidem. Se decidir não tentar novamente a "
+"configuração, o servidor de LDAP não ficará configurado. Corra \"dpkg-"
+"reconfigure slapd\" se quiser tentar novamente mais tarde."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nome do domínio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"O nome do domínio DNS é usado para construir o DN base do seu directório "
+"LDAP. Por exemplo, 'foo.exemplo.org' irá criar o directório com 'dc=foo,"
+"dc=exemplo,dc=org' como DN base."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nome da Organização:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Por favor, insira o nome da organização a usar, no DN base do seu directório "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Palavra-passe do administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Por favor, insira a palavra-passe para a entrada admin do seu directório "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirme a palavra-passe:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Por favor introduza novamente a palavra-passe de admin do seu directório "
+"LDAP, para verificar se a introduziu correctamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "A palavra-passe não coincide"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"As duas palavra-passe que você introduziu não são iguais. Por favor, tente "
+"novamente."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Quer que a base de dados seja removida quando o slapd for purgado?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Falha do slapcat durante a actualização"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Ocorreu um erro durante a actualização do directório LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"O programa 'slapcat' falhou enquanto extraía o directório LDAP. Isto pode "
+"ter sido causado por um ficheiro de configuração incorrecto (por exemplo, "
+"linhas 'moduleload' em falta para suportar o backend da base de dados)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Esta falha irá fazer com que o 'slapadd' falhe também mais tarde. Os "
+"ficheiros antigos da base de dados serão movidos para /var/backups. Se "
+"quiser tentar novamente esta actualização, deverá mover os ficheiros antigos "
+"da base de dados antiga de volta para o seu lugar, corrigir o que possa ter "
+"causado a falha do slapcat, e executar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Depois mova os ficheiros da base de dados de volta para a área de backup e a "
+"seguir tente correr o slapadd a partir de ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Backend a usar para a base de dados:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB e BDB usam formatos similares de armazenamento, mas o HDB adiciona "
+"suporte para renomeação de sub-árvores. Ambos suportam as mesmas opções de "
+"configuração."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"É recomendado o backend MDB. MDB utiliza um novo formato de armazenamento e "
+"requer menos configurações do que BDB ou HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Em qualquer caso, deverá rever a configuração da base de dados resultante, "
+"para as suas necessidades. Ver /usr/share/doc/slapd/README.Debian.gz para "
+"mais detalhes."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Configuração de controlo de acesso ao slapd potencialmente insegura"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Uma ou mais das bases de dados configuradas têm uma regra de controlo de "
+"acesso que permite os utilizadores modificarem os seus próprios atributos. "
+"Isto pode ser inseguro, dependendo de como a base de dados é utilizada."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"No caso das regras de acesso do slapd que começam com \" até *\", é "
+"recomendado que se remova qualquer instância de \"by self write\", de "
+"maneira a que os utilizadores possam modificar especificamente atributos "
+"permitidos."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Ver /usr/share/doc/slapd/README.Debian.gz para mais detalhes."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "abortar a instalação"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "continuar de qualquer forma "
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Recomendada actualização manual do esquema ppolicy"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"A nova versão do overlay da politica de palavra-chave (ppolicy) requer ao "
+"esquema que seja definida um tipo de atributo pwdMaxRecordedFailure, o qual "
+"não está presente no esquema em uso. É recomendadoabortar a instalação neste "
+"momento, e actualizar o esquema ppolicy antes de actualizar o slapd. Se a "
+"replicação está em uso, a actualização do esquema deverá ser efectuada em "
+"cada servidor antes de continuar a actualização."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+"Um ficheiro LDIF foi criado com as alterações requeridas para a actualização:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"assim se o slapd estiver a usar as regras de controlo de acesso por "
+"predefinição, estas alterações podem ser aplicadas (depois de iniciar o "
+"slapd) ao usar o seguinte comando:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Se escolher continuar a instalação, o novo tipo de atributo será "
+"automaticamente adicionado, mas a alteração não terá efeito nos overlays "
+"slapd, e replicação com outros servidores pode ser afectada."
+
+#~ msgid ""
+#~ "In the version of slapd about to be installed, the ppolicy overlay "
+#~ "requires the new pwdMaxRecordedFailure attribute to be defined in the "
+#~ "ppolicy schema. The schema contained in the cn=config database does not "
+#~ "currently include this attribute."
+#~ msgstr ""
+#~ "Na versão do slapd prestes a ser instalada, o 'overlay' ppolicy requer a "
+#~ "definição de um novo atributo pwdMaxRecordedFailure no esquema ppolicy. "
+#~ "O esquema contido na base de dados cn=config não inclui actualmente este "
+#~ "atributo."
+
+#~ msgid ""
+#~ "The ppolicy schema can be updated by applying the changes found in the "
+#~ "following LDIF file:"
+#~ msgstr ""
+#~ "O esquema ppolicy pode ser actualizado aplicando as alterações "
+#~ "encontradas no seguinte ficheiro LDIF:"
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Permitir o protocolo LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "O protocolo obsoleto LDAPv2 está desactivado por pré-definição no slapd. "
+#~ "Os programas e utilizadores devem actualizar para LDAPv3. Se tiver "
+#~ "programas antigos que não conseguem usar LDAPv3, deverá seleccionar esta "
+#~ "opção e será adicionado 'allow bind_v2' ao seu ficheiro slapd.conf."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "o slurpd está obsoleto; as réplicas terão de ser configuradas á mão"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Foi encontrada, durante a actualização, uma ou mais opções \"replica\" do "
+#~ "slurpd na sua configuração do slapd. Devido ao slurpd estar obsoleto a "
+#~ "partir do OpenLDAP 2.4, terá de migrar as suas réplicas para usar o "
+#~ "protocolo syncrepl, em seu lugar."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "A conversão do slurpd para o protocolo syncrepl (pull-based) não poderá "
+#~ "ser feita automaticamente e terá de configurar manualmente os seus "
+#~ "servidores replicados. Por favor, para mais detalhes veja http://www."
+#~ "openldap.org/doc/admin24/syncrepl.html ."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Os valores para TLSCipherSuite foram alterados"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Durante a actualização a opção \"TLSCipherSuite\" foi encontrada na "
+#~ "configuração do seu slapd. Os valores permitidos para esta opção são "
+#~ "determinados pela implementação SSL usada, a qual foi alterada de OpenSSL "
+#~ "para GnuTLS. Como resultado, a sua actual opção TLSCipherSuite não irá "
+#~ "funcionar com este pacote."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Esta opção foi comentada automaticamente para si. Se tiver necessidades "
+#~ "específicas de encriptação que necessitem que esta opção seja reactivada, "
+#~ "veja o output de 'gnutls-cli -l' que existe no pacote gnutls-bin, para "
+#~ "obter a lista de cifras suportadas pelo GnuTLS."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Fazer cópia de segurança da base de dados actual e criar uma nova?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "O sufixo de directório (domínio) que especificou não coincide com o "
+#~ "actual em /etc/ldap/slapd.conf. Alterar o sufixo do directório requer "
+#~ "mover para outro local a actual base de dados LDAP e criar uma nova. Por "
+#~ "favor, confirme se deseja fazer cópia de segurança e abandonar a base de "
+#~ "dados actual."
diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po
new file mode 100644
index 0000000..86e8ac2
--- /dev/null
+++ b/debian/po/pt_BR.po
@@ -0,0 +1,526 @@
+# openldap Brazilian Portuguese translation
+# Copyright (C) 2007 THE openldap'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the openldap package.
+# André Luís Lopes <andrelop@debian.org>, 2003-2006.
+# Felipe Augusto van de Wiel (faw) <faw@debian.org>, 2007.
+# Steve Langasek <vorlon@debian.org>, 2008.
+# Eder L. Marques (frolic) <frolic@debian-ce.org>, 2008.
+# Adriano Rafael Gomes <adrianorg@debian.org>, 2011-2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-10 10:28-0200\n"
+"Last-Translator: Adriano Rafael Gomes <adrianorg@debian.org>\n"
+"Language-Team: l10n Portuguese <debian-l10n-portuguese@lists.debian.org>\n"
+"Language: pt_BR\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Omitir a configuração do servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Se você habilitar esta opção, nenhuma configuração inicial ou base de dados "
+"será criada para você."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "quando necessário"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nunca"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Descarregar as bases de dados para arquivos na atualização:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Antes de atualizar para uma nova versão do servidor OpenLDAP, os dados dos "
+"seus diretórios LDAP podem ser descarregados em arquivos texto plano no "
+"formato padrão \"LDAP Interchange Format\" (Formato de Intercâmbio LDAP)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Selecionar \"sempre\" fará com que as bases de dados sejam descarregadas "
+"incondicionalmente antes de atualizar. Selecionar \"quando necessário\" só "
+"descarregará a base de dados se a nova versão for incompatível com o formato "
+"da antiga base de dados e tiver que ser importada novamente. Se você "
+"selecionar \"nunca\", nenhum descarregamento será feito."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Diretório para descarregar suas bases de dados:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Por favor, especifique o diretório onde as bases de dados LDAP serão "
+"exportadas. Nesse diretório, vários arquivos LDIF serão criados "
+"correspondendo às bases de procura localizadas no servidor. Tenha certeza de "
+"ter espaço livre suficiente na partição onde este diretório está localizado. "
+"A primeira ocorrência da string \"VERSION\" é substituída com a versão do "
+"servidor a partir da qual você está atualizando."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Mover a base de dados antiga?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Ainda há arquivos em /var/lib/ldap que provavelmente quebrarão o processo de "
+"configuração. Se você habilitar esta opção, os scripts do mantenedor moverão "
+"os arquivos da antiga base de dados para fora do caminho antes de criar uma "
+"nova base de dados."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Tentar novamente a configuração?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"A configuração que você informou é inválida. Tenha certeza de que o nome de "
+"domínio DNS tem uma sintaxe válida, o campo para a organização não foi "
+"deixado vazio e as senhas do admin conferem. Se você decidir não tentar "
+"novamente a configuração, o servidor LDAP não será configurado. Execute "
+"\"dpkg-reconfigure slapd\" se você quiser tentar novamente mais tarde."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nome do domínio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"O nome do domínio DNS é usado para construir a base DN de seu diretório "
+"LDAP. Por exemplo, \"foo.example.org\" criará o diretório com \"dc=foo, "
+"dc=example, dc=org\" como base DN."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nome da organização:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Por favor, informe o nome da organização para usar na base DN de seu "
+"diretório LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Senha do administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Por favor, informe a senha para a entrada administrativa em seu diretório "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirme a senha:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Por favor, informe novamente a senha para a entrada administrativa de seu "
+"diretório LDAP para verificar se você a digitou corretamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "As senhas não conferem"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"As duas senhas que você informou não foram as mesmas. Por favor, tente "
+"novamente."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+"Você deseja que a base de dados seja removida quando o pacote slapd for "
+"expurgado (\"purged\")?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Falha do slapcat durante a atualização"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Um erro ocorreu durante a atualização do diretório LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"O programa \"slapcat\" falhou ao extrair o diretório LDAP. Isso pode ter "
+"sido causado por um arquivo de configuração incorreto (por exemplo, se "
+"estiverem faltando as linhas \"moduleload\" para suportar o \"backend\" da "
+"base de dados)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Esta falha fará com que o \"slapadd\" também falhe posteriormente. Os "
+"arquivos da antiga base de dados serão movidos para /var/backups. Se você "
+"quer tentar esta atualização novamente, você deve mover os arquivos da "
+"antiga base de dados de volta para o local original, corrigir o que quer que "
+"tenha causado a falha do slapcat e executar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Então mova os arquivos da base de dados de volta para uma área de backup e "
+"depois tente executar slapadd a partir de ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "\"Backend\" de base de dados a ser usado:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"O HDB e o BDB usam formatos de armazenamento similares, mas o HDB adiciona "
+"suporte para renomeação de subárvores. Ambos suportam as mesmas opções de "
+"configuração."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"O \"backend\" MDB é recomendado. O MDB usa um novo formato de armazenamento "
+"e requer menos configuração que o BDB e o HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Em qualquer caso, você deve revisar a configuração resultante da base de "
+"dados para que atenda as suas necessidades. Veja /usr/share/doc/slapd/README."
+"Debian.gz para mais detalhes."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Configuração de controle de acesso do slapd potencialmente insegura"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Uma ou mais das bases de dados configuradas tem uma regra de controle de "
+"acesso que permite que usuários modifiquem a maioria dos seus próprios "
+"atributos. Isso pode ser inseguro, dependendo de como a base de dados é "
+"usada."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"No caso das regras de acesso do slapd que comecem com \"to *\", é "
+"recomendado remover quaisquer instâncias de \"by self write\", de modo que "
+"os usuários possam modificar somente atributos especificamente permitidos."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Veja /usr/share/doc/slapd/README.Debian.gz para mais detalhes."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "cancelar a instalação"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "continuar independentemente"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Recomendada a atualização manual do esquema ppolicy"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"A nova versão da sobreposição \"Password Policy\" (ppolicy) exige que o "
+"esquema defina o tipo do atributo pwdMaxRecordedFailure, o qual não está "
+"presente no esquema atualmente em uso. É recomendado cancelar a atualização "
+"agora e atualizar o esquema ppolicy antes de atualizar o slapd. Se a "
+"replicação estiver em uso, a atualização do esquema deverá ser aplicada em "
+"cada servidor antes de continuar com a atualização."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+"Um arquivo LDIF foi gerado com as modificações necessárias para a "
+"atualização:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"então se o slapd estiver usando as regras padrão de controle de acesso, "
+"essas modificações podem ser aplicadas (depois de iniciar o slapd) usando o "
+"comando:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Se em vez disso você escolher continuar a instalação, o tipo do novo "
+"atributo será adicionado automaticamente, mas a modificação não sofrerá "
+"ações por sobreposições do slapd, e a replicação com outros servidores pode "
+"ser afetada."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Permitir o protocolo LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "O protocolo obsoleto LDAPv2 é desabilitado por padrão no slapd. Os "
+#~ "programas e usuários devem atualizar-se para o LDAPv3. Se você tem "
+#~ "programas antigos que não usam LDAPv3, você deve selecionar esta opção e "
+#~ "\"allow bind_v2\" será adicionado ao seu arquivo slapd.conf."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr ""
+#~ "O slurpd está obsoleto, réplicas devem ser configuradas manualmente."
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Uma ou mais opções slurpd \"replica\" foram encontradas em seu arquivo de "
+#~ "configuração slapd quando estava atualizando. Por causa de o slurpd está "
+#~ "obsoleto a partir do OpenLDAP 2.4, em vez disso você precisará migrar "
+#~ "suas replicas para usar o protocolo syncrepl."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "A conversão de slurpd para o protocolo syncrepl baseado no método de "
+#~ "puxar (\"pull\") atualizações, não pode ser feito automaticamente e você "
+#~ "precisará configurar seus servidores de réplica manualmente. Por favor, "
+#~ "veja http://www.openldap.org/doc/admin24/syncrepl.html para detalhes."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Os valores da TLSCipherSuite mudou"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Uma opção \"TLSCipherSuite\" foi encontrada em seu arquivo slapd durante "
+#~ "a atualização. Os valores permitidos para esta opção são determinados "
+#~ "pela implementação SSL utilizada, a qual foi alterada de OpenSSL para "
+#~ "GnuTLS. Como resultado, sua configuração TLSCipherSuite existente não irá "
+#~ "funcionar com este pacote."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Esta configuração foi automaticamente comentada para você. Se você tem "
+#~ "necessidades específicas de criptografia que requerem que esta opção seja "
+#~ "reabilitada, veja a saída do comando 'gnutls-cli -l' no pacote gnutls-bin "
+#~ "para uma lista das cifras suportadas pelo GnuTLS."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Fazer backup da base de dados atual e criar uma nova?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "O sufixo de diretório (domínio) que você especificou não confere com o "
+#~ "atual em /etc/ldap/slapd.conf. Mudar o sufixo do diretório requer mover a "
+#~ "atual base de dados LDAP e criar uma nova. Por favor, confirme se você "
+#~ "quer fazer um backup da base de dados atual e abandoná-la."
diff --git a/debian/po/ru.po b/debian/po/ru.po
new file mode 100644
index 0000000..174a16c
--- /dev/null
+++ b/debian/po/ru.po
@@ -0,0 +1,519 @@
+# translation of openldap_2.4.21-1_ru.po to Russian
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans#
+# Developers do not need to manually edit POT or PO files.
+#
+# Yuri Kozlov <kozlov.y@gmail.com>, 2007, 2008.
+# Yuri Kozlov <yuray@komyakino.ru>, 2010, 2014, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-10 19:00+0300\n"
+"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
+"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
+"Language: ru\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 2.0\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Ðе выполнÑÑ‚ÑŒ наÑтройку Ñервера OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"ЕÑли вы ответите утвердительно, Ð½Ð°Ñ‡Ð°Ð»ÑŒÐ½Ð°Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ð¸Ð»Ð¸ база данных "
+"ÑоздаватьÑÑ Ð½Ðµ будет."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "вÑегда"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "только при необходимоÑти"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "никогда"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "При обновлении ÑохранÑÑ‚ÑŒ данные из базы данных в файл:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Перед обновлением до новой верÑии Ñервера OpenLDAP данные из ваших каталогов "
+"LDAP могут быть Ñохранены в текÑтовые файлы в Ñтандартизованном формате "
+"обмена данных LDAP."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"ЕÑли выбрать \"вÑегда\", то перед обновлением данные из баз будут "
+"обÑзательно Ñохранены. ЕÑли выбрать \"только при необходимоÑти\", то база "
+"данных будет Ñохранена, только еÑли Ð½Ð¾Ð²Ð°Ñ Ð²ÐµÑ€ÑÐ¸Ñ Ð½Ðµ ÑовмеÑтима Ñо Ñтарым "
+"форматом базы данных и должна быть импортирована повторно. ЕÑли выбрать "
+"\"никогда\", то Ñохранение базы будет пропущено."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Каталог ÑÐ¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ð´Ð°Ð½Ð½Ñ‹Ñ… из баз:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Укажите каталог, куда будут ÑкÑпортированы базы данных LDAP. Ð’ Ñтом каталоге "
+"будет Ñоздано неÑколько файлов LDIF, которые ÑоответÑтвуют поиÑковым базам, "
+"раÑположенным на Ñервере. УбедитеÑÑŒ, что у Ð²Ð°Ñ Ð´Ð¾Ñтаточно меÑта на разделе, "
+"где раÑположен каталог. Первое поÑвление Ñтроки Ñо Ñловом \"VERSION\" "
+"заменÑетÑÑ Ð½Ð° верÑию Ñервера, Ñ ÐºÐ¾Ñ‚Ð¾Ñ€Ð¾Ð¹ производитÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "ПеремеÑтить Ñтарую базу данных?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Ð’ каталоге /var/lib/ldap находÑÑ‚ÑÑ Ñ„Ð°Ð¹Ð»Ñ‹, которые, вероÑтно, негативно "
+"повлиÑÑŽÑ‚ на процеÑÑ Ð½Ð°Ñтройки. ЕÑли вы ответите утвердительно, то "
+"Ñопровождающие Ñценарии, перед тем как Ñоздать новую базу, перемеÑÑ‚ÑÑ‚ Ñтарые "
+"файлы базы данных в другое меÑто."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Повторить наÑтройку?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Ð’Ð²ÐµÐ´Ñ‘Ð½Ð½Ð°Ñ Ð²Ð°Ð¼Ð¸ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð°. УбедитеÑÑŒ, что доменное Ð¸Ð¼Ñ DNS "
+"запиÑано в правильном формате, что поле Ð½Ð°Ð·Ð²Ð°Ð½Ð¸Ñ Ð¾Ñ€Ð³Ð°Ð½Ð¸Ð·Ð°Ñ†Ð¸Ð¸ непуÑтое и что "
+"пароль админиÑтратора верен. ЕÑли вы не Ñтанете повторÑÑ‚ÑŒ наÑтройку, то "
+"Ñервер LDAP оÑтанетÑÑ Ð½Ðµ наÑтроенным. ЕÑли позднее вы захотите выполнить "
+"наÑтройку, запуÑтите команду «dpkg-reconfigure slapd»."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Доменное Ð¸Ð¼Ñ DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Доменное Ð¸Ð¼Ñ DNS иÑпользуетÑÑ Ð´Ð»Ñ Ð¿Ð¾ÑÑ‚Ñ€Ð¾ÐµÐ½Ð¸Ñ Ð±Ð°Ð·Ð¾Ð²Ð¾Ð³Ð¾ DN каталога LDAP. "
+"Ðапример, еÑли ввеÑти «foo.bar.org», то Ñто даÑÑ‚ базовый DN «dc=foo, dc=bar, "
+"dc=org»."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Ðазвание организации:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Введите название организации Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð² базовом DN каталога LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Пароль админиÑтратора:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Введите пароль Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñи admin в каталоге LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Повторите ввод паролÑ:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Введите тот же пароль Ð´Ð»Ñ admin в каталоге LDAP ещё раз, чтобы убедитьÑÑ Ð² "
+"правильноÑти ввода."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Пароли не Ñовпадают"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Введённые вами пароли не Ñовпадают. Попробуйте ещё раз."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "УдалÑÑ‚ÑŒ базу данных при вычиÑтке slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Ошибка slapcat при обновлении"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Возникла ошибка при попытке Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ ÐºÐ°Ñ‚Ð°Ð»Ð¾Ð³Ð° LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Ошибка возникла при выполнении программы «slapcat», ÐºÐ¾Ñ‚Ð¾Ñ€Ð°Ñ Ð¿Ñ‹Ñ‚Ð°Ð»Ð°ÑÑŒ "
+"раÑпаковать каталог LDAP. Это могло произойти из-за некорректного файла "
+"конфигурации (например, в Ñлучае отÑутÑÑ‚Ð²Ð¸Ñ Ñтрок «moduleload» Ð´Ð»Ñ Ð²Ð°ÑˆÐµÐ³Ð¾ "
+"типа Ñервера базы данных)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Ð’ дальнейшем, Ñто также вызовет отказ в работе «slapadd». Старые файлы базы "
+"данных были перенеÑены в каталог /var/backups. ЕÑли вы хотите попытатьÑÑ "
+"выполнить обновление ещё раз, перемеÑтите Ñтарые файлы базы данных обратно, "
+"иÑправьте ошибку, вызывающую отказ работы «slapcat» и выполните:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"ПеремеÑтите файлы базы данных обратно в меÑто Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ñ€ÐµÐ·ÐµÑ€Ð²Ð½Ð¾Ð¹ копии и "
+"затем попытайтеÑÑŒ запуÑтить slapadd из ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "ИÑпользуемые Ñерверы баз данных:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB и BDB иÑпользуют Ñхожие форматы хранениÑ, но в HDB добавлена поддержка "
+"Ð¿ÐµÑ€ÐµÐ¸Ð¼ÐµÐ½Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€ÐµÐ²ÑŒÐµÐ². Оба типа Ñервера поддерживают одинаковые "
+"параметры наÑтройки."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"РекомендуетÑÑ Ð¸Ñпользовать Ñервер MDB. MDB иÑпользует новый формат Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ "
+"и требует меньше наÑтроек чем BDB или HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Ð’ любом Ñлучае, убедитеÑÑŒ в ÑоответÑтвии получившихÑÑ Ð½Ð°Ñтроек базы данных "
+"вашим требованиÑм. Подробней о наÑтройке Ñмотрите в файле /usr/share/doc/"
+"slapd/README.Debian.gz."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Потенциально небезопаÑÐ½Ð°Ñ Ð½Ð°Ñтройка ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð´Ð¾Ñтупом slapd"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Ð’ одной или более базах данных наÑтроено правило ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»Ñ Ð´Ð¾Ñтупа, которое "
+"позволÑет пользователÑм изменÑÑ‚ÑŒ не только ÑобÑтвенные атрибуты. Это может "
+"быть небезопаÑно, в завиÑимоÑти от иÑÐ¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð±Ð°Ð·Ñ‹ данных."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"Ð’ Ñлучае, когда правила доÑтупа slapd начинаютÑÑ Ñ Â«to *», рекомендуетÑÑ "
+"удалÑÑ‚ÑŒ вÑе ÑкземплÑры «by self write» Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, чтобы пользователи могли "
+"изменÑÑ‚ÑŒ только Ñвно разрешённые атрибуты."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Смотрите подробноÑти в файле /usr/share/doc/slapd/README.Debian.gz."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "прервать уÑтановку"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "продолжить"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "РекомендуетÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ Ñхемы ppolicy вручную"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Ð”Ð»Ñ Ð½Ð¾Ð²Ð¾Ð¹ верÑии Ð¾Ð²ÐµÑ€Ð»ÐµÑ Password Policy (ppolicy) требуетÑÑ Ð¾Ð¿Ñ€ÐµÐ´ÐµÐ»ÐµÐ½Ð¸Ðµ "
+"типа атрибутов pwdMaxRecordedFailure, который отÑутÑтвует в иÑпользуемой в "
+"данной момент Ñхеме. РекомендуетÑÑ Ð¿Ñ€ÐµÑ€Ð²Ð°Ñ‚ÑŒ уÑтановку прÑмо ÑÐµÐ¹Ñ‡Ð°Ñ Ð¸ "
+"обновить Ñхему ppolicy перед обновлением slapd. ЕÑли иÑпользуетÑÑ "
+"репликациÑ, то обновление Ñхемы должно быть выполнено на каждом Ñервере "
+"перед продолжением обновлениÑ."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr "Был Ñоздан файл LDIF Ñ Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñми, требующимиÑÑ Ð´Ð»Ñ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"и еÑли в slapd иÑпользуютÑÑ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð´Ð¾Ñтупом по умолчанию, то Ñти "
+"Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ применить (поÑле запуÑка slapd) командой:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"ЕÑли вы выберете продолжение уÑтановки, то новый тип атрибута будет добавлен "
+"автоматичеÑки, но изменение не будет применено в оверлеÑÑ… slapd, и Ñто может "
+"повлиÑÑ‚ÑŒ на другие Ñерверы при репликации."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Включить протокол LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "По умолчанию в slapd Ñтарый протокол LDAPv2 выключен. КлиентÑкие "
+#~ "программы нужно обновить до верÑий Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶ÐºÐ¾Ð¹ LDAPv3. ЕÑли у Ð²Ð°Ñ ÐµÑÑ‚ÑŒ "
+#~ "Ñтарые программы, которые не могут иÑпользовать LDAPv3, то вы должны "
+#~ "ответить утвердительно, и в файл slapd.conf будет добавлена запиÑÑŒ «allow "
+#~ "bind_v2»."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "slurpd уÑтарел; реплики должны быть перенаÑтроены вручную"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "При обновлении в вашем конфигурационном файле Ð´Ð»Ñ slapd найден один или "
+#~ "неÑколько параметров \"replica\" Ð´Ð»Ñ slurpd. Так как slurpd уÑтарел "
+#~ "Ð½Ð°Ñ‡Ð¸Ð½Ð°Ñ Ñ OpenLDAP верÑии 2.4, Ð´Ð»Ñ Ñ€ÐµÐ¿Ð»Ð¸Ðº вам нужно перейти на протокол "
+#~ "syncrepl."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "ÐвтоматичеÑкое преобразование наÑтроек slurpd в наÑтройки оÑнованного на "
+#~ "вытÑгивании протокола syncrepl невозможно, и поÑтому вы должны наÑтроить "
+#~ "Ñвои Ñерверы реплик вручную. Подробней об Ñтом Ñмотрите на Ñтранице "
+#~ "http://www.openldap.org/doc/admin24/syncrepl.html."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "ИзменилиÑÑŒ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð´Ð»Ñ TLSCipherSuite"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "При обновлении в наÑтройке slapd был найден параметр \"TLSCipherSuite\". "
+#~ "ДопуÑтимые Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ñтого параметра, определÑемые авторами SSL, были "
+#~ "изменены при переходе Ñ OpenSSL на GnuTLS. Ð’ результате, имеющаÑÑÑ "
+#~ "наÑтройка TLSCipherSuite не заработает Ñ Ñтим пакетом."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Ð”Ð°Ð½Ð½Ð°Ñ Ð½Ð°Ñтройка будет автоматичеÑки закомментирована. ЕÑли Ð´Ð»Ñ ÐºÐ°ÐºÐ¾Ð³Ð¾-то "
+#~ "Ñпецифичного ÑˆÐ¸Ñ„Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð²Ð°Ð¼ требуетÑÑ ÐµÑ‘ иÑпользовать, то ÑпиÑок "
+#~ "поддерживаемых GnuTLS алгоритмов можно поÑмотреть, запуÑтив команду "
+#~ "'gnutls-cli -l' из пакета gnutls-bin."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Сделать резервную копию имеющейÑÑ Ð±Ð°Ð·Ñ‹ данных и Ñоздать новую?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Ð’Ñ‹ указали ÑÑƒÑ„Ñ„Ð¸ÐºÑ ÐºÐ°Ñ‚Ð°Ð»Ð¾Ð³Ð° (домен), который не Ñовпадает Ñ Ð¸Ð¼ÐµÑŽÑ‰Ð¸Ð¼ÑÑ Ð² /"
+#~ "etc/ldap/slapd.conf. Изменение ÑуффикÑа каталога требует Ð¿ÐµÑ€ÐµÐ¼ÐµÑ‰ÐµÐ½Ð¸Ñ "
+#~ "имеющейÑÑ Ð±Ð°Ð·Ñ‹ данных LDAP и Ñоздание новой. Подтвердите, что хотите "
+#~ "Ñделать резервную копию базы данных и отказатьÑÑ Ð¾Ñ‚ имеющейÑÑ."
diff --git a/debian/po/sk.po b/debian/po/sk.po
new file mode 100644
index 0000000..a601991
--- /dev/null
+++ b/debian/po/sk.po
@@ -0,0 +1,443 @@
+# Slovak translations for openldap package
+# Slovenské preklady pre balík openldap.
+# Copyright (C) 2011 THE openldap'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Slavko <linux@slavino.sk>, 2011.
+# Ivan Masár <helix84@centrum.sk>, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.23-7\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-10 10:01+0200\n"
+"Last-Translator: Ivan Masár <helix84@centrum.sk>\n"
+"Language-Team: x\n"
+"Language: sk\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
+"X-Generator: Virtaal 0.7.1\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Vynechať nastavenia servera OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Ak zvolíte túto možnosÅ¥, nebude vytvorené poÄiatoÄné nastavenie ani databáza."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "vždy"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "keÄ je treba"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nikdy"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Pri aktualizácii uložiť databázy do súboru:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Pred aktualizáciou na novšiu verziu servera OpenLDAP môžu byť vaše dáta z "
+"adresárov LDAP uložené do textových súborov vo formáte LDAP Data Interchange "
+"Format, Äo je Å¡tandardizovaný formát na popis týchto dát."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Výberom „vždy“ zaistíte, že budú databázy uložené do súborov pred každou "
+"aktualizáciou. Voľba „keÄ je treba“ znamená, že budú databázy uložené len v "
+"prípade, že je nová verzia nekompatibilná s formátom starej databázy, a teda "
+"bude potrebné opätovné nahratie dát. Ak zvolíte „nikdy“, dáta sa nebudú "
+"ukladať."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Adresár pre exportované databázy:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Prosím, zadajte adresár, kam majú byť uložené databázy LDAP. V tomto "
+"adresári bude vytvorených niekoľko súborov LDIF, jeden pre každý koreň "
+"adresárov LDAP daného servera. PresvedÄte sa, že je na zvolenej oblasti "
+"dostatok miesta. Prvý výskyt reťazca „VERSION†bude nahradený verziou "
+"servera LDAP, z ktorej aktualizujete."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Presunúť starú databázu?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Vo /var/lib/ldap stále existujú súbory, ktoré pravdepodobne narušia proces "
+"nastavenia. Ak zvolíte túto možnosÅ¥, inÅ¡talaÄné skripty pred vytvorením "
+"novej databázy najprv presunú staré databázové súbory inam."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Opakovať nastavenie?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Zadali ste neplatné nastavenie. Skontrolujte, Äi je zadané doménové meno "
+"(DNS) v platnom tvare, že je vyplnené pole organizácie a heslá "
+"administrátora súhlasia. Ak sa rozhodnete neopakovať nastavenie, ostane "
+"server LDAP nenastavený. Ak budete chcieť opakovať nastavenie neskôr, "
+"spustite „dpkg-reconfigure slapdâ€."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Meno domény (DNS):"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Meno domény (DNS) sa použije na vytvorenie základného DN adresára LDAP. "
+"Napríklad „foo.example.org“ vytvorí adresár so základným DN „dc=foo, "
+"dc=example, dc=org“."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Názov organizácie:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Prosím, zadajte názov organizácie, ktorý sa použije v základnom DN vášho "
+"adresára LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Heslo správcu:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Prosím zadajte heslo správcu vášho adresára LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Overenie hesla:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Prosím, zadajte znova heslo správcu vášho adresára LDAP na overenie, že ste "
+"ho napísali správne."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Heslá sa nezhodujú"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Zadané heslá nie sú rovnaké. Prosím, skúste to znova."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Chcete aby pri odstránení balíka slapd bola odstránená aj databáza?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Zlyhanie slapcat poÄas aktualizácie"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Pri aktualizácii adresára LDAP nastala chyba."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Program „slapcat“ zlyhal pri práci s adresárom LDAP. Táto chyba môže byť "
+"spôsobená chybným konfiguraÄným súborom (napríklad chýbajúce riadky "
+"„moduleload“ s podporou backend databázy)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Táto chyba bude mať za následok, že „slapadd“ neskôr tiež zlyhá. Súbory "
+"starej databázy budú presunuté do /var/backups. Ak budete chcieť skúsiť túto "
+"aktualizáciu neskôr znova, mali by ste najprv presunúť súbory starej "
+"databázy naspäť, opraviÅ¥ príÄinu zlyhania slapcat a spustiÅ¥:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Potom presuňte súbory databázy späť medzi zálohy a až potom skúste spustiť "
+"slapadd z ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Použiť backend databázy:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB a BDB používajú podobné formáty úložiska, ale HDB pridáva podporu "
+"premenovania podstromov. Oba podporujú rovnaké konfiguraÄné voľby."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"OdporúÄa sa použiÅ¥ backend MDB. MDB používa nový formát úložiska a vyžaduje "
+"menej konfigurácie ako BDB Äi HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"V každom prípade by ste mali skontrolovaÅ¥, Äi výsledné nastavenie databázy "
+"zodpovedá vašim potrebám. Ďalšie informácie nájdete v súbore /usr/share/doc/"
+"slapd/README.Debian.gz."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Potenciálne nebezpeÄná konfigurácia riadenia prístupu slapd"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Jedna alebo viac z nastavených databáz obsahuje pravidlo riadenia prístupu, "
+"ktoré umožňuje používateľom meniÅ¥ väÄÅ¡inu svojich vlastných atribútov. To "
+"môže byÅ¥ nebezpeÄné podľa toho ako sa databáza používa."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"V prípade pravidiel riadenia prístupu slapd, ktoré zaÄínajú na „to *“ sa "
+"odporúÄa odstrániÅ¥ vÅ¡etky prípady „by self write“, aby používatelia mohli "
+"meniť iba konkrétne povolené atribúty."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Ďalšie informácie nájdete v súbore /usr/share/doc/slapd/README.Debian.gz."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "prerušiť inštaláciu"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "napriek tomu pokraÄovaÅ¥"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "OdporúÄa sa manuálna aktualizácia schémy ppolicy"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Nová verzia prekrytia politiky hesla (ppolicy; Password Policy) vyžaduje, "
+"aby schéma definovala typ atribútu pwdMaxRecordedFailure, ktorý v momentálne "
+"používanej schéme nie je prítomný. OdporuÄa sa teraz preruÅ¡iÅ¥ inÅ¡taláciu a "
+"aktualizovať schému ppolicy pred aktualizáciou slapd. Ak používate "
+"replikáciu, aktualizáciu schémy by ste mali použiť na každom serveri "
+"predtým, než budete pokraÄovaÅ¥ v aktualizácii."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr "Bol vytvorený súbor LDIF so zmenami potrebnými na aktualizáciu:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"takže ak slapd používa predvolené pravidlá riadenia prístupu, tieto zmeny je "
+"možné použiť (po spustení slapd) príkazom:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Ak sa namiesto toho rozhodnete pokraÄovaÅ¥ v inÅ¡talácii, nový typ atribúty sa "
+"pridá automaticky, ale zmena sa neprejaví v prekrytiach slapd a môže to "
+"ovplyvniť replikáciu s ostatnými servermi."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Povoliť protokol LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Zastaraný protokol LDAPv2 je v slapd predvolene zakázaný. Programy a "
+#~ "používatelia by mali prejsť na LDAPv3. Ak máte staré programy, ktoré "
+#~ "nedokážu používať LDAPv3, mali by ste povoliť túto možnosť a do "
+#~ "konfiguraÄného súboru slapd.conf bude pridaný riadok „allow bind_v2â€."
diff --git a/debian/po/sv.po b/debian/po/sv.po
new file mode 100644
index 0000000..2b40572
--- /dev/null
+++ b/debian/po/sv.po
@@ -0,0 +1,537 @@
+# Translation of openldap debconf template to Swedish
+# Copyright (C) 2010, 2017 Martin Bagge <brother@bsnet.se>
+# This file is distributed under the same license as the openldap package.
+#
+# Martin Ã…gren <martin.agren@gmail.com>, 2008.
+# Martin Bagge <brother@bsnet.se>, 2010, 2017
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap_2.4.10-2_sv\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-12 14:59+0100\n"
+"Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n"
+"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n"
+"Language: sv\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Utelämna konfiguration av OpenLDAP-servern?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Om du aktiverar det här alternativet kommer ingen initial konfiguration "
+"eller databas att skapas åt dig."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "alltid "
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "vid behov"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "aldrig"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Dumpa databaser till fil vid uppgradering:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Innan du uppgraderar till en ny version av OpenLDAP-servern, kan datat från "
+"dina LDAP-kataloger dumpas till klartextfiler i standardformatet LDAP Data "
+"Interchange Format."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Väljer du \"alltid\" kommer databaserna alltid att dumpas före en "
+"uppgradering. Väljer du \"vid behov\" kommer databasen bara dumpas om den "
+"nya versionen är inkompatibel med det gamla databasformatet och måste "
+"återimporteras. Om du väljer \"aldrig\", kommer ingen dump göras."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Katalog att dumpa databaser i:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Ange den katalog dit LDAP-databaser ska exporteras. I denna katalog kommer "
+"flera LDIF-filer att skapas som svarar mot sökbaserna på servern. Se till "
+"att du har tillräckligt med ledigt utrymme på den partition där katalogen "
+"finns. Den första förekomsten av strängen \"VERSION\" ersätts med den "
+"serverversion du uppgraderar från."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Flytta gammal databas?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Det finns fortfarande filer i /var/lib/ldap/ som troligen kommer göra att "
+"konfigurationsprocessen inte fungerar. Om du aktiverar detta val, kommer "
+"administrationsskripten att flytta den gamla databasfilen ur vägen innan en "
+"ny databas skapas."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Försöka konfigurera igen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Konfigurationen du angav är ogiltig. Säkerställ att DNS-domännamnet är "
+"syntaktiskt giltigt, att organisationsfältet inte lämnats tomt och att "
+"administratörslösenorden överensstämmer. Om du väljer att inte försöka "
+"konfigurera igen kommer LDAP-servern inte att ha korrekta inställningar. Kör "
+"\"dpkg-reconfigure slapd\" om du vill försöka igen senare."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-domännamn:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNS-domännamnet används för att konstruera bas-DN:et för LDAP-katalogen. "
+"Till exempel kommer \"foo.example.org\" att skapa en katalog med \"dc=foo, "
+"dc=example, dc=org\" som bas-DN."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Organisationsnamn:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Ange namnet på organisationen som ska användas i bas-DN:et för din LDAP-"
+"katalog."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administratörslösenord:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Ange lösenordet för admin-posten i LDAP-katalogen."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Bekräfta lösenordet:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Ange administratörslösenordet för din LDAP-katalog igen för att verifiera "
+"att du har skrivit in det korrekt."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Lösenorden matchar inte"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "De två lösenord du har angett var inte lika. Försök igen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Vill du att databasen ska tas bort när slapd rensas bort?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat-fel vid uppgradering"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Ett fel inträffade när LDAP-katalogen uppgraderades."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Programmet \"slapcat\" misslyckades när det extraherade LDAP-katalogen. "
+"Detta kan bero på en felaktig konfigurationsfil (till exempel, saknade "
+"\"moduleload\"-rader för att stödja bakändsdatabasen)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Detta fel kommer göra att \"slapadd\" misslyckas även senare. Den gamla "
+"databasen kommer flyttas till /var/backups. Om du vill försöka utföra den "
+"här uppgraderingen igen, behöver du flytta tillbaka de gamla databasfilerna, "
+"korrigera det som har fått slapcat att misslyckas och köra:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Flytta sedan tillbaka databasfilerna till ett utrymme för säkerhetskopior "
+"och kör slapadd från ${location}."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Databasbakända att använda:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB och BDB använder liknande lagringsformat, men HDB lägger till stöd för "
+"namnbyten på underträd. Båda stödjer samma konfigurationsalternativ."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"MDB-bakändan är rekommenderad. MDB använder ett nytt lagringsformat och "
+"behöver mindre inställningar än BDB eller HDB."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"I vilket fall, behöver du se över den resulterande databaskonfigurationen "
+"för dina behov. Se /usr/share/doc/slapd/README.Debian.gz för fler detaljer."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Potentiellt osäker rättighetsinställning för slapd"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"En eller flera av de inställda databaserna har rättighetsinställningar som "
+"innebär att användare tillåts att ändra de flesta av sina attribut. Detta "
+"kan vara osäkert, beroende på hur databasen används."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"I fallen där rättighetsinställningarna börjar med \"to *\" är det "
+"rekommenderat att ta bort \"by self write\" i förekommande fall. Det får "
+"till följd att användare bara får justera specifikt tillåtna attribut."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Läs /usr/share/doc/slapd/README.Debian.gz för detaljerad information."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "avbryt installation"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "fortsätt oavsett"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Manuell uppdatering av ppolicy-schema rekommenderas"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Den nya versionen av överbryggningen av lösenordspolicyn (ppolicy, password "
+"policy) kräver att schemat definierar attributtypen pwdMaxRecordedFailure "
+"vilket inte är med i nuvarande schema. Det är rekommenderat att avbryta "
+"uppgraderingen nu och uppdatera ppolicy-schemat före uppgraderingen av "
+"slapd. Om replikering används måste schemauppdateringen appliceras på alla "
+"servrar innan uppgraderingen genomförs."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr "En LDIF-fil har skapats med ändringarna som krävs för uppgraderingen:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"om slapd använder standardregler för åtkomsthantering kan dessa ändringar "
+"appliceras (efter att slapd startats) genom följande kommando:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Om du istället fortsätter med installationen kommer den nya attributtypen "
+"att läggas till automatiskt men ändringen kommer inte leda till att "
+"överbryggad slapd agerar på detta. Replikering till andra servrar kan "
+"påverkas."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Tillåt LDAPv2-protokollet?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Det inte längre aktuella LDAPv2-protokollet är som standard avaktiverat i "
+#~ "slapd. Program och använder ska uppgradera till LDAPv3. Om du har gamla "
+#~ "program som inte kan använda LDAPv3, behöver du välja detta vilket gör "
+#~ "att \"allow bin_v2\" läggs till i din slapd.conf-fil."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "slurpd är inte aktuell; repliker måste konfigureras för hand"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "En eller flera av slurpds \"replica\"-val har hittats i din slapd-"
+#~ "konfiguration vid uppgraderingen. Eftersom slurpd inte är aktuell längre "
+#~ "från och med OpenLDAP 2.4, kommer du behöva migrera dina repliker till "
+#~ "att använda syncrepl-protokollet istället."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Konverteringen från slurpd till det frågebaserade syncrepl-protokollet "
+#~ "kan inte göras automatiskt och du kommer behöva konfigurera dina replica-"
+#~ "servrar för hand. Se http://www.openldap.org/doc/admin24/syncrepl.html "
+#~ "för detaljer."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Värden på TLSCipherSuite har ändrats"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Ett \"TLSCipherSuite\"-val hittades i din slapd-konfiguration vid "
+#~ "uppgraderingen. De värden som tillåts för detta val avgörs av den SSL-"
+#~ "implementation som används och detta har ändrats från OpenSSL till "
+#~ "GnuTLS. Som en följd av detta kommer inte din befintliga TLSCipherSuite-"
+#~ "inställning att fungera med det här paketet."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Den inställning har automatiskt kommenterats ut åt dig. Om du har "
+#~ "särskilda krypteringsbehov som kräver att detta val återaktiveras, se "
+#~ "utdatat från \"gnutls-cli -l\" i gnutls-bin-paketet för en lista över "
+#~ "krypton som stöds av GnuTLS."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Säkerhetskopiera aktuell databas och skapa en ny?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Katalogsuffixet (domänen) du angett matchar inte den som för tillfället "
+#~ "anges i /etc/ldap/slapd.conf. Om du ändrar katalogsuffixet krävs att du "
+#~ "flyttar den nuvarande LDAP-databasen å sidan och skapar en ny. Bekräfta "
+#~ "att du vill säkerhetskopiera och överge den nuvarande databasen."
+
+#~ msgid "Change backend type from LDBM to BDB?"
+#~ msgstr "Ändra bakändstyp från LDBM till BDB?"
+
+#~ msgid ""
+#~ "The LDBM backend type has serious stability problems and has been "
+#~ "deprecated by OpenLDAP as of 2.2. It is no longer supported by the "
+#~ "OpenLDAP packages."
+#~ msgstr ""
+#~ "LDBM-bakändstypen har allvarliga stabilitetsproblem och har blivit "
+#~ "utdaterad av OpenLDAP från och med 2.2. Den stöds inte längre av OpenLDAP-"
+#~ "paketen."
+
+#~ msgid ""
+#~ "When the BDB backend is used, it must be configured properly. For more "
+#~ "information, see /usr/share/doc/slapd/README.DB_CONFIG.gz."
+#~ msgstr ""
+#~ "När BDB-bakändan används, måste den konfigureras ordentligt. För mer "
+#~ "information, se /usr/share/doc/slapd/README.DB_CONFIG.gz."
+
+#~ msgid ""
+#~ "If you enable this option, an attempt will be made to update the "
+#~ "configuration to use BDB instead of LDBM and convert the databases. If "
+#~ "you do not enable this option, the upgrade will be aborted."
+#~ msgstr ""
+#~ "Om du aktiverar detta val, kommer ett försök göras att uppdatera "
+#~ "konfigurationen till att använda BDB istället för LDBM och konvertera "
+#~ "databaserna. Om du inte aktiverar detta val, kommer uppgraderingen att "
+#~ "avbrytas."
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
new file mode 100644
index 0000000..7936eae
--- /dev/null
+++ b/debian/po/templates.pot
@@ -0,0 +1,363 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the openldap package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr ""
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr ""
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr ""
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
diff --git a/debian/po/tr.po b/debian/po/tr.po
new file mode 100644
index 0000000..c99e9fd
--- /dev/null
+++ b/debian/po/tr.po
@@ -0,0 +1,448 @@
+# Turkish debconf templates translation for openldap
+# This file is distributed under the same license as the openldap package.
+# Atila KOÇ <koc@artielektronik.com.tr>, 2012, 2014, 2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-01-13 18:42+0300\n"
+"Last-Translator: Atila KOÇ <koc@artielektronik.com.tr>\n"
+"Language-Team: Turkish <debian-l10n-turkish@lists.debian.org>\n"
+"Language: tr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.7.1\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "OpenLDAP sunucu yapılandırması atlansın mı?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Bu seçeneği seçmeniz durumunda sizin için ne bir ön yapılandırma yapılacak "
+"ne de bir veritabanı yaratılacak. "
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "her zaman"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "gerektiÄŸinde"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "hiçbir zaman"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Yükseltme sırasında veritabanlarının dökümü yapılsın mı?:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Makineniz yeni OpenLDAP sunucu sürümüne yükseltilmeden önce, LDAP "
+"dizinlerindeki verileriniz LDAP Veri Değişimi Biçimi'nde (LDIF) metin "
+"dosyalarına yedeklenebilir."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"\"her zaman\" seçimi veritabanlarının yükseltme öncesinde kayıtsız şartsız "
+"bir dökümünü sağlayacaktır. \"gerektiğinde\" seçimi yeni ile eski sürüm "
+"arasında veritabanı biçim farklılığı varsa ve bu nedenle yeni veritabanına "
+"eski verilerin sonradan alınması gerekirse döküm yapacaktır. \"hiçbir zaman"
+"\" seçeneğini seçerseniz döküm yapılmayacaktır."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Veritabanı dökümü için kullanılacak dizin:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"LDAP veritabanlarının dışa aktarımı için bir dizin belirtiniz. Bu dizine "
+"sunucuda varolan arama tabanlarına karşılık gelen bir çok LDIF dosyası "
+"kaydedilecektir. İlgili dizinin bulunduğu disk bölümünde yeterince boş alan "
+"olduğundan emin olunuz. \"VERSION\" dizgesi ilk görüldüğü yerde yükseltme "
+"işleminden önceki sunucu sürümünüzle değiştirilecektir."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Eski veritabanı taşınsın mı?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"/var/lib/ldap dizininde yapılandırma sürecini bozabilecek bazı dosyalar "
+"bulunmaktadır. Bu seçeneği seçerseniz, bakımcı betikleri yeni bir veritabanı "
+"yaratmadan önce bu eski veritabanı dosyalarını başka bir yere taşıyacaktır."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Yapılandırma yeniden denensin mi?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Girdiğiniz yapılandırma ayarları geçersiz. DNS alan adının sözdizimsel "
+"olarak geçerli olduğundan, örgüt adı için ayrılmış alanın boş olmadığından "
+"ve yönetici parolalarının uyumlu olduğundan emin olunuz. Yapılandırmayı "
+"yeniden denemeyi seçmezseniz LDAP sunucu kurulmayacaktır. Kurulumu sonra "
+"denemek isterseniz, 'dpkg-reconfigure slapd' komutunu çalıştırın."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS alan adı:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNS alan adı LDAP dizinin temel DN yapılandırması için kullanılmıştır. "
+"Örneğin, 'gecici.example.org' alan adı 'dc=gecici, dc=example, dc=org' temel "
+"DN'ye sahip dizini yaratacaktır."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Örgüt adı:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr "LDAP dizininizin temel DN'si olarak kullanılacak örgüt adını giriniz."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Yönetici parolası:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "LDAP dizini yöneticisi için parola giriniz."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Parolayı doğrulayınız:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"LDAP dizini yönetici parolasını tekrar giriniz ve doğru yazdığınızdan emin "
+"olunuz."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Parola uyumsuzluÄŸu"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Girdiğiniz iki parola aynı değil, lütfen tekrar deneyiniz."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+"slapd paketi tamamen kaldırıldığında veritabanının da kaldırılmasını ister "
+"misiniz?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Yükseltme sırasında 'slapcat' hatası"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "LDAP dizini yükseltilirken bir hata oluştu."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"'slapcat' programı LDAP dizinini dışa aktarırken başarısız oldu. Buna hatalı "
+"bir yapılandırma dosyası neden olmuş olabilir (örneğin, arka uç "
+"veritabanlarını desteklemek için gerekli 'moduleload' satırlarının eksik "
+"olması gibi)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Bu hata 'slapadd' programının da hata vermesine neden olacaktır. Eski "
+"veritabanı dosyaları /var/backups dizinine taşınacaktır. Eğer bu yükseltmeyi "
+"yeniden denemek isterseniz, eski veritabanı dosyalarını yerlerine geri "
+"almalı, 'slapcat' programının hatasına neden olan her ne ise düzeltmeli ve "
+"aşağıdaki komutu çalıştırmalısınız:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Daha sonra veritabanı dosyalarını bir yedekleme alanına geri taşıyın ve "
+"${location} konumundan 'slapadd' komutunu çalıştırınız."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Kullanılacak veritabanı arka ucu:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB ve BDB benzer depolama biçimleri kullanırlar, fakat HDB alt ağaç yeniden "
+"adlandırmalarına olanak tanır. Her ikisi de aynı yapılandırma seçeneklerini "
+"desteklerler."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"MDB arka ucu önerilir. MDB yeni bir depolama biçimi kullanır ve BDB ya da "
+"HDB'ye göre daha az yapılandırma gerektirir."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Her durumda sonuçlanan veritabanı yapılandırmasının gereksinimlerinize "
+"uyduğundan emin olmalısınız. Daha fazla bilgi için /usr/share/doc/slapd/"
+"README.Debian.gz dosyasını okuyunuz."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Olası güvensiz slapd erişim denetimi yapılandırması"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Yapılandırılmış bir ya da daha fazla veritabanında, kullanıcıların "
+"kendilerine ait bir çok özelliği değiştirmesine izin veren bir erişim "
+"denetimi kuralı var. Bu durum, veritabanı kullanım şekline bağlı olarak, "
+"güvenli olmayabilir."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"\"to *\" ile başlayan slapd erişim kurallarında, kullanıcıların yalnızca "
+"değiştirilmesine izin verilmiş özellikleri değiştirebilmeleri için, tüm \"by "
+"self write\" alanlarının kaldırılması önerilir."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Daha fazla bilgi için /usr/share/doc/slapd/README.Debian.gz dosyasını "
+"okuyunuz."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "kurulumdan çık"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "yine de sürdür"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "ppolicy şemasının elle yükseltilmesi öneriliyor"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Parola ilkesi katmanının (ppolicy) yeni sürümü, şu anda kullanılmakta olan "
+"şemanın içermediği pwdMaxRecordedFailure özniteliğinin şemada tanımlanmasını "
+"gerektiriyor. Şimdi kurulumdan çıkmanız ve slapd yükseltmesine başlamadan "
+"önce ppolicy şemasını güncellemeniz önerilir. Eğer dizinlerinizi kopyalayan "
+"başka sunucular varsa, yükseltmeye başlamadan önce bütün sunuculardaki "
+"şemaları güncellemeniz gerekiyor."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr ""
+"Yükseltme için gerekli değişiklikleri içeren bir LDIF dosyası oluşturuldu:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"Eğer slapd öntanımlı erişim denetimi kurallarını kullanıyorsa, bu "
+"değişiklikler slapd başlatıldıktan sonra aşağıdaki komutu çalıştırarak "
+"uygulanabilir:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Eğer kurulumu sürdürmeyi yeğlerseniz, yeni öznitelik kendiliğinden eklenecek "
+"fakat bu değişim slapd katmanlarında hayata geçmeyecek ve dizinleri "
+"kopyalayan sunucular varsa bu durumdan etkilenebileceklerdir."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "LDAPv2 iletişim kuralına izin verilsin mi?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Eskimiş LDAPv2 iletişim kuralı slapd yapılandırmasında öntanımlı olarak "
+#~ "devre dışı bırakılmıştır. Programlar ve kullanıcılar LDAPv3 iletişim "
+#~ "kuralına geçmelidirler. LDAPv3 iletişim kuralına geçemeyecek eski "
+#~ "programlarınız varsa slapd.conf dosyasına 'allow bind_v2' satırını "
+#~ "ekleyecek olan bu seçeneği seçmelisiniz."
diff --git a/debian/po/vi.po b/debian/po/vi.po
new file mode 100644
index 0000000..99bddf9
--- /dev/null
+++ b/debian/po/vi.po
@@ -0,0 +1,446 @@
+# Vietnamese translation for OpenLDAP.
+# Copyright © 2010 Free Software Foundation, Inc.
+# Clytie Siddall <clytie@riverland.net.au>, 2005-2010.
+# Trần Ngá»c Quân <vnwildman@gmail.com>, 2014, 2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2017-06-25 02:57+0000\n"
+"PO-Revision-Date: 2017-02-09 13:57+0700\n"
+"Last-Translator: Trần Ngá»c Quân <vnwildman@gmail.com>\n"
+"Language-Team: Vietnamese <debian-l10n-vietnamese@lists.debian.org>\n"
+"Language: vi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Gtranslator 2.91.7\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "BỠqua bước cấu hình trình phục vụ OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Bật tùy chá»n này thì không tạo cho bạn cấu hình hay cÆ¡ sở dữ liệu đầu tiên."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "luôn luôn"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "khi cần thiết"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "không bao giá»"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Äổ các cÆ¡ sở dữ liệu vào tập tin khi nâng cấp:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Trước khi nâng cấp lên phiên bản mới của trình phục vụ OpenLDAP, dữ liệu nằm "
+"trong các thư mục LDAP có thể được đổ vào tập tin nhập thô theo định dạng "
+"trao đổi dữ liệu LDAP tiêu chuẩn."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Chá»n mục “luôn luôn†thì gây ra các cÆ¡ sở dữ liệu bị đổ má»™t cách không Ä‘iá»u "
+"kiện trÆ°á»›c khi nâng cấp. Chá»n “khi cần thiết†thì chỉ đổ cÆ¡ sở dữ liệu nếu "
+"phiên bản mới không tương thích với định dạng cơ sở dữ liệu cũ và cần phải "
+"nhập lại nó. Còn chá»n “không bao giá»â€ thì không đổ gì."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Thư mục dùng để đổ cơ sở dữ liệu:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Ghi rõ tên thư mục vào đó cần xuất các cơ sở dữ liệu LDAP. Trong thư mục này "
+"thì tạo vài tập tin LDIF tương ứng với những cơ bản tìm kiếm nằm trên máy "
+"phục vụ. Hãy kiểm tra xem vẫn có đủ sức chứa trống trong phân vùng đó. Lần "
+"đầu tiên gặp chuỗi “VERSION†(phiên bản) thì được thay thế bằng phiên bản từ "
+"đó bạn đang nâng cấp."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Di chuyển cơ sở dữ liệu cũ?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Vẫn còn có một số tập tin nằm trong thư mục “/var/lib/ldap†mà rất có thể "
+"làm há»ng tiến trình cấu hình. Bật tùy chá»n này thì văn lệnh bảo trì chuyển "
+"các tập tin cơ sở dữ liệu ra trước khi tạo một cơ sở dữ liệu mới."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Thử cấu hình lại?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Bạn đã nhập má»™t cấu hình không hợp lệ. Hãy kiểm tra lại tên miá»n DNS có cú "
+"pháp đúng, không bá» trống trÆ°á»ng tổ chức, và có hai mật khẩu quản lý trùng "
+"nhau. Nếu bạn quyết định không nên thử lại làm bước cấu hình thì không cài "
+"đặt trình phục vụ LDAP. Muốn thử lại vỠsau thì chạy lệnh cấu hình lại “dpkg-"
+"reconfigure slapdâ€."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Tên miá»n DNS:"
+
+# The DNS domain name is used to construct the base DN of your LDAP
+# directory. Entering foo.bar.org will give you the base DN dc=foo, dc=bar,
+# dc=org.
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Tên miá»n DNS được dùng để cấu trúc tên miá»n cÆ¡ bản của thÆ° mục LDAP. Chẳng "
+"hạn, “foo.thí_dụ.org†sẽ tạo thư mục có “dc=foo, dc=thí_dụ, dc=org†là tên "
+"miá»n cÆ¡ bản."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Tên tổ chức:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Hãy nhập tên của tổ chức cần dùng trong tên miá»n cÆ¡ bản của thÆ° mục LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Mật khẩu quản trị:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Hãy nhập mật khẩu cho mục nhập quản trị trong thư mục LDAP của bạn."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Xác nhận mật khẩu:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Hãy nhập lại mật khẩu quản trị cho thư mục LDAP để xác nhận lại bạn đã gõ "
+"đúng."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Mật khẩu không khớp"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Bạn đã gõ hai mật khẩu khác nhau. Hãy thử lại."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Khi tẩy gói phần má»m slapd, bạn có muốn xóa bá» cÆ¡ sở dữ liệu Ä‘i không?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat gặp lỗi trong khi nâng cấp"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Gặp lỗi trong khi nâng cấp thư mục LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Chương trình “slapcat†bị lỗi trong khi giải nén thư mục LDAP. Có thể do một "
+"tập tin cấu hình sai (v.d. thiếu dòng “moduleload†để hỗ trợ cơ sở dữ liệu "
+"ứng dụng chạy phía sau)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Lỗi này cũng sẽ là nguyên nhân làm cho tiến trình “slapadd†thất bại vỠsau. "
+"Các tập tin cÆ¡ sở dữ liệu cÅ© sẽ được di chuyển vào thÆ° mục “/var/backupsâ€. "
+"Muốn thử lại tiến trình nâng cấp thì bạn nên di chuyển các tập tin cơ sở dữ "
+"liệu cũ vỠnơi gốc, sửa chữa những gì làm cho slapcat bị lỗi, và chạy câu "
+"lệnh:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Sau đó, hãy di chuyển các tập tin cơ sở dữ liệu sang một vùng sao lưu, và "
+"thá»­ chạy trình slapadd từ vị trí “${location}â€."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid "Database backend to use:"
+msgstr "Ứng dụng chạy cơ sở dữ liệu cần dùng:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"HDB and BDB use similar storage formats, but HDB adds support for subtree "
+"renames. Both support the same configuration options."
+msgstr ""
+"HDB và BDB dùng định dạng lưu trữ tương tự nhau, nhưng HDB thêm hỗ trợ để "
+"thay đổi tên của cây con. Cả hai há»— trợ cùng những tùy chá»n cấu hình."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The MDB backend is recommended. MDB uses a new storage format and requires "
+"less configuration than BDB or HDB."
+msgstr ""
+"Khuyên bạn dùng ứng dụng chạy phía sau MDB. MDB dùng định dạng lưu trữ mới "
+"và phần cấu hình cũng ít hơn là BDB hay HDB."
+
+# The BDB backend is the recommended choice of the OpenLDAP developers.
+# When using the BDB backend make sure that you configure the underlying
+# database for your requirements. Look into /usr/share/doc/slapd/README.
+# DB_CONFIG.gz
+#. Type: select
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"In any case, you should review the resulting database configuration for your "
+"needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr ""
+"Trong má»—i trÆ°á»ng hợp, bạn nên xem lại cấu hình cÆ¡ sở dữ liệu kết quả có "
+"thích hợp vá»›i nhu cầu của bạn. Xem tài liệu Äá»c Äi “/usr/share/doc/slapd/"
+"README.DB_CONFIG.gz†để tìm chi tiết."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "Potentially unsafe slapd access control configuration"
+msgstr "Cấu hình Ä‘iá»u khiển truy cập slapd tiá»m ẩn sá»± thiếu an toàn"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid ""
+"One or more of the configured databases has an access control rule that "
+"allows users to modify most of their own attributes. This may be unsafe, "
+"depending on how the database is used."
+msgstr ""
+"Có má»™t hay hÆ¡n cÆ¡ sở dữ liệu cấu hình có chứa quy tắc Ä‘iá»u khiển truy cập mà "
+"nó lại cho phép ngÆ°á»i dùng sá»­a đổi phần lá»›n các thuá»™c tính mà há» sở hữu. NhÆ° "
+"vậy là thiếu an toàn, còn tùy thuộc vào cơ sở dữ liệu dùng để làm gì."
+
+#. Type: note
+#. Description
+#. Translators: keep "by self write" and "to *" unchanged. These are part
+#. of the slapd configuration and are not translatable.
+#: ../slapd.templates:16001
+msgid ""
+"In the case of slapd access rules that begin with \"to *\", it is "
+"recommended to remove any instances of \"by self write\", so that users are "
+"only able to modify specifically allowed attributes."
+msgstr ""
+"Trong trÆ°á»ng hợp quy tắc truy cập slapd mà bắt đầu bằng \"to *\", khuyên bạn "
+"nên xóa bá» má»i thá»±c thể \"by self write\", nhÆ° thế ngÆ°á»i dùng chỉ có thể sá»­a "
+"các thuộc tính cho phép đã chỉ ra."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:16001
+msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+msgstr "Äá»c /usr/share/doc/slapd/README.Debian.gz để biết thêm chi tiết."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "abort installation"
+msgstr "hủy bỠcài đặt"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:17001
+msgid "continue regardless"
+msgstr "vẫn tiếp tục"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid "Manual ppolicy schema update recommended"
+msgstr "Khuyến khích cập nhật lược đồ ppolicy"
+
+#. Type: select
+#. Description
+#. "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#: ../slapd.templates:17002
+msgid ""
+"The new version of the Password Policy (ppolicy) overlay requires the schema "
+"to define the pwdMaxRecordedFailure attribute type, which is not present in "
+"the schema currently in use. It is recommended to abort the upgrade now, and "
+"to update the ppolicy schema before upgrading slapd. If replication is in "
+"use, the schema update should be applied on every server before continuing "
+"with the upgrade."
+msgstr ""
+"Phiên bản mới của overlay Chính sách Mật khẩu (ppolicy) cần lược đồ để định "
+"nghĩa kiểu thuộc tính pwdMaxRecordedFailure, cái mà không hiện diện trong "
+"lược đồ hiện đang dùng. Khuyến khích bạn bây giỠbãi bỠnâng cấp, và cập "
+"nhật lược đồ trước khi nâng cấp slapd. Nếu bản sao đang dùng, cập nhật lược "
+"đồ có thể được áp dụng cho má»i máy phục vụ trÆ°á»›c khi tiếp tục vá»›i nâng cấp."
+
+#. Type: select
+#. Description
+#. This paragraph is followed by the path to the generated file (not
+#. translatable). The sentence continues in the following paragraph.
+#: ../slapd.templates:17002
+msgid ""
+"An LDIF file has been generated with the changes required for the upgrade:"
+msgstr "Một tập tin LDIF đã được tạo với các thay đổi theo yêu cầu cập nhật:"
+
+#. Type: select
+#. Description
+#. This paragraph continues the sentence started in the previous
+#. paragraph. It is followed by a command line.
+#: ../slapd.templates:17002
+msgid ""
+"so if slapd is using the default access control rules, these changes can be "
+"applied (after starting slapd) by using the command:"
+msgstr ""
+"nhÆ° vậy nếu slapd Ä‘ang sá»­ dụng các quy tắc Ä‘iá»u khiển truy cập mặc định, "
+"những thay đổi có thể được áp dụng (sau khi khởi động slapd) bằng cách dùng "
+"lệnh:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:17002
+msgid ""
+"If instead you choose to continue the installation, the new attribute type "
+"will be added automatically, but the change will not be acted on by slapd "
+"overlays, and replication with other servers may be affected."
+msgstr ""
+"Nếu thay vào đó bạn chá»n tiếp tục cài đặt, kiểu thuá»™c tính má»›i sẽ được thêm "
+"một cách tự động, nhưng thay đổi sẽ không được thực hiện trên các overlay "
+"slapd, và bản sao với các máy phục vụ khác có thể chịu tác động."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Cho phép giao thức LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Giao thức LDAPv2 (phiên bản 2) cũ bị tắt theo mặc định trong slapd. Các "
+#~ "chÆ°Æ¡ng trình và ngÆ°á»i dùng Ä‘á»u nên nâng cấp lên LDAPv3 (phiên bản 3). Có "
+#~ "chÆ°Æ¡ng trình cÅ© không thể dùng LDAPv3 thì bạn nên bật tùy chá»n này và "
+#~ "thêm chuá»—i “allow bind_v2†vào tập tin cấu hình “slapd.confâ€."
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..b6283e2
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,226 @@
+#!/usr/bin/make -f
+
+# Set this variable if you're building packages outside of Debian and don't
+# want the checks for DFSG-freeness.
+#DFSG_NONFREE = 1
+
+export DEB_CFLAGS_MAINT_APPEND := -Wall -Wno-format-extra-args -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
+export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow
+
+# Workaround for bad glibc behavior when resolving localhost
+export RESOLV_MULTI = off
+
+DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
+DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH)
+
+CONFIG = $(shell grep -v "^\#" debian/configure.options)
+ifeq ($(DEB_HOST_ARCH_OS),hurd)
+ CONFIG += --disable-bdb --disable-hdb --disable-mdb
+endif
+ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ CONFIG += --disable-slapd
+endif
+
+CONTRIB_MODULES = autogroup lastbind passwd passwd/pbkdf2 passwd/sha2 smbk5pwd
+
+# Ensure CC is set correctly for cross builds, unless it has already
+# been set explicitly.
+ifeq ($(origin CC),default)
+ export CC := $(DEB_HOST_GNU_TYPE)-gcc
+endif
+
+installdir := $(CURDIR)/debian/tmp
+builddir := $(CURDIR)/debian/build
+slapddir := $(CURDIR)/debian/slapd/usr/sbin
+
+MAKEVARS := STRIP=
+
+# Standard variables used in contrib Makefiles.
+# We override these in make invocations rather than patch every one.
+CONTRIB_MAKEVARS := \
+ LDAP_BUILD='$(builddir)' \
+ prefix=/usr \
+ ldap_subdir=/ldap \
+ moduledir='$$(libdir)$$(ldap_subdir)'
+
+# These variables are used only by get-orig-source, which will normally only
+# be run by maintainers.
+VERSION = $(shell dpkg-parsechangelog |grep Version| sed 's/.*: //;s/\+dfsg//;s/-.*//')
+URL = http://www.openldap.org/software/download/OpenLDAP/openldap-release/
+
+# Download the upstream source and make changes as required for DFSG reasons.
+# Assumes wget is available, as this is generally only used by the package
+# maintainers.
+get-orig-source:
+ @if [ ! -d "debian/schema" ] ; then \
+ echo 'Run this from the top directory of the Debian source' >&2; \
+ exit 1; \
+ fi
+ wget $(URL)/openldap-$(VERSION).tgz
+ tar xzf openldap-$(VERSION).tgz
+ rm -r openldap-$(VERSION)/doc/drafts
+ rm -r openldap-$(VERSION)/doc/rfc
+ set -e; for schema in debian/schema/*.schema debian/schema/*.ldif ; do \
+ file=`basename "$$schema"`; \
+ rm openldap-$(VERSION)/servers/slapd/schema/$$file; \
+ done
+ mv openldap-$(VERSION) openldap-$(VERSION)+dfsg
+ tar cf openldap_$(VERSION)+dfsg.orig.tar openldap-$(VERSION)+dfsg
+ rm -r openldap-$(VERSION)+dfsg
+ gzip -9 openldap_$(VERSION)+dfsg.orig.tar
+
+DH = dh $@ --builddirectory=$(builddir)
+.PHONY: build
+build:
+ $(DH)
+%:
+ $(DH)
+
+# Only contrib/ldapc++ uses Automake, so special care is needed to update
+# config.guess and config.sub at the top level.
+autoreconf:
+ autoreconf -f -i . contrib/ldapc++
+ cp -f /usr/share/misc/config.guess /usr/share/misc/config.sub build/
+
+override_dh_autoreconf:
+ dh_autoreconf debian/rules -- autoreconf
+
+override_dh_auto_configure:
+ # Check if we include the RFCs, Internet-Drafts, or upstream schemas
+ # with RFC text (which are non DFSG-free). You can set DFSG_NONFREE
+ # to build the packages from the unchanged upstream sources but Debian
+ # can not ship the RFCs in main so this test is here to make sure it
+ # does not get in by accident again. -- Torsten
+ if [ -z "$(DFSG_NONFREE)" ]; then \
+ if [ -e doc/drafts ] || [ -e doc/rfc ]; then exit 1; fi; \
+ if [ -e servers/slapd/schema/core.schema ] \
+ && grep -q 'RFC 4519 definition' servers/slapd/schema/core.schema; \
+ then \
+ exit 1; \
+ fi; \
+ fi
+
+ # Copy our stripped schema versions into where upstream expects them.
+ if [ -z "$(DFSG_NONFREE)" ]; then \
+ cp debian/schema/*.schema debian/schema/*.ldif \
+ servers/slapd/schema/; \
+ fi
+
+ dh_auto_configure -- $(CONFIG)
+
+override_dh_auto_build:
+ dh_auto_build -- $(MAKEVARS)
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ for mod in $(CONTRIB_MODULES); do \
+ dh_auto_build -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) || exit $$?; \
+ done
+endif
+
+override_dh_auto_test:
+ifeq ($(DEB_HOST_ARCH),ppc64el)
+ # Disable test060-mt-host on ppc64el until #866122 is fixed.
+ rm -f tests/scripts/test060-mt-hot
+endif
+ dh_auto_test
+
+override_dh_auto_install:
+ dh_auto_install -- $(MAKEVARS)
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ for mod in $(CONTRIB_MODULES); do \
+ dh_auto_install -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) || exit $$?; \
+ done
+
+ # Empty the dependency_libs file in the .la files.
+ for F in $(installdir)/usr/lib/ldap/*.la; do \
+ sed -i "s/^dependency_libs=.*/dependency_libs=''/" $$F; \
+ done
+endif
+
+ # Check all built libraries for unresolved symbols except for the
+ # libslapi library. It is a special case since the SLAPI interface
+ # depends on symbols defined in slapd itself. Those symbols will
+ # remain unresolved until the plugin is loaded into slapd.
+ for F in $(installdir)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.*.*.*; do \
+ if echo "$$F" | grep -q libslapi ; then \
+ continue; \
+ fi; \
+ if LD_LIBRARY_PATH=$(installdir)/usr/lib/$(DEB_HOST_MULTIARCH) ldd -d -r $$F 2>&1 | grep '^undefined symbol:'; then \
+ echo; \
+ echo "library $$F has undefined references. Please fix this before continuing."; \
+ exit 1; \
+ fi; \
+ done
+
+ # Upstream manpages are section 8C but installed as section 8
+ find $(installdir)/usr/share/man -name \*.8 \
+ | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
+
+override_dh_installinit:
+ dh_installinit -- "defaults 19 80"
+
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+override_dh_installman:
+ dh_installman
+ rm -f $(CURDIR)/debian/slapd/usr/share/man/man5/slapo-smbk5pwd.*
+
+override_dh_fixperms-arch:
+ dh_fixperms
+ chmod +x $(CURDIR)/debian/slapd/usr/share/slapd/ldiftopasswd
+endif
+
+override_dh_strip:
+ dh_strip -plibldap-2.4-2 --dbgsym-migration='libldap-2.4-2-dbg (<< 2.4.45+dfsg-1~)'
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ dh_strip -pslapd --dbgsym-migration='slapd-dbg (<< 2.4.45+dfsg-1~)'
+endif
+ dh_strip --remaining-packages
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ # hardlink these so not confined by apparmor; do this here and not
+ # in dh_link so that dh_strip doesn't get confused and put the wrong
+ # binary in the debug package.
+ for f in slapacl slapadd slapauth slapcat slapdn slapindex slappasswd slaptest slapschema ; do \
+ ln -f $(slapddir)/slapd $(slapddir)/$$f ; \
+ done
+endif
+
+override_dh_link:
+ for pkg in libldap2-dev libldap-2.4-2; do \
+ sed -e"s/\$${DEB_HOST_MULTIARCH}/$(DEB_HOST_MULTIARCH)/g" < debian/$$pkg.links.in > debian/$$pkg.links; \
+ done
+ dh_link
+
+override_dh_makeshlibs:
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ echo "slapd:Provides=$$(objdump -p debian/slapd/usr/lib/$(DEB_HOST_MULTIARCH)/libslapi-*.so.* \
+ | sed -ne '/SONAME/ { s/[[:space:]]*SONAME[[:space:]]*//; \
+ s/\.so\./-/; p; q }' \
+ )" >> debian/slapd.substvars
+ dh_makeshlibs -pslapd -X/usr/lib/ldap/ -V "$$(sed -ne's/slapd:Provides=//p' debian/slapd.substvars)"
+endif
+ dh_makeshlibs --remaining-packages
+
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+override_dh_installdeb:
+ dh_installdeb
+ perl -w debian/dh_installscripts-common -p slapd
+endif
+
+override_dh_auto_clean:
+ dh_auto_clean
+ # Update translation templates for debconf
+ debconf-updatepo
+ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
+ # Remove our stripped schema from the upstream source area.
+ if [ -z "$(DFSG_NONFREE)" ]; then \
+ set -e; for s in debian/schema/*.schema debian/schema/*.ldif; do \
+ rm -f servers/slapd/schema/`basename $$s`; \
+ done; \
+ fi
+
+ # Clean the contrib directory
+ for mod in $(CONTRIB_MODULES); do \
+ dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \
+ done
+endif
diff --git a/debian/schema/README b/debian/schema/README
new file mode 100644
index 0000000..e601c45
--- /dev/null
+++ b/debian/schema/README
@@ -0,0 +1,15 @@
+This directory contains stripped versions of schema files that the
+OpenLDAP distribution includes in servers/slapd/schema. The original
+versions as distributed upstream contain text from the RFCs embedded as
+comments, and that text is covered by the Internet Society license which
+does not meet the Debian Free Software Guidelines. (It doesn't permit
+creation and distribution of modified versions.) Accordingly, Debian
+cannot include the original versions of these files in Debian packages.
+
+Instead, in this directory are equivalent versions of those files with all
+of the text taken from IETF RFCs or Internet-Drafts removed and only the
+functional schema definition retained.
+
+Where possible, the schema files as distributed by the OpenLDAP project
+are retained. This is only done where RFC or Internet-Draft text is
+embedded in the schema file and covered by the Internet Society license.
diff --git a/debian/schema/collective.schema b/debian/schema/collective.schema
new file mode 100644
index 0000000..c3dc1a1
--- /dev/null
+++ b/debian/schema/collective.schema
@@ -0,0 +1,65 @@
+# collective.schema -- Collective attribute schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.2 2007/08/31 23:14:06 quanah Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 3671, at (among other
+# places): http://www.ietf.org/rfc/rfc3671.txt
+
+attributeType ( 2.5.4.7.1 NAME 'c-l'
+ SUP l COLLECTIVE )
+
+attributeType ( 2.5.4.8.1 NAME 'c-st'
+ SUP st COLLECTIVE )
+
+attributeType ( 2.5.4.9.1 NAME 'c-street'
+ SUP street COLLECTIVE )
+
+attributeType ( 2.5.4.10.1 NAME 'c-o'
+ SUP o COLLECTIVE )
+
+attributeType ( 2.5.4.11.1 NAME 'c-ou'
+ SUP ou COLLECTIVE )
+
+attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
+ SUP postalAddress COLLECTIVE )
+
+attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
+ SUP postalCode COLLECTIVE )
+
+attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
+ SUP postOfficeBox COLLECTIVE )
+
+attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
+ SUP physicalDeliveryOfficeName COLLECTIVE )
+
+attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
+ SUP telephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
+ SUP telexNumber COLLECTIVE )
+
+attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
+ SUP facsimileTelephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
+ SUP internationalISDNNumber COLLECTIVE )
+
diff --git a/debian/schema/compare-schema b/debian/schema/compare-schema
new file mode 100755
index 0000000..ce6b80c
--- /dev/null
+++ b/debian/schema/compare-schema
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Compare the stripped versions of the schema with the unmodified versions
+# from the source as distributed upstream and find any non-comment changes
+# so that our stripped versions can be updated.
+#
+# Takes the directory containing our stripped schema and the directory
+# containing the upstream schema. Uses the first directory as a working
+# area.
+
+set -e
+
+ours="$1"
+theirs="$2"
+if [ -z "$ours" ] || [ -z "$theirs" ] ; then
+ echo 'Usage: compare-schema <debian-schema-dir> <openldap-schema-dir>' >&2
+ exit 1
+fi
+
+cd $ours
+for schema in *.schema *.ldif ; do
+ grep -v '^#' "$schema" | grep -v '^ *$' > "${schema}.debian"
+ grep -v '^#' "$theirs/$schema" | grep -v '^ *$' > "${schema}.upstream"
+ diff -u "${schema}.debian" "${schema}.upstream"
+ rm "${schema}.debian" "${schema}.upstream"
+done
diff --git a/debian/schema/corba.schema b/debian/schema/corba.schema
new file mode 100644
index 0000000..918e9df
--- /dev/null
+++ b/debian/schema/corba.schema
@@ -0,0 +1,61 @@
+# corba.schema -- Corba Object Schema
+# depends upon core.schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2714, at (among other
+# places): http://www.ietf.org/rfc/rfc2714.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
+ NAME 'corbaIor'
+ DESC 'Stringified interoperable object reference of a CORBA object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
+ NAME 'corbaRepositoryId'
+ DESC 'Repository ids of interfaces implemented by a CORBA object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
+ NAME 'corbaContainer'
+ DESC 'Container for a CORBA object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
+ NAME 'corbaObject'
+ DESC 'CORBA object representation'
+ SUP top
+ ABSTRACT
+ MAY ( corbaRepositoryId $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
+ NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference'
+ SUP corbaObject
+ AUXILIARY
+ MUST corbaIor )
diff --git a/debian/schema/core.ldif b/debian/schema/core.ldif
new file mode 100644
index 0000000..cc1811f
--- /dev/null
+++ b/debian/schema/core.ldif
@@ -0,0 +1,603 @@
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2003).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+#
+#
+# Standard attribute types from RFC 2256
+#
+dn: cn=core,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: core
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+#
+olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+#
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+#
+# Deprecated by enhancedSearchGuide
+olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+#
+olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+#
+olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+#
+olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+#
+olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+#
+olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+#
+olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+#
+olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+#
+olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+olcAttributeTypes: ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be stored and requested in the binary form
+olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+#
+# 2.5.4.41 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+#
+olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+#
+olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+#
+olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+#
+# 2.5.4.49 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+#
+olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+#
+olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+#
+# Standard object classes from RFC2256
+#
+# system schema
+#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+#
+olcObjectClasses: ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+#
+olcObjectClasses: ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+#
+olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+#
+olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+#
+olcObjectClasses: ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+#
+olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+#
+olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+#
+olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+#
+# Object Classes from RFC 2587
+#
+olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+#
+olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+#
+olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+#
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ MAY ( labeledURI )
+ SUP top AUXILIARY )
+#
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+#
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+#
+olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+#
+# RFC 1274 + RFC 2247
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+#
+# RFC 2247
+olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+#
+# RFC 2377
+olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+#
+# From COSINE Pilot
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+#
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+olcAttributeTypes: ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+#
diff --git a/debian/schema/core.schema b/debian/schema/core.schema
new file mode 100644
index 0000000..cf0968a
--- /dev/null
+++ b/debian/schema/core.schema
@@ -0,0 +1,622 @@
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+# RFC 4524 (associatedDomain)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+
+#
+# Standard attribute types from RFC 2256
+#
+
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+
+#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+# DESC 'RFC2256: ISO-3166 country 2-letter code'
+# SUP name SINGLE-VALUE )
+
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Deprecated by enhancedSearchGuide
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attributetype ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be stored and requested in the binary form
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# system schema
+#attributetype ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# system schema
+#attributetype ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attributetype ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+
+# Standard object classes from RFC2256
+
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+# DESC 'RFC2256: top of the superclass chain'
+# ABSTRACT
+# MUST objectClass )
+
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+objectclass ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+
+objectclass ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+#
+# Object Classes from RFC 2587
+#
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ SUP top AUXILIARY
+ MAY ( labeledURI ) )
+
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#attributetype ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+# RFC 1274 + RFC 2247
+attributetype ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC 2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+
+# RFC 2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+
+# RFC 4524
+# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
+# host names [RFC1123] that are associated with an object. That is,
+# values of this attribute should conform to the following ABNF:
+#
+# domain = root / label *( DOT label )
+# root = SPACE
+# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
+# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
+# SPACE = %x20 ; space (" ")
+# HYPHEN = %x2D ; hyphen ("-")
+# DOT = %x2E ; period (".")
+attributetype ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
diff --git a/debian/schema/cosine.schema b/debian/schema/cosine.schema
new file mode 100644
index 0000000..a0f5ae2
--- /dev/null
+++ b/debian/schema/cosine.schema
@@ -0,0 +1,404 @@
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.schema
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 1274, at (among other
+# places): http://www.ietf.org/rfc/rfc1274.txt
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+## EQUALITY caseIgnoreMatch
+## SUBSTR caseIgnoreSubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+ DESC 'RFC1274: general information'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+attributetype ( 0.9.2342.19200300.100.1.5
+ NAME ( 'drink' 'favouriteDrink' )
+ DESC 'RFC1274: favorite drink'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ DESC 'RFC1274: room number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+ DESC 'RFC1274: photo (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ DESC 'RFC1274: category of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ DESC 'RFC1274: host computer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ DESC 'RFC1274: DN of manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ DESC 'RFC1274: unique identifier of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ DESC 'RFC1274: title of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ DESC 'RFC1274: version of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ DESC 'RFC1274: DN of author of document'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ DESC 'RFC1274: location of document original'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.20
+ NAME ( 'homePhone' 'homeTelephoneNumber' )
+ DESC 'RFC1274: home telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ DESC 'RFC1274: DN of secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
+
+## Deprecated in favor of modifyTimeStamp
+#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
+# OBSOLETE
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
+# USAGE directoryOperation )
+
+## Deprecated in favor of modifiersName
+#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+# DESC 'RFC1274: last modifier, replaced by modifiersName'
+# OBSOLETE
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# USAGE directoryOperation )
+
+##(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## missing from RFC1274
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+# EQUALITY caseIgnoreIA5Match
+# SUBSTR caseIgnoreIA5SubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+ DESC 'RFC1274: DN of entry associated with domain'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ DESC 'RFC1274: home postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ DESC 'RFC1274: personal title'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.41
+ NAME ( 'mobile' 'mobileTelephoneNumber' )
+ DESC 'RFC1274: mobile telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.42
+ NAME ( 'pager' 'pagerTelephoneNumber' )
+ DESC 'RFC1274: pager telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.43
+ NAME ( 'co' 'friendlyCountryName' )
+ DESC 'RFC1274: friendly country name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ DESC 'RFC1274: unique identifer'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ DESC 'RFC1274: organizational status'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+ DESC 'RFC1274: Janet mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.47
+ NAME 'mailPreferenceOption'
+ DESC 'RFC1274: mail preference option'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+ DESC 'RFC1274: name of building'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+ DESC 'RFC1274: DSA Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+ DESC 'RFC1274: Subtree Mininum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+ DESC 'RFC1274: Subtree Maximun Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ DESC 'RFC1274: Personal Signature (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
+
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+ DESC 'RFC1274: DIT Redirect'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+ DESC 'RFC1274: audio (u-law)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ DESC 'RFC1274: publisher of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
+# DESC 'RFC1274: pilot object'
+# SUP top AUXILIARY
+# MAY ( info $ photo $ manager $ uniqueIdentifier $
+# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
+# )
+
+objectclass ( 0.9.2342.19200300.100.4.4
+ NAME ( 'pilotPerson' 'newPilotPerson' )
+ SUP person STRUCTURAL
+ MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
+ favouriteDrink $ roomNumber $ userClass $
+ homeTelephoneNumber $ homePostalAddress $ secretary $
+ personalTitle $ preferredDeliveryMethod $ businessCategory $
+ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+ pagerTelephoneNumber $ organizationalStatus $
+ mailPreferenceOption $ personalSignature )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+ SUP top STRUCTURAL
+ MUST userid
+ MAY ( description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $ host )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+ SUP top STRUCTURAL
+ MUST documentIdentifier
+ MAY ( commonName $ description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $
+ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( description $ seeAlso $ telephonenumber $
+ localityName $ organizationName $ organizationalUnitName )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+ MUST domainComponent
+ MAY ( associatedName $ organizationName $ description $
+ businessCategory $ seeAlso $ searchGuide $ userPassword $
+ localityName $ stateOrProvinceName $ streetAddress $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+ SUP domain STRUCTURAL
+ MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $
+ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+ SUP domain STRUCTURAL
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+ SUP country STRUCTURAL
+ MUST friendlyCountryName )
+
+## (in core.schema)
+## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+## SUP top AUXILIARY
+## MUST userPassword )
+
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) STRUCTURAL
+ MAY buildingName )
+
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+ SUP dsa STRUCTURAL
+ MAY dSAQuality )
+
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY
+ MUST dsaQuality
+ MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
+ )
diff --git a/debian/schema/duaconf.schema b/debian/schema/duaconf.schema
new file mode 100644
index 0000000..8c1683f
--- /dev/null
+++ b/debian/schema/duaconf.schema
@@ -0,0 +1,153 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# DUA schema from draft-joslin-config-schema (a work in progress)
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+## Notes:
+## - The matching rule for attributes followReferrals and dereferenceAliases
+## has been changed to booleanMatch since their syntax is boolean
+## - There was a typo in the name of the dereferenceAliases attributeType
+## in the DUAConfigProfile objectClass definition
+## - Credit goes to the original Authors
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the text
+# of the Internet-Draft.
+#
+# For an explanation of this schema, see
+# draft-joslin-config-schema-07.txt.
+
+objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
+
+attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
+ DESC 'Default LDAP server host address used by a DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
+ DESC 'Default LDAP base DN used by a DUA'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
+ DESC 'Preferred LDAP server host addresses to be used by a
+ DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for a
+ search to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for the
+ bind operation to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
+ DESC 'Tells DUA if it should follow referrals
+ returned by a DSA search result'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
+ DESC 'Tells DUA if it should dereference aliases'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
+ DESC 'A keystring which identifies the type of
+ authentication method used to contact the DSA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
+ DESC 'Time to live, in seconds, before a client DUA
+ should re-read this configuration profile'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
+ DESC 'LDAP search descriptor list used by a DUA'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
+ DESC 'Attribute mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
+ DESC 'Identifies type of credentials a DUA should
+ use when binding to the LDAP server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
+ DESC 'Objectclass mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
+ DESC 'Default search scope used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
+ DESC 'Identifies type of credentials a DUA
+ should use when binding to the LDAP server for a
+ specific service'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
+ DESC 'Authentication method used by a service of the DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
+ SUP top STRUCTURAL
+ DESC 'Abstraction of a base configuration for a DUA'
+ MUST ( cn )
+ MAY ( defaultServerList $ preferredServerList $
+ defaultSearchBase $ defaultSearchScope $
+ searchTimeLimit $ bindTimeLimit $
+ credentialLevel $ authenticationMethod $
+ followReferrals $ dereferenceAliases $
+ serviceSearchDescriptor $ serviceCredentialLevel $
+ serviceAuthenticationMethod $ objectclassMap $
+ attributeMap $ profileTTL ) )
diff --git a/debian/schema/inetorgperson.schema b/debian/schema/inetorgperson.schema
new file mode 100644
index 0000000..34c3bf8
--- /dev/null
+++ b/debian/schema/inetorgperson.schema
@@ -0,0 +1,113 @@
+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.schema)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.schema)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2798, at (among other
+# places): http://www.ietf.org/rfc/rfc2798.txt
+
+attributetype ( 2.16.840.1.113730.3.1.1
+ NAME 'carLicense'
+ DESC 'RFC2798: vehicle license or registration plate'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.2
+ NAME 'departmentNumber'
+ DESC 'RFC2798: identifies a department within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.241
+ NAME 'displayName'
+ DESC 'RFC2798: preferred name to be used when displaying entries'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.3
+ NAME 'employeeNumber'
+ DESC 'RFC2798: numerically identifies an employee within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.4
+ NAME 'employeeType'
+ DESC 'RFC2798: type of employment for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.60
+ NAME 'jpegPhoto'
+ DESC 'RFC2798: a JPEG image'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+attributetype ( 2.16.840.1.113730.3.1.39
+ NAME 'preferredLanguage'
+ DESC 'RFC2798: preferred written or spoken language for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+ NAME 'userSMIMECertificate'
+ DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+ NAME 'userPKCS12'
+ DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 )
+ )
diff --git a/debian/schema/java.schema b/debian/schema/java.schema
new file mode 100644
index 0000000..24c1f1b
--- /dev/null
+++ b/debian/schema/java.schema
@@ -0,0 +1,109 @@
+# java.schema -- Java Object Schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Java Object Schema (defined in RFC 2713)
+# depends upon core.schema
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2713, at (among other
+# places): http://www.ietf.org/rfc/rfc2713.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
+ NAME 'javaClassName'
+ DESC 'Fully qualified name of distinguished Java class or interface'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
+ NAME 'javaCodebase'
+ DESC 'URL(s) specifying the location of class definition'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
+ NAME 'javaClassNames'
+ DESC 'Fully qualified Java class or interface name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
+ NAME 'javaSerializedData'
+ DESC 'Serialized form of a Java object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
+ NAME 'javaFactory'
+ DESC 'Fully qualified Java class name of a JNDI object factory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
+ NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
+ NAME 'javaDoc'
+ DESC 'The Java documentation for the class'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
+ NAME 'javaContainer'
+ DESC 'Container for a Java object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
+ NAME 'javaObject'
+ DESC 'Java object representation'
+ SUP top
+ ABSTRACT
+ MUST javaClassName
+ MAY ( javaClassNames $ javaCodebase $
+ javaDoc $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
+ NAME 'javaSerializedObject'
+ DESC 'Java serialized object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
+ NAME 'javaMarshalledObject'
+ DESC 'Java marshalled object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
+ NAME 'javaNamingReference'
+ DESC 'JNDI reference'
+ SUP javaObject
+ AUXILIARY
+ MAY ( javaReferenceAddress $ javaFactory ) )
diff --git a/debian/schema/pmi.schema b/debian/schema/pmi.schema
new file mode 100644
index 0000000..bc3ca0b
--- /dev/null
+++ b/debian/schema/pmi.schema
@@ -0,0 +1,476 @@
+# OpenLDAP X.509 PMI schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# ITU X.509 (08/2005)
+#
+## X.509 (08/2005) pp. 120-121
+##
+## -- object identifier assignments --
+## -- object classes --
+## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
+## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
+## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
+## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
+## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
+## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
+## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
+## -- directory attributes --
+## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
+## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
+## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
+## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
+## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
+## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
+## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
+## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
+## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
+## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
+## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
+## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
+## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
+## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
+## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
+## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
+## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
+## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
+## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
+## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
+## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
+## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
+##
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+## role ATTRIBUTE ::= {
+## WITH SYNTAX RoleSyntax
+## ID id-at-role }
+## RoleSyntax ::= SEQUENCE {
+## roleAuthority [0] GeneralNames OPTIONAL,
+## roleName [1] GeneralName }
+##
+## 14.5 XML privilege information attribute
+## xmlPrivilegeInfo ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
+## ID id-at-xMLPrivilegeInfo }
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## pmiUser OBJECT-CLASS ::= {
+## -- a PMI user (i.e., a "holder")
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateAttribute}
+## ID id-oc-pmiUser }
+##
+## 17.1.2 PMI AA object class
+## pmiAA OBJECT-CLASS ::= {
+## -- a PMI AA
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {aACertificate |
+## attributeCertificateRevocationList |
+## attributeAuthorityRevocationList}
+## ID id-oc-pmiAA }
+##
+## 17.1.3 PMI SOA object class
+## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateRevocationList |
+## attributeAuthorityRevocationList |
+## attributeDescriptorCertificate}
+## ID id-oc-pmiSOA }
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+## attCertCRLDistributionPt OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { attributeCertificateRevocationList |
+## attributeAuthorityRevocationList }
+## ID id-oc-attCertCRLDistributionPts }
+##
+## 17.1.5 PMI delegation path
+## pmiDelegationPath OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { delegationPath }
+## ID id-oc-pmiDelegationPath }
+##
+## 17.1.6 Privilege policy object class
+## privilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {privPolicy }
+## ID id-oc-privilegePolicy }
+##
+## 17.1.7 Protected privilege policy object class
+## protectedPrivilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {protPrivPolicy }
+## ID id-oc-protectedPrivilegePolicy }
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+## attributeCertificateAttribute ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeCertificate }
+##
+## 17.2.2 AA certificate attribute
+## aACertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-aACertificate }
+##
+## 17.2.3 Attribute descriptor certificate attribute
+## attributeDescriptorCertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeDescriptorCertificate }
+##
+## 17.2.4 Attribute certificate revocation list attribute
+## attributeCertificateRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeCertificateRevocationList}
+##
+## 17.2.5 AA certificate revocation list attribute
+## attributeAuthorityRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeAuthorityRevocationList }
+##
+## 17.2.6 Delegation path attribute
+## delegationPath ATTRIBUTE ::= {
+## WITH SYNTAX AttCertPath
+## ID id-at-delegationPath }
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+## privPolicy ATTRIBUTE ::= {
+## WITH SYNTAX PolicySyntax
+## ID id-at-privPolicy }
+##
+## 17.2.8 Protected privilege policy attribute
+## protPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-protPrivPolicy }
+##
+## 17.2.9 XML Protected privilege policy attribute
+## xmlPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
+## ID id-at-xMLPprotPrivPolicy }
+##
+
+## -- object identifier assignments --
+## -- object classes --
+objectidentifier id-oc-pmiUser 2.5.6.24
+objectidentifier id-oc-pmiAA 2.5.6.25
+objectidentifier id-oc-pmiSOA 2.5.6.26
+objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
+objectidentifier id-oc-privilegePolicy 2.5.6.32
+objectidentifier id-oc-pmiDelegationPath 2.5.6.33
+objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
+## -- directory attributes --
+objectidentifier id-at-attributeCertificate 2.5.4.58
+objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
+objectidentifier id-at-aACertificate 2.5.4.61
+objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
+objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
+objectidentifier id-at-privPolicy 2.5.4.71
+objectidentifier id-at-role 2.5.4.72
+objectidentifier id-at-delegationPath 2.5.4.73
+objectidentifier id-at-protPrivPolicy 2.5.4.74
+objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
+objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+objectidentifier id-mr 2.5.13
+objectidentifier id-mr-attributeCertificateMatch id-mr:42
+objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
+objectidentifier id-mr-holderIssuerMatch id-mr:46
+objectidentifier id-mr-authAttIdMatch id-mr:53
+objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
+objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
+objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
+objectidentifier id-mr-timeSpecMatch id-mr:57
+objectidentifier id-mr-attDescriptorMatch id-mr:58
+objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
+objectidentifier id-mr-delegationPathMatch id-mr:61
+objectidentifier id-mr-sOAIdentifierMatch id-mr:66
+objectidentifier id-mr-indirectIssuerMatch id-mr:67
+## -- syntaxes --
+## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
+## to this work in progress
+objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
+objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
+objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
+objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
+objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
+# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
+#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
+#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
+#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
+#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
+##
+## Substitute syntaxes
+##
+## AttCertPath
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
+ NAME 'AttCertPath'
+ DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## PolicySyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
+ NAME 'PolicySyntax'
+ DESC 'X.509 PMI policy syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## RoleSyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
+ NAME 'RoleSyntax'
+ DESC 'X.509 PMI role syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+attributeType ( id-at-role
+ NAME 'role'
+ DESC 'X.509 Role attribute, use ;binary'
+ SYNTAX RoleSyntax )
+##
+## 14.5 XML privilege information attribute
+## -- contains XML-encoded privilege information
+attributeType ( id-at-xMLPrivilegeInfo
+ NAME 'xmlPrivilegeInfo'
+ DESC 'X.509 XML privilege information attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+attributeType ( id-at-attributeCertificate
+ NAME 'attributeCertificateAttribute'
+ DESC 'X.509 Attribute certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.2 AA certificate attribute
+attributeType ( id-at-aACertificate
+ NAME 'aACertificate'
+ DESC 'X.509 AA certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.3 Attribute descriptor certificate attribute
+attributeType ( id-at-attributeDescriptorCertificate
+ NAME 'attributeDescriptorCertificate'
+ DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.4 Attribute certificate revocation list attribute
+attributeType ( id-at-attributeCertificateRevocationList
+ NAME 'attributeCertificateRevocationList'
+ DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.5 AA certificate revocation list attribute
+attributeType ( id-at-attributeAuthorityRevocationList
+ NAME 'attributeAuthorityRevocationList'
+ DESC 'X.509 AA certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.6 Delegation path attribute
+attributeType ( id-at-delegationPath
+ NAME 'delegationPath'
+ DESC 'X.509 Delegation path attribute, use ;binary'
+ SYNTAX AttCertPath )
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+attributeType ( id-at-privPolicy
+ NAME 'privPolicy'
+ DESC 'X.509 Privilege policy attribute, use ;binary'
+ SYNTAX PolicySyntax )
+##
+## 17.2.8 Protected privilege policy attribute
+attributeType ( id-at-protPrivPolicy
+ NAME 'protPrivPolicy'
+ DESC 'X.509 Protected privilege policy attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.9 XML Protected privilege policy attribute
+## -- contains XML-encoded privilege policy information
+attributeType ( id-at-xMLPprotPrivPolicy
+ NAME 'xmlPrivPolicy'
+ DESC 'X.509 XML Protected privilege policy attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## -- a PMI user (i.e., a "holder")
+objectClass ( id-oc-pmiUser
+ NAME 'pmiUser'
+ DESC 'X.509 PMI user object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateAttribute ) )
+##
+## 17.1.2 PMI AA object class
+## -- a PMI AA
+objectClass ( id-oc-pmiAA
+ NAME 'pmiAA'
+ DESC 'X.509 PMI AA object class'
+ SUP top
+ AUXILIARY
+ MAY ( aACertificate $
+ attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.3 PMI SOA object class
+## -- a PMI Source of Authority
+objectClass ( id-oc-pmiSOA
+ NAME 'pmiSOA'
+ DESC 'X.509 PMI SOA object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList $
+ attributeDescriptorCertificate
+ ) )
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+objectClass ( id-oc-attCertCRLDistributionPts
+ NAME 'attCertCRLDistributionPt'
+ DESC 'X.509 Attribute certificate CRL distribution point object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.5 PMI delegation path
+objectClass ( id-oc-pmiDelegationPath
+ NAME 'pmiDelegationPath'
+ DESC 'X.509 PMI delegation path'
+ SUP top
+ AUXILIARY
+ MAY ( delegationPath ) )
+##
+## 17.1.6 Privilege policy object class
+objectClass ( id-oc-privilegePolicy
+ NAME 'privilegePolicy'
+ DESC 'X.509 Privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( privPolicy ) )
+##
+## 17.1.7 Protected privilege policy object class
+objectClass ( id-oc-protectedPrivilegePolicy
+ NAME 'protectedPrivilegePolicy'
+ DESC 'X.509 Protected privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( protPrivPolicy ) )
+
diff --git a/debian/schema/ppolicy.schema b/debian/schema/ppolicy.schema
new file mode 100644
index 0000000..3207658
--- /dev/null
+++ b/debian/schema/ppolicy.schema
@@ -0,0 +1,167 @@
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/ppolicy.schema,v 1.2.2.4 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2004-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (2004).
+## Please see full copyright statement below.
+
+# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
+# Password Policy for LDAP Directories
+# With extensions from Hewlett-Packard:
+# pwdCheckModule etc.
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the text
+# of the Internet-Draft.
+#
+# For an explanation of this schema, see
+# draft-behera-ldap-password-policy-08.txt.
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.1
+ NAME 'pwdAttribute'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.2
+ NAME 'pwdMinAge'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.3
+ NAME 'pwdMaxAge'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.4
+ NAME 'pwdInHistory'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.5
+ NAME 'pwdCheckQuality'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.6
+ NAME 'pwdMinLength'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.7
+ NAME 'pwdExpireWarning'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.8
+ NAME 'pwdGraceAuthNLimit'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.9
+ NAME 'pwdLockout'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.10
+ NAME 'pwdLockoutDuration'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.11
+ NAME 'pwdMaxFailure'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.12
+ NAME 'pwdFailureCountInterval'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.13
+ NAME 'pwdMustChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.14
+ NAME 'pwdAllowUserChange'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.15
+ NAME 'pwdSafeModify'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.8.1.30
+ NAME 'pwdMaxRecordedFailure'
+ EQUALITY integerMatch
+ ORDERING integerOrderingMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.4754.1.99.1
+ NAME 'pwdCheckModule'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ DESC 'Loadable module that instantiates check_password() function'
+ SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.4754.2.99.1
+ NAME 'pwdPolicyChecker'
+ SUP top
+ AUXILIARY
+ MAY ( pwdCheckModule ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1
+ NAME 'pwdPolicy'
+ SUP top
+ AUXILIARY
+ MUST ( pwdAttribute )
+ MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout
+ $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $
+ pwdMaxRecordedFailure ) )
diff --git a/debian/slapd-contrib.examples b/debian/slapd-contrib.examples
new file mode 100644
index 0000000..2db0324
--- /dev/null
+++ b/debian/slapd-contrib.examples
@@ -0,0 +1,2 @@
+contrib/slapd-modules/passwd/apr1-atol.pl
+contrib/slapd-modules/passwd/apr1-ltoa.pl
diff --git a/debian/slapd-contrib.install b/debian/slapd-contrib.install
new file mode 100644
index 0000000..20c9ac0
--- /dev/null
+++ b/debian/slapd-contrib.install
@@ -0,0 +1,8 @@
+usr/lib/ldap/pw-apr1.so*
+usr/lib/ldap/pw-apr1.la
+usr/lib/ldap/pw-netscape.so*
+usr/lib/ldap/pw-netscape.la
+usr/lib/ldap/pw-pbkdf2.so*
+usr/lib/ldap/pw-pbkdf2.la
+usr/lib/ldap/smbk5pwd.so*
+usr/lib/ldap/smbk5pwd.la
diff --git a/debian/slapd-contrib.lintian-overrides b/debian/slapd-contrib.lintian-overrides
new file mode 100644
index 0000000..fa931f0
--- /dev/null
+++ b/debian/slapd-contrib.lintian-overrides
@@ -0,0 +1,4 @@
+# #204975
+slapd-contrib: package-has-unnecessary-activation-of-ldconfig-trigger
+# rpath set by krb5-config.heimdal; #868840
+binary-or-shlib-defines-rpath usr/lib/ldap/smbk5pwd.so.0.0.0 /usr/lib/*/heimdal
diff --git a/debian/slapd-contrib.manpages b/debian/slapd-contrib.manpages
new file mode 100644
index 0000000..75021b6
--- /dev/null
+++ b/debian/slapd-contrib.manpages
@@ -0,0 +1,2 @@
+debian/slapo-pw-pbkdf2.5
+debian/tmp/usr/share/man/man5/slapo-smbk5pwd.5
diff --git a/debian/slapd.NEWS b/debian/slapd.NEWS
new file mode 100644
index 0000000..a3496b9
--- /dev/null
+++ b/debian/slapd.NEWS
@@ -0,0 +1,27 @@
+openldap (2.4.44+dfsg-1) unstable; urgency=medium
+
+ The slapd package no longer includes OpenSLP support. The
+ openslp-dfsg package is being retired due to lack of maintenance and
+ security concerns. Please see <https://bugs.debian.org/795428> for
+ more information.
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 15 Mar 2016 03:59:27 +0000
+
+openldap (2.4.23-3) unstable; urgency=low
+
+ The OpenLDAP packages in Debian now use the slapd.d LDIF-based
+ configuration model by default. Please see README.Debian for more
+ information.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 19 Jul 2010 10:48:19 +0200
+
+openldap2.3 (2.3.23-1) unstable; urgency=low
+
+ The Debian slapd package no longer includes support for the LDBM backend.
+ It has been disabled as a result of concerns over data loss and lack of
+ upstream support. For more information, see:
+ http://www.openldap.org/faq/index.cgi?_highlightWords=ldbm&file=756
+ The BDB backend is now the main backend to use. This backend is supported
+ upstream and has several fixes included for known problems.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sun, 26 Feb 2006 20:05:44 +0100
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
new file mode 100644
index 0000000..a5e307f
--- /dev/null
+++ b/debian/slapd.README.Debian
@@ -0,0 +1,281 @@
+Notes about Debian's slapd package
+----------------------------------
+
+ Please see the bottom of this file for the ways in which the Debian
+ OpenLDAP packages differ from the upstream OpenLDAP releases. Please
+ report any bugs that may be related to those changes to Debian via
+ reportbug and not to upstream; upstream is not responsible for changes
+ made in the Debian package.
+
+ In addition to the man pages shipped with this package, please consult
+ the OpenLDAP Admin Guide for more information, including configuration
+ examples for common use cases. <http://www.openldap.org/doc/admin24/>
+
+The OpenLDAP configuration
+
+ Since version 2.4.23-3 the configuration of OpenLDAP has been changed to
+ /etc/ldap/slapd.d by default. The OpenLDAP packages in Debian provide an
+ automatic migration to the new configuration style. With the new
+ configuration style it is possible to change values on the fly without
+ restarting slapd. Changes are made through the use of ldif files and
+ ldap{add,modify}. In Debian you can use the following command to search
+ the configuration:
+
+ ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
+
+ To modify configuration use the command:
+
+ ldapmodify -Y EXTERNAL -H ldapi:/// -f <file.ldif>
+
+ For configuration options see the several manpages that exist or the
+ documentation provided upstream.
+
+Using the MDB Backend
+
+ MDB is a new database backend using the LMDB library created by the
+ OpenLDAP developers. The MDB backend has fewer configuration
+ parameters than HDB/BDB and generally does not require hand tuning.
+
+ The database is stored in a sparse file with a specified maximum size.
+ The size should be set larger than the database is ever anticipated to
+ grow, but can be increased later if needed. When the MDB backend is
+ chosen during initial configuration, the Debian package configures the
+ automatically created database with a maximum size of 1 GiB.
+
+ The space currently used by the database can be found using du(1); for
+ example: du -h /var/lib/ldap/data.mdb
+
+Using BDB/HDB Backends
+
+ HDB was the recommended backend before MDB was developed. It's the
+ same as BDB but allows some additional operations.
+
+ slapd BDB and HDB backends rely on libdb to store data on your disks.
+ libdb uses a configuration file to tune database specific
+ parameters. This file is called DB_CONFIG, and should be created in each
+ directory containing one of your ldap databases, usually /var/lib/ldap.
+
+ It is VERY IMPORTANT to correctly setup a DB_CONFIG file. It is not
+ just a matter of performance: depending on the version of slapd and
+ libdb being used, your slapd may just hang and stop answering queries.
+
+ To correctly set up your DB_CONFIG file, please refer to
+ README.DB_CONFIG.gz in this directory.
+
+BerkeleyDB Version
+
+ slapd has been built against version 5.3.28 of BerkeleyDB.
+
+ slapd will automatically handle database recovery, so you generally do
+ not need the BerkeleyDB utilities. However, if you want to perform
+ other operations directly on the raw database without using the slapd
+ tools, install db5.3-util and use those BerkeleyDB utilities. Utilities
+ from other db*-util packages will not work correctly and may render the
+ database unusable by slapd.
+
+BerkeleyDB database format upgrades
+
+ When upgrading slapd to a new version where the Berkeley DB library's
+ storage format has changed, the database has to be backed up using
+ slapcat(8) before upgrading and restored using slapadd(8) afterwards.
+ Normally the maintainer scripts will handle this automatically,
+ performing the dump and restore as needed.
+
+ If, after upgrading, slapd fails to start and you see the message
+ "Program version doesn't match environment version" in syslog, then
+ the DB version may have changed without a dump and reload. This should
+ be reported as a bug in the slapd package. In this case you will have
+ to downgrade slapd to the previous version as the new tools are unable
+ to dump the old database, and the same error would prevent you from
+ upgrading to the fixed version. Old package versions can be
+ found at <http://snapshot.debian.org> if needed.
+
+Logging
+
+ slapd logs to the facility local4. If you want to direct slapd's logs to
+ a separate log file, add a line like:
+
+ local4.debug /var/log/slapd.log
+
+ to /etc/syslog.conf. You may also want to add ";local4.none" to the
+ catch-all entry that logs to /var/log/messages so that it doesn't
+ continue to receive slapd logs.
+
+SASL Configuration
+
+ To enable GSSAPI (Kerberos) authentication to slapd, install either the
+ libsasl2-modules-gssapi-mit or libsasl2-modules-gssapi-heimdal packages
+ depending on which Kerberos implementation you want to use.
+
+ SASL configuration files may be placed either in /usr/lib/sasl2 (the
+ standard path, but not a great place for configuration files) or in
+ /etc/ldap/sasl2. A SASL configuration file should be named after the
+ program that will use it. So, for instance, to configure SASL for
+ slapd, create a file named slapd.conf in /etc/ldap/sasl2 or in
+ /usr/lib/sasl2.
+
+TCP Wrappers
+
+ The Debian slapd package is compiled with TCP wrappers. This means that
+ you are able to restrict access to the LDAP server using /etc/hosts.deny
+ or /etc/hosts.allow.
+
+Running slapd under a Different UID/GID
+
+ By default, slapd runs as openldap in the openldap group. Keeping the
+ default is easiest. If for some reason you need to run slapd as a
+ different user:
+
+ - Create the user/group for slapd -- usually:
+
+ adduser --system --group <group> --disabled-login <user>
+
+ - Stop slapd:
+
+ /etc/init.d/slapd stop
+
+ - Tell slapd to run under a different UID by editing /etc/default/slapd
+ and setting SLAPD_USER and SLAPD_GROUP. (For example,
+ SLAPD_USER="ldap", SLAPD_GROUP="ldap")
+
+ - Tell linux slapd can access all database files -- usually:
+
+ chown -R <user>:<group> /var/lib/ldap
+
+ - Tell linux slapd can access configuration files -- usually:
+
+ chgrp <group> /etc/ldap/slapd.conf
+ chmod 0640 /etc/ldap/slapd.conf
+
+ - Tell linux slapd can access /var/run/slapd and write a PID file:
+
+ chgrp <group> /var/run/slapd
+ chmod 0770 /var/run/slapd
+
+ - Start slapd -- /etc/init.d/slapd start
+
+ Once you have done so, remember to always run any utilities that access
+ or update the database (such as slapadd) as the same user that slapd is
+ running as. If you forget, you will need to redo the chown noted above.
+
+If slapd Depends on Other Service
+
+ In the event that you are running slapd with a different back-end module
+ that depends on other programs (such as an SQL database) you may need to
+ adjust the runlevels of slapd to start after the SQL database.
+
+Creating NSS Flat Files from LDAP
+
+ If you have need to create passwd/shadow/etc files from an LDAP
+ directory there is now a script included with these Debian packages
+ which may help you. The script is in /usr/share/slapd/ and is named
+ ldiftopasswd. In general you should be able to do:
+
+ ldapsearch | ldiftopasswd
+
+ and it will generate the files for you. You will need appropriate
+ privileges, of course, and appropriate arguments to ldapsearch.
+
+Modifications Compared to Upstream
+
+ Compared to stock OpenLDAP as shipped by the OpenLDAP project, the
+ Debian packages make the following modifications. If you see any
+ problems caused by or related to these modifications, please report them
+ via the Debian bug tracking system using reportbug, not to the OpenLDAP
+ project.
+
+ * The only LDAP library installed is libldap_r, which in the upstream
+ release is only used for slapd, and libldap is a symlink to it. This
+ library has thread safety for use with slapd, but that thread safety
+ is not checked for any application other than slapd by upstream.
+ Upstream does not support using libldap_r for programs other than
+ slapd. The current library installation strategy in the Debian
+ packages is an attempt to deal with problems caused by symbol
+ conflicts between libldap and libldap_r when both are pulled in by the
+ same process (most commonly by libnss-ldap) and the number of packages
+ that use libldap in threaded code expecting thread safety.
+
+ * libldap and libber have symbol versioning added to prevent problems
+ during partial upgrades from older versions of the libraries.
+
+ * slapindex has been patched to warn when run as root and the man page
+ has been patched to notify users that slapindex should be run as the
+ user slapd runs as. There is some upstream discussion of a better
+ fix.
+
+ * slapd is configured to look in /etc/ldap/sasl2 in addition to
+ /usr/lib/sasl2 for SASL configuration files.
+
+ * libldap has been patched to work around what may be a bug in GnuTLS in
+ calculating the length of subjectAltName in TLS certificates. See
+ <http://bugs.debian.org/465197>.
+
+ * The libldap library is patched to add two functions used by
+ evolution-exchange for NTLM authentication to Active Directory. See
+ <http://bugs.debian.org/457374>.
+
+ * Several paths have been adjusted to fit Debian file permissions and
+ for Filesystem Hierarchy Standard compliance, namely:
+ - The ldapi socket is in /var/run/slapd
+ - The slapi error log has been moved to /var/log/slapi-errors
+ - The slapd database location is /var/lib/ldap
+
+ In addition, upstream patches from CVS may be applied to fix bugs in the
+ current release and will not be noted here unless they're not expected
+ to be in the next release.
+
+ Finally, note that the Debian OpenLDAP packages have been compiled
+ against GnuTLS instead of OpenSSL to avoid licensing problems for
+ GPL-covered packages that use the LDAP libraries. This is a supported
+ configuration, but it's not widely used outside of Debian.
+
+ For the exact patches applied to the upstream source and references to
+ the relevant upstream ITS numbers, Debian bugs, and upstream
+ synchronization status, see the debian/patches directory in the
+ openldap source package.
+
+ -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800
+
+Unsafe access control rule installed by default in previous versions
+
+ Versions of slapd before 2.4.40-1 configured the default database with
+ an access control rule of the form:
+
+ to *
+ by self write
+ by dn="cn=admin,dc=example,dc=com" write
+ by * read
+
+ Depending on how the database and client applications are configured,
+ users might be able to impersonate others by editing attributes such
+ as their Unix user and group numbers, or other application-specific
+ attributes.
+
+ New installations no longer include "by self write", but existing
+ configurations will not be automatically modified.
+
+ To list your current access control rules, use the command:
+
+ ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=config' '(olcAccess=*)' olcAccess
+
+ To fix the problem, create an LDIF file to replace the rules as
+ needed. For example:
+
+ dn: olcDatabase={1}hdb,cn=config
+ delete: olcAccess
+ olcAccess: {2}
+ -
+ add: olcAccess
+ olcAccess: {2}to * by dn="cn=admin,dc=example,dc=com" write by * read
+
+ Adjust the database DN, the administrative DN, and the rule numbers
+ according to your configuration, following the output from ldapsearch.
+
+ Next, apply the configuration changes from the file:
+
+ ldapmodify -Y EXTERNAL -H ldapi:/// -f mods.ldif
+
+ For more information about access control rules, refer to the
+ slapd.access(5) man page.
+
+ -- Ryan Tandy <ryan@nardis.ca>, Mon, 20 Oct 2014 11:45:20 -0700
diff --git a/debian/slapd.backup b/debian/slapd.backup
new file mode 100644
index 0000000..4046f8c
--- /dev/null
+++ b/debian/slapd.backup
@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# Backup LDAP directories
+#
+# This script can be put in cron to create backups.
+#
+# Author: Matthijs Mohlmann <matthijs@cacholong.nl>
+# Date: Sat, 15 Jul 2006 21:13:14 +0200
+# License: GPLv2
+
+# Make sure the backups are secured.
+umask 077
+
+BACKUPDIR="/var/backups/slapd"
+DEFAULTS="/etc/default/slapd"
+
+# Check if there is a directory slapd, otherwise create it.
+if [ ! -d "$BACKUPDIR" ]; then
+ mkdir -p -m 0700 "$BACKUPDIR"
+fi
+
+# Load default settings.
+if [ -e "$DEFAULTS" ]; then
+ . "$DEFAULTS"
+fi
+
+# Specify a slapd.conf if not specified.
+if [ -z "$SLAPD_CONF" ]; then
+ SLAPD_CONF="/etc/ldap/slapd.conf"
+fi
+
+# Set IFS to end of line.
+ORIGIFS=$IFS
+IFS=`echo -en "\n\b"`
+
+# Backup recursive through all configfiles all suffix's in the form:
+# suffix.ldif in /var/backups/slapd
+function backupDirectories() {
+ local conf=$1
+ local directory=""
+ local include=""
+
+ suffix=`grep "^suffix" $conf | sed -e "s/\(^suffix\s\+\|\"\|\'\)//g"`
+ for directory in "$suffix"; do
+ if [ ! -z "$suffix" ]; then
+ slapcat -l "$BACKUPDIR/$suffix.ldif" -b "$suffix"
+ fi
+ done
+
+ includes=`grep "^include" $conf | awk '{print $2}'`
+ for include in $includes; do
+ backupDirectories "$include"
+ done
+}
+
+backupDirectories "$SLAPD_CONF"
+
+# Put IFS back.
+IFS=$ORIGIFS
+
+exit 0
+
diff --git a/debian/slapd.conf b/debian/slapd.conf
new file mode 100644
index 0000000..260a190
--- /dev/null
+++ b/debian/slapd.conf
@@ -0,0 +1,133 @@
+# This is the main slapd configuration file. See slapd.conf(5) for more
+# info on the configuration options.
+
+#######################################################################
+# Global Directives:
+
+# Schema and objectClass definitions
+include /etc/ldap/schema/core.schema
+include /etc/ldap/schema/cosine.schema
+include /etc/ldap/schema/nis.schema
+include /etc/ldap/schema/inetorgperson.schema
+
+# Where the pid file is put. The init.d script
+# will not stop the server if you change this.
+pidfile /var/run/slapd/slapd.pid
+
+# List of arguments that were passed to the server
+argsfile /var/run/slapd/slapd.args
+
+# Read slapd.conf(5) for possible values
+loglevel none
+
+# Where the dynamically loaded modules are stored
+modulepath /usr/lib/ldap
+moduleload back_@BACKEND@
+
+# The maximum number of entries that is returned for a search operation
+sizelimit 500
+
+# The tool-threads parameter sets the actual amount of cpu's that is used
+# for indexing.
+tool-threads 1
+
+#######################################################################
+# Specific Backend Directives for @BACKEND@:
+# Backend specific directives apply to this backend until another
+# 'backend' directive occurs
+backend @BACKEND@
+
+#######################################################################
+# Specific Backend Directives for 'other':
+# Backend specific directives apply to this backend until another
+# 'backend' directive occurs
+#backend <other>
+
+#######################################################################
+# Specific Directives for database #1, of type @BACKEND@:
+# Database specific directives apply to this databasse until another
+# 'database' directive occurs
+database @BACKEND@
+
+# The base of your directory in database #1
+suffix "@SUFFIX@"
+
+# rootdn directive for specifying a superuser on the database. This is needed
+# for syncrepl.
+# rootdn "cn=admin,@SUFFIX@"
+
+# Where the database file are physically stored for database #1
+directory "/var/lib/ldap"
+
+# The dbconfig settings are used to generate a DB_CONFIG file the first
+# time slapd starts. They do NOT override existing an existing DB_CONFIG
+# file. You should therefore change these settings in DB_CONFIG directly
+# or remove DB_CONFIG and restart slapd for changes to take effect.
+
+# For the Debian package we use 2MB as default but be sure to update this
+# value if you have plenty of RAM
+dbconfig set_cachesize 0 2097152 0
+
+# Sven Hartge reported that he had to set this value incredibly high
+# to get slapd running at all. See http://bugs.debian.org/303057 for more
+# information.
+
+# Number of objects that can be locked at the same time.
+dbconfig set_lk_max_objects 1500
+# Number of locks (both requested and granted)
+dbconfig set_lk_max_locks 1500
+# Number of lockers
+dbconfig set_lk_max_lockers 1500
+
+# Indexing options for database #1
+index objectClass eq
+
+# Save the time that the entry gets modified, for database #1
+lastmod on
+
+# Checkpoint the BerkeleyDB database periodically in case of system
+# failure and to speed slapd shutdown.
+checkpoint 512 30
+
+# The userPassword by default can be changed
+# by the entry owning it if they are authenticated.
+# Others should not be able to see it, except the
+# admin entry below
+# These access lines apply to database #1 only
+access to attrs=userPassword,shadowLastChange
+ by dn="@ADMIN@" write
+ by anonymous auth
+ by self write
+ by * none
+
+# Ensure read access to the base for things like
+# supportedSASLMechanisms. Without this you may
+# have problems with SASL not knowing what
+# mechanisms are available and the like.
+# Note that this is covered by the 'access to *'
+# ACL below too but if you change that as people
+# are wont to do you'll still need this if you
+# want SASL (and possible other things) to work
+# happily.
+access to dn.base="" by * read
+
+# The admin dn has full write access, everyone else
+# can read everything.
+access to *
+ by dn="@ADMIN@" write
+ by * read
+
+# For Netscape Roaming support, each user gets a roaming
+# profile for which they have write access to
+#access to dn=".*,ou=Roaming,o=morsnet"
+# by dn="@ADMIN@" write
+# by dnattr=owner write
+
+#######################################################################
+# Specific Directives for database #2, of type 'other' (can be @BACKEND@ too):
+# Database specific directives apply to this databasse until another
+# 'database' directive occurs
+#database <other>
+
+# The base of your directory for database #2
+#suffix "dc=debian,dc=org"
diff --git a/debian/slapd.config b/debian/slapd.config
new file mode 100644
index 0000000..8225b77
--- /dev/null
+++ b/debian/slapd.config
@@ -0,0 +1,169 @@
+#! /bin/sh
+
+set -e
+
+# Load debconf
+. /usr/share/debconf/confmodule
+
+# This will be replaced with debian/slapd.scripts-common which includes
+# various helper functions and $OLD_VERSION and $SLAPD_CONF
+#SCRIPTSCOMMON#
+
+# Check if the user wants to configure slapd manually
+want_manual_configuration() {
+ db_input medium slapd/no_configuration || true
+ db_go || true
+ db_get slapd/no_configuration
+ no_configuration="$RET"
+
+ if [ "$no_configuration" = "true" ]; then
+ return 0
+ fi
+ return 1
+}
+
+# Make sure the values entered make sense
+validate_initial_config() {
+ local invalid
+ invalid=""
+
+ # Make sure the domain name is valid
+ # The regexp doesn't work for UTF-8 domain names, but for that to
+ # work, we would also need to Base64 encode it in the LDIF; since
+ # we're not doing it at the moment, this should be fine for now
+ db_get slapd/domain
+ if [ -z "$RET" ] || ! echo "$RET" | grep -q '^[a-zA-Z0-9.-]*$'; then
+ db_fset slapd/domain seen false
+ invalid=true
+ fi
+
+ # Suffix and Organization may not be empty
+ db_get shared/organization
+ if [ -z "$RET" ]; then
+ db_fset shared/organization seen false
+ invalid=true
+ fi
+
+ # Make sure the passwords match
+ local pass1 pass2
+ db_get slapd/password1
+ pass1="$RET"
+ db_get slapd/password2
+ pass2="$RET"
+
+ if [ "$pass1" != "$pass2" ]; then
+ db_fset slapd/password1 seen false
+ db_fset slapd/password2 seen false
+ invalid=true
+ fi
+
+ # Tell the user
+ if [ "$invalid" ]; then
+ db_fset slapd/invalid_config seen false
+ db_input critical slapd/invalid_config || true
+ db_go || true
+ db_get slapd/invalid_config
+ if [ "$RET" != "true" ]; then
+ db_set slapd/no_configuration true
+ invalid=
+ fi
+ fi
+
+ if [ "$invalid" ]; then
+ return 1
+ else
+ return 0
+ fi
+}
+
+# Query the information we need to create an initial directory
+query_initial_config() {
+ while true; do
+ db_input medium slapd/domain || true
+ db_input medium shared/organization || true
+ db_input high slapd/password1 || true
+ db_input high slapd/password2 || true
+ db_input low slapd/backend || true
+ db_input low slapd/purge_database || true
+ # XXX - should be done more general, but for now this should do
+ # the trick
+ if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then
+ db_input low slapd/move_old_database || true
+ fi
+ db_go || true
+
+ if validate_initial_config; then
+ break
+ fi
+ done
+}
+
+# ----- Configuration of LDIF dumping and reloading--------------------- {{{
+#
+# Dumping the database can have negative effects on the system we are
+# running on. If there is a lot of data dumping it might fill a partition
+# for example. Therefore we must give the user exact control over what we
+# are doing.
+
+configure_dumping() { # {{{
+# Ask the user for the configuration of the dumping component
+# Usage: configure_dumping
+
+ # Look if the user wants to migrate to the BDB backend
+ if ! database_dumping_enabled; then
+ return 0
+ fi
+
+ # Configure if and where to dump the LDAP databases
+ db_input medium slapd/dump_database || true
+ db_go || true
+ db_get slapd/dump_database
+
+ # Abort if the user does not want dumping
+ if [ "$RET" = never ]; then
+ return 0
+ fi
+
+ db_input medium slapd/dump_database_destdir || true
+ db_go || true
+
+ # If the user entered the empty value, go back to the default
+ db_get slapd/dump_database_destdir
+ if [ "$RET" = "" ]; then
+ db_reset slapd/dump_database_destdir
+ fi
+}
+
+# }}}
+# }}}
+
+warn_about_selfwrite_acl() { # {{{
+# Warn about databases having an acl beginning with "to * by self
+# write", installed by default in previous versions of slapd.init.ldif
+# but having possible security implications.
+ if [ -d "$SLAPD_CONF" ]; then
+ if grep -q '^olcAccess: {[0-9]*}to \* by self write' \
+ "$SLAPD_CONF"/cn\=config/olcDatabase*.ldif 2>/dev/null; then
+ db_input high slapd/unsafe_selfwrite_acl || true
+ fi
+ fi
+}
+# }}}
+
+# Create an initial directory on fresh install
+if is_initial_configuration "$@"; then
+ if ! want_manual_configuration; then
+ set_defaults_for_unseen_entries
+ query_initial_config
+ fi
+fi
+
+# Configure the dumping component if we are upgrading some older version.
+if [ "$1" = configure ] && [ -n "$2" ]; then
+ configure_dumping
+ warn_about_selfwrite_acl
+fi
+
+db_go || true
+
+exit 0
diff --git a/debian/slapd.default b/debian/slapd.default
new file mode 100644
index 0000000..372b8f4
--- /dev/null
+++ b/debian/slapd.default
@@ -0,0 +1,45 @@
+# Default location of the slapd.conf file or slapd.d cn=config directory. If
+# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
+# /etc/ldap/slapd.conf).
+SLAPD_CONF=
+
+# System account to run the slapd server under. If empty the server
+# will run as root.
+SLAPD_USER="openldap"
+
+# System group to run the slapd server under. If empty the server will
+# run in the primary group of its user.
+SLAPD_GROUP="openldap"
+
+# Path to the pid file of the slapd server. If not set the init.d script
+# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by
+# default)
+SLAPD_PIDFILE=
+
+# slapd normally serves ldap only on all TCP-ports 389. slapd can also
+# service requests on TCP-port 636 (ldaps) and requests via unix
+# sockets.
+# Example usage:
+# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
+SLAPD_SERVICES="ldap:/// ldapi:///"
+
+# If SLAPD_NO_START is set, the init script will not start or restart
+# slapd (but stop will still work). Uncomment this if you are
+# starting slapd via some other means or if you don't want slapd normally
+# started at boot.
+#SLAPD_NO_START=1
+
+# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
+# the init script will not start or restart slapd (but stop will still
+# work). Use this for temporarily disabling startup of slapd (when doing
+# maintenance, for example, or through a configuration management system)
+# when you don't want to edit a configuration file.
+SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
+
+# For Kerberos authentication (via SASL), slapd by default uses the system
+# keytab file (/etc/krb5.keytab). To use a different keytab file,
+# uncomment this line and change the path.
+#export KRB5_KTNAME=/etc/krb5.keytab
+
+# Additional options to pass to slapd
+SLAPD_OPTIONS=""
diff --git a/debian/slapd.dirs b/debian/slapd.dirs
new file mode 100644
index 0000000..31018f3
--- /dev/null
+++ b/debian/slapd.dirs
@@ -0,0 +1,4 @@
+var/lib/slapd
+usr/share/slapd
+usr/share/lintian/overrides
+etc/ldap/sasl2
diff --git a/debian/slapd.docs b/debian/slapd.docs
new file mode 100644
index 0000000..2ead1c2
--- /dev/null
+++ b/debian/slapd.docs
@@ -0,0 +1 @@
+debian/README.DB_CONFIG
diff --git a/debian/slapd.examples b/debian/slapd.examples
new file mode 100644
index 0000000..d97949d
--- /dev/null
+++ b/debian/slapd.examples
@@ -0,0 +1 @@
+debian/slapd.backup
diff --git a/debian/slapd.init b/debian/slapd.init
new file mode 100644
index 0000000..581f0a4
--- /dev/null
+++ b/debian/slapd.init
@@ -0,0 +1,202 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: slapd
+# Required-Start: $remote_fs $network $syslog
+# Required-Stop: $remote_fs $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: OpenLDAP standalone server (Lightweight Directory Access Protocol)
+### END INIT INFO
+
+# Specify path variable
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+. /lib/lsb/init-functions
+
+# Kill me on all errors
+set -e
+
+# Set the paths to slapd as a variable so that someone who really
+# wants to can override the path in /etc/default/slapd.
+SLAPD=/usr/sbin/slapd
+
+# Stop processing if slapd is not there
+[ -x $SLAPD ] || exit 0
+
+# debconf may have this file descriptor open and it makes things work a bit
+# more reliably if we redirect it as a matter of course. db_stop will take
+# care of this, but this won't hurt.
+exec 3>/dev/null
+
+# Source the init script configuration
+if [ -f "/etc/default/slapd" ]; then
+ . /etc/default/slapd
+fi
+
+# Load the default location of the slapd config file
+if [ -z "$SLAPD_CONF" ]; then
+ if [ -e /etc/ldap/slapd.d ]; then
+ SLAPD_CONF=/etc/ldap/slapd.d
+ else
+ SLAPD_CONF=/etc/ldap/slapd.conf
+ fi
+fi
+
+# Stop processing if the config file is not there
+if [ ! -r "$SLAPD_CONF" ]; then
+ log_warning_msg "No configuration file was found for slapd at $SLAPD_CONF."
+ # if there is no config at all, we should assume slapd is not running
+ # and exit 0 on stop so that unconfigured packages can be removed.
+ [ "x$1" = xstop ] && exit 0 || exit 1
+fi
+
+# extend options depending on config type
+if [ -f "$SLAPD_CONF" ]; then
+ SLAPD_OPTIONS="-f $SLAPD_CONF $SLAPD_OPTIONS"
+elif [ -d "$SLAPD_CONF" ] ; then
+ SLAPD_OPTIONS="-F $SLAPD_CONF $SLAPD_OPTIONS"
+fi
+
+# Find out the name of slapd's pid file
+if [ -z "$SLAPD_PIDFILE" ]; then
+ # If using old one-file configuration scheme
+ if [ -f "$SLAPD_CONF" ] ; then
+ SLAPD_PIDFILE=`sed -ne 's/^pidfile[[:space:]]\+\(.\+\)/\1/p' \
+ "$SLAPD_CONF"`
+ # Else, if using new directory configuration scheme
+ elif [ -d "$SLAPD_CONF" ] ; then
+ SLAPD_PIDFILE=`sed -ne \
+ 's/^olcPidFile:[[:space:]]\+\(.\+\)[[:space:]]*/\1/p' \
+ "$SLAPD_CONF"/'cn=config.ldif'`
+ fi
+fi
+
+# XXX: Breaks upgrading if there is no pidfile (invoke-rc.d stop will fail)
+# -- Torsten
+if [ -z "$SLAPD_PIDFILE" ]; then
+ log_failure_msg "The pidfile for slapd has not been specified"
+ exit 1
+fi
+
+# Pass the user and group to run under to slapd
+if [ "$SLAPD_USER" ]; then
+ SLAPD_OPTIONS="-u $SLAPD_USER $SLAPD_OPTIONS"
+fi
+
+if [ "$SLAPD_GROUP" ]; then
+ SLAPD_OPTIONS="-g $SLAPD_GROUP $SLAPD_OPTIONS"
+fi
+
+# Check whether we were configured to not start the services.
+check_for_no_start() {
+ if [ -n "$SLAPD_NO_START" ]; then
+ echo 'Not starting slapd: SLAPD_NO_START set in /etc/default/slapd' >&2
+ exit 0
+ fi
+ if [ -n "$SLAPD_SENTINEL_FILE" ] && [ -e "$SLAPD_SENTINEL_FILE" ]; then
+ echo "Not starting slapd: $SLAPD_SENTINEL_FILE exists" >&2
+ exit 0
+ fi
+}
+
+# Tell the user that something went wrong and give some hints for
+# resolving the problem.
+report_failure() {
+ log_end_msg 1
+ if [ -n "$reason" ]; then
+ log_failure_msg "$reason"
+ else
+ log_failure_msg "The operation failed but no output was produced."
+
+ if [ -n "$SLAPD_OPTIONS" -o \
+ -n "$SLAPD_SERVICES" ]; then
+ if [ -z "$SLAPD_SERVICES" ]; then
+ if [ -n "$SLAPD_OPTIONS" ]; then
+ log_failure_msg "Command line used: slapd $SLAPD_OPTIONS"
+ fi
+ else
+ log_failure_msg "Command line used: slapd -h '$SLAPD_SERVICES' $SLAPD_OPTIONS"
+ fi
+ fi
+ fi
+}
+
+# Start the slapd daemon and capture the error message if any to
+# $reason.
+start_slapd() {
+ # Make sure /var/run/slapd exists with correct permissions
+ if [ ! -d /var/run/slapd ]; then
+ mkdir -p /var/run/slapd
+ [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" /var/run/slapd
+ [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" /var/run/slapd
+ fi
+
+ # Make sure the pidfile directory exists with correct permissions
+ piddir=`dirname "$SLAPD_PIDFILE"`
+ if [ ! -d "$piddir" ]; then
+ mkdir -p "$piddir"
+ [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" "$piddir"
+ [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" "$piddir"
+ fi
+
+ if [ -z "$SLAPD_SERVICES" ]; then
+ reason="`start-stop-daemon --start --quiet --oknodo \
+ --pidfile "$SLAPD_PIDFILE" \
+ --exec $SLAPD -- $SLAPD_OPTIONS 2>&1`"
+ else
+ reason="`start-stop-daemon --start --quiet --oknodo \
+ --pidfile "$SLAPD_PIDFILE" \
+ --exec $SLAPD -- -h "$SLAPD_SERVICES" $SLAPD_OPTIONS 2>&1`"
+ fi
+
+ # Backward compatibility with OpenLDAP 2.1 client libraries.
+ if [ ! -h /var/run/ldapi ] && [ ! -e /var/run/ldapi ] ; then
+ ln -s slapd/ldapi /var/run/ldapi
+ fi
+}
+
+# Stop the slapd daemon and capture the error message (if any) to
+# $reason.
+stop_slapd() {
+ reason="`start-stop-daemon --stop --quiet --oknodo --retry TERM/10 \
+ --pidfile "$SLAPD_PIDFILE" \
+ --exec $SLAPD 2>&1`"
+}
+
+# Start the OpenLDAP daemons
+start_ldap() {
+ trap 'report_failure' 0
+ log_daemon_msg "Starting OpenLDAP" "slapd"
+ start_slapd
+ trap "-" 0
+ log_end_msg 0
+}
+
+# Stop the OpenLDAP daemons
+stop_ldap() {
+ trap 'report_failure' 0
+ log_daemon_msg "Stopping OpenLDAP" "slapd"
+ stop_slapd
+ trap "-" 0
+ log_end_msg 0
+}
+
+case "$1" in
+ start)
+ check_for_no_start
+ start_ldap ;;
+ stop)
+ stop_ldap ;;
+ restart|force-reload)
+ check_for_no_start
+ stop_ldap
+ start_ldap
+ ;;
+ status)
+ status_of_proc -p $SLAPD_PIDFILE $SLAPD slapd
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif
new file mode 100644
index 0000000..163a8d8
--- /dev/null
+++ b/debian/slapd.init.ldif
@@ -0,0 +1,101 @@
+# Global config:
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+# Where the pid file is put. The init.d script
+# will not stop the server if you change this.
+olcPidFile: /var/run/slapd/slapd.pid
+# List of arguments that were passed to the server
+olcArgsFile: /var/run/slapd/slapd.args
+# Read slapd-config(5) for possible values
+olcLogLevel: none
+# The tool-threads parameter sets the actual amount of cpu's that is used
+# for indexing.
+olcToolThreads: 1
+
+# Frontend settings
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+# The maximum number of entries that is returned for a search operation
+olcSizeLimit: 500
+# Allow unlimited access to local connection from the local root user
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+# Allow unauthenticated read access for schema and base DN autodiscovery
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
+
+# Config db settings
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+# Allow unlimited access to local connection from the local root user
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+olcRootDN: cn=admin,cn=config
+
+# Load schemas
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/ldap/schema/core.ldif
+include: file:///etc/ldap/schema/cosine.ldif
+include: file:///etc/ldap/schema/nis.ldif
+include: file:///etc/ldap/schema/inetorgperson.ldif
+
+# Load module
+dn: cn=module{0},cn=config
+objectClass: olcModuleList
+cn: module{0}
+# Where the dynamically loaded modules are stored
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: back_@BACKEND@
+
+# Set defaults for the backend
+dn: olcBackend=@BACKEND@,cn=config
+objectClass: olcBackendConfig
+olcBackend: @BACKEND@
+
+# The database definition.
+dn: olcDatabase=@BACKEND@,cn=config
+objectClass: olcDatabaseConfig
+objectClass: @BACKENDOBJECTCLASS@
+olcDatabase: @BACKEND@
+# Checkpoint the database periodically in case of system
+# failure and to speed slapd shutdown.
+olcDbCheckpoint: 512 30
+@BACKENDOPTIONS@
+# Save the time that the entry gets modified, for database #1
+olcLastMod: TRUE
+# The base of your directory in database #1
+olcSuffix: @SUFFIX@
+# Where the database file are physically stored for database #1
+olcDbDirectory: /var/lib/ldap
+# olcRootDN directive for specifying a superuser on the database. This
+# is needed for syncrepl.
+olcRootDN: cn=admin,@SUFFIX@
+olcRootPW: @PASSWORD@
+# Indexing options for database #1
+olcDbIndex: objectClass eq
+olcDbIndex: cn,uid eq
+olcDbIndex: uidNumber,gidNumber eq
+olcDbIndex: member,memberUid eq
+# The userPassword by default can be changed by the entry owning it if
+# they are authenticated. Others should not be able to see it, except
+# the admin entry above.
+olcAccess: to attrs=userPassword
+ by self write
+ by anonymous auth
+ by * none
+# Allow update of authenticated user's shadowLastChange attribute.
+# Updating it on password change is implemented at least by libpam-ldap,
+# libpam-ldapd, and the slapo-smbk5pwd overlay.
+olcAccess: to attrs=shadowLastChange
+ by self write
+ by * read
+# The admin dn (olcRootDN) bypasses ACLs and so has total access,
+# everyone else can read everything.
+olcAccess: to *
+ by * read
+
diff --git a/debian/slapd.install b/debian/slapd.install
new file mode 100644
index 0000000..2e7c999
--- /dev/null
+++ b/debian/slapd.install
@@ -0,0 +1,59 @@
+etc/ldap/schema
+usr/lib/slapd usr/sbin
+usr/lib/*/libslapi-*.so.*
+debian/ldiftopasswd usr/share/slapd
+debian/DB_CONFIG usr/share/slapd
+debian/slapd.conf usr/share/slapd
+debian/slapd.init.ldif usr/share/slapd
+
+usr/lib/ldap/back_*.so*
+usr/lib/ldap/back_*.la
+
+usr/lib/ldap/accesslog*.so*
+usr/lib/ldap/accesslog.la
+usr/lib/ldap/auditlog*.so*
+usr/lib/ldap/auditlog.la
+usr/lib/ldap/constraint*.so*
+usr/lib/ldap/constraint.la
+usr/lib/ldap/dds*.so*
+usr/lib/ldap/dds.la
+usr/lib/ldap/deref*.so*
+usr/lib/ldap/deref.la
+usr/lib/ldap/dyngroup*.so*
+usr/lib/ldap/dyngroup.la
+usr/lib/ldap/dynlist*.so*
+usr/lib/ldap/dynlist.la
+usr/lib/ldap/memberof*.so*
+usr/lib/ldap/memberof.la
+usr/lib/ldap/pcache*.so*
+usr/lib/ldap/pcache.la
+usr/lib/ldap/collect*.so*
+usr/lib/ldap/collect.la
+usr/lib/ldap/ppolicy*.so*
+usr/lib/ldap/ppolicy.la
+usr/lib/ldap/refint*.so*
+usr/lib/ldap/refint.la
+usr/lib/ldap/retcode*.so*
+usr/lib/ldap/retcode.la
+usr/lib/ldap/rwm*.so*
+usr/lib/ldap/rwm.la
+usr/lib/ldap/seqmod*.so*
+usr/lib/ldap/seqmod.la
+usr/lib/ldap/sssvlv*.so*
+usr/lib/ldap/sssvlv.la
+usr/lib/ldap/syncprov*.so*
+usr/lib/ldap/syncprov.la
+usr/lib/ldap/translucent*.so*
+usr/lib/ldap/translucent.la
+usr/lib/ldap/unique*.so*
+usr/lib/ldap/unique.la
+usr/lib/ldap/valsort*.so*
+usr/lib/ldap/valsort.la
+
+# contrib modules installed in main package
+usr/lib/ldap/autogroup.so*
+usr/lib/ldap/autogroup.la
+usr/lib/ldap/lastbind.so*
+usr/lib/ldap/lastbind.la
+usr/lib/ldap/pw-sha2.so*
+usr/lib/ldap/pw-sha2.la
diff --git a/debian/slapd.links b/debian/slapd.links
new file mode 100644
index 0000000..f043f04
--- /dev/null
+++ b/debian/slapd.links
@@ -0,0 +1,2 @@
+usr/share/slapd/DB_CONFIG usr/share/doc/slapd/examples/DB_CONFIG
+usr/share/slapd/slapd.conf usr/share/doc/slapd/examples/slapd.conf
diff --git a/debian/slapd.lintian-overrides b/debian/slapd.lintian-overrides
new file mode 100644
index 0000000..e727c9a
--- /dev/null
+++ b/debian/slapd.lintian-overrides
@@ -0,0 +1,3 @@
+# libslapi is a special case, used only for writing extension modules for
+# slapd, and is therefore shipped with slapd.
+slapd: package-name-doesnt-match-sonames libslapi-2.4-2
diff --git a/debian/slapd.manpages b/debian/slapd.manpages
new file mode 100644
index 0000000..ffd3243
--- /dev/null
+++ b/debian/slapd.manpages
@@ -0,0 +1,45 @@
+debian/tmp/usr/share/man/man5/slapd.*.5
+debian/tmp/usr/share/man/man8/slap*.8
+
+debian/tmp/usr/share/man/man5/slapd-bdb.5
+debian/tmp/usr/share/man/man5/slapd-config.5
+debian/tmp/usr/share/man/man5/slapd-dnssrv.5
+debian/tmp/usr/share/man/man5/slapd-hdb.5
+debian/tmp/usr/share/man/man5/slapd-ldap.5
+debian/tmp/usr/share/man/man5/slapd-ldif.5
+debian/tmp/usr/share/man/man5/slapd-mdb.5
+debian/tmp/usr/share/man/man5/slapd-meta.5
+debian/tmp/usr/share/man/man5/slapd-monitor.5
+debian/tmp/usr/share/man/man5/slapd-ndb.5
+debian/tmp/usr/share/man/man5/slapd-null.5
+debian/tmp/usr/share/man/man5/slapd-passwd.5
+debian/tmp/usr/share/man/man5/slapd-perl.5
+debian/tmp/usr/share/man/man5/slapd-relay.5
+debian/tmp/usr/share/man/man5/slapd-shell.5
+debian/tmp/usr/share/man/man5/slapd-sock.5
+debian/tmp/usr/share/man/man5/slapd-sql.5
+
+debian/tmp/usr/share/man/man5/slapo-accesslog.5
+debian/tmp/usr/share/man/man5/slapo-auditlog.5
+debian/tmp/usr/share/man/man5/slapo-chain.5
+debian/tmp/usr/share/man/man5/slapo-collect.5
+debian/tmp/usr/share/man/man5/slapo-constraint.5
+debian/tmp/usr/share/man/man5/slapo-dds.5
+debian/tmp/usr/share/man/man5/slapo-dyngroup.5
+debian/tmp/usr/share/man/man5/slapo-dynlist.5
+debian/tmp/usr/share/man/man5/slapo-memberof.5
+debian/tmp/usr/share/man/man5/slapo-pbind.5
+debian/tmp/usr/share/man/man5/slapo-pcache.5
+debian/tmp/usr/share/man/man5/slapo-ppolicy.5
+debian/tmp/usr/share/man/man5/slapo-refint.5
+debian/tmp/usr/share/man/man5/slapo-retcode.5
+debian/tmp/usr/share/man/man5/slapo-rwm.5
+debian/tmp/usr/share/man/man5/slapo-sock.5
+debian/tmp/usr/share/man/man5/slapo-sssvlv.5
+debian/tmp/usr/share/man/man5/slapo-syncprov.5
+debian/tmp/usr/share/man/man5/slapo-translucent.5
+debian/tmp/usr/share/man/man5/slapo-unique.5
+debian/tmp/usr/share/man/man5/slapo-valsort.5
+
+# contrib modules installed in main package
+debian/tmp/usr/share/man/man5/slapo-lastbind.5
diff --git a/debian/slapd.postinst b/debian/slapd.postinst
new file mode 100644
index 0000000..2f5c550
--- /dev/null
+++ b/debian/slapd.postinst
@@ -0,0 +1,174 @@
+#! /bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+# This will be replaced with debian/slapd.scripts-common which includes
+# various helper functions and $OLD_VERSION and $SLAPD_CONF
+#SCRIPTSCOMMON#
+
+postinst_upgrade_cn_config() { # {{{
+ if previous_version_older '2.4.44+dfsg-1~'; then
+ upgrade_cnconfig_ppolicy_schema
+ fi
+}
+# }}}
+postinst_initial_configuration() { # {{{
+# Configure slapd for the first time (when first installed)
+# Usage: postinst_initial_configuration
+
+ if manual_configuration_wanted; then
+ echo " Omitting slapd configuration as requested." >&2
+ else
+ crypt_admin_pass
+ create_new_configuration
+ fi
+}
+
+# }}}
+postinst_upgrade_configuration() { # {{{
+# Handle upgrading slapd from some older version
+# Usage: postinst_upgrade_configuration
+
+ # Better back up the config file in any case
+ backup_config_once
+
+ # Complete any config updates before trying to use slapadd
+ if [ -d "$SLAPD_CONF" ]; then
+ postinst_upgrade_cn_config
+ fi
+
+ # Check if the database format has changed.
+ if database_format_changed; then
+
+ # During upgrading we have to load the old data
+ move_incompatible_databases_away
+ load_databases
+ fi
+
+ # Move to slapd.d configuration style.
+ migrate_to_slapd_d_style
+
+ # One-time upgrade fix for olcAccess on cn=Subschema
+ if previous_version_older 2.4.23-5 && previous_version_newer 2.4.23-3 \
+ && [ -e "$SLAPD_CONF/cn=config/olcDatabase={-1}frontend.ldif" ] \
+ && ! grep -i 'olcAccess:.*subschema' "$SLAPD_CONF/cn=config/olcDatabase={-1}frontend.ldif"
+ then
+ sed -i '/olcAccess: {0}/a\
+olcAccess: {1}to dn.exact="" by * read\
+olcAccess: {2}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
+ fi
+
+ # Update permissions of all database directories and /var/run/slapd
+ update_databases_permissions
+ update_permissions /var/run/slapd
+
+ # Versions prior to 2.4.7-1 could create a slapd.conf that wasn't
+ # readable by the openldap user.
+ update_permissions "${SLAPD_CONF}"
+}
+
+# }}}
+
+upgrade_cnconfig_ppolicy_schema() { # {{{
+# Add a new required attribute to the ppolicy schema embedded in the
+# cn=config database when upgrading to 2.4.43 or later.
+# slapd.conf users get schema updates through the regular conffile
+# handling.
+ local dumped_ldif working_ldif ppolicy_dn tmp_slapd_d failed
+
+ if ! [ -d "$SLAPD_CONF" ]; then
+ return 0
+ fi
+
+ if ! previous_version_older '2.4.44+dfsg-1~'; then
+ return 0
+ fi
+
+ # The config should have been dumped in preinst.
+ # If not, hope for the best.
+ dumped_ldif="$(database_dumping_destdir)/cn=config.ldif"
+ if ! [ -f "$dumped_ldif" ]; then
+ echo "Saved configuration not found at $dumped_ldif. Skipping configuration updates." >&2
+ return 0
+ fi
+
+ # Create a working copy with lines unwrapped.
+ working_ldif="$(mktemp --tmpdir slapd-XXXXXXXX.ldif)"
+ trap "trap - INT EXIT; rm -f '$working_ldif'" INT EXIT
+ normalize_ldif "$dumped_ldif" > "$working_ldif"
+
+ # Check whether the schema is loaded and needs an update.
+ ppolicy_dn="$(find_old_ppolicy_schema "$working_ldif")"
+ if [ -z "$ppolicy_dn" ]; then
+ return
+ fi
+
+ echo -n "Adding pwdMaxRecordedFailure attribute to ${ppolicy_dn}... " >&2
+
+ # Add the pwdMaxRecordedFailure attribute to the ppolicy schema.
+ # Let slapadd update modifiersName and modifyTimestamp so these
+ # reflect reality, and entryCSN so replication is aware of the change.
+ perl -i -ne '
+ BEGIN { my $nextidx; }
+ if (/^dn: cn=\{\d+\}ppolicy,cn=schema,cn=config/ .. /^$/) {
+ if (/^entryCSN:/ or /^modifiersName:/ or /^modifyTimestamp:/) {
+ next;
+ } elsif (/^olcAttributeTypes: \{(\d+)\}/) {
+ $nextidx = $1 + 1;
+ } elsif (/^olcObjectClasses: .*NAME '\''pwdPolicy'\''/) {
+ s/MAY \( ([^)]+) \)/MAY ( $1 \$ pwdMaxRecordedFailure )/;
+ } elsif (/^$/) {
+ print "olcAttributeTypes: {$nextidx}( 1.3.6.1.4.1.42.2.27.8.1.30 NAME '\''pwdMaxRecordedFailure'\'' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )\n";
+ }
+ }
+ print;
+ ' "$working_ldif"
+
+ # Import the modified config into a temporary location.
+ tmp_slapd_d="$(mktemp -d --tmpdir slapd-XXXXXXXX)"
+ trap "trap - INT EXIT; rm -rf '$tmp_slapd_d' '$working_ldif'" INT EXIT
+ capture_diagnostics slapadd -F "$tmp_slapd_d" -n0 -l "$working_ldif" || failed=1
+ if [ "$failed" ]; then
+ cat >&2 <<-eof
+failed.
+
+Updating the slapd configuration failed with the following error
+while running slapadd:
+eof
+ release_diagnostics
+ exit 1
+ fi
+
+ # Replace the old config with the updated one.
+ # The current config has already been backed up earlier.
+ rm -r "$SLAPD_CONF/cn=config.ldif" "$SLAPD_CONF/cn=config"
+ mv "$tmp_slapd_d/cn=config.ldif" "$tmp_slapd_d/cn=config" "$SLAPD_CONF/"
+
+ echo 'done.' >&2
+}
+# }}}
+
+# Create a new user. Don't create the user, however, if the local
+# administrator has already customized slapd to run as a different user.
+if [ "$MODE" = "configure" ] || [ "$MODE" = "reconfigure" ] ; then
+ if [ "openldap" = "$SLAPD_USER" ] ; then
+ create_new_user
+ fi
+fi
+
+# Configuration.
+if is_initial_configuration "$@"; then
+ postinst_initial_configuration
+else
+ postinst_upgrade_configuration
+fi
+
+db_stop || true
+
+#DEBHELPER#
+
+exit 0
+
+# vim: set sw=8 foldmethod=marker:
diff --git a/debian/slapd.postrm b/debian/slapd.postrm
new file mode 100644
index 0000000..4d7917a
--- /dev/null
+++ b/debian/slapd.postrm
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+# Load debconf if available (might have been removed before purging
+# slapd)
+
+if [ -e "/usr/share/debconf/confmodule" ]; then
+ . /usr/share/debconf/confmodule
+fi
+
+# Check if the user wants the database removed on purging slapd
+remove_database_on_purge() {
+ db_get slapd/purge_database || RET=false
+ if [ "$RET" = "true" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+if [ "$1" = "purge" ]; then
+ echo -n "Removing slapd configuration... "
+ rm -f /etc/ldap/slapd.conf 2>/dev/null || true
+ rm -rf /etc/ldap/slapd.d 2>/dev/null || true
+ echo "done."
+
+ if remove_database_on_purge; then
+ echo -n "Purging OpenLDAP database... "
+ rm -rf /var/lib/ldap || true
+ echo done
+ fi
+fi
+
+#DEBHELPER#
+
+exit 0
+
diff --git a/debian/slapd.preinst b/debian/slapd.preinst
new file mode 100755
index 0000000..4729c06
--- /dev/null
+++ b/debian/slapd.preinst
@@ -0,0 +1,126 @@
+#! /bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+# This will be replaced with debian/slapd.scripts-common which includes
+# various helper functions and $OLD_VERSION and $SLAPD_CONF
+#SCRIPTSCOMMON#
+
+ppolicy_schema_needs_update() { # {{{
+# Provide an LDIF to add the pwdMaxRecordedFailure attribute to the
+# ppolicy schema, and recommend the user apply it before continuing with
+# the slapd upgrade.
+ local update_ldif
+
+ update_ldif="$(mktemp --tmpdir ppolicy-schema-update-XXXXXXXX.ldif)"
+ cat > "$update_ldif" << eof
+dn: $1
+changetype: modify
+add: olcAttributeTypes
+olcAttributeTypes: {16}( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailure' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+-
+delete: olcObjectClasses
+olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXILIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
+-
+add: olcObjectClasses
+olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXILIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $ pwdMaxRecordedFailure ) )
+
+eof
+
+ db_subst slapd/ppolicy_schema_needs_update ldif "$update_ldif"
+ db_fset slapd/ppolicy_schema_needs_update seen false
+ db_input critical slapd/ppolicy_schema_needs_update || true
+ db_go || true
+ db_get slapd/ppolicy_schema_needs_update
+ if [ "$RET" = 'abort installation' ]; then
+ db_stop
+ exit 1
+ fi
+}
+# }}}
+check_ppolicy_schema() { # {{{
+# When upgrading to 2.4.43 or later, if the cn=config database contains
+# an old version of the ppolicy schema, check that it is safe to upgrade
+# it automatically in postinst, or instruct the user to do so before
+# upgrading.
+ local config_ldif="$1"
+
+ # Check whether the schema is loaded and needs an update.
+ local ppolicy_dn="$(find_old_ppolicy_schema "$config_ldif")"
+ if [ -z "$ppolicy_dn" ]; then
+ return
+ fi
+
+ # If either the config or frontend databases have any overlays
+ # or syncrepl clients on them, don't assume it's safe to change
+ # the config offline.
+ # As well, if a content database is a sync provider, we want to
+ # recommend that the schema be updated on every server before
+ # going through with the upgrade.
+ if grep -q -e '^dn: olcOverlay=.\+,olcDatabase={-1}frontend,cn=config$' -e '^dn: olcOverlay=.\+,olcDatabase={0}config,cn=config$' "$config_ldif" \
+ || sed -n '/^dn: olcDatabase={-1}frontend,cn=config$/,// p' "$config_ldif" | grep -q '^olcSyncrepl:' \
+ || sed -n '/^dn: olcDatabase={0}config,cn=config$/,//p' "$config_ldif" | grep -q '^olcSyncrepl:' \
+ || grep -q '^dn: olcOverlay={[0-9]\+}syncprov,olcDatabase=.\+,cn=config' "$config_ldif"; then
+ ppolicy_schema_needs_update "$ppolicy_dn"
+ fi
+
+ # If we made it this far, it should be safe to upgrade the
+ # schema automatically in postinst.
+}
+# }}}
+preinst_check_config() { # {{{
+# Check whether manual config changes are required before upgrading
+ if ! previous_version_older '2.4.44+dfsg-1~'; then
+ # no pre-checks required
+ return 0
+ fi
+
+ if ! [ -d "$SLAPD_CONF" ]; then
+ # no checks needed for slapd.conf at this time
+ return 0
+ fi
+
+ # If slapd was previously removed and a newer version is being
+ # installed, the config must have already been dumped during
+ # remove, or we cannot proceed.
+ if [ "$MODE" = upgrade ]; then
+ dump_config
+ fi
+
+ # Locate the file exported by dump_config.
+ local dumped_ldif="$(database_dumping_destdir)/cn=config.ldif"
+ if [ ! -f "$dumped_ldif" ]; then
+ echo "Expected to find a configuration backup in $dumped_ldif but it is missing. Please retry the upgrade." >&2
+ exit 1
+ fi
+
+ # Create a working copy with lines unwrapped.
+ local config_ldif="$(mktemp --tmpdir slapd.XXXXXXXX.ldif)"
+ trap "trap - INT EXIT; rm -f '$config_ldif'" INT EXIT
+ normalize_ldif "$dumped_ldif" > "$config_ldif"
+
+ check_ppolicy_schema "$config_ldif"
+}
+# }}}
+
+# If we are upgrading from an old version then stop slapd and attempt to
+# slapcat out the data so we can use it in postinst to do the upgrade.
+# If slapd was removed and is being reinstalled, slapcat is not
+# available at this time, so the data should have been dumped before the
+# old slapd was removed.
+
+if [ "$MODE" = upgrade ] || [ "$MODE" = install -a -n "$OLD_VERSION" ]; then
+ preinst_check_config
+fi
+
+if [ "$MODE" = upgrade ]; then
+ dump_databases
+fi
+
+#DEBHELPER#
+
+exit 0
+
+# vim: set sw=8 foldmethod=marker:
diff --git a/debian/slapd.prerm b/debian/slapd.prerm
new file mode 100755
index 0000000..ce7d281
--- /dev/null
+++ b/debian/slapd.prerm
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+# This will be replaced with debian/slapd.scripts-common which includes
+# various helper functions and $OLD_VERSION and $SLAPD_CONF
+#SCRIPTSCOMMON#
+
+#DEBHELPER#
+
+# Dump config and data to LDIF before removing slapd.
+# If a later version is reinstalled without being purged first, the LDIF
+# files may be required for the upgrade, and the old slapcat won't be
+# available any more.
+# During an upgrade, the new preinst will be in a better position to
+# control whether dumping is needed.
+
+# If the config is badly broken, slapcat may fail, but this should not
+# prevent the package from being removed or purged.
+set +e
+
+if [ "$MODE" = remove ]; then
+ # scripts-common sets OLD_VERSION incorrectly for remove
+ OLD_VERSION="$(dpkg-query -W -f '${Version}' slapd)"
+
+ dump_config
+ dump_databases
+fi
+
+exit 0
+
+# vim: set foldmethod=marker:
diff --git a/debian/slapd.scripts-common b/debian/slapd.scripts-common
new file mode 100644
index 0000000..071610d
--- /dev/null
+++ b/debian/slapd.scripts-common
@@ -0,0 +1,847 @@
+# -*- sh -*-
+# This file can be included with #SCRIPTSCOMMON#
+
+
+# ===== Dumping and reloading using LDIF files ========================= {{{
+#
+# If incompatible changes are done to the database underlying a LDAP
+# directory we need to dump the contents and reload the data into a newly
+# created database after the new server was installed. The following
+# functions deal with this functionality.
+
+
+# ----- Configuration of this component -------------------------------- {{{
+#
+# Dumping the database can have negative effects on the system we are
+# running on. If there is a lot of data dumping it might fill a partition
+# for example. Therefore we must give the user exact control over what we
+# are doing.
+
+database_dumping_enabled() { # {{{
+# Check if the user has enabled database dumping for the current situation.
+# Return success if yes.
+# Usage: if database_dumping_enabled; then ... fi
+
+ # If the package is being removed, dump unconditionally as we
+ # don't know whether the next version will require reload.
+ [ "$MODE" = remove ] && return 0
+
+ db_get slapd/dump_database
+ case "$RET" in
+ always)
+ ;;
+ "when needed")
+ database_format_changed || return 1
+ ;;
+ never)
+ return 1
+ ;;
+ *)
+ echo >&2 "Unknown value for slapd/dump_database: $RET"
+ echo >&2 "Please report!"
+ exit 1
+ ;;
+ esac
+}
+
+# }}}
+database_format_changed() { # {{{
+# Check if the database format has changed since the old installed version
+# Return success if yes.
+# Usage: if database_format_changed; then
+
+ if dpkg --compare-versions "$OLD_VERSION" lt-nl 2.4.39-1; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# }}}
+database_dumping_destdir() { # {{{
+# Figure out the directory we are dumping the database to and create it
+# if it does not exist.
+# Usage: destdir=`database_dumping_destdir`
+
+ local dir
+ db_get slapd/dump_database_destdir
+ dir=`echo "$RET"|sed -e "s/VERSION/$OLD_VERSION/"`
+ mkdir -p -m 700 "$dir"
+ echo $dir
+}
+
+# }}}
+create_new_user() { # {{{
+ if [ -z "`getent group openldap`" ]; then
+ addgroup --quiet --system openldap
+ fi
+ if [ -z "`getent passwd openldap`" ]; then
+ echo -n " Creating new user openldap... " >&2
+ adduser --quiet --system --home /var/lib/ldap --shell /bin/false \
+ --ingroup openldap --disabled-password --disabled-login \
+ --gecos "OpenLDAP Server Account" openldap
+ echo "done." >&2
+ fi
+}
+# }}}
+create_ldap_directories() { # {{{
+ if [ ! -d /var/lib/ldap ]; then
+ mkdir -m 0700 /var/lib/ldap
+ fi
+ if [ ! -d /var/run/slapd ]; then
+ mkdir -m 0755 /var/run/slapd
+ fi
+ update_permissions /var/lib/ldap
+ update_permissions /var/run/slapd
+}
+# }}}
+update_permissions() { # {{{
+ local dir
+ dir="$1"
+ if [ -d "$dir" ]; then
+ [ -z "$SLAPD_USER" ] || chown -R -H "$SLAPD_USER" "$dir"
+ [ -z "$SLAPD_GROUP" ] || chgrp -R -H "$SLAPD_GROUP" "$dir"
+ fi
+}
+# }}}
+update_databases_permissions() { # {{{
+ get_suffix | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ update_permissions "$dbdir"
+ done
+}
+# }}}
+# }}}
+# ----- Dumping and loading the data ------------------------------------ {{{
+
+migrate_to_slapd_d_style() { # {{{
+
+ # Check if we need to migrate to the new style.
+ if previous_version_older 2.4.23-3 && [ -f "${SLAPD_CONF}" ] \
+ && ! [ -d /etc/ldap/slapd.d ]
+ then
+
+ # Create the new configuration directory
+ mkdir /etc/ldap/slapd.d
+
+ echo -n " Migrating slapd.conf to slapd.d configuration style... " >&2
+ capture_diagnostics slaptest -f ${SLAPD_CONF} -F /etc/ldap/slapd.d || failed=1
+ if [ "$failed" ]; then
+
+ echo "failed." >&2
+ echo >&2
+ cat <<-EOF
+Migrating slapd.conf file (${SLAPD_CONF}) to slapd.d failed with the following
+error while running slaptest:
+EOF
+ release_diagnostics " "
+ rm -rf /etc/ldap/slapd.d
+ exit 1
+ fi
+
+ # Backup the old slapd.conf
+ mv ${SLAPD_CONF} ${SLAPD_CONF}.old
+ SLAPD_CONF=/etc/ldap/slapd.d
+
+ # Add olcAccess control to grant local root connections access
+ sed -i '/^olcDatabase: {-1}frontend/a\
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break\
+olcAccess: {1}to dn.exact="" by * read\
+olcAccess: {2}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
+ sed -i '/^olcDatabase: {0}config/a\
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break' "${SLAPD_CONF}/cn=config/olcDatabase={0}config.ldif"
+
+ # TODO: Now we are doing something that is not allowed by policy but it
+ # has to be done.
+ sed -i -e "/^[[:space:]]*SLAPD_CONF=.*/ s/^/#/" /etc/default/slapd
+ echo "done." >&2
+ fi
+}
+
+# }}}
+dump_config() { # {{{
+# Dump the cn=config database to the backup directory.
+# This is not the same as backup_config_once, which copies the slapd.d
+# directory verbatim.
+ local dir
+
+ [ -d "$SLAPD_CONF" ] || return 0
+
+ dir="$(database_dumping_destdir)"
+ echo "Saving current slapd configuration to $dir..." >&2
+ slapcat -F "$SLAPD_CONF" -n0 -l "$dir/cn=config.ldif"
+}
+# }}}
+dump_databases() { # {{{
+# If the user wants us to dump the databases they are dumped to the
+# configured directory.
+
+ local db suffix file dir failed
+
+ database_dumping_enabled || return 0
+
+ dir=`database_dumping_destdir`
+ echo >&2 " Dumping to $dir: "
+ (get_suffix | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ if [ -n "$dbdir" ]; then
+ file="$dir/$suffix.ldif"
+ printf ' - directory %s... ' "$suffix" >&2
+ # Need to support slapd.d migration from preinst
+ if [ -f "${SLAPD_CONF}" ]; then
+ slapcat_opts="-g -f ${SLAPD_CONF}"
+ else
+ slapcat_opts="-g -F ${SLAPD_CONF}"
+ fi
+ slapcat ${slapcat_opts} -b "$suffix" > "$file" || failed=1
+ if [ "$failed" ]; then
+ rm -f "$file"
+ echo "failed." >&2
+ db_subst slapd/upgrade_slapcat_failure location "$dir" <&5
+ db_input critical slapd/upgrade_slapcat_failure <&5 || true
+ db_go <&5 || true
+ exit 1
+ fi
+ echo "done." >&2
+ fi
+ done) 5<&0 </dev/null
+}
+
+# }}}
+load_databases() { # {{{
+ local dir file db dbdir backupdir slapadd_opts
+
+ dir=`database_dumping_destdir`
+ echo >&2 " Loading from $dir: "
+ # restore by increasing suffix length due to possibly glued databases
+ get_suffix | awk '{ print length, $0 }' | sort -n | cut -d ' ' -f 2- \
+ | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ if [ -z "$dbdir" ]; then
+ continue
+ fi
+ if ! is_empty_dir "$dbdir"; then
+ echo >&2 \
+ " Directory $dbdir for $suffix not empty, aborting."
+ exit 1
+ fi
+
+ file="$dir/$suffix.ldif"
+ printf ' - directory %s... ' "$suffix" >&2
+
+ # If there is an old DB_CONFIG file, restore it before
+ # running slapadd
+ backupdir="$(compute_backup_path -n "$dbdir" "$suffix")"
+ if [ -e "$backupdir"/DB_CONFIG ]; then
+ cp -a "$backupdir"/DB_CONFIG "$dbdir"/
+ fi
+
+ if [ -f "${SLAPD_CONF}" ]; then
+ slapadd_opts="-g -f ${SLAPD_CONF}"
+ else
+ slapadd_opts="-g -F ${SLAPD_CONF}"
+ fi
+ capture_diagnostics slapadd ${slapadd_opts} \
+ -q -b "$suffix" -l "$file" || failed=1
+ if [ "$failed" ]; then
+ rm -f "$dbdir"/*
+ echo "failed." >&2
+ echo >&2
+ cat <<-EOF
+ Loading the database from the LDIF dump failed with the following
+ error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+ echo "done." >&2
+
+ if [ -n "$SLAPD_USER" ] || [ -n "$SLAPD_GROUP" ]; then
+ echo -n " - chowning database directory ($SLAPD_USER:$SLAPD_GROUP)... "
+ update_permissions "$dbdir"
+ echo "done";
+ fi
+ done
+}
+
+# }}}
+move_incompatible_databases_away() { # {{{
+ echo >&2 " Moving old database directories to /var/backups:"
+ (get_suffix | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ move_old_database_away "$dbdir" "$suffix" <&5
+ done) 5<&0 </dev/null
+}
+# }}}
+# }}}
+# }}}
+
+# ===== Parsing the slapd configuration file ============================ {{{
+#
+# For some operations we have to know the slapd configuration. These
+# functions are for parsing the slapd configuration file.
+
+# The following two functions need to support slapd.conf installations
+# as long as upgrading from slapd.conf environment is supported.
+# They're used to dump database in preinst which may have a slapd.conf file.
+get_suffix() { # {{{
+ if [ -f "${SLAPD_CONF}" ]; then
+ for f in `get_all_slapd_conf_files`; do
+ sed -n -e '/^suffix[[:space:]]/ { s/^suffix[[:space:]]\+"*\([^"]\+\)"*/\1/; s/\\\\/\\/g; p }' $f
+ done
+ else
+ grep -h ^olcSuffix ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif | cut -d: -f 2
+ fi | sort -u
+}
+# }}}
+get_directory() { # {{{
+# Returns the db directory for a given suffix
+ if [ -d "${SLAPD_CONF}" ] && get_suffix | grep -Fq "$1" ; then
+ sed -n 's/^olcDbDirectory: *//p' `grep -Flx "olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif`
+ elif [ -f "${SLAPD_CONF}" ]; then
+ # Extract the directory for the given suffix ($1)
+ # Quote backslashes once for slapd.conf parser, again for awk
+ quoted="$(printf '%s' "$1" | sed 's/\\/\\\\\\\\/g')"
+ for f in `get_all_slapd_conf_files`; do
+ awk ' BEGIN { DB=0; SUF=""; DIR="" } ;
+ /^database/ { DB=1; SUF=""; DIR="" } ;
+ DB==1 && /^suffix[ \t]+"?'"$quoted"'"?$/ { SUF=$2 ; } ;
+ DB==1 && /^directory/ { DIR=$2 ;} ;
+ DB==1 && SUF!="" && DIR!="" { sub(/^"/,"",DIR) ; sub(/"$/,"",DIR) ; print DIR; SUF=""; DIR="" }' "${f}" | \
+ sed -e's/\([^\\]\|^\)"/\1/g; s/\\"/"/g; s/\\\\/\\/g'
+
+ done
+ else
+ return 1
+ fi
+}
+# }}}
+get_all_slapd_conf_files() { # {{{
+# Returns the list of all the config files: slapd.conf and included files.
+ echo ${SLAPD_CONF}
+ awk '
+BEGIN { I=0 }
+/^include/ {
+ sub(/include/," ");
+ I=1;
+}
+I==1 && /^[ \t]+/ {
+ split($0,F) ;
+ for (f in F)
+ if (!match(F[f],/schema/)) {
+ print F[f]
+ } ;
+ next;
+}
+I==1 { I=0 }
+' ${SLAPD_CONF}
+}
+# }}}
+# }}}
+
+compute_backup_path() { # {{{
+# Compute the path to backup a database directory
+# Usage: compute_backup_path [-n] <dir> <basedn>
+
+# XXX: should ask the user via debconf
+
+ local dirname basedn ok_exists
+ if [ "$1" = "-n" ]; then
+ ok_exists=yes
+ shift
+ fi
+ dirname="$1"
+ basedn="$2"
+
+ # Computing the name of the backup directory from the old version,
+ # the suffix etc. all makes me feel worried. I'd rather have a
+ # directory name which is not going to exist. So the simple
+ # scheme we are using now is to compute the filename from the
+ # directory name and appending date and time. And we check if it
+ # exists to be really sure... -- Torsten
+
+ local target
+ local id
+ id="$OLD_VERSION"
+ [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`
+ target="/var/backups/$basedn-$id.ldapdb"
+ if [ -e "$target" ] && [ -z "$ok_exists" ]; then
+ echo >&2
+ echo >&2 " Backup path $target exists. Giving up..."
+ exit 1
+ fi
+
+ printf '%s' "$target"
+}
+
+# }}}
+move_old_database_away() { # {{{
+# Move the old database away if it is still there
+#
+# In fact this function makes sure that the database directory is empty
+# with the exception of any DB_CONFIG file
+# and can be populated with a new database. If something is in the way
+# it is moved to a backup directory if the user accepted the debconf
+# option slapd/move_old_database. Otherwise we output a warning and let
+# the user fix it himself.
+# Usage: move_old_database_away <dbdir> [<basedn>]
+
+ local databasedir backupdir
+ databasedir="$1"
+ suffix="${2:-unknown}"
+
+ if [ ! -e "$databasedir" ] || is_empty_dir "$databasedir"; then
+ return 0
+ fi
+
+ # Note that we can't just move the database dir as it might be
+ # a mount point. Instead me move the content which might
+ # include mount points as well anyway, but it's much less likely.
+ db_get slapd/move_old_database
+ if [ "$RET" = true ]; then
+ backupdir="$(compute_backup_path "$databasedir" "$suffix")"
+ printf ' - directory %s... ' "$suffix" >&2
+ mkdir -p "$backupdir"
+ find -H "$databasedir" -mindepth 1 -maxdepth 1 -type f \
+ -exec mv {} "$backupdir" \;
+ echo done. >&2
+ else
+ cat >&2 <<EOF
+ There are leftover files in $databasedir. This will probably break
+ creating the initial directory. If that's the case please move away
+ stuff in there and retry the configuration.
+EOF
+ fi
+}
+# }}}
+manual_configuration_wanted() { # {{{
+# Check if the user wants to configure everything himself (queries debconf)
+# Returns success if yes.
+
+ db_get slapd/no_configuration
+ if [ "$RET" = "true" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+# }}}
+copy_example_DB_CONFIG() { # {{{
+# Copy an example DB_CONFIG file
+# copy_example_DB_CONFIG <directory>
+ local directory srcdir
+
+ directory="$1"
+ srcdir="/usr/share/slapd"
+
+ if ! [ -f "${directory}/DB_CONFIG" ] && [ -d "$directory" ]; then
+ cp $srcdir/DB_CONFIG "${directory}/DB_CONFIG"
+ fi
+}
+
+# }}}
+create_new_configuration() { # {{{
+# Create a new configuration and directory
+
+ local basedn dc backend
+
+ # For the domain really.argh.org we create the basedn
+ # dc=really,dc=argh,dc=org with the dc entry dc: really
+ db_get slapd/domain
+ basedn="dc=`echo $RET | sed 's/^\.//; s/\.$//; s/\./,dc=/g'`"
+ dc="`echo $RET | sed 's/^\.//; s/\..*$//'`"
+
+ db_get slapd/backend
+ backend="`echo $RET|tr A-Z a-z`"
+
+ backup_config_once
+ if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then
+ echo >&2 " Moving old database directory to /var/backups:"
+ move_old_database_away /var/lib/ldap
+ fi
+ create_ldap_directories
+ create_new_slapd_conf "$basedn" "$backend"
+ create_new_directory "$basedn" "$dc"
+
+ # Put the right permissions on this directory.
+ update_permissions /var/lib/ldap
+
+ # Now that we created the new directory we don't need the passwords in the
+ # debconf database anymore. So wipe them.
+ wipe_admin_pass
+}
+# }}}
+create_new_slapd_conf() { # {{{
+# Create the new slapd.d directory (configuration)
+# Usage: create_new_slapd_conf <basedn> <backend>
+
+ local initldif failed basedn backend backendobjectclass backendoptions adminpass
+
+ # Fetch configuration
+ basedn="$1"
+ backend="$2"
+ if [ "$backend" = "mdb" ]; then
+ backendoptions="olcDbMaxSize: 1073741824"
+ backendobjectclass="olcMdbConfig"
+ else
+ backendoptions="olcDbConfig: set_cachesize 0 2097152 0\nolcDbConfig: set_lk_max_objects 1500\nolcDbConfig: set_lk_max_locks 1500\nolcDbConfig: set_lk_max_lockers 1500"
+ if [ "$backend" = "hdb" ]; then
+ backendobjectclass="olcHdbConfig"
+ else
+ backendobjectclass="olcBdbConfig"
+ fi
+ fi
+ db_get slapd/internal/adminpw
+ adminpass="$RET"
+
+ echo -n " Creating initial configuration... " >&2
+
+ # Create the slapd.d directory.
+ rm -rf ${SLAPD_CONF}/cn=config ${SLAPD_CONF}/cn=config.ldif
+ mkdir -p ${SLAPD_CONF}
+ initldif=`mktemp -t slapadd.XXXXXX`
+ cat /usr/share/slapd/slapd.init.ldif > ${initldif}
+
+ # Change some defaults
+ sed -i -e "s|@BACKEND@|$backend|g" ${initldif}
+ sed -i -e "s|@BACKENDOBJECTCLASS@|$backendobjectclass|g" ${initldif}
+ sed -i -e "s|@BACKENDOPTIONS@|$backendoptions|g" ${initldif}
+ sed -i -e "s|@SUFFIX@|$basedn|g" ${initldif}
+ sed -i -e "s|@PASSWORD@|$adminpass|g" ${initldif}
+
+ capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "cn=config" \
+ -l "${initldif}" || failed=1
+ if [ "$failed" ]; then
+ cat <<-EOF
+Loading the initial configuration from the ldif file (${init_ldif}) failed with
+the following error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+
+ update_permissions "${SLAPD_CONF}"
+ rm -f "${initldif}"
+ echo "done." >&2
+}
+# }}}
+encode_utf8() { #{{{
+# Make the value utf8 encoded. Takes one argument and utf8 encode it.
+# Usage: val=`encode_utf8 <value>`
+ perl -e 'use Encode; print encode_utf8($ARGV[0]);' "$1"
+} #}}}
+create_new_directory() { # {{{
+# Create a new directory. Takes the basedn and the dc value of that entry.
+# Other information is extracted from debconf.
+# Usage: create_new_directory <basedn> <dc>
+
+ local basedn dc organization adminpass
+ basedn="$1"
+ dc="$2"
+
+ # Encode to utf8 and base64 encode the organization.
+ db_get shared/organization
+ organization=`encode_utf8 "$RET"`
+ db_get slapd/internal/adminpw
+ adminpass="$RET"
+
+ echo -n " Creating LDAP directory... " >&2
+
+ initldif=`mktemp -t slapadd.XXXXXX`
+ cat <<-EOF > "${initldif}"
+ dn: $basedn
+ objectClass: top
+ objectClass: dcObject
+ objectClass: organization
+ o: $organization
+ dc: $dc
+
+ dn: cn=admin,$basedn
+ objectClass: simpleSecurityObject
+ objectClass: organizationalRole
+ cn: admin
+ description: LDAP administrator
+ userPassword: $adminpass
+ EOF
+
+ capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "${basedn}" \
+ -l "${initldif}" || failed=1
+ if [ "$failed" ]; then
+ rm -f ${initldif}
+ echo "failed." >&2
+ cat <<-EOF
+Loading the initial configuration from the ldif file (${init_ldif}) failed with
+the following error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+
+ rm -f ${initldif}
+ echo "done." >&2
+}
+# }}}
+backup_config_once() { # {{{
+# Create a backup of the current configuration files.
+# Usage: backup_config_once
+
+ local backupdir
+
+ if [ -z "$FLAG_CONFIG_BACKED_UP" ]; then
+ if [ -e "$SLAPD_CONF" ]; then
+ backupdir=`database_dumping_destdir`
+ echo -n " Backing up $SLAPD_CONF in ${backupdir}... " >&2
+ cp -a "$SLAPD_CONF" "$backupdir"
+ echo done. >&2
+ fi
+ FLAG_CONFIG_BACKED_UP=yes
+ fi
+}
+
+# }}}
+normalize_ldif() { # {{{
+# Unwrap LDIF lines and strip comments.
+ perl -00 -pe 's/\n[ \t]//g; s/^#.*\n//mg' "$@"
+}
+# }}}
+
+
+set_defaults_for_unseen_entries() { # {{{
+# Set up the defaults for our templates
+ DOMAIN=`hostname -d 2>/dev/null` || true
+ if [ -z "$DOMAIN" ]; then DOMAIN='nodomain'; fi
+
+ db_fget slapd/domain seen
+ if [ "$RET" = false ]; then
+ db_set slapd/domain "$DOMAIN"
+ fi
+
+ db_fget shared/organization seen
+ if [ "$RET" = false ]; then
+ db_set shared/organization "$DOMAIN"
+ fi
+}
+# }}}
+crypt_admin_pass() { # {{{
+# Store the encrypted admin password into the debconf db
+# Usage: crypt_admin_pass
+
+ local adminpw;
+
+ db_get slapd/password1
+ if [ ! -z "$RET" ]; then
+ db_set slapd/internal/adminpw `create_password_hash "$RET"`
+ else
+
+ # Set the password.
+ adminpw=`generate_admin_pass`
+ db_set slapd/internal/generated_adminpw $adminpw
+ db_set slapd/internal/adminpw `create_password_hash "$adminpw"`
+ fi
+}
+
+generate_admin_pass() {
+# Generate a password, if no password given then generate one.
+# Usage: generate_admin_pass
+
+ perl << 'EOF'
+# --------
+sub generatePassword {
+ $length = shift;
+ $possible = 'abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ $password = '';
+ while(length($password) < $length) {
+ $password.= substr($possible, (int(rand(length($possible)))), 1);
+ }
+ return $password;
+}
+print generatePassword(15);
+EOF
+# --------
+}
+
+wipe_admin_pass() {
+# Remove passwords after creating the initial ldap database.
+# Usage: wipe_admin_pass
+ db_set slapd/password1 ""
+ db_set slapd/password2 ""
+ db_set slapd/internal/adminpw ""
+ db_set slapd/internal/generated_adminpw ""
+}
+
+# }}}
+create_password_hash() { # {{{
+# Create the password hash for the given password
+# Usage: hash=`create_password_hash "$password"`
+
+ slappasswd -s "$1"
+}
+
+# }}}
+previous_version_older() { # {{{
+# Check if the previous version is newer than the reference version passed.
+# If we are not upgrading the previous version is assumed to be newer than
+# any reference version.
+# Usage: previous_version_older <package version>
+
+ if dpkg --compare-versions "$OLD_VERSION" lt-nl "$1"; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# }}}
+previous_version_newer() { # {{{
+# Check if the previous version is newer than the reference version passed.
+# If we are not upgrading the previous version is assumed to be newer than
+# any reference version.
+# Usage: previous_version_newer <package version>
+
+ if dpkg --compare-versions "$OLD_VERSION" gt-nl "$1"; then
+ return 0
+ else
+ return 1
+ fi
+} # }}}
+
+is_initial_configuration() { # {{{
+# Check if this is the initial configuration and not an upgrade of an
+# existing configuration
+# Usage: if is_initial_configuration "$@"; then ... fi from top level
+
+ # Plain installation
+ if [ "$1" = configure ] && [ -z "$2" ]; then
+ return 0
+ fi
+ # Configuration via dpkg-reconfigure
+ if [ "$1" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]; then
+ return 0
+ fi
+ # Upgrade but slapd.conf doesn't exist. If the user is doing this
+ # intentionally because they want to put it somewhere else, they
+ # should select manual configuration in debconf.
+ if [ "$1" = configure ] && [ ! -e "${SLAPD_CONF}" ]; then
+ return 0
+ fi
+ return 1
+}
+
+# }}}
+is_empty_dir() { # {{{
+# Check if a path refers to a directory that is "empty" from the POV of slapd
+# (i.e., contains no files except for an optional DB_CONFIG).
+# Usage: if is_empty_dir "$dir"; then ... fi
+
+ output=`find -H "$1" -mindepth 1 -maxdepth 1 -type f \! -name DB_CONFIG 2>/dev/null`
+ if [ -n "$output" ]; then
+ return 1
+ else
+ return 0
+ fi
+}
+
+# }}}
+
+find_old_ppolicy_schema() { # {{{
+# Helper for the ppolicy schema update in 2.4.43. Checks whether the
+# exported config includes an old version of the ppolicy schema that
+# needs the new attribute added. If such a schema is found, echos its DN
+# to stdout. If the schema is not loaded or is already up-to-date,
+# returns nothing. The provided LDIF should have its lines unwrapped
+# already.
+# Usage: ppolicy_dn="$(find_old_ppolicy_schema "$exported_ldif")"
+ local ppolicy_dn
+
+ # Is the ppolicy schema loaded?
+ if ! ppolicy_dn="$(grep '^dn: cn={[0-9]\+}ppolicy,cn=schema,cn=config$' "$1")"; then
+ return
+ fi
+
+ # Has the pwdMaxRecordedFailure attribute already been added?
+ # It might have been replicated from a newer server.
+ if grep -q '^olcAttributeTypes: .*NAME '\''pwdMaxRecordedFailure'\' "$1"; then
+ return
+ fi
+
+ # The schema is loaded and needs to be updated.
+ ppolicy_dn="${ppolicy_dn#dn: }"
+ echo "$ppolicy_dn"
+}
+# }}}
+
+# ===== Global variables ================================================ {{{
+#
+# At some points we need to know which version we are upgrading from if
+# any. More precisely we only care about the configuration and data we
+# might have laying around. Some parts also want to know which mode the
+# script is running in.
+
+MODE="$1" # install, upgrade, etc. - see debian-policy
+OLD_VERSION="$2"
+
+# Source the init script configuration
+# See example file debian/slapd.default for variables defined here
+if [ -f "/etc/default/slapd" ]; then
+ . /etc/default/slapd
+fi
+
+# Load the default location of the slapd config file
+if [ -z "$SLAPD_CONF" ]; then
+ if [ -f "/etc/ldap/slapd.conf" ] && \
+ [ ! -e "/etc/ldap/slapd.d" ]
+ then
+ SLAPD_CONF="/etc/ldap/slapd.conf"
+ else
+ SLAPD_CONF="/etc/ldap/slapd.d"
+ fi
+fi
+
+# }}}
+
+# ----- Handling diagnostic output ------------------------------------ {{{
+#
+# Often you want to run a program while you are showing progress
+# information to the user. If the program you are running outputs some
+# diagnostics it will mess up your screen.
+#
+# This is what the following functions are designed for. When running the
+# program, use capture_diagnostics to store what the program outputs to
+# stderr and use release_diagnostics to write out the captured output.
+
+
+capture_diagnostics() { # {{{
+# Run the command passed and capture the diagnostic output in a temporary
+# file. You can dump that file using release_diagnostics.
+
+ # Create the temporary file
+ local tmpfile
+ tmpfile=`mktemp`
+ exec 7<>"$tmpfile"
+ rm "$tmpfile"
+
+ # Run the program and capture stderr. If the program fails the
+ # function fails with the same status.
+ "$@" 2>&7 || return $?
+}
+
+# }}}
+release_diagnostics() { # {{{
+# Dump the diagnostic output captured via capture_diagnostics, optionally
+# prefixing each line.
+# Usage: release_diagnostics "prefix"
+
+ local script
+ script='
+ seek STDIN, 0, 0;
+ print "$ARGV[0]$_" while (<STDIN>);';
+ perl -e "$script" "$1" <&7
+}
+
+# }}}
+
+
+# }}}
+
+# vim: set sw=8 foldmethod=marker:
+
diff --git a/debian/slapd.templates b/debian/slapd.templates
new file mode 100644
index 0000000..e4ad154
--- /dev/null
+++ b/debian/slapd.templates
@@ -0,0 +1,185 @@
+Template: slapd/no_configuration
+Type: boolean
+Default: false
+_Description: Omit OpenLDAP server configuration?
+ If you enable this option, no initial configuration or database will be
+ created for you.
+
+Template: slapd/dump_database
+Type: select
+__Choices: always, when needed, never
+Default: when needed
+_Description: Dump databases to file on upgrade:
+ Before upgrading to a new version of the OpenLDAP server, the data from
+ your LDAP directories can be dumped into plain text files in the
+ standard LDAP Data Interchange Format.
+ .
+ Selecting "always" will cause the databases to be dumped
+ unconditionally before an upgrade. Selecting "when needed" will only
+ dump the database if the new version is incompatible with the old
+ database format and it needs to be reimported. If you select "never",
+ no dump will be done.
+
+Template: slapd/dump_database_destdir
+Type: string
+Default: /var/backups/slapd-VERSION
+_Description: Directory to use for dumped databases:
+ Please specify the directory where the LDAP databases will be exported.
+ In this directory, several LDIF files will be created which correspond
+ to the search bases located on the server. Make sure you have enough
+ free space on the partition where the directory is located. The first
+ occurrence of the string "VERSION" is replaced with the server version
+ you are upgrading from.
+
+Template: slapd/move_old_database
+Type: boolean
+Default: true
+_Description: Move old database?
+ There are still files in /var/lib/ldap which will probably break
+ the configuration process. If you enable this option, the maintainer
+ scripts will move the old database files out of the way before
+ creating a new database.
+
+Template: slapd/invalid_config
+Type: boolean
+Default: true
+_Description: Retry configuration?
+ The configuration you entered is invalid. Make sure that the DNS domain name
+ is syntactically valid, the field for the organization is not left empty and
+ the admin passwords match. If you decide not to retry the configuration the
+ LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to
+ retry later.
+
+Template: slapd/domain
+Type: string
+_Description: DNS domain name:
+ The DNS domain name is used to construct the base DN of the LDAP directory.
+ For example, 'foo.example.org' will create the directory with
+ 'dc=foo, dc=example, dc=org' as base DN.
+
+Template: shared/organization
+Type: string
+_Description: Organization name:
+ Please enter the name of the organization to use in the base DN of your
+ LDAP directory.
+
+Template: slapd/password1
+Type: password
+_Description: Administrator password:
+ Please enter the password for the admin entry in your LDAP directory.
+
+Template: slapd/password2
+Type: password
+_Description: Confirm password:
+ Please enter the admin password for your LDAP directory again to verify
+ that you have typed it correctly.
+
+Template: slapd/password_mismatch
+Type: note
+_Description: Password mismatch
+ The two passwords you entered were not the same. Please try again.
+
+Template: slapd/purge_database
+Type: boolean
+Default: false
+_Description: Do you want the database to be removed when slapd is purged?
+
+Template: slapd/internal/adminpw
+Type: password
+Description: Encrypted admin password:
+ Internal template, should never be displayed to users.
+
+Template: slapd/internal/generated_adminpw
+Type: password
+Description: Generated admin password:
+ Internal template, should never be displayed to users.
+
+Template: slapd/upgrade_slapcat_failure
+Type: error
+#flag:translate!:5
+#flag:comment:4
+# This paragraph is followed by a (non translatable) paragraph
+# containing a command line
+#flag:comment:6
+# Translators: keep "${location}" unchanged. This is a variable that
+# will be replaced by a directory name at execution
+_Description: slapcat failure during upgrade
+ An error occurred while upgrading the LDAP directory.
+ .
+ The 'slapcat' program failed while extracting the LDAP directory. This
+ may be caused by an incorrect configuration file (for example, missing
+ 'moduleload' lines to support the backend database).
+ .
+ This failure will cause 'slapadd' to fail later as well. The old database
+ files will be moved to /var/backups. If you want to try this upgrade
+ again, you should move the old database files back into place, fix
+ whatever caused slapcat to fail, and run:
+ .
+ slapcat > ${location}
+ .
+ Then move the database files back to a backup area and then try running
+ slapadd from ${location}.
+
+Template: slapd/backend
+Type: select
+Choices: BDB, HDB, MDB
+Default: MDB
+_Description: Database backend to use:
+ HDB and BDB use similar storage formats, but HDB adds support for
+ subtree renames. Both support the same configuration options.
+ .
+ The MDB backend is recommended. MDB uses a new storage format and
+ requires less configuration than BDB or HDB.
+ .
+ In any case, you should review the resulting database configuration for
+ your needs. See /usr/share/doc/slapd/README.Debian.gz for more details.
+
+Template: slapd/unsafe_selfwrite_acl
+Type: note
+#flag:comment:3
+# Translators: keep "by self write" and "to *" unchanged. These are part
+# of the slapd configuration and are not translatable.
+_Description: Potentially unsafe slapd access control configuration
+ One or more of the configured databases has an access control rule that
+ allows users to modify most of their own attributes. This may be
+ unsafe, depending on how the database is used.
+ .
+ In the case of slapd access rules that begin with "to *", it is
+ recommended to remove any instances of "by self write", so that users
+ are only able to modify specifically allowed attributes.
+ .
+ See /usr/share/doc/slapd/README.Debian.gz for more details.
+
+Template: slapd/ppolicy_schema_needs_update
+Type: select
+__Choices: abort installation, continue regardless
+DefaultChoice: abort installation
+#flag:comment:2
+# "ppolicy" and "pwdMaxRecordedFailure" are not translatable.
+#flag:comment:3
+# This paragraph is followed by the path to the generated file (not
+# translatable). The sentence continues in the following paragraph.
+#flag:comment:5
+# This paragraph continues the sentence started in the previous
+# paragraph. It is followed by a command line.
+#flag:translate!:4,6
+_Description: Manual ppolicy schema update recommended
+ The new version of the Password Policy (ppolicy) overlay requires the
+ schema to define the pwdMaxRecordedFailure attribute type, which is not
+ present in the schema currently in use. It is recommended to abort the
+ upgrade now, and to update the ppolicy schema before upgrading slapd.
+ If replication is in use, the schema update should be applied on every
+ server before continuing with the upgrade.
+ .
+ An LDIF file has been generated with the changes required for the upgrade:
+ .
+ ${ldif}
+ .
+ so if slapd is using the default access control rules, these changes can be
+ applied (after starting slapd) by using the command:
+ .
+ ldapmodify -H ldapi:/// -Y EXTERNAL -f ${ldif}
+ .
+ If instead you choose to continue the installation, the new attribute
+ type will be added automatically, but the change will not be acted on
+ by slapd overlays, and replication with other servers may be affected.
diff --git a/debian/slapi-dev.install b/debian/slapi-dev.install
new file mode 100644
index 0000000..aa8a25d
--- /dev/null
+++ b/debian/slapi-dev.install
@@ -0,0 +1,2 @@
+usr/include/slapi-plugin.h
+usr/lib/*/libslapi.so
diff --git a/debian/slapo-pw-pbkdf2.5 b/debian/slapo-pw-pbkdf2.5
new file mode 100644
index 0000000..e5dd5de
--- /dev/null
+++ b/debian/slapo-pw-pbkdf2.5
@@ -0,0 +1,112 @@
+.TH SLAPO-PW-PBKDF2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015-2018 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo-pw-pbkdf2 \- PBKDF2 password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-pbkdf2
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-pbkdf2
+module to
+.BR slapd (8)
+provides support for the use of the key stretching function
+PBKDF2 (Password-Based Key Derivation Function 2) following RFC 2898
+in hashed passwords in OpenLDAP.
+.LP
+It does so by providing the following additional password schemes for use in slapd:
+.RS
+.TP
+.B {PBKDF2}
+alias to {PBKDF2-SHA1}
+.TP
+.B {PBKDF2-SHA1}
+PBKDF2 using HMAC-SHA-1 as the underlying pseudorandom function
+.TP
+.B {PBKDF2-SHA256}
+PBKDF2 using HMAC-SHA-256 as the underlying pseudorandom function
+.TP
+.B {PBKDF2-SHA512}
+PBKDF2 using HMAC-SHA-512 as the underlying pseudorandom function
+.RE
+
+.SH CONFIGURATION
+The
+.B pw-pbkdf2
+module does not need any configuration.
+.LP
+After loading the module, the password schemes
+{PBKDF2}, {PBKDF2-SHA1}, {PBKDF2-SHA256}, and {PBKDF2-SHA512}
+will be recognised in values of the
+.I userPassword
+attribute.
+.LP
+You can then instruct OpenLDAP to use these schemes when processing
+the LDAPv3 Password Modify (RFC 3062) extended operations by using the
+.BR password-hash
+option in
+.BR slapd.conf (5).
+
+.SH NOTES
+If you want to use the schemes described here with
+.BR slappasswd (8),
+remember to load the module using its command line options.
+The relevant option/value is:
+.RS
+.LP
+.B \-o
+.BR module\-load = pw-pbkdf2
+.LP
+.RE
+Depending on
+.BR pw-pbkdf2 's
+location, you may also need:
+.RS
+.LP
+.B \-o
+.BR module\-path = \fIpathspec\fP
+.RE
+
+.SH EXAMPLES
+All of the userPassword LDAP attributes below encode the password
+.RI ' secret '.
+.EX
+.LP
+userPassword: {PBKDF2-SHA512}10000$/oQ4xZi382mk7kvCd3ZdkA$2wqjpuyV2l0U/a1QwoQPOtlQL.UcJGNACj1O24balruqQb/NgPW6OCvvrrJP8.SzA3/5iYvLnwWPzeX8IK/bEQ
+.LP
+userPassword: {PBKDF2-SHA256}10000$jq40ImWtmpTE.aYDYV1GfQ$mpiL4ui02ACmYOAnCjp/MI1gQk50xLbZ54RZneU0fCg
+.LP
+userPassword: {PBKDF2-SHA1}10000$QJTEclnXgh9Cz3ChCWpdAg$9.s98jwFJM.NXJK9ca/oJ5AyoAQ
+.EE
+.LP
+To make {PBKDF2-SHA512} the password hash used in Password Modify extended operations,
+simply set this line in slapd.conf(5):
+.EX
+.LP
+password-hash {PBKDF2-SHA512}
+.EX
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR slappasswd (8),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been written by Peter Marschall based on the
+module's README file written by HAMANO Tsukasa <hamano@osstech.co.jp>
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
diff --git a/debian/source.lintian-overrides b/debian/source.lintian-overrides
new file mode 100644
index 0000000..d642a59
--- /dev/null
+++ b/debian/source.lintian-overrides
@@ -0,0 +1,10 @@
+# this file lists copyright notices applying to the schemas
+openldap source: license-problem-non-free-RFC servers/slapd/schema/README
+# RFC text removed, files contain functional interface definitions only
+# Copyright notices have been retained to preserve attribution
+openldap source: license-problem-non-free-RFC debian/schema/core.ldif
+openldap source: license-problem-non-free-RFC debian/schema/core.schema
+openldap source: license-problem-non-free-RFC debian/schema/pmi.schema
+# internal templates, not shown to users
+openldap source: untranslatable-debconf-templates slapd.templates: 89
+openldap source: untranslatable-debconf-templates slapd.templates: 94
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/tests/check_upgradepath b/debian/tests/check_upgradepath
new file mode 100755
index 0000000..d1f2578
--- /dev/null
+++ b/debian/tests/check_upgradepath
@@ -0,0 +1,173 @@
+#! /bin/sh
+
+set -e
+
+# WARNING: This script is obsolete and will require a fair bit of work to get
+# working again. It assumes woody, uses debconf questions that don't exist
+# any more, and probably doesn't check everything that you would want to
+# check. Preserved just because I haven't done the work to see if puiparts
+# can now do the same thing in a cleaner way.
+
+# Setup
+: ${chroot_dir:=../chroot}
+: ${debmirror:=http://ftp.de.debian.org/debian}
+: ${proxy:=http://proxy.galaxy:3128/}
+unset LC_ALL
+unset LC_CTYPE
+unset LC_MESSAGES
+# XXX: comment out when testing new versions. Needed so libc6 does not
+# ask for restarting services.
+export DEBIAN_FRONTEND=noninteractive
+
+woodytar=$chroot_dir/woody_base.tar.gz
+
+# List our packages
+list_packages() {
+ local p ver
+ ver=`dpkg-parsechangelog|sed -ne 's/^Version: //p'`
+ for p in `dh_listpackages`; do
+ (cd .. && echo ${p}_$ver*deb)
+ done
+}
+
+# Run a command inside the chroot
+
+in_target() {
+ chroot $chroot_dir/woody "$@"
+}
+
+# Set a debconf variable inside the chroot
+
+debconf_set() {
+ local name=$1
+ shift
+ cat >>$chroot_dir/woody/var/cache/debconf/config.dat <<EOF
+Name: $name
+Template: $name
+Flags: seen
+Value: $@
+
+EOF
+}
+
+# Setup a woody chroot
+
+setup_chroot() {
+ # Kill an existing chroot
+ rm -Rf $chroot_dir/woody
+
+ # If there is a tar archive with a base system we use it
+ if [ -e $woodytar ]; then
+ mkdir $chroot_dir/woody
+ echo -n "Unpacking system from $woodytar"
+ tar -C $chroot_dir/woody -xzf $woodytar
+ echo "done."
+ # Otherwise we need to create a new base system and save it
+ # to a tar for the next time
+ else
+ debootstrap woody $chroot_dir/woody $debmirror | \
+ shtool prop -p "Creating base system from $debmirror"
+ tar -C $chroot_dir/woody -czvf $woodytar . | \
+ shtool prop -p "Saving system to $woodytar"
+ fi
+
+ # Install a suitable apt configuration
+ echo "deb $debmirror woody main" \
+ > $chroot_dir/woody/etc/apt/sources.list
+ echo "Acquire::HTTP::Proxy \"$proxy\";" \
+ > $chroot_dir/woody/etc/apt/apt.conf
+ in_target apt-get update
+ in_target mount -t proc none /proc
+
+ # We don't want any debconf interaction
+ #debconf_set debconf/frontend Noninteractive
+}
+
+# These are our example configurations for testing the upgrade
+
+conf_domain_or_host() {
+ debconf_set slapd/fill_method auto
+ debconf_set slapd/suffix_type "domain or host"
+ debconf_set slapd/domain "some.example.net"
+ debconf_set slapd/replicate false
+ debconf_set shared/organization Some Organization
+}
+
+
+check_domain_or_host() {
+ sleep 2 # wait for slapd to startup
+ in_target ldapsearch -h localhost -b dc=some,dc=example,dc=net -x \
+ objectclass=\*
+}
+
+conf_location() {
+ debconf_set slapd/fill_method auto
+ debconf_set slapd/suffix_type "location"
+ debconf_set shared/locale/countrycode de
+ debconf_set shared/organization "Sample Organization"
+ debconf_set slapd/replicate false
+ debconf_set shared/organization Some Organization
+}
+
+check_location() {
+ sleep 2 # wait for slapd to startup
+ in_target ldapsearch -h localhost -b "o=Some Organization, c=de" \
+ -x objectclass=\*
+}
+# Install slapd inside the chroot
+
+install_slapd() {
+ in_target apt-get -y install slapd ldap-utils
+}
+
+# Do an upgrade of our packages inside the chroot
+
+upgrade() {
+ # Link our packages into the chroot
+ for p in `list_packages`; do
+ ln ../$p $chroot_dir/woody/root/
+ done
+
+ # Create a packages file
+ (cd $chroot_dir/woody/root && dpkg-scanpackages . /dev/null >Packages)
+
+ # Switch to unstable
+ echo "deb $debmirror unstable main" \
+ > $chroot_dir/woody/etc/apt/sources.list
+ echo "deb file:/root ./" >> $chroot_dir/woody/etc/apt/sources.list
+
+ # Update package lists
+ in_target apt-get update
+
+ # Tell our scripts to fix the config
+ debconf_set slapd/fix_directory true
+ debconf_set slapd/password1 foobar
+ debconf_set slapd/allow_ldap_v2
+
+ # Do an upgrade of our packages
+ in_target apt-get install -y `dh_listpackages`
+}
+
+# Checks if upgrading a woody system with slapd configured with the
+# command given works.
+
+check_upgrade() {
+ setup_chroot
+ conf_$1
+ debconf_set slapd/password1 foobar
+ debconf_set slapd/password2 foobar
+ install_slapd
+ check_$1
+ upgrade
+ check_$1
+ in_target /etc/init.d/slapd stop
+ in_target umount /proc
+}
+
+# Try upgrading our example setups
+
+for i in location domain_or_host; do
+ check_upgrade $i
+done
+
+echo "SUCCESS testing upgrading from woody"
diff --git a/debian/tests/create_account b/debian/tests/create_account
new file mode 100755
index 0000000..a5051af
--- /dev/null
+++ b/debian/tests/create_account
@@ -0,0 +1,24 @@
+#! /usr/bin/perl -w
+
+# Shows how to create an entry on the LDAP server
+
+$host = "localhost"; # LDAP server
+$basedn = "dc=galaxy"; # Base DN
+$admindn = "cn=admin, $basedn"; # Admin entry
+$adminpass = "foo"; # Password
+
+use Net::LDAP;
+
+$ldap = Net::LDAP->new("$host", onerror => "die");
+$ldap->bind($admindn, password => $adminpass);
+
+# Create "ou=People" entry if not there
+
+$results = $ldap->search(base => "$basedn",
+ filter => "ou=People", scope => "one");
+unless ($results->count > 0) {
+ $ldap->add("ou=People, $basedn", attr => [
+ ou => "People",
+ objectClass => [ "top", "organizationalUnit" ]
+ ]);
+}
diff --git a/debian/tests/find_unused_functions b/debian/tests/find_unused_functions
new file mode 100755
index 0000000..bd31d45
--- /dev/null
+++ b/debian/tests/find_unused_functions
@@ -0,0 +1,30 @@
+#! /usr/bin/perl -w
+
+use autouse Data::Dumper, qw{Dumper};
+
+# Script to find the unused shell functions in slapd.scripts-common
+
+our @code;
+
+# Get all shell code from maintainer scripts
+
+foreach my $file ((<slapd.*rm>, <slapd.*inst>, <slapd.config>,
+ <slapd.scripts-common>)) {
+ open SCRIPT, "<$file" or
+ die "Can't open $file: $!";
+ push @code, <SCRIPT>;
+ close SCRIPT;
+}
+
+# Find all function declarations
+
+our @functions = map { /^(\w+)\s*\(\).*$/; } @code;
+
+# Find unused functions
+
+foreach $function (@functions) {
+ @occurences = grep /$function/, @code;
+ @invocations = grep { !/^$function\s*\(\)/ and !/#.*$function/ }
+ @occurences;
+ print "$function\n" if @invocations == 0;
+}
diff --git a/debian/tests/hammer_slapd b/debian/tests/hammer_slapd
new file mode 100755
index 0000000..9ad7f99
--- /dev/null
+++ b/debian/tests/hammer_slapd
@@ -0,0 +1,98 @@
+#! /usr/bin/perl -w
+
+use Net::LDAP;
+use Data::Dumper;
+
+$host = "localhost"; # LDAP server
+$basedn = "dc=galaxy"; # Base DN
+$admindn = "cn=admin, $basedn"; # Admin entry
+$adminpass = "foo"; # Password
+$group = $ARGV[0] || "People";
+
+$ldap = Net::LDAP->new("$host", onerror => "die");
+$ldap->bind($admindn, password => $adminpass);
+
+sub create_group {
+ $results = $ldap->search(base => "$basedn",
+ filter => "ou=$group", scope => "one");
+ unless ($results->count > 0) {
+ $ldap->add("ou=$group, $basedn", attr => [
+ ou => "$group",
+ objectClass => [ "top", "organizationalUnit" ]
+ ]);
+ }
+}
+
+sub invent_name {
+ our @words;
+ unless (@words) {
+ open WORDS, "/usr/share/dict/british-english-large";
+ @words = grep /^[A-Z]\w{0,11}$/, <WORDS>;
+ map { chomp } @words;
+ close WORDS;
+ }
+
+ my $index = int(rand(@words));
+ $index = int(rand(@words)) while not defined $words[$index];
+ my $word = $words[$index];
+ delete $words[$index];
+ return $word;
+}
+
+sub invent_names {
+ our @names;
+
+ foreach (1..1000) {
+ push @names, { cn => invent_name, sn => invent_name };
+ }
+}
+
+sub create_entries {
+ foreach my $name (@names) {
+ create_account(%$name);
+ }
+}
+
+sub create_account {
+ our $uid;
+ $uid = 1000 if not defined $uid;
+
+ my %id = @_;
+ my $login = $id{cn};
+ $login =~ tr/A-Z/a-z/;
+ $ldap->add("uid=$login, ou=$group, $basedn", attr => [
+ %id,
+ objectClass => [ "top", "person", "posixAccount" ],
+ uid => $login,
+ uidNumber => $uid++,
+ gidNumber => 1000,
+ homeDirectory => "/home/$login" ]);
+}
+
+sub delete_entries {
+ foreach my $name (@names) {
+ delete_account(%$name);
+ }
+}
+
+sub delete_account {
+ my %id = @_;
+ my $login = $id{cn};
+ $login =~ tr/A-Z/a-z/;
+ $ldap->delete("uid=$login, ou=$group, $basedn");
+}
+
+sub search_entries {
+ foreach (1..10000) {
+ my $num = int(rand(@names));
+ $login = $names[$num]->{cn};
+ $login =~ tr/A-Z/a-z/;
+ $ldap->search(base => "$basedn", filter => "uid=$login");
+ }
+}
+
+create_group;
+invent_names;
+create_entries;
+search_entries;
+delete_entries;
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..9f48fdf
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,6 @@
+# debian/watch -- Rules for uscan to find new upstream versions.
+
+version=3
+opts=dversionmangle=s/\+dfsg// \
+https://www.openldap.org/software/download/ \
+ (?:.*/)?openldap-?_?([\d+\.]+)\.tgz