summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 17:54:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 17:54:14 +0000
commit83da7a0ac93decce70c1a02b0739020d8e2b69fd (patch)
tree0c298e82da8861a97aa152863f30eb4af5b80b37
parentAdding upstream version 2.6.7+dfsg. (diff)
downloadopenldap-83da7a0ac93decce70c1a02b0739020d8e2b69fd.tar.xz
openldap-83da7a0ac93decce70c1a02b0739020d8e2b69fd.zip
Adding debian version 2.6.7+dfsg-1~exp1.debian/2.6.7+dfsg-1_exp1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/README.source58
-rw-r--r--debian/TODO32
-rw-r--r--debian/USE-CASES7
-rw-r--r--debian/changelog3737
-rw-r--r--debian/clean2
-rw-r--r--debian/configure.options222
-rw-r--r--debian/control142
-rw-r--r--debian/copyright1502
-rwxr-xr-xdebian/dh_installscripts-common22
-rw-r--r--debian/gbp.conf6
-rw-r--r--debian/ldap-utils.README.Debian5
-rw-r--r--debian/ldap-utils.install10
-rw-r--r--debian/ldap-utils.manpages11
-rwxr-xr-xdebian/ldiftopasswd174
-rw-r--r--debian/libldap-common.install1
-rw-r--r--debian/libldap-common.manpages1
-rw-r--r--debian/libldap-dev.NEWS13
-rw-r--r--debian/libldap-dev.install15
-rw-r--r--debian/libldap-dev.links.in12
-rw-r--r--debian/libldap-dev.manpages1
-rw-r--r--debian/libldap2.README.Debian22
-rw-r--r--debian/libldap2.install2
-rw-r--r--debian/libldap2.symbols710
-rw-r--r--debian/not-installed40
-rw-r--r--debian/patches/add-tlscacert-option-to-ldap-conf12
-rw-r--r--debian/patches/contrib-makefiles54
-rw-r--r--debian/patches/debian-version16
-rw-r--r--debian/patches/do-not-second-guess-sonames73
-rw-r--r--debian/patches/fix-build-top-mk13
-rw-r--r--debian/patches/getaddrinfo-is-threadsafe47
-rw-r--r--debian/patches/index-files-created-as-root41
-rw-r--r--debian/patches/ldap-conf-tls-cacertdir29
-rw-r--r--debian/patches/ldapi-socket-place18
-rw-r--r--debian/patches/man-slapd62
-rw-r--r--debian/patches/sasl-default-path59
-rw-r--r--debian/patches/series15
-rw-r--r--debian/patches/set-maintainer-name18
-rw-r--r--debian/patches/slapi-errorlog-file18
-rw-r--r--debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff42
-rw-r--r--debian/patches/wrong-database-location73
-rw-r--r--debian/po/POTFILES.in1
-rw-r--r--debian/po/ca.po440
-rw-r--r--debian/po/cs.po494
-rw-r--r--debian/po/da.po410
-rw-r--r--debian/po/de.po524
-rw-r--r--debian/po/es.po437
-rw-r--r--debian/po/eu.po432
-rw-r--r--debian/po/fi.po440
-rw-r--r--debian/po/fr.po515
-rw-r--r--debian/po/gl.po454
-rw-r--r--debian/po/it.po434
-rw-r--r--debian/po/ja.po411
-rw-r--r--debian/po/nl.po341
-rw-r--r--debian/po/pt.po522
-rw-r--r--debian/po/pt_BR.po509
-rw-r--r--debian/po/ro.po339
-rw-r--r--debian/po/ru.po501
-rw-r--r--debian/po/sk.po425
-rw-r--r--debian/po/sv.po523
-rw-r--r--debian/po/templates.pot276
-rw-r--r--debian/po/tr.po439
-rw-r--r--debian/po/vi.po431
-rwxr-xr-xdebian/rules187
-rw-r--r--debian/schema/README15
-rw-r--r--debian/schema/collective.schema65
-rwxr-xr-xdebian/schema/compare-schema26
-rw-r--r--debian/schema/corba.schema61
-rw-r--r--debian/schema/core.ldif603
-rw-r--r--debian/schema/core.schema622
-rw-r--r--debian/schema/cosine.schema404
-rw-r--r--debian/schema/duaconf.schema153
-rw-r--r--debian/schema/inetorgperson.schema113
-rw-r--r--debian/schema/java.schema109
-rw-r--r--debian/schema/namedobject.schema42
-rw-r--r--debian/schema/pmi.schema476
-rw-r--r--debian/slapd-contrib.examples2
-rw-r--r--debian/slapd-contrib.install8
-rw-r--r--debian/slapd-contrib.lintian-overrides2
-rw-r--r--debian/slapd-contrib.manpages3
-rw-r--r--debian/slapd-remain-after-exit.conf2
-rw-r--r--debian/slapd.NEWS77
-rw-r--r--debian/slapd.README.Debian380
-rw-r--r--debian/slapd.backup62
-rw-r--r--debian/slapd.conf113
-rw-r--r--debian/slapd.config154
-rw-r--r--debian/slapd.default45
-rw-r--r--debian/slapd.dirs1
-rw-r--r--debian/slapd.examples2
-rw-r--r--debian/slapd.init202
-rw-r--r--debian/slapd.init.ldif96
-rw-r--r--debian/slapd.install66
-rw-r--r--debian/slapd.lintian-overrides3
-rw-r--r--debian/slapd.maintscript2
-rw-r--r--debian/slapd.manpages48
-rw-r--r--debian/slapd.postinst114
-rw-r--r--debian/slapd.postrm38
-rwxr-xr-xdebian/slapd.preinst37
-rwxr-xr-xdebian/slapd.prerm43
-rw-r--r--debian/slapd.scripts-common713
-rw-r--r--debian/slapd.templates138
-rw-r--r--debian/slapi-dev.install2
-rw-r--r--debian/source/format1
-rw-r--r--debian/source/lintian-overrides10
-rwxr-xr-xdebian/tests/check_upgradepath173
-rw-r--r--debian/tests/control15
-rwxr-xr-xdebian/tests/create_account24
-rwxr-xr-xdebian/tests/find_unused_functions30
-rwxr-xr-xdebian/tests/hammer_slapd98
-rwxr-xr-xdebian/tests/sha2-contrib16
-rwxr-xr-xdebian/tests/slapd15
-rwxr-xr-xdebian/tests/slapd-tls32
-rwxr-xr-xdebian/tests/smbk5pwd26
-rw-r--r--debian/upstream/signing-key.asc52
-rw-r--r--debian/watch4
114 files changed, 22360 insertions, 0 deletions
diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 0000000..781fec9
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,58 @@
+Importing a new upstream version
+--------------------------------
+
+Here are the instructions for when you want to import a new OpenLDAP
+upstream version.
+
+1) Create the new upstream branch, if needed.
+
+ The 'upstream' branch in the salsa repository is used to track
+ versions released to Debian unstable. If you intend to work on a
+ new version that will be uploaded to Debian experimental, you need
+ to create a separate 'upstream-X.Y' branch (where X.Y is the
+ OpenLDAP version).
+
+ For example, if Debian unstable is currently shipping OpenLDAP
+ 2.5.x, and if you are planning to import a new OpenLDAP 2.6.x
+ version and upload it to the experimental distribution, you should
+ create an 'upstream-2.6' branch
+
+2) Adjust debian/gbp.conf, if needed.
+
+ If you created a new upstream branch, you also have to make sure
+ that the 'upstream-branch' option in debian/gbp.conf points to it.
+
+3) Generate the DFSG-compliant orig tarball.
+
+ The package still doesn't have a DEP-5-compliant debian/copyright
+ file, so we rely on debian/rules' 'get-orig-source' target to
+ generate the tarball. You need to set the 'VERSION' environment
+ variable to the OpenLDAP version you want to import. For example:
+
+ $ debian/rules VERSION=2.6.2 get-orig-source
+
+ You can now move the tarball to the previous directory.
+
+4) Add the OpenLDAP upstream git repository as a remote.
+
+ This step is needed because we use gbp's '--upstream-vcs-tag'
+ option.
+
+ $ git remote add upstream https://git.openldap.org/openldap/openldap.git
+ $ git fetch upstream
+
+5) Import the new version into the repository.
+
+ Before running the import command, you need to determine the
+ upstream tag for the release you are planning to import. Upstream
+ names their tags using the following format:
+
+ OPENLDAP_REL_ENG_X_Y_Z
+
+ Make sure to double check if the tag version matches the orig
+ tarball version. Once everything is OK, you can run the import
+ command:
+
+ $ gbp import-orig ../openldap_X.Y.Z+dfsg.orig.tar.gz --upstream-vcs-tag=OPENLDAP_REL_ENG_X_Y_Z
+
+ -- Sergio Durigan Junior <sergiodj@debian.org>, Fri, 20 May 2022 18:44:14 -0400
diff --git a/debian/TODO b/debian/TODO
new file mode 100644
index 0000000..768674c
--- /dev/null
+++ b/debian/TODO
@@ -0,0 +1,32 @@
+openldap2.2 (2.2.23-4) unstable; urgency=low
+
+ * debian/slapd.NEWS: Summarize the upstream changes and make clear that
+ the upgrade may be problemated. Sketch the upgrade procedure.
+ * debian/README.Debian: Explain what to check for if upgrading fails and
+ how to recover.
+ * CARLO: debian/slapd.scripts-common: Handle all UTF-8 supported characters
+ in organization field by converting the locale specific input into
+ utf-8 and base64 encoding the result (closes: #236097).
+ * Maintainer scripts: Handle the configuration to enable ldif dumping
+ correctly: Dump if requested and only slapadd the data if it is
+ supposed to be there.
+ * Check ITS#3267 (possible data loss) and apply the patch to the
+ package.
+ * CARLO: Escape special chars in the names of backup LDIF files using
+ the %xx syntax.
+ * Check lintian warning: Postinst uses db_input. I think the usage is
+ okay as it is an error message IIRC which is also output using cat
+ in case debconf is not available.
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 3 Apr 2005 20:24:52 +0200
+
+openldap2.2 (2.2.23-5) unstable; urgency=low
+
+ * Refactoring of the maintainer scripts. Goals:
+ + No more direct access to global variables but accessor functions
+ to check for invalid uses. Example: Don't use $OLD_VERSION but
+ `get_previous_version`. That way invalid uses can easily be flagged
+ if that information is not available anymore.
+ * Remove perl script to hash a password and use slappasswd instead.
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 3 Apr 2005 20:24:52 +0200
diff --git a/debian/USE-CASES b/debian/USE-CASES
new file mode 100644
index 0000000..e073fae
--- /dev/null
+++ b/debian/USE-CASES
@@ -0,0 +1,7 @@
+Some ideas what to check and what the desired results would be:
+
+- running dpkg-reconfigure with an already configured slapd
+
+ Should either backup the database or ask before killing it.
+ Same for slapd.conf. Neither old configuration or old database
+ should be lost without the user confirming that this is what he wants.
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..5c3333e
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,3737 @@
+openldap (2.6.7+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream version 2.6.7+dfsg
+ * d/p/contrib-makefiles: Refresh patch.
+
+ -- Sergio Durigan Junior <sergiodj@debian.org> Thu, 01 Feb 2024 16:24:20 -0500
+
+openldap (2.6.6+dfsg-1~exp2) experimental; urgency=medium
+
+ * Update debconf translations:
+ - German, thanks to Helge Kreutzmann. (Closes: #1007728)
+ - Spanish, thanks to Camaleón. (Closes: #1008529)
+ - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034)
+ - Turkish, thanks to Atila KOÇ. (Closes: #1029758)
+ - Romanian, thanks to Remus-Gabriel Chelu. (Closes: #1033177)
+ * Create an autopkgtest covering basic TLS functionality.
+ Thanks to John Scott.
+
+ -- Ryan Tandy <ryan@nardis.ca> Wed, 09 Aug 2023 10:10:54 -0700
+
+openldap (2.6.6+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream version 2.6.6+dfsg
+
+ -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 31 Jul 2023 18:24:38 -0400
+
+openldap (2.6.5+dfsg-1~exp1) experimental; urgency=medium
+
+ [ Sergio Durigan Junior ]
+ * New upstream version 2.6.5+dfsg
+ * d/control: Bump Standards-Version to 4.6.2; no changes needed.
+ * d/control: Bump debhelper-compat to 13.
+ * d/control: Drop lsb-base from slapd's Depends.
+
+ [ Ryan Tandy ]
+ * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the
+ autopkgtest failure due to heimdal setting mode 700 on this directory.
+ (Closes: #1020442)
+ * d/source/lintian-overrides: Add wildcards to make overrides compatible
+ with both older and newer versions of lintian.
+ * d/slapd-contrib.lintian-overrides: Remove unused
+ custom-library-search-path override now that krb5-config no longer sets
+ -rpath.
+ * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path.
+ (Closes: #1030814)
+
+ [ Gioele Barabucci ]
+ * slapd.scripts-common: Avoid double-UTF8-encoding org name.
+ (Closes: #1016185)
+ * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style`
+ * d/slapd.postinst: Remove test for ancient version.
+ * slapd.scripts-common: Remove unused `normalize_ldif`
+ * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics`
+
+ [ Andreas Hasenack ]
+ * d/rules: Fix passwd/sha2 build.
+ Build the passwd/sha2 contrib module with -fno-strict-aliasing to avoid
+ computing an incorrect SHA256 hash with some versions of the compiler
+ (Closes: #1030716, LP: #2000817)
+ * d/t/sha2-contrib: add test for sha2 module.
+ DEP8 test to verify the SHA256 hash produced by passwd/sha2
+
+ -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 24 Jul 2023 19:26:16 -0400
+
+openldap (2.6.4+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream version 2.6.4+dfsg.
+
+ -- Sergio Durigan Junior <sergiodj@debian.org> Sat, 04 Mar 2023 16:35:10 -0500
+
+openldap (2.6.3+dfsg-1~exp1) experimental; urgency=medium
+
+ * d/rules: Remove get-orig-source, now unnecessary.
+ * Check PGP signature when running uscan.
+ * d/watch: Modernize watch file; use repacksuffix.
+ * d/copyright: Expand Files-Excluded to account for other schemas/ldifs.
+ * New upstream release.
+
+ -- Sergio Durigan Junior <sergiodj@debian.org> Mon, 19 Sep 2022 14:07:32 -0400
+
+openldap (2.6.2+dfsg-1~exp2) experimental; urgency=medium
+
+ * Enable SASL/GSSAPI tests
+ - d/control: Update B-D to include required dependencies needed to run
+ SASL/GSSAPI tests during build time, and mark them "!nocheck".
+ Thanks to Andreas Hasenack <andreas.hasenack@canonical.com>
+
+ -- Sergio Durigan Junior <sergiodj@debian.org> Thu, 25 Aug 2022 15:16:24 -0400
+
+openldap (2.6.2+dfsg-1~exp1) experimental; urgency=medium
+
+ * d/gbp.conf: Prepare to import 2.6.x.
+ * New upstream version 2.6.2+dfsg
+ * d/patches/*.patch: Refresh patches.
+ * Adjust package to ship renamed libldap.
+ - d/clean: Adjust to remove d/libldap2.links.
+ - d/control: New binary package libldap2. Remove binary package
+ libldap-2.5-0. Adjust package relationships (Depends, Replaces) due
+ to new package. Remove old Conflicts with old ldap-utils.
+ - d/libldap-2.5-0.install: Delete file.
+ - d/libldap-2.5-0.symbols: Likewise.
+ - d/libldap-2.5-0.README.Debian: Rename to...
+ - d/libldap2.README.Debian: ... this.
+ - d/libldap2.install: New file, based on d/libldap-2.5-0.install
+ - d/libldap2.symbols: New file, based on d/libldap-2.5-0.symbols.
+ - d/slapd.install: Install libslapi.so.2*.
+ - d/slapd.lintian-overrides: Remove
+ lacks-unversioned-link-to-shared-library override. Adjust
+ package-name-doesnt-match-sonames to reflect libslapd2 name change.
+ * Remove ndb references, given the plugin has been removed upstream.
+ - d/configure.options: Remove "--disable-ndb".
+ - d/slapd.manpages: Don't install slapd-ndb.5.
+ * d/control: Add myself to Uploaders.
+ * d/README.source: New file with instructions on how to import a new
+ release.
+ * d/copyright: Write new copyright file from scratch.
+
+ -- Sergio Durigan Junior <sergiodj@debian.org> Fri, 20 May 2022 17:41:04 -0400
+
+openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ * Add openssl to Build-Depends to enable more checks in test067-tls.
+ * Update slapd-contrib's custom-library-search-path override to work with
+ current Lintian.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Jan 2022 17:16:05 -0800
+
+openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ * Update slapd-contrib's custom-library-search-path override to work with
+ Lintian 2.108.0.
+
+ -- Ryan Tandy <ryan@nardis.ca> Wed, 13 Oct 2021 18:42:55 -0700
+
+openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not
+ yet compatible with autoconf 2.71. (Closes: #993032)
+ * Stop disabling automake in debian/rules now that upstream removed the
+ AM_INIT_AUTOMAKE invocation.
+ * Drop custom config.{guess,sub} handling. dh_update_autotools_config does
+ the right thing for us.
+ * Update Standards-Version to 4.6.0; no changes required.
+ * debian/not-installed: Add the ldapvc.1 man page.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 30 Aug 2021 18:54:25 -0700
+
+openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
+
+ [ Ryan Tandy ]
+ * New upstream release.
+ * Export the cn=config database to LDIF format before upgrading from 2.4.
+ * slapd.README.Debian:
+ - Remove text about the dropped evolution-ntlm patch.
+ - Add guidance for recovering from upgrade failures.
+ * Remove the debconf warning and README text about the unsafe ACL configured
+ by default in versions before jessie.
+ * Remove upgrade code for adding the pwdMaxRecordedFailure attribute to the
+ ppolicy schema. It's obsolete since the schema has been internalized.
+
+ [ Sergio Durigan Junior ]
+ * Implement the "escape hatch" mechanism.
+ - d/po/*.po: Update PO files given the new template note.
+ - d/po/templates.pot: Update file.
+ - d/slapd.templates: Add note warning user about a postinst failure,
+ its possible cause and what to do.
+ - d/slapd.postinst: Make certain upgrade functions return failure
+ instead of exiting, which allows the postinst script to gracefully
+ fail when applicable. Also, when the general configuration upgrade
+ fails, display a critical warning to the user. Implement
+ ignore_init_failure function.
+ - d/slapd.prerm: Implement ignore_init_failure function.
+ - d/slapd.scripts-common: Make certain functions return failure
+ instead of exiting.
+ - d/rules: Use dh_installinit's --error-handler to instruct it on how
+ to handle possible errors with the init script.
+ - d/slapd.NEWS: Add excerpt mentioning that the postinst script might
+ error out if it can't migrate the existing (old) database backend.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 16 Aug 2021 18:32:29 -0700
+
+openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ - Drop patches applied upstream: ITS#9544, ITS#9548.
+ * Mark slapd-contrib as breaking the old version of slapd to reduce the
+ chance of upgrade failure due to slapd-contrib being unpacked first.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 11 Jun 2021 11:43:15 -0700
+
+openldap (2.5.4+dfsg-1~exp1) experimental; urgency=medium
+
+ * New upstream release.
+ - Changing olcAuthzRegexp dynamically is supported. (Closes: #761407)
+ - Support for LANMAN password hashes has been removed. (Closes: #988033)
+ - Added pkg-config files for liblber and libldap. (Closes: #670824)
+ - libldap_r has been merged into libldap. The Debian package will continue
+ to install a libldap_r.so symlink for backwards compatibility with
+ applications that still link with -lldap_r.
+ - The Berkeley DB backends, slapd-bdb(5) and slapd-hdb(5), have been
+ removed.
+ - The shell backend, slapd-shell(5), has been removed.
+ - New backend: slapd-asyncmeta(5).
+ - New core overlays: slapd-homedir(5), slapd-otp(5), and
+ slapd-remoteauth(5).
+ - The ppolicy schema has been merged into the slapo-ppolicy(5) module.
+ - The argon2 password module has been promoted from contrib to core.
+ * Add a superficial autopkgtest for smbk5pwd.
+ * Update Standards-Version to 4.5.1; no changes needed.
+ * Upgrade to debhelper compat level 12.
+ - Remove debian/compat, add Build-Depends: debhelper-compat.
+ * Run dh_missing --fail-missing during build.
+ - Add debian/not-installed.
+ * Drop debian/tmp/ prefix from paths in *.install and *.manpages.
+ * Override Lintian false positives:
+ * slapd: lacks-unversioned-link-to-shared-library. See #687022.
+ * libldap-2.4-2: shared-library-not-shipped.
+ * Follow renamed Lintian tags:
+ - dev-pkg-without-shlib-symlink => lacks-unversioned-link-to-shared-library
+ - binary-or-shlib-defines-rpath => custom-library-search-path
+ * Rename libldap2-dev to libldap-dev (Policy 8.4). Keep libldap2-dev as a
+ transitional package for now.
+ - Drop ancient Conflicts/Replaces: libopenldap-dev.
+ * Prune implied or unneeded directories from debian/*.dirs.
+ - Stop installing empty /var/lib/slapd directory. (Closes: #714174)
+ * Stop disabling test060-mt-hot on ppc64el. The underlying kernel bug
+ (#866122) is fixed in all relevant suites by now.
+ * Drop evolution-ntlm patch. (Closes: #457374)
+ * Drop patches applied or superseded upstream.
+ * Update or refresh remaining patches as needed.
+ * debian/configure.options:
+ - Refresh with new `./configure --help' output.
+ - Drop directory options set automatically by debhelper: --prefix,
+ --sysconfdir, --localstatedir, and --mandir.
+ - Enable the perl and sql backends explicitly. They are deprecated and
+ --enable-backends= no longer includes them.
+ - Disable the experimental wiredtiger backend.
+ - Disable the autoca overlay. It does not support GnuTLS yet.
+ - Enable the argon2 password hashing module.
+ - Disable the new load balancer daemon (lloadd) for now.
+ - Disable systemd service notification support for now.
+ * debian/rules:
+ - Enable all current and future hardening flags.
+ - Use the new STRIP_OPTS variable to disable stripping.
+ - Drop -Wno-format-extra-args from DEB_CFLAGS_MAINT_APPEND.
+ The Debug macro has been changed upstream to use variadic args.
+ - Override OPT variable to empty for contrib modules.
+ * debian/schema: Sync with upstream.
+ - core.{schema,ldif}: Update description of deltaCRL.
+ - cosine.schema, pmi.schema: spelling fixes.
+ - namedobject.schema: Added.
+ - ppolicy.schema: Removed upstream, dropped.
+ * Add Build-Depends: pkg-config, required for autoreconf.
+ * Add upstream patch to fix SLAPI compilation. (ITS#9544)
+ * Move the argon2 password module from slapd-contrib to slapd.
+ - Add upstream patch to fix argon2 installation.
+ * Transition libldap-2.4-2 to libldap-2.5-0.
+ - Install the real libldap instead of a symlink to libldap_r.
+ - Symlink libldap_r.{a,so} to libldap for backwards compatibility.
+ - Drop the shlibs file, no longer needed.
+ * Remove references to removed BDB backends.
+ - Drop Build-Depends: libdb5.3-dev.
+ - Drop arch-specific configure options to disable those backends on Hurd.
+ - Delete example DB_CONFIG file and README.DB_CONFIG.
+ - Remove information about Berkeley DB from slapd README.
+ * Install new slapmodify(8) tool as a hard link to slapd(8).
+ * Install new man pages: slapo-deref(5), slapo-pw-pbkdf2(5), and
+ slapo-pw-sha2(5).
+ - Drop debian/slapo-pw-pbkdf2.5, included upstream.
+ * Add unpackaged files to debian/not-installed:
+ - ldapvc(1): undocumented tool supporting the vc overlay (contrib)
+ - lloadd(8) and lloadd.conf(5) man pages
+ - slapd-wt(5) and slapo-autoca(5) man pages
+ * Delete obsolete ppolicy.schema and ppolicy.ldif conffiles on upgrade.
+ * Dump and reload slapd-mdb(5) databases on upgrade from 2.4.
+ - Call dh_installinit with --no-restart-after-upgrade to ensure slapd is
+ stopped before dumping the old database.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 30 May 2021 08:41:25 -0700
+
+openldap (2.4.57+dfsg-3) unstable; urgency=medium
+
+ * Link smbk5pwd with -lkrb5. (Closes: #988565)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 15 May 2021 16:03:34 -0700
+
+openldap (2.4.57+dfsg-2) unstable; urgency=medium
+
+ * Fix slapd assertion failure in Certificate List Exact Assertion validation
+ (ITS#9454) (CVE-2021-27212)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 14 Feb 2021 09:26:41 -0800
+
+openldap (2.4.57+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixed slapd crashes in Certificate Exact Assertion processing
+ (ITS#9404, ITS#9424) (CVE-2020-36221)
+ - Fixed slapd assertion failures in saslAuthzTo validation
+ (ITS#9406, ITS#9407) (CVE-2020-36222)
+ - Fixed slapd crash in Values Return Filter control handling
+ (ITS#9408) (CVE-2020-36223)
+ - Fixed slapd crashes in saslAuthzTo processing
+ (ITS#9409, ITS#9412, ITS#9413)
+ (CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
+ - Fixed slapd assertion failure in X.509 DN parsing
+ (ITS#9423) (CVE-2020-36230)
+ - Fixed slapd crash in X.509 DN parsing (ITS#9425) (CVE-2020-36229)
+ - Fixed slapd crash in Certificate List Exact Assertion processing
+ (ITS#9427) (CVE-2020-36228)
+ - Fixed slapd infinite loop with Cancel operation
+ (ITS#9428) (CVE-2020-36227)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 23 Jan 2021 08:57:07 -0800
+
+openldap (2.4.56+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixed slapd abort due to assertion failure in Certificate List syntax
+ validation (ITS#9383) (CVE-2020-25709)
+ - Fixed slapd abort due to assertion failure in CSN normalization with
+ invalid input (ITS#9384) (CVE-2020-25710)
+
+ -- Ryan Tandy <ryan@nardis.ca> Wed, 11 Nov 2020 09:13:56 -0800
+
+openldap (2.4.55+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixed slapd normalization handling with modrdn
+ (ITS#9370) (CVE-2020-25692)
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Oct 2020 21:07:29 -0700
+
+openldap (2.4.54+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Change upstream Homepage and get-orig-source URLs to HTTPS.
+ * Create debian/gbp.conf.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 18 Oct 2020 16:03:46 +0000
+
+openldap (2.4.53+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 07 Sep 2020 09:47:28 -0700
+
+openldap (2.4.51+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Add ldap_parse_password_expiring_control to libldap-2.4-2.symbols.
+ * Merge some changes from Ubuntu:
+ - slapd.default, slapd.README.Debian: update to refer to slapd.d instead
+ of slapd.conf.
+ - debian/slapd.scripts-common: dump_databases: make slapcat_opts a local
+ variable.
+ * Drop paragraph about patch gnutls-altname-nulterminated (#465197) from
+ slapd.README.Debian. The patch referred to was dropped in 2.4.7-6.
+ * debian/patches/set-maintainer-name: Extract maintainer address dynamically
+ from debian/control. (Closes: #960448)
+ * Fix Torsten's email address in a historic debian/changelog entry to
+ resolve a Lintian error (bogus-mail-host-in-debian-changelog).
+ * Rename debian/source.lintian-overrides to debian/source/lintian-overrides.
+ Fixes a Lintian pedantic tag (old-source-override-location).
+ * Override Lintian pedantic tag maintainer-manual-page for
+ slapo-pw-pbkdf2.5, which will be included upstream in a future release.
+ * Remove the trailing whitespaces from debian/changelog, debian/control, and
+ debian/rules. Fixes a Lintian pedantic tag (trailing-whitespace).
+ * Convert debian/po/de.po to UTF-8. Fixes a Lintian warning
+ (national-encoding).
+ * Relax libldap's dependency on libldap-common to Recommends.
+ This is intended to mitigate the impact of bug #915948 in the case where
+ the arch:all build is delayed for so long that the old libldap-common
+ disappears. Previously, a delayed arch:all build could become
+ BD-Uninstallable if new amd64 binaries were published before the arch:all
+ build starts, due to the transitive build-dependency on libldap.
+ Although libldap works fine without libldap-common, in normal
+ installations it is still recommended to install libldap-common.
+ * Append a timestamp to the backup directory created by dpkg-reconfigure.
+ (Closes: #599585, #960449)
+ * Remove the redundant cn=admin,<suffix> entry from the default DIT for new
+ installs. For new installs going forward, the root credentials will be
+ stored in olcRootDN/olcRootPW only. (Closes: #821331)
+ * Change slapd's Suggests: ldap-utils to Recommends. While any LDAP client
+ suffices, ldap-utils contains the standard tools recommended by upstream
+ for basic administration and management.
+ * Relax Recommends: libsasl2-modules to Suggests on slapd and ldap-utils.
+ Many deployments do not use SASL at all, and therefore SASL mechanisms are
+ not needed "in all but unusual installations".
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Aug 2020 11:09:57 -0700
+
+openldap (2.4.50+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fixed slapd to limit depth of nested filters
+ (ITS#9202) (CVE-2020-12243)
+ - Drop patches included upstream: argon2.patch, ITS#9171, ITS#8650.
+ * Update Spanish debconf translation.
+ Thanks to Camaleón. (Closes: #958869)
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 28 Apr 2020 10:18:12 -0700
+
+openldap (2.4.49+dfsg-4) unstable; urgency=medium
+
+ * Annotate libsodium-dev dependency with <!pkg.openldap.noslapd>.
+ Thanks to Helmut Grohne. (Closes: #955993)
+ * Add the man page for the Argon2 password module.
+ Thanks to Peter Marschall. (Closes: #955977)
+ * Build the Argon2 password module with libargon2-dev instead of
+ libsodium-dev. Rationale:
+ - libargon2 contains the specific functionality needed; libsodium is a
+ larger library and contains many features not used here
+ - libsodium does not support configuring the p= (parallelism) parameter
+ * Import upstream patch to properly retry gnutls_handshake() after it
+ returns GNUTLS_E_AGAIN. (ITS#8650) (Closes: #861838)
+ * Update the Argon2 password module to upstream commit feb6f21d2e.
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 14 Apr 2020 21:33:16 -0700
+
+openldap (2.4.49+dfsg-3) unstable; urgency=medium
+
+ * Drop patch no-AM_INIT_AUTOMAKE. Instead, configure dh_autoreconf to skip
+ automake by setting AUTOMAKE=/bin/true. (Closes: #864637)
+ * debian/patches/debian-version: Show Debian version, instead of upstream
+ version, in version strings.
+ * Add ${perl:Depends} to slapd Depends to silence a dpkg-gencontrol warning.
+ This is practically a no-op since slapd explicitly Depends on perl because
+ of the maintainer scripts.
+ * Import the Argon2 password module from upstream git and install it in
+ slapd-contrib. New Build-Depends: libsodium-dev. (Closes: #920283)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 04 Apr 2020 10:43:56 -0700
+
+openldap (2.4.49+dfsg-2) unstable; urgency=medium
+
+ * slapd.README.Debian: Document the initial setup performed by slapd's
+ maintainer scripts in more detail. Thanks to Karl O. Pinc.
+ (Closes: #952501)
+ * Import upstream patch to fix slapd crashing in certain configurations when
+ a client attempts a login to a locked account.
+ (ITS#9171) (Closes: #953150)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
+
+openldap (2.4.49+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Drop patch no-gnutls_global_set_mutex, applied upstream.
+ * When validating the DNS domain chosen for slapd's default suffix, set
+ LC_COLLATE explicitly for grep to ensure character ranges behave as
+ expected. Thanks to Fredrik Roubert. (Closes: #940908)
+ * Backport proposed upstream patch to emit detailed messages about errors in
+ the TLS configuration. (ITS#9086) (Closes: #837341)
+ * slapd.scripts-common: Delete unused copy_example_DB_CONFIG function.
+ * Remove debconf support for choosing a database backend. Always use the
+ LMDB backend for new installs, as recommended by upstream.
+ * Remove the empty olcBackend section from the default configuration.
+ * Remove the unused slapd.conf template from /usr/share/slapd. Continue
+ shipping it as an example in /usr/share/doc/slapd.
+ * Fix a typo in index-files-created-as-root patch.
+ Thanks to Quanah Gibson-Mount.
+ * Annotate slapd's Depends on perl with :any. Fixes installation of
+ foreign-arch slapd. Thanks to Andreas Hasenack.
+ * Rename 'stage1' build profile to 'pkg.openldap.noslapd'.
+ Thanks to Helmut Grohne. (Closes: #949722)
+ * Drop Build-Conflicts: libicu-dev as upstream's configure no longer tests
+ for or links with libicu.
+ * Note ITS#9126 recommendation in slapd.NEWS.
+ * Update Standards-Version to 4.5.0; no changes required.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
+
+openldap (2.4.48+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - fixed slapd to restrict rootDN proxyauthz to its own databases
+ (CVE-2019-13057) (ITS#9038) (Closes: #932997)
+ - fixed slapd to enforce sasl_ssf ACL statement on every connection
+ (CVE-2019-13565) (ITS#9052) (Closes: #932998)
+ - added new openldap.h header with OpenLDAP specific libldap interfaces
+ (ITS#8671)
+ - updated lastbind overlay to support forwarding authTimestamp updates
+ (ITS#7721) (Closes: #880656)
+ * Update Standards-Version to 4.4.0.
+ * Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so
+ that systemd marks the service as dead after it crashes or is killed.
+ Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343)
+ * Use more entropy for generating a random admin password, if none was set
+ during initial configuration. Thanks to Judicael Courant.
+ (Closes: #932270)
+ * Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog
+ with variables provided by dpkg-dev includes.
+ * Declare R³: no.
+ * Create a simple autopkgtest that tests installing slapd and connecting to
+ it with an ldap tool.
+ * Install the new openldap.h header in libldap2-dev.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
+
+openldap (2.4.47+dfsg-3) unstable; urgency=medium
+
+ * Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
+ individually in the relevant command lines instead of overriding OPT. The
+ change to use OPT caused FTBFS on some ports arches where PIE enablement
+ uses spec files, by mixing compile-time and link-time flags.
+ (Closes: #919136)
+ * Fix architecture-specific path in smbk5pwd's binary-or-shlib-defines-rpath
+ Lintian override.
+ * Skip exporting cn=config to LDIF in preinst for upgrades where nothing
+ needs to be checked in it.
+ * Update Standards-Version to 4.3.0.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
+
+openldap (2.4.47+dfsg-2) unstable; urgency=medium
+
+ * Reintroduce slapi-dev binary package. (Closes: #711469)
+ Thanks to Florian Schlichting.
+ * Do not call gnutls_global_set_mutex(). (Closes: #803197)
+ * Use dh_auto_* to build and install contrib modules.
+ - Stop patching the clean rule in smbk5pwd's Makefile.
+ * Explicitly list overlays and man pages installed by slapd package in
+ slapd.install and slapd.manpages files.
+ * Set common variables for contrib Makefiles by make(1) command line instead
+ of patching every Makefile.
+ * Build and install more contrib plugins in a new slapd-contrib package:
+ - pw-apr1 and pw-netscape (Closes: #592362)
+ - pw-pbkdf2 (Closes: #794999)
+ * Import the slapo-pw-pbkdf2 man page from upstream git master and install
+ it with the slapd-contrib package.
+ * Add smbk5pwd to slapd-contrib and turn slapd-smbk5pwd into a transitional
+ package. Drop smbk5pwd README since it now has a man page which is a
+ better resource for users.
+ - Use Breaks to ensure that slapd is not upgraded in between removing the
+ old smbk5pwd module and installing the new one.
+ * Include the apr1-atol.pl and apr1-lota.pl helper scripts in the
+ slapd-contrib package as examples.
+ * Merge remaining contrib Makefile patches into a single contrib-makefiles
+ patch.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 12 Jan 2019 11:18:03 -0800
+
+openldap (2.4.47+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - reverted GnuTLS handshake change in libldap as it regressed slapd
+ (Reopens: #861838)
+ * Update Standards-Version to 4.2.1.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
+
+openldap (2.4.46+dfsg-5) unstable; urgency=medium
+
+ * Restore slapd-smbk5pwd now that libldap is installable in unstable.
+ This reverts the changes from -3 and -4.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 16:12:27 -0700
+
+openldap (2.4.46+dfsg-4) unstable; urgency=medium
+
+ * Disable building the smbk5pwd plugin temporarily.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 08:06:58 -0700
+
+openldap (2.4.46+dfsg-3) unstable; urgency=medium
+
+ * Build without heimdal temporarily to resolve BD-Uninstallable loop.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
+
+openldap (2.4.46+dfsg-2) unstable; urgency=medium
+
+ * Remove version constraint from libldap-2.4-2 dependency on libldap-common.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 14:16:49 -0700
+
+openldap (2.4.46+dfsg-1) unstable; urgency=medium
+
+ * Move the repository to Salsa.
+ Update debian/control Vcs-* fields.
+ * Remove Matthijs Möhlmann from Uploaders. (Closes: #891308)
+ Thank you Matthijs for your past contributions.
+ * New upstream release.
+ - fixed slapd out-of-sync issue with delta-MMR and memberof overlay
+ (ITS#8444) (Closes: #877166)
+ * Rebase patch no-AM_INIT_AUTOMAKE to apply cleanly.
+ * Drop patch ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN, applied
+ upstream.
+ * Really fix upgrades when the config contains backslash-escaped special
+ characters. The previous fix was incomplete and didn't fully fix upgrades
+ involving a database reload. (Closes: #864719)
+ * Update Standards-Version to 4.1.4.
+ - Change the Priority of libldap-2.4-2 and libldap-common to optional.
+ * Change download URL in debian/watch to https. Fixes a Lintian info.
+ * Override the binary-or-shlib-defines-rpath Lintian tag for slapd-smbk5pwd.
+ The rpath is set by krb5-config.heimdal; see bug #868840.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
+
+openldap (2.4.45+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ - fixed a use-after-free in GnuTLS options handling
+ (ITS#8385) (Closes: #820244) (LP: #1557248)
+ - fixed unsafe concurrent SASL calls causing memory corruption
+ (ITS#8648) (Closes: #860947) (LP: #1688575)
+ - fixed syncrepl infinite looping with multi-master delta-syncrepl
+ (ITS#8432) (Closes: #868753)
+ * Rebase patches to apply cleanly:
+ - do-not-second-guess-sonames
+ - no-AM_INIT_AUTOMAKE
+ * Drop patches applied upstream:
+ - ITS-8554-kFreeBSD-is-like-BSD.patch
+ - ITS-8644-wait-for-slapd-to-start-in-test064.patch
+ - ITS-8655-paged-results-double-free.patch
+ * Upgrade to debhelper compat level 10.
+ - Depend on debhelper 10.
+ - Stop enabling parallel and autoreconf explicitly. They are now enabled
+ by default.
+ - Drop dh-autoreconf from build-depends since debhelper requires it.
+ * Add -Wno-format-extra-args to CFLAGS to reduce the noise in the build
+ logs, as this warning is emitted on each use of the Debug() macro.
+ * Drop libldap-2.4-4-dbg and slapd-dbg binary packages in favour of
+ automatic dbgsym packages.
+ * Update Standards-Version to 4.0.0; no changes required.
+ * Drop Priority and Section from binary package stanzas when they only
+ duplicate information from the source stanza.
+ * Update Priority of slapd-smbk5pwd and libldap2-dev to optional to match
+ the archive.
+ * Remove retired developer, Roland Bauerschmidt, from Uploaders.
+ (Closes: #856422)
+ * Remove Timo Aaltonen from Uploaders, with his agreement.
+ * debian/patches/ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN.patch:
+ If gnutls_handshake() returns EAGAIN, call it again. Fixes TLS handshake
+ failures when the ServerHello message exceeds 16K.
+ (ITS#8650) (Closes: #861838)
+ * Drop time from Build-Depends. The upstream testsuite no longer calls it.
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 27 Jul 2017 18:04:41 -0700
+
+openldap (2.4.44+dfsg-8) unstable; urgency=medium
+
+ * Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
+ the underlying kernel bug #866122 is fixed.
+ * Fix FTBFS with Heimdal 7.2.0: Drop patch heimdal-fix as the
+ hdb_generate_key_set_password change was reverted in heimdal. Depend on an
+ appropriate minimum version of heimdal.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Jul 2017 12:57:41 -0700
+
+openldap (2.4.44+dfsg-7) unstable; urgency=medium
+
+ * Relax the dependency of libldap-2.4-2 on libldap-common to also permit
+ later versions. (Closes: #860774)
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 27 Jun 2017 18:53:12 -0700
+
+openldap (2.4.44+dfsg-6) unstable; urgency=medium
+
+ * Update the list of non-translatable strings for the
+ slapd/ppolicy_schema_needs_update template. Thanks Ferenc Wágner.
+ * Fix upgrade failure when olcSuffix contains a backslash. (Closes: #864719)
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 26 Jun 2017 19:42:02 -0700
+
+openldap (2.4.44+dfsg-5) unstable; urgency=medium
+
+ * debian/patches/ITS-8644-wait-for-slapd-to-start-in-test064.patch: Fix an
+ intermittently failing test by waiting for slapd to start before running
+ tests. (ITS#8644) (Closes: #770890)
+ * debian/patches/ITS-8655-paged-results-double-free.patch: Fix a double free
+ in the MDB backend on a search including the Paged Results control with a
+ page size of 0. (ITS#8655) (CVE-2017-9287) (Closes: #863563)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 28 May 2017 09:59:46 -0700
+
+openldap (2.4.44+dfsg-4) unstable; urgency=medium
+
+ * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
+ Justin B Rye for the review.
+ * Update Catalan debconf translation. (Closes: #851905)
+ Thanks to Innocent De Marchi.
+ * Update Czech debconf translation. (Closes: #852190)
+ Thanks to Miroslav Kure.
+ * Update Danish debconf translation. (Closes: #850859)
+ Thanks to Joe Dalton.
+ * Update German debconf translation. (Closes: #851480)
+ Thanks to Helge Kreutzmann.
+ * Update Basque debconf translation. (Closes: #850812)
+ Thanks to Iñaki Larrañaga Murgoitio.
+ * Update French debconf translation. (Closes: #852459)
+ Thanks to Jean-Pierre Giraud.
+ * Update Italian debconf translation. (Closes: #852074)
+ Thanks to Luca Monducci.
+ * Update Japanese debconf translation. (Closes: #851457)
+ Thanks to Kenshi Muto.
+ * Update Dutch debconf translation. (Closes: #852405)
+ Thanks to Frans Spiesschaert.
+ * Update Brazilian Portuguese debconf translation. (Closes: #852443)
+ Thanks to Adriano Rafael Gomes.
+ * Update Russian debconf translation. (Closes: #850833)
+ Thanks to Yuri Kozlov.
+ * Update Slovak debconf translation. (Closes: #850796)
+ Thanks to Ivan Masár.
+ * Update Swedish debconf translation. (Closes: #851168)
+ Thanks to Martin Bagge.
+ * Update Turkish debconf translation. (Closes: #851470)
+ Thanks to Atila KOÇ.
+ * Update Vietnamese debconf translation.
+ Thanks to Trần Ngọc Quân.
+ * Update Build-Depends on debhelper to ensure shlibs files are installed at
+ the expected time during build. (Closes: #854158)
+ * Update Portuguese debconf translation. (Closes: #859943)
+ Thanks to Rui Branco and DebianPT.
+ * Dump the configuration and databases to LDIF before removing slapd, so
+ that they are available if a newer version requiring migration is
+ installed later. (Closes: #665199)
+ * When creating a new configuration with dpkg-reconfigure, back up the old
+ configuration before overwriting it.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
+
+openldap (2.4.44+dfsg-3) unstable; urgency=medium
+
+ * Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
+ * Restore heimdal support to the smbk5pwd overlay.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 01 Jan 2017 19:47:36 -0800
+
+openldap (2.4.44+dfsg-2) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * Update Standards-Version to 3.9.8; no changes required.
+ * Enable dh_makeshlibs for libldap-2.4-2. Remove libldap-2.4-2.postinst, now
+ replaced by the automatic ldconfig trigger.
+ * Don't execute slapd's override_dh_install when building only
+ arch-independent packages. (Closes: #845506)
+ * Override lintian false positives on slapd.README.Debian,
+ slapd-smbk5pwd.postinst, and slapd-smbk5pwd triggering ldconfig.
+ * Perform permissions changes in override_dh_fixperms instead of in
+ override_dh_install.
+ * Remove manual chmod of schema files since dh_fixperms sets correct
+ permissions automatically.
+ * Fix slapd-smbk5pwd failing to upgrade when there are no instances of the
+ overlay configured.
+
+ [ Helmut Grohne ]
+ * Fix FTCBFS: Pass CC to make explicitly. (Closes: #839251)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 01 Dec 2016 19:40:20 -0800
+
+openldap (2.4.44+dfsg-1) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * New upstream release.
+ - Fixed ppolicy not unlocking policy entry after initialization failure
+ (ITS#7537) (Closes: #702414)
+ * Drop ITS8240-remove-obsolete-assert.patch, included upstream.
+ * Update debian/schema/ppolicy.schema to add the pwdMaxRecordedFailure
+ attribute.
+ * Update libldap-2.4-2.symbols with new ldap_build_*_req symbols.
+ * Mark the build target in debian/rules as phony, since the upstream source
+ includes a build/ directory.
+ * Correct the list of files to be cleaned for the pw-sha2 contrib module.
+ * Fix a typo (slpad -> slapd) in the Catalan debconf translation.
+ * Disable OpenSLP support and remove libslp-dev from Build-Depends.
+ (Closes: #815364)
+ * Ensure /var/run/slapd exists when starting slapd, even if the pid file is
+ somewhere else. Thanks to Dave Beach for the report. (Closes: #815571)
+ * Create the pidfile directory when starting slapd, but not when running the
+ init script in other modes.
+ * Remove support for enabling the obsolete LDAPv2 protocol via debconf.
+ * debian/copyright: Update the OpenLDAP copyright and license.
+ * debian/control: Update VCS URIs to the modern canonical form.
+ * Override Lintian errors about schema files derived from RFC documents.
+ Copyrightable content has been removed from these files; however, the
+ copyright notices have been retained to preserve attribution.
+ * On upgrade, if the cn=config database contains the ppolicy schema, add the
+ new pwdMaxRecordedFailure attribute to it.
+ * Add debian/patches/set-maintainer-name to omit the builder's username and
+ working directory from version strings and thereby make the build
+ reproducible. Thanks to Daniel Shahaf for the patch. (Closes: #833179)
+ * Build smbk5pwd without Kerberos support and drop the build-dependency on
+ heimdal. (Closes: #836885)
+ * On upgrade, comment the krb5 setting on any instances of the smbk5pwd
+ overlay in slapd.conf. Require cn=config users to disable krb5 manually
+ before upgrading.
+
+ [ Helmut Grohne ]
+ * Fix policy 8.2 violation (Closes: #330695)
+ + Move /etc/ldap/ldap.conf and manpage to new package libldap-common.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 14 Nov 2016 18:59:30 -0800
+
+openldap (2.4.42+dfsg-2) unstable; urgency=medium
+
+ [ Ryan Tandy ]
+ * Change explicit Pre-Depends: multiarch-support to ${misc:Pre-Depends}, as
+ recommended by lintian.
+ * Omit slapd, slapd-dbg, and slapd-smbk5pwd from the stage1 build profile.
+ This allows the dependency loop with heimdal to be broken for
+ bootstrapping, and the dependency on libperl-dev to be avoided for
+ cross-building. Thanks Daniel Schepler and Helmut Grohne.
+ (Closes: #724518)
+ * Apply wrap-and-sort to the Build-Depends field.
+ * Drop libncurses5-dev from Build-Depends, no longer needed since the ud
+ tool was removed in OpenLDAP 2.1.4.
+ * Drop libltdl3-dev as an alternate Build-Depends, since that package was
+ removed after lenny.
+ * Annotate Build-Depends on perl with :any to allow running the system perl
+ interpreter during cross builds.
+ * Ensure CC is set correctly for cross builds. Thanks Helmut Grohne.
+ * Build-Depend on dpkg-dev (>= 1.17.14) and debhelper (>= 9.20141010) for
+ restriction formula support.
+ * Override the 'dev-pkg-without-shlib-symlink' lintian tag. The symlink is
+ actually in the form libldap_r.so -> libldap_r-2.4.so.xyz and the tag is a
+ false positive; see #687022.
+ * Include the smbk5pwd man page in the slapd-smbk5pwd package.
+ * Allow anonymous read access to the shadowLastChange attribute by default,
+ allowing nss-ldap/nss-ldapd to handle password expiry correctly even when
+ bound anonymously. This was the only restricted shadow attribute, the
+ others were already world-readable. (Closes: #669235)
+ * Drop the redundant default ACL for dn.base="" from the database entry.
+ It's already covered by the fallback case below.
+ * Copy more comments from the slapd.conf template to slapd.init.ldif. Also
+ comment the shadowLastChange access rule.
+ * Import upstream patch to remove an unnecessary assert(0) that could be
+ triggered remotely by an unauthenticated user by sending a malformed BER
+ element. (ITS#8240) (CVE-2015-6908) (Closes: #798622)
+
+ [ Peter Marschall ]
+ * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
+ install the new manual page. (Closes: #794998)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 10 Sep 2015 20:13:17 -0700
+
+openldap (2.4.42+dfsg-1) unstable; urgency=medium
+
+ [ Peter Marschall ]
+ * slapd.scripts-common:
+ - Use update_permissions instead of direct calls to chown and chgrp.
+ - Make variables only used within a function local to that function.
+ - Restore databases ordered by increasing suffix path length.
+ This should help configurations with databases glued together using the
+ 'subordinate' keyword / 'olcSubordinate' attribute in slapd's
+ configuration.
+ (Closes: #794996)
+ * Install slapo-lastbind.5 man page. (Closes: #794997)
+
+ [ Ryan Tandy ]
+ * slapd.scripts-common: Delete an outdated comment.
+ * New upstream release.
+ * Enable the MDB backend again on GNU/kFreeBSD. The new pthread library
+ provides all the required interfaces, and the test suite now passes.
+ Leave it disabled on the Hurd. LMDB requires POSIX semaphores, which have
+ not yet been implemented.
+ * Disable the BDB/HDB backends on the Hurd. BDB requires record locks
+ (F_SETLK), which have not yet been implemented; see #693971.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 21 Aug 2015 13:07:51 -0700
+
+openldap (2.4.41+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Update patches for upstream changes, drop patches included upstream.
+ * debian/rules: Adjust get-orig-source target to add +dfsg to version.
+ * Convert to source format 3.0 (quilt).
+ * debian/slapd.scripts-common: Fix nesting of fold markers.
+
+ -- Ryan Tandy <ryan@nardis.ca> Wed, 08 Jul 2015 21:07:24 -0700
+
+openldap (2.4.40+dfsg-2) unstable; urgency=medium
+
+ * Actually install libldap-2.4-2.symbols.
+ * Update Standards-Version to 3.9.6.
+ * Build-Depend on debhelper (>= 9) to fix a Lintian warning.
+ * Import upstream patch to fix FTBFS with gcc-5. (Addresses #778045)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 28 Jun 2015 20:40:37 -0700
+
+openldap (2.4.40+dfsg-1) unstable; urgency=medium
+
+ * Remove inetorgperson.schema from the upstream source. Replace it with a
+ copy stripped of RFC text. (Closes: #780283)
+ * Adjust debian/watch for +dfsg versioning.
+ * debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream
+ patch to fix scope=onelevel searches wrongly including the search base in
+ results under the MDB backend. (ITS#7975) (Closes: #782212)
+
+ -- Ryan Tandy <ryan@nardis.ca> Thu, 09 Apr 2015 08:38:38 -0700
+
+openldap (2.4.40-4) unstable; urgency=medium
+
+ * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
+ patch to fix a crash when a search includes the Deref control with an
+ empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
+ * debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
+ patch to fix a double free triggered by certain search queries using the
+ Matched Values control. (ITS#8046) (CVE-2015-1546, Closes: #776991)
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 08 Feb 2015 20:19:11 +0000
+
+openldap (2.4.40-3) unstable; urgency=medium
+
+ * Remove trailing spaces from slapd.templates.
+ * Update Vietnamese debconf translation.
+ Thanks to Trần Ngọc Quân.
+ * Update Danish debconf translation.
+ Thanks to Joe Hansen. (Closes: #766848)
+ * Update Japanese debconf translation.
+ Thanks to Kenshi Muto. (Closes: #766824)
+ * Update Russian debconf translation.
+ Thanks to Yuri Kozlov. (Closes: #766825)
+ * Update Basque translation.
+ Thanks to Iñaki Larrañaga Murgoitio. (Closes: #767070)
+ * Update French debconf translation.
+ Thanks to Christian Perrier. (Closes: #767634)
+ * Update German debconf translation.
+ Thanks to Helge Kreutzmann. (Closes: #767686)
+ * Update Portuguese debconf translation.
+ Thanks to Ricardo Silva. (Closes: #768085)
+ * Update Italian debconf translation.
+ Thanks to Luca Monducci. (Closes: #768195)
+ * Update Turkish debconf translation.
+ Thanks to Atila KOÇ. (Closes: #768409)
+ * Update Czech debconf translation.
+ Thanks to Miroslav Kure. (Closes: #768591)
+ * Update Catalan debconf translation.
+ Thanks to Innocent De Marchi. (Closes: #768605)
+ * Update Dutch debconf translation.
+ Thanks to Frans Spiesschaert. (Closes: #769024)
+ * Update Brazilian Portuguese debconf translation.
+ Thanks to Adriano Rafael Gomes. (Closes: #769717)
+ * Update Galician debconf translation.
+ Thanks to Jorge Barreiro.
+ * Update Swedish debconf translation.
+ Thanks to Martin Bagge / brother. (Closes: #769867)
+ * Update Spanish debconf translation.
+ Thanks to Camaleón. (Closes: #770715)
+ * Fix doubled spaces in po files, caused by trailing spaces in the templates
+ file.
+ * Run debconf-updatepo to refresh PO files.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sun, 23 Nov 2014 10:33:10 -0800
+
+openldap (2.4.40-2) unstable; urgency=medium
+
+ * Fix typo (chmod/chgrp) in previous changelog, spotted by Ferenc Wagner.
+ * debian/patches/contrib-modules-use-dpkg-buildflags: Also use CPPFLAGS from
+ dpkg-buildflags. Spotted by Lintian.
+ * debian/slapd.init.ldif: Don't bother explicitly granting rights to the
+ rootdn, since it already has unlimited privileges. Thanks Ferenc Wagner.
+ * Recommend MDB for new installations, per upstream's recommendation.
+ * Don't re-create the default DB_CONFIG if there wasn't one in the backup,
+ for example if the active backend doesn't use it. Thanks Ferenc Wagner.
+ * On upgrade, if an access rule begins with "to * by self write", show a
+ debconf note warning that it should be changed. (Closes: #761406)
+ * Build and install the lastbind contrib module. (Closes: #701111)
+ * Build and install the passwd/sha2 contrib module. (Closes: #746727)
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 20 Oct 2014 22:19:24 -0700
+
+openldap (2.4.40-1) unstable; urgency=low
+
+ [ Ryan Tandy ]
+ * New upstream release.
+ - fixed ldap_get_dn(3) ldap_ava definition (ITS#7860) (Closes: #465024)
+ - fixed slapcat with external schema (ITS#7895) (Closes: #599235)
+ - fixed double free with invalid ciphersuite (ITS#7500) (Closes: #640384)
+ - fixed modrdn crash on naming attr with no matching rule (ITS#7850)
+ (Closes: #666515)
+ - fixed slapacl causing unclean database (ITS#7827) (Closes: #741248)
+ * slapd.scripts-common:
+ - Anchor grep patterns to avoid matching commented lines in ldif files
+ under cn=config. (Closes: #723957)
+ - Don't silently ignore nonexistent directories that should be dumped.
+ - Invoke find, chown, and chgrp with -H in case /var/lib/ldap is a
+ symlink. (Closes: #742862)
+ - When upgrading a database, ignore extra nested directories as they might
+ contain other databases. Patch from Kenny Millington. (LP: #1003854)
+ - Fix dumping and reloading when multiple databases hold the same suffix,
+ thanks Peder Stray. (Closes: #759596, LP: #1362481)
+ - Remove trailing dot from slapd/domain. (Closes: #637996)
+ * debian/rules:
+ - Enable parallel building.
+ - Copy libldap-2.4-2.shlibs into place manually, as a workaround for
+ #676168. (Closes: #742841)
+ * debian/slapd.README.Debian: Add a note about database format upgrades and
+ the consequences of missing one. (Closes: #594711)
+ * Build with GnuTLS 3 (Closes: #745231, #760559).
+ * Drop debian/patches/fix-ftbfs-binutils-gold, no longer needed.
+ * Drop debconf-utils from Build-Depends, no longer used (replaced by
+ po-debconf). Thanks Johannes Schauer.
+ * Acknowledge NMU fixing #729367, thanks to Michael Gilbert.
+ * Offer the MDB backend as a choice during initial configuration. (Closes:
+ #750022)
+ * debian/slapd.init.ldif:
+ - Disallow modifying one's own entry by default, except specific
+ attributes. (Closes: #761406)
+ - Index some more common search attributes by default. (Closes: #762111)
+ * Introduce a symbols file for libldap-2.4-2.
+ * debian/schema/pmi.schema: Add a copyright clarification. There does not
+ appear to be any copyrighted text in this file, only ASN.1 assignments and
+ LDAP schema definitions. Fixes a Lintian error on the original.
+ * debian/schema/duaconf.schema: Strip Internet-Draft text from
+ duaconf.schema.
+ * Drop debian/patches/CVE-2013-4449.patch, applied upstream.
+ * Update debian/patches/no-AM_INIT_AUTOMAKE with upstream changes.
+ * debian/schema/ppolicy.schema: Update with ordering rules added in
+ draft-behera-ldap-password-policy-11.
+ * Suggest GSSAPI SASL modules. (Closes: #762424)
+ * debian/patches/ITS6035-olcauthzregex-needs-restart.patch: Document in
+ slapd-config.5 the fact that changes to olcAuthzRegexp only take effect
+ after the server is restarted. (Closes: #761407)
+ * Add myself to Uploaders.
+
+ [ Jelmer Vernooij ]
+ * Depend on heimdal-multidev rather than heimdal-dev. (Closes: #745356,
+ #706123)
+
+ [ Updated debconf translations ]
+ * Turkish, thanks to Atila KOÇ <akoc@artielektronik.com.tr>.
+ (Closes: #661641)
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 17 Oct 2014 08:19:28 -0700
+
+openldap (2.4.39-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2013-4449: reference counting logic issue (closes: #729367).
+
+ -- Michael Gilbert <mgilbert@debian.org> Sat, 09 Aug 2014 09:26:51 +0000
+
+openldap (2.4.39-1) unstable; urgency=low
+
+ [ Peter Marschall ]
+ * debian/patches/wrong-database-location: fix database location in
+ doc/man/man5/slapd-mdb.5
+ * debian/configure.options: add info on --enable-mdb
+
+ [ Russ Allbery ]
+ * Remove myself from Uploaders.
+
+ [ Steve Langasek ]
+ * Remove Stephen Frost from Uploaders, per discussion with him. Thanks for
+ your contributions, Stephen!
+ * Adjust dh_autoreconf usage to update all config.sub/config.guess
+ instances in the source, so that we can be forwards-compatible with new
+ ports. Thanks to Colin Watson <cjwatson@ubuntu.com> for the patch.
+ Closes: #725824.
+ * Add Timo to Uploaders.
+ * Update Vcs-* fields to point at the new git repo; thanks to Timo for
+ driving this migration!
+ * Rebuild against db5.3, with a corresponding dump/restore of the database
+ on upgrade. Closes: #738641.
+
+ [ Timo Aaltonen ]
+ * contrib-modules-use-dpkg-buildflags, autogroup-makefile,
+ smbk5pwd-makefile:
+ - Updated for current upstream.
+ * Refresh patches to apply cleanly.
+ * rules: Use dpkg-parsechangelog to determine the upstream version for
+ get-orig-source.
+ * source: Add lintian overrides for non-transatable internal
+ templates.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 17 Mar 2014 15:27:31 -0700
+
+openldap (2.4.31-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes a denial of service attack, CVE-2012-1164, when using the rwm
+ overlay. Closes: #663644.
+ - Fixes a bug with ldap_result always returning -1 when called from
+ sssd. Closes: #666230.
+ - Fix a build failure on armel due to unaligned memory access.
+ Closes: #677158.
+ * Incorporate NMU (thanks, Julien Cristau, Mattias Ellert):
+ - Disable the mdb backend on non-Linux, it looks like it doesn't work
+ with linuxthreads (closes: #654824).
+ - Backport fix for shell backend configuration. Closes: #662940.
+
+ [ Peter Marschall ]
+ * debian/slapd.scripts-common: avoid grep warnings
+ * debian/patches/heimdal-fix: fix arguments of
+ hdb_generate_key_set_password(). Closes: #664930
+
+ [ Steve Langasek ]
+ * debian/patches/contrib-modules-use-dpkg-buildflags: pass CFLAGS to
+ contrib builds. Thanks to Simon Ruderich <simon@ruderich.org>.
+ Closes: #663724.
+
+ -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 03:27:34 +0000
+
+openldap (2.4.28-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes CVE-2011-4079. Closes: #647610.
+ - Fixes support for proxy authorization with SASL-GSSAPI.
+ Closes: #608815.
+ - Drop patch service-operational-before-detach, which came from upstream.
+ - Drop patch fix-its6898-locking-issue, included upstream.
+ - Refresh other patches as needed.
+ * debian/slapd.scripts-common: quote the argument to slappasswd, to cope
+ with shell characters in the string. Thanks to Nicolai Ehemann
+ <en@englightened.de> for the patch. Closes: #635931.
+ * Install ldif.h in libldap2-dev, now that it's been blessed upstream.
+ Closes: #644985.
+ * debian/patches/no-bdb-ABI-second-guessing: don't force an exact match on
+ the upstream version of libdb; this is redundant with our packaging
+ system, and causes spurious errors when there's a non-ABI-breaking
+ BDB upstream release. Closes: #651333.
+ * Build-conflict with the ancient autoconf2.13, which is incompatible with
+ dh-autoreconf. (Maybe dh-autoreconf itself should conflict with it?)
+ Closes: #651598.
+
+ [ Updated debconf translations ]
+ * Dutch, thanks to Jeroen Schot <schot@A-Eskwadraat.nl>. Closes: #651400.
+
+ -- Steve Langasek <vorlon@debian.org> Thu, 05 Jan 2012 06:07:11 +0000
+
+openldap (2.4.25-4) unstable; urgency=low
+
+ * Drop explicit depends on libdb4.8, since we're now linking against
+ libdb5.1. Thanks to Peter Marschall for catching. Closes: #621403
+ again.
+ * Rebuild against cyrus-sasl2 2.1.25. Closes: #628237.
+ * Use dh_autoreconf instead of a locally-patched autogen.sh.
+ * debian/patches/no-AM_INIT_AUTOMAKE: don't use AM_INIT_AUTOMAKE macro
+ when we aren't using automake.
+ * Convert debian/rules to dh(1).
+ * use DEB_CFLAGS_MAINT_APPEND with appropriate versioned dependency on
+ debhelper and dpkg-dev, so we can pick up dpkg-buildflags for our
+ policy-mandated flags - as well as our security-enhancing ones!
+ Closes: #644427.
+ * Also set hardening=+pie,+bindnow buildflags options for maximum
+ security, since this is a security-sensitive daemon dealing with
+ untrusted input. Ubuntu has been building with these flags for a
+ while via hardening-wrappers, so the change is presumed safe.
+ * Drop debian/check_config. The upstream configure script now enforces
+ --with-cyrus-sasl, so there's no need for a second check.
+ * debian/po/es.po: tweak an ambiguous string in the Spanish debconf
+ translation, noticed in response to a submitted Catalan translation
+ * debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff:
+ Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
+ Thanks to Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de> for the
+ patch. Closes: #327585.
+
+ [ Updated debconf translations ]
+ * Catalan, thanks to Innocent De Marchi <tangram.peces@gmail.com>.
+ Closes: #644274.
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2011 01:08:34 +0000
+
+openldap (2.4.25-3) unstable; urgency=low
+
+ * Brown paper bag: really fix the .links.in handling, so we don't generate
+ broken /usr/lib/${DEB_HOST_MULTIARCH} dirs.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 15 Aug 2011 09:50:37 +0000
+
+openldap (2.4.25-2) unstable; urgency=low
+
+ [ Matthijs Möhlmann ]
+ * Change to bdb 5.1 (Closes: #621403)
+ * Add note to ldap-utils package how to unfold lines. (Closes: #530519)
+ (Thanks to Peter Marschall and Javier Barroso)
+
+ [ Steve Langasek ]
+ * Acknowledge NMU for bug #596343; thanks to Thijs Kinkhorst for the fix!
+ * Bump to compat level 7, so we don't have to spell out debian/tmp in
+ every single .install file
+ * Build for multiarch.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 14 Aug 2011 23:17:09 -0700
+
+openldap (2.4.25-1.1) unstable; urgency=low
+
+ * Non-maintainer upload to fix RC bug.
+ * Fix "dpkg-reconfigure slapd". Closes: #596343
+
+ -- Thijs Kinkhorst <thijs@debian.org> Tue, 31 May 2011 11:57:29 +0200
+
+openldap (2.4.25-1) unstable; urgency=low
+
+ * New upstream version (Closes: #617606, #618904, #606815, #608813)
+ - Fixes CVE-2011-1024, CVE-2011-1025, CVE-2011-1081
+ - slapd server process frequently hangs during everyday usage is fixed in
+ newer versions of openldap according to the bug submitter
+ * Refresh all patches
+ * Remove manpage-tlscyphersuite-additions, applied upstream
+ * Remove issue-6534-patch, applied upstream
+ * Add Slovak translation, thanks Slavko <linux@slavino.sk> (Closes: #608699)
+ * Add debian specific patch for ldap.conf. Add TLS_CACERT option and set it
+ by default to /etc/ssl/certs/ca-certificates.crt (Closes: #555409, #616703)
+ * Add patch to fix a FTBFS with binutils-gold (Closes: #555867)
+ * Add slapschema, just hardlink it (Closes: #601569)
+ * Update patch service-operational-before-detach (Closes: #616164, #598361)
+ * Add ldif_* symbols to libldap-2.4-2
+ * Add upstream patch for a locking issue in libldap_r
+ * Fix build failure, use @SHELL@ instead of hardcoded /bin/sh (build/top.mk)
+ (Closes: #621925)
+
+ -- Matthijs Möhlmann <matthijs@cacholong.nl> Mon, 11 Apr 2011 22:10:14 +0200
+
+openldap (2.4.23-7) unstable; urgency=low
+
+ * Updated vietnamese translation, thanks Clytie Siddall
+ (Closes: #601537, #598575)
+ * Updated portuguese translation, thanks Traduz (Closes: #599760)
+ * Updated danish translation, thanks Joe Dalton (Closes: #599835)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 06 Nov 2010 12:13:01 +0100
+
+openldap (2.4.23-6) unstable; urgency=high
+
+ * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 23 Sep 2010 10:17:50 +0200
+
+openldap (2.4.23-5) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * High-urgency upload for RC bugfix.
+ * debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
+ get_suffix(), which causes us to incorrectly parse any slapd.conf that
+ uses tabs instead of spaces. Closes: #595672.
+ * debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
+ set in /etc/default/slapd, we should always set a default value, giving
+ precedence to slapd.d and falling back to slapd.conf. Users who don't
+ want to use an existing slapd.d should point at slapd.conf explicitly.
+ Closes: #594714, #596343.
+ * debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
+ absence of a slapd configuration; we should still exit 0 so that the
+ package can be removed gracefully. Closes: #596100.
+ * drop build-conflicts with libssl-dev; we explicitly pass
+ --with-tls=gnutls to configure, so there's no risk of a misbuild here.
+ * debian/slapd.default: now that we have a sensible default behavior in
+ both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
+ save pain later.
+ * debian/slapd.scripts-common: ... and do the same in
+ migrate_to_slapd_d_style, we just need to comment out the user's
+ previous entry instead of blowing it away.
+ * debian/slapd.scripts-common: call get_suffix in a way that lets us
+ separate responses by newlines, to properly handle the case when a
+ DN has embedded spaces. Introduces a few more stupid fd tricks to work
+ around possible problems with debconf. Closes: #595466.
+ * debian/slapd.scripts-common: when parsing the names of includes, handle
+ double-quotes and escape characters as described in slapd.conf(5).
+ Closes: #595784.
+ * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
+ versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
+ otherwise is blocked by our added olcAccess settings. Closes: #596326.
+ * debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
+ too.
+ * Likewise, grant access to dn.exact="" so that base dn autodiscovery
+ works as intended. Closes: #596049.
+ * debian/slapd.init.ldif: synchronize our behavior on new installs with
+ that on upgrades, avoiding the non-standard cn=localroot,cn=config.
+ * debian/slapd.scripts-common: don't run the migration code if slapd.d
+ already exists. Closes: #593965.
+
+ [ Matthijs Mohlmann ]
+ * Remove upgrade_supported_from_backend, implemented patch from
+ Peter Marschall <peter@adpm.de> to automatically detect if an upgrade is
+ supported. (Closes: #594712)
+
+ [ Peter Marschall ]
+ * debian/slapd.init: correctly set the slapd.conf argument even when
+ SLAPD_PIDFILE is non-empty in /etc/default/slapd. Closes: #593880.
+ * debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
+ subordinate databases aren't incorrectly included in the dump/restore of
+ the parent database. Closes: #594821.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 13 Sep 2010 06:59:11 +0000
+
+openldap (2.4.23-4) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Bump the database upgrade version check to 2.4.23-4; should have been
+ set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
+ clean up. Closes: #593550.
+
+ [ Matthijs Mohlmann ]
+ * Fix root access to cn=config on upgrades from configuration style slapd.conf
+ Thanks to Mathias Gug (Closes: #593566, #593878)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 26 Aug 2010 20:30:51 +0200
+
+openldap (2.4.23-3) unstable; urgency=low
+
+ * Configure the newly installed openldap package using slapd.d instead of
+ slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
+ * Update the debconf templates by running debconf-updatepo.
+ * We do not support upgrades from older releases then lenny, so removed some
+ upgrade functions from slapd.scripts-common.
+ * Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
+ * Updated czech translation, thanks Miroslav Kure (Closes: #589569)
+ * Update slapd.README.Debian and slapd.NEWS and note the new configuration
+ style.
+ * Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
+ * Update italian translation, thanks Luca Monducci (Closes: #590154)
+ * Update spanish translation, thanks Francisco Javier Cuadrado
+ (Closes: #590829)
+ * Update basque translation, thanks Iñaki Larrañaga Murgoitio
+ * Bump Standards-Version to 3.9.1
+ * Added debian specific patch to wait until slapd is operational before
+ detaching to the terminal (Closes: #589915)
+ * Add a lintian overrides for libldap.
+ * Empty dependency_libs line in .la files. (Closes: #591550)
+ * Update galician translation, thanks Jorge Barreiro (Closes: #592815)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Tue, 17 Aug 2010 22:00:16 +0200
+
+openldap (2.4.23-2) unstable; urgency=medium
+
+ * Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
+ * Urgency previous as previous version fixes a RC bug.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Wed, 14 Jul 2010 10:17:27 +0200
+
+openldap (2.4.23-1) unstable; urgency=low
+
+ * New upstream version
+ * Change to build dependency libdb4.8-dev instead of libdb4.7-dev
+ * Updated french translation thanks Christian Perrier (Closes: #579192)
+ * Updated swedish translation thanks Martin Bagge (Closes: #580145)
+ * Updated german translation thanks Helge Kreutzmann (Closes: #579582)
+ * Updated russian translation thanks Yuri Kozlov (Closes: #585688)
+ * Fix bashisms in debian/rules (Closes: #581454)
+ * Add documentation patch (Closes: #513270)
+ * Refreshed all quilt patches.
+ * Bump Standards-Version to 3.9.0
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 12 Jul 2010 13:25:00 +0200
+
+openldap (2.4.21-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream version
+ (Closes: #561144, #465024, #502769, #528695, #564686, #504728)
+ * Add upstream manpage for ldapexop; thanks to Peter Marschall
+ <peter@adpm.de>. Closes: #549291.
+
+ [ Matthijs Mohlmann ]
+ * Ack NMU (Closes: #553432)
+ * Update Standards-Version to 3.8.4
+ * Fix NEWS entry to have the correct version number
+ * Improve the wording for the slapd/invalid_config question (Closes: #452834)
+ * Make lintian a bit more happy (Closes: #518660)
+ * Fix bashism (Closes: #518657)
+ * Refresh all patches
+ * Add patch from upstream (Closes: #549642)
+ * Reworked the configure.options a bit to include some more options
+ * Enable dynamic acls
+ * Use slappasswd to create a secure password (Closes: #490930)
+ * Set a rootdn and rootpw if no password is given by debconf (Closes: #231950)
+ * Better document the TLSCipherSuite in slapd.conf manpage (Closes: #563113)
+ * Better document the TLS_CIPHER_SUITE in ldap.conf manpage (Closes: #510346)
+ * Add smbk5pwd slapd module, used patch from Mark Hymers (Closes: #443073)
+ * Add autogroup slapd module, used patch from Mathieu Parent (Closes: #575900)
+ * Add lsb logging, used patch from David Härdeman (Closes: #385898)
+ * Use dh_lintian to install the lintian-overrides
+ * Added critical error report when slapcat fails (Closes: #226090)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 22 Apr 2010 23:40:30 +0200
+
+openldap (2.4.17-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
+ character in subject Common Name (Closes: #553432)
+
+ -- Giuseppe Iuculano <iuculano@debian.org> Tue, 10 Nov 2009 19:09:45 +0100
+
+openldap (2.4.17-2) unstable; urgency=low
+
+ * Fix up the lintian warnings:
+ - add missing misc-depends on all packages
+ - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
+ overrides
+ - bump Standards-Version to 3.8.2, no changes required.
+ * slapd.scripts-common: fix upgrade to correctly handle multiple database
+ declarations; thanks, Peter Marschall <peter@adpm.de>! Closes: #517556
+ * Add 'status' argument to init script; thanks to Peter Eisentraut
+ <petere@debian.org>. Closes: #545898.
+ * New patch, do-not-second-guess-sonames, to remove an incorrect check for
+ the Cyrus SASL version number at runtime. If there's any reason this is
+ needed, it needs to be addressed in the cyrus-sasl soname and Debian
+ shlibs, not here. Closes: #546885.
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 22 Sep 2009 20:06:34 -0700
+
+openldap (2.4.17-1) unstable; urgency=low
+
+ * New upstream version.
+ - Fixes FTBFS on ia64 with -fPIE. Closes: #524770.
+ - Fixes some TLS issues with GnuTLS. Closes: #505191.
+ * Update priority of libldap-2.4-2 to match the archive override.
+ * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
+ ldapurl(1) manpage. Thanks to Peter Marschall for the patch.
+ Closes: #496749.
+ * Bump build-dependency on debhelper to 6 instead of 5, since that's
+ what we're using. Closes: #498116.
+ * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
+ the built-in default of ldap:/// only.
+ * Build-depend on libltdl-dev | libltdl3-dev (>= 1.4.3), for the package
+ name change. Closes: #522965.
+
+ [ Updated debconf translations ]
+ * Spanish, thanks to Francisco Javier Cuadrado <fcocuadrado@gmail.com>.
+ Closes: #521804.
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 28 Jul 2009 10:17:15 -0700
+
+openldap (2.4.15-1) unstable; urgency=low
+
+ * New upstream version
+ - Fixes a bug with the pcache overlay not returning cached entries
+ (closes: #497697)
+ - Update evolution-ntlm patch to apply to current Makefiles.
+ - (tentatively) drop gnutls-ciphers, since this bug was reported to be
+ fixed upstream in 2.4.8. The fix applied in 2.4.8 didn't match the
+ patch from the bug report, so this should be watched for regressions.
+ * Build against db4.7 instead of db4.2 at last! Closes: #421946.
+ * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
+ installed in the build environment.
+ * Add -D_GNU_SOURCE to CFLAGS, apparently required for building with
+ current headers in unstable
+
+ -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 14:27:35 -0800
+
+openldap (2.4.11-1) unstable; urgency=low
+
+ * New upstream version (closes: #499560).
+ - Fixes a crash with syncrepl and delcsn (closes: #491066).
+ - Fix CRL handling with GnuTLS (closes: #498410).
+ - Drop patches no_backend_inter-linking,
+ CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied
+ upstream.
+
+ [ Russ Allbery ]
+ * New patch, back-perl-init, which updates the calling conventions
+ around initialization and shutdown of the Perl interpreter to match
+ the current perlembed recommendations. Fixes probable hangs on HPPA
+ in back-perl. Thanks, Niko Tyni. (Closes: #495069)
+
+ [ Steve Langasek ]
+ * Drop the conflict with libldap2, which is not the standard means of
+ handling symbol conflicts in Debian and which causes serious upgrade
+ problems from etch. Closes: #487211.
+
+ -- Steve Langasek <vorlon@debian.org> Sat, 11 Oct 2008 01:53:55 -0700
+
+openldap (2.4.10-3) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New patch, CVE-2008-2952_BER-decoding-assertion, to fix a remote DoS
+ vulnerability in the BER decoder. Addresses CVE-2008-2952,
+ closes: #488710.
+ * debian/slapd.scripts-common, debian/slapd.postinst: drop
+ update_path_argsfile_pidfile function, not needed for updates from etch
+ or newer.
+ * Drop the code to check for and upgrade ldbm databases. The etch
+ release of slapd had already dropped support for them and direct
+ upgrades from sarge are not supported.
+
+ [ Russ Allbery ]
+ * Apply upstream patch to convert GnuTLS cipher strength from bytes to
+ bits, as expected by OpenLDAP. (Closes: #473796)
+ * Add Build-Depends on time, used by the test suite and only a shell
+ built-in with bash. Thanks, Daniel Schepler. (Closes: #490754)
+ * Refresh all patches, convert all patches to -p1, and remove extraneous
+ Index: lines. (Closes: #485263)
+ * Unless DFSG_NONFREE is set, also check whether the upstream schemas
+ with RFC comments are included.
+ * Update standards version to 3.8.0.
+ - Include debian/README.source pointing to the quilt README.source.
+ - Wrap Uploaders for readability.
+ * Wrap slapd's Depends for readability.
+
+ [ Updated debconf translations ]
+ * Swedish, thanks to Martin Ågren <martin.agren@gmail.com>.
+ Closes: #492748.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 28 Jul 2008 15:26:06 -0700
+
+openldap (2.4.10-2) unstable; urgency=low
+
+ * Support DEB_BUILD_OPTIONS=nocheck to disable running the test suite at
+ build time
+ * Hack around glibc behavior when resolving localhost, by exporting
+ RESOLV_MULTI=off when invoking the test suite
+ * Reclaim the 'openldap' source package name; openldap2.3 has been a
+ misnomer for some time, causing undue confusion, so switch to a
+ permanent source package name that we won't need to change again later.
+ - Along the way, kill off non-DFSG-compliant schema files that snuck
+ back into the archive due to my bad merge of 2.4.10.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 06 Jul 2008 22:03:32 -0700
+
+openldap2.3 (2.4.10-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream release.
+ - Clean up ld_defconn if it was freed, fixing an assertion failure in
+ various clients. Closes: #469232.
+ - Fixes slapd syncrepl hang on back-config. Closes: #471253.
+ - Drop patch hurd-path-max, integrated upstream.
+ * Drop spurious build-dependency on heimdal-dev, introduced accidentally
+ as part of an aborted attempt to build the smbk5pwd overlay.
+ * Use hardlinks instead of symlinks for the various slap* commands; this
+ is functionally equivalent for us, and reduces divergence from
+ derivatives such as Ubuntu that use apparmor. Closes: #488409.
+ * New patch, no_backend_inter-linking, to fix the meta backend to not
+ try to look up symbols in external objects (back_ldap) that it
+ doesn't link against.
+ * Turn on 'make test' during builds, now that back_meta is fixed.
+
+ [ Matthijs Mohlmann ]
+ * All manpages in category 5 were missing, wrong directory.
+ (Closes: #474976, #483631, #483633)
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 30 Jun 2008 04:28:34 -0700
+
+openldap2.3 (2.4.9-1) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * French, thanks to Christian Perrier <bubulle@debian.org>.
+ Closes: #471792.
+ * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #475238.
+ * Czech, thanks to Miroslav Kure <kurem@upcase.info.upol.cz>.
+ Closes: #480138.
+ * Basque, thanks to Piarres Beobide <pi+debian@beobide.net>.
+ Closes: #480177.
+ * Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>.
+ Closes: #480181.
+ * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>. Closes: #480218.
+ * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #480247.
+ * Italian, thanks to Luca Monducci <luca.mo@tiscali.it>. (Closes: #477718)
+ * Brazilian Portuguese, thanks to Eder L. Marques <eder@edermarques.net>
+ (Closes: #480172)
+ * Portuguese, thanks to Tiago Fernandes <tjg.fernandes@gmail.com>
+ (Closes: #481126)
+ * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com> (Closes: #481214)
+ * Dutch, thanks to "cobaco (aka Bart Cornelis)" <cobaco@skolelinux.no>.
+ Closes: #483014.
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ - Bad entryUUID no longer crashes slapd. (Closes: #471867)
+ - Fix assertion failure in some modify operations. (Closes: #474161)
+ - Mention index in slapd.conf's man page. (Closes: #414650)
+ - Fixes to slapd include handling. (Closes: #457261)
+ - Fix syncrepl cookie truncation. (Closes: #464024)
+ - Fix memory allocation in ldap_parse_page_control. (Closes: #464877)
+ - Fix slapd crash when accessed by multiple threads. (Closes: #479237)
+ * Acknowledge NMU.
+ (Closes: #474976, #471225, #475856, #474652, #465875)
+ * Bump Standards-Version to 3.7.3
+ * Add versioned build dependency on libgnutls-dev (Closes: #466558)
+ * Bump debhelper compat level to 6.
+
+ [ Russ Allbery ]
+ * Use MAXPATHLEN rather than PATH_MAX, since OpenLDAP defines the
+ former and the latter isn't defined on GNU Hurd. Thanks, Samuel
+ Thibault. (Closes: #475744)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 26 May 2008 22:34:16 +0200
+
+openldap2.3 (2.4.7-6.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Install all slapd relevant manpages into slapd package.
+ (closes: #474976)
+ * Make libldap-2.4-2 conflict against libldap2. (closes: #475856)
+
+ -- Bastian Blank <waldi@debian.org> Tue, 29 Apr 2008 18:00:23 +0200
+
+openldap2.3 (2.4.7-6.2) unstable; urgency=low
+
+ * Non-maintainer upload to solve release goal issues.
+ * Add LSB dependency header to init.d scripts (Closes: #474652)
+
+ -- Petter Reinholdtsen <pere@debian.org> Wed, 16 Apr 2008 08:04:49 +0200
+
+openldap2.3 (2.4.7-6.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * Fix possible remote denial of service vulnerability in the BDB backend
+ via a modrdn operation with a NOOP control
+ (CVE-2008-0658; Closes: #465875).
+
+ -- Nico Golde <nion@debian.org> Tue, 04 Mar 2008 14:34:44 +0100
+
+openldap2.3 (2.4.7-6) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no>. Closes: #452950.
+ * Brazilian Portuguese, thanks to Eder L. Marques <frolic@debian-ce.org>.
+ Closes: #463460.
+ * German, thanks to Helge Kreutzmann <debian@helgefjell.de>.
+ Closes: #465784.
+
+ [ Steve Langasek ]
+ * Relax build-dependency on libsasl2-dev now that the versioned dependency
+ is satisfied by all extant versions (including in oldstable), fixing a
+ lintian warning about versioned build-deps on Debian revisions.
+ * Avoid using a mutex around getaddrinfo() and getnameinfo() calls, which
+ are guaranteed by glibc to be threadsafe; this fixes a deadlock when
+ using nss_ldap for host lookups. Closes: #340601.
+ * debian/libldap2-dev.manpages: install all of man3/* instead of
+ enumerating specific manpages to install. Closes: #320073.
+ * Add new patch, sasl-cleartext-strncasecmp, to correct a regression that
+ prevented the use of the {CLEARTEXT} password scheme with SASL.
+ Closes LP: #191563.
+ * drop LGPL from debian/copyright; there is no longer any code under this
+ license in the package.
+ * Drop patch gnutls-altname-nulterminated; it's been determined that the
+ "length" discrepancy was a bug in gnutls, and fixed in that package.
+ * debian/configure.options: explicitly pass --with-odbc=unixodbc, so
+ that we depend on the right ODBC implementation when both happen to
+ be installed at build time.
+
+ [ Russ Allbery ]
+ * Add a stamp file for the configure rule to avoid rerunning configure
+ needlessly. Closes: #465588.
+ * Don't create the openldap user if slapd has been configured to run as
+ a different user. If slapd has been configured to run as openldap, do
+ create the user on reconfigure. Closes: #452438.
+ * Reformat, reorganize, and update slapd's README.Debian.
+ - Include SASL configuration information.
+ - Remove LDBM information, since upstream no longer even ships LDBM
+ and the debconf prompting and maintainer scripts already take care
+ of any lingering databases.
+ - Document the differences between the Debian OpenLDAP packages and
+ upstream.
+
+ -- Steve Langasek <vorlon@debian.org> Thu, 28 Feb 2008 22:15:17 -0800
+
+openldap2.3 (2.4.7-5) unstable; urgency=low
+
+ [ Updated debconf translations ]
+ * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #462688.
+ * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>. Closes: #462987.
+ * French, thanks to Christian Perrier <bubulle@debian.org>.
+ Closes: #463149.
+ * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>. Closes: #463442.
+ * Czech, thanks to Miroslav Kure <kurem@debian.cz>. Closes: #463472.
+ * German, thanks to Helge Kreutzmann <debian@helgefjell.de>.
+ Closes: #464718.
+
+ [ Steve Langasek ]
+ * Fix various regressions related to the introduction of GnuTLS:
+ - Add new patch, gnutls-ciphers, to fix support for specifying multiple
+ ciphers with TLSCipherSuite option in slapd.conf. Thanks to Kyle
+ Moffett <kyle@moffetthome.net> for the patch. Closes LP: #188200.
+ - Add new patch, slapd-tlsverifyclient-default, to set the intended
+ default value of "TLSVerifyClient never" in the right place.
+ - Add new patch, gnutls-altname-nulterminated, to account for differences
+ in how the "length" is returned for commonName vs. subjectAltName.
+ - Comment out TLSCipherSuite settings on upgrade from all versions prior
+ to 2.4.7-5, and throw a debconf error to the user notifying them of
+ this, since all OpenSSL cipher suite values are incompatible with
+ GnuTLS.
+ Closes: #462588.
+ * Add new patch from upstream, entryCSN-backwards-compatibility, to support
+ auto-converting entryCSN attributes in a previously supported old format,
+ fixing an upgrade failure. Closes: #462099.
+ * Use --retry TERM/10 instead of --retry 10 when stopping slapd, since the
+ latter resorts to a SIGKILL and may corrupt backend data; whereas the
+ former will exit non-zero if slapd is still running but won't directly
+ cause data-loss. Thanks to Mark McDonald for the patch. LP: #92139.
+ * Fix manpage symlinks in libldap2-dev; thanks to Reuben Thomas for
+ reporting. Closes: #463971.
+ * Fix a superfluous space in the debconf templates, due to a trailing space
+ in the templates. Closes: #464719.
+
+ -- Steve Langasek <vorlon@debian.org> Sat, 09 Feb 2008 14:25:55 -0800
+
+openldap2.3 (2.4.7-4) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * Build-conflict with libicu-dev, for consistent dependencies in all
+ build environments.
+ * Fix an oversight in the checkpoint migration, which caused the checkpoint
+ option to not be moved far enough down. Closes: #462304, LP: #185257.
+ * Build-depend on unixodbc instead of iODBC.
+
+ [ Updated debconf translations ]
+ * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #462191.
+
+ -- Steve Langasek <vorlon@debian.org> Fri, 25 Jan 2008 02:17:23 -0800
+
+openldap2.3 (2.4.7-3) unstable; urgency=low
+
+ * Add missing build-dependency on groff-base, to allow use of soelim during
+ build.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 15:18:27 -0800
+
+openldap2.3 (2.4.7-2) unstable; urgency=low
+
+ * Temporarily drop slapi-dev from the package to get through NEW; this
+ functionality should be readded later, either by restoring the slapi-dev
+ package or by moving it to libldap2-dev, depending on the outcome of
+ discussion with the ftp-masters.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 06:13:21 -0800
+
+openldap2.3 (2.4.7-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * New upstream version; closes: #449354.
+ - remove another schema from upstream source, collective.schema,
+ that contains text from the IETF RFCs and include a stripped copy
+ in debian/schema.
+ - drop patches slurpd-in-spool and man-slurpd, since slurpd is no
+ longer provided upstream.
+ - libldap2.3-0 is now libldap2.4-2
+ - build libldap2-dev from this source package now, superseding
+ openldap2; closes: #428385, #260118, #262539, #391899, #393215.
+ - lastmod and denyop have been moved to contrib upstream and are no
+ longer shipped as supported overlays
+ - drop dependency on libldap2 and take ownership of the
+ /etc/ldap/ldap.conf conffile, since libldap2 is now obsolete
+ - need to dump and reload databases again for the upgrade from 2.3.39.
+ - ldap_init(3) no longer attempts to document the internals of the
+ LDAP opaque type. Closes: #320072.
+ - ldap-utils utilities find LDAP servers via SRV records when given a
+ URL with -H and no host in the URL. Closes: #221173.
+ - if the old slapd.conf included any replica commands, automatically
+ enable syncprov for the corresponding database and print an error
+ with debconf.
+ * slapd.conf and DB_CONFIG are used in the postinst, they shouldn't be
+ shipped under doc/examples because /usr/share/doc can't be depended
+ on per policy; ship the files under /usr/share/slapd and symlink the
+ /other/ way, which also spares us from dh_compress trying to gzip
+ slapd.conf. Closes: #452749.
+ * Drop libldap.so as was done for libldap2, making it a link to
+ libldap_r.so to avoid unfortunate symbol collisions.
+ * Add new patch, libldap-symbol-versions, to build libldap and liblber
+ with symbol versions; needed to avoid segfaults when applications
+ manage to pull both libldap2 and the new libldap-2.4-2 into the same
+ process (as during a partial upgrade or the initial soname
+ transition), and also when the library soname changes again in the
+ future (as it's likely to do).
+ * Reintroduce add-autogen-sh patch, with build deps on libtool, automake,
+ and autoconf, required due to the previous patch; this time around, take
+ care to clean up the autogenerated files in the clean target as well
+ * Build-depend on libgnutls-dev instead of on libssl-dev, so that at long
+ last we can build the server and lib from the same source package again
+ without licensing problems. Closes: #457182, #407334, #428468, #381788.
+ Closes: #412706.
+ * slapd.prerm, slapd.postinst: drop no-longer-needed upgrade code for
+ openldap < 2.1.22
+ * Ask about ldbm to bdb migration in the preinst, since there is no
+ guarantee that the debconf config script will be run before the unpack
+ phase.
+ * Don't stop slapd in the preinst by hand, the prerm already stops the
+ old slapd using the standard interfaces.
+ * Don't build with LAN Manager password support; these passwords are more
+ insecure than traditional Unix crypt, and only relevant when talking to
+ Windows 98.
+ * Move libslapi into the slapd package and provide a virtual package for
+ library dependencies, since this is expected to stay lockstep with the
+ server.
+ * Split slapi dev support into a new libslapi-dev package, as this is
+ unrelated to libldap; and drop libslapi.a since it would be insane to try
+ to statically link a dynamically-loaded slapi plugin.
+ * "checkpoint" directives are no longer supported as part of the backend
+ config, only as part of the database config; move the lines around in
+ slapd.conf on upgrade.
+ * "schemacheck" directives are no longer supported; comment them out
+ on upgrade since this option was set by default in sarge.
+ * Package description updates; thanks to Christian Perrier
+ <bubulle@debian.org> and the Smith review project for these
+ improvements.
+ * Incorporate debconf template changes suggested by the debian-l10n-english
+ team as part of the Smith review project. Closes: #447224.
+
+ [ Russ Allbery ]
+ * Removed fix_ldif and all remaining code to try running it on LDIF
+ dumps. Schema checking has been imposed since 2.1 and it's highly
+ unlikely that anyone still needs this.
+ * Move the checkpoint directive in the default slapd.conf below the
+ database and suffix directives for the primary database. This is now
+ required for OpenLDAP 2.4.
+ * Create /etc/ldap/slapd.conf owned by the openldap group and mode 640
+ by default so that slapindex and friends can read it when run as the
+ openldap user. Fix permissions on upgrade if slapd.conf is owned by
+ root and mode 600. Closes: #432662.
+ * Drop slapd patch to read slapd.conf before dropping privileges, since
+ slapd.conf should now be readable by SLAPD_GROUP.
+ * If SLAPD_CONF is set to a directory in /etc/default/slapd, assume
+ the cn=config backend is used and start slapd with the appropriate
+ options. Based on a patch from Mike Burr. Closes: #411413.
+ * Rework slapd's README.Debian:
+ - Document the BerkeleyDB version. Closes: #438127.
+ - Document how to direct slapd's logs to another file. Closes: #258931.
+ - Remove obsolete information about TLS/SSL and OpenLDAP 2.0 upgrades.
+ - Recommend HDB instead of BDB.
+ - Generally reformat and reorganize.
+ * Patch cleanup:
+ - Combine the NTLM patches for Evolution into a single patch.
+ - Add explanatory comments to every patch.
+ - Refresh all patches to remove diff garbage and trailing whitespace.
+ * debian/rules cleanup:
+ - Fix patch dependencies for parallel build (hopefully).
+ - Tell configure the system type.
+ - Rewrite upstream_strip_nondfsg.sh as a get-orig-source target.
+ - Remove stamp files as the first step of the clean target.
+ - Add trivial build-arch and build-indep targets.
+ - Remove dead code and unnecessary comments.
+ * Remove postrm code to delete /var/lib/slapd/upgrade* flag files. We
+ haven't used those since the 2.1 upgrade.
+ * Update Vcs-* headers for new repository layout.
+ * Remove versioned dependency on an ancient dpkg-dev.
+ * Wrap and reorder Build-Depends for readability.
+
+ [ Updated debconf translations ]
+ * Czech, thanks to Miroslav Kure <kurem@debian.cz>. Closes: #458215.
+ * German, thanks to Helge Kreutzmann <debian@helgefjell.de>.
+ Closes: #452833.
+ * Spanish
+ * Finnish, thanks to Esko Arajärvi <edu@iki.fi>. Closes: #448061.
+ * French, thanks to Christian Perrier <bubulle@debian.org>.
+ Closes: #452632.
+ * Galician, thanks to Jacobo Tarrio <jtarrio@trasno.net>.
+ Closes: #451158.
+ * Italian, thanks to Luca Monducci <luca.mo@tiscali.it>. Closes: #449442.
+ * Japanese, thanks to Kenshi Muto <kmuto@debian.org>. Closes: #451325.
+ * Dutch, thanks to Bart Cornelis <cobaco@skolelinux.no>. Closes: #448935.
+ * Brazilian Portuguese
+ * Portuguese, thanks to Tiago Fernandes <tjg.fernandes@gmail.com>.
+ Closes: #453341.
+ * Russian, thanks to Yuri Kozlov <kozlov.y@gmail.com>. Closes: #453318.
+ * Vietnamese, thanks to Clytie Siddall <clytie@riverland.net.au>.
+ Closes: #453411.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 21 Jan 2008 04:58:24 -0800
+
+openldap2.3 (2.3.39-1) unstable; urgency=medium
+
+ * Medium severity due to denial of service fix.
+ * New upstream release.
+ - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache
+ (the overlay for proxy caching). (Closes: #448644)
+ - Multiple additional more minor bug fixes.
+ * Document in the default slapd.conf that dbconfig options only generate
+ the DB_CONFIG file on first slapd start and have no effect afterwards
+ unless DB_CONFIG is removed. (Closes: #442191)
+ * Inline the checkpoint and BerkeleyDB backend settings in the default
+ slapd.conf rather than generating them dynamically in postinst. All
+ the allowable default database choices are now BerekelyDB variants and
+ will probably continue to be so for the forseeable future, and this is
+ easier to maintain.
+ * Drop debconf questions, warnings, and maintainer script functions
+ dealing with upgrades from OpenLDAP 2.1, which is now too hold for
+ supported direct upgrades. (Closes: #444806)
+ * Add a watch file. Thanks, Fernando Ribeiro. (Closes: #435290)
+ * Add Homepage, Vcs-Svn, and Vcs-Browser control fields.
+
+ -- Russ Allbery <rra@debian.org> Mon, 12 Nov 2007 16:00:47 -0800
+
+openldap2.3 (2.3.38-1) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Drop debian/patches/use-lpthread, which is no longer needed on mips*
+ because gcc has been fixed.
+ * Drop debian/patches/add-autogen-sh, also no longer needed now that
+ the above patch is gone.
+
+ [ Matthijs Mohlmann ]
+ * Fix bashism in initscript. (Closes: #428883)
+ * Drop upstream patches ITS4924, ITS4925 and ITS4966.
+ * Add patch for objectClasses which causes slapd to crash. (Closes: #440632)
+ - CVE-2007-5707.
+ - Upstream bug ITS5119.
+ * Change default loglevel to none, to log high priority messages.
+ (Closes: #442000)
+ * Tighten up the build dependencies, now that autogen patch is removed.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 17 Sep 2007 22:58:54 +0200
+
+openldap2.3 (2.3.35-2) unstable; urgency=low
+
+ * Enable LAN Manager password support in slapd. (Closes: #245341)
+ * If automatic configuration is selected and slapd.conf doesn't exist
+ during an upgrade, treat this as a fresh installation rather than
+ aborting with an error. Also try to provide a better error message if
+ the user has deleted /etc/ldap/schema but we just generated a new
+ configuration that references it. These cases can occur if someone
+ removes (rather than purges) the package, manually deletes /etc/ldap,
+ and then reinstalls. (Closes: #205010)
+ * Don't fail in slapd's postrm if /etc/ldap/schema has already been
+ deleted.
+ * Remove slapd conflicts with libbind-dev and bind-dev. There no longer
+ appears to be anything in those packages that would break slapd's
+ resolver. (Closes: #225896)
+ * Add libldap-2.3-0-dbg and slapd-dbg packages with detached debugging
+ information.
+ * db_recover is no longer required after changing DB_CONFIG; slapd now
+ detects changes itself and does the right thing. Also note in
+ README.DB_CONFIG the existence of the dbconfig slapd.conf parameter
+ and slapd's DB_CONFIG writing support. (Closes: #412575)
+ * Add options to /etc/default/slapd to let the system administrator tell
+ the init script to not start slapd on boot. (Closes: #254999)
+ * Redirect fd 3 to /dev/null in the slapd init script for additional
+ robustness when debconf is running. (Closes: #227482)
+ * Add to /etc/default/slapd a commented-out example of how to change the
+ keytab file used for GSSAPI authentication. (Closes: #412017)
+ * Use variables in /etc/init.d/slapd for the paths to slapd and slurpd
+ so that someone who really wants to can override them in
+ /etc/default/slapd. (Closes: #403948)
+ * Allow people building packages for outside Debian to skip the checks
+ for non-DFSG-free material by setting a variable. Thanks, Peter
+ Marschall. (Closes: #427245)
+ * Remove duplicate libldap-2.3-0 dependencies. (Closes: #408987)
+ * Use binary:Version instead of Source-Version for the tight
+ dependencies between slapd and ldap-utils and libldap-2.3-0.
+
+ -- Russ Allbery <rra@debian.org> Mon, 11 Jun 2007 20:26:26 -0700
+
+openldap2.3 (2.3.35-1) unstable; urgency=low
+
+ * New upstream release with many bug fixes.
+ - Allow syncprov to follow aliases. (Closes: #422087)
+ * Apply upstream patches:
+ - ITS#4924: client crash on incorrectly tagged result from server.
+ - ITS#4925: NOOP modify with BDB backend crashed slapd.
+ - ITS#4966: Delete of valsort-controlled entries crashed slapd.
+ * Enable SLAPI support. (Closes: #390954)
+ * Re-enable use of the epoll system call since Debian no longer supports
+ 2.4 kernels. This means that the OpenLDAP packages will not work on
+ pre-2.6 kernels.
+ * Remove schema files that contain text from IETF RFCs from the upstream
+ source since that text is not DFSG-free. Instead, install stripped
+ versions of those schema files containing only the functional
+ interface specifications, a comment explaining why this is needed, and
+ a pointer to the relevant RFC. (Closes: #361846)
+ * Document the repackaging of the upstream source in debian/copyright.
+ * Update config.guess and config.sub during the build instead of in the
+ clean target and remove them in the clean target for a clean diff.
+ Build-depend on autotools-dev so that we can unconditionally copy over
+ the latest versions.
+ * Added commentary and upstream ITS numbers for several patches
+ applicable upstream.
+ * Use debian/compat rather than the deprecated DH_COMPAT rules setting.
+ * Update to debhelper compatibility level V5 (no changes required).
+
+ -- Russ Allbery <rra@debian.org> Wed, 30 May 2007 22:42:28 -0700
+
+openldap2.3 (2.3.30-5) unstable; urgency=low
+
+ [ Steve Langasek ]
+ * Add Portuguese debconf translation; thanks to Tiago Fernandes.
+ Closes: #409632.
+ * Re-add .la files to the slapd package, for greater compatibility
+ with upstream documentation.
+
+ [ Russ Allbery ]
+ * When starting slapd, create a symlink from /var/run/ldapi to
+ /var/run/slapd/ldapi for compatibility with 2.1 client libraries.
+ Closes: #385809.
+ * Apply upstream patch to prevent a race condition in slapd when
+ shutting down connections.
+ * Update the Brazilian Portuguese debconf translation; thanks to Felipe
+ Augusto van de Wiel.
+
+ -- Russ Allbery <rra@debian.org> Thu, 8 Mar 2007 18:21:02 -0800
+
+openldap2.3 (2.3.30-4) unstable; urgency=low
+
+ * Ok, argh, it helps to check that the function being re-added to the
+ preinst hasn't been removed again from the common include. Re-add
+ break_on_ldbm_to_bdb_migration_disagree, because by all appearances
+ we /should/ be using this in the preinst. Closes: #411474.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 19 Feb 2007 03:55:22 -0800
+
+openldap2.3 (2.3.30-3) unstable; urgency=medium
+
+ [ Matthijs Mohlmann ]
+ * Added spanish translation. (Closes: #404250)
+ * Documentation updates backported from upstream.
+ * Fix a security bug in kerberos kbind code. (Only used when enabling with
+ --enable-kbind option) But better safe then sorry.
+ * Backported a mem leak fix on failed binds.
+ * Added patch from upstream that fixes a memory leak in ACLs that use sets.
+
+ [ Steve Langasek ]
+ * *Really* abort in preinst if the user doesn't accept the upgrade
+ from ldbm to bdb. Closes: #392747.
+ * Set the name of debian/slapd.NEWS right so that it gets
+ installed in the binary package. Closes: #409923.
+ * Add Russian debconf translation; thanks to Yuri Kozlov.
+ Closes: #405706.
+ * Add Galician debconf translation; thanks to Jacobo Tarrio.
+ Closes: #407267.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 18 Feb 2007 16:47:16 -0800
+
+openldap2.3 (2.3.30-2) unstable; urgency=low
+
+ * Make sure that the pidfile directory doesn't exist in the init script.
+ (Closes: #402705)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Tue, 12 Dec 2006 21:34:44 +0100
+
+openldap2.3 (2.3.30-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixed authzTo/authzFrom URL matching.
+ - Fixed syncrepl consumer memory leaks.
+ - Fixed slapd-hdb livelock.
+ - Fixed slapo-ppolicy external quality check.
+ - Fixed ldapsearch(1) man page acknowledgement.
+ * Added patch to make sure that the pidfile directory exists.
+ (Closes: #390337)
+ * Do not ask the question allow ldap v2 logins when user wants manual
+ configuration. (Closes: #401003)
+ * Add patch to look also in /etc/ldap/sasl2 for sasl configuration.
+ (Closes: #398657)
+ * Removed db4.2-util recommend, the slapd binary includes checking code to
+ fix DB errors.
+ * Updated README in schema directory. It doesn't list collective.schema
+ anymore. (Closes: #287358)
+ * Updated manpages to point to right paths. (Closes: #398790)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 9 Dec 2006 20:50:58 +0100
+
+openldap2.3 (2.3.29-1) unstable; urgency=medium
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ - Fixes Denial of Service through a certain combination of LDAP BIND
+ requests (CVE-2006-5779) (Closes: #397673)
+ * LSB section added to the init script.
+ * Updated README.Debian about running as non-root user (Closes: #389369)
+ * Updated de translation (Closes: #396096)
+ * Added some documentation / warning when running slapindex as root.
+ * Remove drafts and rfc from the tarball. (Closes: #393404)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 11 Nov 2006 11:24:42 +0100
+
+openldap2.3 (2.3.27-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release.
+ * pidfile location is changed 3 years ago, when people are upgrading from
+ back then they have a broken slapd because the openldap user is not able
+ to write to /var/run. (Closes: #380687)
+ * Patches by Quanah Gibson-Mount <quanah@stanford.edu>
+ - Fix one time memleak on startup in the accesslog db.
+ * Changed priority of libldap-2.3-0 to optional as it is only used by slapd.
+
+ [ Torsten Landschoff ]
+ * Remove RFC documents as they do not meet the DFSG.
+ + debian/rules: Check that the RFCs are gone to make sure it does not
+ get included again by accident.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 2 Sep 2006 00:33:44 +0200
+
+openldap2.3 (2.3.25-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release:
+ - Accepts 'require none' in slapd.conf (closes: #370023).
+ - Added patch to fix a bold issue in the manpage ldapsearch. Thanks to
+ Matt Kraai. (Closes: #355670)
+ * Added commented out rootdn parameter in slapd.conf. (Closes: #303245)
+ * Make the scripts output a bit more consistent.
+ * Fix a regression in the slapd packages. Data directory is /var/lib/ldap
+ and not /var/openldap-data, also adjust the manpages to reflect these
+ change. Thanks to Peter Marschall. (Closes: #368891)
+ * Removed script move_files, dh_install is used instead. (Closes: #368896)
+ * Dutch translation already updated. Closes: #375101)
+ * Documented that slapd is compiled with TCP wrappers (Closes: #351428)
+ * dpkg-reconfigure slapd now just reinstalls slapd and moves old databases
+ to /var/backups. Already done in previous version (Closes: #230366, #208056)
+
+ [ Torsten Landschoff ]
+ * debian/libldap-2.3-0.install: Ignore version information when installing
+ libraries. This way it does not need updating for each new upstream
+ release.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Wed, 26 Jul 2006 18:05:40 +0200
+
+openldap2.3 (2.3.24-2) unstable; urgency=low
+
+ * Switch slapd from running as root to running as user.
+ (Closes: #292845, #261696)
+ * Changing configuration in slapd.conf by the postinst will now also follow
+ includes. (Closes: #304488)
+ * Patches by Quanah Gibson-Mount <quanah@stanford.edu>
+ - fix a lock bug with a virtual root entry in the BDB backend.
+ - fix boolean logic in the overlays.
+ - fix that slurpd can use ldaps.
+ - fix initialization of auditdb.
+ - fix TLS concurrency issues.
+ - fix exop password change that didn't reset pwdMustChange.
+ - fix syncrepl that fails when no rootdn is defined.
+ * Add dependency on adduser.
+ * Specify the PATH variable in the init script. (Closes: #367981)
+ * Added patch to read config before dropping privileges.
+ * epoll(4) system call is missing on kernels <2.6, this causes slapd to
+ not work on 2.4 kernels. Added patch that remove the #define in
+ portable.in (Closes: #369352, #372194, #373233)
+ * In 2.3.24 slapd won't segfault if the moduleload directive appears
+ somewhere else. (Closes: #349011)
+ * Removed fileutils dependency, it's superseeded in Sarge already.
+ (Closes: #370013)
+ * Use find in combination with mv to move an old directory away.
+ (Closes: #306435)
+ * Updated Dutch debconf translation (Closes: #365172)
+ * Added an example backup script that can be put into cron (Closes: #319477)
+ * Make the db directories 0700. On new installations this is the default.
+ (Closes: #354450)
+ * Get rid of a '.' in front of a domain. (Closes: #318143)
+ * Added shadowLastChange to the ACL in the default slapd.conf
+ (Closes: #370550)
+ * Updated Japanese translation (Closes: #378565)
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 17 Jul 2006 18:22:45 +0200
+
+openldap2.3 (2.3.24-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream version. (Closes: #369544)
+ * Update patch slurpd-in-spool. (Closes: #368586, #368709, #368889)
+ * Added slapi-errorlog-file to be into /var/log (Closes: #368895)
+ * Removed patch configure.in-fix, incorporated upstream.
+ * Move debian/configure.options.new to debian/configure.options.
+ * Added patch to put ldapi socket in /var/run/slapd.
+ * Removed bdb recovery from the init.d script. This was introduced to fix
+ bug #255276. Now that slapd has the ability to check and recover from bdb
+ failures, this function is not needed anymore. (Closes: #369484, #369093)
+ * Updated the lintian overrides.
+
+ [ Torsten Landschoff ]
+ * Include man pages for accesslog and auditlog overlays, patch by
+ Peter Marschall (closes: #368888).
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Thu, 1 Jun 2006 08:16:02 +0200
+
+openldap2.3 (2.3.23-1) unstable; urgency=low
+
+ [ Matthijs Mohlmann ]
+ * New upstream release. (Closes: #308906, #310282, #353877, #335618, #315158)
+ (Closes: #310282, #319155)
+ * OpenLDAP checks database before starting up.
+ (Closes: #190165, #195079, #294701, #308416)
+ * move_old_database_away isn't called in a while loop anymore (which would
+ kill debconf interaction) (Closes: #299100)
+ * BDB_CONFIG file will be installed on new installations (Closes: #301292)
+ * Move to dh_install.
+ * Move to quilt patch system.
+ * Fix manpage.
+ * Make ldiftopasswd and fix_ldif executable. (fixes lintian warnings)
+ * Wipe passwords after we created the initial configuration.
+ * The config scripts is runned twice, this causes the password in
+ slapd/internal/adminpw to be empty. This fixes the issue with having an
+ empty password in the ldap database. (Closes: #343113, #347725)
+ * Added #DEBHELPER# token to fix a lintian warning.
+ * bdb has changed between major versions, so dump the database and import it
+ again for versions before 2.3.19.
+ * Remove comments from debian/control (The out commented control information
+ is actually in debian/control.dev)
+ * Enable all backends and overlays with: --enable-backends=mod and
+ --enable-overlays=mod
+ * Add | debconf-2.0 to unblock cdebconf transition (Closes: #332053)
+ * Added Danish debconf translation (Closes: #353897)
+ * Updated French debconf translation (Closes: #320739)
+ * Updated Vietnamese debconf translation (Closes: #319706)
+ * Updated Czech debconf translation (Closes: #356554)
+ * Encode the organization to utf8 (Closes: #236097)
+ * Disabled the LDBM backend. Break in preinstallation if user doesn't want
+ to migrate to BDB backend.
+ * Removed choice for LDBM backend from slapd templates. And some explanation
+ in that question about the LDBM backend.
+ * Add sizelimit and tool-threads and some documentation to slapd.conf
+ (Closes: #327808)
+ * slapd.scripts-common had two functions with the same name.
+ * Don't return a error message if hostname fails.
+ * Backup the config only once on upgrade.
+ * For new installations do not install a DB_CONFIG file but use the
+ slapd.conf as file for BDB/HDB configuration parameters. See: slapd-bdb(5)
+ * Added various "exit 0" to the installation scripts.
+ * Add configure.in patch to fix C comparison what should be bash (ITS#4416)
+ * Raise debconf configuration level from low to medium for
+ slapd/no_configuration.
+ * Updated Standards-Version to 3.7.2.0
+ * Added build-dependency on perl which is used in the debian/rules file.
+ Considered by lintian.
+ * Added lintian override for too-long-extended-description-in-templates, it
+ is an explanation about the backends.
+
+ [ Steve Langasek ]
+ * debian/slapd.templates: Fix typo durin -> during; re-run
+ debconf-updatepo, fixing up the fuzzies (closes: #319596).
+
+ [ Torsten Landschoff ]
+ * debian/slapd.scripts-common: Rename backend_supported to
+ upgrade_supported_from_backend for more clarity.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sat, 13 May 2006 00:28:11 +0200
+
+openldap2.2 (2.2.26-4) unstable; urgency=low
+
+ * [l10n] Vietnamese translations by Clytie Siddall (closes: #316623).
+ * debian/slapd.templates: Fix typos occured -> occurred (closes: #316624).
+ * libraries/libldap/url.c: Apply patch from upstream CVS to fix URI
+ parsing (closes: #317100).
+
+ -- Torsten Landschoff <torsten@debian.org> Tue, 19 Jul 2005 20:52:17 +0200
+
+openldap2.2 (2.2.26-3) unstable; urgency=low
+
+ * [SECURITY] Applied the patch available at
+ http://bugzilla.padl.com/show_bug.cgi?id=210
+ to force libldap to really use TLS when requested in /etc/ldap/ldap.conf
+ (cf. CAN-2005-2069). Clients still will use libldap2 from openldap2
+ source package so this is only to prepare unleashing the libraries of
+ OpenLDAP 2.2 for unstable...
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 3 Jul 2005 10:41:37 +0200
+
+openldap2.2 (2.2.26-2) unstable; urgency=low
+
+ * Assembled changes from patches supplied by Peter Marschall (thanks,
+ Peter):
+ | debian/move_files: Move slapd and slurpd to /usr/sbin and adjust symlinks
+ (closes: #316354).
+ + debian/slapd.links: Remove symlinks from /usr/sbin to /usr/lib.
+ | debian/rules: Don't install cron jobs needed for GnuTLS as long as we are
+ using OpenSSL.
+ | debian/control: Remove build-dependencies needed for GnuTLS
+ (closes: #316355).
+ + Require libsasl >= 2.1.18 as recommended by OpenLDAP project.
+ | Update quicktool patch from Quanah Gibson-Mount (closes: #316361).
+ | debian/slapd.init: Use /bin/sh as shell when running db_recover
+ (closes: #316350).
+ | debian/configure.options: Enabled dynlist and proxycache overlays
+ (closes: #316351).
+
+ * debian/po/de.po: Apply typo correction patch (closes: #313809).
+ * debian/po/fr.po: Apply updates by Christian Perrier (closes: #315122).
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 1 Jul 2005 12:53:18 +0200
+
+openldap2.2 (2.2.26-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/slapd.init: Run db_recover as the user configured for slapd
+ (closes: #311331).
+ * debian/po/cs.po: Add Czech translation by Miroslav Kure (closes: #312064).
+ * Run debconf-updatepo, oh my :(
+ * Update configure via libtoolize -cf; aclocal-1.4; autoconf2.50.
+ * configure.in: Try to fix memcmp check (probably does not work anymore, but
+ we should have a working memcmp on all Debian systems anyway).
+ * debian/rules: Remove config.{sub,guess} before installing new versions
+ (just in case there were symlinks for them...).
+
+ -- Torsten Landschoff <torsten@debian.org> Tue, 21 Jun 2005 12:06:40 +0200
+
+openldap2.2 (2.2.23-8) unstable; urgency=low
+
+ * debian/DB_CONFIG: Fixed the log cache configuration (used the wrong
+ command so there was about no effect).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:48:10 +0200
+
+openldap2.2 (2.2.23-7) unstable; urgency=low
+
+ * debian/slapd.scripts-common: Install the default DB_CONFIG for each
+ database loaded from LDIF which didn't have a DB_CONFIG before.
+ * (automatic) Updated config.sub and config.guess from autotools-dev.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:08:37 +0200
+
+openldap2.2 (2.2.23-6) unstable; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/po/ja.po: Merge updates from Kenshi Muto (closes: #303505).
+ * debian/po/fr.po: Merge updates from Christian Perrier (closes: #306229).
+ * debian/slapd.scripts-common: If the user enters the empty value for
+ the database dumping directory use the default value. Seems like the
+ readline interface does not care about the default value
+ (closes: #308234).
+ * debian/slapd.postinst: Make sure the debhelper commands are executed
+ in all cases (closes: #310422).
+ * Merged suggested changes by Eugene Konev to automatically run
+ db_recover before starting slapd (closes: #255276).
+ + debian/slapd.init: Run db_recover if enabled and available and no
+ slapd process running.
+ + debian/slapd.default: Add configuration option to disable it.
+ * Applied and improved patch by Matthijs Mohlmann to support migration
+ from ldbm to bdb backend.
+ + debian/slapd.config: Ask if migration is wanted.
+ + debian/slapd.postinst: Update configuration from ldbm to bdb if yes.
+ + debian/slapd.scripts-common: Implemented some parts in their own
+ functions.
+ * Add a README.DB_CONFIG.gz and reference it where referring to BDB
+ configuration.
+ * Update default DB_CONFIG with some senseful values.
+
+ Steve Langasek <vorlon@debian.org>:
+ * libraries/libldap_r/Makefile.in: make sure the ximian-connector ntlm
+ patch is applied to libldap_r, not just to libldap
+ * debian/move_files: make libldap a symlink to libldap_r, as carrying
+ two versions of this library around is more trouble than it's worth,
+ and can cause glorious segfaults down the line
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 May 2005 08:07:49 +0200
+
+openldap2.2 (2.2.23-5) unstable; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/lintian-overrides: Add. Contains lintian warnings/errors to
+ override for each package (plus comments).
+ + debian/move_files: Automatically install applying overrides into
+ each package.
+
+ Steve Langasek <vorlon@debian.org>:
+ * configure.in: reinstate the remainder of the fix for 195990 from
+ 2.1.22-2: give preference to -lpthread over -pthread in configure.in,
+ because some archs (mipsel, at least) don't like -pthread.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 24 Apr 2005 05:01:02 -0700
+
+openldap2.2 (2.2.23-4) unstable; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/control: Make the requirement for debconf a pre-dependency as
+ we are using it from the maintainer scripts.
+ * debian/slapd.preinst: Always use debconf (don't check for availability).
+ * debian/slapd.scripts-common: Remove the alert_user function which
+ was there to output an error message in case debconf is not available.
+
+ Steve Langasek <vorlon@debian.org>:
+ * debian/fix_ldif: Add code to fix up oddly formatted integer attribs;
+ limited use because it only fixes those attributes that we have
+ prior knowledge of (i.e., those in the default schemas we ship), but
+ it's something at least. Closes: #302629.
+ * debian/fix_ldif: Also change fix_ldif to not chew up everything that
+ has a # in the line: treat lines beginning with # as comments, but #
+ is a valid character in an attribute value.
+ * debian/rules: Fix the check for missing lib symbols to use
+ LD_LIBRARY_PATH, so the package builds on systems that don't already
+ have libldap-2.2-7 installed. Closes: #305785.
+ * debian/po/ja.po: Use the partial translation provided by Kenshi Muto.
+
+ Stephen Frost <sfrost@debian.org>:
+ * debian/slapd.scripts-common: Make sure - ends up at the end of the
+ bracket expression given to grep so it's not treated as a range
+ (closes: #302743).
+
+ -- Steve Langasek <vorlon@debian.org> Sat, 23 Apr 2005 22:01:20 -0700
+
+openldap2.2 (2.2.23-3) unstable; urgency=low
+
+ Steve Langasek <vorlon@debian.org>
+ * libraries/libldap_r/Makefile.in: Code that uses pthreads *must* be
+ linked with -pthread, even if it's a library; without this, the
+ libldap_r library ends up with dangling unversioned reference to
+ pthread_create() which gets resolved to a wrong version that causes
+ segfaults on 64-bit platforms. Closes: #304549.
+ * debian/rules: error out on build if an installed library has
+ undefined symbols; future-proofing against a repeat of #304549.
+ * debian/slapd.postinst: don't dump and reload directories unless we
+ know we're upgrading from an incompatible version! Closes: #304840.
+ * debian/slapd.scripts-common: don't use merge_logical_lines for
+ functions that will be writing back to the config; the code is not
+ as pretty now, but the output is much less ugly. Closes: #303243.
+ * debian/slapd.examples, debian/slapd.scripts-common,
+ debian/slapd.links, debian/move_files: install DB_CONFIG in
+ /usr/share/slapd/ instead of /usr/share/doc/slapd/examples/; this
+ simplifies the code, and ensures users who don't install
+ /usr/share/doc aren't penalized. Create links for the DB_CONFIG and
+ slapd.confg templates to /usr/share/doc/slapd/examples, since these
+ are worthwhile examples as well.
+ * Updated maintainer scripts to keep DB_CONFIG for LDAP databases over
+ upgrades (closes: #265860).
+ * Move slappasswd to the slapd package, since it's now a symlink and
+ isn't actually useful without the slapd binary (closes: #304339).
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 21 Apr 2005 01:29:57 +0200
+
+openldap2.2 (2.2.23-2) unstable; urgency=low
+
+ * debian/configure.options: Change localstatedir to /var from /var/run
+ as the current upstream version adds /run to that during runtime for
+ slapi sockets etc. Problem: The database location is specified relative
+ to localstatedir/openldap-data. Another thing to fix...
+ (closes: #298271, #304491).
+ * debian/slapd.scripts-common (load_databases): Reimplement automatic
+ fixing of LDIF data via the fix_ldif script. Only tried if an
+ initial slapadd using the original LDIF data fails. With this change
+ upgrading from woody for some simple cases does work again.
+ * Disabled the version check for Berkeley DB in upstream code. Any
+ libdb4.2 package should work but of course using the latest will give
+ you the best results (closes: #300851).
+ * debian/slapd.scripts-common (import_database): Removed, no longer used.
+ * debian/slapd.scripts-common: Store the diagnostic output from
+ slapadd and output it before aborting if the command failed.
+ * debian/po/fr.po: Use the translations provided by Christian Perrier
+ (closes: #304141).
+ * debian/slapd.scripts-common: Use the -q option during slapadd to
+ improve performance.
+ * debian/slapd.templates (slapd/dump_database_destdir): Apply rewording
+ changes from Thomas Prokosch. Gives the user more information about
+ the usage of that directory.
+ + Run debconf-updatepo to update the translation templates.
+ * debian/slapd.templates: Clean up the debconf templates of the slapd
+ packages by merging the changes suggested by Christian Perrier
+ (closes: #302829). Thanks, Christian!
+ + Changed the wording of some of the templates.
+ + Adapt to the DTSG (Debconf Templates Style Guide).
+ + Removed item slapd/admin which is not used anymore.
+ + Run debconf-updatepo and send new fr.po to Christian Perrier.
+ * debian/slapd.postinst: Make a backup copy of slapd.conf before changing
+ anything (closes: #304485).
+ * Trivial improvements:
+ + Don't ask to move contents of /var/lib/ldap if it does not even
+ exist (but also is not an empty directory...) in initial config.
+ + Move check for current installation status out of configure_dumping.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 14 Apr 2005 19:57:11 +0200
+
+openldap2.2 (2.2.23-1) unstable; urgency=low
+
+ * debian/slapd.scripts-common: Move all shell functions of the maintainer
+ scripts here to have it all in one place.
+ * Another pass over the maintainer scripts to remove cruft and tidy up
+ the code a bit. Fixed some bugs on the way.
+ * Test upgrade and installation revealed some bugs, mostly typos:
+ + return in shell actually is "return $?", not "return 0" as I though
+ + Referenced $src where $srcdir was meant.
+ + Only load old directories on upgrade and not during initial
+ installation.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 1 Apr 2005 18:50:21 +0200
+
+openldap2.2 (2.2.23-0.pre6) experimental; urgency=low
+
+ Torsten Landschoff <torsten@debian.org>:
+ * debian/slapd.postinst: Add a testing interface to test the helper
+ functions.
+ * debian/slapd.postinst: Make sure that debconf actually displays the
+ error message even if the user has already seen it before.
+ * debian/slapd.postinst (compute_backup_path): Make function more robust
+ in case we don't know the old version or the suffix of the database.
+ Converted the backup dir to a more simple scheme which should be save
+ against accidental overwriting.
+ * Rewrote part of the maintainer scripts for correct handling of
+ directory dumps in preinst. New debconf questions etc.
+ * Move the manpage of slappasswd to ldap-utils where slappasswd itself
+ is included (closes: #300212).
+ + debian/control: Add Replaces: slapd << 2.2.23-0.pre6 to ldap-utils.
+ + debian/move_files: Move slappasswd manpage into ldap-utils.
+ * debian/slapd.config: Don't fail if hostname is unset (pulled from
+ Ubuntu, thanks to Jeff Bailey).
+ * Applied patch by Quanah Gibson-Mount (directory administrator of Stanford)
+ to add -q option to some tools for quick operation without updating
+ logs. This is mostly for importing directories from LDIF backups.
+ * Go back to libdb4.2 as OpenLDAP is known to have problems with BDB 4.3.
+ + debian/control: Update dependencies for BDB 4.2.
+ + debian/slapd.scripts-common: Mark all databases before this version
+ as incompatible.
+ * Fix some bashisms in maintainer scripts.
+ * debian/slapd.postinst: Include the version of the backup in the
+ backup of a database directory.
+
+ Carlo Contavalli <ccontavalli@debian.org>:
+ * debian/slapd.init: Print command line if starting a daemon failed.
+ * debian/slapd.postinst: Handle hdb backend just as if it was bdb.
+ * debian/README.Debian: Add some notes about DB_CONFIG and how to run
+ slapd under a different uid/gid.
+ * Install an example DB_CONFIG file during initial configuration
+ + slapd.postinst: Add a function to implement this and hook it into
+ create_new_configuration.
+ + debian/DB_CONFIG: Example DB_CONFIG that is installed.
+ + debian/slapd.examples: Mark DB_CONFIG as an example.
+ * servers/slapd/daemon.c: Actually change the permissions of the
+ unix socket if requested using an ldapi url with x-mod.
+ * debian/slapd.scripts-common: change privileges of upgraded databases
+ as indicated by SLAPD_USER and SLAPD_GROUP variables.
+ * debian/slapd.scripts-common,slapd.postinst: corrected some minor
+ typos.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 1 Apr 2005 12:26:35 +0200
+
+openldap2.2 (2.2.23-0.pre5) experimental; urgency=low
+
+ * Apply NTLM patch from ximian-connector source package.
+ * debian/slapd.postinst: Fix small typo leading to upgrade failures.
+ Added some notes while wading through maintainer scripts.
+ * debian/slapd.postinst: Make slapadd more noisy, writing the new
+ directory to stderr if something goes wrong (should help for
+ bug #236097).
+ * Make slapd.init idempotent by adding --oknodo to start-stop-daemon
+ invocations (closes: #298741). Kudos to Bill Allombert for this
+ patch.
+ * slapd.postinst: Try to fix slapd.conf for syntactic and semantic changes
+ introduced upstream into 2.2.x.
+ * slapd.scripts-common: Make sure directories before 2.2.23 are dumped
+ and reloaded on upgrade.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 11 Mar 2005 18:54:57 +0100
+
+openldap2.2 (2.2.23-0.pre4) experimental; urgency=low
+
+ * Rename libldap2.2 to libldap-2.2-7 to match soname. Updated
+ debian/{control,rules,...}.
+ * Checked the usage of the ucdata files shipped with libldap2 before.
+ Actually they stem from liblunicode which is only linked to slapd.
+ Therefore those files are shipped with slapd now. This change is
+ relevant so that multiple libldap-2.2-x packages can coexist later.
+ * debian/control: Updated for slapd replacing files from libldap2.
+ * debian/control: Recommend db4.3-util instead of db4.2-util as we are
+ using the former version now for slapd.
+ * debian/control: Add Build-Depends for libperl-dev, this time for
+ real. I wonder what went wrong last time as it built correctly with
+ pdebuild (closes: #297123).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 28 Feb 2005 15:17:52 +0100
+
+openldap2.2 (2.2.23-0.pre3) experimental; urgency=low
+
+ * debian/slapd.prerm: Reformat and fix double stopping of slapd. Find
+ out which bug we are working around and document it.
+ * debian/configure.options: Enable ACI support (closes: #101602).
+ Looked through the source code and it seems to be properly
+ insulated to not make a difference when not used.
+ * .../Makefile.in: Remove -s option from install invocations and let
+ dh_strip handle stripping binaries (closes: #264448).
+ * debian/slapd.postinst: Code cleanup and reading, unused and duplicate
+ code removed. Main body still needs fixing.
+ * debian/slapd.postinst: Fixed chmod --reference calls to keep the
+ permissions of slapd.conf. Putting data into the file using shell
+ redirection recreates the file with default umask and owner, killing
+ the permissions we applied using chod --reference after creating the
+ file. Instead we change the permissions directly before renaming the
+ file now. Wrapped it into a function and update the owner as well.
+ How do we do this correctly for ACLs etc.!? Thanks to Carlo Contavalli
+ for pointing this out.
+ * servers/slapd/main.c: Log a warning if writing the pidfile or writing
+ the arguments file fails (closes: #261696).
+ * debian/control: Add missing build dependency for perl development
+ library (closes: #297123).
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 27 Feb 2005 17:44:03 +0100
+
+openldap2.2 (2.2.23-0.pre2) experimental; urgency=low
+
+ * servers/slurpd/slurp.h: Relocate the default spool directory to
+ /var/spool/slurpd again.
+ * Merged some changes done by Fabio M. Di Nitto for the ubuntu
+ distribution (thanks, Fabio!):
+ + debian/slapd.{postinst,conf}: Checkpoint BDB databases every 512kb
+ or 30 minutes by default.
+ + debian/slapd.scripts-common: Make is_empty_dir less noisy on first
+ install (cosmetic).
+ * Applied some changes suggested by Ondrej Sury:
+ + debian/rules: Add MAKEVARS variable and set datadir =
+ /usr/share/libldap2.2/ucdata instead of changing build/top.mk as
+ suggested.
+ + debian/move_files: Install /usr/share/libldap2.2 into libldap2.2
+ and remove duplicate ldap.conf manpage.
+ + debian/control: Let libldap2.2 dependon libldap2 for config files.
+ * Also in Ondrej's patch:
+ + doc/man/man8/slapd.8: Refer to slapd.conf instead of ldap.h for
+ loglevel documentation. Changed by ubuntu? I don't know...
+ * debian/slapd.README.Debian: Update TLS/SSL information.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 25 Feb 2005 14:44:59 +0100
+
+openldap2.2 (2.2.23-0.pre1) experimental; urgency=low
+
+ * Merge new upstream release 2.2.23.
+ * Change name of source package to openldap2.2.
+ * configure.in: Fix AC_LIBOBJ for configure2.50.
+ * Run libtoolize, aclocal-1.4 and autoconf2.50 to get a working
+ configure script.
+ * debian/slapd.init: Output failure reasons using "$failure" so that
+ no glob substitution is done. Had a hard time grokking why slapd
+ would mention the contents of the current directory in its error
+ message...
+ * debian/rules: Disable building -dev packages as we don't want
+ other packages to link against the new libraries before sarge.
+ Remove the binary-indep target from the binary dependends list.
+ * debian/control: Move packages that are no longer build into control-dev.
+ * debian/configure.options: Build against OpenSSL with --with-tls
+ (this can only be done for slapd itself, we need GnuTLS support
+ before enabling this for libldap2.2-dev).
+ * debian/control: Update build dependencies for libdb4.3 and OpenSSL.
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 23 Feb 2005 19:29:38 +0100
+
+openldap2 (2.2.18-0.pre2) experimental; urgency=low
+
+ * debian/check_config: Make sasl2 check more robust against file
+ format changes in config.status.
+ * debian/libldap2.shlibs: Remove.
+ * Update configure script using libtoolize, aclocal-1.4 and autoconf2.50
+ to fix wrong shared library dependency in libldap2.2 (depended on
+ libldap2 by linking against the system's liblber).
+ * debian/libldap2.README.Debian: Move to libldap2.2.README.Debian.
+ * Lintian cleanup:
+ + Run debconf-updatepo for debian/rules clean and manually as
+ requested.
+ + Update config.guess and config.sub in debian/rules clean as well.
+ First update done.
+ + debian/rules (install): Fix the manpage section of the admin commands
+ from 8C to 8.
+ + debian/rules (binary-arch): Run dh_fixperms to fix the permissions
+ on shared libraries.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 13 Jan 2005 11:53:28 +0100
+
+openldap2 (2.2.18-0.pre1) experimental; urgency=low
+
+ * New upstream release.
+ * Disable TLS for now.
+ * debian/rules: Don't run autoheader and autoconf.
+ * debian/configure.options: Recreated and updated for new setup.
+ * debian/rules: Move slapd, slurpd from /usr/lib to /usr/sbin.
+ * Rename library packages to include the OpenLDAP version.
+ * Remove /etc/ldap/ldap*.conf from libldap2.2 to avoid clash with
+ libldap2. Also add Replaces entry for libldap2 to allow overwriting
+ for now. Needs fixing...
+ * Instead of moving slapd from /usr/lib to /usr/sbin create a symlink.
+ Seems like slapadd etc. are now all included in the slapd binary
+ and all link to its binary.
+ * debian/rules: Run dh_link for arch dependend packages.
+ * configure: Fix broken libdb checking which forced static building of
+ back-bdb.
+ * debian/slapd.conf: Fix access directive to use "attrs=" instead of
+ "attribute=" which wasn't officially supported anyway.
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 3 Nov 2004 09:57:14 +0100
+
+openldap2 (2.1.30-3) unstable; urgency=high
+
+ * Urgeny high since previous releases were hardly usable (at least
+ with TLS).
+ * Roland Bauerschmidt <rb@debian.org>
+ + libraries/libldap/gnutls.c, libraries/libldap/tls.c,
+ include/ldap_pvt_gnutls.h: Use callback with
+ gnutls_certificate_set_params_function to generate dh_params and
+ rsa_params (this is also the way, it's done with OpenSSL). We need
+ GNUTLS 1.0.9 for this. With the new version of libgcrypt, we also
+ need to initialize threading explicitly. The previous
+ segmentation faults resulted from the *global* param structure
+ being recreated and freed for every session. Many thanks to
+ Matthias Urlichs who helped debugging a lot and also packaged
+ GNUTLS 1.0.16 very quickly... Closes: #244827.
+ + debian/control: Add build dependency to libgcrypt11-dev (we're
+ initializing it directly now) and change libgnutls10-dev to
+ libgnutls11-dev.
+ + libraries/libldap/gnutls.c: in tls_gnutls_need_{dh,rsa}_params
+ (formerly ldap_gnutls_need_...), create temp files more securely,
+ doing unlink before opening and opening them with O_EXCL. This is
+ necessary because under Linux 2.6 all threads have the same PID.
+ Thanks to Andrew Suffield for pointing this out.
+ + debian/slapd.cron.daily: cron job to remove GNUTLS rsa_export and
+ dh param cache files every day.
+ + debian/slapd.README.Debian: add note that we use GNUTLS rather
+ than OpenSSL.
+
+ -- Roland Bauerschmidt <rb@debian.org> Mon, 26 Jul 2004 18:41:23 +0200
+
+openldap2 (2.1.30-2) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/slapd.scripts-common: add missing space before !
+ Closes: #251036, #253633, #257513.
+ * Torsten Landschoff <torsten@debian.org>
+ + Applied patch by Ralf Hack to support non-standard config file
+ location in /etc/default/slapd (closes: #229195).
+ + Applied patch to fix handling of abandoned commands
+ (closes: #254183). Thanks to Peter Marschall for submitting it.
+ + Applied patch to fix memory leak after search (closes: #254184).
+ Thanks again, Peter!
+ + Applied trivial patch to support logging to DAEMON facility
+ as well as LOCAL* (closes: #254186). Here you are, Peter ;)
+
+ -- Roland Bauerschmidt <rb@debian.org> Fri, 09 Jul 2004 15:56:06 +0200
+
+openldap2 (2.1.30-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/control: Have slapd conflict with libltdl3 version 1.5.4-1
+ as with that version loading of .so files is broken which breaks
+ slapd (closes: #249152).
+ + Applied patch to fix Perl backend (closes: #245347). Kudos
+ to Peter Marschall.
+ + debian/configure.options: Enable building of Perl backend.
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/slapd.templates: replace 'domain' with 'DNS domain name'
+ which is little more specific
+ + debian/slapd.config: check if the domain has a valid syntax to
+ prevent slapadd from failing. Closes: #235749.
+ + New upstream version with fix for NS-MTA-MD5 hash length
+ checking. Closes: #226583.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 24 May 2004 23:33:21 +0200
+
+openldap2 (2.1.29-2) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/rules: Revert change to install ldapadd as symlink.
+ Somehow, with that change, ldapadd didn't get installed at all.
+ Closes: #243537.
+
+ -- Roland Bauerschmidt <rb@debian.org> Tue, 13 Apr 2004 19:49:55 +0200
+
+openldap2 (2.1.29-1) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>
+ + libraries/gnutls.c: Generate and store RSA/DH parameters,
+ based off a patch by Petr Vandrovec (though changed alot).
+ Closes: #234639, #234593
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + Merged new upstream release.
+ + debian/slapd.prerm: add #DEBHELPER# token.
+ + debian/control: have slapd depend on debconf (>= 0.5) to ensure
+ it supports the seen flag.
+ + debian/rules: ldapadd is installed as a hardlink to ldapmodify;
+ use a symlink instead.
+ + debian/slapd.{scripts-common,postinst,preinst,config}: Add new
+ function read_slapd_conf that evaluates include statements.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 12 Apr 2004 15:27:55 +0200
+
+openldap2 (2.1.26-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + Merged new upstream release.
+ + debian/slapd.templates (slapd/purge_database): Set default value to
+ false.
+ + debian/slapd.config (manual_configuration_wanted): Don't exit
+ from the script directly if the user wants to configure
+ slapd manually (exit 0 -> return 0).
+ + Build-depend on libgnutls10-dev instead of libgnutls7-dev and
+ rebuild (closes: #233833).
+ + Move previous content of /var/lib/ldap away during creation of
+ an initial directory (closes: #228886, #233512).
+ + debian/slapd.postrm: Remove flag files in /var/lib/slapd on purge.
+ + Removed functionality (verbose error messages) from gnutls.c until
+ it compiled with libgnutls10-dev :-((
+ + debian/slapd.postinst: Overwrite existing /etc/ldap/slapd.conf (only
+ reached during initial installation/dpkg-reconfigure).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 23 Feb 2004 09:36:32 +0100
+
+openldap2 (2.1.25-1) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + New upstream version.
+ - Build against libdb4.2. Hopefully, this resolves the BDB
+ lock ups when configured improperly.
+ + debian/control: Have ldap-utils depend on the same version of
+ libldap2, and libldap2 conflict with ldap-utils (<= 2.1.23-1).
+ Closes: #216661.
+ + debian/slapd.{templates,config}: Check if there are slave
+ databases in slapd.conf lacking an updateref option, and warn
+ about it. Closes: #216797.
+ + debian/slapd.{templates,config,postinst,conf}: Ask which
+ database backend to use (BDB or LDBM).
+ + debian/slapd.README.Debian: cleanup
+ + servers/slapd/back-bdb/dbcache.c: Turn off subdatabases. This
+ is an incompatible database format change, but according to
+ Howard Chu "using them (subdatabases) is known to cause deadlocks
+ on multiprocessor machines, among other issues."
+ + debian/control: add Recommends: db4.2-util to slapd
+ + debian/control: add Recommends: libsasl2-modules to slapd and
+ ldap-utils. Closes: #224058.
+ + debian/slapd.{scripts-common,preinst,postinst}: Extended dump
+ and restore code to deal with different versions for different
+ backends.
+ + debian/control: Geez, centipede seems to have vanished a long
+ time ago. So don't claim it's included in the slapd package.
+ + debian/slapd.docs: created with servers/slapd/back-sql/
+ rdbms_depends. Closes: #225807.
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/move_files: Install slappasswd into ldap-utils instead
+ of slapd as it's useful without slapd as well (closes: #228705).
+ + debian/control: Make ldap-utils Replaces: slapd < 2.1.25 because
+ of that change.
+ + debian/control: Use libdb4.2-dev instead of libdb4.1-dev as a
+ number of problems seem to be related to DB 4.1.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 6 Feb 2004 20:48:22 +0100
+
+openldap2 (2.1.23-1) unstable; urgency=low
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + New upstream version.
+ + Applied fix for admin password breakage from Michael Beattie
+ <mjb@debian.org>. Closes: #214270.
+ + Added Dutch Debconf template translation by cobaco@linux.be.
+ Closes: #215373.
+ + Bumped Standards-Version (no changes needed).
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/move_files: Install slappasswd into ldap-utils instead
+ of slapd (closes: #228705).
+
+ -- Roland Bauerschmidt <rb@debian.org> Sat, 18 Oct 2003 19:56:54 +0200
+
+openldap2 (2.1.22-3) unstable; urgency=low
+
+ * Call perl -w to run debian/dh_installscripts-common. Closes: #214054.
+
+ -- Roland Bauerschmidt <rb@debian.org> Sat, 4 Oct 2003 14:22:11 +0200
+
+openldap2 (2.1.22-2) unstable; urgency=high
+
+ * Stephen Frost <sfrost@debian.org>
+ + servers/slapd/daemon.c: Apply patch from head for select handling.
+ + debian/rules: Fix build options to optimize correctly and to use
+ DEB_BUILD_OPTIONS (Policy, 10.1). Closes: #202306
+ + debian/slapd.conf: Add in ACL for root DSE explicitly.
+ + debian/slapd.init: Add --oknodo in stop_slurpd. Closes: #202592
+ + debian/rules: Need quotes around $(CFLAGS) on configure line.
+ + debian/slapd.init: Remove \'s before quotes around pidfile.
+ + debian/slapd.init: Add support for -h slapd flag. Closes: #201991
+ + debian/slapd.default: Add variable $SLAPD_SERVICES for slapd -h.
+ + libraries/libldap/tls.c: Apply patch from asuffield in #202741 to
+ fix subjectAltName usage. Closes: #202741
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + Fix invocation of "head" in maintainer scripts and replace usage of
+ [ foo -a bar ] by [ foo ] && [ bar ] (closes: #203292).
+ + debian/slapd.postrm: Small cleanup, only remove the directory, not
+ the backups, on purge.
+ + debian/rules: Don't run the upstream install target if we did not
+ rebuild the whole tree. Makes debugging maintainer script much more
+ tolerable.
+ + debian/slapd.config: Cleaned up and restructured for readability.
+ + debian/slapd.templates: Replaced the invalid_suffix template with
+ invalid_config which is more general and can be used for any
+ inconsistency in the initial configuration.
+ + debian/slapd.postinst: Rewritten to eliminate all that spaghetti.
+ Did not yet implement all old features again...
+ - Now the #DEBHELPER# part is always reached so that the daemon
+ will be restarted even if no automatic configuration is wanted
+ (closes: #204008).
+ + Fixed the undefined symbols in libldap_r.so.2 (closes: #195990).
+ | configure.in: Try -lpthread before -pthread to link the thread
+ library. libtool does not pass -pthread through, -lpthread seems
+ to work though.
+ | libraries/libldap_r/Makefile.in: Add $(LTHREAD_LIBS) to
+ UNIX_LINK_LIBS so that pthread is linked when creating a shared library
+ as well.
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + debian/configure.options: change --localstatedir=/var/lib to
+ --localstatedir=/var/run. Since localstatedir isn't used anywhere
+ in the code, except for the ldapi socket (and examples in the
+ manpages which are correct at the moment anyway), all this change
+ does should be changing the default location of the ldapi socket
+ from /var/lib/ldapi to /var/run/ldapi. Closes: #160965.
+ + libraries/libldap/tls.c: In get_ca_list, walk through CACERTDIR
+ manually if building against GNUTLS (since there is no equivalent
+ to SSL_add_dir_cert_subjects_to_stack). Closes: #205609.
+ + debian/slapd.preinst: create /var/backups/ldap/$oldver with
+ permissions 0700. Also change permissions for /var/backups/ldap
+ to 0700 if it already exists. Closes: #209019.
+ + Added Japanese translation of Debconf templates by Kenshi Muto
+ <kmuto@debian.org>. Closes: #210731.
+ + debian/slapd.{postinst,preinst,config}: Replaced duplicate
+ implementations of the same functions with one version and moved
+ those into debian/slapd.scripts-common which will be included by
+ debian/dh_installscripts-common.
+ + debian/slapd.preinst: before dumping the database, check if the
+ backend is supported
+ + debian/slapd.postinst:
+ - add -q to grep call for allow bind_v2
+ - readded pre-2.1 (woody) upgrade path (that is, dumping, fixing
+ and reimporting the database)
+
+ -- Roland Bauerschmidt <rb@debian.org> Fri, 3 Oct 2003 15:35:29 +0200
+
+openldap2 (2.1.22-1) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>:
+ + New upstream version (minor changes).
+ + debian/control: Change build-deps to autoconf2.13, Closes: #201482
+ + debian/rules: Add dh_compress -i for binary-indep.
+ + debian/slapd.postinst: Give variable for read (avoids bashism).
+ + configure/.in: Use upstream's version of back-meta/back-ldap fix.
+
+ -- Stephen Frost <sfrost@debian.org> Wed, 16 Jul 2003 08:42:23 -0400
+
+openldap2 (2.1.21-2) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>:
+ + debian/slapd.preinst: slapcat here if possible, if slapcat not
+ available then slapcat in postinst. Also remove old unused
+ function.
+ + debian/slapd.postinst: Check if slapcat in preinst worked and use
+ those results in preference. Also moved to using /var/backups/ldap.
+ + servers/slapd/daemon.c: Provide more information on socket/bind
+ failures. Patch submitted upstream. Closes: #94967.
+ + ./configure, ./configure.in: Fix check for back_ldap in back_meta.
+ back_ldap now included as module. back_ldap and back_meta appear
+ to load fine, though order may matter. Closes: #196995.
+ + debian/control: Add versioned Depends on perl, need recent version
+ for migration script.
+ + debian/slapd.{pre,post}inst: Allow for whitespace in postinst
+ before database definitions
+ + debian/control: Drop the libldap2-dev Depends that aren't actually
+ necessary.
+ + debian/slapd.preinst: Add create_sed_script to create the script to
+ deal with multi-line commands in slapd.conf. Modify things to use
+ sed script to preprocess slapd.conf before using it. Remove
+ support for whitespace preceeding commands.
+ + debian/slapd.postinst: Add create_sed_script here too and modify
+ everything to use it as necessary. Also change everything to
+ reference $SLAPD_CONF instead of /etc/ldap/slapd.conf everywhere.
+ Remove support for whitespace preceeding commands.
+ + debian/slapd.postinst: Removed all tabs. Changed all sed scripts
+ to used [:space:] instead of [space tab].
+ + debian/slapd.postinst: Removed debugging statements from ldap_v2
+ support handling code.
+ + debian/slapd.preinst: Changed to use mktemp for sed script.
+ + debian/slapd.postinst: Changed to use mktemp for sed script.
+ + debian/slapd.config: If no hostname set just use debian.org.
+ + contrib/ldapc++/config.{sub,guess}: Resync back to upstream, no
+ reason not to, we don't even build this stuff...
+ + debian/control: Change build-depends to libgnutls7-dev instead of
+ libssl-dev.
+ + debian/rules: Now run autoconf && autoheader to pick up on the
+ configure.in changes needed for GNU TLS.
+ + debian/copyright: Added Steve Langasek (SL) copyright statement.
+ + Patch from Steve Langasek for GNU TLS support, Closes: #198553
+ | include/ldap_pvt_gnutls.h: Added for GNU TLS
+ | configure.in: Now uses GNU TLS where available.
+ | servers/slapd/schema_init.c: Modified for GNU TLS- some functions
+ removed because GNU TLS layer does not support them yet.
+ | build/install-sh: Added for new autoconf.
+ | libraries/libldap/Makefile.in: Changed to compile GNU TLS portions.
+ | libraries/libldap/getdn.c: Stub function added, GNU TLS layer does
+ not support TLS certificates for authentication yet.
+ | libraries/libldap/tls.c: Now calls GNU TLS functions instead of
+ OpenSSL.
+ | libraries/libldap/gnutls.c: Added to support GNU TLS in place of
+ OpenSSL for TLS connections.
+ | libraries/libldap_r/Makefile.in: Changed to compile GNU TLS portions.
+ + debian/slapd.postinst: remove temp file if upgrading or doing a
+ reconfigure but the OLDSUFFIX and basedn match so that we do not
+ move an empty file overtop of slapd.conf. Closes: #190797.
+ + debian/slapd.init: Inform user when not starting slapd due to
+ no configuration file found. Deals with users who select to not
+ configure slapd during installation.
+ + debian/slapd.init: Removed cat <<-EOF and got rid of associated
+ tabs; best to not depend on tab vs. space distinction.
+ + debian/slapd.config: Change debconf question names to be fully
+ qualified in the $var from the for loop- organization is under
+ shared/ and domain is under slapd/, not both under slapd/.
+ + debian/slapd.postrm: Can not depend on debconf being around in
+ postrm so check before attempting to source it. Also protect
+ against failure from db_get.
+ + debian/slapd.postinst: Check for old directory and move it out
+ of the way if it exists on new configure or reconfigure.
+ + debian/slapd.postinst: Fix db_input's for error messages,
+ should be high priority and need to || true them.
+ + debian/slapd.postinst: Do not error exit once we've told the
+ user about the problem, if there was one, with slapcat/slapadd.
+ + debian/slapd.postinst: Make sure we get the organization before
+ we attempt to fix_ldif on old slapcat output. Default to unknown
+ if the organization is not set.
+ + debian/slapd.postinst: Be sure that slapd has been stopped before
+ attempting to fix and slapadd old slapcat.
+ + debian/slapd.postinst: Do not use --exec with s-s-d in postinst.
+ + debian/slapd.postinst: grep calls need to be || true'd when no
+ matching lines found is possible (this case is handled).
+ + debian/slapd.postinst: Be very sure slapd has stopped before
+ attempting to upgrade database.
+ + debian/slapd.preinst: Use either the pidfile or exec if pidfile
+ is not available when stopping. Do not put \"\" around pidfile.
+ Use $oldver instead of $2.
+ + debian/slapd.config: Reask questions on a reconfigure. Use the
+ same logic as slapd.postinst for when to ask questions regarding
+ the db. Be sure to db_go after db_input's.
+ + debian/slapd.templates: Fix allow_bind_v2 short description to
+ make more sense since the default is off.
+ + debian/slapd.preinst: Use perl instead of sed for handling conf.
+ + debian/slapd.postinst: Use perl instead of sed for handling conf,
+ use old sed method to insert \n's, user invoke-rc.d when slapd
+ needs to be stopped. Assume preinst shuts slapd down for upgrade.
+ + debian/slapd.postinst: Only stop slapd on reconfigure.
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + doc/man/man8/slapd.8: Refer to slapd.conf(5) for a description of
+ the debugging level (closes: #176980).
+ + debian/move_files: Kill of the static archives of our backend
+ modules as they are of absolutely no use.
+
+ * Steve Langasek <vorlon@debian.org>:
+ + debian/slapd.postinst: Add a new function, get_database_list, that
+ prints out the list of configured databases from slapd.conf
+ one row at a time. Move all of the upgrade handling into a
+ loop, and iterate through the configured databases. Since the
+ while loop is in fact a subshell, be sure to handle errors
+ correctly. We also have to look at the configured directory
+ for each database, instead of assuming /var/lib/ldap.
+ Closes: #190155, #190156.
+ + debian/slapd.preinst: Simplify the handling of error status: if
+ the slapcat fails, just remove the ldif file. Also, add the
+ suffix to the name of the output file, and add the
+ get_database_list function here as well.
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + debian/rules: call dh_makeshlibs with -plibldap2 rather than just
+ with libldap2
+ + debian/slapd.postinst: Add question about no configuration.
+ + debian/slapd.templates: Add template for no config question.
+ + debian/slapd.templates: Add template for invalid suffix.
+ + debian/slapd.config: Add no configuration option. Closes: #87986
+ + debian/slapd.config: Complain to the user on invalid domain/org.
+
+ -- Stephen Frost <sfrost@debian.org> Tue, 15 Jul 2003 12:37:05 -0400
+
+openldap2 (2.1.21-1) unstable; urgency=low
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + Merged new upstream release.
+
+ * Stephen Frost <sfrost@debian.org>:
+ + debian/control: Add libbind-dev and bind-dev to the conflicts for
+ slapd, the libs in them can end up being used even when not
+ compiled against causing getaddrinfo() to fail. Closes: #166777
+ + debian/copyright: Flush out the copyright file to include all found
+ copyrights and updates to those.
+ + debian/copyright: Add clarification of MA license
+ + debian/copyright: Add clarification of JC license
+ + debian/slapd.templates: More clearly inform users of important
+ config change. Closes: #194192.
+ + debian/control: Remove patch from build-depends (dpkg-dev depends on it)
+ + debian/fix_ldif: Correctly handle base64-encoded DNs. Closes: #197014.
+ + debian/slapd.templates: Added templates for asking about LDAPv2 support
+ and telling the user of slapcat/slapadd failures during upgrade.
+ + debian/slapd.postinst: Added support for adding LDAPv2 support
+ + debian/slapd.postinst: Modified to handle slapcat/slapadd failure.
+ In the event of an upgrade failure the database will be left untouched
+ and the user notified. Closes: #192431
+ + debian/slapd.postinst: Use ldif_dump_location in more places...
+ + debian/slapd.prerm: Check if upgrade failed and assume bad old init.d
+ script was used and attempt to shut down slapd with --oknodo in case
+ slapd isn't running. Closes: #193854. (Again)
+ + debian/slapd.conf: Add commented out allow line
+ + debian/rules: Tell dh_installinit to not touch slapd.prerm now.
+ + debian/slapd.postinst: Do a dry-run with slapadd first and check if
+ that worked or not. If it did not work then tell the user, otherwise
+ do a real slapadd which should work.
+ + debian/slapd.postinst: Make sure slapd is stopped before doing
+ slapadd/slapcat's and the like. (Note: The woody version does not
+ stop slapd). Closes: #189777.
+ + debian/slapd.postinst: Check if directories exist before attempting
+ to mkdir them. Closes: #189947
+ + debian/slapd.README.debian: Add note about runlevel issue.
+ Closes: #175736
+ + debian/move_files: Copy ldiftopasswd into /usr/share/slapd for users
+ to use, if they find it useful. Closes: #94963.
+ + debian/slapd.README.Debian: Added note about ldiftopasswd.
+
+ * Roland Bauerschmidt <rb@debian.org>:
+ + debian/slapd.postinst: fixed typos and check for the existence of
+ slapd.conf before reading it.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 19 Jun 2003 17:35:32 +0200
+
+openldap2 (2.1.17-3) unstable; urgency=low
+
+ * Stephen Frost <sfrost@debian.org>:
+ + debian/slapd.init: Add --oknodo for stopping slapd. Closes: #192423, #193854.
+ + debian/slapd.init: Change START_SLURPD to SLURPD_START. Closes: #190724.
+ + debian/libldap2.shlibs: Bump to 2.1.17- 2.1.12 never hit the archive.
+ These should only be bumped when new symbols are added so we should
+ figure out a way to handle checking that.
+ + debian/slapd.dirs: Added /var/run/slapd for pidfile
+ + debian/slapd.conf: Moved pidfile to /var/run/slapd; Needed if running
+ non-root.
+ + debian/slapd.conf: Clean up config file, be more explicit about what
+ directives are 'general', 'backend', and 'database'. Moved and
+ commented out 'replogfile' since it is database specific, wasn't doing
+ anything where it was and use of it depends on slurpd usage.
+ I consider this solving #151511 since we don't ask if you want to use
+ replication anymore anyway. Closes: #151511
+ + debian/copy_slapd_dev_files: Added to copy the include files for
+ building slapd back-ends.
+ + debian/control: Add warning about libslapd2-dev
+ + debian/control: Add build-depend on po-debconf for dh_installdebconf
+ + debian/slapd.default: Add option for settings SLAPD_CONF file
+ + debian/slapd.init: Changed to use SLAPD_CONF, setting it to
+ /etc/ldap/slapd.conf if it is not specified. Closes: #91318
+ + debian/control: Added libslapd2-dev to control file. Closes: #192163.
+ + debian/rules: Added binary-indep to the binary: build line and flushed
+ it out to build the libslapd2-dev deb. Added -k to dh_clean since we're
+ building arch and indep debs now.
+ + Maintainer upload, acknowledge NMU. Closes: #98039.
+ + Add debian/po/fr.po from 194740. Closes: #194740
+ + Add space before ']' on line 113 of postinst. Closes: #194192, #194943
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/control: Enforce libldap2 to be the same version as slapd
+ as slapd (legitimately) uses internal functions of that library
+ (closes: #190164).
+ + debian/slapd.postinst: Fix the regexp for finding the database
+ definitions.
+
+ * Steve Langasek <vorlon@debian.org>:
+ + debian/slapd.preinst: don't use debconf or ldapsearch in the
+ preinst, as this is a policy violation (even if a previous
+ version was installed, it could've been removed-but-not-purged).
+ Closes: #189811, #195029.
+ + debian/slapd.{pre,post}inst: dump & fix up the directory in the
+ postinst, not in the preinst -- using slapcat/slapadd, not
+ ldapmodify. This ensures that the dump will succeed whenever the
+ database is present, rather than depending on access to an admin
+ dn. Closes: #190085.
+ + debian/fix_ldif, debian/move_files, debian/copyright: add Dave
+ Horsfall's dn-fixing script, to handle objectClass upgrading
+ + debian/slapd.postinst: Skip the duplicate prompting for the
+ organization name; we're guaranteed to always have one.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 6 Jun 2003 16:56:16 +0200
+
+openldap2 (2.1.17-2) unstable; urgency=low
+
+ * The who-says-slavery-is-dead upload.
+ * Steve Langasek <vorlon@debian.org>:
+ + debian/slapd.postinst: Fix the database regexp.
+ + debian/slapd.postinst: Only add moduleload lines *once* on upgrade
+ from 2.0. Wrap the backup code with a check for
+ /var/lib/slapd/upgrade_2.0, to guarantee idempotency.
+ Closes: #190401.
+ + debian/slapd.{config,templates,postinst}: On dpkg-reconfigure,
+ don't wipe out an existing config; only merge in any requested
+ changes. Also, prompt before wiping out the existing db.
+ Closes: #190799.
+ + debian/slapd.{postinst,examples},debian/rules: Move slapd.conf
+ from doc/slapd/examples to /usr/share/slapd, per policy.
+ + debian/slapd.postinst: make sure slapd.conf is always created
+ atomically.
+ + debian/slapd.postrm: If removing databases on package purge,
+ remove any database backups as well.
+
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/configure.options: Disable ACIs because they are still
+ experimental.
+ + debian/control: Change section and priority of libldap2-dev to
+ libdevel and extra respectively (dinstall message).
+ + debian/slapd.preinst: Only query the object classes of the root
+ dn if there was no error parsing the config.
+ + Update templates for po-debconf using the patch submitted by
+ Andre Luis Lopes (closes: #189933).
+ + Use [[:space:]] instead of [\t ] in sed invocations since the
+ latter does not seem to work (reported by Daniel Lutz).
+ + debian/control: Add Replaces: entry for openldapd since ldif.5.gz
+ was included in the potato package of that name (closes: #190660).
+ + debian/control: Tighten the build dependency on libtldl3-dev as
+ versions before 1.4.3 required the .la file for dynamic binding
+ (thanks to Josip Rodin for pointing this out).
+
+ -- Torsten Landschoff <torsten@debian.org> Sat, 19 Apr 2003 02:28:32 +0200
+
+openldap2 (2.1.17-1) unstable; urgency=low
+
+ * New upstream release.
+ * Torsten Landschoff <torsten@debian.org>:
+ + debian/slapd.init: Improve the error reporting. If nothing is output
+ by the failing command don't leave the user alone but print a hint
+ to look into the logfile etc.
+ + debian/control: Require at least version 2.1.3 of libsasl2-dev
+ as this is what the configure script checks for. Pointed out by
+ Norbert Tretkowski.
+ + debian/slapd.{pre,post}inst: Small cleanups, added some comments,
+ adapted for the removal of the .la files in slapd package.
+
+ -- Torsten Landschoff <torsten@debian.org> Sat, 19 Apr 2003 01:59:26 +0200
+
+openldap2.1 (2.1.16-1) unstable; urgency=low
+
+ * New upstream release.
+ + build/top.mk: Remove patch to omit "-static" at linking time. Upstream
+ now respects the --enable-shared flag used at configuration time.
+ + debian/slapd.postinst: Automagically add the module load directives
+ after upgrade as needed.
+ + debian/slapd.config:
+ - Only ask questions to create a new directory on fresh install.
+ - Ask wether the right modules should automatically be loaded in
+ slapd.conf.
+ + debian/slapd.templates: Add the templates for autoloading modules
+ and fixing the directory.
+ + debian/slapd.preinst: New script to support upgrading from 2.0.
+ The old prerm did not stop the daemon so we have to do it here.
+ Also a first attempt to fix broken LDAP directories not acceptable
+ to 2.1.
+ - Conditionally load debconf when upgrading as it only has to
+ be available in that case.
+ + debian/slapd.preinst: Dump database before upgrade.
+ + debian/slapd.postinst: Recreate database from dump after upgrade.
+ Move old database out of the way.
+
+ * Roland Bauerschmidt <rb@debian.org>
+ + debian/slapd.README.Debian: mention that backend database modules are
+ now compiled as shared objects
+
+ * Stephen Frost <sfrost@debian.org>
+ + debian/slapd.conf: Drop the '.la' file extension
+ + debian/move_files: Drop and rm the .la files, they aren't necessary.
+ + debian/slapd.README.Debian: Dropped the .la from the module_load line.
+ + servers/slapd/daemon.c: check slapd_srvurls is not NULL before
+ deref; included in upstream CVS.
+ + servers/slapd/back-*/init.c: Change the munged symbol names to
+ init_module, they do not need to be munged, and cause problems when
+ they are and not using .la files (which cause other problems)
+ + servers/slapd/module.c: Change to use lt_dlopenext() so we don't
+ need the .la files
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 26 Mar 2003 20:34:35 +0100
+
+openldap2.1 (2.1.12-1) experimental; urgency=low
+
+ * Initial release of OpenLDAP 2.1 packages. Closes: #167566, #178014.
+ - this includes support for the >= and <= operators. Closes: #159078.
+ - fixes various upstream bugs. Closes: #171008.
+
+ * Torsten Landschoff <torsten@debian.org>
+ - debian/check_config: Added script to check if OpenLDAP was configured
+ the way we want it.
+ - Don't build special TLS packages anymore - SSL is enabled in the
+ stock ldap library. Everything else will just give me more headaches.
+ - Build against libsasl2 instead of libsasl1. Closes: #176462.
+ - debian/control:
+ - Build-depend on debhelper 4.0 as debian/rules uses DH_COMPAT=4.
+ - Depend on coreutils | fileutils. Closes: #175704, #185676.
+ - Make libldap2 conflict with libldap2-tls which is obsolete now.
+ - debian/rules: Move the long list of configure options to a new
+ file debian/configure.options and read $(CONFIG) from that file.
+ - configure with --enable-aci. Closes: #101602.
+ - debian/slapd.init: Rewrite and add comments.
+ - Add support for running as non-root (closes: #111765, #157037).
+ - servers/slapd/main.c (main): Remove pid file on exit (closes: #162284).
+ - servers/slurpd/slurp.h: Change the default spool directory to
+ /var/spool/slurpd (avoids passing it via -t in init.d).
+ - servers/{slapd,slurpd}/Makefile.in: Install binaries into sbindir
+ instead of libexecdir.
+ - debian/control: Add Stephen Frost to the Uploaders field. Thanks
+ for your help, Stephen!
+ - contrib/ldapc++/config.{guess,sub}: Replaced with current files from
+ autotools-dev (lintian). Not actually neccessary since this part of
+ the package is not currently built but I think this is the best way
+ to shut up lintian :)
+ - build/mod.mk: Use -m 644 instead of -m 755 in installing shared
+ libraries. Shared libraries should not be marked as executable
+ (lintian).
+ - debian/libldap2.conffiles: Remove, since we are using version 4
+ of debhelper which tags everything in /etc as conffile by default.
+ - debian/rules: Change the mode of everything upstream installed into
+ /etc to 0644 as required by policy (lintian).
+ - debian/rules: Call dh_installdeb later in the binary target so that
+ the conffiles are already there for listing. Without this nothing in
+ /etc gets tagged as conffile... (lintian).
+ - debian/rules: Pass the start and stop priority of slapd to
+ dh_installinit in preparation for a postinst supported by debhelper.
+ - debian/rules: Call dh_installdirs again.
+ - Rewrite slapd.config, slapd.postinst, slapd.templates - a first try
+ in getting slapd to configure itself. Way to go.
+
+ * Roland Bauerschmidt <rb@debian.org>
+ - debian/control:
+ - build-depend on libdb4.1-dev instead of libdb4.0-dev
+ - conflict, replace, and provide libldap2-tls (libldap2)
+ - removed ldap-gateways binary package
+ - drop suggestion to obsolete openldap-guide. Closes: #171894, #146968.
+ - debian/rules:
+ - build with BDB backend
+ - run dh_installdeb
+ - only run dh_makeshlibs for libldap2
+ - debian/slapd.dirs: added to create /var/lib/ldap and /var/spool/slurpd
+ - debian/slapd.postinst:
+ - properly remove temporary files on errors. Closes: #160412.
+ - install init.d link if slapd.conf already exists. Closes: #159542.
+ - run db_stop even if package isn't configured for the first time. This
+ prevents hanging during upgrades.
+ - added debian/slapd.default and use it from debian/slapd.init.
+ Closes: #160964, #176832.
+ - added debian/slapd.README.Debian
+ - added versioned dependency on coreutils to make lintian quiet.
+ - added debian/slapd.postrm
+ - remove slapd.conf when package is purged
+ - remove /var/lib/ldap when slapd/purge_database is true
+ - remove /etc/ldap/schema if empty. Closes: #185173.
+ - debian/templates: added slapd/purge_database template
+ - build/top.mk: link against libcrypt before other SECURITY_LIBS
+ - debian/libldap2.shlibs: tighten dependencies. Closes: #181168.
+
+ * Stephen Frost <sfrost@debian.org>
+ - debian/control: added libltdl2-dev and libslp-dev to the build-depends
+ - Correct typo for back-sql init routine; already in OpenLDAP upstream
+ CVS
+ - Correct free of SASL interact results; already in OpenLDAP upstream CVS
+ - Duplicate the DN from SASL to ensure '\0' termination; already in
+ OpenLDAP upstream CVS
+ - debian/control: added Replaces: slapd (<< 2.1) for ldap-utils due to
+ ldif.5 move.
+ - Add modulepath /usr/lib/ldap to default slapd config
+ - Add moduleload back_bdb to default slapd config
+ - Changed libexecdir to ${prefix}/lib
+ - Add usr/lib/ldap to slapd portion of move_files
+ - Modified backend types to be built as modules for dynamic loading
+ - Fixed pt_BR translation
+
+ -- Roland Bauerschmidt <rb@debian.org> Sat, 15 Mar 2003 21:35:24 +0100
+
+openldap2 (2.0.27-3) unstable; urgency=high
+
+ * [SECURITY]: Apply the patch used by SuSE in SuSE-SA:2002:047
+ (or rather the parts of it not yet included upstream).
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 20 Dec 2002 04:47:15 +0100
+
+openldap2 (2.0.27-2) unstable; urgency=low
+
+ * debian/control: Make libldap2-dev depend on libssl-dev and
+ libsasl-dev, since those libs are pulled via the libldap.la file
+ (closes: #164791).
+ * debian/control: Add shlibs:Depends to libldap2-tls as well. Most
+ of those depends are pulled via libldap2 but of course libssl
+ is not among those. (closes: #169950).
+ * debian/libldap2-tls: Remove old divertions on "configure" and not
+ on "upgrade" - the latter is not really called.
+
+ -- Torsten Landschoff <torsten@debian.org> Fri, 22 Nov 2002 00:35:29 +0100
+
+openldap2 (2.0.27-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 6 Nov 2002 01:12:06 +0100
+
+openldap2 (2.0.23-14) unstable; urgency=low
+
+ * debian/rules: Remove search paths from .la files using some perl
+ trickery (closes: #110479).
+ * debian/libldap2.README.debian: Document the NSS problem which stops /usr
+ from being unmounted cleanly when using libnss-ldap (for more info
+ see bug#159771).
+
+ * Started cleaning up the maintainer scripts:
+ - Remove creation of the /usr/doc symlinks (lintian).
+ - Don't run ldconfig in prerm scripts (lintian).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 Sep 2002 12:10:05 +0200
+
+openldap2 (2.0.23-13) unstable; urgency=low
+
+ * As Ashley Clark found out the preinst of libldap-tls fails for a new
+ install. My fault - I did not check that (removing ldap is cumbersome
+ if you are using it... :) and the scripts were only checked without
+ "set -e" in effect.
+ + debian/libldap2-tls.preinst: Apply Ashley's patch (thanks a lot,
+ Ashley. closes: #162123).
+ + Coincidently the other installation scripts seem to be okay, the
+ failing command is in the middle of a pipe and therefore ignored.
+
+ -- Torsten Landschoff <torsten@debian.org> Tue, 24 Sep 2002 12:56:18 +0200
+
+openldap2 (2.0.23-12) unstable; urgency=low
+
+ * Apply the patch from upstream ITS#2012 to support MD5 hashes. Problem
+ is that OpenSSL comes with its own version of the crypt() function
+ which is linked in instead of the system's version from libcrypt.
+ The patch changes the link order so that slapd takes the system's
+ implementation.
+ * debian/rules: Pass --enable-crypt-first to configure to enable the
+ patch (closes: #160763).
+ * Fix the diversion handling of libldap2-tls:
+ - preinst: Only install diversions that are not there.
+ - postrm: Remove this package's diversions.
+ - postinst: Remove obsolete diversions after upgrade.
+ - Removal of diversions is done in reverted order of the installation.
+
+ * Enable DNSSRV support as requested by Turbo. No Kerberos for now, sorry.
+ * debian/control: Updates Standards-Version to 3.5.7 and fix running
+ of ldconfig in maintainer scripts.
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 23 Sep 2002 12:18:40 +0200
+
+openldap2 (2.0.23-11) unstable; urgency=low
+
+ * debian/rules: Build with --with-tls (closes: #80591, #155937).
+ * debian/control:
+ + Add build dependency on libssl-dev.
+ + Specify Roland Bauerschmidt as co maintainer.
+ * Added the trickery to have libldap2 without TLS and libldap2-tls
+ with the TLS stuff. Otherwise we have to change the base system,
+ and god knows how long that would take.
+
+ Most of the changes done by Roland Bauerschmidt. We now build the
+ source two times - with and without ssl. We mostly use the ssl enabled
+ stuff with the exception of a libldap2 package which does not have
+ support for that. If you need TLS support you have to install
+ libldap2-tls, which diverts the libraries from libldap2 out of the
+ way and replaces them with the TLS enabled version.
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 29 Aug 2002 13:35:39 +0200
+
+openldap2 (2.0.23-10) unstable; urgency=low
+
+ * debian/control: Build depend on libdb4.0-dev instead of libdb3-dev.
+ This should fix the index corruption problems (closes: #152959).
+
+ -- Torsten Landschoff <torsten@debian.org> Sun, 18 Aug 2002 19:47:02 +0200
+
+openldap2 (2.0.23-9) unstable; urgency=low
+
+ * debian/slapd.init: Wait for the daemons to actually terminate for
+ the stop action (which is used for restart) and trap all errors
+ (closes: #148033).
+ * debian/rules: Build with -D_FILE_OFFSET_BITS=64 to support files
+ bigger than 2GB on all architectures (closes: #155197). As off_t is
+ about never used in the source that should not create any problems.
+ * debian/control: Make libldap2-dev depend on libsasl-dev
+ (closes: #135223, #96957).
+ * doc/man/man1/ldapmodify.1: Fix typo (closes: #105905).
+ * debian/rules: Create symlinks for some manpages (closes: #99547).
+ * Fix spelling error in description of ldap-gateways (closes: #124859).
+ * debian/copyright: Include the full content of the LICENSE file
+ (closes: #151222).
+
+ -- Torsten Landschoff <torsten@debian.org> Thu, 8 Aug 2002 15:54:46 +0200
+
+openldap2 (2.0.23-8) unstable; urgency=low
+
+ * New maintainer.
+ * debian/control: Build-Conflict with libbind-dev to use the right
+ resolver library everywhere (closes: #112459). Of course, the
+ real solution must be to fix the configure script to not detect
+ libbind-dev and use the right resolver all the time. But a work around
+ is better than nothing I would say...
+
+ -- Torsten Landschoff <torsten@debian.org> Wed, 7 Aug 2002 14:53:39 +0200
+
+openldap2 (2.0.23-7) unstable; urgency=low
+
+ * Add Brazilian translation for debconf templates. Closes: Bug#114021
+ * Fix hostless LDAP URLs, patch from Lamont Jones. Closes: Bug#140387
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sat, 4 May 2002 20:05:32 +0200
+
+openldap2 (2.0.23-6) unstable; urgency=high
+
+ * Make slapd.config idempotent, so that calling it once (during
+ preconfiguration) and again (during postinst) doesn't break things.
+ Patch from Anthony Towns. Closes: Bug#137552).
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 14 Apr 2002 19:10:50 +0200
+
+openldap2 (2.0.23-5) unstable; urgency=high
+
+ * Fix slurpd invocation in slapd.init. Closes: Bug#141959
+ * Ask for admin DN when using LDIF initialization as well.
+ Lets hope this finally Closes: Bug#137552
+ * Merge German translation for debconf templates. Closes: Bug#141712
+ * Add Build-Depends on debconf-utils since we use debconf-mergetemplate
+ * Remove bogus error from slapd.init. Closes: Bug#137718
+
+ -- Wichert Akkerman <wakkerma@debian.org> Tue, 9 Apr 2002 14:49:27 +0200
+
+openldap2 (2.0.23-4) unstable; urgency=high
+
+ * Only show already-configured note on initial installs. Closes: Bug#137100
+ * Supply -t option to slurpd when starting it, not when stopping it.
+ Closes: Bug#136240
+ * Use db_input instead of db_get for notes in the slapd postinst.
+ * Only fetch password from debconf when not using ldif initialization.
+ Closes: Bug#138558,#137552
+ * Check if slapd.conf exists in slapd postinst. Closes: Bug#138136
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sat, 6 Apr 2002 23:02:42 +0200
+
+openldap2 (2.0.23-3) unstable; urgency=high
+
+ * If can not get a password for the admin entry when installing slapd
+ generate one randomly. Closes: Bug#134774
+ * Bump shlibs dependency to 2.0.23
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 21 Feb 2002 23:23:57 +0100
+
+openldap2 (2.0.23-2) unstable; urgency=high
+
+ * Create /var/spool/slurpd and tell slurpd to use that as temporary
+ directory. Closes: Bug#134564
+ * Improve debconf prompts a bit. Closes: Bug#134945
+ * Properly set default value for domain
+ * Clear crypted password from debconf after creating the LDAP directory
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 17 Feb 2002 16:07:18 +0100
+
+openldap2 (2.0.23-1) unstable; urgency=high
+
+ * Upstream updated config.{guess,sub} so we are back to zero patches
+ again.
+ * Apply fix from Klaus Duscher for the missing password problem: the
+ config script did not check if it was run twice without slapd.conf
+ being generated in between and would abort with a missing password
+ error. Closes: Bug#132566
+ * Change slapd priority for boot sequence to start earlier and stop
+ later so people can use LDAP for NSS purposes. Closes: Bug#130277
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 17 Feb 2002 16:07:18 +0100
+
+openldap2 (2.0.22-2) unstable; urgency=low
+
+ * Update config.{guess,sub} again. Closes: Bug#131469
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 7 Feb 2002 22:33:01 +0100
+
+openldap2 (2.0.22-1) unstable; urgency=low
+
+ * New upstream version
+ * Build properly as non-native package
+
+ -- Wichert Akkerman <wakkerma@debian.org> Wed, 6 Feb 2002 00:17:20 +0100
+
+openldap2 (2.0.21-3) unstable; urgency=high
+
+ * Add logic to config and postinst to configure replication as well
+ * Don't fail in slapd postinst if we can't stop slapd. Closes: Bug#131617
+ * Change localstatedir to /var/lib
+ * Remove /var/lib/ldap when purging slapd
+ * Don't remove user-supplied ldif file after creating the directory
+ * Set default replogfile
+ * Fix typo in severity for no_password note
+ * Encrypt admin password and remove it from the debconf database
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 31 Jan 2002 17:03:36 +0100
+
+openldap2 (2.0.21-2) unstable; urgency=medium
+
+ * Update config.{guess,sub} and forwarded upstream (ITS#1567).
+ Closes: Bug#131469
+ * Remove -x from slapd postinst. Closes: Bug#131502
+
+ -- Wichert Akkerman <wakkerma@debian.org> Wed, 30 Jan 2002 10:53:45 +0100
+
+openldap2 (2.0.21-1) unstable; urgency=high
+
+ * New upstream version,
+ * Update copyright
+ * Update config.guess and config.sub
+ * Redone packaging, no more dbs or debhelper
+ * Drop all patches, they are either unnecessary or alternatives have
+ been made upstream
+
+ -- Wichert Akkerman <wakkerma@debian.org> Tue, 29 Jan 2002 17:04:10 +0100
+
+openldap2 (2.0.14-1) unstable; urgency=high
+
+ * New upstream version, which includes a billion second bug.
+ Closes: Bug#111833
+ * Drop 005_libldbm_dbopen, upgrading the database in place no longer works
+ with the new db-env code.
+ * Redo 008_porting_maxpathlen
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sat, 15 Sep 2001 13:39:46 +0200
+
+openldap2 (2.0.11-2) unstable; urgency=low
+
+ * Test if /etc/init.d/slapd is executable when purging slapd.
+ Closes: Bug#100938
+ * Update 008_porting_maxpathlen. Closes: Bug#100584
+ * Don't use four11 as referral example anymore. Closes: Bug#99998
+ * Fix synopsis of slapindex manpage. Added to 002_man_fixes.
+ Closes: Bug#98805
+ * Removed stray backup file from 002_man_fixes
+
+ -- Wichert Akkerman <wakkerma@debian.org> Tue, 19 Jun 2001 01:01:17 +0200
+
+openldap2 (2.0.11-1) unstable; urgency=low
+
+ * New upstream version
+ * Add autoconf to Build-Depends. Closes: Bug#99440
+ * Fix new db upgrade patch. Closes: Bug#98853
+
+ -- Wichert Akkerman <wakkerma@debian.org> Sun, 3 Jun 2001 00:25:47 +0200
+
+openldap2 (2.0.10-2) unstable; urgency=low
+
+ * Tighten shlibs dependency to >= 2.0.1-1. Closes: Bug#98683
+
+ -- Wichert Akkerman <wakkerma@debian.org> Fri, 25 May 2001 16:32:35 +0200
+
+openldap2 (2.0.10-1) unstable; urgency=low
+
+ * New upstream version
+ * New maintainer
+ * Remove useless LINE_WIDTH bit from patch 000_clients
+ * Patch 004_ssl_fix has been merged upstream, removed
+ * Redo 005_db3_upgrade
+ * Rediff all other patches
+
+ -- Wichert Akkerman <wakkerma@debian.org> Thu, 24 May 2001 14:56:02 +0200
+
+openldap2 (2.0.7-6) unstable; urgency=low
+
+ * Make sure autoconf is run if configure.in is changed (for Hurd patch),
+ closes: #96145
+ * Fix slapd.postinst in the case of using an ldif file, closes: #95600
+ * Use a var for slapd.conf in slapd init script. Partially fixes bug
+ 91318.
+ * Fixed hurd patch for strrchr in replog.c, closes: #93605
+
+ -- Ben Collins <bcollins@debian.org> Mon, 7 May 2001 23:00:27 -0400
+
+openldap2 (2.0.7-5) unstable; urgency=low
+
+ * Fixed db3 upgrade code, closes: #92331, #92916
+ * m68k should compile fine with db3 now, closes: #90165
+ * Included provided patch for Hurd compilation, closes: #88079
+
+ -- Ben Collins <bcollins@debian.org> Wed, 4 Apr 2001 17:46:47 -0400
+
+openldap2 (2.0.7-4) unstable; urgency=low
+
+ * slapd.conf is no longer a conffile, and not provided by the package.
+ Instead, it is only generated. closes: #81359
+ * Fixed by previous upload, closes: #71852, #78950, #82491
+ * Actually install the netscape schema, closes: #90323
+ * Add comment to README.Debian about being compiled with libwrap,
+ closes: #84954
+ * Provide example sasl config file, closes: #90855
+ * Conflict replace openldap-utils (ldap-utils), and libopenldap-dev
+ (libldap2-dev), closes: #71471
+ * Revert to using some code to upgrade previous db's. Remove slapd's dep
+ on db3-util, and remove postinst code that upgrades the db's.
+
+ -- Ben Collins <bcollins@debian.org> Sat, 24 Mar 2001 21:59:20 -0500
+
+openldap2 (2.0.7-3) unstable; urgency=low
+
+ * netscape-profile.schema: new schema for old roaming support
+ * 004_ssl_fix.diff: Fix for SSL support (not compiled in, but some
+ people use it).
+ * slapd.config: FINALLY fix the "dc=" base bug.
+ * Build-Depend on libdb3-dev now that it is available.
+ * Now that we use db3, make sure we upgrade existing databases to the
+ db3 format with db3_upgrade.
+
+ -- Ben Collins <bcollins@debian.org> Sun, 11 Mar 2001 23:36:34 -0500
+
+openldap2 (2.0.7-2) unstable; urgency=low
+
+ * slapd.postinst: fix debhelper wraper so it gets the right @argv,
+ closes: #71854
+ * sendmail appears to be compiled against glibc2.2/libdb2 now,
+ closes: #71602
+ * %strace ldapsearch cn=admin | & grep /etc | grep ldap
+ open("/etc/ldap/ldap.conf", O_RDONLY) = 3
+ closes: #71716
+ * ldap_first_attribute.3: s/ber_free(3)/ber_free/. closes: #76719
+ * init.d/slapd: fix reference to pidfile, and also remove the pidfile
+ after killing the daemon, closes: #77633, #77635
+ * Fix fgets buffer size thinko in slurpd. closes: #78003
+ * slapd.8: s/ldap.h/slapd.conf(5)/. closes: #80457
+
+ -- Ben Collins <bcollins@debian.org> Sun, 31 Dec 2000 00:02:46 -0500
+
+openldap2 (2.0.7-1) unstable; urgency=low
+
+ * New upstream
+ * Removed hack for shlibs now that dpkg 1.7 is available, added dpkg-dev
+ 1.7.1 to build-depends.
+ * start using DH_COMPAT=2
+
+ -- Ben Collins <bcollins@debian.org> Fri, 10 Nov 2000 18:53:25 -0500
+
+openldap2 (2.0.2-2) unstable; urgency=low
+
+ * Recompile against libdb2/glibc 2.1.94/sasl
+
+ -- Ben Collins <bcollins@debian.org> Wed, 27 Sep 2000 11:31:59 -0400
+
+openldap2 (2.0.2-1) unstable; urgency=low
+
+ * New upstream version, includes some patches from me that fix some
+ stability issues
+ * debian/control:Build-Depends: change libwrap-dev to libwrap0-dev for
+ clarity, closes: #71366
+ * debian/rules: make sure mail500 docs do not get installed under bogus
+ subdirs, closes: #71473
+ * debian/README.build,debian/scripts/dbs-build.mk: Fix and document
+ build system better, closes: #71584
+ * debian/local/slapd.conf: Setup default ACL's to work with openldap2
+ correctly, closes: #71127, #71131
+ * debian/README: document how to access OpenLDAP 1 servers via
+ ldap-utils, closes: #71469
+ * debian/rules:CFLAGS: add -I/usr/include/db2 to make sure we get the
+ right <db.h> header, closes: #71470
+ * I cannot reproduce this. In debian/rules I have done exactly what is
+ needed to keep it from happening, and sparc, i386 and powerpc builds
+ do not show it, closes: #71472
+
+ -- Ben Collins <bcollins@debian.org> Wed, 13 Sep 2000 22:32:35 -0400
+
+openldap2 (2.0.1-2) unstable; urgency=low
+
+ * Fixed up depend for libldap2 on itself
+
+ -- Ben Collins <bcollins@debian.org> Wed, 6 Sep 2000 13:24:06 -0400
+
+openldap2 (2.0.1-1) unstable; urgency=low
+
+ * New upstream version
+ * Added libsasl-dev to build-deps, closes: #70923
+
+ -- Ben Collins <bcollins@debian.org> Tue, 5 Sep 2000 06:49:05 -0400
+
+openldap2 (2.0-1) unstable; urgency=low
+
+ * Initial release of OpenLDAP 2 test code
+
+ -- Ben Collins <bcollins@debian.org> Tue, 29 Aug 2000 14:28:39 -0400
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 0000000..e83f429
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1,2 @@
+debian/libldap2.links
+debian/libldap-dev.links
diff --git a/debian/configure.options b/debian/configure.options
new file mode 100644
index 0000000..2bced34
--- /dev/null
+++ b/debian/configure.options
@@ -0,0 +1,222 @@
+#`configure' configures this package to adapt to many kinds of systems.
+#
+#Usage: ./configure [OPTION]... [VAR=VALUE]...
+#
+#To assign environment variables (e.g., CC, CFLAGS...), specify them as
+#VAR=VALUE. See below for descriptions of some of the useful variables.
+#
+#Defaults for the options are specified in brackets.
+#
+#Configuration:
+# -h, --help display this help and exit
+# --help=short display options specific to this package
+# --help=recursive display the short help of all the included packages
+# -V, --version display version information and exit
+# -q, --quiet, --silent do not print `checking ...' messages
+# --cache-file=FILE cache test results in FILE [disabled]
+# -C, --config-cache alias for `--cache-file=config.cache'
+# -n, --no-create do not create output files
+# --srcdir=DIR find the sources in DIR [configure dir or `..']
+#
+#Installation directories:
+# --prefix=PREFIX install architecture-independent files in PREFIX
+# [/usr/local]
+# --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+# [PREFIX]
+#
+#By default, `make install' will install all the files in
+#`/usr/local/bin', `/usr/local/lib' etc. You can specify
+#an installation prefix other than `/usr/local' using `--prefix',
+#for instance `--prefix=$HOME'.
+#
+#For better control, use the options below.
+#
+#Fine tuning of the installation directories:
+# --bindir=DIR user executables [EPREFIX/bin]
+# --sbindir=DIR system admin executables [EPREFIX/sbin]
+# --libexecdir=DIR program executables [EPREFIX/libexec]
+--libexecdir='${prefix}/lib'
+# --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+# --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+# --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+# --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
+# --libdir=DIR object code libraries [EPREFIX/lib]
+# --includedir=DIR C header files [PREFIX/include]
+# --oldincludedir=DIR C header files for non-gcc [/usr/include]
+# --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+# --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+# --infodir=DIR info documentation [DATAROOTDIR/info]
+# --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+# --mandir=DIR man documentation [DATAROOTDIR/man]
+# --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
+# --htmldir=DIR html documentation [DOCDIR]
+# --dvidir=DIR dvi documentation [DOCDIR]
+# --pdfdir=DIR pdf documentation [DOCDIR]
+# --psdir=DIR ps documentation [DOCDIR]
+#
+#System types:
+# --build=BUILD configure for building on BUILD [guessed]
+# --host=HOST cross-compile to build programs to run on HOST [BUILD]
+# --target=TARGET configure for building compilers for TARGET [HOST]
+#
+#Optional Features:
+# --disable-option-checking ignore unrecognized --enable/--with options
+# --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+# --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+# --enable-debug enable debugging no|yes|traditional [yes]
+--enable-debug
+# --enable-dynamic enable linking built binaries with dynamic libs [auto]
+--enable-dynamic
+# --enable-syslog enable syslog support [auto]
+--enable-syslog
+# --enable-ipv6 enable IPv6 support [auto]
+--enable-ipv6
+# --enable-local enable AF_LOCAL (AF_UNIX) socket support [auto]
+--enable-local
+#
+#SLAPD (Standalone LDAP Daemon) Options:
+# --enable-slapd enable building slapd [yes]
+--enable-slapd
+# --enable-dynacl enable run-time loadable ACL support (experimental) [no]
+--enable-dynacl
+# --enable-aci enable per-object ACIs (experimental) no|yes|mod [no]
+--enable-aci
+# --enable-cleartext enable cleartext passwords [yes]
+--enable-cleartext
+# --enable-crypt enable crypt(3) passwords [no]
+--enable-crypt
+# --enable-spasswd enable (Cyrus) SASL password verification [no]
+--enable-spasswd
+# --enable-modules enable dynamic module support [no]
+--enable-modules
+# --enable-rlookups enable reverse lookups of client hostnames [no]
+--enable-rlookups
+# --enable-slapi enable SLAPI support (experimental) [no]
+--enable-slapi
+# --enable-slp enable SLPv2 support [no]
+--disable-slp
+# --enable-wrappers enable tcp wrapper support [no]
+--enable-wrappers
+#
+#SLAPD Backend Options:
+# --enable-backends enable all available backends no|yes|mod
+--enable-backends=mod
+# --enable-dnssrv enable dnssrv backend no|yes|mod [no]
+# --enable-ldap enable ldap backend no|yes|mod [no]
+# --enable-mdb enable mdb database backend no|yes|mod [yes]
+# --enable-meta enable metadirectory backend no|yes|mod [no]
+# --enable-asyncmeta enable asynchronous metadirectory backend no|yes|mod [no]
+# --enable-null enable null backend no|yes|mod [no]
+# --enable-passwd enable passwd backend no|yes|mod [no]
+# --enable-perl enable perl backend no|yes|mod [no]
+--enable-perl=mod
+# --enable-relay enable relay backend no|yes|mod [yes]
+# --enable-sock enable sock backend no|yes|mod [no]
+# --enable-sql enable sql backend no|yes|mod [no]
+--enable-sql=mod
+# --enable-wt enable WiredTiger backend no|yes|mod [no]
+--disable-wt
+#
+#SLAPD Overlay Options:
+# --enable-overlays enable all available overlays no|yes|mod
+--enable-overlays=mod
+# --enable-accesslog In-Directory Access Logging overlay no|yes|mod [no]
+# --enable-auditlog Audit Logging overlay no|yes|mod [no]
+# --enable-autoca Automatic Certificate Authority overlay no|yes|mod [no]
+--disable-autoca
+# --enable-collect Collect overlay no|yes|mod [no]
+# --enable-constraint Attribute Constraint overlay no|yes|mod [no]
+# --enable-dds Dynamic Directory Services overlay no|yes|mod [no]
+# --enable-deref Dereference overlay no|yes|mod [no]
+# --enable-dyngroup Dynamic Group overlay no|yes|mod [no]
+# --enable-dynlist Dynamic List overlay no|yes|mod [no]
+# --enable-homedir Home Directory Management overlay no|yes|mod [no]
+# --enable-memberof Reverse Group Membership overlay no|yes|mod [no]
+# --enable-otp OTP 2-factor authentication overlay no|yes|mod [no]
+# --enable-ppolicy Password Policy overlay no|yes|mod [no]
+# --enable-proxycache Proxy Cache overlay no|yes|mod [no]
+# --enable-refint Referential Integrity overlay no|yes|mod [no]
+# --enable-remoteauth Deferred Authentication overlay no|yes|mod [no]
+# --enable-retcode Return Code testing overlay no|yes|mod [no]
+# --enable-rwm Rewrite/Remap overlay no|yes|mod [no]
+# --enable-seqmod Sequential Modify overlay no|yes|mod [no]
+# --enable-sssvlv ServerSideSort/VLV overlay no|yes|mod [no]
+# --enable-syncprov Syncrepl Provider overlay no|yes|mod [yes]
+# --enable-translucent Translucent Proxy overlay no|yes|mod [no]
+# --enable-unique Attribute Uniqueness overlay no|yes|mod [no]
+# --enable-valsort Value Sorting overlay no|yes|mod [no]
+#
+#SLAPD Password Module Options:
+# --enable-argon2 Argon2 password hashing module no|yes [no]
+--enable-argon2
+#
+#LLOADD (Load Balancer Daemon) Options:
+# --enable-balancer enable load balancer no|yes|mod [no]
+--disable-balancer
+#
+#Library Generation & Linking Options
+# --enable-static[=PKGS] build static libraries [default=yes]
+# --enable-shared[=PKGS] build shared libraries [default=yes]
+# --enable-versioning Enable versioned symbols in shared library no|yes|auto [auto]
+# --enable-fast-install[=PKGS]
+# optimize for fast installation [default=yes]
+# --disable-libtool-lock avoid locking (might break parallel builds)
+#
+#Optional Packages:
+# --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+# --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+# --with-subdir=DIR change default subdirectory used for installs
+--with-subdir=ldap
+# --with-cyrus-sasl with Cyrus SASL support [auto]
+--with-cyrus-sasl
+# --with-systemd with systemd service notification support [auto]
+--without-systemd
+# --with-fetch with fetch(3) URL support [auto]
+# --with-threads with threads library auto|nt|posix|pth|lwp|manual [auto]
+--with-threads
+# --with-tls with TLS/SSL support auto|openssl|gnutls [auto]
+--with-tls=gnutls
+# --with-yielding-select with implicitly yielding select [auto]
+# --with-mp with multiple precision statistics
+# auto|longlong|long|bignum|gmp [auto]
+# --with-odbc with specific ODBC support
+# iodbc|unixodbc|odbc32|auto [auto]
+--with-odbc=unixodbc
+# --with-argon2 with argon2 support library auto|libsodium|libargon2 [auto]
+--with-argon2=libargon2
+# --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
+# both]
+# --with-aix-soname=aix|svr4|both
+# shared library versioning (aka "SONAME") variant to
+# provide on AIX, [default=aix].
+# --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+# --with-sysroot[=DIR] Search for dependent libraries within DIR (or the
+# compiler's sysroot if not specified).
+#
+#See INSTALL file for further details.
+#
+#Some influential environment variables:
+# CC C compiler command
+# CFLAGS C compiler flags
+# LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+# nonstandard directory <lib dir>
+# LIBS libraries to pass to the linker, e.g. -l<library>
+# CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+# you have headers in a nonstandard directory <include dir>
+# LT_SYS_LIBRARY_PATH
+# User-defined run-time library search path.
+# CPP C preprocessor
+# PKG_CONFIG path to pkg-config utility
+# PKG_CONFIG_PATH
+# directories to add to pkg-config's search path
+# PKG_CONFIG_LIBDIR
+# path overriding pkg-config's built-in search path
+# WT_CFLAGS C compiler flags for WT, overriding pkg-config
+# WT_LIBS linker flags for WT, overriding pkg-config
+# systemdsystemunitdir
+# value of systemdsystemunitdir for systemd, overriding pkg-config
+#
+#Use these variables to override the choices made by `configure' or to help
+#it to find libraries and programs with nonstandard names/locations.
+#
+#Report bugs to the package provider.
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..961e6de
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,142 @@
+Source: openldap
+Section: net
+Priority: optional
+Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
+Uploaders: Steve Langasek <vorlon@debian.org>,
+ Torsten Landschoff <torsten@debian.org>,
+ Ryan Tandy <ryan@nardis.ca>,
+ Sergio Durigan Junior <sergiodj@debian.org>
+Build-Depends: debhelper-compat (= 13),
+ dpkg-dev (>= 1.17.14),
+ groff-base,
+ heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
+ libargon2-dev <!pkg.openldap.noslapd>,
+ libgnutls28-dev,
+ libltdl-dev <!pkg.openldap.noslapd>,
+ libperl-dev (>= 5.8.0) <!pkg.openldap.noslapd>,
+ libsasl2-dev,
+ libwrap0-dev <!pkg.openldap.noslapd>,
+ nettle-dev <!pkg.openldap.noslapd>,
+ openssl <!nocheck>,
+ perl:any,
+ pkg-config (>= 0.29),
+ po-debconf,
+ unixodbc-dev <!pkg.openldap.noslapd>,
+# Needed for SASL/GSSAPI tests
+ krb5-admin-server <!nocheck>,
+ krb5-user <!nocheck>,
+ krb5-kdc <!nocheck>,
+ libsasl2-modules-gssapi-mit <!nocheck>,
+ sasl2-bin <!nocheck>,
+Build-Conflicts: libbind-dev, bind-dev, autoconf2.13
+Standards-Version: 4.6.2
+Homepage: https://www.openldap.org/
+Rules-Requires-Root: no
+Vcs-Git: https://salsa.debian.org/openldap-team/openldap.git
+Vcs-Browser: https://salsa.debian.org/openldap-team/openldap
+
+Package: slapd
+Architecture: any
+Build-Profiles: <!pkg.openldap.noslapd>
+Pre-Depends: debconf (>= 0.5) | debconf-2.0, ${misc:Pre-Depends}
+Depends: ${shlibs:Depends}, libldap2 (= ${binary:Version}),
+ coreutils (>= 4.5.1-1), psmisc, perl:any (>> 5.8.0) | libmime-base64-perl,
+ adduser, ${perl:Depends}, ${misc:Depends}
+Recommends: ldap-utils
+Suggests: libsasl2-modules,
+ libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
+Conflicts: umich-ldapd, ldap-server, libltdl3 (= 1.5.4-1)
+Replaces: ldap-utils (<< 2.2.23-3)
+Provides: ldap-server, ${slapd:Provides}
+Description: OpenLDAP server (slapd)
+ This is the OpenLDAP (Lightweight Directory Access Protocol) server
+ (slapd). The server can be used to provide a standalone directory
+ service.
+
+Package: slapd-contrib
+Architecture: any
+Build-Profiles: <!pkg.openldap.noslapd>
+Depends: slapd (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Provides: slapd-smbk5pwd
+Breaks: slapd-smbk5pwd (<< 2.4.47+dfsg-2~), slapd (<< 2.5.4+dfsg-1~)
+Replaces: slapd-smbk5pwd (<< 2.4.47+dfsg-2~)
+Description: contributed plugins for OpenLDAP slapd
+ This package contains a number of slapd overlays and plugins contributed by
+ the OpenLDAP community. While distributed as part of OpenLDAP Software, they
+ are not necessarily supported by the OpenLDAP Project.
+
+Package: slapd-smbk5pwd
+Architecture: all
+Section: oldlibs
+Build-Profiles: <!pkg.openldap.noslapd>
+Depends: slapd-contrib, ${misc:Depends}
+Breaks: slapd (<< 2.4.47+dfsg-2~)
+Description: transitional package for slapd-contrib
+ This is a transitional package from slapd-smbk5pwd to slapd-contrib. It can be
+ safely removed.
+
+Package: ldap-utils
+Architecture: any
+Depends: ${shlibs:Depends}, libldap2 (= ${binary:Version}), ${misc:Depends}
+Suggests: libsasl2-modules,
+ libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
+Conflicts: umich-ldap-utils, openldap-utils, ldap-client
+Replaces: openldap-utils, slapd (<< 2.2.23-0.pre6), openldapd
+Provides: ldap-client, openldap-utils
+Description: OpenLDAP utilities
+ This package provides utilities from the OpenLDAP (Lightweight
+ Directory Access Protocol) package. These utilities can access a
+ local or remote LDAP server and contain all the client programs
+ required to access LDAP servers.
+
+Package: libldap2
+Section: libs
+Architecture: any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Recommends: libldap-common
+Description: OpenLDAP libraries
+ These are the run-time libraries for the OpenLDAP (Lightweight Directory
+ Access Protocol) servers and clients.
+
+Package: libldap-common
+Section: libs
+Architecture: all
+Multi-Arch: foreign
+Depends: ${misc:Depends}
+Replaces: libldap-2.4-2 (<< 2.4.44+dfsg-1)
+Description: OpenLDAP common files for libraries
+ These are common files for the run-time libraries for the OpenLDAP
+ (Lightweight Directory Access Protocol) servers and clients.
+
+Package: libldap-dev
+Section: libdevel
+Architecture: any
+Multi-Arch: same
+Provides: libldap2-dev
+Breaks: libldap2-dev (<< 2.5.4+dfsg-1~)
+Replaces: libldap2-dev (<< 2.5.4+dfsg-1~)
+Depends: libldap2 (= ${binary:Version}), ${misc:Depends}
+Description: OpenLDAP development libraries
+ This package allows development of LDAP applications using the OpenLDAP
+ libraries. It includes headers, libraries and links to allow static and
+ dynamic linking.
+
+Package: libldap2-dev
+Section: oldlibs
+Architecture: all
+Depends: libldap-dev, ${misc:Depends}
+Description: transitional package for libldap-dev
+ This is a transitional package from libldap2-dev to libldap-dev. It can be
+ safely removed.
+
+Package: slapi-dev
+Section: libdevel
+Architecture: any
+Build-Profiles: <!pkg.openldap.noslapd>
+Depends: slapd (= ${binary:Version}), ${misc:Depends}
+Description: development libraries for OpenLDAP SLAPI plugin interface
+ This package allows development of plugins for the OpenLDAP slapd server
+ using the SLAPI interface. It includes the headers and libraries needed
+ to build such plugins.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..51976e6
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,1502 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: OpenLDAP
+Source: https://openldap.org/
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2013 Kurt D. Zeilenga.
+ Portions Copyright 1998-2006 Net Boolean Incorporated.
+ Portions Copyright 2001-2006 IBM Corporation.
+ Portions Copyright 1999-2008 Howard Y.H. Chu.
+ Portions Copyright 1999-2008 Symas Corporation.
+ Portions Copyright 1998-2003 Hallvard B. Furuseth.
+ Portions Copyright 2007-2011 Gavin Henry.
+ Portions Copyright 2007-2011 Suretec Systems Ltd.
+ Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+License: OpenLDAP-2.8
+Comment:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted only as authorized by the OpenLDAP
+ Public License.
+ .
+ A copy of this license is available in the file LICENSE in the
+ top-level directory of the distribution or, alternatively, at
+ <http://www.OpenLDAP.org/license.html>.
+ .
+ OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+ .
+ Individual files and/or contributed packages may be copyright by
+ other parties and/or subject to additional restrictions.
+ .
+ This work is derived from the University of Michigan LDAP v3.3
+ distribution. Information concerning this software is available
+ at <http://www.umich.edu/~dirsvcs/ldap/ldap.html>.
+ .
+ This work also contains materials derived from public sources.
+ .
+ Additional information about OpenLDAP can be obtained at
+ <http://www.openldap.org/>.
+Files-Excluded: doc/drafts/*
+ doc/rfc/*
+ servers/slapd/schema/collective.schema
+ servers/slapd/schema/corba.schema
+ servers/slapd/schema/core.ldif
+ servers/slapd/schema/core.schema
+ servers/slapd/schema/cosine.schema
+ servers/slapd/schema/duaconf.schema
+ servers/slapd/schema/inetorgperson.schema
+ servers/slapd/schema/java.schema
+ servers/slapd/schema/namedobject.schema
+ servers/slapd/schema/pmi.schema
+
+Files: *
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ All rights reserved.
+License: OpenLDAP-2.8
+
+Files: aclocal.m4
+Copyright: Copyright (C) 1996-2018 Free Software Foundation, Inc.
+ Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+ Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
+License: FSF-unlimited and GPL-2+ with Autoconf exception
+
+Files: contrib/ldapc++/*
+Copyright: Copyright 2000-2022 The OpenLDAP Foundation.
+License: OpenLDAP-2.8
+
+Files: build/config.guess
+ build/config.sub
+ contrib/ldapc++/config.guess
+ contrib/ldapc++/config.sub
+Copyright: Copyright 1992-2020 Free Software Foundation, Inc.
+License: GPL-3+ with Autoconf exception
+
+Files: build/libtool.m4
+Copyright: Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
+License: FSF-unlimited
+
+Files: build/ltmain.sh
+ contrib/ldapc++/ltmain.sh
+Copyright: Copyright (C) 1996-2015 Free Software Foundation, Inc.
+ Copyright (C) 2004-2015 Free Software Foundation, Inc.
+ Copyright (C) 2010-2015 Free Software Foundation, Inc.
+License: GPL-2+ with Libtool exception and GPL-3+ with Libtool exception and GPL-3+
+
+Files: build/lt~obsolete.m4
+ build/ltoptions.m4
+ build/ltsugar.m4
+ build/ltversion.m4
+Copyright: Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software Foundation, Inc.
+License: FSF-unlimited
+
+Files: build/missing
+ contrib/ldapc++/missing
+Copyright: Copyright (C) 1996-2014 Free Software Foundation, Inc.
+License: GPL-2+ with Autoconf exception
+
+Files: build/shtool
+Copyright: Copyright (c) 1994-2008 Ralf S. Engelschall <rse@engelschall.com>
+License: GPL-2+
+Comment:
+ NOTICE: Given that you include this file verbatim into your own
+ source tree, you are justified in saying that it remains separate
+ from your package, and that this way you are simply just using GNU
+ shtool. So, in this situation, there is no requirement that your
+ package itself is licensed under the GNU General Public License in
+ order to take advantage of GNU shtool.
+
+Files: clients/tools/common.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2003 Kurt D. Zeilenga.
+ Portions Copyright 2003 IBM Corporation.
+License: OpenLDAP-2.8
+
+Files: clients/tools/ldapcompare.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ Portions Copyright 1998-2001 Net Boolean Incorporated.
+ Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ Portions Copyright 2002, F5 Networks, Inc, All rights reserved.
+License: OpenLDAP-2.8 and UMich and F5
+
+Files: clients/tools/ldapdelete.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: clients/tools/ldapexop.c
+Copyright: Copyright 2005-2022 The OpenLDAP Foundation.
+License: OpenLDAP-2.8
+
+Files: clients/tools/ldapmodify.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2006 Howard Chu.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ Portions Copyright 1998-2001 Net Boolean Incorporated.
+ Portions Copyright 2001-2003 IBM Corporation.
+ Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: clients/tools/ldapmodrdn.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ Portions Copyright 1998-2001 Net Boolean Incorporated.
+ Portions Copyright 2001-2003 IBM Corporation.
+ Portions Copyright 1999, Juan C. Gomez.
+ Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and JCG and UMich
+
+Files: clients/tools/ldappasswd.c
+ clients/tools/ldapsearch.c
+ clients/tools/ldapwhoami.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ Portions Copyright 1998-2001 Net Boolean Incorporated.
+ Portions Copyright 2001-2003 IBM Corporation.
+ Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: clients/tools/ldapurl.c
+Copyright: Copyright 2008-2022 The OpenLDAP Foundation.
+ Portions Copyright 2008 Pierangelo Masarati, SysNet
+ Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: clients/tools/ldapvc.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2010 Kurt D. Zeilenga.
+ Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: configure
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+ Copyright (C) 2012 Free Software Foundation, Inc.
+ Copyright (C) 2014 Free Software Foundation, Inc.
+License: OpenLDAP-2.8 and FSF-unlimited and GPL-2+ with Libtool exception
+
+Files: contrib/ldapc++/aclocal.m4
+Copyright: Copyright (C) 1996-2017 Free Software Foundation, Inc.
+ Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
+ Copyright (C) 2014 Free Software Foundation, Inc.
+License: FSF-unlimited and GPL-2+ with Libtool exception
+
+Files: contrib/ldapc++/configure
+Copyright: Copyright 2000-2022 The OpenLDAP Foundation.
+ Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+ Copyright (C) 2012 Free Software Foundation, Inc.
+ Copyright (C) 2014 Free Software Foundation, Inc.
+License: OpenLDAP-2.8 and FSF-unlimited and GPL-2+ with Libtool exception
+
+Files: contrib/ldapc++/depcomp
+Copyright: Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
+License: GPL-2+ with Autoconf exception
+
+Files: contrib/ldapc++/examples/Makefile.in
+ contrib/ldapc++/Makefile.in
+Copyright: Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+ Copyright 2003-2022 The OpenLDAP Foundation.
+License: FSF-unlimited and OpenLDAP-2.8
+
+Files: contrib/ldapc++/install-sh
+Copyright: Copyright (C) 1994 X Consortium
+License: MIT-XC
+Comment:
+ FSF changes to this file are in the public domain.
+
+Files: contrib/ldaptcl/configure
+Copyright: Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+License: FSF-unlimited
+
+Files: contrib/ldaptcl/ldaperr.tcl
+ contrib/ldaptcl/ldap.n
+ contrib/ldaptcl/Makefile.in
+ contrib/ldaptcl/man.macros
+ contrib/ldaptcl/neoXldap.c
+ contrib/ldaptcl/pkgIndex.tcl.in
+ contrib/ldaptcl/tclAppInit.c
+ contrib/ldaptcl/tkAppInit.c
+Copyright: Copyright (c) 1998-1999 NeoSoft, Inc.
+ All Rights Reserved.
+License: NeoSoft-permissive
+ This software may be used, modified, copied, distributed, and sold,
+ in both source and binary form provided that these copyrights are
+ retained and their terms are followed.
+ .
+ Under no circumstances are the authors or NeoSoft Inc. responsible
+ for the proper functioning of this software, nor do the authors
+ assume any liability for damages incurred with its use.
+ .
+ Redistribution and use in source and binary forms are permitted
+ provided that this notice is preserved and that due credit is given
+ to NeoSoft, Inc.
+ .
+ NeoSoft, Inc. may not be used to endorse or promote products derived
+ from this software without specific prior written permission. This
+ software is provided ``as is'' without express or implied warranty.
+ .
+ Requests for permission may be sent to NeoSoft Inc, 1770 St. James Place,
+ Suite 500, Houston, TX, 77056.
+
+Files: contrib/slapd-modules/acl/gssacl.c
+Copyright: Copyright 2011 PADL Software Pty Ltd.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/addpartial/*
+Copyright: Copyright 2004-2022 The OpenLDAP Foundation.
+ Portions Copyright (C) 2004 Virginia Tech, David Hawes.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/adremap/*
+Copyright: Copyright 2015 Howard Chu <hyc@symas.com>.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/autogroup/*
+Copyright: Copyright 2007-2022 The OpenLDAP Foundation.
+ Portions Copyright 2007 Michał Szulczyński.
+ Portions Copyright 2009 Howard Chu.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/cloak/cloak.c
+Copyright: Copyright 2008-2022 The OpenLDAP Foundation.
+ Portions Copyright 2008 Emmanuel Dreyfus
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/comp_match/*
+Copyright: Copyright 2004 Sang Seok Lim, IBM . All rights reserved.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/datamorph/Makefile
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright 2017 Ondřej Kuzník, Symas Corp. All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/datamorph/slapo-datamorph.5
+Copyright: Copyright 2016-2017 Symas Corp. All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/lastbind/*
+Copyright: Copyright 2009 Jonathan Clarke <jonathan@phillipoux.net>.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/nops/*
+Copyright: Copyright 2008-2022 The OpenLDAP Foundation.
+ Copyright 2008 Emmanuel Dreyfus.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/nssov/*
+ libraries/libldap/tavl.c
+ libraries/liblmdb/mdb_load.c
+ libraries/liblmdb/mtest6.c
+ libraries/liblmdb/midl.h
+ libraries/liblmdb/mdb_copy.1
+ libraries/liblmdb/mdb_stat.c
+ libraries/liblmdb/mtest3.c
+ libraries/liblmdb/intro.doc
+ libraries/liblmdb/mdb_copy.c
+ libraries/liblmdb/mdb_dump.c
+ libraries/liblmdb/midl.c
+ libraries/liblmdb/mtest4.c
+ libraries/liblmdb/sample-bdb.txt
+ libraries/liblmdb/mdb_load.1
+ libraries/liblmdb/mdb_stat.1
+ libraries/liblmdb/sample-mdb.txt
+ libraries/liblmdb/mtest5.c
+ libraries/liblmdb/mtest2.c
+ libraries/liblmdb/mtest.c
+ libraries/liblmdb/mdb_dump.1
+Copyright: Copyright 2008-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004-2022 by Howard Chu, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/nssov/nssov.*
+ contrib/slapd-modules/nssov/pam.c
+Copyright: Copyright 2008-2022 The OpenLDAP Foundation.
+ Portions Copyright 2008 by Howard Chu, Symas Corp.
+ Portions Copyright 2013 by Ted C. Cheng, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/nssov/nss-pam-ldapd/attrs.h
+ contrib/slapd-modules/nssov/nss-pam-ldapd/README
+ contrib/slapd-modules/nssov/nss-pam-ldapd/tio.c
+ contrib/slapd-modules/nssov/nss-pam-ldapd/tio.h
+Copyright: Copyright (C) 2007, 2008, 2012 Arthur de Jong
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd.h
+ contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd-prot.h
+Copyright: Copyright (C) 2006 West Consulting
+ Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013, 2014 Arthur de Jong
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/passwd/totp/*
+Copyright: Copyright 2015-2022 The OpenLDAP Foundation.
+ Portions Copyright 2015 by Howard Chu, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/passwd/sha2/*
+Copyright: Copyright 2009-2022 The OpenLDAP Foundation.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/passwd/sha2/sha2.*
+Copyright: Copyright (c) 2000-2001, Aaron D. Gifford
+License: BSD-3-clause
+
+Files: contrib/slapd-modules/passwd/kerberos.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xf6gskolan
+ (Royal Institute of Technology, Stockholm, Sweden).
+ Copyright (c) 1989 Regents of the University of California.
+License: OpenLDAP-2.8 and BSD-3-clause
+
+Files: contrib/slapd-modules/passwd/apr1.c
+Copyright: Copyright 2011 Devin J. Pohly
+ Portions Copyright 2011 Howard Chu
+ Poul-Henning Kamp <phk@FreeBSD.ORG>
+License: OpenLDAP-2.8 and Beerware
+
+Files: contrib/slapd-modules/passwd/apr1-*.pl
+Copyright: (C) 2011 Devin J. Pohly
+License: public-domain
+
+Files: contrib/slapd-modules/proxyOld/*
+Copyright: Copyright 2005-2022 The OpenLDAP Foundation.
+ Portions Copyright 2005 by Howard Chu, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/rbac/slapo-rbac.5
+Copyright: Copyright 1999-2021 SYMAS Corporation All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/samba4/*
+ libraries/libldap/stctrl.c
+ libraries/librewrite/Makefile.in
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2008 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/samba4/Makefile
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/smbk5pwd/smbk5pwd.c
+ contrib/slapd-modules/smbk5pwd/Makefile
+Copyright: Copyright 2004-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004-2005 by Howard Chu, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/variant/*
+Copyright: Copyright 2016-2021 Symas Corporation.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-modules/variant/tests/*
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+License: OpenLDAP-2.8
+
+Files: contrib/slapd-tools/*
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004 Hallvard B. Furuseth.
+License: OpenLDAP-2.8
+
+Files: contrib/slapi-plugins/addrdnvalues/*
+Copyright: Copyright 2003-2022 The OpenLDAP Foundation.
+ Copyright 2003-2004 PADL Software Pty Ltd.
+License: OpenLDAP-2.8
+
+Files: doc/man/man5/slapo-remoteauth.5
+Copyright: Copyright 2004-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004-2017 Howard Chu, Symas Corporation.
+ Portions Copyright 2017-2021 Ondřej Kuzník, Symas Corporation.
+ Portions Copyright 2004 Hewlett-Packard Company
+License: OpenLDAP-2.8
+
+Files: doc/man/man5/slapo-rwm.5
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation, All Rights Reserved.
+ Copyright 2004, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
+License: OpenLDAP-2.8
+
+Files: doc/man/man5/slapd-asyncmeta.5
+Copyright: Copyright 2016-2022 The OpenLDAP Foundation.
+ Portions Copyright 2016 Symas Corporation.
+License: OpenLDAP-2.8
+
+Files: doc/man/man5/slapo-otp.5
+Copyright: Copyright 2015-2022 The OpenLDAP Foundation.
+ Portions Copyright 2015 by Howard Chu, Symas Corp. All rights reserved.
+ Portions Copyright 2018 by Ondřej Kuzník, Symas Corp. All rights reserved.
+License: OpenLDAP-2.8
+
+Files: doc/man/man5/slapd-meta.5
+ doc/man/man5/slapo-pcache.5
+ doc/man/man5/slapo-retcode.5
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation, All Rights Reserved.
+ Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
+License: OpenLDAP-2.8
+
+Files: doc/man/man5/slapo-autoca.5
+Copyright: Copyright 2009-2022 The OpenLDAP Foundation All Rights Reserved.
+ Copyright 2009-2018 Howard Chu All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: doc/man/man5/slapo-constraint.5
+Copyright: Copyright 2005-2006 Hewlett-Packard Company
+ Copyright 2006-2022 The OpenLDAP Foundation All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: doc/man/man5/slapo-sssvlv.5
+Copyright: Copyright 2009-2022 The OpenLDAP Foundation All Rights Reserved.
+ Copyright 2009 Symas Corporation All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: doc/man/man1/ldapexop.1
+Copyright: Copyright 2009 Peter Marschall
+License: OpenLDAP-2.8
+
+Files: include/ldap_queue.h
+Copyright: Copyright 2001-2022 The OpenLDAP Foundation.
+ Copyright (c) 1991, 1993 The Regents of the University of California. All rights reserved.
+License: OpenLDAP-2.8 and BSD-4-clause-California
+
+Files: include/slapi-plugin.h
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1997,2002,2003 IBM Corporation.
+License: OpenLDAP-2.8
+
+Files: include/rewrite.h
+Copyright: Copyright 2000-2022 The OpenLDAP Foundation.
+ Portions Copyright 2000-2003 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: include/ldap_utf8.h
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright (C) 2000 Novell, Inc. All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: include/sysexits-compat.h
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright (c) 1987 Regents of the University of California.
+License: OpenLDAP-2.8 and BSD-3-clause-variant
+
+Files: include/lutil_meter.h
+Copyright: Copyright (c) 2009 by Emily Backes, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: include/ldap_avl.h
+ include/ldap.h
+ include/ldap_defaults.h
+ include/ldif.h
+ include/ldap_log.h
+ include/lber.h
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright (c) 1993 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: libraries/liblutil/getopt.c
+ libraries/liblutil/hash.c
+ libraries/liblutil/entropy.c
+ libraries/libldap/apitest.c
+ libraries/libldap/fetch.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+License: OpenLDAP-2.8
+
+Files: libraries/liblutil/meter.c
+Copyright: Copyright (c) 2009 by Emily Backes, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: libraries/liblutil/base64.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ Portions Copyright 1995 IBM Corporation.
+ Copyright (c) 1996, 1998 by Internet Software Consortium.
+License: OpenLDAP-2.8 and Expat-ISC
+
+Files: libraries/liblutil/detach.c
+ libraries/libldap/testtavl.c
+ libraries/libldap/filter.c
+ libraries/libldap/search.c
+ libraries/libldap/open.c
+ libraries/libldap/add.c
+ libraries/libldap/avl.c
+ libraries/libldap/abandon.c
+ libraries/libldap/sbind.c
+ libraries/libldap/getentry.c
+ libraries/libldap/url.c
+ libraries/libldap/sort.c
+ libraries/libldap/getvalues.c
+ libraries/libldap/delete.c
+ libraries/libldap/testavl.c
+ libraries/libldap/ldifutil.c
+ libraries/libldap/bind.c
+ libraries/libldap/compare.c
+ libraries/libldap/getattr.c
+ libraries/libldap/unbind.c
+ libraries/libldap/free.c
+ libraries/libldap/lbase64.c
+ libraries/libldap/getdn.c
+ libraries/liblber/io.c
+ libraries/liblber/lber-int.h
+ libraries/liblber/bprint.c
+ libraries/liblber/idtest.c
+ libraries/liblber/decode.c
+ libraries/liblber/dtest.c
+ libraries/liblber/encode.c
+ libraries/liblber/etest.c
+ libraries/libldap/addentry.c
+ libraries/libldap/ldif.c
+ libraries/libldap/ldap-int.h
+ libraries/libldap/modify.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright (c) 1990, 1994 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: libraries/liblutil/getpass.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ Portions Copyright 2009 Howard Chu.
+ Portions Copyright (c) 1992, 1993 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: libraries/liblutil/uuid.c
+Copyright: Copyright 2000-2022 The OpenLDAP Foundation.
+ Portions Copyright 2000-2003 Kurt D. Zeilenga.
+License: OpenLDAP-2.8
+
+Files: libraries/liblunicode/ucdata/MUTTUCData.txt
+ libraries/liblunicode/ucdata/ucpgba.h
+ libraries/liblunicode/ucdata/ucdata.h
+ libraries/liblunicode/ucdata/ucdata.c
+ libraries/liblunicode/ucdata/ucpgba.c
+ libraries/liblunicode/ucdata/ucgendat.c
+ libraries/liblunicode/ure/README
+ libraries/liblunicode/ure/urestubs.c
+ libraries/liblunicode/ure/ure.c
+ libraries/liblunicode/ure/ure.h
+ libraries/liblunicode/utbm/utbm.h
+ libraries/liblunicode/utbm/utbmstub.c
+ libraries/liblunicode/utbm/utbm.c
+ libraries/liblunicode/utbm/README
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright 1997-2001 Computing Research Labs
+License: OpenLDAP-2.8 and Expat-UNM
+
+Files: libraries/libldap/pagectrl.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright 2006 Hans Leidekker
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/utf-8-conv.c
+ libraries/libldap/result.c
+ libraries/libldap/vlvctrl.c
+ libraries/libldap/controls.c
+ libraries/libldap/sortctrl.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/deref.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2008 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/modrdn.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright (c) 1990 Regents of the University of Michigan.
+ Copyright 1999, Juan C. Gomez, All rights reserved.
+License: OpenLDAP-2.8 and Expat
+
+Files: libraries/libldap/os-local.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright (c) 1995 Regents of the University of Michigan.
+ Portions (C) Copyright PADL Software Pty Ltd. 1999
+License: OpenLDAP-2.8 and Expat
+
+Files: libraries/libldap/msctrl.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2018 Howard Chu.
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/dds.c
+Copyright: Copyright 2005-2022 The OpenLDAP Foundation.
+ Portions Copyright 2005-2006 SysNet s.n.c.
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/os-ip.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999 Lars Uffmann.
+ Portions Copyright (c) 1995 Regents of the University of Michigan.
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/ppolicy.c
+Copyright: Copyright 2004-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004 Hewlett-Packard Company.
+ Portions Copyright 2004 Howard Chu, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/rq.c
+Copyright: Copyright 2003-2022 The OpenLDAP Foundation.
+ Portions Copyright 2003 IBM Corporation.
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/request.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright (c) 1995 Regents of the University of Michigan.
+ Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/account_usability.c
+Copyright: Copyright 2004-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004 Hewlett-Packard Company.
+ Portions Copyright 2004 Howard Chu, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: libraries/libldap/util-int.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998 A. Hartgers.
+License: OpenLDAP-2.8
+
+Files: libraries/liblmdb/mdb.c
+ libraries/liblmdb/lmdb.h
+Copyright: Copyright 2011-2021 Howard Chu, Symas Corp.
+ Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se>
+License: OpenLDAP-2.8 and Expat
+
+Files: servers/slapd/back-asyncmeta/Makefile.in
+ servers/slapd/back-asyncmeta/search.c
+ servers/slapd/back-asyncmeta/init.c
+ servers/slapd/back-asyncmeta/message_queue.c
+ servers/slapd/back-asyncmeta/modrdn.c
+ servers/slapd/back-asyncmeta/add.c
+ servers/slapd/back-asyncmeta/config.c
+ servers/slapd/back-asyncmeta/back-asyncmeta.h
+ servers/slapd/back-asyncmeta/conn.c
+ servers/slapd/back-asyncmeta/delete.c
+ servers/slapd/back-asyncmeta/bind.c
+ servers/slapd/back-asyncmeta/candidates.c
+ servers/slapd/back-asyncmeta/compare.c
+ servers/slapd/back-asyncmeta/dncache.c
+ servers/slapd/back-asyncmeta/proto-asyncmeta.h
+ servers/slapd/back-asyncmeta/modify.c
+ servers/slapd/back-asyncmeta/meta_result.c
+Copyright: Copyright 2016-2022 The OpenLDAP Foundation.
+ Copyright 2016 Symas Corporation.
+ All rights reserved.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-asyncmeta/map.c
+Copyright: Copyright 2016-2022 The OpenLDAP Foundation.
+ Copyright 2016 Symas Corporation.
+ Copyright 1999, Howard Chu <hyc@highlandsun.com>
+ All rights reserved.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-dnssrv/Makefile.in
+ servers/slapd/back-dnssrv/search.c
+ servers/slapd/back-dnssrv/init.c
+ servers/slapd/back-dnssrv/config.c
+ servers/slapd/back-dnssrv/referral.c
+ servers/slapd/back-dnssrv/bind.c
+ servers/slapd/back-dnssrv/compare.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright 1998-2003 Kurt D. Zeilenga.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-ldap/monitor.c
+ servers/slapd/back-ldap/search.c
+ servers/slapd/back-ldap/init.c
+ servers/slapd/back-ldap/modrdn.c
+ servers/slapd/back-ldap/add.c
+ servers/slapd/back-ldap/back-ldap.h
+ servers/slapd/back-ldap/config.c
+ servers/slapd/back-ldap/delete.c
+ servers/slapd/back-ldap/bind.c
+ servers/slapd/back-ldap/compare.c
+ servers/slapd/back-ldap/unbind.c
+ servers/slapd/back-ldap/modify.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999-2003 Howard Chu.
+ Portions Copyright 2000-2003 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-ldap/chain.c
+ servers/slapd/back-ldap/distproc.c
+ servers/slapd/back-ldap/pbind.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999-2003 Howard Chu.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-meta/search.c
+ servers/slapd/back-meta/init.c
+ servers/slapd/back-meta/suffixmassage.c
+ servers/slapd/back-meta/modrdn.c
+ servers/slapd/back-meta/add.c
+ servers/slapd/back-meta/config.c
+ servers/slapd/back-meta/conn.c
+ servers/slapd/back-meta/delete.c
+ servers/slapd/back-meta/bind.c
+ servers/slapd/back-meta/candidates.c
+ servers/slapd/back-meta/map.c
+ servers/slapd/back-meta/proto-meta.h
+ servers/slapd/back-meta/compare.c
+ servers/slapd/back-meta/dncache.c
+ servers/slapd/back-meta/back-meta.h
+ servers/slapd/back-meta/unbind.c
+ servers/slapd/back-meta/modify.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2001-2003 Pierangelo Masarati.
+ Portions Copyright 1999-2003 Howard Chu.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-monitor/time.c
+ servers/slapd/back-monitor/search.c
+ servers/slapd/back-monitor/proto-back-monitor.h
+ servers/slapd/back-monitor/init.c
+ servers/slapd/back-monitor/backend.c
+ servers/slapd/back-monitor/conn.c
+ servers/slapd/back-monitor/overlay.c
+ servers/slapd/back-monitor/cache.c
+ servers/slapd/back-monitor/back-monitor.h
+ servers/slapd/back-monitor/log.c
+ servers/slapd/back-monitor/sent.c
+ servers/slapd/back-monitor/bind.c
+ servers/slapd/back-monitor/rww.c
+ servers/slapd/back-monitor/operational.c
+ servers/slapd/back-monitor/database.c
+ servers/slapd/back-monitor/compare.c
+ servers/slapd/back-monitor/listener.c
+ servers/slapd/back-monitor/thread.c
+ servers/slapd/back-monitor/entry.c
+ servers/slapd/back-monitor/operation.c
+ servers/slapd/back-monitor/modify.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2001-2003 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-passwd/search.c
+ servers/slapd/back-passwd/config.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright (c) 1995 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: servers/slapd/back-perl/close.c
+ servers/slapd/back-perl/search.c
+ servers/slapd/back-perl/init.c
+ servers/slapd/back-perl/proto-perl.h
+ servers/slapd/back-perl/modrdn.c
+ servers/slapd/back-perl/add.c
+ servers/slapd/back-perl/config.c
+ servers/slapd/back-perl/delete.c
+ servers/slapd/back-perl/bind.c
+ servers/slapd/back-perl/compare.c
+ servers/slapd/back-perl/perl_back.h
+ servers/slapd/back-perl/modify.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999 John C. Quillan.
+ Portions Copyright 2002 myinternet Limited.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-perl/Makefile.in
+ servers/slapd/back-perl/SampleLDAP.pm
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999 John C. Quillan.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-relay/init.c
+ servers/slapd/back-relay/back-relay.h
+ servers/slapd/back-relay/op.c
+ servers/slapd/back-relay/proto-back-relay.h
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-sql/entry-id.c
+ servers/slapd/back-sql/search.c
+ servers/slapd/back-sql/back-sql.h
+ servers/slapd/back-sql/add.c
+ servers/slapd/back-sql/config.c
+ servers/slapd/back-sql/sql-wrap.c
+ servers/slapd/back-sql/schema-map.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999 Dmitry Kovalev.
+ Portions Copyright 2002 Pierangelo Masarati.
+ Portions Copyright 2004 Mark Adamson.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-sql/rdbms_depend/*
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2002 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
+ servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
+Copyright: 1997-2022 The OpenLDAP Foundation.
+ (c) Copyright 1996-1998, TimesTen Performance Software.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/back-sql/init.c
+ servers/slapd/back-sql/modrdn.c
+ servers/slapd/back-sql/api.c
+ servers/slapd/back-sql/delete.c
+ servers/slapd/back-sql/bind.c
+ servers/slapd/back-sql/operational.c
+ servers/slapd/back-sql/compare.c
+ servers/slapd/back-sql/proto-sql.h
+ servers/slapd/back-sql/util.c
+ servers/slapd/back-sql/modify.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999 Dmitry Kovalev.
+ Portions Copyright 2002 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/abandon.c
+ servers/slapd/aci.c
+ servers/slapd/acl.c
+ servers/slapd/aclparse.c
+ servers/slapd/add.c
+ servers/slapd/attr.c
+ servers/slapd/ava.c
+ servers/slapd/backend.c
+ servers/slapd/bind.c
+ servers/slapd/ch_malloc.c
+ servers/slapd/compare.c
+ servers/slapd/config.c
+ servers/slapd/connection.c
+ servers/slapd/delete.c
+ servers/slapd/dn.c
+ servers/slapd/entry.c
+ servers/slapd/filter.c
+ servers/slapd/filterentry.c
+ servers/slapd/frontend.c
+ servers/slapd/init.c
+ servers/slapd/lock.c
+ servers/slapd/main.c
+ servers/slapd/modify.c
+ servers/slapd/mods.c
+ servers/slapd/operation.c
+ servers/slapd/phonetic.c
+ servers/slapd/proto-slap.h
+ servers/slapd/result.c
+ servers/slapd/slap.h
+ servers/slapd/value.c
+ servers/slapd/search.c
+ servers/slapd/str2filter.c
+ servers/slapd/unbind.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright (c) 1995 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: servers/slapd/daemon.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2007 by Howard Chu, Symas Corporation.
+ Portions Copyright (c) 1995 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: servers/slapd/syncrepl.c
+Copyright: Copyright 2003-2022 The OpenLDAP Foundation.
+ Portions Copyright 2003 by IBM Corporation.
+ Portions Copyright 2003-2008 by Howard Chu, Symas Corporation.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/modrdn.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999, Juan C. Gomez, All rights reserved.
+ Portions Copyright (c) 1995 Regents of the University of Michigan.
+License: OpenLDAP-2.8 and UMich
+
+Files: servers/slapd/saslauthz.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/slapacl.c
+ servers/slapd/slapadd.c
+ servers/slapd/slapauth.c
+ servers/slapd/slapcat.c
+ servers/slapd/slapcommon.c
+ servers/slapd/slapmodify.c
+ servers/slapd/slapschema.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+ Portions Copyright 2003 IBM Corporation.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/slapindex.c
+ servers/slapd/slappasswd.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1998-2003 Kurt D. Zeilenga.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/slapdn.c
+ servers/slapd/slaptest.c
+Copyright: Copyright 2004-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/user.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999 PM Lashley.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/component.c
+ servers/slapd/component.h
+ servers/slapd/ctxcsn.c
+ servers/slapd/ldapsync.c
+ servers/slapd/zn_malloc.c
+Copyright: Copyright 2003-2022 The OpenLDAP Foundation.
+ Portions Copyright 2003 by IBM Corporation.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/syslog.c
+Copyright: Copyright (c) 1983, 1988, 1993 The Regents of the University of California. All rights reserved.
+License: BSD-3-clause-California
+
+Files: servers/slapd/overlays/dynlist.c
+Copyright: Copyright 2003-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004-2005 Pierangelo Masarati.
+ Portions Copyright 2008 Emmanuel Dreyfus.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/sssvlv.c
+ servers/slapd/overlays/translucent.c
+ servers/slapd/overlays/auditlog.c
+ servers/slapd/overlays/homedir.c
+ servers/slapd/overlays/accesslog.c
+ servers/slapd/overlays/refint.c
+ servers/slapd/overlays/valsort.c
+ servers/slapd/overlays/unique.c
+Copyright: Copyright 2004-2022 The OpenLDAP Foundation.
+ Portions Copyright 2004,2006-2007 Symas Corporation.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/rwmdn.c
+ servers/slapd/overlays/rwmmap.c
+ servers/slapd/overlays/rwm.c
+ servers/slapd/overlays/rwm.h
+ servers/slapd/overlays/rwmconf.c
+Copyright: Copyright 1999-2022 The OpenLDAP Foundation.
+ Portions Copyright 1999-2003 Howard Chu.
+ Portions Copyright 2000-2003 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/deref.c
+ servers/slapd/overlays/memberof.c
+ servers/slapd/overlays/retcode.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2005-2008 Pierangelo Masarati.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/remoteauth.c
+Copyright: Copyright 2004-2022 The OpenLDAP Foundation.
+ Portions Copyright 2017-2021 Ondřej Kuzník, Symas Corporation.
+ Portions Copyright 2004-2017 Howard Chu, Symas Corporation.
+ Portions Copyright 2004 Hewlett-Packard Company.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/constraint.c
+Copyright: Copyright 2003-2004 Hewlett-Packard Company
+ Copyright 2007 Emmanuel Dreyfus
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/pcache.c
+Copyright: Copyright 2003-2022 The OpenLDAP Foundation.
+ Copyright 2003 IBM Corporation.
+ Copyright 2003-2009 Symas Corporation.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/dyngroup.c
+ servers/slapd/overlays/collect.c
+ servers/slapd/overlays/overlays.c
+ servers/slapd/overlays/autoca.c
+Copyright: Copyright 2003-2022 The OpenLDAP Foundation.
+ Copyright 2003-2018 by Howard Chu.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/otp.c
+Copyright: Copyright 2015-2022 The OpenLDAP Foundation.
+ Portions Copyright 2015 by Howard Chu, Symas Corp.
+ Portions Copyright 2016-2017 by Michael Ströder <michael@stroeder.com>
+ Portions Copyright 2018 by Ondřej Kuzník, Symas Corp.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/dds.c
+Copyright: Copyright 2005-2022 The OpenLDAP Foundation.
+ Portions Copyright 2005-2006 SysNet s.n.c.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/overlays/ppolicy.c
+Copyright: Copyright 2004-2022 The OpenLDAP Foundation.
+ Copyright 2004-2005 Howard Chu, Symas Corporation.
+ Copyright 2004 Hewlett-Packard Company.
+License: OpenLDAP-2.8
+
+Files: servers/slapd/slapi/Makefile.in
+ servers/slapd/slapi/plugin.c
+ servers/slapd/slapi/printmsg.c
+ servers/slapd/slapi/slapi_pblock.c
+ servers/slapd/slapi/proto-slapi.h
+ servers/slapd/slapi/slapi_ext.c
+ servers/slapd/slapi/slapi.h
+ servers/slapd/slapi/slapi_utils.c
+ servers/slapd/slapi/slapi_ops.c
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright IBM Corp. 1997,2002,2003
+License: OpenLDAP-2.8
+
+
+
+
+
+
+
+Files: tests/scripts/test057-memberof-refint
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Portions Copyright 2008 Red Hat, Inc.
+ All rights reserved.
+License: OpenLDAP-2.8
+
+Files: tests/scripts/test080-hotp
+ tests/scripts/test082-remoteauth
+ tests/scripts/test081-totp
+ tests/scripts/test081-totp.py
+Copyright: Copyright 1998-2022 The OpenLDAP Foundation.
+ Copyright 2016-2021 Ondřej Kuzník, Symas Corp.
+ All rights reserved.
+License: OpenLDAP-2.8
+
+Files: debian/*
+Copyright: Bastian Blank <waldi@debian.org>
+ Ben Collins <bcollins@debian.org>
+ Giuseppe Iuculano <iuculano@debian.org>
+ Helmut Grohne <helmut@subdivi.de>
+ Jelmer Vernooij <jelmer@debian.org>
+ Matthijs Möhlmann <matthijs@cacholong.nl>
+ Michael Gilbert <mgilbert@debian.org>
+ Nico Golde <nion@debian.org>
+ Petter Reinholdtsen <pere@debian.org>
+ Roland Bauerschmidt <rb@debian.org>
+ Russ Allbery <rra@debian.org>
+ Ryan Tandy <ryan@nardis.ca>
+ Sergio Durigan Junior <sergiodj@debian.org>
+ Stephen Frost <sfrost@debian.org>
+ Steve Langasek <vorlon@debian.org>
+ Thijs Kinkhorst <thijs@debian.org>
+ Timo Aaltonen <tjaalton@debian.org>
+ Torsten Landschoff <torsten@debian.org>
+ Wichert Akkerman <wakkerma@debian.org>
+ Canonical Ltd
+License: OpenLDAP-2.8
+
+License: F5
+ This software is not subject to any license of F5 Networks.
+ This is free software; you can redistribute and use it
+ under the same terms as OpenLDAP itself.
+
+License: FSF-unlimited
+ This file is free software; the Free Software Foundation
+ gives unlimited permission to copy and/or distribute it,
+ with or without modifications, as long as this notice is preserved.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+ even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ PARTICULAR PURPOSE.
+
+License: GPL-2+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in the file `/usr/share/common-licenses/GPL-2'.
+
+License: GPL-2+ with Autoconf exception
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ As a special exception to the GNU General Public License, if you
+ distribute this file as part of a program that contains a
+ configuration script generated by Autoconf, you may include it under
+ the same distribution terms that you use for the rest of that program.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in the file `/usr/share/common-licenses/GPL-2'.
+
+License: GPL-2+ with Libtool exception
+ GNU Libtool is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ As a special exception to the GNU General Public License,
+ if you distribute this file as part of a program or library that
+ is built using GNU Libtool, you may include this file under the
+ same distribution terms that you use for the rest of that program.
+ .
+ GNU Libtool is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in the file `/usr/share/common-licenses/GPL-2'.
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 3 can be found in the file `/usr/share/common-licenses/GPL-3'.
+
+License: GPL-3+ with Autoconf exception
+ This file is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <https://www.gnu.org/licenses/>.
+ .
+ As a special exception to the GNU General Public License, if you
+ distribute this file as part of a program that contains a
+ configuration script generated by Autoconf, you may include it under
+ the same distribution terms that you use for the rest of that
+ program. This Exception is an additional permission under section
+ of the GNU General Public License, version 3 ("GPLv3").
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 3 can be found in the file `/usr/share/common-licenses/GPL-3'.
+
+License: GPL-3+ with Libtool exception
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ .
+ As a special exception to the GNU General Public License, if you distribute
+ this file as part of a program or library that is built using GNU Libtool,
+ you may include this file under the same distribution terms that you use
+ for the rest of that program.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 3 can be found in the file `/usr/share/common-licenses/GPL-3'.
+
+License: JCG
+ This software is not subject to any license of Silicon Graphics
+ Inc. or Purdue University.
+ .
+ Redistribution and use in source and binary forms are permitted
+ without restriction or fee of any kind as long as this notice
+ is preserved.
+Comment:
+ The following is additional information from Juan C. Gomez on how
+ this license is to be interpreted:
+ .
+ Local-Date: Fri, 06 Jun 2003 13:18:52 -0400
+ Date: Fri, 6 Jun 2003 10:18:52 -0700
+ From: Juan Gomez <juang@us.ibm.com>
+ To: Stephen Frost <sfrost@debian.org>
+ X-Mailer: Lotus Notes Release 5.0.2a (Intl) 23 November 1999
+ Subject: Re: Juan C. Gomez license in OpenLDAP Source
+ .
+ Stephen,
+ .
+ "There is no restriction on modifications and derived works" on the work I
+ did for the openldap server as long as this is consistent with the openldap
+ license. Please forward this email to Kurt so he does the appropriate
+ changes to the files to reflect this.
+ .
+ Regards, Juan
+
+License: MIT-XC
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to
+ deal in the Software without restriction, including without limitation the
+ rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ sell copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+ AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+ TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ .
+ Except as contained in this notice, the name of the X Consortium shall not
+ be used in advertising or otherwise to promote the sale, use or other deal-
+ ings in this Software without prior written authorization from the X Consor-
+ tium.
+
+License: OpenLDAP-2.8
+ The OpenLDAP Public License
+ Version 2.8, 17 August 2003
+ .
+ Redistribution and use of this software and associated documentation
+ ("Software"), with or without modification, are permitted provided
+ that the following conditions are met:
+ .
+ 1. Redistributions in source form must retain copyright statements
+ and notices,
+ .
+ 2. Redistributions in binary form must reproduce applicable copyright
+ statements and notices, this list of conditions, and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution, and
+ .
+ 3. Redistributions must contain a verbatim copy of this document.
+ .
+ The OpenLDAP Foundation may revise this license from time to time.
+ Each revision is distinguished by a version number. You may use
+ this Software under terms of this license revision or under the
+ terms of any subsequent revision of the license.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+ CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+ OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ .
+ The names of the authors and copyright holders must not be used in
+ advertising or otherwise to promote the sale, use or other dealing
+ in this Software without specific, written prior permission. Title
+ to copyright in this Software shall at all times remain with copyright
+ holders.
+ .
+ OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+ .
+ Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
+ California, USA. All Rights Reserved. Permission to copy and
+ distribute verbatim copies of this document is granted.
+
+License: UMich
+ Redistribution and use in source and binary forms are permitted
+ provided that this notice is preserved and that due credit is given
+ to the University of Michigan at Ann Arbor. The name of the
+ University may not be used to endorse or promote products derived
+ from this software without specific prior written permission. This
+ software is provided ``as is'' without express or implied warranty.
+Comment:
+ After discussing this license with the OpenLDAP Foundation we received
+ clarification on it:
+ .
+ To: Stephen Frost <sfrost@snowman.net>
+ Subject: Re: OpenLDAP Licenseing issues
+ From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
+ Date: Wed, 28 May 2003 10:55:44 -0700
+ Cc: Steve Langasek <vorlon@netexpress.net>,debian-legal@lists.debian.org, openldap-devel@OpenLDAP.org
+ In-reply-to: <20030528162613.GB8524@ns.snowman.net>
+ Message-id: <5.2.0.9.0.20030528094229.02924780@127.0.0.1>
+ Old-return-path: <Kurt@OpenLDAP.org>
+ .
+ Steven,
+ .
+ The OpenLDAP Foundation believes it the Regents' statement grants a
+ license to redistribute derived works and is confident that the University,
+ who is quite aware of our actions (as they actively participate in them),
+ does not consider our actions to infringe on their rights. You are
+ welcomed to your opinions. I suggest, however, that before you rely
+ on your or other people's opinions (including ours), that you consult
+ with a lawyer familiar with applicable law and the particulars of your
+ situation.
+ .
+ The Foundation sees no reason for it to expend its limited resources
+ seeking clarifications which it believes are unnecessary. You are,
+ of course, welcomed to expend time and energy seeking clarifications
+ you think are necessary. I suggest you contact University's general
+ counsel office (http://www.umich.edu/~vpgc/).
+ .
+ Regards, Kurt
+
+License: Beerware
+ <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
+ can do whatever you want with this stuff. If we meet some day, and you think
+ this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp
+
+License: BSD-3-clause-variant
+ Redistribution and use in source and binary forms are permitted
+ provided that the above copyright notice and this paragraph are
+ duplicated in all such forms and that any documentation,
+ advertising materials, and other materials related to such
+ distribution and use acknowledge that the software was developed
+ by the University of California, Berkeley. The name of the
+ University may not be used to endorse or promote products derived
+ from this software without specific prior written permission.
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+License: Expat-ISC
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ SOFTWARE.
+
+License: Expat-UNM
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the "Software"),
+ to deal in the Software without restriction, including without limitation
+ the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ and/or sell copies of the Software, and to permit persons to whom the
+ Software is furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+License: BSD-3-clause-California
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+License: BSD-4-clause-California
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by the University of
+ California, Berkeley and its contributors.
+ 4. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+License: BSD-3-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the copyright holder nor the names of contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
diff --git a/debian/dh_installscripts-common b/debian/dh_installscripts-common
new file mode 100755
index 0000000..9936b4f
--- /dev/null
+++ b/debian/dh_installscripts-common
@@ -0,0 +1,22 @@
+#!/usr/bin/perl -w
+
+use strict;
+use Debian::Debhelper::Dh_Lib;
+
+init();
+
+foreach my $package (@{$dh{DOPACKAGES}}) {
+ my $tmp=tmpdir($package);
+ my $ext=pkgext($package);
+
+ if (! -d "$tmp/DEBIAN") {
+ next;
+ }
+
+ foreach my $file (qw{postinst preinst prerm postrm config}) {
+ my $f="$tmp/DEBIAN/$file";
+ if ($f) {
+ complex_doit("perl -pe 's~#SCRIPTSCOMMON#~qx{cat debian/${ext}scripts-common}~eg' -i $f");
+ }
+ }
+}
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..41af7c4
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,6 @@
+[DEFAULT]
+debian-branch = experimental
+upstream-branch = upstream-2.6
+debian-tag = %(version)s
+upstream-tag = upstream/%(version)s
+pristine-tar = True
diff --git a/debian/ldap-utils.README.Debian b/debian/ldap-utils.README.Debian
new file mode 100644
index 0000000..83e979a
--- /dev/null
+++ b/debian/ldap-utils.README.Debian
@@ -0,0 +1,5 @@
+If you want to play with shell and ldapsearch output, be sure your dn
+entries are one per line. A perl script could be:
+
+ ldapsearch ... | perl -p -0040 -e 's/\n //'
+
diff --git a/debian/ldap-utils.install b/debian/ldap-utils.install
new file mode 100644
index 0000000..33856c6
--- /dev/null
+++ b/debian/ldap-utils.install
@@ -0,0 +1,10 @@
+usr/bin/ldapadd usr/bin
+usr/bin/ldapdelete usr/bin
+usr/bin/ldapmodrdn usr/bin
+usr/bin/ldapsearch usr/bin
+usr/bin/ldapcompare usr/bin
+usr/bin/ldapmodify usr/bin
+usr/bin/ldappasswd usr/bin
+usr/bin/ldapwhoami usr/bin
+usr/bin/ldapexop usr/bin
+usr/bin/ldapurl usr/bin
diff --git a/debian/ldap-utils.manpages b/debian/ldap-utils.manpages
new file mode 100644
index 0000000..a4f34e5
--- /dev/null
+++ b/debian/ldap-utils.manpages
@@ -0,0 +1,11 @@
+usr/share/man/man1/ldapcompare.1
+usr/share/man/man1/ldapdelete.1
+usr/share/man/man1/ldapexop.1
+usr/share/man/man1/ldapmodify.1
+usr/share/man/man1/ldapmodrdn.1
+usr/share/man/man1/ldappasswd.1
+usr/share/man/man1/ldapsearch.1
+usr/share/man/man1/ldapwhoami.1
+usr/share/man/man1/ldapurl.1
+usr/share/man/man1/ldapadd.1
+usr/share/man/man5/ldif.5
diff --git a/debian/ldiftopasswd b/debian/ldiftopasswd
new file mode 100755
index 0000000..543bdd5
--- /dev/null
+++ b/debian/ldiftopasswd
@@ -0,0 +1,174 @@
+#!/usr/bin/perl -w
+#
+#
+# Comments on usage from the email we received:
+# I showed a friend the following script. He said I should submit it for
+# inclusion in openldap, because it might useful for others.
+#
+# The attached perl script, when used like
+#
+# ldapsearch | ldiftopasswd
+#
+# will automatically:
+#
+# 1. create /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow
+#
+# 2. append /etc/passwd.top, /etc/shadow.top, /etc/group.top, and /etc/gshadow.top to respective files.
+#
+# 3. use data from ldap to create the files (note: gshadow isn't really
+# supported, because I don't use it, nor could I find any
+# documentation. Adding support for other files should be easy).
+#
+# (of course you need access to all fields including the password field
+# for this, so use correct parameters to ldapsearch).
+#
+# This could be useful for instance on laptop computers where you don't
+# want to run a slave slapd server for some reason (perhaps memory
+# constraints).
+# ----------------------------------------
+use strict;
+use Getopt::Long;
+use MIME::Base64;
+use IO::File;
+
+my $passwdfile="/etc/passwd";
+my $shadowfile="/etc/shadow";
+my $groupfile="/etc/group";
+my $gshadowfile="/etc/gshadow";
+my $help;
+GetOptions (
+ '--passwd=s',\$passwdfile,
+ '--shadow=s',\$shadowfile,
+ '--group=s',\$groupfile,
+ '--gshadow=s',\$gshadowfile,
+ '--help',\$help,
+ ) or die "Bad options\n";
+
+if ($help or $#ARGV != -1) {
+ print STDERR "usage: $0 [etcfile=filename] [--help]\n";
+ exit 255;
+}
+
+sub start_file($) {
+ my ($file) = @_;
+ my $outhandle = new IO::File;
+ $outhandle->open(">$file") or die "Cannot open $file for writing";
+
+ open(TMP,"<$file.top") or die "cannot open $file.top for reading";
+ while (<TMP>) { $outhandle->print($_); }
+ close(TMP) or die "cannot close $file for reading";
+
+ return($outhandle);
+}
+
+my $PASSWD = start_file($passwdfile);
+my $SHADOW = start_file($shadowfile);
+my $GROUP = start_file($groupfile);
+my $GSHADOW = start_file($gshadowfile);
+
+sub dopasswd($) {
+ my ($record) = @_;
+ my $userPassword="*";
+
+ $PASSWD->print(
+ $record->{"uid"},":",
+ "x",":",
+ $record->{"uidNumber"},":",
+ $record->{"gidNumber"},":",
+ $record->{"gecos"},":",
+ $record->{"homeDirectory"},":",
+ $record->{"loginShell"},"\n");
+
+ if (defined($record->{"userPassword"}) &&
+ $record->{"userPassword"} =~ /^{(crypt)}(.*)$/)
+ { $userPassword = $2; }
+
+ $SHADOW->print(
+ $record->{"uid"},":",
+ $userPassword,":",
+ $record->{"shadowLastChange"} || "10706",":",
+ $record->{"shadowMin"} || "0",":",
+ $record->{"shadowMax"} || "99999",":",
+ $record->{"shadowWarning"} || "7",":",
+ $record->{"shadowInactive"} || "",":",
+ $record->{"shadowExpire"} || "",":",
+ "","\n");
+}
+
+sub dogroup($) {
+ my ($record) = @_;
+ my $userPassword="*";
+
+ my $members="";
+ if (defined($record->{"memberUid"})) {
+ $members = join(",",@{$record->{"memberUid"}});
+ }
+
+ $GROUP->print(
+ $record->{"cn"},":",
+ "x",":",
+ $record->{"gidNumber"},":",
+ $members,"\n");
+
+ if (defined($record->{"userPassword"}) &&
+ $record->{"userPassword"} =~ /^{(crypt)}(.*)$/)
+ { $userPassword = $2; }
+
+# !FIXME!
+# $GSHADOW->print
+# $record->{"cn"},":",
+# "*",":",
+# "",":",
+# "","\n";
+}
+
+
+my %record;
+my $user=0;
+my $group=0;
+
+while (<>) {
+ if (/^$/) {
+ if ($user) {
+ dopasswd(\%record);
+ }
+ if ($group) {
+ dogroup(\%record);
+ }
+
+ $user = $group = 0;
+ %record=();
+ }
+ elsif (/^objectClass: posixAccount$/) {
+ $user = 1;
+ }
+ elsif (/^objectClass: posixGroup$/) {
+ $group = 1;
+ }
+ elsif (/^(uid|uidNumber|gidNumber|gecos|homeDirectory|loginShell): (.*)$/) {
+ if (!defined($record{$1})) { $record{$1} = $2; }
+ }
+ elsif (/^(userPassword|shadowLastChange|shadowMin|shadowMax|shadowWarning|shadowInactive|shadowExpire): (.*)$/) {
+ if (!defined($record{$1})) { $record{$1} = $2; }
+ }
+ elsif (/^(cn): (.*)$/) {
+ if (!defined($record{$1})) { $record{$1} = $2; }
+ }
+ elsif (/^(uniqueMember): (.*)$/) {
+ push @{$record{$1}},$2;
+ if ($2 =~ /uid=([a-zA-Z]*),/) {
+ push @{$record{"memberUid"}},$1;
+ }
+ }
+ elsif (/^(memberUid): (.*)$/) {
+ push @{$record{$1}},$2;
+ }
+ elsif (/^(userPassword):: (.*)$/) {
+ $record{$1} = decode_base64($2);
+ }
+}
+
+$PASSWD->close or die "Cannot close $passwdfile for writing";
+$SHADOW->close or die "Cannot close $shadowfile for writing";
+$GROUP->close or die "Cannot close $groupfile for writing";
+$GSHADOW->close or die "Cannot close $gshadowfile for writing";
diff --git a/debian/libldap-common.install b/debian/libldap-common.install
new file mode 100644
index 0000000..b64373e
--- /dev/null
+++ b/debian/libldap-common.install
@@ -0,0 +1 @@
+etc/ldap/ldap.conf
diff --git a/debian/libldap-common.manpages b/debian/libldap-common.manpages
new file mode 100644
index 0000000..f8098da
--- /dev/null
+++ b/debian/libldap-common.manpages
@@ -0,0 +1 @@
+usr/share/man/man5/ldap.conf.5
diff --git a/debian/libldap-dev.NEWS b/debian/libldap-dev.NEWS
new file mode 100644
index 0000000..6960285
--- /dev/null
+++ b/debian/libldap-dev.NEWS
@@ -0,0 +1,13 @@
+openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
+
+ This is a major release of OpenLDAP, and as such it introduces several
+ changes, new features and deprecations/removals. This is a
+ non-exhaustive list of things to be aware of:
+
+ * Changes:
+ - The libldap2-dev package has been renamed to libldap-dev.
+ - The libldap_r library has been merged into libldap.
+ Applications should link with -lldap. This package still provides
+ a libldap_r.so symlink for compatibility.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 11 Jun 2021 11:43:15 -0700
diff --git a/debian/libldap-dev.install b/debian/libldap-dev.install
new file mode 100644
index 0000000..32800e6
--- /dev/null
+++ b/debian/libldap-dev.install
@@ -0,0 +1,15 @@
+usr/include/lber.h
+usr/include/lber_types.h
+usr/include/ldap_cdefs.h
+usr/include/ldap_features.h
+usr/include/ldap.h
+usr/include/ldap_schema.h
+usr/include/ldap_utf8.h
+usr/include/ldif.h
+usr/include/openldap.h
+usr/lib/*/liblber.a
+usr/lib/*/liblber.so
+usr/lib/*/libldap.a
+usr/lib/*/libldap.so
+usr/lib/*/pkgconfig/lber.pc
+usr/lib/*/pkgconfig/ldap.pc
diff --git a/debian/libldap-dev.links.in b/debian/libldap-dev.links.in
new file mode 100644
index 0000000..c72ca05
--- /dev/null
+++ b/debian/libldap-dev.links.in
@@ -0,0 +1,12 @@
+usr/share/man/man3/lber-encode.3 usr/share/man/man3/ber_put_bitstring.3
+usr/share/man/man3/lber-encode.3 usr/share/man/man3/ber_put_boolean.3
+usr/share/man/man3/lber-encode.3 usr/share/man/man3/ber_start_seq.3
+usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memalloc.3
+usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memcalloc.3
+usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memfree.3
+usr/share/man/man3/lber-memory.3 usr/share/man/man3/ber_memrealloc.3
+usr/share/man/man3/lber-types.3 usr/share/man/man3/ber_int_t.3
+usr/share/man/man3/lber-types.3 usr/share/man/man3/ber_len_t.3
+usr/share/man/man3/lber-types.3 usr/share/man/man3/ber_tag_t.3
+usr/lib/${DEB_HOST_MULTIARCH}/libldap.so usr/lib/${DEB_HOST_MULTIARCH}/libldap_r.so
+usr/lib/${DEB_HOST_MULTIARCH}/libldap.a usr/lib/${DEB_HOST_MULTIARCH}/libldap_r.a
diff --git a/debian/libldap-dev.manpages b/debian/libldap-dev.manpages
new file mode 100644
index 0000000..1186966
--- /dev/null
+++ b/debian/libldap-dev.manpages
@@ -0,0 +1 @@
+usr/share/man/man3/*
diff --git a/debian/libldap2.README.Debian b/debian/libldap2.README.Debian
new file mode 100644
index 0000000..151703c
--- /dev/null
+++ b/debian/libldap2.README.Debian
@@ -0,0 +1,22 @@
+Notes about Debian's libldap2 package
+-------------------------------------
+
+It has been reported that using libnss-ldap can cause a failure to
+unmount /usr on system shutdown. The reason is that the nss module
+uses libldap from /usr and is used by the shell in the system
+scripts executed on shutdown/reboot.
+
+More precisely bash uses the getpwuid function to get the data of
+the current user which pulls in the nss modules which includes
+the ldap libraries if you are using that module.
+
+Possible solutions to this problem are:
+
+a) use another shell that does not utilize getpwuid for getting info
+ about the current user (take dash for example).
+b) make sure that the nsswitch.conf is replaced by a version which does
+ not mention ldap before the system is shut down (and have a startup
+ script that installs the "full" version of that file).
+c) move the libraries to /lib (not recommended).
+
+ -- Torsten Landschoff <torsten@debian.org> Mon, 30 Sep 2002 11:06:22 +0200
diff --git a/debian/libldap2.install b/debian/libldap2.install
new file mode 100644
index 0000000..2591f85
--- /dev/null
+++ b/debian/libldap2.install
@@ -0,0 +1,2 @@
+usr/lib/*/liblber.so.2*
+usr/lib/*/libldap.so.2*
diff --git a/debian/libldap2.symbols b/debian/libldap2.symbols
new file mode 100644
index 0000000..31bf654
--- /dev/null
+++ b/debian/libldap2.symbols
@@ -0,0 +1,710 @@
+liblber.so.2 libldap2 #MINVER#
+* Build-Depends-Package: libldap-dev
+ OPENLDAP_2.200@OPENLDAP_2.200 2.6.2
+ ber_alloc@OPENLDAP_2.200 2.6.2
+ ber_alloc_t@OPENLDAP_2.200 2.6.2
+ ber_bprint@OPENLDAP_2.200 2.6.2
+ ber_bvarray_add@OPENLDAP_2.200 2.6.2
+ ber_bvarray_add_x@OPENLDAP_2.200 2.6.2
+ ber_bvarray_dup_x@OPENLDAP_2.200 2.6.2
+ ber_bvarray_free@OPENLDAP_2.200 2.6.2
+ ber_bvarray_free_x@OPENLDAP_2.200 2.6.2
+ ber_bvdup@OPENLDAP_2.200 2.6.2
+ ber_bvecadd@OPENLDAP_2.200 2.6.2
+ ber_bvecadd_x@OPENLDAP_2.200 2.6.2
+ ber_bvecfree@OPENLDAP_2.200 2.6.2
+ ber_bvecfree_x@OPENLDAP_2.200 2.6.2
+ ber_bvfree@OPENLDAP_2.200 2.6.2
+ ber_bvfree_x@OPENLDAP_2.200 2.6.2
+ ber_bvreplace@OPENLDAP_2.200 2.6.2
+ ber_bvreplace_x@OPENLDAP_2.200 2.6.2
+ ber_decode_int@OPENLDAP_2.200 2.6.2
+ ber_decode_oid@OPENLDAP_2.200 2.6.2
+ ber_dump@OPENLDAP_2.200 2.6.2
+ ber_dup@OPENLDAP_2.200 2.6.2
+ ber_dupbv@OPENLDAP_2.200 2.6.2
+ ber_dupbv_x@OPENLDAP_2.200 2.6.2
+ ber_encode_oid@OPENLDAP_2.200 2.6.2
+ ber_errno_addr@OPENLDAP_2.200 2.6.2
+ ber_error_print@OPENLDAP_2.200 2.6.2
+ ber_first_element@OPENLDAP_2.200 2.6.2
+ ber_flatten2@OPENLDAP_2.200 2.6.2
+ ber_flatten@OPENLDAP_2.200 2.6.2
+ ber_flush2@OPENLDAP_2.200 2.6.2
+ ber_flush@OPENLDAP_2.200 2.6.2
+ ber_free@OPENLDAP_2.200 2.6.2
+ ber_free_buf@OPENLDAP_2.200 2.6.2
+ ber_get_bitstringa@OPENLDAP_2.200 2.6.2
+ ber_get_boolean@OPENLDAP_2.200 2.6.2
+ ber_get_enum@OPENLDAP_2.200 2.6.2
+ ber_get_int@OPENLDAP_2.200 2.6.2
+ ber_get_next@OPENLDAP_2.200 2.6.2
+ ber_get_null@OPENLDAP_2.200 2.6.2
+ ber_get_option@OPENLDAP_2.200 2.6.2
+ ber_get_stringa@OPENLDAP_2.200 2.6.2
+ ber_get_stringa_null@OPENLDAP_2.200 2.6.2
+ ber_get_stringal@OPENLDAP_2.200 2.6.2
+ ber_get_stringb@OPENLDAP_2.200 2.6.2
+ ber_get_stringbv@OPENLDAP_2.200 2.6.2
+ ber_get_stringbv_null@OPENLDAP_2.200 2.6.2
+ ber_get_tag@OPENLDAP_2.200 2.6.2
+ ber_init2@OPENLDAP_2.200 2.6.2
+ ber_init@OPENLDAP_2.200 2.6.2
+ ber_init_w_nullc@OPENLDAP_2.200 2.6.2
+ ber_int_errno_fn@OPENLDAP_2.200 2.6.2
+ ber_int_log_proc@OPENLDAP_2.200 2.6.2
+ ber_int_memory_fns@OPENLDAP_2.200 2.6.2
+ ber_int_options@OPENLDAP_2.200 2.6.2
+ ber_int_sb_close@OPENLDAP_2.200 2.6.2
+ ber_int_sb_destroy@OPENLDAP_2.200 2.6.2
+ ber_int_sb_init@OPENLDAP_2.200 2.6.2
+ ber_int_sb_read@OPENLDAP_2.200 2.6.2
+ ber_int_sb_write@OPENLDAP_2.200 2.6.2
+ ber_len@OPENLDAP_2.200 2.6.2
+ ber_log_bprint@OPENLDAP_2.200 2.6.2
+ ber_log_dump@OPENLDAP_2.200 2.6.2
+ ber_log_sos_dump@OPENLDAP_2.200 2.6.2
+ ber_mem2bv@OPENLDAP_2.200 2.6.2
+ ber_mem2bv_x@OPENLDAP_2.200 2.6.2
+ ber_memalloc@OPENLDAP_2.200 2.6.2
+ ber_memalloc_x@OPENLDAP_2.200 2.6.2
+ ber_memcalloc@OPENLDAP_2.200 2.6.2
+ ber_memcalloc_x@OPENLDAP_2.200 2.6.2
+ ber_memfree@OPENLDAP_2.200 2.6.2
+ ber_memfree_x@OPENLDAP_2.200 2.6.2
+ ber_memrealloc@OPENLDAP_2.200 2.6.2
+ ber_memrealloc_x@OPENLDAP_2.200 2.6.2
+ ber_memvfree@OPENLDAP_2.200 2.6.2
+ ber_memvfree_x@OPENLDAP_2.200 2.6.2
+ ber_next_element@OPENLDAP_2.200 2.6.2
+ ber_peek_element@OPENLDAP_2.200 2.6.2
+ ber_peek_tag@OPENLDAP_2.200 2.6.2
+ ber_printf@OPENLDAP_2.200 2.6.2
+ ber_ptrlen@OPENLDAP_2.200 2.6.2
+ ber_put_berval@OPENLDAP_2.200 2.6.2
+ ber_put_bitstring@OPENLDAP_2.200 2.6.2
+ ber_put_boolean@OPENLDAP_2.200 2.6.2
+ ber_put_enum@OPENLDAP_2.200 2.6.2
+ ber_put_int@OPENLDAP_2.200 2.6.2
+ ber_put_null@OPENLDAP_2.200 2.6.2
+ ber_put_ostring@OPENLDAP_2.200 2.6.2
+ ber_put_seq@OPENLDAP_2.200 2.6.2
+ ber_put_set@OPENLDAP_2.200 2.6.2
+ ber_put_string@OPENLDAP_2.200 2.6.2
+ ber_pvt_err_file@OPENLDAP_2.200 2.6.2
+ ber_pvt_log_output@OPENLDAP_2.200 2.6.2
+ ber_pvt_log_print@OPENLDAP_2.200 2.6.2
+ ber_pvt_log_printf@OPENLDAP_2.200 2.6.2
+ ber_pvt_opt_on@OPENLDAP_2.200 2.6.2
+ ber_pvt_sb_buf_destroy@OPENLDAP_2.200 2.6.2
+ ber_pvt_sb_buf_init@OPENLDAP_2.200 2.6.2
+ ber_pvt_sb_copy_out@OPENLDAP_2.200 2.6.2
+ ber_pvt_sb_do_write@OPENLDAP_2.200 2.6.2
+ ber_pvt_sb_grow_buffer@OPENLDAP_2.200 2.6.2
+ ber_pvt_socket_set_nonblock@OPENLDAP_2.200 2.6.2
+ ber_read@OPENLDAP_2.200 2.6.2
+ ber_realloc@OPENLDAP_2.200 2.6.2
+ ber_remaining@OPENLDAP_2.200 2.6.2
+ ber_reset@OPENLDAP_2.200 2.6.2
+ ber_rewind@OPENLDAP_2.200 2.6.2
+ ber_scanf@OPENLDAP_2.200 2.6.2
+ ber_set_option@OPENLDAP_2.200 2.6.2
+ ber_skip_data@OPENLDAP_2.200 2.6.2
+ ber_skip_element@OPENLDAP_2.200 2.6.2
+ ber_skip_raw@OPENLDAP_2.200 2.6.2
+ ber_skip_tag@OPENLDAP_2.200 2.6.2
+ ber_sockbuf_add_io@OPENLDAP_2.200 2.6.2
+ ber_sockbuf_alloc@OPENLDAP_2.200 2.6.2
+ ber_sockbuf_ctrl@OPENLDAP_2.200 2.6.2
+ ber_sockbuf_free@OPENLDAP_2.200 2.6.2
+ ber_sockbuf_io_debug@OPENLDAP_2.200 2.6.2
+ ber_sockbuf_io_fd@OPENLDAP_2.200 2.6.2
+ ber_sockbuf_io_readahead@OPENLDAP_2.200 2.6.2
+ ber_sockbuf_io_tcp@OPENLDAP_2.200 2.6.2
+ ber_sockbuf_remove_io@OPENLDAP_2.200 2.6.2
+ ber_sos_dump@OPENLDAP_2.200 2.6.2
+ ber_start@OPENLDAP_2.200 2.6.2
+ ber_start_seq@OPENLDAP_2.200 2.6.2
+ ber_start_set@OPENLDAP_2.200 2.6.2
+ ber_str2bv@OPENLDAP_2.200 2.6.2
+ ber_str2bv_x@OPENLDAP_2.200 2.6.2
+ ber_strdup@OPENLDAP_2.200 2.6.2
+ ber_strdup_x@OPENLDAP_2.200 2.6.2
+ ber_strndup@OPENLDAP_2.200 2.6.2
+ ber_strndup_x@OPENLDAP_2.200 2.6.2
+ ber_strnlen@OPENLDAP_2.200 2.6.2
+ ber_write@OPENLDAP_2.200 2.6.2
+ der_alloc@OPENLDAP_2.200 2.6.2
+ lutil_debug@OPENLDAP_2.200 2.6.2
+ lutil_debug_file@OPENLDAP_2.200 2.6.2
+libldap.so.2 libldap2 #MINVER#
+* Build-Depends-Package: libldap-dev
+ OPENLDAP_2.200@OPENLDAP_2.200 2.6.2
+ ldap_X509dn2bv@OPENLDAP_2.200 2.6.2
+ ldap_abandon@OPENLDAP_2.200 2.6.2
+ ldap_abandon_ext@OPENLDAP_2.200 2.6.2
+ ldap_add@OPENLDAP_2.200 2.6.2
+ ldap_add_ext@OPENLDAP_2.200 2.6.2
+ ldap_add_ext_s@OPENLDAP_2.200 2.6.2
+ ldap_add_result_entry@OPENLDAP_2.200 2.6.2
+ ldap_add_s@OPENLDAP_2.200 2.6.2
+ ldap_alloc_ber_with_options@OPENLDAP_2.200 2.6.2
+ ldap_append_referral@OPENLDAP_2.200 2.6.2
+ ldap_attributetype2bv@OPENLDAP_2.200 2.6.2
+ ldap_attributetype2name@OPENLDAP_2.200 2.6.2
+ ldap_attributetype2str@OPENLDAP_2.200 2.6.2
+ ldap_attributetype_free@OPENLDAP_2.200 2.6.2
+ ldap_avl_apply@OPENLDAP_2.200 2.6.2
+ ldap_avl_delete@OPENLDAP_2.200 2.6.2
+ ldap_avl_dup_error@OPENLDAP_2.200 2.6.2
+ ldap_avl_dup_ok@OPENLDAP_2.200 2.6.2
+ ldap_avl_find2@OPENLDAP_2.200 2.6.2
+ ldap_avl_find@OPENLDAP_2.200 2.6.2
+ ldap_avl_find_lin@OPENLDAP_2.200 2.6.2
+ ldap_avl_free@OPENLDAP_2.200 2.6.2
+ ldap_avl_getfirst@OPENLDAP_2.200 2.6.2
+ ldap_avl_getnext@OPENLDAP_2.200 2.6.2
+ ldap_avl_insert@OPENLDAP_2.200 2.6.2
+ ldap_avl_prefixapply@OPENLDAP_2.200 2.6.2
+ ldap_bind@OPENLDAP_2.200 2.6.2
+ ldap_bind_s@OPENLDAP_2.200 2.6.2
+ ldap_build_add_req@OPENLDAP_2.200 2.6.2
+ ldap_build_bind_req@OPENLDAP_2.200 2.6.2
+ ldap_build_compare_req@OPENLDAP_2.200 2.6.2
+ ldap_build_delete_req@OPENLDAP_2.200 2.6.2
+ ldap_build_extended_req@OPENLDAP_2.200 2.6.2
+ ldap_build_moddn_req@OPENLDAP_2.200 2.6.2
+ ldap_build_modify_req@OPENLDAP_2.200 2.6.2
+ ldap_build_search_req@OPENLDAP_2.200 2.6.2
+ ldap_bv2dn@OPENLDAP_2.200 2.6.2
+ ldap_bv2dn_x@OPENLDAP_2.200 2.6.2
+ ldap_bv2escaped_filter_value@OPENLDAP_2.200 2.6.2
+ ldap_bv2escaped_filter_value_len@OPENLDAP_2.200 2.6.2
+ ldap_bv2escaped_filter_value_x@OPENLDAP_2.200 2.6.2
+ ldap_bv2rdn@OPENLDAP_2.200 2.6.2
+ ldap_bv2rdn_x@OPENLDAP_2.200 2.6.2
+ ldap_cancel@OPENLDAP_2.200 2.6.2
+ ldap_cancel_s@OPENLDAP_2.200 2.6.2
+ ldap_charray2str@OPENLDAP_2.200 2.6.2
+ ldap_charray_add@OPENLDAP_2.200 2.6.2
+ ldap_charray_dup@OPENLDAP_2.200 2.6.2
+ ldap_charray_free@OPENLDAP_2.200 2.6.2
+ ldap_charray_inlist@OPENLDAP_2.200 2.6.2
+ ldap_charray_merge@OPENLDAP_2.200 2.6.2
+ ldap_chase_referrals@OPENLDAP_2.200 2.6.2
+ ldap_chase_v3referrals@OPENLDAP_2.200 2.6.2
+ ldap_clear_select_write@OPENLDAP_2.200 2.6.2
+ ldap_compare@OPENLDAP_2.200 2.6.2
+ ldap_compare_ext@OPENLDAP_2.200 2.6.2
+ ldap_compare_ext_s@OPENLDAP_2.200 2.6.2
+ ldap_compare_s@OPENLDAP_2.200 2.6.2
+ ldap_connect@OPENLDAP_2.200 2.6.2
+ ldap_connect_to_host@OPENLDAP_2.200 2.6.2
+ ldap_connect_to_path@OPENLDAP_2.200 2.6.2
+ ldap_contentrule2bv@OPENLDAP_2.200 2.6.2
+ ldap_contentrule2name@OPENLDAP_2.200 2.6.2
+ ldap_contentrule2str@OPENLDAP_2.200 2.6.2
+ ldap_contentrule_free@OPENLDAP_2.200 2.6.2
+ ldap_control_create@OPENLDAP_2.200 2.6.2
+ ldap_control_dup@OPENLDAP_2.200 2.6.2
+ ldap_control_find@OPENLDAP_2.200 2.6.2
+ ldap_control_free@OPENLDAP_2.200 2.6.2
+ ldap_controls_dup@OPENLDAP_2.200 2.6.2
+ ldap_controls_free@OPENLDAP_2.200 2.6.2
+ ldap_count_entries@OPENLDAP_2.200 2.6.2
+ ldap_count_messages@OPENLDAP_2.200 2.6.2
+ ldap_count_references@OPENLDAP_2.200 2.6.2
+ ldap_count_values@OPENLDAP_2.200 2.6.2
+ ldap_count_values_len@OPENLDAP_2.200 2.6.2
+ ldap_create@OPENLDAP_2.200 2.6.2
+ ldap_create_accountusability_control@OPENLDAP_2.200 2.6.2
+ ldap_create_assertion_control@OPENLDAP_2.200 2.6.2
+ ldap_create_assertion_control_value@OPENLDAP_2.200 2.6.2
+ ldap_create_control@OPENLDAP_2.200 2.6.2
+ ldap_create_deref_control@OPENLDAP_2.200 2.6.2
+ ldap_create_deref_control_value@OPENLDAP_2.200 2.6.2
+ ldap_create_dirsync_control@OPENLDAP_2.200 2.6.2
+ ldap_create_dirsync_value@OPENLDAP_2.200 2.6.2
+ ldap_create_extended_dn_control@OPENLDAP_2.200 2.6.2
+ ldap_create_extended_dn_value@OPENLDAP_2.200 2.6.2
+ ldap_create_page_control@OPENLDAP_2.200 2.6.2
+ ldap_create_page_control_value@OPENLDAP_2.200 2.6.2
+ ldap_create_passwordpolicy_control@OPENLDAP_2.200 2.6.2
+ ldap_create_persistentsearch_control@OPENLDAP_2.200 2.6.2
+ ldap_create_persistentsearch_control_value@OPENLDAP_2.200 2.6.2
+ ldap_create_server_notification_control@OPENLDAP_2.200 2.6.2
+ ldap_create_session_tracking_control@OPENLDAP_2.200 2.6.2
+ ldap_create_session_tracking_value@OPENLDAP_2.200 2.6.2
+ ldap_create_show_deleted_control@OPENLDAP_2.200 2.6.2
+ ldap_create_sort_control@OPENLDAP_2.200 2.6.2
+ ldap_create_sort_control_value@OPENLDAP_2.200 2.6.2
+ ldap_create_sort_keylist@OPENLDAP_2.200 2.6.2
+ ldap_create_vlv_control@OPENLDAP_2.200 2.6.2
+ ldap_create_vlv_control_value@OPENLDAP_2.200 2.6.2
+ ldap_dcedn2dn@OPENLDAP_2.200 2.6.2
+ ldap_delete@OPENLDAP_2.200 2.6.2
+ ldap_delete_ext@OPENLDAP_2.200 2.6.2
+ ldap_delete_ext_s@OPENLDAP_2.200 2.6.2
+ ldap_delete_result_entry@OPENLDAP_2.200 2.6.2
+ ldap_delete_s@OPENLDAP_2.200 2.6.2
+ ldap_derefresponse_free@OPENLDAP_2.200 2.6.2
+ ldap_destroy@OPENLDAP_2.200 2.6.2
+ ldap_dn2ad_canonical@OPENLDAP_2.200 2.6.2
+ ldap_dn2bv@OPENLDAP_2.200 2.6.2
+ ldap_dn2bv_x@OPENLDAP_2.200 2.6.2
+ ldap_dn2dcedn@OPENLDAP_2.200 2.6.2
+ ldap_dn2domain@OPENLDAP_2.200 2.6.2
+ ldap_dn2str@OPENLDAP_2.200 2.6.2
+ ldap_dn2ufn@OPENLDAP_2.200 2.6.2
+ ldap_dn_normalize@OPENLDAP_2.200 2.6.2
+ ldap_dnfree@OPENLDAP_2.200 2.6.2
+ ldap_dnfree_x@OPENLDAP_2.200 2.6.2
+ ldap_do_free_request@OPENLDAP_2.200 2.6.2
+ ldap_domain2dn@OPENLDAP_2.200 2.6.2
+ ldap_domain2hostlist@OPENLDAP_2.200 2.6.2
+ ldap_dump_connection@OPENLDAP_2.200 2.6.2
+ ldap_dump_requests_and_responses@OPENLDAP_2.200 2.6.2
+ ldap_dup@OPENLDAP_2.200 2.6.2
+ ldap_err2string@OPENLDAP_2.200 2.6.2
+ ldap_explode_dn@OPENLDAP_2.200 2.6.2
+ ldap_explode_rdn@OPENLDAP_2.200 2.6.2
+ ldap_extended_operation@OPENLDAP_2.200 2.6.2
+ ldap_extended_operation_s@OPENLDAP_2.200 2.6.2
+ ldap_find_control@OPENLDAP_2.200 2.6.2
+ ldap_find_request_by_msgid@OPENLDAP_2.200 2.6.2
+ ldap_first_attribute@OPENLDAP_2.200 2.6.2
+ ldap_first_entry@OPENLDAP_2.200 2.6.2
+ ldap_first_message@OPENLDAP_2.200 2.6.2
+ ldap_first_reference@OPENLDAP_2.200 2.6.2
+ ldap_free_connection@OPENLDAP_2.200 2.6.2
+ ldap_free_request@OPENLDAP_2.200 2.6.2
+ ldap_free_select_info@OPENLDAP_2.200 2.6.2
+ ldap_free_sort_keylist@OPENLDAP_2.200 2.6.2
+ ldap_free_urldesc@OPENLDAP_2.200 2.6.2
+ ldap_free_urllist@OPENLDAP_2.200 2.6.2
+ ldap_get_attribute_ber@OPENLDAP_2.200 2.6.2
+ ldap_get_dn@OPENLDAP_2.200 2.6.2
+ ldap_get_dn_ber@OPENLDAP_2.200 2.6.2
+ ldap_get_entry_controls@OPENLDAP_2.200 2.6.2
+ ldap_get_message_ber@OPENLDAP_2.200 2.6.2
+ ldap_get_option@OPENLDAP_2.200 2.6.2
+ ldap_get_values@OPENLDAP_2.200 2.6.2
+ ldap_get_values_len@OPENLDAP_2.200 2.6.2
+ ldap_host_connected_to@OPENLDAP_2.200 2.6.2
+ ldap_init@OPENLDAP_2.200 2.6.2
+ ldap_init_fd@OPENLDAP_2.200 2.6.2
+ ldap_initialize@OPENLDAP_2.200 2.6.2
+ ldap_install_tls@OPENLDAP_2.200 2.6.2
+ ldap_int_bisect_delete@OPENLDAP_2.200 2.6.2
+ ldap_int_bisect_find@OPENLDAP_2.200 2.6.2
+ ldap_int_bisect_insert@OPENLDAP_2.200 2.6.2
+ ldap_int_check_async_open@OPENLDAP_2.200 2.6.2
+ ldap_int_client_controls@OPENLDAP_2.200 2.6.2
+ ldap_int_connect_cbs@OPENLDAP_2.200 2.6.2
+ ldap_int_decode_b64_inplace@OPENLDAP_2.200 2.6.2
+ ldap_int_error_init@OPENLDAP_2.200 2.6.2
+ ldap_int_flush_request@OPENLDAP_2.200 2.6.2
+ ldap_int_global_options@OPENLDAP_2.200 2.6.2
+ ldap_int_hostname@OPENLDAP_2.200 2.6.2
+ ldap_int_hostname_mutex@OPENLDAP_2.200 2.6.2
+ ldap_int_inet4or6@OPENLDAP_2.200 2.6.2
+ ldap_int_initialize@OPENLDAP_2.200 2.6.2
+ ldap_int_initialize_global_options@OPENLDAP_2.200 2.6.2
+ ldap_int_msgtype2str@OPENLDAP_2.200 2.6.2
+ ldap_int_open_connection@OPENLDAP_2.200 2.6.2
+ ldap_int_parse_numericoid@OPENLDAP_2.200 2.6.2
+ ldap_int_parse_ruleid@OPENLDAP_2.200 2.6.2
+ ldap_int_poll@OPENLDAP_2.200 2.6.2
+ ldap_int_put_controls@OPENLDAP_2.200 2.6.2
+ ldap_int_resolv_mutex@OPENLDAP_2.200 2.6.2
+ ldap_int_sasl_bind@OPENLDAP_2.200 2.6.2
+ ldap_int_sasl_close@OPENLDAP_2.200 2.6.2
+ ldap_int_sasl_config@OPENLDAP_2.200 2.6.2
+ ldap_int_sasl_external@OPENLDAP_2.200 2.6.2
+ ldap_int_sasl_get_option@OPENLDAP_2.200 2.6.2
+ ldap_int_sasl_init@OPENLDAP_2.200 2.6.2
+ ldap_int_sasl_open@OPENLDAP_2.200 2.6.2
+ ldap_int_sasl_set_option@OPENLDAP_2.200 2.6.2
+ ldap_int_select@OPENLDAP_2.200 2.6.2
+ ldap_int_stackguard@OPENLDAP_2.200 2.6.2
+ ldap_int_thread_destroy@OPENLDAP_2.200 2.6.2
+ ldap_int_thread_initialize@OPENLDAP_2.200 2.6.2
+ ldap_int_thread_pool_shutdown@OPENLDAP_2.200 2.6.2
+ ldap_int_thread_pool_startup@OPENLDAP_2.200 2.6.2
+ ldap_int_timeval_dup@OPENLDAP_2.200 2.6.2
+ ldap_int_tls_destroy@OPENLDAP_2.200 2.6.2
+ ldap_int_tls_impl@OPENLDAP_2.200 2.6.2
+ ldap_int_tls_start@OPENLDAP_2.200 2.6.2
+ ldap_int_utils_init@OPENLDAP_2.200 2.6.2
+ ldap_is_ldap_url@OPENLDAP_2.200 2.6.2
+ ldap_is_ldapi_url@OPENLDAP_2.200 2.6.2
+ ldap_is_ldaps_url@OPENLDAP_2.200 2.6.2
+ ldap_is_read_ready@OPENLDAP_2.200 2.6.2
+ ldap_is_write_ready@OPENLDAP_2.200 2.6.2
+ ldap_ld_free@OPENLDAP_2.200 2.6.2
+ ldap_ldif_record_done@OPENLDAP_2.200 2.6.2
+ ldap_log_printf@OPENLDAP_2.200 2.6.2
+ ldap_mark_select_clear@OPENLDAP_2.200 2.6.2
+ ldap_mark_select_read@OPENLDAP_2.200 2.6.2
+ ldap_mark_select_write@OPENLDAP_2.200 2.6.2
+ ldap_matchingrule2bv@OPENLDAP_2.200 2.6.2
+ ldap_matchingrule2name@OPENLDAP_2.200 2.6.2
+ ldap_matchingrule2str@OPENLDAP_2.200 2.6.2
+ ldap_matchingrule_free@OPENLDAP_2.200 2.6.2
+ ldap_matchingruleuse2bv@OPENLDAP_2.200 2.6.2
+ ldap_matchingruleuse2name@OPENLDAP_2.200 2.6.2
+ ldap_matchingruleuse2str@OPENLDAP_2.200 2.6.2
+ ldap_matchingruleuse_free@OPENLDAP_2.200 2.6.2
+ ldap_memalloc@OPENLDAP_2.200 2.6.2
+ ldap_memcalloc@OPENLDAP_2.200 2.6.2
+ ldap_memfree@OPENLDAP_2.200 2.6.2
+ ldap_memrealloc@OPENLDAP_2.200 2.6.2
+ ldap_memvfree@OPENLDAP_2.200 2.6.2
+ ldap_modify@OPENLDAP_2.200 2.6.2
+ ldap_modify_ext@OPENLDAP_2.200 2.6.2
+ ldap_modify_ext_s@OPENLDAP_2.200 2.6.2
+ ldap_modify_s@OPENLDAP_2.200 2.6.2
+ ldap_modrdn2@OPENLDAP_2.200 2.6.2
+ ldap_modrdn2_s@OPENLDAP_2.200 2.6.2
+ ldap_modrdn@OPENLDAP_2.200 2.6.2
+ ldap_modrdn_s@OPENLDAP_2.200 2.6.2
+ ldap_mods_free@OPENLDAP_2.200 2.6.2
+ ldap_msgdelete@OPENLDAP_2.200 2.6.2
+ ldap_msgfree@OPENLDAP_2.200 2.6.2
+ ldap_msgid@OPENLDAP_2.200 2.6.2
+ ldap_msgtype@OPENLDAP_2.200 2.6.2
+ ldap_nameform2bv@OPENLDAP_2.200 2.6.2
+ ldap_nameform2name@OPENLDAP_2.200 2.6.2
+ ldap_nameform2str@OPENLDAP_2.200 2.6.2
+ ldap_nameform_free@OPENLDAP_2.200 2.6.2
+ ldap_new_connection@OPENLDAP_2.200 2.6.2
+ ldap_new_select_info@OPENLDAP_2.200 2.6.2
+ ldap_next_attribute@OPENLDAP_2.200 2.6.2
+ ldap_next_entry@OPENLDAP_2.200 2.6.2
+ ldap_next_message@OPENLDAP_2.200 2.6.2
+ ldap_next_reference@OPENLDAP_2.200 2.6.2
+ ldap_objectclass2bv@OPENLDAP_2.200 2.6.2
+ ldap_objectclass2name@OPENLDAP_2.200 2.6.2
+ ldap_objectclass2str@OPENLDAP_2.200 2.6.2
+ ldap_objectclass_free@OPENLDAP_2.200 2.6.2
+ ldap_open@OPENLDAP_2.200 2.6.2
+ ldap_open_defconn@OPENLDAP_2.200 2.6.2
+ ldap_open_internal_connection@OPENLDAP_2.200 2.6.2
+ ldap_parse_accountusability_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_deref_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_derefresponse_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_dirsync_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_entrychange_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_extended_result@OPENLDAP_2.200 2.6.2
+ ldap_parse_intermediate@OPENLDAP_2.200 2.6.2
+ ldap_parse_ldif_record@OPENLDAP_2.200 2.6.2
+ ldap_parse_ldif_record_x@OPENLDAP_2.200 2.6.2
+ ldap_parse_page_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_pageresponse_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_passwd@OPENLDAP_2.200 2.6.2
+ ldap_parse_password_expiring_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_passwordpolicy_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_reference@OPENLDAP_2.200 2.6.2
+ ldap_parse_refresh@OPENLDAP_2.200 2.6.2
+ ldap_parse_result@OPENLDAP_2.200 2.6.2
+ ldap_parse_sasl_bind_result@OPENLDAP_2.200 2.6.2
+ ldap_parse_session_tracking_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_sortresponse_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_verify_credentials@OPENLDAP_2.200 2.6.2
+ ldap_parse_vlvresponse_control@OPENLDAP_2.200 2.6.2
+ ldap_parse_whoami@OPENLDAP_2.200 2.6.2
+ ldap_passwd@OPENLDAP_2.200 2.6.2
+ ldap_passwd_s@OPENLDAP_2.200 2.6.2
+ ldap_passwordpolicy_err2txt@OPENLDAP_2.200 2.6.2
+ ldap_perror@OPENLDAP_2.200 2.6.2
+ ldap_put_vrFilter@OPENLDAP_2.200 2.6.2
+ ldap_pvt_bv2scope@OPENLDAP_2.200 2.6.2
+ ldap_pvt_conf_option@OPENLDAP_2.200 2.6.2
+ ldap_pvt_csnstr@OPENLDAP_2.200 2.6.2
+ ldap_pvt_ctime@OPENLDAP_2.200 2.6.2
+ ldap_pvt_discard@OPENLDAP_2.200 2.6.2
+ ldap_pvt_filter_value_unescape@OPENLDAP_2.200 2.6.2
+ ldap_pvt_find_wildcard@OPENLDAP_2.200 2.6.2
+ ldap_pvt_get_controls@OPENLDAP_2.200 2.6.2
+ ldap_pvt_get_fqdn@OPENLDAP_2.200 2.6.2
+ ldap_pvt_get_hname@OPENLDAP_2.200 2.6.2
+ ldap_pvt_gethostbyaddr_a@OPENLDAP_2.200 2.6.2
+ ldap_pvt_gethostbyname_a@OPENLDAP_2.200 2.6.2
+ ldap_pvt_gettime@OPENLDAP_2.200 2.6.2
+ ldap_pvt_hex_unescape@OPENLDAP_2.200 2.6.2
+ ldap_pvt_put_control@OPENLDAP_2.200 2.6.2
+ ldap_pvt_put_filter@OPENLDAP_2.200 2.6.2
+ ldap_pvt_runqueue_find@OPENLDAP_2.200 2.6.2
+ ldap_pvt_runqueue_insert@OPENLDAP_2.200 2.6.2
+ ldap_pvt_runqueue_isrunning@OPENLDAP_2.200 2.6.2
+ ldap_pvt_runqueue_next_sched@OPENLDAP_2.200 2.6.2
+ ldap_pvt_runqueue_persistent_backload@OPENLDAP_2.200 2.6.2
+ ldap_pvt_runqueue_remove@OPENLDAP_2.200 2.6.2
+ ldap_pvt_runqueue_resched@OPENLDAP_2.200 2.6.2
+ ldap_pvt_runqueue_runtask@OPENLDAP_2.200 2.6.2
+ ldap_pvt_runqueue_stoptask@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_cbinding@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_cbinding_parse@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_generic_install@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_generic_remove@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_getmechs@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_install@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_mutex_dispose@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_mutex_lock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_mutex_new@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_mutex_unlock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_remove@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_secprops@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sasl_secprops_unparse@OPENLDAP_2.200 2.6.2
+ ldap_pvt_scope2bv@OPENLDAP_2.200 2.6.2
+ ldap_pvt_scope2str@OPENLDAP_2.200 2.6.2
+ ldap_pvt_search@OPENLDAP_2.200 2.6.2
+ ldap_pvt_search_s@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sockaddrstr@OPENLDAP_2.200 2.6.2
+ ldap_pvt_sockbuf_io_sasl_generic@OPENLDAP_2.200 2.6.2
+ ldap_pvt_str2lower@OPENLDAP_2.200 2.6.2
+ ldap_pvt_str2lowerbv@OPENLDAP_2.200 2.6.2
+ ldap_pvt_str2scope@OPENLDAP_2.200 2.6.2
+ ldap_pvt_str2upper@OPENLDAP_2.200 2.6.2
+ ldap_pvt_str2upperbv@OPENLDAP_2.200 2.6.2
+ ldap_pvt_strtok@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_cond_broadcast@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_cond_destroy@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_cond_init@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_cond_signal@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_cond_wait@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_create@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_destroy@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_exit@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_get_concurrency@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_initialize@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_join@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_key_create@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_key_destroy@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_key_getdata@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_key_setdata@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_kill@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_mutex_destroy@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_mutex_init@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_mutex_lock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_mutex_recursive_init@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_mutex_trylock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_mutex_unlock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_backload@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_close@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_context@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_context_reset@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_destroy@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_free@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_getkey@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_idle@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_init@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_init_q@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_maxthreads@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_pause@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_pausecheck_native@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_pausequery@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_pausewait@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_pausing@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_purgekey@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_query@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_queues@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_resume@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_retract@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_setkey@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_submit2@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_submit@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_tid@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_unidle@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_pool_walk@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_rdwr_destroy@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_rdwr_init@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_rdwr_rlock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_rdwr_rtrylock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_rdwr_runlock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_rdwr_wlock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_rdwr_wtrylock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_rdwr_wunlock@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_self@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_set_concurrency@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_sleep@OPENLDAP_2.200 2.6.2
+ ldap_pvt_thread_yield@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_accept@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_check_hostname@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_config@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_connect@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_ctx_free@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_destroy@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_get_cipher@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_get_endpoint@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_get_my_dn@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_get_option@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_get_peer_dn@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_get_peercert@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_get_strength@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_get_unique@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_get_version@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_init@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_init_def_ctx@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_inplace@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_sb_ctx@OPENLDAP_2.200 2.6.2
+ ldap_pvt_tls_set_option@OPENLDAP_2.200 2.6.2
+ ldap_pvt_url_scheme2proto@OPENLDAP_2.200 2.6.2
+ ldap_pvt_url_scheme2proxied@OPENLDAP_2.200 2.6.2
+ ldap_pvt_url_scheme2tls@OPENLDAP_2.200 2.6.2
+ ldap_pvt_url_scheme_port@OPENLDAP_2.200 2.6.2
+ ldap_rdn2bv@OPENLDAP_2.200 2.6.2
+ ldap_rdn2bv_x@OPENLDAP_2.200 2.6.2
+ ldap_rdn2str@OPENLDAP_2.200 2.6.2
+ ldap_rdnfree@OPENLDAP_2.200 2.6.2
+ ldap_rdnfree_x@OPENLDAP_2.200 2.6.2
+ ldap_refresh@OPENLDAP_2.200 2.6.2
+ ldap_refresh_s@OPENLDAP_2.200 2.6.2
+ ldap_rename2@OPENLDAP_2.200 2.6.2
+ ldap_rename2_s@OPENLDAP_2.200 2.6.2
+ ldap_rename@OPENLDAP_2.200 2.6.2
+ ldap_rename_s@OPENLDAP_2.200 2.6.2
+ ldap_req_cmp@OPENLDAP_2.200 2.6.2
+ ldap_result2error@OPENLDAP_2.200 2.6.2
+ ldap_result@OPENLDAP_2.200 2.6.2
+ ldap_return_request@OPENLDAP_2.200 2.6.2
+ ldap_sasl_bind@OPENLDAP_2.200 2.6.2
+ ldap_sasl_bind_s@OPENLDAP_2.200 2.6.2
+ ldap_sasl_interactive_bind@OPENLDAP_2.200 2.6.2
+ ldap_sasl_interactive_bind_s@OPENLDAP_2.200 2.6.2
+ ldap_scherr2str@OPENLDAP_2.200 2.6.2
+ ldap_search@OPENLDAP_2.200 2.6.2
+ ldap_search_ext@OPENLDAP_2.200 2.6.2
+ ldap_search_ext_s@OPENLDAP_2.200 2.6.2
+ ldap_search_s@OPENLDAP_2.200 2.6.2
+ ldap_search_st@OPENLDAP_2.200 2.6.2
+ ldap_send_initial_request@OPENLDAP_2.200 2.6.2
+ ldap_send_server_request@OPENLDAP_2.200 2.6.2
+ ldap_send_unbind@OPENLDAP_2.200 2.6.2
+ ldap_set_ber_options@OPENLDAP_2.200 2.6.2
+ ldap_set_nextref_proc@OPENLDAP_2.200 2.6.2
+ ldap_set_option@OPENLDAP_2.200 2.6.2
+ ldap_set_rebind_proc@OPENLDAP_2.200 2.6.2
+ ldap_set_urllist_proc@OPENLDAP_2.200 2.6.2
+ ldap_simple_bind@OPENLDAP_2.200 2.6.2
+ ldap_simple_bind_s@OPENLDAP_2.200 2.6.2
+ ldap_sort_entries@OPENLDAP_2.200 2.6.2
+ ldap_sort_strcasecmp@OPENLDAP_2.200 2.6.2
+ ldap_sort_values@OPENLDAP_2.200 2.6.2
+ ldap_start_tls@OPENLDAP_2.200 2.6.2
+ ldap_start_tls_s@OPENLDAP_2.200 2.6.2
+ ldap_str2attributetype@OPENLDAP_2.200 2.6.2
+ ldap_str2charray@OPENLDAP_2.200 2.6.2
+ ldap_str2contentrule@OPENLDAP_2.200 2.6.2
+ ldap_str2dn@OPENLDAP_2.200 2.6.2
+ ldap_str2matchingrule@OPENLDAP_2.200 2.6.2
+ ldap_str2matchingruleuse@OPENLDAP_2.200 2.6.2
+ ldap_str2nameform@OPENLDAP_2.200 2.6.2
+ ldap_str2objectclass@OPENLDAP_2.200 2.6.2
+ ldap_str2rdn@OPENLDAP_2.200 2.6.2
+ ldap_str2structurerule@OPENLDAP_2.200 2.6.2
+ ldap_str2syntax@OPENLDAP_2.200 2.6.2
+ ldap_strdup@OPENLDAP_2.200 2.6.2
+ ldap_structurerule2bv@OPENLDAP_2.200 2.6.2
+ ldap_structurerule2name@OPENLDAP_2.200 2.6.2
+ ldap_structurerule2str@OPENLDAP_2.200 2.6.2
+ ldap_structurerule_free@OPENLDAP_2.200 2.6.2
+ ldap_sync_destroy@OPENLDAP_2.200 2.6.2
+ ldap_sync_init@OPENLDAP_2.200 2.6.2
+ ldap_sync_init_refresh_and_persist@OPENLDAP_2.200 2.6.2
+ ldap_sync_init_refresh_only@OPENLDAP_2.200 2.6.2
+ ldap_sync_initialize@OPENLDAP_2.200 2.6.2
+ ldap_sync_poll@OPENLDAP_2.200 2.6.2
+ ldap_syntax2bv@OPENLDAP_2.200 2.6.2
+ ldap_syntax2name@OPENLDAP_2.200 2.6.2
+ ldap_syntax2str@OPENLDAP_2.200 2.6.2
+ ldap_syntax_free@OPENLDAP_2.200 2.6.2
+ ldap_tavl_delete@OPENLDAP_2.200 2.6.2
+ ldap_tavl_end@OPENLDAP_2.200 2.6.2
+ ldap_tavl_find2@OPENLDAP_2.200 2.6.2
+ ldap_tavl_find3@OPENLDAP_2.200 2.6.2
+ ldap_tavl_find@OPENLDAP_2.200 2.6.2
+ ldap_tavl_free@OPENLDAP_2.200 2.6.2
+ ldap_tavl_insert@OPENLDAP_2.200 2.6.2
+ ldap_tavl_next@OPENLDAP_2.200 2.6.2
+ ldap_tls_inplace@OPENLDAP_2.200 2.6.2
+ ldap_turn@OPENLDAP_2.200 2.6.2
+ ldap_turn_s@OPENLDAP_2.200 2.6.2
+ ldap_txn_end@OPENLDAP_2.200 2.6.2
+ ldap_txn_end_s@OPENLDAP_2.200 2.6.2
+ ldap_txn_start@OPENLDAP_2.200 2.6.2
+ ldap_txn_start_s@OPENLDAP_2.200 2.6.2
+ ldap_ucs_to_utf8s@OPENLDAP_2.200 2.6.2
+ ldap_unbind@OPENLDAP_2.200 2.6.2
+ ldap_unbind_ext@OPENLDAP_2.200 2.6.2
+ ldap_unbind_ext_s@OPENLDAP_2.200 2.6.2
+ ldap_unbind_s@OPENLDAP_2.200 2.6.2
+ ldap_url_desc2str@OPENLDAP_2.200 2.6.2
+ ldap_url_dup@OPENLDAP_2.200 2.6.2
+ ldap_url_duplist@OPENLDAP_2.200 2.6.2
+ ldap_url_list2hosts@OPENLDAP_2.200 2.6.2
+ ldap_url_list2urls@OPENLDAP_2.200 2.6.2
+ ldap_url_parse@OPENLDAP_2.200 2.6.2
+ ldap_url_parse_ext@OPENLDAP_2.200 2.6.2
+ ldap_url_parsehosts@OPENLDAP_2.200 2.6.2
+ ldap_url_parselist@OPENLDAP_2.200 2.6.2
+ ldap_url_parselist_ext@OPENLDAP_2.200 2.6.2
+ ldap_utf8_bytes@OPENLDAP_2.200 2.6.2
+ ldap_utf8_charlen2@OPENLDAP_2.200 2.6.2
+ ldap_utf8_charlen@OPENLDAP_2.200 2.6.2
+ ldap_utf8_chars@OPENLDAP_2.200 2.6.2
+ ldap_utf8_copy@OPENLDAP_2.200 2.6.2
+ ldap_utf8_isalnum@OPENLDAP_2.200 2.6.2
+ ldap_utf8_isalpha@OPENLDAP_2.200 2.6.2
+ ldap_utf8_isascii@OPENLDAP_2.200 2.6.2
+ ldap_utf8_isdigit@OPENLDAP_2.200 2.6.2
+ ldap_utf8_islower@OPENLDAP_2.200 2.6.2
+ ldap_utf8_isspace@OPENLDAP_2.200 2.6.2
+ ldap_utf8_isupper@OPENLDAP_2.200 2.6.2
+ ldap_utf8_isxdigit@OPENLDAP_2.200 2.6.2
+ ldap_utf8_lentab@OPENLDAP_2.200 2.6.2
+ ldap_utf8_mintab@OPENLDAP_2.200 2.6.2
+ ldap_utf8_next@OPENLDAP_2.200 2.6.2
+ ldap_utf8_offset@OPENLDAP_2.200 2.6.2
+ ldap_utf8_prev@OPENLDAP_2.200 2.6.2
+ ldap_utf8_strchr@OPENLDAP_2.200 2.6.2
+ ldap_utf8_strcspn@OPENLDAP_2.200 2.6.2
+ ldap_utf8_strpbrk@OPENLDAP_2.200 2.6.2
+ ldap_utf8_strspn@OPENLDAP_2.200 2.6.2
+ ldap_utf8_strtok@OPENLDAP_2.200 2.6.2
+ ldap_validate_and_fill_sourceip@OPENLDAP_2.200 2.6.2
+ ldap_value_dup@OPENLDAP_2.200 2.6.2
+ ldap_value_free@OPENLDAP_2.200 2.6.2
+ ldap_value_free_len@OPENLDAP_2.200 2.6.2
+ ldap_verify_credentials@OPENLDAP_2.200 2.6.2
+ ldap_verify_credentials_s@OPENLDAP_2.200 2.6.2
+ ldap_whoami@OPENLDAP_2.200 2.6.2
+ ldap_whoami_s@OPENLDAP_2.200 2.6.2
+ ldap_x_mb_to_utf8@OPENLDAP_2.200 2.6.2
+ ldap_x_mbs_to_utf8s@OPENLDAP_2.200 2.6.2
+ ldap_x_ucs4_to_utf8@OPENLDAP_2.200 2.6.2
+ ldap_x_utf8_to_mb@OPENLDAP_2.200 2.6.2
+ ldap_x_utf8_to_ucs4@OPENLDAP_2.200 2.6.2
+ ldap_x_utf8_to_wc@OPENLDAP_2.200 2.6.2
+ ldap_x_utf8s_to_mbs@OPENLDAP_2.200 2.6.2
+ ldap_x_utf8s_to_wcs@OPENLDAP_2.200 2.6.2
+ ldap_x_wc_to_utf8@OPENLDAP_2.200 2.6.2
+ ldap_x_wcs_to_utf8s@OPENLDAP_2.200 2.6.2
+ ldif_close@OPENLDAP_2.200 2.6.2
+ ldif_countlines@OPENLDAP_2.200 2.6.2
+ ldif_debug@OPENLDAP_2.200 2.6.2
+ ldif_fetch_url@OPENLDAP_2.200 2.6.2
+ ldif_getline@OPENLDAP_2.200 2.6.2
+ ldif_is_not_printable@OPENLDAP_2.200 2.6.2
+ ldif_must_b64_encode_register@OPENLDAP_2.200 2.6.2
+ ldif_must_b64_encode_release@OPENLDAP_2.200 2.6.2
+ ldif_open@OPENLDAP_2.200 2.6.2
+ ldif_open_mem@OPENLDAP_2.200 2.6.2
+ ldif_open_url@OPENLDAP_2.200 2.6.2
+ ldif_parse_line2@OPENLDAP_2.200 2.6.2
+ ldif_parse_line@OPENLDAP_2.200 2.6.2
+ ldif_put@OPENLDAP_2.200 2.6.2
+ ldif_put_wrap@OPENLDAP_2.200 2.6.2
+ ldif_read_record@OPENLDAP_2.200 2.6.2
+ ldif_sput@OPENLDAP_2.200 2.6.2
+ ldif_sput_wrap@OPENLDAP_2.200 2.6.2
diff --git a/debian/not-installed b/debian/not-installed
new file mode 100644
index 0000000..db92896
--- /dev/null
+++ b/debian/not-installed
@@ -0,0 +1,40 @@
+# we have our own default config files in debian/
+etc/ldap/ldap.conf.default
+etc/ldap/slapd.conf
+etc/ldap/slapd.conf.default
+etc/ldap/slapd.ldif
+etc/ldap/slapd.ldif.default
+
+# libtool archives are not installed for public libraries
+usr/lib/*/*.la
+
+# static libslapi is not installed
+usr/lib/*/libslapi.a
+
+# static builds of slapd modules are not installed
+usr/lib/ldap/*.a
+
+# these are handled specially in debian/rules
+usr/sbin/slapacl
+usr/sbin/slapadd
+usr/sbin/slapauth
+usr/sbin/slapcat
+usr/sbin/slapdn
+usr/sbin/slapindex
+usr/sbin/slapmodify
+usr/sbin/slappasswd
+usr/sbin/slapschema
+usr/sbin/slaptest
+
+# lloadd is not packaged yet
+usr/share/man/man5/lloadd.conf.5
+usr/share/man/man8/lloadd.8
+
+# man pages for modules we don't build
+usr/share/man/man5/slapd-wt.5
+usr/share/man/man5/slapo-autoca.5
+usr/share/man/man5/slapd-pw-radius.5
+
+# supports vc overlay (contrib, not packaged)
+usr/bin/ldapvc
+usr/share/man/man1/ldapvc.1
diff --git a/debian/patches/add-tlscacert-option-to-ldap-conf b/debian/patches/add-tlscacert-option-to-ldap-conf
new file mode 100644
index 0000000..7512dc1
--- /dev/null
+++ b/debian/patches/add-tlscacert-option-to-ldap-conf
@@ -0,0 +1,12 @@
+Index: openldap/libraries/libldap/ldap.conf
+===================================================================
+--- openldap.orig/libraries/libldap/ldap.conf 2022-05-20 17:36:15.013248293 -0400
++++ openldap/libraries/libldap/ldap.conf 2022-05-20 17:36:15.013248293 -0400
+@@ -11,3 +11,7 @@
+ #SIZELIMIT 12
+ #TIMELIMIT 15
+ #DEREF never
++
++# TLS certificates (needed for GnuTLS)
++TLS_CACERT /etc/ssl/certs/ca-certificates.crt
++
diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles
new file mode 100644
index 0000000..b2c8f99
--- /dev/null
+++ b/debian/patches/contrib-makefiles
@@ -0,0 +1,54 @@
+Index: openldap/contrib/slapd-modules/passwd/Makefile
+===================================================================
+--- openldap.orig/contrib/slapd-modules/passwd/Makefile 2024-02-01 16:22:33.496188990 -0500
++++ openldap/contrib/slapd-modules/passwd/Makefile 2024-02-01 16:22:33.496188990 -0500
+@@ -20,7 +20,7 @@
+ LIBS = $($(PLAT)_LIB) $(LDAP_LIB)
+ LD_FLAGS = $(LDFLAGS) $($(PLAT)_LDFLAGS) -rpath $(moduledir) -module
+
+-PROGRAMS = pw-kerberos.la pw-netscape.la pw-radius.la pw-apr1.la
++PROGRAMS = pw-netscape.la pw-apr1.la
+ MANPAGES = slapd-pw-radius.5
+ LTVER = 0:0:0
+
+Index: openldap/contrib/slapd-modules/passwd/pbkdf2/Makefile
+===================================================================
+--- openldap.orig/contrib/slapd-modules/passwd/pbkdf2/Makefile 2024-02-01 16:22:33.496188990 -0500
++++ openldap/contrib/slapd-modules/passwd/pbkdf2/Makefile 2024-02-01 16:22:33.496188990 -0500
+@@ -18,7 +18,7 @@
+ #DEFS = -DSLAPD_PBKDF2_DEBUG
+
+ SSL_INC =
+-SSL_LIB = -lcrypto
++SSL_LIB = -lnettle
+
+ INCS = $(LDAP_INC) $(SSL_INC)
+ LIBS = $($(PLAT)_LIB) $(LDAP_LIB) $(SSL_LIB)
+Index: openldap/contrib/slapd-modules/smbk5pwd/Makefile
+===================================================================
+--- openldap.orig/contrib/slapd-modules/smbk5pwd/Makefile 2024-02-01 16:22:33.496188990 -0500
++++ openldap/contrib/slapd-modules/smbk5pwd/Makefile 2024-02-01 16:23:34.552414593 -0500
+@@ -19,10 +19,10 @@
+ $(LDAP_BUILD)/libraries/liblber/liblber.la
+
+ SSL_INC =
+-SSL_LIB = -lcrypto
++SSL_LIB = -lnettle
+
+-HEIMDAL_INC = -I/usr/heimdal/include
+-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
++HEIMDAL_INC = $(shell krb5-config.heimdal --cflags krb5 kadm-server)
++HEIMDAL_LIB = $(shell krb5-config.heimdal --libs krb5 kadm-server)
+
+ PLAT = UNIX
+ NT_LIB = -L$(LDAP_BUILD)/servers/slapd -lslapd
+@@ -36,7 +36,8 @@
+ # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
+ DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW
+ INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+-LIBS = $($(PLAT)_LIB) $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
++# put /usr/lib/heimdal before /usr/lib in case libkrb5-dev is installed, #745356
++LIBS = $($(PLAT)_LIB) $(HEIMDAL_LIB) $(LDAP_LIB) $(SSL_LIB)
+ LD_FLAGS = $(LDFLAGS) $($(PLAT)_LDFLAGS) -rpath $(moduledir) -module
+
+ PROGRAMS = smbk5pwd.la
diff --git a/debian/patches/debian-version b/debian/patches/debian-version
new file mode 100644
index 0000000..0529c3e
--- /dev/null
+++ b/debian/patches/debian-version
@@ -0,0 +1,16 @@
+Description: Replace upstream version with Debian version in version strings
+Forwarded: not-needed
+Author: Ryan Tandy <ryan@nardis.ca>
+Index: openldap/build/version.sh
+===================================================================
+--- openldap.orig/build/version.sh 2022-05-20 17:35:48.989227363 -0400
++++ openldap/build/version.sh 2022-05-20 17:35:48.989227363 -0400
+@@ -36,7 +36,7 @@
+ echo OL_PATCH=$ol_patch
+ echo OL_API_INC=$ol_api_inc
+ echo OL_API_LIB_VERSION=$ol_api_lib_version
+-echo OL_VERSION=$ol_version
++echo OL_VERSION=\"${DEB_VERSION:-$ol_version}\"
+ echo OL_TYPE=$ol_type
+ echo OL_STRING=\"${ol_string}\"
+ echo OL_RELEASE_DATE=\"${ol_release_date}\"
diff --git a/debian/patches/do-not-second-guess-sonames b/debian/patches/do-not-second-guess-sonames
new file mode 100644
index 0000000..a5fb328
--- /dev/null
+++ b/debian/patches/do-not-second-guess-sonames
@@ -0,0 +1,73 @@
+Rip out code that second-guesses the libsasl soname / Debian shlibs. If
+cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream
+there, not kludged around upstream here!
+
+Debian bug #546885
+
+Upstream ITS #6302 filed.
+
+Index: openldap/libraries/libldap/cyrus.c
+===================================================================
+--- openldap.orig/libraries/libldap/cyrus.c 2022-05-20 17:36:13.661247231 -0400
++++ openldap/libraries/libldap/cyrus.c 2022-05-20 17:36:13.661247231 -0400
+@@ -74,29 +74,6 @@
+ */
+ int ldap_int_sasl_init( void )
+ {
+-#ifdef HAVE_SASL_VERSION
+- /* stringify the version number, sasl.h doesn't do it for us */
+-#define VSTR0(maj, min, pat) #maj "." #min "." #pat
+-#define VSTR(maj, min, pat) VSTR0(maj, min, pat)
+-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \
+- SASL_VERSION_STEP)
+- { int rc;
+- sasl_version( NULL, &rc );
+- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) ||
+- (rc & 0xffff) < SASL_VERSION_STEP) {
+- char version[sizeof("xxx.xxx.xxxxx")];
+- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff,
+- rc & 0xffff );
+-
+- Debug1( LDAP_DEBUG_ANY,
+- "ldap_int_sasl_init: SASL library version mismatch:"
+- " expected " SASL_VERSION_STRING ","
+- " got %s\n", version );
+- return -1;
+- }
+- }
+-#endif
+-
+ /* SASL 2 takes care of its own memory completely internally */
+ #if SASL_VERSION_MAJOR < 2 && !defined(CSRIMALLOC)
+ sasl_set_alloc(
+Index: openldap/servers/slapd/sasl.c
+===================================================================
+--- openldap.orig/servers/slapd/sasl.c 2022-05-20 17:36:13.661247231 -0400
++++ openldap/servers/slapd/sasl.c 2022-05-20 17:36:13.661247231 -0400
+@@ -1271,26 +1271,6 @@
+ rewrite_mapper_register( &slapd_mapper );
+
+ #ifdef HAVE_CYRUS_SASL
+-#ifdef HAVE_SASL_VERSION
+- /* stringify the version number, sasl.h doesn't do it for us */
+-#define VSTR0(maj, min, pat) #maj "." #min "." #pat
+-#define VSTR(maj, min, pat) VSTR0(maj, min, pat)
+-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \
+- SASL_VERSION_STEP)
+-
+- sasl_version( NULL, &rc );
+- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) ||
+- (rc & 0xffff) < SASL_VERSION_STEP)
+- {
+- char version[sizeof("xxx.xxx.xxxxx")];
+- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff,
+- rc & 0xffff );
+- Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version mismatch:"
+- " expected %s, got %s\n",
+- SASL_VERSION_STRING, version );
+- return -1;
+- }
+-#endif
+
+ sasl_set_mutex(
+ ldap_pvt_sasl_mutex_new,
diff --git a/debian/patches/fix-build-top-mk b/debian/patches/fix-build-top-mk
new file mode 100644
index 0000000..5cb469d
--- /dev/null
+++ b/debian/patches/fix-build-top-mk
@@ -0,0 +1,13 @@
+Index: openldap/build/top.mk
+===================================================================
+--- openldap.orig/build/top.mk 2022-05-20 17:36:15.513248684 -0400
++++ openldap/build/top.mk 2022-05-20 17:36:15.509248681 -0400
+@@ -20,7 +20,7 @@
+ RELEASEDATE= @OPENLDAP_RELEASE_DATE@
+
+ @SET_MAKE@
+-SHELL = /bin/sh
++SHELL = @SHELL@
+
+ top_builddir = @top_builddir@
+
diff --git a/debian/patches/getaddrinfo-is-threadsafe b/debian/patches/getaddrinfo-is-threadsafe
new file mode 100644
index 0000000..b79bcbf
--- /dev/null
+++ b/debian/patches/getaddrinfo-is-threadsafe
@@ -0,0 +1,47 @@
+Author: Steve Langasek <vorlon@debian.org>
+
+OpenLDAP upstream conservatively assumes that certain resolver functions
+(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we
+know that the glibc implementations of these functions are thread-safe, so
+we should bypass the use of this mutex. This fixes a locking problem when
+an application uses libldap and libnss-ldap is also used for hosts
+resolution.
+
+Closes Debian bug #340601.
+
+Not suitable for forwarding upstream; might be made suitable by adding a
+configure-time check for glibc and disabling the mutex only on known
+thread-safe implementations.
+
+Index: openldap/libraries/libldap/os-ip.c
+===================================================================
+--- openldap.orig/libraries/libldap/os-ip.c 2022-05-20 17:36:12.989246703 -0400
++++ openldap/libraries/libldap/os-ip.c 2022-05-20 17:36:12.989246703 -0400
+@@ -645,13 +645,7 @@
+ hints.ai_socktype = socktype;
+ snprintf(serv, sizeof serv, "%d", port );
+
+- /* most getaddrinfo(3) use non-threadsafe resolver libraries */
+- LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex);
+-
+ err = getaddrinfo( host, serv, &hints, &res );
+-
+- LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex);
+-
+ if ( err != 0 ) {
+ Debug1(LDAP_DEBUG_TRACE,
+ "ldap_connect_to_host: getaddrinfo failed: %s\n",
+Index: openldap/libraries/libldap/util-int.c
+===================================================================
+--- openldap.orig/libraries/libldap/util-int.c 2022-05-20 17:36:12.989246703 -0400
++++ openldap/libraries/libldap/util-int.c 2022-05-20 17:36:12.989246703 -0400
+@@ -559,9 +559,7 @@
+ int rc;
+ #if defined( HAVE_GETNAMEINFO )
+
+- LDAP_MUTEX_LOCK( &ldap_int_resolv_mutex );
+ rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 );
+- LDAP_MUTEX_UNLOCK( &ldap_int_resolv_mutex );
+ if ( rc ) *err = (char *)AC_GAI_STRERROR( rc );
+ return rc;
+
diff --git a/debian/patches/index-files-created-as-root b/debian/patches/index-files-created-as-root
new file mode 100644
index 0000000..432113c
--- /dev/null
+++ b/debian/patches/index-files-created-as-root
@@ -0,0 +1,41 @@
+Document in the man page that slapindex should be run as the same user
+as slapd, and print a warning if it's run as root (since Debian defaults
+to running slapd as openldap).
+
+Not suitable for upstream in this form. This patch needs to be reworked
+to check the BerkeleyDB database ownership and only warn if running as
+root with a database that's not owned by root.
+
+Upstream ITS #5356 filed requesting better handling of this. Current
+upstream discussion leans towards putting the check into the database
+backend and aborting if slapd is run as a different user than the database
+owner, which is an even better fix.
+
+Index: openldap/doc/man/man8/slapindex.8
+===================================================================
+--- openldap.orig/doc/man/man8/slapindex.8 2022-05-20 17:36:11.609245615 -0400
++++ openldap/doc/man/man8/slapindex.8 2022-05-20 17:36:11.605245612 -0400
+@@ -148,6 +148,10 @@
+ should not be running (at least, not in read-write
+ mode) when you do this to ensure consistency of the database.
+ .LP
++slapindex ought to be run as the user specified for
++.BR slapd (8)
++to ensure correct database permissions.
++.LP
+ This command provides ample opportunity for the user to obtain
+ and drink their favorite beverage.
+ .SH EXAMPLES
+Index: openldap/servers/slapd/slapindex.c
+===================================================================
+--- openldap.orig/servers/slapd/slapindex.c 2022-05-20 17:36:11.609245615 -0400
++++ openldap/servers/slapd/slapindex.c 2022-05-20 17:36:11.605245612 -0400
+@@ -34,6 +34,8 @@
+ int
+ slapindex( int argc, char **argv )
+ {
++ if (geteuid() == 0)
++ fprintf( stderr, "\nWARNING!\nRunning as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n");
+ ID id;
+ int rc = EXIT_SUCCESS;
+ const char *progname = "slapindex";
diff --git a/debian/patches/ldap-conf-tls-cacertdir b/debian/patches/ldap-conf-tls-cacertdir
new file mode 100644
index 0000000..2b83e56
--- /dev/null
+++ b/debian/patches/ldap-conf-tls-cacertdir
@@ -0,0 +1,29 @@
+Index: openldap/doc/man/man5/ldap.conf.5
+===================================================================
+--- openldap.orig/doc/man/man5/ldap.conf.5 2022-05-20 17:36:14.589247961 -0400
++++ openldap/doc/man/man5/ldap.conf.5 2022-05-20 17:36:14.589247961 -0400
+@@ -408,13 +408,13 @@
+ Specifying a minimum that is higher than that supported by the
+ OpenLDAP implementation will result in it requiring the
+ highest level that it does support.
+-This parameter is ignored with GnuTLS.
++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS.
+ .TP
+ .B TLS_RANDFILE <filename>
+ Specifies the file to obtain random bits from when /dev/[u]random is
+ not available. Generally set to the name of the EGD/PRNGD socket.
+ The environment variable RANDFILE can also be used to specify the filename.
+-This parameter is ignored with GnuTLS.
++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS.
+ .TP
+ .B TLS_REQCERT <level>
+ Specifies what checks to perform on server certificates in a TLS session.
+@@ -476,7 +476,7 @@
+ used to verify if the server certificates have not been revoked. This
+ requires
+ .B TLS_CACERTDIR
+-parameter to be set. This parameter is ignored with GnuTLS.
++parameter to be set. This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS.
+ .B <level>
+ can be specified as one of the following keywords:
+ .RS
diff --git a/debian/patches/ldapi-socket-place b/debian/patches/ldapi-socket-place
new file mode 100644
index 0000000..1a52eca
--- /dev/null
+++ b/debian/patches/ldapi-socket-place
@@ -0,0 +1,18 @@
+Move the ldapi socket to /var/run/slapd from /var/run, since /var/run
+is only writable by root and slapd runs as openldap.
+
+Debian-specific.
+
+Index: openldap/include/ldap_defaults.h
+===================================================================
+--- openldap.orig/include/ldap_defaults.h 2022-05-20 17:36:09.977244324 -0400
++++ openldap/include/ldap_defaults.h 2022-05-20 17:36:09.973244321 -0400
+@@ -40,7 +40,7 @@
+
+ /* default ldapi:// socket */
+ #ifndef LDAPI_SOCK
+-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi"
++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "slapd" LDAP_DIRSEP "ldapi"
+ #endif
+
+ /*
diff --git a/debian/patches/man-slapd b/debian/patches/man-slapd
new file mode 100644
index 0000000..aec9515
--- /dev/null
+++ b/debian/patches/man-slapd
@@ -0,0 +1,62 @@
+Patch the slapd man page to not refer to a header file that isn't
+installed with the slapd package and to reference the correct path
+for slapd.
+
+Debian-specific.
+
+Index: openldap/doc/man/man8/slapd.8
+===================================================================
+--- openldap.orig/doc/man/man8/slapd.8 2022-05-20 17:36:07.977242738 -0400
++++ openldap/doc/man/man8/slapd.8 2022-05-20 17:36:07.973242735 -0400
+@@ -5,7 +5,7 @@
+ .SH NAME
+ slapd \- Stand-alone LDAP Daemon
+ .SH SYNOPSIS
+-.B LIBEXECDIR/slapd
++.B /usr/sbin/slapd
+ [\c
+ .BR \-V [ V [ V ]]
+ [\c
+@@ -110,11 +110,10 @@
+ will not fork or disassociate from the invoking terminal. Some general
+ operation and status messages are printed for any value of \fIdebug-level\fP.
+ \fIdebug-level\fP is taken as a bit string, with each bit corresponding to a
+-different kind of debugging information. See <ldap_log.h> for details.
+-Comma-separated arrays of friendly names can be specified to select
+-debugging output of the corresponding debugging information.
+-All the names recognized by the \fIloglevel\fP directive
+-described in \fBslapd.conf\fP(5) are supported.
++different kind of debugging information. Comma-separated arrays of friendly
++names can be specified to select debugging output of the corresponding
++debugging information. All the names recognized by the \fIloglevel\fP
++directive described in \fBslapd.conf\fP(5) are supported.
+ If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed,
+ and slapd exits.
+
+@@ -332,7 +331,7 @@
+ .LP
+ .nf
+ .ft tt
+- LIBEXECDIR/slapd
++ /usr/sbin/slapd
+ .ft
+ .fi
+ .LP
+@@ -343,7 +342,7 @@
+ .LP
+ .nf
+ .ft tt
+- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
++ /usr/sbin/slapd \-f /var/tmp/slapd.conf \-d 255
+ .ft
+ .fi
+ .LP
+@@ -351,7 +350,7 @@
+ .LP
+ .nf
+ .ft tt
+- LIBEXECDIR/slapd \-Tt
++ /usr/sbin/slapd \-Tt
+ .ft
+ .fi
+ .LP
diff --git a/debian/patches/sasl-default-path b/debian/patches/sasl-default-path
new file mode 100644
index 0000000..aced4e5
--- /dev/null
+++ b/debian/patches/sasl-default-path
@@ -0,0 +1,59 @@
+Add /etc/ldap/sasl2 to the SASL configuration search path.
+
+Not submitted upstream. Somewhat Debian-specific and probably not of
+interest upstream.
+
+Index: openldap/include/ldap_defaults.h
+===================================================================
+--- openldap.orig/include/ldap_defaults.h 2022-05-20 17:36:12.337246188 -0400
++++ openldap/include/ldap_defaults.h 2022-05-20 17:36:12.333246185 -0400
+@@ -75,4 +75,6 @@
+ */
+ #define LLOADD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "lloadd.conf"
+
++#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP "sasl2"
++
+ #endif /* _LDAP_CONFIG_H */
+Index: openldap/servers/slapd/sasl.c
+===================================================================
+--- openldap.orig/servers/slapd/sasl.c 2022-05-20 17:36:12.337246188 -0400
++++ openldap/servers/slapd/sasl.c 2022-05-20 17:36:12.333246185 -0400
+@@ -1231,12 +1231,38 @@
+ slapd_rw_destroy
+ };
+
++static int
++slap_sasl_getconfpath( void * context, char ** path )
++{
++ char * sasl_default_configpath;
++ size_t len;
++
++#if SASL_VERSION_MAJOR >= 2
++ sasl_default_configpath = "/usr/lib/sasl2";
++#else
++ sasl_default_configpath = "/usr/lib/sasl";
++#endif
++
++ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ +
++ strlen(sasl_default_configpath) + 1 /* \0 */;
++ *path = malloc( len );
++ if ( *path == NULL )
++ return SASL_FAIL;
++
++ if (snprintf( *path, len, "%s:%s", SASL_CONFIGPATH,
++ sasl_default_configpath ) != len-1 )
++ return SASL_FAIL;
++
++ return SASL_OK;
++}
++
+ int slap_sasl_init( void )
+ {
+ #ifdef HAVE_CYRUS_SASL
+ int rc;
+ static sasl_callback_t server_callbacks[] = {
+ { SASL_CB_LOG, (slap_sasl_cb_ft)&slap_sasl_log, NULL },
++ { SASL_CB_GETCONFPATH, (slap_sasl_cb_ft)&slap_sasl_getconfpath, NULL },
+ { SASL_CB_GETOPT, (slap_sasl_cb_ft)&slap_sasl_getopt, NULL },
+ { SASL_CB_LIST_END, NULL, NULL }
+ };
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..a8d57cb
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,15 @@
+debian-version
+man-slapd
+slapi-errorlog-file
+ldapi-socket-place
+wrong-database-location
+index-files-created-as-root
+sasl-default-path
+getaddrinfo-is-threadsafe
+do-not-second-guess-sonames
+contrib-makefiles
+ldap-conf-tls-cacertdir
+add-tlscacert-option-to-ldap-conf
+fix-build-top-mk
+switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
+set-maintainer-name
diff --git a/debian/patches/set-maintainer-name b/debian/patches/set-maintainer-name
new file mode 100644
index 0000000..b537e4e
--- /dev/null
+++ b/debian/patches/set-maintainer-name
@@ -0,0 +1,18 @@
+Index: openldap/build/mkversion
+===================================================================
+--- openldap.orig/build/mkversion 2022-05-20 17:36:16.721249629 -0400
++++ openldap/build/mkversion 2022-05-20 17:36:16.717249626 -0400
+@@ -50,12 +50,7 @@
+ fi
+
+ APPLICATION=$1
+-# Reproducible builds set SOURCE_DATE_EPOCH, want constant strings
+-if [ -n "${SOURCE_DATE_EPOCH}" ]; then
+- WHOWHERE="openldap"
+-else
+- WHOWHERE="$USER@$(uname -n):$(pwd)"
+-fi
++WHOWHERE="${DEB_MAINTAINER:-openldap}"
+
+ cat << __EOF__
+ /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
diff --git a/debian/patches/slapi-errorlog-file b/debian/patches/slapi-errorlog-file
new file mode 100644
index 0000000..f538c10
--- /dev/null
+++ b/debian/patches/slapi-errorlog-file
@@ -0,0 +1,18 @@
+The slapi error log file defaults to /var/errors given our setting
+of --localstatedir. Move it to /var/log/slapi-errors instead.
+
+Debian-specific.
+
+Index: openldap/servers/slapd/slapi/slapi_overlay.c
+===================================================================
+--- openldap.orig/servers/slapd/slapi/slapi_overlay.c 2022-05-20 17:36:09.141243662 -0400
++++ openldap/servers/slapd/slapi/slapi_overlay.c 2022-05-20 17:36:09.141243662 -0400
+@@ -933,7 +933,7 @@
+ ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex );
+
+ if ( slapi_log_file == NULL )
+- slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" );
++ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "log" LDAP_DIRSEP "slapi-errors" );
+
+ rc = slapi_int_init_object_extensions();
+ if ( rc != 0 )
diff --git a/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
new file mode 100644
index 0000000..17b448a
--- /dev/null
+++ b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff
@@ -0,0 +1,42 @@
+From: Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de>
+Date: Tue, 18 May 2010 17:47:05 +0200
+Subject: Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
+ Open all modules with RTLD_GLOBAL, needed so that back_perl can load
+ non-trivial Perl extensions that require symbols from back_perl.so itself.
+Bug-Debian: http://bugs.debian.org/327585
+
+---
+Index: openldap/servers/slapd/module.c
+===================================================================
+--- openldap.orig/servers/slapd/module.c 2022-05-20 17:36:16.057249110 -0400
++++ openldap/servers/slapd/module.c 2022-05-20 17:36:16.053249107 -0400
+@@ -117,6 +117,20 @@
+ return -1; /* not found */
+ }
+
++static lt_dlhandle slapd_lt_dlopenext_global( const char *filename )
++{
++ lt_dlhandle handle = 0;
++ lt_dladvise advise;
++
++ if (!lt_dladvise_init (&advise) && !lt_dladvise_ext (&advise)
++ && !lt_dladvise_global (&advise))
++ handle = lt_dlopenadvise (filename, advise);
++
++ lt_dladvise_destroy (&advise);
++
++ return handle;
++}
++
+ int module_load(const char* file_name, int argc, char *argv[])
+ {
+ module_loaded_t *module;
+@@ -179,7 +193,7 @@
+ * to calling Debug. This is because Debug is a macro that expands
+ * into multiple function calls.
+ */
+- if ((module->lib = lt_dlopenext(file)) == NULL) {
++ if ((module->lib = slapd_lt_dlopenext_global(file)) == NULL) {
+ error = lt_dlerror();
+ #ifdef HAVE_EBCDIC
+ strcpy( ebuf, error );
diff --git a/debian/patches/wrong-database-location b/debian/patches/wrong-database-location
new file mode 100644
index 0000000..3900a0e
--- /dev/null
+++ b/debian/patches/wrong-database-location
@@ -0,0 +1,73 @@
+Move the default slapd database location to /var/lib/ldap instead of
+/var/openldap-data.
+
+Debian-specific.
+
+Index: openldap/doc/man/man5/slapd.conf.5
+===================================================================
+--- openldap.orig/doc/man/man5/slapd.conf.5 2022-05-20 17:36:10.817244990 -0400
++++ openldap/doc/man/man5/slapd.conf.5 2022-05-20 17:36:10.813244986 -0400
+@@ -2122,7 +2122,7 @@
+ # The database directory MUST exist prior to
+ # running slapd AND should only be accessible
+ # by the slapd/tools. Mode 0700 recommended.
+-directory LOCALSTATEDIR/openldap\-data
++directory LOCALSTATEDIR/lib/ldap
+ # Indices to maintain
+ index objectClass eq
+ index cn,sn,mail pres,eq,approx,sub
+Index: openldap/include/ldap_defaults.h
+===================================================================
+--- openldap.orig/include/ldap_defaults.h 2022-05-20 17:36:10.817244990 -0400
++++ openldap/include/ldap_defaults.h 2022-05-20 17:36:10.813244986 -0400
+@@ -54,7 +54,7 @@
+ #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d"
+ #endif
+ #ifndef SLAPD_DEFAULT_DB_DIR
+-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data"
++#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "ldap"
+ #endif
+ #define SLAPD_DEFAULT_DB_MODE 0600
+ /* default max deref depth for aliases */
+Index: openldap/servers/slapd/Makefile.in
+===================================================================
+--- openldap.orig/servers/slapd/Makefile.in 2022-05-20 17:36:10.817244990 -0400
++++ openldap/servers/slapd/Makefile.in 2022-05-20 17:36:10.813244986 -0400
+@@ -452,9 +452,9 @@
+
+ install-db-config: FORCE
+ @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir)
+- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data
++ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/ldap
+ $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
+- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example
++ $(DESTDIR)$(localstatedir)/lib/ldap/DB_CONFIG.example
+ $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
+ $(DESTDIR)$(sysconfdir)/DB_CONFIG.example
+
+Index: openldap/doc/man/man5/slapd-config.5
+===================================================================
+--- openldap.orig/doc/man/man5/slapd-config.5 2022-05-20 17:36:10.817244990 -0400
++++ openldap/doc/man/man5/slapd-config.5 2022-05-20 17:36:10.813244986 -0400
+@@ -2233,7 +2233,7 @@
+ # The database directory MUST exist prior to
+ # running slapd AND should only be accessible
+ # by the slapd/tools. Mode 0700 recommended.
+-olcDbDirectory: LOCALSTATEDIR/openldap\-data
++olcDbDirectory: LOCALSTATEDIR/lib/ldap
+ # Indices to maintain
+ olcDbIndex: objectClass eq
+ olcDbIndex: cn,sn,mail pres,eq,approx,sub
+Index: openldap/doc/man/man5/slapd-mdb.5
+===================================================================
+--- openldap.orig/doc/man/man5/slapd-mdb.5 2022-05-20 17:36:10.817244990 -0400
++++ openldap/doc/man/man5/slapd-mdb.5 2022-05-20 17:36:10.813244986 -0400
+@@ -63,7 +63,7 @@
+ associated indexes live.
+ A separate directory must be specified for each database.
+ The default is
+-.BR LOCALSTATEDIR/openldap\-data .
++.BR LOCALSTATEDIR/lib/ldap .
+ .TP
+ \fBenvflags \fR{\fBnosync\fR,\fBnometasync\fR,\fBwritemap\fR,\fBmapasync\fR,\fBnordahead\fR}
+ Specify flags for finer-grained control of the LMDB library's operation.
diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in
new file mode 100644
index 0000000..07cbdde
--- /dev/null
+++ b/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] slapd.templates
diff --git a/debian/po/ca.po b/debian/po/ca.po
new file mode 100644
index 0000000..aa6d0ce
--- /dev/null
+++ b/debian/po/ca.po
@@ -0,0 +1,440 @@
+# openldap po-debconf translation to Catalan.
+# This file is distributed under the same license as the openldap package.
+# Innocent De Marchi <tangram.peces@gmail.com>, 2011-2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-19 19:35+0100\n"
+"Last-Translator: Innocent De Marchi <tangram.peces@gmail.com>\n"
+"Language-Team: catalan <debian-l10n-catalan@lists.debian.org>\n"
+"Language: ca_ES\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Voleu ometre la configuració del servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Si desactivau aquesta opció, no es generarà la configuració ni la base de "
+"dades inicial."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "quan sigui necessari"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "mai"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Bolcar les bases de dades a un fitxer en fer l'actualització:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Abans d'actualitzar a una nova versió del servidor OpenLDAP, les dades dels "
+"seus directoris LDAP poden desar-se a fitxers de text en el format estàndard "
+"d'intercanvi de dades LDAP («LDAP Data Interchange Format»)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Seleccionant «sempre» el bolcat de les bases de dades es farà sense "
+"condicions abans de l'actualització. Seleccionant «quan sigui necessari» "
+"només es farà el bolcat de les bases de dades si la nova versió és "
+"incompatible amb el format anterior de les bases de dades i és necessari re-"
+"importar-les. Si seleccionau «mai», no es farà el bolcat."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directori a fer servir en el bolcat de les bases de dades:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Seleccionau el directori d'exportació de les bases de dades LDAP. En aquest "
+"directori, es generaran diversos fitxers LDIF que es corresponen amb les "
+"bases de dades localitzades en el servidor. Comproveu que hi ha espai lliure "
+"suficient a la partició on està ubicat el directori seleccionat. La primer "
+"aparició de la cadena «VERSION» serà reemplaçada per la versió del servidor "
+"de la qual està actualitzant."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Moure la base de dades anterior?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Hi ha fitxers a «/var/lib/ldap» que probablement interrompran el procés de "
+"configuració. Si activau aquesta opció, el guió de manteniment mourà els "
+"fitxers de les bases de dades anteriors fora del directori anterior abans de "
+"generar una nova base de dades."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Tornar a intentar la configuració?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"La configuració que ha introduït no és vàlida. Comproveu que el nom de "
+"domini DNS és sintàcticament correcte, que el camp del nom de l'organització "
+"està emplenat i que les contrasenyes de l'administrador coincideixen. Si "
+"decideix no tornar a intentar la configuració, el servidor LDAP quedarà "
+"sense configurar. Executi «dpkg-reconfigure slapd» per tornar a intentar-ho "
+"més tard."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nom del domini DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"El nom de domini DNS es fa servir per construir el DN base del directori "
+"LDAP. Per exemple, si el vostre nom de domini és «elmeu.domini.org» es "
+"generarà el directori amb el DN base «dc=elmeu, dc=domini, dc=org»"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nom de l'organització:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Escriviu el nom de l'organització per fer servir en el DN base del directori "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Contrasenya de l'administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Escriviu la contrasenya per l'accés com administrador al vostre directori "
+"LDAP:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirmeu la vostra contrasenya:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Introduïu de nou la contrasenya d'administrador per al directori LDAP per "
+"comprovar que s'ha escrit correctament."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Les contrasenyes no coincideixen"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Les dues contrasenyes no coincideixen. Tornau a provar-ho."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Desitjau que s'elimini la base de dades en purgar el paquet slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "ha fallat «slapcat» durant l'actualització"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "S'ha produït un error en l'actualització del directori LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"El programa «slapcat» ha fallat en l'extracció del directori LDAP. Aquest "
+"error pot ésser causat per un fitxer de configuració incorrecte (per "
+"exemple, per que faltin línies «moduleload» necessàries pel motor de la base "
+"de dades)"
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Aquest error farà que «slapadd» torni a fallar més endavant. Els fitxers de "
+"la base de dades anterior es mouran a «/var/backups». Si desitjau tornar a "
+"intentar l'actualització, haureu de tornar a moure els fitxers de la base de "
+"dades anterior a la seva ubicació inicial, solucionar la causa de l'error i "
+"tornar a executar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"A continuació, tornau els arxius de la base de dades a la zona de seguretat "
+"i després intenteu executar «slapadd» des de ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "aturar la instal·lació"
+
+#~ msgid "continue regardless"
+#~ msgstr "continua sense tenir en compte"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr ""
+#~ "Es recomana l'actualització manual de la directiva de contrasenya "
+#~ "(«ppolicy»)"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "La nova versió de la superposició de directiva de contrasenya («ppolicy») "
+#~ "requereix que l'esquema defineixi el tipus d'atribut "
+#~ "«pwdMaxRecordedFailure», que no està inclòs en l'esquema actualment en "
+#~ "ús. És recomana aturar ara l'actualització, i actualitzar la directiva de "
+#~ "contrasenya abans d'actualitzar «slapd». Si la replicació està en marxa, "
+#~ "l'actualització de l'esquema s'ha d'aplicar a cada servidor abans de "
+#~ "continuar amb l'actualització."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "Un s'ha generat un fitxer LDIF amb els canvis necessaris per a "
+#~ "l'actualització:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "per que si «slapd» fa servir les regles d'accés predeterminades, aquests "
+#~ "canvis es poden fer efectius (després d'iniciar «slapd») fent servir "
+#~ "l'ordre:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "En canvi, si decidiu continuar amb la instal·lació, el nou tipus "
+#~ "d'atribut s'afegirà automàticament, però el canvi no es veurà afectat per "
+#~ "les superposicions de «slapd», i la replicació amb altres servidors es "
+#~ "pot veure afectada."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Configuració de control d'accés de slapd potencialment insegur"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Una o més de les bases de dades configurades té una norma de control "
+#~ "d'accés que permet als usuaris modificar la major part dels seus "
+#~ "atributs. Aquest situació pot ser perillosa, depenent de com s'utilitza "
+#~ "la base de dades."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "En el cas que les normes d'accés de slapd comencin per \"to *\", és "
+#~ "recomanable eliminar totes les instàncies a \"by self write\", de manera "
+#~ "que els usuaris només puguin modificar els atributs específicament "
+#~ "permesos."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Consulteu «/usr/share/doc/slapd/README.Debian.gz» per a més detalls."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Motor de base de dades a fer servir:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB i BDB fan servir formats d'emmagatzematge semblants, però HDB permet "
+#~ "fer canvis de nom dels subarbres. Tots dos tenen les mateixes opcions de "
+#~ "configuració."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "El motor MDB és el recomanat. MDB fa servir un nou format "
+#~ "d'emmagatzematge i requereix menys tasques de configuració que BDB o HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "En qualsevol cas, heu de revisar la configuració de base de dades "
+#~ "resultant per ajustar-la a les vostres necessitats. Consulteu «/usr/share/"
+#~ "doc/slapd/README.Debian.gz» per a més detalls."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Desitjau permetre el protocol LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "El protocol obsolet LDAPv2 està desactivat per defecte a slapd. Els "
+#~ "programes i usuaris haurien d'actualitzar-se a LDAPv3. Si teniu "
+#~ "programes antics que no poden fer servir LDAPv3, seleccioneu aquesta "
+#~ "opció i s'afegirà l'opció «allow bind_v2» al vostre fitxer de "
+#~ "configuració slapd.conf."
diff --git a/debian/po/cs.po b/debian/po/cs.po
new file mode 100644
index 0000000..54ee833
--- /dev/null
+++ b/debian/po/cs.po
@@ -0,0 +1,494 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-22 11:49+0100\n"
+"Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
+"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
+"Language: cs\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Přeskočit nastavení OpenLDAP serveru?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Přistoupíte-li na tuto možnost, nevytvoří se databáze ani počáteční "
+"nastavení."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "vždy"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "v případě potřeby"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nikdy"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Při aktualizaci uložit databáze do souboru:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Před aktualizací na novější verzi serveru OpenLDAP se mohou data z LDAP "
+"adresářů vyexportovat do textových souborů ve formátu LDAP Data Interchange "
+"Format, což je standardizovaný formát pro popis těchto dat."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Výběrem „“vždy“ zajistíte, že se databáze vyexportují do souborů před každou "
+"aktualizací. Volba „v případě potřeby“ znamená, že se databáze vyexportují "
+"pouze v případě, že je formát nové databáze nekompatibilní s předchozí verzí "
+"a tudíž je potřeba data znovu nahrát. Zvolíte-li „nikdy“, data se nebudou "
+"exportovat."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Adresář pro exportované databáze:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Zadejte prosím adresář, do kterého se budou exportovat LDAP databáze. V "
+"tomto adresáři se vytvoří několik LDIF souborů odpovídajících kořenům LDAP "
+"adresářů na daném serveru. Ujistěte se, že máte na dané oblasti dostatek "
+"místa. První výskyt řetězce \"VERSION\" se nahradí verzí LDAP serveru, ze "
+"kterého aktualizujete na novější verzi."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Přesunout starou databázi?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Ve /var/lib/ldap jsou stále soubory, které pravděpodobně naruší instalační "
+"proces. Budete-li souhlasit, instalační skripty před vytvořením nové "
+"databáze nejprve přesunou staré databázové soubory na jiné místo."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Zopakovat nastavení?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Zadané nastavení není platné. Ujistěte se, že máte doménové jméno (DNS) ve "
+"správném formátu, že je vyplněné pole pro organizaci a že administrátorská "
+"hesla souhlasí. Jestliže znovu nespustíte tohoto průvodce, LDAP server "
+"nebude nakonfigurován. Budete-li chtít balík nastavit později, použijte "
+"příkaz „dpkg-reconfigure slapd“."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS název domény:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Název domény se používá pro vytvoření základního DN vašeho LDAP adresáře. "
+"Například zadáním „foo.bar.cz“ se vytvoří adresář se základním DN „dc=foo, "
+"dc=bar, dc=cz“."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Název organizace:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Zadejte prosím jméno organizace, které se použije v základním DN vašeho LDAP "
+"adresáře."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administrátorské heslo:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Zadejte prosím heslo pro administrátorský záznam v LDAP adresáři."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Potvrzení hesla:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Zadejte prosím znovu administrátorské heslo k LDAP adresáři, abyste se "
+"ujistili, že jste jej zadali správně."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Hesla nesouhlasí"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Zadaná hesla nejsou stejná. Zkuste to znovu."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Chcete při vyčištění balíku slapd ze systému smazat i databázi?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat během aktualizace selhal"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Při pokusu o aktualizaci LDAP adresáře se vyskytla chyba."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Program „slapcat“ selhal. Tuto chybu může způsobit třeba chybný konfigurační "
+"soubor. (Například pokud chybí příslušné řádky „moduleload“ pro backend "
+"databáze, která uchovává obsah LDAP adresáře.)"
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Tato chyba později způsobí také selhání příkazu „slapadd“. Staré databázové "
+"soubory budou přesunuty do /var/backups. Budete-li chtít později zkusit "
+"provést tuto aktualizaci znovu, přesuňte staré databázové soubory zpět na "
+"jejich původní místo, spravte příčinu toho, proč slapcat selhal a spusťte:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Poté přesuňte databázové soubory zpět mezi zálohy a zkuste spustit slapadd z "
+"${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "přerušit instalaci"
+
+#~ msgid "continue regardless"
+#~ msgstr "přesto pokračovat"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Je doporučeno aktualizovat ppolicy schéma ručně"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Nová verze politiky hesel (ppolicy) vyžaduje, aby schéma definovalo typ "
+#~ "atributu pwdMaxRecordedFailure, který není v aktuálně používaném schématu "
+#~ "přítomný. Doporučujeme nyní přerušit aktualizaci a aktualizovat ppolicy "
+#~ "schéma ručně před samotnou aktualizací slapd. Pokud využíváte replikaci, "
+#~ "měli byste před pokračováním aktualizovat schéma na všech serverech."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr "Byl vytvořen LDIF soubor se změnami potřebnými pro aktualizaci:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "pokud slapd používá výchozí přístupová oprávnění, můžete změny aplikovat "
+#~ "příkazem (po spuštění slapd):"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Jestliže se rozhodnete pokračovat v instalaci, bude nový typ atributu "
+#~ "přidán automaticky, avšak slapd overlaye tuto změnu nezaregistrují a může "
+#~ "to mít vliv i na replikaci s ostatními servery."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Potenciálně nebezpečné nastavení přístupu slapd"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Jedna nebo více nakonfigurovaných databází obsahuje pravidlo, které "
+#~ "umožňuje uživatelům měnit většinu jejich vlastních atributů. V závislosti "
+#~ "na způsobu používání databáze to může být nebezpečné."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "V případě přístupových pravidel slapd začínajících „to *“ je doporučeno "
+#~ "odstranit výskyty „by self write“, aby uživatelé mohli měnit pouze "
+#~ "explicitně povolené atributy."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr "Více informací naleznete v /usr/share/doc/slapd/README.Debian.gz."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Databázový backend:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB i BDB ukládají data obdobně, ale HDB přidává podporu pro přejmenování "
+#~ "podstromů. Oba backendy podporují stejné konfigurační parametry."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "Doporučenou volbou je backend MDB. MDB používá nový formát úložiště a "
+#~ "vyžaduje méně nastavování než BDB enbo HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Ve všech případech byste měli zkontrolovat, zda nastavení databáze "
+#~ "odpovídá vašim potřebám. Více informací naleznete v souboru /usr/share/"
+#~ "doc/slapd/README.Debian.gz."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Povolit protokol LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Zastaralý protokol LDAPv2 je nyní v slapd implicitně zakázán. Programy i "
+#~ "uživatelé by měli přejít na LDAPv3. Máte-li staré programy, které "
+#~ "nezvládají LDAPv3, povolte tuto možnost, což do souboru slapd.conf přidá "
+#~ "řádek „allow bind_v2“."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "slurpd je zastaralý, repliky se musí znovu nastavit ručně"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Při aktualizaci byla v konfiguračním souboru slapd nalezena nejméně jedna "
+#~ "volba „replica“ pro slurpd. Protože je slurpd od OpenLDAPu verze 2.4 "
+#~ "překonaný, budete muset své repliky převést, aby místo toho používaly "
+#~ "protokol syncrepl."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Konverzi ze slurpd na protokol syncrepl (založený na technologii pull) "
+#~ "nelze provést automaticky a budete muset své replikační servery nastavit "
+#~ "ručně. Podrobnosti naleznete na http://www.openldap.org/doc/admin24/"
+#~ "syncrepl.html."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Hodnota TLSCipherSuite se změnila"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Při aktualizaci byla ve vašem konfiguračním souboru programu slapd "
+#~ "nalezena volba „TLSCipherSuite“. Přípustné hodnoty, které můžete v této "
+#~ "volbě použít, jsou určeny použitou implementací SSL. Ta se změnila z "
+#~ "OpenSSL na GnuTLS, což znamená, že stávající nastavení TLSCipherSuite "
+#~ "nebude s tímto balíkem fungovat."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Toto nastavení bylo automaticky zakomentováno. Máte-li speciální "
+#~ "požadavky, které vyžadují opětovné zapnutí této volby, zjistěte si prosím "
+#~ "seznam šifer podporovaných v GnuTLS (např. příkazem „gnutls-cli -l“, "
+#~ "který se nachází v balíku gnutls-bin)."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Zazálohovat stávající databázi a vytvořit novou?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Zadali jste příponu adresáře (doménu), která neodpovídá té v souboru /etc/"
+#~ "ldap/slapd.conf. Změna přípony adresáře vyžaduje odsunutí stávající LDAP "
+#~ "databáze a vytvoření nové. Potvrďte prosím, zda chcete zazálohovat a "
+#~ "opustit stávající databázi."
diff --git a/debian/po/da.po b/debian/po/da.po
new file mode 100644
index 0000000..afd4aa8
--- /dev/null
+++ b/debian/po/da.po
@@ -0,0 +1,410 @@
+# Danish translation openldap.
+# Copyright (C) 2017 openldap & nedenstående oversættere.
+# This file is distributed under the same license as the openldap package.
+# Claus Hindsgaul <claus.hindsgaul@gmail.com>, 2005, 2006.
+# Joe Hansen <joedalton2@yahoo.dk>, 2010, 2014, 2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-10 05:26+0100\n"
+"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
+"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
+"Language: da\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Undlad opsætning af OpenLDAP-server?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Hvis du aktiverer denne indstilling, vil der ikke blive oprettet en "
+"begyndelsesopsætning eller -database for dig."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "altid"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "når nødvendigt"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "aldrig"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Læg databaser i fil ved opgradering:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Inden du opgraderer til en ny version af OpenLDAP-serveren, kan dine LDAP-"
+"mappers data blive lagt som rene tekstfiler i formatet LDAP Data Interchange."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Angivelse af »altid«, vil få databaserne til at blive dumpet uden "
+"betingelser før en opgradering. Valg af »når nødvendigt« vil kun dumpe "
+"databasen, hvis den nye version er inkompatibel med det gamle "
+"databaseformat, og den skal genimporteres. Hvis du vælger »aldrig«, vil der "
+"ikke blive udført en dumpning."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Mappe til de dumpede databaser:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Angiv den mappe, LDAP-databasen skal eksporteres til. I denne mappe vil der "
+"blive oprettet adskillige LDIF-filer, som svarer til den søgedatabase, der "
+"ligger på serveren. Sørg for at du har nok fri plads på den partition, "
+"mappen ligger på. Første forekomst af strengen »VERSION« erstattes med den "
+"serverversion, du opgraderer fra."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Flyt gammel database?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Der er stadig filer i /var/lib/ldap, som sikkert vil forstyrre "
+"opsætningsprocessen. Hvis du aktiverer denne indstilling, vil "
+"vedligeholdelsesskriptene flytte de gamle filer, før de opretter en ny "
+"database."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Gentag opsætningen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Den opsætning, du har angivet, er ikke gyldig. Sørg for at DNS-domænenavnet "
+"har en gyldig syntaks, at organisationen er udfyldt, og at administrator-"
+"adgangskoderne er ens. Hvis du vælger ikke at gentage opsætningen af LDAP-"
+"serveren, vil den ikke blive sat op. Kør 'dpkg-reconfigure slapd', hvis du "
+"vil prøve igen senere."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-domænenavn:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Domænenavnet bruges til at opbygge basis-DN for din LDAP-mappe. For eksempel "
+"vil 'foo.eksempel.org' oprette mappen med 'dc=foo, dc=eksempel, dc=org' som "
+"basis-DN."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Organisationsnavn:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Indtast venligst navnet på organisationen som skal bruges i basis-DN'en på "
+"din LDAP-mappe."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administratoradgangskode:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Angiv administratoropslagets adgangskode i din LDAP-mappe."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Bekræft administratoradgangskode:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Indtast venligst administratoradgangskoden på din LDAP-mappe igen for at "
+"bekræfte, at du har tastet den korrekt."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Adgangskoderne var ikke ens"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "De to adgangskoder, du indtastede, var ikke ens. Prøv igen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Ønsker du at databasen bliver fjernet, når slapd bliver afinstalleret?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcatfejl under opgraderingen"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Der opstod en fejl under opgradering af din LDAP-mappe."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Programmet 'slapcat' fejlede under udtrækning af LDAP-mappen. Fejlen kan "
+"skyldes en fejlbehæftet opsætningsfil (f.eks. kan de korrekte "
+"'moduleloadlinjer' til understøttelse af din motors database mangle)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Denne fejl vil også senere få 'slapadd' til at fejle. De gamle databasefiler "
+"er ved at blive flyttet til /var/backups. Hvis du vil forsøge denne "
+"opgradering igen, så flyt de gamle databasefiler tilbage, ret den fejl, der "
+"fik slapcat til at fejle, og kør:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Flyt derefter databasefilerne tilbage til et sikkerhedskopiområde, og prøv "
+"at køre slapadd fra ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "afbryd installation"
+
+#~ msgid "continue regardless"
+#~ msgstr "fortsæt alligevel"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Manuel ppolicy-skemaopdatering anbefales"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Den nye version af Password Policy-dækket (ppolicy) kræver skemaet for at "
+#~ "definere attributtypen pwdMaxRecordedFailure, som ikke er til stede i "
+#~ "skemaet i brug i øjeblikket. Det anbefales at afbryde opgraderingen nu, "
+#~ "og opdatere ppolicy-skemaet før opgradering af slapd. Hvis replikering er "
+#~ "i brug, så skal skemaopdateringen bruges på alle servere før "
+#~ "opgraderingen fortsættes."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "En LDIF-fil er blevet oprettet med ændringerne krævet for opgraderingen:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "så hvis slapd bruger standardreglerne for adgangskontrol, så kan disse "
+#~ "ændringer anvendes (efter start af slapd) ved at bruge kommandoen:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Hvis du i stedet for vælger at fortsætte installationen, så vil den nye "
+#~ "attributtype blive tilføjet automatisk, men der vil ikke blive handlet på "
+#~ "ændringen af slapd-overdækker, og replikering med andre servere kan blive "
+#~ "påvirket."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Potentiel usikker slapd-adgangskontrolkonfiguration"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "En eller flere af de konfigurerede databaser har en adgangskontrolregel, "
+#~ "som giver brugere mulighed for at ændre deres egne attributter. Dette kan "
+#~ "være usikkert, afhængig af hvordan databasen bruges."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "I tilfældet med slapd-adgangsregler som begynder med »to *«, anbefales "
+#~ "det at fjerne alle instanser af »by self write«, så at brugerne kun kan "
+#~ "ændre specifikt tilladte attributter."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr "Se /usr/share/doc/slapd/README.Debian.gz for yderligere detaljer."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Databasemotor at bruge:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB og BDB bruger lignende lagerformater, men HDB tilføjer understøttelse "
+#~ "af omdøbning af undertræer. Begge understøtter de samme "
+#~ "konfigurationsindstillinger."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "MDB-motoren anbefales. MDB bruger et nyt lagerformat og kræver mindre "
+#~ "konfiguration end BDB eller HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Uanset hvad bør du gennemse databasekonfigurationen for dine behov. Se /"
+#~ "usr/share/doc/slapd/README.Debian.gz for yderligere detaljer."
diff --git a/debian/po/de.po b/debian/po/de.po
new file mode 100644
index 0000000..dd6b2a4
--- /dev/null
+++ b/debian/po/de.po
@@ -0,0 +1,524 @@
+# Translation of openldap debconf templates to German
+# Copyright (C) Helge Kreutzmann <debian@helgefjell.de>, 2006-2008, 2010, 2014, 2017, 2022.
+# This file is distributed under the same license as the openldap package.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.5.11+dfsg-1\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2022-03-15 20:36+0100\n"
+"Last-Translator: Helge Kreutzmann <debian@helgefjell.de>\n"
+"Language-Team: de <debian-l10n-german@lists.debian.org>\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "OpenLDAP-Server-Konfiguration auslassen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Falls Sie diese Option aktivieren, wird keine Startkonfiguration oder "
+"Datenbank für Sie erstellt."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "immer"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "wenn benötigt"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nie"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Datenbank beim Upgrade in Datei ausgeben (»dump«):"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Bevor Sie ein Upgrade auf eine neue Version des OpenLDAP-Servers "
+"durchführen, können die Daten Ihres LDAP-Verzeichnisses in reine Text-"
+"Dateien im standardisierten »LDAP Data Interchange Format« ausgegeben werden."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Die Auswahl von »immer« führt dazu, dass die Datenbanken bedingungslos vor "
+"Upgrades ausgegeben werden. Die Auswahl von »wenn benötigt« führt dazu, dass "
+"die Datenbank nur ausgegeben wird, falls die neue Version nicht mit dem "
+"alten Datenbankformat kompatibel ist und die Datenbank re-importiert werden "
+"muss. Die »nie«-Auswahl führt dazu, dass keine Ausgabe der Daten erfolgt."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Verzeichnis für Datenbank-Ausgaben (»dumps«):"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Bitte geben Sie ein Verzeichnis an, in das die Datenbanken exportiert "
+"werden. Innerhalb dieses Verzeichnisses werden mehrere LDIF-Dateien "
+"erstellt, die zu den im Server befindlichen Suchbasen korrespondieren. "
+"Stellen Sie sicher, dass Sie genug freien Platz auf der Partition haben, auf "
+"der sich das Verzeichnis befindet. Das erste Auftreten der Zeichenkette "
+"»VERSION« wird durch die Server-Version ersetzt, von der aus Sie das Upgrade "
+"durchführen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Alte Datenbank verschieben?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Es sind noch Dateien in /var/lib/ldap, die wahrscheinlich den "
+"Konfigurationsprozess durcheinander bringen werden. Wird diese Option "
+"aktiviert, dann werden die Betreuerskripte die alten Datenbankdateien "
+"beiseite schieben, bevor sie eine neue Datenbank erstellen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Konfiguration erneut versuchen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Die von Ihnen eingegebene Konfiguration ist ungültig. Stellen Sie sicher, "
+"dass der DNS-Domainname einer gültigen Syntax folgt, das Feld für die "
+"Organisation nicht leer geblieben ist und dass die Administratorpasswörter "
+"übereinstimmen. Falls Sie sich entscheiden, die Konfiguration nicht erneut "
+"zu versuchen, wird der LDAP-Server nicht eingerichtet. Führen Sie »dpkg-"
+"reconfigure slapd« aus, falls Sie die Konfiguration später erneut versuchen "
+"wollen."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-Domainname:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Der DNS-Domainname wird zur Erzeugung des Basis-DN Ihres LDAP-Verzeichnisses "
+"verwendet. Zum Beispiel erstellt »foo.example.org« das Verzeichnis mit der "
+"Basis-DN »dc=foo, dc=example, dc=org«."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Name der Organisation:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Bitte geben Sie den Namen der Organisation ein, die im Basis-DN Ihres LDAP-"
+"Verzeichnisses verwendet werden soll."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administrator-Passwort:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Bitte geben Sie das Passwort für den Administrator-Eintrag in Ihrem LDAP-"
+"Verzeichnis ein."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Passwort bestätigen:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Bitte geben Sie das Passwort für den Administrator-Eintrag Ihres LDAP-"
+"Verzeichnisses nochmal ein, um sicher zu gehen, dass Sie es richtig "
+"eingegeben haben."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Passwörter stimmen nicht überein"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"Die beiden eingegebenen Passwörter sind nicht gleich. Bitte versuchen Sie es "
+"noch einmal."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+"Soll die Datenbank entfernt werden, wenn slapd vollständig gelöscht wird?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat-Fehlschlag beim Upgrade"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr ""
+"Während des Versuchs, ein Upgrade des LDAP-Verzeichnisses durchzuführen, "
+"trat ein Fehler auf."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Das Programm »slapcat« schlug beim Versuch, das LDAP-Verzeichnis zu "
+"extrahieren, fehl. Dies könnte durch eine inkorrekte Konfigurationsdatei "
+"verursacht worden sein (beispielsweise fehlende »moduleload«-Zeilen, um die "
+"Backend-Datenbank zu unterstützen)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Dieser Fehlschlag wird später dazu führen, dass auch »slapadd« fehlschlägt. "
+"Die alten Datenbankdateien werden jetzt nach /var/backups verschoben. Falls "
+"Sie dieses Upgrade erneut versuchen wollen, sollten Sie die alten "
+"Datenbankdateien wieder zurück an ihren Platz verschieben, den Grund für den "
+"Fehlschlag von slapcat beheben und folgendes ausführen:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Verschieben Sie dann die Datenbankdateien zurück in den Sicherungsbereich "
+"und versuchen Sie, Slapadd von ${location} auszuführen."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr "Fehler bei der Ausführung von Aufgaben nach der Installation"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+"Es gab einen oder mehrere Fehler bei der Durchführung einiger Aufgaben nach "
+"der Installation. Das bedeutet wahrscheinlich, dass das Paket Slapd eine "
+"oder mehrere LDAP-Datenbanken nicht automatisch migrieren konnte oder dass "
+"ein Backend, dass von der aktuellen OpenLDAP-Installation verwandt wird, "
+"nicht mehr unterstützt wird."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+"Das für die Ausführung der Aufgaben nach der Installation zuständige "
+"Betreuerskript hat sich beendet, aber der Dienst Slapd wurde NICHT "
+"(neu)gestartet. Sie müssen das Problem manuell korrigieren und den Dienst "
+"dann starten."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+"Für weitere Informationen über mögliche problematische Szenarien und wie "
+"mit ihnen umgegangen werden kann, schauen Sie bitte in die Datei README."
+"Debian (unter /usr/share/doc/slapd/)."
+
+#~ msgid "abort installation"
+#~ msgstr "Installation abbrechen"
+
+#~ msgid "continue regardless"
+#~ msgstr "Trotzdem fortfahren"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Manuelle Aktualisierung des Ppolicy-Schematas empfohlen"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Die neue Version der Passwort-Richtlinien-Einblendung (Ppolicy) verlangt, "
+#~ "dass im Schema der Attributstyp pwdMaxRecordedFailure definiert wird, der "
+#~ "im aktuell benutzten Schema nicht vorhanden ist. Es wird empfohlen, die "
+#~ "Aktualisierung jetzt abzubrechen und das Ppolicy-Schema zu aktualisieren, "
+#~ "bevor das Upgrade von Slapd durchgeführt wird. Falls Replizierung "
+#~ "verwandt wird, sollte die Schema-Aktualisierung auf jedem Server "
+#~ "angewandt werden, bevor mit dem Upgrade fortgefahren wird."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "Eine LDIF-Datei wurde mit den für das Upgrade benötigten Änderungen "
+#~ "erstellt:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "Falls Slapd daher die Standardzugriffssteuerungsregeln verwendet, können "
+#~ "diese Änderungen (nach dem Start von Slapd) mittels des folgenden Befehls "
+#~ "angewandt werden:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Falls Sie sich stattdessen entscheiden, mit der Installation "
+#~ "fortzufahren, wird der neue Attributstyp automatisch hinzugefügt, aber "
+#~ "auf die Änderung wird nicht durch die Slapd-Überblendungen reagiert und "
+#~ "die Replizierung mit anderen Servern könnte betroffen sein."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Möglicherweise unsichere Slapd-Zugriffssteuerkonfiguration"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Eine oder mehrere der konfigurierten Datenbanken hat eine "
+#~ "Zugriffssteuerregel, die Benutzern erlaubt, die meisten ihrer eigenen "
+#~ "Konfigurationsoptionen zu verändern. Dies kann unsicher sein, abhängig "
+#~ "davon, wie die Datenbank verwandt wird."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "Im Falle der mit »to *« beginnenden Slapd-Zugriffsregeln, wird empfohlen, "
+#~ "alle Instanzen von »by self write« zu entfernen, so dass Benutzer nur in "
+#~ "der Lage sind, speziell erlaubte Attribute zu ändern."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Lesen Sie /usr/share/doc/slapd/README.Debian.gz für weitere Details."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Zu verwendendes Datenbank-Backend:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB und BDB verwenden ähnliche Speicherformate, aber HDB enthält "
+#~ "zusätzlich Unterstützung für Teilbaum-Umbenennungen. Beide unterstützen "
+#~ "die gleichen Konfigurationsoptionen."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "Das MDB-Backend wird empfohlen. MDB verwendet ein neues Speicherformat "
+#~ "und benötigt weniger Konfiguration als BDB oder HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "In jedem Fall sollten Sie die erstellte Datenbankkonfiguration im "
+#~ "Hinblick auf Ihre Anforderungen prüfen. Lesen Sie /usr/share/doc/slapd/"
+#~ "README.Debian.gz für weitere Details."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "LDAPv2-Protokoll erlauben?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Das veraltete LDAPv2-Protokoll ist standardmäßig in slapd deaktiviert. "
+#~ "Programme und Benutzer sollten ein Upgrade auf LDAPv3 durchführen. Falls "
+#~ "Sie alte Programme haben, die LDAPv3 nicht benutzen können, sollten Sie "
+#~ "diese Option wählen und »allow bind_v2« wird zu der Datei slapd.conf "
+#~ "hinzugefügt."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "Slurpd ist veraltet; Replikas müssen von Hand rekonfiguriert werden"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "In Ihrer Konfiguration wurde beim Upgrade eine oder mehrere »replica«-"
+#~ "Optionen gefunden. Da slurpd beginnend mit OpenLDAP 2.4 veraltet ist, "
+#~ "müssen Sie Ihre Repliken auf die Verwendung des Syncrepl-Protokolls "
+#~ "migrieren."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Die Umstellung von slurpd auf das »pull«-basierte Syncrepl-Protokoll kann "
+#~ "nicht automatisch geschehen und Sie müssen Ihre Repliken-Server von Hand "
+#~ "konfigurieren. Bitte lesen Sie http://www.openldap.org/doc/admin24/"
+#~ "syncrepl.html für Details."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "TLSCipherSuite-Werte haben sich geändert"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Eine Option »TLSCipherSuite« wurde beim Upgrade in Ihrer Slapd-"
+#~ "Konfiguration gefunden. Die erlaubten Werte hierfür hängen von der "
+#~ "verwendeten SSL-Implementation ab, die von OpenSSL auf GnuTLS geändert "
+#~ "wurde. Im Ergebnis werden Ihre existierenden TLSCipherSuite-Einstellungen "
+#~ "nicht mit diesem Paket funktionieren."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Diese Einstellung wurde für Sie automatisch auskommentiert. Falls Sie "
+#~ "spezielle Anforderung an die Verschlüsselung haben, bei denen diese "
+#~ "Option wieder aktiviert werden muss, lesen Sie die Ausgabe von »gnutls-"
+#~ "cli -l« aus dem Paket Gnutls-bin für die Liste der von GnuTLS "
+#~ "unterstützen Chiffren."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Die aktuelle Datenbank sichern und eine neue erstellen?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Die von Ihnen angegebene Verzeichnisendung (Domain) passt nicht zu der "
+#~ "aktuell in /etc/ldap/slapd.conf eingetragenen. Eine Änderung der "
+#~ "Verzeichnisendung verlangt, dass die aktuelle LDAP-Datenbank beiseite "
+#~ "geschoben und eine neue erstellt wird. Bitte bestätigen Sie, ob Sie die "
+#~ "aktuelle Datenbank sichern und aufgeben wollen."
diff --git a/debian/po/es.po b/debian/po/es.po
new file mode 100644
index 0000000..e3f667b
--- /dev/null
+++ b/debian/po/es.po
@@ -0,0 +1,437 @@
+# openldap po-debconf translation to Spanish
+# Copyright 2006 Rudy Godoy <rudy@kernel-panik.org>
+# Copyright 2008 Steve Langasek <vorlon@debian.org>
+# Copyright (C) 2009, 2010 Software in the Public Interest
+# This file is distributed under the same license as the openldap package.
+#
+# Changes:
+# - Initial translation
+# Rudy Godoy <rudy@kernel-panik.org>, 2006
+#
+# - Reviewer
+# Javier Fernandez-Sanguino
+#
+# - Updates
+# Steve Langasek <vorlon@debian.org>, 2008
+# Francisco Javier Cuadrado <fcocuadrado@gmail.com>, 2009, 2010
+# Camaleón <noelamac@gmail.com>, 2014, 2020
+#
+# Traductores, si no conocen el formato PO, merece la pena leer la
+# documentación de gettext, especialmente las secciones dedicadas a este
+# formato, por ejemplo ejecutando:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Equipo de traducción al español, por favor lean antes de traducir
+# los siguientes documentos:
+#
+# - El proyecto de traducción de Debian al español
+# http://www.debian.org/intl/spanish/coordinacion
+# especialmente las notas de traducción en
+# http://www.debian.org/intl/spanish/notas
+#
+# - La guía de traducción de po's de debconf:
+# /usr/share/doc/po-debconf/README-trans
+# o http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.23-3exp1\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2022-03-25 16:13+0100\n"
+"Last-Translator: Camaleón <noelamac@gmail.com>\n"
+"Language-Team: Debian Spanish <debian-l10n-spanish@lists.debian.org>\n"
+"Language: es\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "¿Desea omitir la configuración del servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"No se creará la configuración ni la base de datos inicial si habilita esta "
+"opción."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "siempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "cuando se necesite"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nunca"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Volcar las bases de datos a un fichero al actualizar:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Antes de que actualice a una nueva versión del servidor OpenLDAP, se puede "
+"volcar la información de sus directorios LDAP en ficheros de texto plano en "
+"el formato estandarizado «LDAP Data Interchange Format» (formato de "
+"intercambio de datos de LDAP)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Si selecciona «siempre» se volcarán sus bases de datos de forma "
+"incondicional antes de cada actualización. Si selecciona «cuando se "
+"necesite» sólo se hará un volcado si la nueva versión es incompatible con el "
+"formato de la base de datos antigua y la información se debe volver a "
+"importar. Si selecciona «nunca» no se hará ningún volcado."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directorio donde volcar las bases de datos:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Especifique el directorio donde se exportarán las bases de datos de LDAP. En "
+"éste se crearán diversos ficheros LDIF que corresponden a las bases de datos "
+"ubicadas en el servidor. Asegúrese de que tiene suficiente espacio libre en "
+"la partición donde se ubica el directorio. La primera ocurrencia de la "
+"cadena «VERSION» se reemplaza con la versión del servidor desde la cual va a "
+"actualizar."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "¿Desea mover la base de datos antigua?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Existen ficheros en «/var/lib/ldap» que probablemente interrumpan el proceso "
+"de configuración. Si activa esta opción, se moverán los ficheros de las "
+"bases de datos antiguas antes de crear una nueva base de datos."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "¿Desea volver a intentar la configuración?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"La configuración que ha introducido no es válida. Asegúrese de que el nombre "
+"de dominio DNS es válido, que el campo de la organización no está en blanco "
+"y que las claves del administrador coinciden. El servidor LDAP quedará sin "
+"configurar si decide no volver a intentar la configuración. Ejecute «dpkg-"
+"reconfigure slapd» si desea volver a intentarlo más tarde."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Introduzca el nombre de dominio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"El nombre de dominio DNS se utiliza para construir el DN base del directorio "
+"LDAP. Por ejemplo, si introduce «foo.example.org» el directorio se creará "
+"con un DN base de «dc=foo, dc=example, dc=org»."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nombre de la organización:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Introduzca el nombre de la organización a utilizar en el DN base del "
+"directorio LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Contraseña del administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Introduzca la contraseña para la entrada de administrador de su directorio "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirme la contraseña:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Introduzca de nuevo la misma contraseña de administrador para su directorio "
+"LDAP para verificar que la introdujo correctamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Las contraseñas no coinciden"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"Las dos contraseñas que ha introducido son distintas. Inténtelo de nuevo."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+"¿Desea que se borre la base de datos cuando se purgue el paquete slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "fallo de slapcat durante la actualización"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Se produjo un error mientras se actualizaba su directorio LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"El programa «slapcat» falló mientras extraía el directorio LDAP. Este fallo "
+"puede deberse a un fichero de configuración incorrecto (por ejemplo, que "
+"falte alguna línea «moduleload» necesaria para el motor del base de datos)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Este fallo hará que también falle «slapadd» más adelante. Se van a mover los "
+"ficheros de la base de datos antigua a «/var/backups». Si desea volver a "
+"intentar la actualización debe mover los ficheros de la base de datos a su "
+"ubicación normal, arreglar lo que hizo que fallara «slapcat» y ejecutar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Mueva los ficheros de la base de datos de nuevo al área de la copia de "
+"seguridad e intente ejecutar «slapadd» desde «${location}»."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+"Se produjo un error cuando se realizaban tareas posteriores a la instalación"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+"Se han producido uno o más errores cuando se realizaban algunas tareas "
+"posteriores a la instalación. Es probable que el paquete slapd no haya "
+"podido migrar automáticamente una o más bases de datos OpenLDAP o que ya "
+"no se admita el motor que utiliza la instalación actual de OpenLDAP."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+"El guión de mantenimiento que se encarga de ejecutar las tareas posteriores a "
+"la instalación se ha cerrado, pero el servicio slapd NO ha sido reiniciado. "
+"Tendrá que corregir manualmente el problema y reiniciar el servicio."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+"Puede consultar el archivo README.Debian (disponible en «/usr/share/doc/"
+"slapd/») si desea obtener más información sobre escenarios problemáticos y "
+"cómo resolverlos."
+
+#~ msgid "abort installation"
+#~ msgstr "cancelar la instalación"
+
+#~ msgid "continue regardless"
+#~ msgstr "continuar de todas formas"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Se recomienda actualizar manualmente el esquema ppolicy"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "La nueva versión de la superposición Password Policy (ppolicy) requiere "
+#~ "que el esquema defina el tipo de atributo PwdMaxRecordedFailure, no "
+#~ "disponible en el esquema que está actualmente en uso. Se recomienda "
+#~ "cancelar la instalación ahora y actualizar el esquema ppolicy antes de "
+#~ "actualizar la versión de slapd. Si usa la replicación, debe aplicar la "
+#~ "actualización del esquema en cada servidor antes de continuar con la "
+#~ "actualización de la versión."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "Se ha generado un archivo LDIF con los cambios requeridos para la "
+#~ "actualización:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "por lo que si slapd utiliza las reglas de control de acceso "
+#~ "predeterminadas, puede aplicar estos cambios (después de iniciar slapd) "
+#~ "utilizando la orden:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Si decide continuar con la instalación, se añadirá el nuevo tipo de "
+#~ "atributo automáticamente, pero el cambio no afectará a las "
+#~ "superposiciones de slapd, lo que podría afectar a la replicación con "
+#~ "otros servidores."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr ""
+#~ "Configuración potencialmente insegura en el control de acceso de slapd"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Una o varias de las bases de datos configuradas contiene una regla de "
+#~ "control de acceso que permite a los usuarios modificar la mayoría de sus "
+#~ "propios atributos. Esta configuración puede ser insegura dependiendo de "
+#~ "cómo se utilice la base de datos."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "Se recomienda que elimine cualquier instancia «by self write» en las "
+#~ "reglas de acceso de slapd que empiecen con «to *» para que los usuarios "
+#~ "sólo puedan modificar los atributos que se hayan permitido expresamente."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr "Consulte «/usr/share/doc/slapd/README.Debian.gz» para más detalles."
diff --git a/debian/po/eu.po b/debian/po/eu.po
new file mode 100644
index 0000000..4b2042c
--- /dev/null
+++ b/debian/po/eu.po
@@ -0,0 +1,432 @@
+# Basque translation for openldap_2.4.40-2_eu.po
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Piarres Beobide <pi@beobide.net>, 2008.
+# Iñaki Larrañaga Murgoitio <dooteo@zundan.com>, 2010, 2014, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap_2.4.40-2_eu\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-10 12:14+0100\n"
+"Last-Translator: Iñaki Larrañaga Murgoitio <dooteo@zundan.com>\n"
+"Language-Team: Basque <debian-l10n-basque@lists.debian.org>\n"
+"Language: eu\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.5\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Ez konfiguratu OpenLDAP zerbitzaria?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Aukera hau gaitzen baduzu, ez da hasierako konfigurazio edo datu-baserik "
+"sortuko."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "beti"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "beharrezkoa denean"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "inoiz ere ez"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Irauli datu-baseak fitxategi batetara bertsio-berritzean:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"OpenLDAP zerbitzariaren bertsio berri batetara bertsio-berritu aurretik, "
+"zure LDAP direktorioak testu lau fitxategietara irauliko dira LDAPen datuen "
+"elkartrukatzeko formatu estandarra erabiliz."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"\"Beti\" hautatzean, datu-baseak baldintzarik gabe irauliko dira bertsio-"
+"berritze baten aurretik. \"Beharrezkoa denean\" hautatuz, bertsio berria "
+"datu-base zaharraren formatuarekin bateragarria ez denean eta berriro "
+"inportatu behar denean bakarrik irauliko da datu-basea. \"Inoiz ere ez\" "
+"hautatzen baduzu, inoiz ez da datu-basea irauliko."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Datu-baseak iraultzean erabiliko den direktorioa:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Zehaztu LDAP esportatzeko erabiliko den direktorioa. Direktorio honetan "
+"zerbitzariko datu-base ezberdinei dagozkien LDIF fitxategiak sortuko dira. "
+"Ziurtatu zaitez direktorioaren partizioan behar duzun bezainbeste leku libre "
+"duzula. \"VERSION\" katearen lehenengo agerpena zerbitzariaren jatorrizko "
+"bertsio zenbakiagatik ordeztuko da."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Aldatu datu-base zaharra lekuz?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Konfigurazioko prozesua apur dezaketen fitxategiak daude oraindik /var/lib/"
+"ldap direktorioan. Aukera hau gaitzen baduzu mantentzailearen script-ek datu-"
+"base zaharreko fitxategiak hortik kenduko ditu datu-base berria sortu "
+"aurretik."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Berriz saiatu konfigurazioa egiten?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Zuk sartutako konfigurazioa baliogabea da. Ziurtatu DNSaren domeinu-izena "
+"sintaktikoki zuzena dela, erakundeari dagokion eremua ezin da hutsik egon "
+"eta LDAPeko administratzailearen pasahitzak berdinak izan behar dira. "
+"Konfigurazioa ez berregitea hautatzen baduzu, LDAP zerbitzaria ez da "
+"konfiguratuko. Beranduago konfigurazioa egin nahi izanez gero, exekutatu "
+"'dpkg-reconfigure slapd'."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNSaren domeinu-izena:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNSaren domeinu-izena LDAP direktorioaren DN oinarria eraikitzeko erabiliko "
+"da. Adibidez, 'proba.adibide.org' erabiliz DN oinarri gisa 'dc=proba, "
+"dc=example, dc=org' edukiarekin sortuko du direktorioa."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Erakundearen izena:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Idatzi LDAP direktorioko DN oinarrian erabiliko den erakundearen izena."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administratzailearen pasahitza:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Idatzi LDAP direktorioko administratzailearen sarrerarako pasahitza."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Berretsi pasahitza:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Idatzi LDAP direktorioko administratzailearen sarrerarako pasahitza berriro "
+"ondo idatzi duzula ziurtatzeko."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Pasahitzak ez dira berdinak"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Idatzitako bi pasahitzak ez dira berdinak. Saiatu berriro."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Slapd kentzen bada, datu-basea ere ezabatzea nahi duzu?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat-ek huts egin du bertsio-berritzean"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Errorea gertatu da LDAP direktorioa bertsio-berritzean."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"'slapcat' programak huts egin du LDAP direktorioa erauztean. Konfigurazioko "
+"fitxategia oker egoteagatik gerta daiteke (adibidez, datu-basearen motorra "
+"onartzeko 'moduleload' lerroak falta badira)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Hutsegite honek 'slapdd'-ek lehenago edo beranduago hutsegitea eragingo du. "
+"Datu-base zaharra /var/backups karpetara eramango da. Bertsio-berritze hau "
+"berriro saiatzea nahi izanez gero, datu-base zaharreko fitxategiak aurreko "
+"kokalekura eraman beharko dituzu. Konpondu slapcat-en hutsegitea eragin "
+"duena eta exekutatu honako komandoa:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Ondoren, eraman datu-basearen fitxategiak babeskopiako kokaleku batera, eta "
+"saiatu slapadd ${location}(e)tik exekutatzen."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "utzi bertan behera instalazioa"
+
+#~ msgid "continue regardless"
+#~ msgstr "jarraitu dena den"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "ppolicy eskema eskuz eguneratzea gomendatzen da"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Pasahitzen politikaren (Password Policy, ppolicy) gainjarpenaren bertsio "
+#~ "berriak eskema behar du, erabiltzen ari den uneko eskeman aurkitzen ez "
+#~ "den \"pwdMaxRecordedFailure\" atributu mota definitzeko. Bertsio-"
+#~ "berritzea oraintxe bertan behera botatzea gomendatzen da, eta \"ppolicy\" "
+#~ "eskema eguneratu slapd bertsio-berritu aurretik. Erreplikazioa erabiltzen "
+#~ "ari bada, eskemaren eguneraketa zerbitzari bakoitzean aplikatu beharko "
+#~ "litzateke bertsio-berritzearekin jarraitu aurretik."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "LDIF fitxategia sortu da bertsio-berritzeak eskatzen dituen aldaketekin:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "'slapd'-ek sarbidetzaren kontrolaren arau lehenetsiak erabiltzen baditu, "
+#~ "aldaketa hauek aplikatzeko (slapd abiarazi ostean) erabili komando hau:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Horren ordez, instalazioarekin aurrera jarraitzea erabakitzen baduzu, "
+#~ "atributu mota berria automatikoki gehituko da, baina aldaketak ez du "
+#~ "eraginik izango slapd-ren gainjarpenetan, eta beste zerbitzariekin "
+#~ "erreplikazioek eragina jasan dezakete."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr ""
+#~ "Potentzialki ez-segurua den slapd atzitzeko kontrolaren konfigurazioa"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Konfiguratutako datu-base batek (edo gehiagok) erabiltzaileek beraien "
+#~ "atributu gehienak aldatzeko baimentzen duen atzipeneko kontrol-arau bat "
+#~ "du. Hau ez-segurua izan daiteke, datu-basea nola erabiltzen den arabera."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "slapd-ren \"to *\"-rekin hasten diren atzipen arauen kasuan, \"by self "
+#~ "write\"-ren instantziak kentzea gomendatzen da. Horrela, erabiltzaileek "
+#~ "bereziki baimendutako atributuak soilik alda ditzakete."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Irakurri /usr/share/doc/slapd/README.Debian.gz xehetasun gehiagorako."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Datu-basearen motorra:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB eta BDB motorrek antzeko biltegiratze formatuak erabiltzen dituzte, "
+#~ "baina HDB-ek azpizuhaitzak berrizendatzeko euskarria dauka. Biek "
+#~ "konfigurazioko aukera berdinak onartzen dituzte."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "MDB motorra gomendatzen da. MDB-ek biltegiratze formatu berri bat "
+#~ "erabiltzen du, eta BDB edo HDB baino konfigurazio gutxiago eskatzen du."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Edozein kasutan, sortutako datu-basearen konfigurazioa gainbegiratu "
+#~ "beharko zenuke zure beharrei erantzuten diela ziurtatzeko. Irakurri /usr/"
+#~ "share/doc/slapd/README.Debian.gz xehetasun gehiagorako."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Onartu LDAPv2 protokoloa?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Lehenespenez slapd-en LDAPv2 protokolo zaharkitua desgaituta dago. "
+#~ "Programa eta erabiltzaileak LDAPv3-ra migratu beharko lirateke. Hautatu "
+#~ "aukera hau baldin eta LDAPv3 erabili ezin duten programa zaharrak "
+#~ "badituzu, eta slapd.conf fitxategiari 'allow bind_v2' gehituko zaio."
diff --git a/debian/po/fi.po b/debian/po/fi.po
new file mode 100644
index 0000000..6b5197d
--- /dev/null
+++ b/debian/po/fi.po
@@ -0,0 +1,440 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2008-04-09 20:55+0200\n"
+"Last-Translator: Esko Arajärvi <edu@iki.fi>\n"
+"Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n"
+"Language: fi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Finnish\n"
+"X-Poedit-Country: FINLAND\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Ohitetaanko OpenLDAP-palvelimen asetus?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr "Jos valitset tämän vaihtoehdon, asetuksia ja tietokantaa ei luoda."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "aina"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "tarvittaessa"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "ei koskaan"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Vedosta tietokannat tiedostoon päivitettäessä:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Ennen päivitystä OpenLDAP-palvelimen uuteen versioon, LDAP-hakemistoista "
+"voidaan tallentaa vedos standardissa LDAP-tiedonsiirtomuodossa oleviin "
+"tekstitiedostoihin."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Valinta ”aina” merkitsee, että tietokannat vedostetaan tilanteesta "
+"riippumatta ennen päivitystä. Valinta ”tarvittaessa” merkitsee, että "
+"tietokannoista otetaan vedos vain, jos uusi versio ei ole yhteensopiva "
+"vanhan tietokantamuodon kanssa ja tiedot tulee tuoda kantaan uudelleen. "
+"Valittaessa ”ei koskaan” vedostusta ei tehdä."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Tietokantavedosten hakemisto:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Anna hakemisto, johon LDAP-tietokannat vedostetaan. Hakemistoon luodaan "
+"useita LDIF-tiedostoja, joiden sisältö vastaa palvelimen hakukantoja. "
+"Varmista, että valitulla levyosiolla on tarpeeksi vapaata tilaa. Merkkijonon "
+"”VERSION” ensimmäinen esiintymä korvataan päivitettävän palvelimen "
+"versionumerolla."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Siirretäänkö vanha tietokanta?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Hakemistossa /var/lib/ldap on vielä tiedostoja ja ne luultavasti hajoavat "
+"asetusprosessissa. Jos valitset tämän vaihtoehdon, vanhat "
+"tietokantatiedostot siirretään syrjään ennen uuden tietokannan luomista."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Yritetäänkö asetusten tekoa uudelleen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+#, fuzzy
+#| msgid ""
+#| "The configuration you entered is invalid. Make sure that the DNS domain "
+#| "name is syntactically valid, the organization is not left empty and the "
+#| "admin passwords match. If you decide not to retry the configuration the "
+#| "LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want "
+#| "to retry later."
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Antamasi asetukset ovat epäkelpoja. Varmista, että DNS-aluenimen syntaksi on "
+"oikea, organisaatiokenttä ei ole tyhjä ja että ylläpitosalasanat täsmäävät. "
+"Jos päätät olla yrittämättä asetusten tekemistä uudelleen, LDAP-palvelimen "
+"asetukset eivät ole valmiit. Voit tehdä asetukset myöhemmin ajamalla "
+"komennon ”dpkg-reconfigure slapd”."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-aluenimi:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNS-aluenimeä käytetään perus-DN:n (erittelevä nimi) luomisessa LDAP-"
+"hakemistolle. Esimerkiksi ”foo.esimerkki.fi” luo hakemiston, jonka perus-DN "
+"on ”dc=foo, dc=esimerkki, dc=fi”."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Organisaation nimi:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr "Anna LDAP-hakemiston perus-DN:ssä käytettävä organisaation nimi."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Ylläpitosalasana:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Anna LDAP-hakemiston ylläpitosalasana."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Vahvista salasana:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Syötä LDAP-hakemiston ylläpitosalasana uudelleen varmistaaksesi, että "
+"kirjoitit sen oikein."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Salasanat eivät täsmää"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Syöttämäsi kaksi salasanaa eivät olleet sama. Yritä uudelleen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Haluatko, että tietokanta poistetaan siivottaessa paketti slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Toimintahäiriö ohjelmassa slapcat päivityksen aikana"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Päivitettäessä LDAP-hakemistoa tapahtui virhe."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"LDAP-hakemiston tuottavassa ohjelmassa ”slapcat” tapahtui toimintahäiriö. "
+"Tämä saattaa johtua virheellisestä asetustiedostosta (esimerkiksi "
+"puuttuvista, taustatietokannan tuen lisäävistä ”moduleload”-riveistä)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Tämän toimintahäiriön takia ohjelmassa ”slapadd” tulee myöhemmin ilmenemään "
+"toimintahäiriö. Vanhat tietokantatiedostot siirretään hakemistoon /var/"
+"backups. Jos haluat yrittää päivittämistä uudelleen, vanhat "
+"tietokantatiedostot tulisi siirtää takaisin paikoilleen, korjata "
+"toimintahäiriön aiheuttanut virhe ja ajaa:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+#, fuzzy
+#| msgid ""
+#| "Then move the database files back to a backup area and then try running "
+#| "slapadd from $location."
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Siirrä tämän jälkeen tietokantatiedostot takaisin varmuuskopiohakemistoon ja "
+"aja slapadd sijainnista $location."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Käytettävä taustatietokanta:"
+
+#, fuzzy
+#~| msgid ""
+#~| "The HDB backend is recommended. HDB and BDB use similar storage formats, "
+#~| "but HDB adds support for subtree renames. Both support the same "
+#~| "configuration options."
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB-taustatietokantaa suositellaan. HDB ja BDB käyttävät samantapaisia "
+#~ "tallennusmuotoja, mutta HDB tukee lisäksi puun osien uudelleennimeämistä. "
+#~ "Molemmat tukevat samoja asetusvalintoja."
+
+#, fuzzy
+#~| msgid ""
+#~| "The HDB backend is recommended. HDB and BDB use similar storage formats, "
+#~| "but HDB adds support for subtree renames. Both support the same "
+#~| "configuration options."
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "HDB-taustatietokantaa suositellaan. HDB ja BDB käyttävät samantapaisia "
+#~ "tallennusmuotoja, mutta HDB tukee lisäksi puun osien uudelleennimeämistä. "
+#~ "Molemmat tukevat samoja asetusvalintoja."
+
+#, fuzzy
+#~| msgid ""
+#~| "In either case, you should review the resulting database configuration "
+#~| "for your needs. See /usr/share/doc/slapd/README.DB_CONFIG.gz for more "
+#~| "details."
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Joka tapauksessa tulisi tarkistaa, että tuloksena olevat tietokanta-"
+#~ "asetukset vastaavat tarpeita. Tiedostosta /usr/share/doc/slapd/README."
+#~ "DB_CONFIG.gz löytyy lisätietoja (englanniksi)."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Sallitaanko LDAPv2-yhteyskäytäntö?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Vanhentunut LDAPv2-yhteyskäytäntö on slapdissa oletuksena poissa "
+#~ "käytöstä. Järjestelmät ja ohjelmat päivittää käyttämään LDAPv3:a. Jos "
+#~ "jotkin vanhat ohjelmat eivät voi käyttää LDAPv3-yhteyskäytäntöä, valitse "
+#~ "tämä lisätäksesi asetuksen ”allow bind_v2” tiedostoon slapd.conf"
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr ""
+#~ "slurpd on vanhentunut; kopioiden asetukset tulee tehdä käsin uudelleen"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Päivitettäessä slapdin asetuksista löytyi yksi tai useampia ”replica”-"
+#~ "asetuksia. Koska slurpd on vanhentunut OpenLDAPin versiosta 2.4 alkaen, "
+#~ "tulee kopiot vaihtaa käyttämään syncrepl-yhteyskäytäntöä."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Muunnosta slurpdista vetoon perustuvaan syncrepl-yhteyskäytäntöön ei "
+#~ "voida tehdä automaattisesti ja kopiopalvelimien asetukset tulee tehdä "
+#~ "käsin. Lisätietoja (englanniksi) löytyy tiedostosta http://www.openldap."
+#~ "org/doc/admin24/syncrepl.html."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "TLSCipherSuite-arvot ovat muuttuneet"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Asetus ”TLSCipherSuite” löydettiin päivitettäessä slapdin asetuksista. "
+#~ "Tämän asetuksen sallitut arvot riippuvat käytetystä SSL-toteutuksesta. "
+#~ "Käytetty toteutus on vaihdettu OpenSSL:stä GnuTLS:ään. Tämän seurauksena "
+#~ "nykyinen TLSCipherSuite-asetus ei toimi tämän paketin kanssa."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Tämä asetus on automaattisesti kommentoitu pois käytöstä. Jos on tarpeen "
+#~ "asettaa tietty salaus tällä asetuksella, lista GnuTLS:n tukemista "
+#~ "salauksista voidaan tulostaa paketin gnutls-bin avulla komennolla ”gnutls-"
+#~ "cli -l”."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Tehdäänkö nykyisestä tietokannasta varmuuskopio ja luodaanko uusi?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Annettu hakemistopääte (verkkotunnus) ei täsmää tiedostossa /etc/ldap/"
+#~ "slapd.conf olevaan. Hakemistopäätteen muuttaminen vaatii, että nykyinen "
+#~ "LDAP-tietokanta siirretään syrjään ja luodaan uusi. Vahvista haluatko "
+#~ "tehdä tehdä varmuuskopion nykyisestä tietokannasta ja hylätä sen."
diff --git a/debian/po/fr.po b/debian/po/fr.po
new file mode 100644
index 0000000..64e85ba
--- /dev/null
+++ b/debian/po/fr.po
@@ -0,0 +1,515 @@
+# Translation of openldap debconf templates to French
+# Copyright (C) 2006-2010 Christian Perrier <bubulle@debian.org>
+# This file is distributed under the same license as the openldap package.
+#
+#
+# Christian Perrier <bubulle@debian.org>, 2006-2010, 2014.
+# Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-21 16:28+0100\n"
+"Last-Translator: Jean-Pierre Giraud <jean-pierregiraud@neuf.fr>\n"
+"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.5\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Voulez-vous omettre la configuration d'OpenLDAP ?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Si vous choisissez cette option, aucune configuration par défaut et aucune "
+"base de données ne seront créées."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "Toujours"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "Lorsque nécessaire"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "Jamais"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr ""
+"Sauvegarde des bases de données dans un fichier pour la mise à niveau :"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Avant la mise à niveau du serveur OpenLDAP, les données des annuaires LDAP "
+"peuvent être exportées dans des fichiers au format texte LDIF (« LDAP Data "
+"Interchange Format » : format d'échange de données LDAP)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Si vous choisissez l'option « Toujours », les données seront "
+"systématiquement exportées avant une mise à niveau. Si vous choisissez "
+"« Lorsque nécessaire », elles ne seront exportées que lorsque la nouvelle "
+"version utilisera un format incompatible avec l'ancienne, ce qui imposera de "
+"réimporter les données. Si vous choisissez « Jamais », les données ne seront "
+"jamais exportées."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Répertoire où exporter les bases de données :"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Veuillez indiquer le répertoire où les bases de données LDAP seront "
+"exportées. Plusieurs fichiers LDIF seront créés dans ce répertoire. Ils "
+"correspondent aux bases de recherche présentes sur le serveur. Veuillez "
+"vérifier que la partition où se trouve ce répertoire comporte suffisamment "
+"de place disponible. La première occurrence de « VERSION » dans le nom de ce "
+"répertoire sera remplacée par la version d'OpenLDAP utilisée avant la mise à "
+"niveau."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Faut-il déplacer l'ancienne base de données ?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Des fichiers présents dans /var/lib/ldap vont probablement provoquer l'échec "
+"de la procédure de configuration. Si vous choisissez cette option, les "
+"scripts de configuration déplaceront les anciens fichiers des bases de "
+"données avant de créer une nouvelle base de données."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Faut-il recommencer la configuration ?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"La configuration que vous avez indiquée n'est pas valable. Veuillez vérifier "
+"que le nom de domaine DNS utilise une syntaxe correcte, que « organisation » "
+"n'est pas vide et que les mots de passe d'administrateur correspondent. Si "
+"vous choisissez de ne pas recommencer la configuration, le serveur LDAP ne "
+"sera pas configuré. Si vous voulez recommencer ce processus, utilisez la "
+"commande « dpkg-reconfigure slapd »."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nom de domaine :"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Le nom de domaine DNS est utilisé pour établir le nom distinctif de base "
+"(« base DN » ou « Distinguished Name ») de l'annuaire LDAP. Par exemple, si "
+"vous indiquez « toto.example.org » ici, le nom distinctif de base sera "
+"« dc=toto, dc=example, dc=org »."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nom d'entité (« organization ») :"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Veuillez indiquer la valeur qui sera utilisée comme nom d'entité "
+"(« organization ») dans le nom distinctif de base de l'annuaire LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Mot de passe de l'administrateur :"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Veuillez indiquer le mot de passe de l'administrateur de l'annuaire LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Mot de passe de l'administrateur :"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Veuillez entrer à nouveau le mot de passe de l'administrateur de l'annuaire "
+"LDAP afin de vérifier qu'il a été saisi correctement."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Erreur de saisie du mot de passe"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"Les deux mots de passe que vous avez entrés sont différents. Veuillez "
+"recommencer."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Faut-il supprimer la base de données lors de la purge du paquet ?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Échec de slapcat durant la mise à niveau"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Une erreur s'est produite lors de la mise à niveau de l'annuaire LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Le programme « slapcat » a échoué en extrayant les données du répertoire "
+"LDAP. Cela peut être dû à un fichier de configuration non valable (par "
+"exemple l'absence de lignes « moduleload » permettant de gérer les divers "
+"types de bases de données)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Cet échec provoquera l'échec ultérieur de « slapadd ». Les anciens fichiers "
+"de bases de données seront déplacés dans /var/backups. Si vous souhaitez "
+"tenter à nouveau la mise à jour, vous devrez les remettre en place, corriger "
+"l'erreur qui a provoqué l'échec de slapcat et utiliser la commande suivante :"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Déplacez ensuite les bases de données vers un emplacement de sauvegarde et "
+"tentez d'utiliser la commande « slapadd » depuis ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "Abandonner l'installation"
+
+#~ msgid "continue regardless"
+#~ msgstr "Continuer quand même"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Mise à jour manuelle du schéma ppolicy recommandée"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "La nouvelle version de la surcouche Password Policy (ppolicy – politique "
+#~ "de mot de passe) nécessite que le schéma définisse le type d'attribut "
+#~ "pwdMaxRecordedFailure qui n'est pas présent dans le schéma actuel. Il est "
+#~ "recommandé d'abandonner la mise à niveau maintenant, et de mettre à jour "
+#~ "le schéma ppolicy avant de mettre à niveau slapd. Si vous utilisez une "
+#~ "réplication, la mise à jour du schéma doit être appliquée sur chaque "
+#~ "serveur avant de poursuivre la mise à niveau."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "Un fichier LDAP a été créé avec les modifications requises pour la mise à "
+#~ "jour :"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "aussi, si slapd utilise les règles de contrôle d'accès par défaut, ces "
+#~ "modifications peuvent être appliquées (après le démarrage de slapd) avec "
+#~ "la commande :"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Si vous choisissez plutôt de poursuivre l'installation, le nouveau type "
+#~ "d'attribut sera ajouté automatiquement, mais la modification ne sera pas "
+#~ "appliquée par les surcouches de slapd, et la réplication sur d'autres "
+#~ "serveurs peut être affectée."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Configuration potentiellement peu sûre du contrôle d'accès de slapd"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Une ou plusieurs des bases de données configurées comportent une règle de "
+#~ "contrôle d'accès qui permet aux utilisateurs de modifier un ou plusieurs "
+#~ "de leurs propres paramètres. Cela peut être peu sûr, selon la façon dont "
+#~ "la base de données est configurée."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "Pour les règles d'accès à slapd qui commencent par « to * », il est "
+#~ "recommandé de supprimer toute occurrence de « by self write », afin que "
+#~ "les utilisateurs ne puissent modifier que des paramètres explicitement "
+#~ "autorisés."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Veuillez consulter le fichier /usr/share/doc/slapd/README.Debian.gz pour "
+#~ "plus d'informations."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Module de base de données à utiliser :"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB et BDB utilisent des formats de stockage analogues. Par contre, HDB "
+#~ "gère les renommages de sous-arbres. Les deux formats utilisent les mêmes "
+#~ "options de configuration."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "Le module MDB est recommandé. Il utilise un nouveau format de stockage et "
+#~ "est plus simple à configurer que BDB ou HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Quel que soit votre choix, vous devriez vérifier les options de "
+#~ "configuration de la base de données. Pour plus d'informations, veuillez "
+#~ "consulter le fichier /usr/share/doc/slapd/README.Debian.gz."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Faut-il autoriser le protocole LDAPv2 ?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "L'ancien protocole LDAPv2 est désactivé dans slapd. Il est conseillé de "
+#~ "migrer les programmes et les utilisateurs vers la version LDAPv3. Si vous "
+#~ "utilisez d'anciens programmes qui ne gèrent pas encore LDAPv3, vous "
+#~ "devriez choisir cette option, ce qui ajoutera l'option « allow bind_v2 » "
+#~ "au fichier slapd.conf."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "Programme slurpd obsolète : reconfiguration manuelle des réplicats"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Une ou plusieurs options « replica » de slurpd ont été trouvée dans le "
+#~ "fichier de configuration lors de la mise à niveau. Le programme slurpd "
+#~ "est obsolète à partir de la version 2.4 d'OpenLDAP et il est nécessaire "
+#~ "de migrer les réplicats pour qu'ils utilisent le protocole syncrepl à la "
+#~ "place."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Cette conversion ne peut se faire automatiquement et vous devez "
+#~ "configurer les serveurs réplicats vous-même. Veuillez consulter http://"
+#~ "www.openldap.org/doc/admin24/syncrepl.html pour plus d'informations."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Changement des valeurs possibles pour « TLSCipherSuite »"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "L'option « TLSCipherSuite » a été trouvée dans le fichier de "
+#~ "configuration de slapd lors de la mise à niveau. Les valeurs possibles "
+#~ "pour cette option dépendent de l'implémentation de SSL qui est utilisée. "
+#~ "Comme OpenSSL a été remplacé par GnuTLS, les réglages actuels de "
+#~ "« TLSCipherSuite » ne fonctionnent plus avec cette version du paquet."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Ce réglage a été automatiquement mis en commentaire. Si une méthode "
+#~ "spécifique de chiffrement impose de la réactiver, vous devriez consulter "
+#~ "l'affichage de la commande « gnutls-cli -l » du paquet gnutls-bin pour "
+#~ "une liste des méthodes de chiffrement gérées par GnuTLS."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr ""
+#~ "Faut-il sauvegarder l'ancienne base de données et en créer une nouvelle ?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Le suffixe d'annuaire (domaine) indiqué ne correspond pas à celui qui est "
+#~ "actuellement mentionné dans /etc/ldap/slapd.conf. Le changement du "
+#~ "suffixe d'annuaire nécessite de déplacer la base de données actuelle et "
+#~ "d'en créer une nouvelle. Veuillez confirmer si vous voulez délaisser la "
+#~ "base de données actuelle (une sauvegarde sera effectuée)."
diff --git a/debian/po/gl.po b/debian/po/gl.po
new file mode 100644
index 0000000..67abe94
--- /dev/null
+++ b/debian/po/gl.po
@@ -0,0 +1,454 @@
+# translation of openldap_2.4.23-2_gl.po to Galician
+# Galician translation of openldap's debconf templates.
+# This file is distributed under the same license as the openldap package.
+#
+# Jacobo Tarrio <jtarrio@debian.org>, 2006.
+# Jorge Barreiro <yortx.barry@gmail.com>, 2010, 2014.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap_2.4.40-2_gl\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2014-11-17 00:40+0100\n"
+"Last-Translator: Jorge Barreiro <yortx.barry@gmail.com>\n"
+"Language-Team: Galician <proxecto@trasno.net>\n"
+"Language: gl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.4\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Omitir a configuración do servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Se escolle esta opción non se creará ningunha configuración ou base de datos "
+"inicial."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "cando se precise"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nunca"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Envorcar as bases de datos a un ficheiro na actualización:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Antes de actualizar a unha nova versión do servidor OpenLDAP, pódense "
+"envorcar os datos dos seus directorios LDAP a ficheiros de texto normal no "
+"formato estándar LDIF, formato de intercambio de datos LDAP."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"A opción «sempre» fará que as bases de datos se envorquen incondicionalmente "
+"antes dunha actualización. Se escolle «cando se precise» só se ha envorcar a "
+"base de datos se a nova versión é incompatíbel co formato antigo da base de "
+"datos e hai que reimportala. Se escolle «nunca» non se ha envorcar a base de "
+"datos."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directorio para as bases de datos envorcadas:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Especifique o directorio no que se han exportar as bases de datos LDAP. "
+"Neste directorio hanse crear varios ficheiros LDIF que se corresponden coas "
+"bases de busca almacenadas no servidor. Asegúrese de ter espazo libre "
+"dabondo na partición na que reside o directorio. A primeira aparición da "
+"cadea «VERSION» substitúese pola versión do servidor a partires da que se "
+"actualiza."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Trasladar a base de datos antiga?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Aínda hai ficheiros en /var/lib/ldap que probablemente fagan fallar o "
+"proceso de configuración. Se activa esta opción, os «scripts» do mantedor "
+"apartarán os ficheiros da base de datos antiga antes de crear unha nova base "
+"de datos."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Volver tentar a configuración?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"A configuración que introduciu non é válida. Asegúrese de que o nome de "
+"dominio DNS teña unha sintaxe válida, o campo para a organización non quede "
+"baleiro e os contrasinais do administrador coincidan. Se decide non volver "
+"tentar a configuración non se ha configurar o servidor LDAP. Execute «dpkg-"
+"reconfigure slapd» se quere volver a tentalo noutro momento."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nome de dominio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"O nome de dominio DNS emprégase para construír o DN base do directorio LDAP. "
+"Por exemplo, «foo.example.org» creará o directorio con «dc=foo, dc=example, "
+"dc=org» coma DN base."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nome da organización:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Introduza aquí o nome da organización a empregar no DN base do seu "
+"directorio LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Contrasinal do administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Introduza o contrasinal para a entrada do administrador no directorio LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirme o contrasinal:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Volva introducir o contrasinal do administrador do seu directorio LDAP para "
+"comprobar que o introduciu correctamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Contrasinais distintos"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Os dous contrasinais que introduciu non son iguais. Volva tentalo."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Quere que se elimine a base de datos ao purgar slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Fallou a execución de slapcat durante a actualización"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Produciuse un erro ao actualizar o directorio LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"O programa «slapcat» fallou ao extraer o directorio LDAP. Isto pode estar "
+"causado por un ficheiro de configuración incorrecto (por exemplo, se non hai "
+"liñas «moduleload» para o uso da base de datos)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Este fallo fará que «slapadd» tamén falle. Trasladaranse os ficheiros de "
+"base de datos antigos a /var/backups. Se quere volver tentar a "
+"actualización, debería mover os ficheiros da base de datos antiga ao seu "
+"sitio, arranxar o que fixo que fallara slapcat, e executar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Despois volva trasladar os ficheiros da base de datos a unha zona de copias "
+"de seguridade e probe a executar slapadd desde ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr ""
+#~ "A configuración de control de acceso de slapd é potencialmente insegura"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Polo menos unha das bases de datos configuradas ten unha regra de control "
+#~ "de acceso que permite aos usuarios modificar a maioría dos atributos. "
+#~ "Isto pode ser inseguro dependendo da maneira en que se use a base de "
+#~ "datos."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "No caso das regras de acceso de «slapd» que comezan con «to *», "
+#~ "recoméndaselle eliminar calquera instancia de «by self write», de maneira "
+#~ "que os usuarios só poidan modificar os atributos especificamente "
+#~ "permitidos."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Pode obter máis información en /usr/share/doc/slapd/README.Debian.gz ."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Motor de base de datos a empregar:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB e BDB empregan formatos de almacenamento semellantes, pero HDB "
+#~ "permite ademais o cambio de nome de subárbores. Ámbolos dous permiten "
+#~ "usar as mesmas opcións de configuración."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "Recoméndase o motor MDB. MDB usa un formato de almacenamento novo e "
+#~ "precisa menos configuración que BDB ou HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "En calquera caso, debería revisar que a configuración da base de datos se "
+#~ "axusta ás súas necesidades. Pode obter máis información en /usr/share/doc/"
+#~ "slapd/README.Debian.gz ."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Admitir o protocolo LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "O protocolo obsoleto LDAPv2 está desactivado por defecto en slapd. Os "
+#~ "programas e os usuarios deberíanse actualizar a LDAPv3. Se ten programas "
+#~ "antigos que non poidan empregar LDAPv3 debería escoller esta opción, que "
+#~ "fará que se engada «allow bind_v2» ao ficheiro slapd.conf ."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "¿Facer unha copia da base de datos actual e crear unha nova?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "O sufixo de directorio (dominio) que especificou non coincide co que hai "
+#~ "en /etc/ldap/slapd.conf. Para cambiar o sufixo do directorio hai que "
+#~ "apartar a base de datos LDAP actual e crear unha nova. Confirme se quere "
+#~ "facer unha copia de seguridade da base de datos actual e abandonala."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "slurpd está obsoleto; é preciso reconfigurar as réplicas á man"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Atopouse unha ou máis opcións \"replica\" na configuración de slapd ao "
+#~ "actualizar. Como slurpd está obsoleto a partires de OpenLDAP 2.4, ha ter "
+#~ "que migrar as súas réplicas para que empreguen no seu canto o protocolo "
+#~ "syncrepl."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Non se pode realizar automaticamente a conversión de slurpd ao protocolo "
+#~ "syncrepl baseado en pull, e ha ter que configurar manualmente os seus "
+#~ "servidores réplica. Consulte http://www.openldap.org/doc/admin24/syncrepl."
+#~ "html para máis detalles."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Os valores de TLSCipherSuite cambiaron"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Atopouse unha opción \"TLSCipherSuite\" na configuración de slapd ao "
+#~ "actualizar. Os valores admitidos para esta opción están determinados pola "
+#~ "implementación de SSL en uso, que se cambiou de OpenSSL a GnuTLS. Coma "
+#~ "resultado, a configuración actual de TLSCipherSuite non ha funcionar con "
+#~ "este paquete."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Anulouse cun comentario esta configuración por vostede. Se ten "
+#~ "necesidades de cifrado específicas que precisan de que se volva activar "
+#~ "esta opción, consulte a saída de \"gnutls-cli -l\" no paquete gnutls-bin "
+#~ "para obter a lista de sistemas de cifrado soportados por GnuTLS."
diff --git a/debian/po/it.po b/debian/po/it.po
new file mode 100644
index 0000000..f52500d
--- /dev/null
+++ b/debian/po/it.po
@@ -0,0 +1,434 @@
+# Italian (it) translation of debconf templates for openldap
+# This file is distributed under the same license as the openldap package.
+# Luca Monducci <luca.mo@tiscali.it>, 2007-2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.40-2 italian debconf templates\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-21 11:42+0100\n"
+"Last-Translator: Luca Monducci <luca.mo@tiscali.it>\n"
+"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Omettere la configurazione del server OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Se si accetta, non verranno creati la configurazione iniziale né il database."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "quando necessario"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "mai"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Fare il dump su file dei database prima dell'aggiornamento:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Prima dell'aggiornamento a una nuova versione del server OpenLDAP, è "
+"possibile fare il dump delle proprie directory LDAP in dei semplici file di "
+"testo in formato LDIF (lo standard per lo scambio di dati LDAP)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Selezionando \"sempre\" il dump dei database verrà effettuato prima di ogni "
+"aggiornamento. Con \"quando necessario\" il dump dei database verrà fatto "
+"solo quando la nuova versione è incompatibile con il vecchio formato del "
+"database e quindi deve essere reimportato. Infine con \"mai\" il dump dei "
+"database non verrà mai fatto."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directory per il dump dei database:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Indicare la directory in cui verranno esportati i database LDAP. In questa "
+"directory verrà creato un file LDIF per ogni base di ricerca presente sul "
+"server. Assicurarsi di avere spazio libero sufficiente sulla partizione che "
+"contiene la directory indicata. La prima occorrenza della stringa \"VERSION"
+"\" viene sostituita con la versione del server che si sta aggiornando."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Spostare il vecchio database?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Ci sono ancora dei file in /var/lib/ldap che potrebbero intralciare il "
+"processo di configurazione. Se si accetta, gli script di installazione "
+"toglieranno di mezzo i file dei vecchi database prima di creare il nuovo "
+"database."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Ripetere la configurazione?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"La configurazione inserita non è valida. Assicurarsi che il nome di dominio "
+"DNS sia sintatticamente corretto, che il campo per il nome "
+"dell'organizzazione non sia stato lasciato in bianco e che le password di "
+"amministrazione coincidano. Se si decide di non riprovare la configurazione, "
+"il server LDAP non verrà impostato. In seguito, per riprovare la "
+"configurazione, usare \"dpkg-reconfigure slapd\"."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nome di dominio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Il nome DNS di dominio è usato per costruire la base DN della directory "
+"LDAP. Per esempio con \"pippo.esempio.org\" sarà creata una directory con "
+"\"dc=pippo, dc=esempio, dc=org\" come base DN."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nome dell'organizzazione:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Inserire il nome dell'organizzazione da usare nella base DN della propria "
+"directory LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Password dell'amministratore:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Inserire la password per l'amministrazione della propria directory LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Conferma della password:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Inserire di nuovo la password per l'amministrazione della propria directory "
+"LDAP, per verificare che sia stata digitata correttamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Le password non coincidono"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Le due password inserite non sono uguali; si prega di riprovare."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Eliminare il database in caso di rimozione completa di slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Problema con slapcat durante l'aggiornamento"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr ""
+"Si è verificato un errore durante l'aggiornamento della directory LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Il programma \"slapcat\" ha riportato un errore durante l'estrazione della "
+"directory LDAP. L'errore potrebbe essere causato da un file di "
+"configurazione sbagliato (per esempio, la mancanza delle righe \"moduleload"
+"\" per il supporto al database di backend)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Questo errore provocherà anche il successivo fallimento di \"slapadd\". I "
+"file del vecchio database saranno spostati in /var/backups. Per riprovare "
+"l'aggiornamento è necessario riportare i file nella posizione originale, "
+"correggere ciò che ha causato il fallimento di slapcat ed eseguire:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Poi spostare i file del database in un'area di backup e provare a eseguire "
+"slapadd da ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "interrompi l'installazione"
+
+#~ msgid "continue regardless"
+#~ msgstr "continua comunque"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Aggiornamento manuale dello schema ppolicy"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "La nuova versione dell'overlay Password Policy (ppolicy) richiede la "
+#~ "definizione nello schema del tipo di attributo pwdMaxRecordedFailure il "
+#~ "quale non è presente nello schema attualmente in uso. Si raccomanda di "
+#~ "interrompere adesso l'aggiornamento e di preparare lo schema ppolicy "
+#~ "prima di aggiornare slapd. Nel caso si utilizzi la replica, occorre "
+#~ "preparare lo schema su ogni server prima di continuare con "
+#~ "l'aggiornamento."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "È stato generato un file LDIF con le necessarie modifiche allo schema:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "se slapd sta usando le regole di controllo d'accesso predefinite, le "
+#~ "modifiche possono essere applicate (dopo aver avviato slapd) usando il "
+#~ "comando:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Nel caso si decida di continuare l'installazione, il nuovo tipo di "
+#~ "attributo verrà aggiunto automaticamente ma la modifica non agirà sul "
+#~ "funzionamento degli overlay di slapd e potrebbe influenzare la replica "
+#~ "con altri server."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Configurazione degli accessi di slapd potenzialmente non sicura"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Uno o più dei database configurati hanno una regola di accesso che "
+#~ "permette agli utenti di modificare la maggior parte dei propri attributi. "
+#~ "Ciò è non sicuro, il livello di pericolosità dipende da qual è l'uso del "
+#~ "database."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "Se esistono regole di accesso che iniziano con \"to *\", si raccomanda di "
+#~ "togliere tutti i \"by self write\" in modo che gli utenti possano "
+#~ "modificare solo gli attributi a loro consentiti."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Consultare /usr/share/doc/slapd/README.Debian.gz per maggiori "
+#~ "informazioni."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Database di backend da usare:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB e BDB usano un formato di memorizzazione simile ma HDB dispone in più "
+#~ "del supporto per rinominare i sottoalberi. Entrambi hanno le stesse "
+#~ "opzioni da configurare."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "Si raccomanda MDB come backend. MDB usa un formato di memorizzazione "
+#~ "nuovo e richiede la configurazione di un minor numero di opzioni rispetto "
+#~ "a BDB e HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "In ogni caso è opportuno rivedere la configurazione del database in base "
+#~ "alle proprie necessità. Consultare /usr/share/doc/slapd/README.Debian.gz "
+#~ "per maggiori informazioni."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Abilitare il protocollo LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Con la configurazione predefinita di slapd il vecchio protocollo LDAPv2 è "
+#~ "disabilitato. I programmi e gli utenti dovrebbero aggiornarsi a LDAPv3. "
+#~ "Se si usa qualche vecchio programma che non può usare LDAPv3, si dovrebbe "
+#~ "accettare in modo da aggiungere \"allow bind_v2\" al file di "
+#~ "configurazione slapd.conf."
diff --git a/debian/po/ja.po b/debian/po/ja.po
new file mode 100644
index 0000000..fae1ed1
--- /dev/null
+++ b/debian/po/ja.po
@@ -0,0 +1,411 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-15 13:46+0900\n"
+"Last-Translator: Kenshi Muto <kmuto@debian.org>\n"
+"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
+"Language: ja\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "OpenLDAP サーバの設定を省略しますか?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr "ここで「はい」を選ぶと、初期設定やデータベースは作成されません。"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "常に"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "必要なときに"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "行わない"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "更新時にデータベースをファイルにダンプ:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"OpenLDAP サーバの新しいバージョンへの更新の前に、LDAP ディレクトリのデータ"
+"を、標準 LDAP データ交換フォーマットのプレインテキストファイルにダンプできま"
+"す。"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"「常に」を選ぶと、無条件に更新の前にデータベースをダンプするようになります。"
+"「必要なときに」を選ぶと、新しいバージョンが古いデータベースフォーマットと非"
+"互換で、再インポートが必要なときに、データベースをダンプします。「行わない」"
+"を選ぶと、データベースのダンプを行いません。"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "データベースのダンプに使うディレクトリ:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"LDAP データベースをエキスポートするディレクトリを指定してください。このディレ"
+"クトリの中には、サーバ上に配置された検索ベースに関連するいくつかの LDIF ファ"
+"イルが作成されます。ディレクトリを格納するパーティションに十分な空き領域があ"
+"ることを確認してください。最初に出現する文字列 \"VERSION\" は、更新対象のサー"
+"バのバージョンで置き換えられます。"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "古いデータベースを移動しますか?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"おそらく設定手順を壊すと思われるファイルが、/var/lib/ldap にまだあります。こ"
+"の選択肢で「はい」を選ぶと、メンテナスクリプトは新しいデータベースを作成する"
+"前に古いデータベースファイルを別の場所に移動します。"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "設定を再試行しますか?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"入力された設定は無効です。DNS ドメイン名が有効な文法になっていること、組織名"
+"のフィールドが空になっていないことと、管理者パスワードが合っていることを確認"
+"してください。設定を再試行しないと、LDAP サーバはセットアップされません。あと"
+"で再試行するときには、\"dpkg-reconfigure slapd\" を実行してください。"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS ドメイン名:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNS ドメイン名は LDAP ディレクトリのベース DN を形成するのに使われます。たと"
+"えば、'foo.example.org' は、ベース DN として 'dc=foo, dc=example, dc=org' の"
+"ディレクトリを作成します。"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "組織名:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr "LDAP ディレクトリのベース DN 内で使う組織の名前を入力してください。"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "管理者のパスワード:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"あなたの LDAP ディレクトリでの管理者エントリのパスワードを入力してください。"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "パスワードの確認:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"正しくタイプしたかの確認のために、先ほど入力したのと同じ LDAP ディレクトリ用"
+"の admin のパスワードを再度入力してください。"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "パスワードが合致しません"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "2回入力されたパスワードは同じではありません。再度入力してください。"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "slapd をパージしたときにデータベースを削除しますか?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "更新中に slapcat が失敗"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "LDAP ディレクトリの更新中にエラーが発生しました。"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"LDAP ディレクトリの展開中に 'slapcat' プログラムが失敗しました。これは不正な"
+"設定ファイル (たとえばバックエンドデータベースをサポートするための "
+"'moduleload' 行がないなど) によって引き起こされた可能性があります。"
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"この失敗は、後で 'slapadd' を失敗させることになります。古いデータベースファイ"
+"ルは /var/backups に移動されます。更新を再試行したいのであれば、古いデータ"
+"ベースファイルを元の場所に戻して slapcat が失敗する原因を修正し、次のように実"
+"行します:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"そして、データベースファイルをバックアップ領域に戻し、slapadd を ${location} "
+"から実行してみます。"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "インストールの中止"
+
+#~ msgid "continue regardless"
+#~ msgstr "かまわず続ける"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "手動の ppolicy スキーマ更新の推奨"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Password Policy (ppolicy) オーバレイの新しいバージョンは、現在使用している"
+#~ "スキーマに存在しない pwdMaxRecordedFailure 属性型をスキーマに定義する必要"
+#~ "があります。アップグレードを今すぐ中止し、slapd をアップグレードする前に "
+#~ "ppolicy スキーマを更新することをお勧めします。レプリケーションが使われてい"
+#~ "る場合、このアップグレードを続ける前にスキーマの更新を各サーバに適用してお"
+#~ "くべきです。"
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr "アップグレードに必要な変更付きの LDIF ファイルが生成されました:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "slapd がデフォルトのアクセス制御ルールを使っているのであれば、これらの変更"
+#~ "は (slapd が開始した後に) 以下のコマンドによって適用できます:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "インストールを続けることを選ぶと、新しい属性型は自動的に追加されますが、こ"
+#~ "の変更は slapd オーバレイで実行されず、他のサーバとのレプリケーションに影"
+#~ "響する可能性があります。"
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "潜在的に安全でない slapd のアクセス制御設定です"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "設定されたデータベースには、ユーザに自身の属性のほとんどの変更を許容する "
+#~ "1 つ以上のアクセス制御ルールがあります。これはデータベースの使いようによっ"
+#~ "ては安全でない可能性があります。"
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "\"to *\" で始まる slapd アクセスルールがある場合、各 \"by self write\" 記"
+#~ "述を削除することをお勧めします。そうすれば、ユーザが変更できるのは明示的に"
+#~ "許可された属性のみになります。"
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "詳細については /usr/share/doc/slapd/README.Debian.gz を参照してください。"
+
+#~ msgid "Database backend to use:"
+#~ msgstr "利用するデータベースバックエンド:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB と BDB は似たストレージフォーマットを使いますが、HDB にはサブツリーの"
+#~ "名前変更のサポートが加わっています。共に、同じ設定オプションをサポートしま"
+#~ "す。"
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "MDB バックエンドをお勧めします。MDB は新しいストレージフォーマットを採用し"
+#~ "ており、BDB や HDB よりも少ない設定で済みます。"
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "いずれの場合でも、必要に応じてデータベース設定の結果を再確認すべきです。詳"
+#~ "細については /usr/share/doc/slapd/README.Debian.gz を参照してください。"
diff --git a/debian/po/nl.po b/debian/po/nl.po
new file mode 100644
index 0000000..1ca9607
--- /dev/null
+++ b/debian/po/nl.po
@@ -0,0 +1,341 @@
+# Dutch translation of openldap debconf templates.
+# Copyright (C) 2008-2011 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the openldap package.
+# Bart Cornelis <cobaco@skolelinux.no>, 2008.
+# Jeroen Schot <schot@a-eskwadraat.nl>, 2011.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014, 2017, 2022.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.5.11+dfsg-1\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2022-04-09 22:02+0200\n"
+"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
+"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 2.2.1\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Wilt u het configureren van de OpenLDAP-server overslaan?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Wanneer u deze optie kiest, worden er geen initiële configuratie en databank "
+"voor u aangemaakt."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "altijd"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "wanneer nodig"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nooit"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Bij de opwaardering de databanken exporteren naar bestand:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Vooraleer een opwaardering naar een nieuwe versie van de OpenLDAP-server "
+"uitgevoerd wordt, kunnen de data in uw LDAP-catalogi geëxporteerd worden "
+"naar een gewoon tekstbestand in LDIF-indeling (dit is het gestandaardiseerde "
+"'LDAP Data Interchange Format')."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Wanneer u 'altijd' selecteert, worden de databanken voor elke opwaardering "
+"onvoorwaardelijk naar een bestand geëxporteerd. Wanneer u 'wanneer nodig' "
+"selecteert, worden de databanken enkel geëxporteerd wanneer de nieuwe "
+"databank-indeling incompatibel is met de oude indeling en de data opnieuw "
+"geïmporteerd moeten worden. Wanneer u 'nooit' kiest wordt er geen databank-"
+"export gemaakt."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Voor databank-exports te gebruiken map:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Geef de map op waarnaar LDAP-databanken geëxporteerd moeten worden. In deze "
+"map worden verschillende LDIF-bestanden aangemaakt die overeenkomen met de "
+"zoekbasissen op de server. U dient ervoor te zorgen dat u genoeg vrije "
+"ruimte heeft op de partitie waar de map zich bevindt. Het eerste voorkomen "
+"van de tekst 'VERSION' wordt vervangen door de server-versie vanwaar u "
+"opwaardeert."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Wilt u de oude databank verplaatsen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Er bevinden zich nog bestanden in /var/lib/ldap die het configuratieproces "
+"waarschijnlijk zullen verstoren. Als u voor deze optie kiest, zullen de "
+"scripts van de pakketbeheerder de oude databankbestanden wegzetten voordat "
+"ze de nieuwe databank aanmaken."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Configuratie opnieuw proberen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"De door u ingevoerde configuratie is ongeldig. Zorg ervoor dat: de DNS-"
+"domeinnaam een geldige syntaxis heeft, het veld voor de organisatie niet "
+"leeg is, en de beheerderswachtwoorden overeenkomen. Wanneer u ervoor kiest "
+"om de configuratie niet opnieuw te proberen, wordt uw LDAP-server niet "
+"ingesteld. U kunt later altijd 'dpkg-reconfigure slapd' uitvoeren om de "
+"configuratie opnieuw te proberen. "
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-domeinnaam:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"De DNS-domeinnaam wordt gebruikt als de basis-DN van uw LDAP-catalogus. foo."
+"example.org invoeren geeft u de basis-DN dc=foo, dc=example, dc=org."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Organisatienaam:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Geef op welke organisatienaam gebruikt moet worden in de basis-DN van uw "
+"LDAP-catalogus."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Beheerderswachtwoord:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Gelieve het wachtwoord op te geven voor het beheerdersaccount in uw LDAP-"
+"catalogus."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Bevestig het wachtwoord:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Gelieve het beheerderswachtwoord van uw LDAP-catalogus nogmaals in te tikken "
+"(dit om tikfouten tegen te gaan)."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Wachtwoorden komen niet overeen"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"De twee door u ingevoerde wachtwoorden kwamen niet overeen. Gelieve nogmaals "
+"te proberen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Wilt u dat de databank verwijderd wordt wanneer slapd gewist wordt?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat gaf een fout tijdens de opwaardering"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr ""
+"Er is een fout opgetreden tijdens het opwaarderen van uw LDAP-catalogus."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Bij het uitpakken van de LDAP-catalogus signaleerde het programma 'slapcat' "
+"een fout. Dit kan veroorzaakt worden door een onjuist configuratiebestand "
+"(bv. het ontbreken van 'moduleload'-regels voor het ondersteunen van de "
+"backenddatabank)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Deze mislukking zorgt ervoor dat 'slapadd' zo meteen ook mislukt. De oude "
+"databankbestanden worden verplaatst naar /var/backups . Als u deze "
+"opwaardering opnieuw wilt proberen, dient u eerst de oude databankbestanden "
+"terug te plaatsen, daarna de oorzaak van het mislukken van slapcat op te "
+"lossen, en tenslotte de volgende opdracht uit te voeren:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Vervolgens verplaatst u de databankbestanden terug naar de reservekopie-map "
+"en probeert u slapadd uit te voeren vanaf ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr "Fout tijdens het uitvoeren van post-installatietaken"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+"Er zijn een of meer fouten opgetreden tijdens het uitvoeren van een aantal "
+"post-installatietaken. Dit betekent waarschijnlijk dat het slapd-pakket één "
+"of meerdere LDAP-databases niet automatisch kon migreren, of dat een backend "
+"die door de huidige OpenLDAP-installatie wordt gebruikt, niet meer wordt "
+"ondersteund."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+"Het script van de pakketbeheerder dat verantwoordelijk is voor het uitvoeren "
+"van de post-installatietaken is afgesloten, maar de slapd-dienst is NIET "
+"(opnieuw) gestart. U moet het probleem handmatig oplossen en vervolgens de "
+"dienst starten."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+"Voor meer informatie over mogelijke probleemscenario's en hoe deze aan te "
+"pakken, kunt u kijken in het bestand README.Debian (onder /usr/share/doc/"
+"slapd/)."
diff --git a/debian/po/pt.po b/debian/po/pt.po
new file mode 100644
index 0000000..b91052b
--- /dev/null
+++ b/debian/po/pt.po
@@ -0,0 +1,522 @@
+# Portuguese translation for openldap debconf messages.
+# Copyright (C) Tiago Fernandes <tjg.fernandes@gmail.com>, 2006
+# This file is distributed under the same license as the openldap package.
+#
+# Tiago Fernandes <tjg.fernandes@gmail.com>, 2006,2008,2010.
+# Rui Branco - DebianPT <ruipb@debianpt.org>, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-3\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-04-10 22:08+0000\n"
+"Last-Translator: Rui Branco - DebianPT <ruipb@debianpt.org>\n"
+"Language-Team: Portuguese <traduz@debianpt.org>\n"
+"Language: pt\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2;\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Omitir a configuração do servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Se activar esta opção, não será criada inicialmente uma configuração ou base "
+"de dados para si."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "quando necessário"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nunca"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Despejar as bases de dados para ficheiro durante a actualização:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Antes de actualizar para uma nova versão do servidor OpenLDAP, os dados dos "
+"seu directórios LDAP podem ser despejados para ficheiros de texto simples no "
+"formato padronizado LDAP Data Interchange Format."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Seleccionar \"sempre\" fará com as bases de dados sejam despejadas "
+"incondicionalmente antes de uma actualização. Seleccionar \"quando necessário"
+"\" irá apenas despejar a base de dados se a nova versão for incompatível com "
+"o formato da base de dados antiga e for necessário reimportar-la. Se "
+"seleccionar \"nunca\", não será feito qualquer despejo."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directório a utilizar para bases de dados despejadas:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Por favor, especifique o directório para onde as bases de dados LDAP serão "
+"exportadas. Dentro deste directório serão criados vários ficheiros LDIF que "
+"correspondem às bases de pesquisas localizadas no servidor. Assegure-se que "
+"tem espaço livre suficiente na partição onde se encontra o directório. A "
+"primeira ocorrência da string \"VERSION\" é substituída com a versão do "
+"servidor que está a actualizar."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Mover a base de dados antiga?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Ainda existem ficheiros em /var/lib/ldap que provavelmente irão parar o "
+"processo de configuração. Se activar esta opção, os scripts do maintainer "
+"irão mover os ficheiros antigos da base de dados para fora do caminho, antes "
+"de criar a nova base de dados."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Tentar novamente a configuração?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"A configuração que inseriu é inválida. Assegure-se que o nome do domínio DNS "
+"tem uma sintaxe válida, que a organização é preenchida e que as palavras-"
+"chave de administrador coincidem. Se decidir não tentar novamente a "
+"configuração, o servidor de LDAP não ficará configurado. Corra \"dpkg-"
+"reconfigure slapd\" se quiser tentar novamente mais tarde."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nome do domínio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"O nome do domínio DNS é usado para construir o DN base do seu directório "
+"LDAP. Por exemplo, 'foo.exemplo.org' irá criar o directório com 'dc=foo,"
+"dc=exemplo,dc=org' como DN base."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nome da Organização:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Por favor, insira o nome da organização a usar, no DN base do seu directório "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Palavra-passe do administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Por favor, insira a palavra-passe para a entrada admin do seu directório "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirme a palavra-passe:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Por favor introduza novamente a palavra-passe de admin do seu directório "
+"LDAP, para verificar se a introduziu correctamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "A palavra-passe não coincide"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"As duas palavra-passe que você introduziu não são iguais. Por favor, tente "
+"novamente."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Quer que a base de dados seja removida quando o slapd for purgado?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Falha do slapcat durante a actualização"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Ocorreu um erro durante a actualização do directório LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"O programa 'slapcat' falhou enquanto extraía o directório LDAP. Isto pode "
+"ter sido causado por um ficheiro de configuração incorrecto (por exemplo, "
+"linhas 'moduleload' em falta para suportar o backend da base de dados)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Esta falha irá fazer com que o 'slapadd' falhe também mais tarde. Os "
+"ficheiros antigos da base de dados serão movidos para /var/backups. Se "
+"quiser tentar novamente esta actualização, deverá mover os ficheiros antigos "
+"da base de dados antiga de volta para o seu lugar, corrigir o que possa ter "
+"causado a falha do slapcat, e executar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Depois mova os ficheiros da base de dados de volta para a área de backup e a "
+"seguir tente correr o slapadd a partir de ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "abortar a instalação"
+
+#~ msgid "continue regardless"
+#~ msgstr "continuar de qualquer forma "
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Recomendada actualização manual do esquema ppolicy"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "A nova versão do overlay da politica de palavra-chave (ppolicy) requer ao "
+#~ "esquema que seja definida um tipo de atributo pwdMaxRecordedFailure, o "
+#~ "qual não está presente no esquema em uso. É recomendadoabortar a "
+#~ "instalação neste momento, e actualizar o esquema ppolicy antes de "
+#~ "actualizar o slapd. Se a replicação está em uso, a actualização do "
+#~ "esquema deverá ser efectuada em cada servidor antes de continuar a "
+#~ "actualização."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "Um ficheiro LDIF foi criado com as alterações requeridas para a "
+#~ "actualização:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "assim se o slapd estiver a usar as regras de controlo de acesso por "
+#~ "predefinição, estas alterações podem ser aplicadas (depois de iniciar o "
+#~ "slapd) ao usar o seguinte comando:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Se escolher continuar a instalação, o novo tipo de atributo será "
+#~ "automaticamente adicionado, mas a alteração não terá efeito nos overlays "
+#~ "slapd, e replicação com outros servidores pode ser afectada."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Configuração de controlo de acesso ao slapd potencialmente insegura"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Uma ou mais das bases de dados configuradas têm uma regra de controlo de "
+#~ "acesso que permite os utilizadores modificarem os seus próprios "
+#~ "atributos. Isto pode ser inseguro, dependendo de como a base de dados é "
+#~ "utilizada."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "No caso das regras de acesso do slapd que começam com \" até *\", é "
+#~ "recomendado que se remova qualquer instância de \"by self write\", de "
+#~ "maneira a que os utilizadores possam modificar especificamente atributos "
+#~ "permitidos."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr "Ver /usr/share/doc/slapd/README.Debian.gz para mais detalhes."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Backend a usar para a base de dados:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB e BDB usam formatos similares de armazenamento, mas o HDB adiciona "
+#~ "suporte para renomeação de sub-árvores. Ambos suportam as mesmas opções "
+#~ "de configuração."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "É recomendado o backend MDB. MDB utiliza um novo formato de armazenamento "
+#~ "e requer menos configurações do que BDB ou HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Em qualquer caso, deverá rever a configuração da base de dados "
+#~ "resultante, para as suas necessidades. Ver /usr/share/doc/slapd/README."
+#~ "Debian.gz para mais detalhes."
+
+#~ msgid ""
+#~ "In the version of slapd about to be installed, the ppolicy overlay "
+#~ "requires the new pwdMaxRecordedFailure attribute to be defined in the "
+#~ "ppolicy schema. The schema contained in the cn=config database does not "
+#~ "currently include this attribute."
+#~ msgstr ""
+#~ "Na versão do slapd prestes a ser instalada, o 'overlay' ppolicy requer a "
+#~ "definição de um novo atributo pwdMaxRecordedFailure no esquema ppolicy. "
+#~ "O esquema contido na base de dados cn=config não inclui actualmente este "
+#~ "atributo."
+
+#~ msgid ""
+#~ "The ppolicy schema can be updated by applying the changes found in the "
+#~ "following LDIF file:"
+#~ msgstr ""
+#~ "O esquema ppolicy pode ser actualizado aplicando as alterações "
+#~ "encontradas no seguinte ficheiro LDIF:"
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Permitir o protocolo LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "O protocolo obsoleto LDAPv2 está desactivado por pré-definição no slapd. "
+#~ "Os programas e utilizadores devem actualizar para LDAPv3. Se tiver "
+#~ "programas antigos que não conseguem usar LDAPv3, deverá seleccionar esta "
+#~ "opção e será adicionado 'allow bind_v2' ao seu ficheiro slapd.conf."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "o slurpd está obsoleto; as réplicas terão de ser configuradas á mão"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Foi encontrada, durante a actualização, uma ou mais opções \"replica\" do "
+#~ "slurpd na sua configuração do slapd. Devido ao slurpd estar obsoleto a "
+#~ "partir do OpenLDAP 2.4, terá de migrar as suas réplicas para usar o "
+#~ "protocolo syncrepl, em seu lugar."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "A conversão do slurpd para o protocolo syncrepl (pull-based) não poderá "
+#~ "ser feita automaticamente e terá de configurar manualmente os seus "
+#~ "servidores replicados. Por favor, para mais detalhes veja http://www."
+#~ "openldap.org/doc/admin24/syncrepl.html ."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Os valores para TLSCipherSuite foram alterados"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Durante a actualização a opção \"TLSCipherSuite\" foi encontrada na "
+#~ "configuração do seu slapd. Os valores permitidos para esta opção são "
+#~ "determinados pela implementação SSL usada, a qual foi alterada de OpenSSL "
+#~ "para GnuTLS. Como resultado, a sua actual opção TLSCipherSuite não irá "
+#~ "funcionar com este pacote."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Esta opção foi comentada automaticamente para si. Se tiver necessidades "
+#~ "específicas de encriptação que necessitem que esta opção seja reactivada, "
+#~ "veja o output de 'gnutls-cli -l' que existe no pacote gnutls-bin, para "
+#~ "obter a lista de cifras suportadas pelo GnuTLS."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Fazer cópia de segurança da base de dados actual e criar uma nova?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "O sufixo de directório (domínio) que especificou não coincide com o "
+#~ "actual em /etc/ldap/slapd.conf. Alterar o sufixo do directório requer "
+#~ "mover para outro local a actual base de dados LDAP e criar uma nova. Por "
+#~ "favor, confirme se deseja fazer cópia de segurança e abandonar a base de "
+#~ "dados actual."
diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po
new file mode 100644
index 0000000..5a29996
--- /dev/null
+++ b/debian/po/pt_BR.po
@@ -0,0 +1,509 @@
+# openldap Brazilian Portuguese translation
+# Copyright (C) 2007 THE openldap'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the openldap package.
+# André Luís Lopes <andrelop@debian.org>, 2003-2006.
+# Felipe Augusto van de Wiel (faw) <faw@debian.org>, 2007.
+# Steve Langasek <vorlon@debian.org>, 2008.
+# Eder L. Marques (frolic) <frolic@debian-ce.org>, 2008.
+# Adriano Rafael Gomes <adrianorg@debian.org>, 2011-2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-10 10:28-0200\n"
+"Last-Translator: Adriano Rafael Gomes <adrianorg@debian.org>\n"
+"Language-Team: l10n Portuguese <debian-l10n-portuguese@lists.debian.org>\n"
+"Language: pt_BR\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Omitir a configuração do servidor OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Se você habilitar esta opção, nenhuma configuração inicial ou base de dados "
+"será criada para você."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "sempre"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "quando necessário"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nunca"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Descarregar as bases de dados para arquivos na atualização:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Antes de atualizar para uma nova versão do servidor OpenLDAP, os dados dos "
+"seus diretórios LDAP podem ser descarregados em arquivos texto plano no "
+"formato padrão \"LDAP Interchange Format\" (Formato de Intercâmbio LDAP)."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Selecionar \"sempre\" fará com que as bases de dados sejam descarregadas "
+"incondicionalmente antes de atualizar. Selecionar \"quando necessário\" só "
+"descarregará a base de dados se a nova versão for incompatível com o formato "
+"da antiga base de dados e tiver que ser importada novamente. Se você "
+"selecionar \"nunca\", nenhum descarregamento será feito."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Diretório para descarregar suas bases de dados:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Por favor, especifique o diretório onde as bases de dados LDAP serão "
+"exportadas. Nesse diretório, vários arquivos LDIF serão criados "
+"correspondendo às bases de procura localizadas no servidor. Tenha certeza de "
+"ter espaço livre suficiente na partição onde este diretório está localizado. "
+"A primeira ocorrência da string \"VERSION\" é substituída com a versão do "
+"servidor a partir da qual você está atualizando."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Mover a base de dados antiga?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Ainda há arquivos em /var/lib/ldap que provavelmente quebrarão o processo de "
+"configuração. Se você habilitar esta opção, os scripts do mantenedor moverão "
+"os arquivos da antiga base de dados para fora do caminho antes de criar uma "
+"nova base de dados."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Tentar novamente a configuração?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"A configuração que você informou é inválida. Tenha certeza de que o nome de "
+"domínio DNS tem uma sintaxe válida, o campo para a organização não foi "
+"deixado vazio e as senhas do admin conferem. Se você decidir não tentar "
+"novamente a configuração, o servidor LDAP não será configurado. Execute "
+"\"dpkg-reconfigure slapd\" se você quiser tentar novamente mais tarde."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Nome do domínio DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"O nome do domínio DNS é usado para construir a base DN de seu diretório "
+"LDAP. Por exemplo, \"foo.example.org\" criará o diretório com \"dc=foo, "
+"dc=example, dc=org\" como base DN."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Nome da organização:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Por favor, informe o nome da organização para usar na base DN de seu "
+"diretório LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Senha do administrador:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Por favor, informe a senha para a entrada administrativa em seu diretório "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirme a senha:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Por favor, informe novamente a senha para a entrada administrativa de seu "
+"diretório LDAP para verificar se você a digitou corretamente."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "As senhas não conferem"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"As duas senhas que você informou não foram as mesmas. Por favor, tente "
+"novamente."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+"Você deseja que a base de dados seja removida quando o pacote slapd for "
+"expurgado (\"purged\")?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Falha do slapcat durante a atualização"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Um erro ocorreu durante a atualização do diretório LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"O programa \"slapcat\" falhou ao extrair o diretório LDAP. Isso pode ter "
+"sido causado por um arquivo de configuração incorreto (por exemplo, se "
+"estiverem faltando as linhas \"moduleload\" para suportar o \"backend\" da "
+"base de dados)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Esta falha fará com que o \"slapadd\" também falhe posteriormente. Os "
+"arquivos da antiga base de dados serão movidos para /var/backups. Se você "
+"quer tentar esta atualização novamente, você deve mover os arquivos da "
+"antiga base de dados de volta para o local original, corrigir o que quer que "
+"tenha causado a falha do slapcat e executar:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Então mova os arquivos da base de dados de volta para uma área de backup e "
+"depois tente executar slapadd a partir de ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "cancelar a instalação"
+
+#~ msgid "continue regardless"
+#~ msgstr "continuar independentemente"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Recomendada a atualização manual do esquema ppolicy"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "A nova versão da sobreposição \"Password Policy\" (ppolicy) exige que o "
+#~ "esquema defina o tipo do atributo pwdMaxRecordedFailure, o qual não está "
+#~ "presente no esquema atualmente em uso. É recomendado cancelar a "
+#~ "atualização agora e atualizar o esquema ppolicy antes de atualizar o "
+#~ "slapd. Se a replicação estiver em uso, a atualização do esquema deverá "
+#~ "ser aplicada em cada servidor antes de continuar com a atualização."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "Um arquivo LDIF foi gerado com as modificações necessárias para a "
+#~ "atualização:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "então se o slapd estiver usando as regras padrão de controle de acesso, "
+#~ "essas modificações podem ser aplicadas (depois de iniciar o slapd) usando "
+#~ "o comando:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Se em vez disso você escolher continuar a instalação, o tipo do novo "
+#~ "atributo será adicionado automaticamente, mas a modificação não sofrerá "
+#~ "ações por sobreposições do slapd, e a replicação com outros servidores "
+#~ "pode ser afetada."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Configuração de controle de acesso do slapd potencialmente insegura"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Uma ou mais das bases de dados configuradas tem uma regra de controle de "
+#~ "acesso que permite que usuários modifiquem a maioria dos seus próprios "
+#~ "atributos. Isso pode ser inseguro, dependendo de como a base de dados é "
+#~ "usada."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "No caso das regras de acesso do slapd que comecem com \"to *\", é "
+#~ "recomendado remover quaisquer instâncias de \"by self write\", de modo "
+#~ "que os usuários possam modificar somente atributos especificamente "
+#~ "permitidos."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr "Veja /usr/share/doc/slapd/README.Debian.gz para mais detalhes."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "\"Backend\" de base de dados a ser usado:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "O HDB e o BDB usam formatos de armazenamento similares, mas o HDB "
+#~ "adiciona suporte para renomeação de subárvores. Ambos suportam as mesmas "
+#~ "opções de configuração."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "O \"backend\" MDB é recomendado. O MDB usa um novo formato de "
+#~ "armazenamento e requer menos configuração que o BDB e o HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Em qualquer caso, você deve revisar a configuração resultante da base de "
+#~ "dados para que atenda as suas necessidades. Veja /usr/share/doc/slapd/"
+#~ "README.Debian.gz para mais detalhes."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Permitir o protocolo LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "O protocolo obsoleto LDAPv2 é desabilitado por padrão no slapd. Os "
+#~ "programas e usuários devem atualizar-se para o LDAPv3. Se você tem "
+#~ "programas antigos que não usam LDAPv3, você deve selecionar esta opção e "
+#~ "\"allow bind_v2\" será adicionado ao seu arquivo slapd.conf."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr ""
+#~ "O slurpd está obsoleto, réplicas devem ser configuradas manualmente."
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "Uma ou mais opções slurpd \"replica\" foram encontradas em seu arquivo de "
+#~ "configuração slapd quando estava atualizando. Por causa de o slurpd está "
+#~ "obsoleto a partir do OpenLDAP 2.4, em vez disso você precisará migrar "
+#~ "suas replicas para usar o protocolo syncrepl."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "A conversão de slurpd para o protocolo syncrepl baseado no método de "
+#~ "puxar (\"pull\") atualizações, não pode ser feito automaticamente e você "
+#~ "precisará configurar seus servidores de réplica manualmente. Por favor, "
+#~ "veja http://www.openldap.org/doc/admin24/syncrepl.html para detalhes."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Os valores da TLSCipherSuite mudou"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Uma opção \"TLSCipherSuite\" foi encontrada em seu arquivo slapd durante "
+#~ "a atualização. Os valores permitidos para esta opção são determinados "
+#~ "pela implementação SSL utilizada, a qual foi alterada de OpenSSL para "
+#~ "GnuTLS. Como resultado, sua configuração TLSCipherSuite existente não irá "
+#~ "funcionar com este pacote."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Esta configuração foi automaticamente comentada para você. Se você tem "
+#~ "necessidades específicas de criptografia que requerem que esta opção seja "
+#~ "reabilitada, veja a saída do comando 'gnutls-cli -l' no pacote gnutls-bin "
+#~ "para uma lista das cifras suportadas pelo GnuTLS."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Fazer backup da base de dados atual e criar uma nova?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "O sufixo de diretório (domínio) que você especificou não confere com o "
+#~ "atual em /etc/ldap/slapd.conf. Mudar o sufixo do diretório requer mover a "
+#~ "atual base de dados LDAP e criar uma nova. Por favor, confirme se você "
+#~ "quer fazer um backup da base de dados atual e abandoná-la."
diff --git a/debian/po/ro.po b/debian/po/ro.po
new file mode 100644
index 0000000..232da14
--- /dev/null
+++ b/debian/po/ro.po
@@ -0,0 +1,339 @@
+# Mesajele în limba română pentru pachetul openldap.
+# Romanian translation of openldap.
+# Copyright © 2023 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the openldap package.
+#
+# Remus-Gabriel Chelu <remusgabriel.chelu@disroot.org>, 2023.
+#
+# Cronologia traducerii fișierului „openldap”:
+# Traducerea inițială, făcută de R-GC, pentru versiunea openldap 2.5.13+dfsg-5(2021-08-16).
+# Actualizare a traducerii pentru versiunea Y, făcută de X, Y(anul).
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.5.13+dfsg-5\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2023-03-11 21:43+0100\n"
+"Last-Translator: Remus-Gabriel Chelu <remusgabriel.chelu@disroot.org>\n"
+"Language-Team: Romanian <debian-l10n-romanian@lists.debian.org>\n"
+"Language: ro\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n==0 || (n!=1 && n%100>=1 && "
+"n%100<=19) ? 1 : 2);\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
+"X-Generator: Poedit 3.2.2\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Doriți să omiteți configurarea serverului OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be created "
+"for you."
+msgstr ""
+"Dacă activați această opțiune, nu va fi creată nicio configurație inițială sau "
+"bază de date."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "întotdeauna"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "când este necesar"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "niciodată"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "La actualizare, datele din baza de date vor fi salvate într-un fișier:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP Data "
+"Interchange Format."
+msgstr ""
+"Înainte de a face înnoirea la o nouă versiune a serverului OpenLDAP, datele din "
+"directoarele dumneavoastră LDAP pot fi descărcate în fișiere text simplu în "
+"formatul standard de interschimb de date LDAP (LDAP Data Interchange Format), "
+"pe scurt, fișiere „LDIF”."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if the "
+"new version is incompatible with the old database format and it needs to be "
+"reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Dacă selectați opțiunea „întotdeauna”, aceasta va face ca bazele de date să fie "
+"descărcate necondiționat înainte de o înnoire. Dacă selectați opțiunea „când "
+"este necesar”, aceasta va face ca bazele de date să fie descărcate numai dacă "
+"noua versiune este incompatibilă cu vechiul format de bază de date și "
+"informația conținută trebuie reimportată. Dacă selectați opțiunea „niciodată”, "
+"nu se va face nicio descărcare."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Directorul unde se descarcă/exportă bazele de date:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In this "
+"directory, several LDIF files will be created which correspond to the search "
+"bases located on the server. Make sure you have enough free space on the "
+"partition where the directory is located. The first occurrence of the string "
+"\"VERSION\" is replaced with the server version you are upgrading from."
+msgstr ""
+"Specificați directorul în care vor fi exportate bazele de date LDAP. În acest "
+"director vor fi create mai multe fișiere „LDIF” care corespund bazelor de "
+"căutare situate pe server. Asigurați-vă că aveți suficient spațiu liber pe "
+"partiția în care se află directorul. Prima apariție a șirului „VERSION” este "
+"înlocuită cu versiunea de server de la care faceți înnoirea."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Doriți să mutați baza de date veche?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts will "
+"move the old database files out of the way before creating a new database."
+msgstr ""
+"Există încă fișiere în directorul „/var/lib/ldap” care probabil vor întrerupe "
+"procesul de configurare. Dacă activați această opțiune, scripturile de "
+"configurare vor muta fișierele vechi ale bazei de date înainte de a crea o nouă "
+"bază de date."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Doriți să reîncercați din nou, operația de configurare?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name is "
+"syntactically valid, the field for the organization is not left empty and the "
+"admin passwords match. If you decide not to retry the configuration the LDAP "
+"server will not be set up. Run 'dpkg-reconfigure slapd' if you want to retry "
+"later."
+msgstr ""
+"Configurația pe care ați introdus-o nu este validă. Asigurați-vă că numele de "
+"domeniu DNS este valid din punct de vedere sintactic, câmpul pentru organizație "
+"nu este lăsat gol și parolele de administrator se potrivesc. Dacă decideți să "
+"nu reîncercați operația de configurare, serverul LDAP nu va fi configurat. "
+"Rulați comanda «dpkg-reconfigure slapd» dacă doriți să reîncercați mai târziu."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Introduceți numele de domeniu DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. For "
+"example, 'foo.example.org' will create the directory with 'dc=foo, dc=example, "
+"dc=org' as base DN."
+msgstr ""
+"Numele de domeniu DNS este folosit pentru a construi DN-ul de bază al "
+"directorului LDAP. De exemplu, „foo.example.org” va crea directorul cu „dc=foo, "
+"dc=example, dc=org” ca DN de bază."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Numele organizației:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Introduceți numele organizației de utilizat în DN-ul de bază al directorului "
+"LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Parola de administrator:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+"Introduceți parola pentru intrarea de administrator din directorul "
+"dumneavoastră LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Confirmați parola:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Introduceți din nou parola de administrator pentru directorul dumneavoastră "
+"LDAP pentru a verifica dacă ați introdus-o corect."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Parolele nu se potrivesc"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+"Cele două parole pe care le-ați introdus sunt diferite. Încercați din nou."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Doriți ca baza de date să fie eliminată atunci când «slapd» este șters?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "«slapcat» a eșuat în timpul înnoirrii"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "A apărut o eroare în timpul actualizării directorului LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may be "
+"caused by an incorrect configuration file (for example, missing 'moduleload' "
+"lines to support the backend database)."
+msgstr ""
+"Programul «slapcat» a eșuat la extragerea directorului LDAP. Acest lucru poate "
+"fi cauzat de un fișier de configurare incorect (de exemplu, lipsa liniilor "
+"„moduleload” care să permită gestionarea diferitelor tipuri de baze de date)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database files "
+"will be moved to /var/backups. If you want to try this upgrade again, you "
+"should move the old database files back into place, fix whatever caused slapcat "
+"to fail, and run:"
+msgstr ""
+"Acest eșec va face ca «slapadd» să eșueze, de asemenea, mai târziu. Fișierele "
+"vechi ale bazei de date vor fi mutate în directorul „/var/backups”. Dacă doriți "
+"să încercați din nou această actualizare, ar trebui să mutați vechile fișiere "
+"de baze de date înapoi la locul lor, să remediați orice a cauzat eșecul lui "
+"«slapcat» și să rulați:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running slapadd "
+"from ${location}."
+msgstr ""
+"Mutați fișierele bazei de date înapoi în directorul de copii de rezervă și apoi "
+"încercați să rulați «slapadd» din ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr "Eroare în timpul efectuării operațiilor de post-instalare"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the current "
+"OpenLDAP installation is not supported anymore."
+msgstr ""
+"A apărut una sau mai multe erori în timpul efectuării unor operații post-"
+"instalare. Acest lucru înseamnă probabil că pachetul „slapd” nu a putut migra "
+"automat una sau mai multe baze de date LDAP sau că un tip de bază de date "
+"(mariadb/mysql, postgresql, etc.) utilizat de instalarea curentă OpenLDAP nu "
+"mai este acceptat."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks has "
+"exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+"Scriptul de configurare responsabil pentru executarea operațiilor de post-"
+"instalare a ieșit, dar serviciul «slapd» NU a fost (re)pornit. Va trebui să "
+"remediați manual problema și apoi să porniți serviciul."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address them, "
+"please take a look at the README.Debian file (under /usr/share/doc/slapd/)."
+msgstr ""
+"Pentru mai multe informații despre posibilele scenarii problematice și cum să "
+"le soluționați, consultați fișierul „README.Debian” (din dosarul „/usr/share/"
+"doc/slapd/”)."
diff --git a/debian/po/ru.po b/debian/po/ru.po
new file mode 100644
index 0000000..a1eeac8
--- /dev/null
+++ b/debian/po/ru.po
@@ -0,0 +1,501 @@
+# translation of openldap_2.4.21-1_ru.po to Russian
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans#
+# Developers do not need to manually edit POT or PO files.
+#
+# Yuri Kozlov <kozlov.y@gmail.com>, 2007, 2008.
+# Yuri Kozlov <yuray@komyakino.ru>, 2010, 2014, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-10 19:00+0300\n"
+"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
+"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
+"Language: ru\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 2.0\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Не выполнять настройку сервера OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Если вы ответите утвердительно, начальная конфигурация или база данных "
+"создаваться не будет."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "всегда"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "только при необходимости"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "никогда"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "При обновлении сохранять данные из базы данных в файл:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Перед обновлением до новой версии сервера OpenLDAP данные из ваших каталогов "
+"LDAP могут быть сохранены в текстовые файлы в стандартизованном формате "
+"обмена данных LDAP."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Если выбрать \"всегда\", то перед обновлением данные из баз будут "
+"обязательно сохранены. Если выбрать \"только при необходимости\", то база "
+"данных будет сохранена, только если новая версия не совместима со старым "
+"форматом базы данных и должна быть импортирована повторно. Если выбрать "
+"\"никогда\", то сохранение базы будет пропущено."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Каталог сохранения данных из баз:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Укажите каталог, куда будут экспортированы базы данных LDAP. В этом каталоге "
+"будет создано несколько файлов LDIF, которые соответствуют поисковым базам, "
+"расположенным на сервере. Убедитесь, что у вас достаточно места на разделе, "
+"где расположен каталог. Первое появление строки со словом \"VERSION\" "
+"заменяется на версию сервера, с которой производится обновление."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Переместить старую базу данных?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"В каталоге /var/lib/ldap находятся файлы, которые, вероятно, негативно "
+"повлияют на процесс настройки. Если вы ответите утвердительно, то "
+"сопровождающие сценарии, перед тем как создать новую базу, переместят старые "
+"файлы базы данных в другое место."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Повторить настройку?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Введённая вами конфигурация неправильна. Убедитесь, что доменное имя DNS "
+"записано в правильном формате, что поле названия организации непустое и что "
+"пароль администратора верен. Если вы не станете повторять настройку, то "
+"сервер LDAP останется не настроенным. Если позднее вы захотите выполнить "
+"настройку, запустите команду «dpkg-reconfigure slapd»."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Доменное имя DNS:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Доменное имя DNS используется для построения базового DN каталога LDAP. "
+"Например, если ввести «foo.bar.org», то это даст базовый DN «dc=foo, dc=bar, "
+"dc=org»."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Название организации:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Введите название организации для использования в базовом DN каталога LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Пароль администратора:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Введите пароль для записи admin в каталоге LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Повторите ввод пароля:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Введите тот же пароль для admin в каталоге LDAP ещё раз, чтобы убедиться в "
+"правильности ввода."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Пароли не совпадают"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Введённые вами пароли не совпадают. Попробуйте ещё раз."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Удалять базу данных при вычистке slapd?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Ошибка slapcat при обновлении"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Возникла ошибка при попытке обновления каталога LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Ошибка возникла при выполнении программы «slapcat», которая пыталась "
+"распаковать каталог LDAP. Это могло произойти из-за некорректного файла "
+"конфигурации (например, в случае отсутствия строк «moduleload» для вашего "
+"типа сервера базы данных)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"В дальнейшем, это также вызовет отказ в работе «slapadd». Старые файлы базы "
+"данных были перенесены в каталог /var/backups. Если вы хотите попытаться "
+"выполнить обновление ещё раз, переместите старые файлы базы данных обратно, "
+"исправьте ошибку, вызывающую отказ работы «slapcat» и выполните:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Переместите файлы базы данных обратно в место хранения резервной копии и "
+"затем попытайтесь запустить slapadd из ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "прервать установку"
+
+#~ msgid "continue regardless"
+#~ msgstr "продолжить"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Рекомендуется обновление схемы ppolicy вручную"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Для новой версии оверлея Password Policy (ppolicy) требуется определение "
+#~ "типа атрибутов pwdMaxRecordedFailure, который отсутствует в используемой "
+#~ "в данной момент схеме. Рекомендуется прервать установку прямо сейчас и "
+#~ "обновить схему ppolicy перед обновлением slapd. Если используется "
+#~ "репликация, то обновление схемы должно быть выполнено на каждом сервере "
+#~ "перед продолжением обновления."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr "Был создан файл LDIF с изменениями, требующимися для обновления:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "и если в slapd используются правила управления доступом по умолчанию, то "
+#~ "эти изменения можно применить (после запуска slapd) командой:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Если вы выберете продолжение установки, то новый тип атрибута будет "
+#~ "добавлен автоматически, но изменение не будет применено в оверлеях slapd, "
+#~ "и это может повлиять на другие серверы при репликации."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Потенциально небезопасная настройка управления доступом slapd"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "В одной или более базах данных настроено правило контроля доступа, "
+#~ "которое позволяет пользователям изменять не только собственные атрибуты. "
+#~ "Это может быть небезопасно, в зависимости от использования базы данных."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "В случае, когда правила доступа slapd начинаются с «to *», рекомендуется "
+#~ "удалять все экземпляры «by self write» для того, чтобы пользователи могли "
+#~ "изменять только явно разрешённые атрибуты."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr "Смотрите подробности в файле /usr/share/doc/slapd/README.Debian.gz."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Используемые серверы баз данных:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB и BDB используют схожие форматы хранения, но в HDB добавлена "
+#~ "поддержка переименования поддеревьев. Оба типа сервера поддерживают "
+#~ "одинаковые параметры настройки."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "Рекомендуется использовать сервер MDB. MDB использует новый формат "
+#~ "хранения и требует меньше настроек чем BDB или HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "В любом случае, убедитесь в соответствии получившихся настроек базы "
+#~ "данных вашим требованиям. Подробней о настройке смотрите в файле /usr/"
+#~ "share/doc/slapd/README.Debian.gz."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Включить протокол LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "По умолчанию в slapd старый протокол LDAPv2 выключен. Клиентские "
+#~ "программы нужно обновить до версий с поддержкой LDAPv3. Если у вас есть "
+#~ "старые программы, которые не могут использовать LDAPv3, то вы должны "
+#~ "ответить утвердительно, и в файл slapd.conf будет добавлена запись «allow "
+#~ "bind_v2»."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "slurpd устарел; реплики должны быть перенастроены вручную"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "При обновлении в вашем конфигурационном файле для slapd найден один или "
+#~ "несколько параметров \"replica\" для slurpd. Так как slurpd устарел "
+#~ "начиная с OpenLDAP версии 2.4, для реплик вам нужно перейти на протокол "
+#~ "syncrepl."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Автоматическое преобразование настроек slurpd в настройки основанного на "
+#~ "вытягивании протокола syncrepl невозможно, и поэтому вы должны настроить "
+#~ "свои серверы реплик вручную. Подробней об этом смотрите на странице "
+#~ "http://www.openldap.org/doc/admin24/syncrepl.html."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Изменились значения для TLSCipherSuite"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "При обновлении в настройке slapd был найден параметр \"TLSCipherSuite\". "
+#~ "Допустимые значения этого параметра, определяемые авторами SSL, были "
+#~ "изменены при переходе с OpenSSL на GnuTLS. В результате, имеющаяся "
+#~ "настройка TLSCipherSuite не заработает с этим пакетом."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Данная настройка будет автоматически закомментирована. Если для какого-то "
+#~ "специфичного шифрования вам требуется её использовать, то список "
+#~ "поддерживаемых GnuTLS алгоритмов можно посмотреть, запустив команду "
+#~ "'gnutls-cli -l' из пакета gnutls-bin."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Сделать резервную копию имеющейся базы данных и создать новую?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Вы указали суффикс каталога (домен), который не совпадает с имеющимся в /"
+#~ "etc/ldap/slapd.conf. Изменение суффикса каталога требует перемещения "
+#~ "имеющейся базы данных LDAP и создание новой. Подтвердите, что хотите "
+#~ "сделать резервную копию базы данных и отказаться от имеющейся."
diff --git a/debian/po/sk.po b/debian/po/sk.po
new file mode 100644
index 0000000..72242f1
--- /dev/null
+++ b/debian/po/sk.po
@@ -0,0 +1,425 @@
+# Slovak translations for openldap package
+# Slovenské preklady pre balík openldap.
+# Copyright (C) 2011 THE openldap'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Slavko <linux@slavino.sk>, 2011.
+# Ivan Masár <helix84@centrum.sk>, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.23-7\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-10 10:01+0200\n"
+"Last-Translator: Ivan Masár <helix84@centrum.sk>\n"
+"Language-Team: x\n"
+"Language: sk\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
+"X-Generator: Virtaal 0.7.1\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Vynechať nastavenia servera OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Ak zvolíte túto možnosť, nebude vytvorené počiatočné nastavenie ani databáza."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "vždy"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "keď je treba"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "nikdy"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Pri aktualizácii uložiť databázy do súboru:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Pred aktualizáciou na novšiu verziu servera OpenLDAP môžu byť vaše dáta z "
+"adresárov LDAP uložené do textových súborov vo formáte LDAP Data Interchange "
+"Format, čo je štandardizovaný formát na popis týchto dát."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Výberom „vždy“ zaistíte, že budú databázy uložené do súborov pred každou "
+"aktualizáciou. Voľba „keď je treba“ znamená, že budú databázy uložené len v "
+"prípade, že je nová verzia nekompatibilná s formátom starej databázy, a teda "
+"bude potrebné opätovné nahratie dát. Ak zvolíte „nikdy“, dáta sa nebudú "
+"ukladať."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Adresár pre exportované databázy:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Prosím, zadajte adresár, kam majú byť uložené databázy LDAP. V tomto "
+"adresári bude vytvorených niekoľko súborov LDIF, jeden pre každý koreň "
+"adresárov LDAP daného servera. Presvedčte sa, že je na zvolenej oblasti "
+"dostatok miesta. Prvý výskyt reťazca „VERSION” bude nahradený verziou "
+"servera LDAP, z ktorej aktualizujete."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Presunúť starú databázu?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Vo /var/lib/ldap stále existujú súbory, ktoré pravdepodobne narušia proces "
+"nastavenia. Ak zvolíte túto možnosť, inštalačné skripty pred vytvorením "
+"novej databázy najprv presunú staré databázové súbory inam."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Opakovať nastavenie?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Zadali ste neplatné nastavenie. Skontrolujte, či je zadané doménové meno "
+"(DNS) v platnom tvare, že je vyplnené pole organizácie a heslá "
+"administrátora súhlasia. Ak sa rozhodnete neopakovať nastavenie, ostane "
+"server LDAP nenastavený. Ak budete chcieť opakovať nastavenie neskôr, "
+"spustite „dpkg-reconfigure slapd”."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Meno domény (DNS):"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Meno domény (DNS) sa použije na vytvorenie základného DN adresára LDAP. "
+"Napríklad „foo.example.org“ vytvorí adresár so základným DN „dc=foo, "
+"dc=example, dc=org“."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Názov organizácie:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Prosím, zadajte názov organizácie, ktorý sa použije v základnom DN vášho "
+"adresára LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Heslo správcu:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Prosím zadajte heslo správcu vášho adresára LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Overenie hesla:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Prosím, zadajte znova heslo správcu vášho adresára LDAP na overenie, že ste "
+"ho napísali správne."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Heslá sa nezhodujú"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Zadané heslá nie sú rovnaké. Prosím, skúste to znova."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Chcete aby pri odstránení balíka slapd bola odstránená aj databáza?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Zlyhanie slapcat počas aktualizácie"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Pri aktualizácii adresára LDAP nastala chyba."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Program „slapcat“ zlyhal pri práci s adresárom LDAP. Táto chyba môže byť "
+"spôsobená chybným konfiguračným súborom (napríklad chýbajúce riadky "
+"„moduleload“ s podporou backend databázy)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Táto chyba bude mať za následok, že „slapadd“ neskôr tiež zlyhá. Súbory "
+"starej databázy budú presunuté do /var/backups. Ak budete chcieť skúsiť túto "
+"aktualizáciu neskôr znova, mali by ste najprv presunúť súbory starej "
+"databázy naspäť, opraviť príčinu zlyhania slapcat a spustiť:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Potom presuňte súbory databázy späť medzi zálohy a až potom skúste spustiť "
+"slapadd z ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "prerušiť inštaláciu"
+
+#~ msgid "continue regardless"
+#~ msgstr "napriek tomu pokračovať"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Odporúča sa manuálna aktualizácia schémy ppolicy"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Nová verzia prekrytia politiky hesla (ppolicy; Password Policy) vyžaduje, "
+#~ "aby schéma definovala typ atribútu pwdMaxRecordedFailure, ktorý v "
+#~ "momentálne používanej schéme nie je prítomný. Odporuča sa teraz prerušiť "
+#~ "inštaláciu a aktualizovať schému ppolicy pred aktualizáciou slapd. Ak "
+#~ "používate replikáciu, aktualizáciu schémy by ste mali použiť na každom "
+#~ "serveri predtým, než budete pokračovať v aktualizácii."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr "Bol vytvorený súbor LDIF so zmenami potrebnými na aktualizáciu:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "takže ak slapd používa predvolené pravidlá riadenia prístupu, tieto zmeny "
+#~ "je možné použiť (po spustení slapd) príkazom:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Ak sa namiesto toho rozhodnete pokračovať v inštalácii, nový typ atribúty "
+#~ "sa pridá automaticky, ale zmena sa neprejaví v prekrytiach slapd a môže "
+#~ "to ovplyvniť replikáciu s ostatnými servermi."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Potenciálne nebezpečná konfigurácia riadenia prístupu slapd"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Jedna alebo viac z nastavených databáz obsahuje pravidlo riadenia "
+#~ "prístupu, ktoré umožňuje používateľom meniť väčšinu svojich vlastných "
+#~ "atribútov. To môže byť nebezpečné podľa toho ako sa databáza používa."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "V prípade pravidiel riadenia prístupu slapd, ktoré začínajú na „to *“ sa "
+#~ "odporúča odstrániť všetky prípady „by self write“, aby používatelia mohli "
+#~ "meniť iba konkrétne povolené atribúty."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Ďalšie informácie nájdete v súbore /usr/share/doc/slapd/README.Debian.gz."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Použiť backend databázy:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB a BDB používajú podobné formáty úložiska, ale HDB pridáva podporu "
+#~ "premenovania podstromov. Oba podporujú rovnaké konfiguračné voľby."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "Odporúča sa použiť backend MDB. MDB používa nový formát úložiska a "
+#~ "vyžaduje menej konfigurácie ako BDB či HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "V každom prípade by ste mali skontrolovať, či výsledné nastavenie "
+#~ "databázy zodpovedá vašim potrebám. Ďalšie informácie nájdete v súbore /"
+#~ "usr/share/doc/slapd/README.Debian.gz."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Povoliť protokol LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Zastaraný protokol LDAPv2 je v slapd predvolene zakázaný. Programy a "
+#~ "používatelia by mali prejsť na LDAPv3. Ak máte staré programy, ktoré "
+#~ "nedokážu používať LDAPv3, mali by ste povoliť túto možnosť a do "
+#~ "konfiguračného súboru slapd.conf bude pridaný riadok „allow bind_v2”."
diff --git a/debian/po/sv.po b/debian/po/sv.po
new file mode 100644
index 0000000..61d8bba
--- /dev/null
+++ b/debian/po/sv.po
@@ -0,0 +1,523 @@
+# Translation of openldap debconf template to Swedish
+# Copyright (C) 2010, 2017 Martin Bagge <brother@bsnet.se>
+# This file is distributed under the same license as the openldap package.
+#
+# Martin Ågren <martin.agren@gmail.com>, 2008.
+# Martin Bagge <brother@bsnet.se>, 2010, 2017
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap_2.4.10-2_sv\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-01-12 14:59+0100\n"
+"Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n"
+"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n"
+"Language: sv\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.8.11\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Utelämna konfiguration av OpenLDAP-servern?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Om du aktiverar det här alternativet kommer ingen initial konfiguration "
+"eller databas att skapas åt dig."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "alltid "
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "vid behov"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "aldrig"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Dumpa databaser till fil vid uppgradering:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Innan du uppgraderar till en ny version av OpenLDAP-servern, kan datat från "
+"dina LDAP-kataloger dumpas till klartextfiler i standardformatet LDAP Data "
+"Interchange Format."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Väljer du \"alltid\" kommer databaserna alltid att dumpas före en "
+"uppgradering. Väljer du \"vid behov\" kommer databasen bara dumpas om den "
+"nya versionen är inkompatibel med det gamla databasformatet och måste "
+"återimporteras. Om du väljer \"aldrig\", kommer ingen dump göras."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Katalog att dumpa databaser i:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Ange den katalog dit LDAP-databaser ska exporteras. I denna katalog kommer "
+"flera LDIF-filer att skapas som svarar mot sökbaserna på servern. Se till "
+"att du har tillräckligt med ledigt utrymme på den partition där katalogen "
+"finns. Den första förekomsten av strängen \"VERSION\" ersätts med den "
+"serverversion du uppgraderar från."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Flytta gammal databas?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Det finns fortfarande filer i /var/lib/ldap/ som troligen kommer göra att "
+"konfigurationsprocessen inte fungerar. Om du aktiverar detta val, kommer "
+"administrationsskripten att flytta den gamla databasfilen ur vägen innan en "
+"ny databas skapas."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Försöka konfigurera igen?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Konfigurationen du angav är ogiltig. Säkerställ att DNS-domännamnet är "
+"syntaktiskt giltigt, att organisationsfältet inte lämnats tomt och att "
+"administratörslösenorden överensstämmer. Om du väljer att inte försöka "
+"konfigurera igen kommer LDAP-servern inte att ha korrekta inställningar. Kör "
+"\"dpkg-reconfigure slapd\" om du vill försöka igen senare."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS-domännamn:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNS-domännamnet används för att konstruera bas-DN:et för LDAP-katalogen. "
+"Till exempel kommer \"foo.example.org\" att skapa en katalog med \"dc=foo, "
+"dc=example, dc=org\" som bas-DN."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Organisationsnamn:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Ange namnet på organisationen som ska användas i bas-DN:et för din LDAP-"
+"katalog."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Administratörslösenord:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Ange lösenordet för admin-posten i LDAP-katalogen."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Bekräfta lösenordet:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Ange administratörslösenordet för din LDAP-katalog igen för att verifiera "
+"att du har skrivit in det korrekt."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Lösenorden matchar inte"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "De två lösenord du har angett var inte lika. Försök igen."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Vill du att databasen ska tas bort när slapd rensas bort?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat-fel vid uppgradering"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Ett fel inträffade när LDAP-katalogen uppgraderades."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Programmet \"slapcat\" misslyckades när det extraherade LDAP-katalogen. "
+"Detta kan bero på en felaktig konfigurationsfil (till exempel, saknade "
+"\"moduleload\"-rader för att stödja bakändsdatabasen)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Detta fel kommer göra att \"slapadd\" misslyckas även senare. Den gamla "
+"databasen kommer flyttas till /var/backups. Om du vill försöka utföra den "
+"här uppgraderingen igen, behöver du flytta tillbaka de gamla databasfilerna, "
+"korrigera det som har fått slapcat att misslyckas och köra:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Flytta sedan tillbaka databasfilerna till ett utrymme för säkerhetskopior "
+"och kör slapadd från ${location}."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "avbryt installation"
+
+#~ msgid "continue regardless"
+#~ msgstr "fortsätt oavsett"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Manuell uppdatering av ppolicy-schema rekommenderas"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Den nya versionen av överbryggningen av lösenordspolicyn (ppolicy, "
+#~ "password policy) kräver att schemat definierar attributtypen "
+#~ "pwdMaxRecordedFailure vilket inte är med i nuvarande schema. Det är "
+#~ "rekommenderat att avbryta uppgraderingen nu och uppdatera ppolicy-schemat "
+#~ "före uppgraderingen av slapd. Om replikering används måste "
+#~ "schemauppdateringen appliceras på alla servrar innan uppgraderingen "
+#~ "genomförs."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "En LDIF-fil har skapats med ändringarna som krävs för uppgraderingen:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "om slapd använder standardregler för åtkomsthantering kan dessa ändringar "
+#~ "appliceras (efter att slapd startats) genom följande kommando:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Om du istället fortsätter med installationen kommer den nya attributtypen "
+#~ "att läggas till automatiskt men ändringen kommer inte leda till att "
+#~ "överbryggad slapd agerar på detta. Replikering till andra servrar kan "
+#~ "påverkas."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Potentiellt osäker rättighetsinställning för slapd"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "En eller flera av de inställda databaserna har rättighetsinställningar "
+#~ "som innebär att användare tillåts att ändra de flesta av sina attribut. "
+#~ "Detta kan vara osäkert, beroende på hur databasen används."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "I fallen där rättighetsinställningarna börjar med \"to *\" är det "
+#~ "rekommenderat att ta bort \"by self write\" i förekommande fall. Det får "
+#~ "till följd att användare bara får justera specifikt tillåtna attribut."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Läs /usr/share/doc/slapd/README.Debian.gz för detaljerad information."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Databasbakända att använda:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB och BDB använder liknande lagringsformat, men HDB lägger till stöd "
+#~ "för namnbyten på underträd. Båda stödjer samma konfigurationsalternativ."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "MDB-bakändan är rekommenderad. MDB använder ett nytt lagringsformat och "
+#~ "behöver mindre inställningar än BDB eller HDB."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "I vilket fall, behöver du se över den resulterande databaskonfigurationen "
+#~ "för dina behov. Se /usr/share/doc/slapd/README.Debian.gz för fler "
+#~ "detaljer."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Tillåt LDAPv2-protokollet?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Det inte längre aktuella LDAPv2-protokollet är som standard avaktiverat i "
+#~ "slapd. Program och använder ska uppgradera till LDAPv3. Om du har gamla "
+#~ "program som inte kan använda LDAPv3, behöver du välja detta vilket gör "
+#~ "att \"allow bin_v2\" läggs till i din slapd.conf-fil."
+
+#~ msgid "slurpd is obsolete; replicas must be reconfigured by hand"
+#~ msgstr "slurpd är inte aktuell; repliker måste konfigureras för hand"
+
+#~ msgid ""
+#~ "One or more slurpd \"replica\" options were found in your slapd config "
+#~ "when upgrading. Because slurpd is obsolete beginning with OpenLDAP 2.4, "
+#~ "you will need to migrate your replicas to use the syncrepl protocol "
+#~ "instead."
+#~ msgstr ""
+#~ "En eller flera av slurpds \"replica\"-val har hittats i din slapd-"
+#~ "konfiguration vid uppgraderingen. Eftersom slurpd inte är aktuell längre "
+#~ "från och med OpenLDAP 2.4, kommer du behöva migrera dina repliker till "
+#~ "att använda syncrepl-protokollet istället."
+
+#~ msgid ""
+#~ "The conversion from slurpd to the pull-based syncrepl protocol cannot be "
+#~ "done automatically and you will need to configure your replica servers by "
+#~ "hand. Please see http://www.openldap.org/doc/admin24/syncrepl.html for "
+#~ "details."
+#~ msgstr ""
+#~ "Konverteringen från slurpd till det frågebaserade syncrepl-protokollet "
+#~ "kan inte göras automatiskt och du kommer behöva konfigurera dina replica-"
+#~ "servrar för hand. Se http://www.openldap.org/doc/admin24/syncrepl.html "
+#~ "för detaljer."
+
+#~ msgid "TLSCipherSuite values have changed"
+#~ msgstr "Värden på TLSCipherSuite har ändrats"
+
+#~ msgid ""
+#~ "A \"TLSCipherSuite\" option was found in your slapd config when "
+#~ "upgrading. The values allowed for this option are determined by the SSL "
+#~ "implementation used, which has been changed from OpenSSL to GnuTLS. As a "
+#~ "result, your existing TLSCipherSuite setting will not work with this "
+#~ "package."
+#~ msgstr ""
+#~ "Ett \"TLSCipherSuite\"-val hittades i din slapd-konfiguration vid "
+#~ "uppgraderingen. De värden som tillåts för detta val avgörs av den SSL-"
+#~ "implementation som används och detta har ändrats från OpenSSL till "
+#~ "GnuTLS. Som en följd av detta kommer inte din befintliga TLSCipherSuite-"
+#~ "inställning att fungera med det här paketet."
+
+#~ msgid ""
+#~ "This setting has been automatically commented out for you. If you have "
+#~ "specific encryption needs that require this option to be re-enabled, see "
+#~ "the output of 'gnutls-cli -l' in the gnutls-bin package for the list of "
+#~ "ciphers supported by GnuTLS."
+#~ msgstr ""
+#~ "Den inställning har automatiskt kommenterats ut åt dig. Om du har "
+#~ "särskilda krypteringsbehov som kräver att detta val återaktiveras, se "
+#~ "utdatat från \"gnutls-cli -l\" i gnutls-bin-paketet för en lista över "
+#~ "krypton som stöds av GnuTLS."
+
+#~ msgid "Back up current database and create a new one?"
+#~ msgstr "Säkerhetskopiera aktuell databas och skapa en ny?"
+
+#~ msgid ""
+#~ "The directory suffix (domain) you specified doesn't match the one "
+#~ "currently in /etc/ldap/slapd.conf. Changing the directory suffix requires "
+#~ "moving aside the current LDAP database and creating a new one. Please "
+#~ "confirm whether you want to back up and abandon the current database."
+#~ msgstr ""
+#~ "Katalogsuffixet (domänen) du angett matchar inte den som för tillfället "
+#~ "anges i /etc/ldap/slapd.conf. Om du ändrar katalogsuffixet krävs att du "
+#~ "flyttar den nuvarande LDAP-databasen å sidan och skapar en ny. Bekräfta "
+#~ "att du vill säkerhetskopiera och överge den nuvarande databasen."
+
+#~ msgid "Change backend type from LDBM to BDB?"
+#~ msgstr "Ändra bakändstyp från LDBM till BDB?"
+
+#~ msgid ""
+#~ "The LDBM backend type has serious stability problems and has been "
+#~ "deprecated by OpenLDAP as of 2.2. It is no longer supported by the "
+#~ "OpenLDAP packages."
+#~ msgstr ""
+#~ "LDBM-bakändstypen har allvarliga stabilitetsproblem och har blivit "
+#~ "utdaterad av OpenLDAP från och med 2.2. Den stöds inte längre av OpenLDAP-"
+#~ "paketen."
+
+#~ msgid ""
+#~ "When the BDB backend is used, it must be configured properly. For more "
+#~ "information, see /usr/share/doc/slapd/README.DB_CONFIG.gz."
+#~ msgstr ""
+#~ "När BDB-bakändan används, måste den konfigureras ordentligt. För mer "
+#~ "information, se /usr/share/doc/slapd/README.DB_CONFIG.gz."
+
+#~ msgid ""
+#~ "If you enable this option, an attempt will be made to update the "
+#~ "configuration to use BDB instead of LDBM and convert the databases. If "
+#~ "you do not enable this option, the upgrade will be aborted."
+#~ msgstr ""
+#~ "Om du aktiverar detta val, kommer ett försök göras att uppdatera "
+#~ "konfigurationen till att använda BDB istället för LDBM och konvertera "
+#~ "databaserna. Om du inte aktiverar detta val, kommer uppgraderingen att "
+#~ "avbrytas."
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
new file mode 100644
index 0000000..13e8b15
--- /dev/null
+++ b/debian/po/templates.pot
@@ -0,0 +1,276 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the openldap package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr ""
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr ""
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr ""
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
diff --git a/debian/po/tr.po b/debian/po/tr.po
new file mode 100644
index 0000000..a8c053f
--- /dev/null
+++ b/debian/po/tr.po
@@ -0,0 +1,439 @@
+# Turkish translation of openldap.
+# This file is distributed under the same license as the openldap package.
+# Atila KOÇ <koc@artielektronik.com.tr>, 2012, 2014, 2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2023-01-09 14:16+0300\n"
+"Last-Translator: Atila KOÇ <koc@artielektronik.com.tr>\n"
+"Language-Team: Turkish <debian-l10n-turkish@lists.debian.org>\n"
+"Language: tr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 2.4.2\n"
+"Plural-Forms: nplurals=2; plural=(n > 1);\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "OpenLDAP sunucu yapılandırması atlansın mı?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Bu seçeneği seçmeniz durumunda, sizin için ne bir ön yapılandırma yapılacak "
+"ne de bir veritabanı yaratılacaktır."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "her zaman"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "gerektiğinde"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "hiçbir zaman"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Yükseltme öncesinde veritabanlarının dökümü yapılsın mı:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"OpenLDAP sunucu sürümünüzü yükseltmeden önce, LDAP dizinlerindeki "
+"verileriniz LDAP Veri Değişimi Biçimi (LDIF) biçiminde metin dosyalarına "
+"dökülerek yedeklenebilir."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"'her zaman' seçimi, veritabanlarının her yükseltme öncesinde koşulsuz bir "
+"dökümünü sağlayacaktır. 'gerektiğinde' seçimi, yeni ile eski sürüm arasında "
+"veritabanı biçim farklılığı varsa ve bu nedenle yeni veritabanına eski "
+"verilerin sonradan alınması gerekirse döküm yapacaktır. \"hiçbir zaman\" "
+"seçeneğini seçerseniz döküm yapılmayacaktır."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Veritabanlarının dökümü için kullanılacak dizin:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"LDAP veritabanının dışa aktarımı için bir dizin belirtin. Bu dizine sunucuda "
+"varolan arama tabanlarına karşılık gelen bir çok LDIF dosyası "
+"kaydedilecektir. İlgili dizinin bulunduğu disk bölümünde yeterince boş alan "
+"olduğundan emin olun. \"VERSION\" dizgesinin ilki, yükseltme işleminden "
+"önceki sunucu sürümünüzle değiştirilecektir."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Eski veritabanı taşınsın mı?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"/var/lib/ldap dizininde yapılandırma sürecini bozabilecek bazı dosyalar "
+"bulunmaktadır. Bu seçeneği seçerseniz, bakımcı betikleri yeni bir veritabanı "
+"yaratmadan önce bu eski veritabanı dosyalarını başka bir yere taşıyacaktır."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Yapılandırma yeniden denensin mi?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Girdiğiniz yapılandırma ayarları geçersiz. DNS alan adının söz dizimsel "
+"olarak geçerli olduğundan, kurum adı için ayrılmış alanın boş olmadığından "
+"ve yönetici parolalarının uyumlu olduğundan emin olun. Yapılandırmayı "
+"yeniden denemeyi seçmezseniz, LDAP sunucu kurulmayacaktır. Kurulumu sonra "
+"yeniden denemek için, 'dpkg-reconfigure slapd' komutunu çalıştırın."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "DNS alan adı:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"DNS alan adı LDAP dizininin temel DN yapılandırması için kullanılmıştır. "
+"Örneğin, 'foo.example.org' alan adı 'dc=foo, dc=example, dc=org' temel DN'ye "
+"sahip dizini yaratacaktır."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Kurum adı:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr "LDAP dizininin temel DN'si olarak kullanılacak kurum adını girin."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Yönetici parolası:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "LDAP dizini yöneticisi için parola girin."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Parolayı doğrulayın:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Doğru yazdığınızdan emin olmak için LDAP dizini yönetici parolasını yeniden "
+"girin."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Parola uyumsuzluğu"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Girdiğiniz iki parola aynı değil, yeniden deneyin."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr ""
+"slapd paketi kaldırıldığında veritabanının da kaldırılmasını ister misiniz?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "Yükseltme sırasında slapcat hatası"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "LDAP dizini yükseltilirken bir hata oluştu."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"'slapcat' programı LDAP dizinini dışa aktarırken başarısız oldu. Buna hatalı "
+"bir yapılandırma dosyası neden olmuş olabilir (örneğin, arka uç veritabanını "
+"desteklemek için gerekli 'moduleload' satırlarının eksik olması gibi)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Bu hata daha sonra 'slapadd' programının da hata vermesine neden olacaktır. "
+"Eski veritabanı dosyaları /var/backups dizinine taşınacaktır. Eğer bu "
+"yükseltmeyi yeniden denemek isterseniz, eski veritabanı dosyalarını "
+"yerlerine geri almalı, 'slapcat' programının hatasına neden olan her ne ise "
+"düzeltmeli ve aşağıdaki komutu çalıştırmalısınız:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Daha sonra veritabanı dosyalarını bir yedekleme alanına geri taşıyın ve "
+"${location} konumundan 'slapadd' komutunu çalıştırın."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr "Kurulum sonrası görevleri yürütürken hata oluştu"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+"Kurulum sonrası bazı görevleri yürütürken bir ya da daha fazla hata oluştu. "
+"Bunun nedeni slapd paketinin bir ya da daha fazla LDAP veritabanını "
+"dönüştürememiş olması veya varolan OpenLDAP kurulumunun kullandığı bir arka "
+"ucun artık desteklenmiyor olması olabilir."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+"Kurulum sonrası görevleri yerine getirmekten sorumlu bakımcı betikleri "
+"tamamlandı, ancak slapd hizmeti yeniden başlatılamadı. Buna neden olan "
+"sorunu gidermeli ve sonra hizmeti elle başlatmalısınız."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+"Karşınıza çıkabilecek olası sorunlar ve çözümleri hakkında daha fazla bilgi "
+"almak için /usr/share/doc/slapd/ dizinideki README.Debian dosyasına "
+"bakabilirsiniz."
+
+#~ msgid "abort installation"
+#~ msgstr "kurulumdan çık"
+
+#~ msgid "continue regardless"
+#~ msgstr "yine de sürdür"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "ppolicy şemasının elle yükseltilmesi öneriliyor"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Parola ilkesi katmanının (ppolicy) yeni sürümü, şu anda kullanılmakta "
+#~ "olan şemanın içermediği pwdMaxRecordedFailure özniteliğinin şemada "
+#~ "tanımlanmasını gerektiriyor. Şimdi kurulumdan çıkmanız ve slapd "
+#~ "yükseltmesine başlamadan önce ppolicy şemasını güncellemeniz önerilir. "
+#~ "Eğer dizinlerinizi kopyalayan başka sunucular varsa, yükseltmeye "
+#~ "başlamadan önce bütün sunuculardaki şemaları güncellemeniz gerekiyor."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "Yükseltme için gerekli değişiklikleri içeren bir LDIF dosyası oluşturuldu:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "Eğer slapd öntanımlı erişim denetimi kurallarını kullanıyorsa, bu "
+#~ "değişiklikler slapd başlatıldıktan sonra aşağıdaki komutu çalıştırarak "
+#~ "uygulanabilir:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Eğer kurulumu sürdürmeyi yeğlerseniz, yeni öznitelik kendiliğinden "
+#~ "eklenecek fakat bu değişim slapd katmanlarında hayata geçmeyecek ve "
+#~ "dizinleri kopyalayan sunucular varsa bu durumdan etkilenebileceklerdir."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Olası güvensiz slapd erişim denetimi yapılandırması"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Yapılandırılmış bir ya da daha fazla veritabanında, kullanıcıların "
+#~ "kendilerine ait bir çok özelliği değiştirmesine izin veren bir erişim "
+#~ "denetimi kuralı var. Bu durum, veritabanı kullanım şekline bağlı olarak, "
+#~ "güvenli olmayabilir."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "\"to *\" ile başlayan slapd erişim kurallarında, kullanıcıların yalnızca "
+#~ "değiştirilmesine izin verilmiş özellikleri değiştirebilmeleri için, tüm "
+#~ "\"by self write\" alanlarının kaldırılması önerilir."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Daha fazla bilgi için /usr/share/doc/slapd/README.Debian.gz dosyasını "
+#~ "okuyunuz."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Kullanılacak veritabanı arka ucu:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB ve BDB benzer depolama biçimleri kullanırlar, fakat HDB alt ağaç "
+#~ "yeniden adlandırmalarına olanak tanır. Her ikisi de aynı yapılandırma "
+#~ "seçeneklerini desteklerler."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "MDB arka ucu önerilir. MDB yeni bir depolama biçimi kullanır ve BDB ya da "
+#~ "HDB'ye göre daha az yapılandırma gerektirir."
+
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Her durumda sonuçlanan veritabanı yapılandırmasının gereksinimlerinize "
+#~ "uyduğundan emin olmalısınız. Daha fazla bilgi için /usr/share/doc/slapd/"
+#~ "README.Debian.gz dosyasını okuyunuz."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "LDAPv2 iletişim kuralına izin verilsin mi?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Eskimiş LDAPv2 iletişim kuralı slapd yapılandırmasında öntanımlı olarak "
+#~ "devre dışı bırakılmıştır. Programlar ve kullanıcılar LDAPv3 iletişim "
+#~ "kuralına geçmelidirler. LDAPv3 iletişim kuralına geçemeyecek eski "
+#~ "programlarınız varsa slapd.conf dosyasına 'allow bind_v2' satırını "
+#~ "ekleyecek olan bu seçeneği seçmelisiniz."
diff --git a/debian/po/vi.po b/debian/po/vi.po
new file mode 100644
index 0000000..b8c5cff
--- /dev/null
+++ b/debian/po/vi.po
@@ -0,0 +1,431 @@
+# Vietnamese translation for OpenLDAP.
+# Copyright © 2010 Free Software Foundation, Inc.
+# Clytie Siddall <clytie@riverland.net.au>, 2005-2010.
+# Trần Ngọc Quân <vnwildman@gmail.com>, 2014, 2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openldap 2.4.44+dfsg-4\n"
+"Report-Msgid-Bugs-To: openldap@packages.debian.org\n"
+"POT-Creation-Date: 2021-08-16 01:12+0000\n"
+"PO-Revision-Date: 2017-02-09 13:57+0700\n"
+"Last-Translator: Trần Ngọc Quân <vnwildman@gmail.com>\n"
+"Language-Team: Vietnamese <debian-l10n-vietnamese@lists.debian.org>\n"
+"Language: vi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Gtranslator 2.91.7\n"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid "Omit OpenLDAP server configuration?"
+msgstr "Bỏ qua bước cấu hình trình phục vụ OpenLDAP?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:1001
+msgid ""
+"If you enable this option, no initial configuration or database will be "
+"created for you."
+msgstr ""
+"Bật tùy chọn này thì không tạo cho bạn cấu hình hay cơ sở dữ liệu đầu tiên."
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "always"
+msgstr "luôn luôn"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "when needed"
+msgstr "khi cần thiết"
+
+#. Type: select
+#. Choices
+#: ../slapd.templates:2001
+msgid "never"
+msgstr "không bao giờ"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid "Dump databases to file on upgrade:"
+msgstr "Đổ các cơ sở dữ liệu vào tập tin khi nâng cấp:"
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Before upgrading to a new version of the OpenLDAP server, the data from your "
+"LDAP directories can be dumped into plain text files in the standard LDAP "
+"Data Interchange Format."
+msgstr ""
+"Trước khi nâng cấp lên phiên bản mới của trình phục vụ OpenLDAP, dữ liệu nằm "
+"trong các thư mục LDAP có thể được đổ vào tập tin nhập thô theo định dạng "
+"trao đổi dữ liệu LDAP tiêu chuẩn."
+
+#. Type: select
+#. Description
+#: ../slapd.templates:2002
+msgid ""
+"Selecting \"always\" will cause the databases to be dumped unconditionally "
+"before an upgrade. Selecting \"when needed\" will only dump the database if "
+"the new version is incompatible with the old database format and it needs to "
+"be reimported. If you select \"never\", no dump will be done."
+msgstr ""
+"Chọn mục “luôn luôn” thì gây ra các cơ sở dữ liệu bị đổ một cách không điều "
+"kiện trước khi nâng cấp. Chọn “khi cần thiết” thì chỉ đổ cơ sở dữ liệu nếu "
+"phiên bản mới không tương thích với định dạng cơ sở dữ liệu cũ và cần phải "
+"nhập lại nó. Còn chọn “không bao giờ” thì không đổ gì."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid "Directory to use for dumped databases:"
+msgstr "Thư mục dùng để đổ cơ sở dữ liệu:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:3001
+msgid ""
+"Please specify the directory where the LDAP databases will be exported. In "
+"this directory, several LDIF files will be created which correspond to the "
+"search bases located on the server. Make sure you have enough free space on "
+"the partition where the directory is located. The first occurrence of the "
+"string \"VERSION\" is replaced with the server version you are upgrading "
+"from."
+msgstr ""
+"Ghi rõ tên thư mục vào đó cần xuất các cơ sở dữ liệu LDAP. Trong thư mục này "
+"thì tạo vài tập tin LDIF tương ứng với những cơ bản tìm kiếm nằm trên máy "
+"phục vụ. Hãy kiểm tra xem vẫn có đủ sức chứa trống trong phân vùng đó. Lần "
+"đầu tiên gặp chuỗi “VERSION” (phiên bản) thì được thay thế bằng phiên bản từ "
+"đó bạn đang nâng cấp."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid "Move old database?"
+msgstr "Di chuyển cơ sở dữ liệu cũ?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:4001
+msgid ""
+"There are still files in /var/lib/ldap which will probably break the "
+"configuration process. If you enable this option, the maintainer scripts "
+"will move the old database files out of the way before creating a new "
+"database."
+msgstr ""
+"Vẫn còn có một số tập tin nằm trong thư mục “/var/lib/ldap” mà rất có thể "
+"làm hỏng tiến trình cấu hình. Bật tùy chọn này thì văn lệnh bảo trì chuyển "
+"các tập tin cơ sở dữ liệu ra trước khi tạo một cơ sở dữ liệu mới."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid "Retry configuration?"
+msgstr "Thử cấu hình lại?"
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:5001
+msgid ""
+"The configuration you entered is invalid. Make sure that the DNS domain name "
+"is syntactically valid, the field for the organization is not left empty and "
+"the admin passwords match. If you decide not to retry the configuration the "
+"LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to "
+"retry later."
+msgstr ""
+"Bạn đã nhập một cấu hình không hợp lệ. Hãy kiểm tra lại tên miền DNS có cú "
+"pháp đúng, không bỏ trống trường tổ chức, và có hai mật khẩu quản lý trùng "
+"nhau. Nếu bạn quyết định không nên thử lại làm bước cấu hình thì không cài "
+"đặt trình phục vụ LDAP. Muốn thử lại về sau thì chạy lệnh cấu hình lại “dpkg-"
+"reconfigure slapd”."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid "DNS domain name:"
+msgstr "Tên miền DNS:"
+
+# The DNS domain name is used to construct the base DN of your LDAP
+# directory. Entering foo.bar.org will give you the base DN dc=foo, dc=bar,
+# dc=org.
+#. Type: string
+#. Description
+#: ../slapd.templates:6001
+msgid ""
+"The DNS domain name is used to construct the base DN of the LDAP directory. "
+"For example, 'foo.example.org' will create the directory with 'dc=foo, "
+"dc=example, dc=org' as base DN."
+msgstr ""
+"Tên miền DNS được dùng để cấu trúc tên miền cơ bản của thư mục LDAP. Chẳng "
+"hạn, “foo.thí_dụ.org” sẽ tạo thư mục có “dc=foo, dc=thí_dụ, dc=org” là tên "
+"miền cơ bản."
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid "Organization name:"
+msgstr "Tên tổ chức:"
+
+#. Type: string
+#. Description
+#: ../slapd.templates:7001
+msgid ""
+"Please enter the name of the organization to use in the base DN of your LDAP "
+"directory."
+msgstr ""
+"Hãy nhập tên của tổ chức cần dùng trong tên miền cơ bản của thư mục LDAP."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Administrator password:"
+msgstr "Mật khẩu quản trị:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:8001
+msgid "Please enter the password for the admin entry in your LDAP directory."
+msgstr "Hãy nhập mật khẩu cho mục nhập quản trị trong thư mục LDAP của bạn."
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid "Confirm password:"
+msgstr "Xác nhận mật khẩu:"
+
+#. Type: password
+#. Description
+#: ../slapd.templates:9001
+msgid ""
+"Please enter the admin password for your LDAP directory again to verify that "
+"you have typed it correctly."
+msgstr ""
+"Hãy nhập lại mật khẩu quản trị cho thư mục LDAP để xác nhận lại bạn đã gõ "
+"đúng."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "Password mismatch"
+msgstr "Mật khẩu không khớp"
+
+#. Type: note
+#. Description
+#: ../slapd.templates:10001
+msgid "The two passwords you entered were not the same. Please try again."
+msgstr "Bạn đã gõ hai mật khẩu khác nhau. Hãy thử lại."
+
+#. Type: boolean
+#. Description
+#: ../slapd.templates:11001
+msgid "Do you want the database to be removed when slapd is purged?"
+msgstr "Khi tẩy gói phần mềm slapd, bạn có muốn xóa bỏ cơ sở dữ liệu đi không?"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "slapcat failure during upgrade"
+msgstr "slapcat gặp lỗi trong khi nâng cấp"
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid "An error occurred while upgrading the LDAP directory."
+msgstr "Gặp lỗi trong khi nâng cấp thư mục LDAP."
+
+#. Type: error
+#. Description
+#: ../slapd.templates:14001
+msgid ""
+"The 'slapcat' program failed while extracting the LDAP directory. This may "
+"be caused by an incorrect configuration file (for example, missing "
+"'moduleload' lines to support the backend database)."
+msgstr ""
+"Chương trình “slapcat” bị lỗi trong khi giải nén thư mục LDAP. Có thể do một "
+"tập tin cấu hình sai (v.d. thiếu dòng “moduleload” để hỗ trợ cơ sở dữ liệu "
+"ứng dụng chạy phía sau)."
+
+#. Type: error
+#. Description
+#. This paragraph is followed by a (non translatable) paragraph
+#. containing a command line
+#: ../slapd.templates:14001
+msgid ""
+"This failure will cause 'slapadd' to fail later as well. The old database "
+"files will be moved to /var/backups. If you want to try this upgrade again, "
+"you should move the old database files back into place, fix whatever caused "
+"slapcat to fail, and run:"
+msgstr ""
+"Lỗi này cũng sẽ là nguyên nhân làm cho tiến trình “slapadd” thất bại về sau. "
+"Các tập tin cơ sở dữ liệu cũ sẽ được di chuyển vào thư mục “/var/backups”. "
+"Muốn thử lại tiến trình nâng cấp thì bạn nên di chuyển các tập tin cơ sở dữ "
+"liệu cũ về nơi gốc, sửa chữa những gì làm cho slapcat bị lỗi, và chạy câu "
+"lệnh:"
+
+#. Type: error
+#. Description
+#. Translators: keep "${location}" unchanged. This is a variable that
+#. will be replaced by a directory name at execution
+#: ../slapd.templates:14001
+msgid ""
+"Then move the database files back to a backup area and then try running "
+"slapadd from ${location}."
+msgstr ""
+"Sau đó, hãy di chuyển các tập tin cơ sở dữ liệu sang một vùng sao lưu, và "
+"thử chạy trình slapadd từ vị trí “${location}”."
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid "Error while performing post-installation tasks"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"There has been one or more errors while performing some post-installation "
+"tasks. This probably means that the slapd package could not automatically "
+"migrate one or more LDAP databases, or that a backend being used by the "
+"current OpenLDAP installation is not supported anymore."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"The maintainer script responsible for executing the post-installation tasks "
+"has exited, but the slapd service has NOT been (re)started. You will need to "
+"manually fix the problem and then start the service."
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../slapd.templates:15001
+msgid ""
+"For more information on possible problematic scenarios and how to address "
+"them, please take a look at the README.Debian file (under /usr/share/doc/"
+"slapd/)."
+msgstr ""
+
+#~ msgid "abort installation"
+#~ msgstr "hủy bỏ cài đặt"
+
+#~ msgid "continue regardless"
+#~ msgstr "vẫn tiếp tục"
+
+#~ msgid "Manual ppolicy schema update recommended"
+#~ msgstr "Khuyến khích cập nhật lược đồ ppolicy"
+
+#~ msgid ""
+#~ "The new version of the Password Policy (ppolicy) overlay requires the "
+#~ "schema to define the pwdMaxRecordedFailure attribute type, which is not "
+#~ "present in the schema currently in use. It is recommended to abort the "
+#~ "upgrade now, and to update the ppolicy schema before upgrading slapd. If "
+#~ "replication is in use, the schema update should be applied on every "
+#~ "server before continuing with the upgrade."
+#~ msgstr ""
+#~ "Phiên bản mới của overlay Chính sách Mật khẩu (ppolicy) cần lược đồ để "
+#~ "định nghĩa kiểu thuộc tính pwdMaxRecordedFailure, cái mà không hiện diện "
+#~ "trong lược đồ hiện đang dùng. Khuyến khích bạn bây giờ bãi bỏ nâng cấp, "
+#~ "và cập nhật lược đồ trước khi nâng cấp slapd. Nếu bản sao đang dùng, cập "
+#~ "nhật lược đồ có thể được áp dụng cho mọi máy phục vụ trước khi tiếp tục "
+#~ "với nâng cấp."
+
+#~ msgid ""
+#~ "An LDIF file has been generated with the changes required for the upgrade:"
+#~ msgstr ""
+#~ "Một tập tin LDIF đã được tạo với các thay đổi theo yêu cầu cập nhật:"
+
+#~ msgid ""
+#~ "so if slapd is using the default access control rules, these changes can "
+#~ "be applied (after starting slapd) by using the command:"
+#~ msgstr ""
+#~ "như vậy nếu slapd đang sử dụng các quy tắc điều khiển truy cập mặc định, "
+#~ "những thay đổi có thể được áp dụng (sau khi khởi động slapd) bằng cách "
+#~ "dùng lệnh:"
+
+#~ msgid ""
+#~ "If instead you choose to continue the installation, the new attribute "
+#~ "type will be added automatically, but the change will not be acted on by "
+#~ "slapd overlays, and replication with other servers may be affected."
+#~ msgstr ""
+#~ "Nếu thay vào đó bạn chọn tiếp tục cài đặt, kiểu thuộc tính mới sẽ được "
+#~ "thêm một cách tự động, nhưng thay đổi sẽ không được thực hiện trên các "
+#~ "overlay slapd, và bản sao với các máy phục vụ khác có thể chịu tác động."
+
+#~ msgid "Potentially unsafe slapd access control configuration"
+#~ msgstr "Cấu hình điều khiển truy cập slapd tiềm ẩn sự thiếu an toàn"
+
+#~ msgid ""
+#~ "One or more of the configured databases has an access control rule that "
+#~ "allows users to modify most of their own attributes. This may be unsafe, "
+#~ "depending on how the database is used."
+#~ msgstr ""
+#~ "Có một hay hơn cơ sở dữ liệu cấu hình có chứa quy tắc điều khiển truy cập "
+#~ "mà nó lại cho phép người dùng sửa đổi phần lớn các thuộc tính mà họ sở "
+#~ "hữu. Như vậy là thiếu an toàn, còn tùy thuộc vào cơ sở dữ liệu dùng để "
+#~ "làm gì."
+
+#~ msgid ""
+#~ "In the case of slapd access rules that begin with \"to *\", it is "
+#~ "recommended to remove any instances of \"by self write\", so that users "
+#~ "are only able to modify specifically allowed attributes."
+#~ msgstr ""
+#~ "Trong trường hợp quy tắc truy cập slapd mà bắt đầu bằng \"to *\", khuyên "
+#~ "bạn nên xóa bỏ mọi thực thể \"by self write\", như thế người dùng chỉ có "
+#~ "thể sửa các thuộc tính cho phép đã chỉ ra."
+
+#~ msgid "See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr "Đọc /usr/share/doc/slapd/README.Debian.gz để biết thêm chi tiết."
+
+#~ msgid "Database backend to use:"
+#~ msgstr "Ứng dụng chạy cơ sở dữ liệu cần dùng:"
+
+#~ msgid ""
+#~ "HDB and BDB use similar storage formats, but HDB adds support for subtree "
+#~ "renames. Both support the same configuration options."
+#~ msgstr ""
+#~ "HDB và BDB dùng định dạng lưu trữ tương tự nhau, nhưng HDB thêm hỗ trợ để "
+#~ "thay đổi tên của cây con. Cả hai hỗ trợ cùng những tùy chọn cấu hình."
+
+#~ msgid ""
+#~ "The MDB backend is recommended. MDB uses a new storage format and "
+#~ "requires less configuration than BDB or HDB."
+#~ msgstr ""
+#~ "Khuyên bạn dùng ứng dụng chạy phía sau MDB. MDB dùng định dạng lưu trữ "
+#~ "mới và phần cấu hình cũng ít hơn là BDB hay HDB."
+
+# The BDB backend is the recommended choice of the OpenLDAP developers.
+# When using the BDB backend make sure that you configure the underlying
+# database for your requirements. Look into /usr/share/doc/slapd/README.
+# DB_CONFIG.gz
+#~ msgid ""
+#~ "In any case, you should review the resulting database configuration for "
+#~ "your needs. See /usr/share/doc/slapd/README.Debian.gz for more details."
+#~ msgstr ""
+#~ "Trong mỗi trường hợp, bạn nên xem lại cấu hình cơ sở dữ liệu kết quả có "
+#~ "thích hợp với nhu cầu của bạn. Xem tài liệu Đọc Đi “/usr/share/doc/slapd/"
+#~ "README.DB_CONFIG.gz” để tìm chi tiết."
+
+#~ msgid "Allow LDAPv2 protocol?"
+#~ msgstr "Cho phép giao thức LDAPv2?"
+
+#~ msgid ""
+#~ "The obsolete LDAPv2 protocol is disabled by default in slapd. Programs "
+#~ "and users should upgrade to LDAPv3. If you have old programs which can't "
+#~ "use LDAPv3, you should select this option and 'allow bind_v2' will be "
+#~ "added to your slapd.conf file."
+#~ msgstr ""
+#~ "Giao thức LDAPv2 (phiên bản 2) cũ bị tắt theo mặc định trong slapd. Các "
+#~ "chương trình và người dùng đều nên nâng cấp lên LDAPv3 (phiên bản 3). Có "
+#~ "chương trình cũ không thể dùng LDAPv3 thì bạn nên bật tùy chọn này và "
+#~ "thêm chuỗi “allow bind_v2” vào tập tin cấu hình “slapd.conf”."
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..3fab06f
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,187 @@
+#!/usr/bin/make -f
+
+include /usr/share/dpkg/architecture.mk
+include /usr/share/dpkg/pkg-info.mk
+
+# Set this variable if you're building packages outside of Debian and don't
+# want the checks for DFSG-freeness.
+#DFSG_NONFREE = 1
+
+export DEB_CFLAGS_MAINT_APPEND := -Wall -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
+
+# Expose maintainer address to build/mkversion (see debian/patches/set-maintainer-name)
+export DEB_MAINTAINER := $(shell sed -ne 's/Maintainer:\s\+//p' debian/control)
+
+# Expose DEB_VERSION to build/version.sh (see debian/patches/debian-version)
+export DEB_VERSION
+
+# Workaround for bad glibc behavior when resolving localhost
+export RESOLV_MULTI = off
+
+CONFIG = $(shell grep -v "^\#" debian/configure.options)
+ifeq ($(DEB_HOST_ARCH_OS),hurd)
+ CONFIG += --disable-mdb
+endif
+ifneq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
+ CONFIG += --disable-slapd
+endif
+
+CONTRIB_MODULES = autogroup lastbind passwd passwd/pbkdf2 passwd/sha2 smbk5pwd
+
+# Ensure CC is set correctly for cross builds, unless it has already
+# been set explicitly.
+ifeq ($(origin CC),default)
+ export CC := $(DEB_HOST_GNU_TYPE)-gcc
+endif
+
+installdir := $(CURDIR)/debian/tmp
+builddir := $(CURDIR)/debian/build
+slapddir := $(CURDIR)/debian/slapd/usr/sbin
+
+# Standard variables used in contrib Makefiles.
+# We override these in make invocations rather than patch every one.
+CONTRIB_MAKEVARS := \
+ LDAP_BUILD='$(builddir)' \
+ OPT= \
+ prefix=/usr \
+ ldap_subdir=/ldap \
+ moduledir='$$(libdir)$$(ldap_subdir)'
+
+DH = dh $@ --builddirectory=$(builddir)
+.PHONY: build
+build:
+ $(DH)
+%:
+ $(DH)
+
+override_dh_auto_configure:
+ # Check if we include the RFCs, Internet-Drafts, or upstream schemas
+ # with RFC text (which are non DFSG-free). You can set DFSG_NONFREE
+ # to build the packages from the unchanged upstream sources but Debian
+ # can not ship the RFCs in main so this test is here to make sure it
+ # does not get in by accident again. -- Torsten
+ if [ -z "$(DFSG_NONFREE)" ]; then \
+ if [ -e doc/drafts ] || [ -e doc/rfc ]; then exit 1; fi; \
+ if [ -e servers/slapd/schema/core.schema ] \
+ && grep -q 'RFC 4519 definition' servers/slapd/schema/core.schema; \
+ then \
+ exit 1; \
+ fi; \
+ fi
+
+ # Copy our stripped schema versions into where upstream expects them.
+ if [ -z "$(DFSG_NONFREE)" ]; then \
+ cp debian/schema/*.schema debian/schema/*.ldif \
+ servers/slapd/schema/; \
+ fi
+
+ dh_auto_configure -- $(CONFIG)
+
+override_dh_auto_build:
+ dh_auto_build
+ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
+ # passwd/sha2 needs special handling, see #1030716 and LP: #2000817
+ for mod in $(CONTRIB_MODULES); do \
+ if [ "$$mod" = "passwd/sha2" ]; then \
+ EXTRA_OPT="-fno-strict-aliasing"; \
+ else \
+ EXTRA_OPT=""; \
+ fi; \
+ dh_auto_build -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) OPT+=$$EXTRA_OPT || exit $$?; \
+ done
+endif
+
+override_dh_auto_install:
+ dh_auto_install -- STRIP_OPTS=
+ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
+ for mod in $(CONTRIB_MODULES); do \
+ dh_auto_install -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) || exit $$?; \
+ done
+
+ # Empty the dependency_libs file in the .la files.
+ for F in $(installdir)/usr/lib/ldap/*.la; do \
+ sed -i "s/^dependency_libs=.*/dependency_libs=''/" $$F; \
+ done
+endif
+
+ # Check all built libraries for unresolved symbols except for the
+ # libslapi library. It is a special case since the SLAPI interface
+ # depends on symbols defined in slapd itself. Those symbols will
+ # remain unresolved until the plugin is loaded into slapd.
+ for F in $(installdir)/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.*.*.*; do \
+ if echo "$$F" | grep -q libslapi ; then \
+ continue; \
+ fi; \
+ if LD_LIBRARY_PATH=$(installdir)/usr/lib/$(DEB_HOST_MULTIARCH) ldd -d -r $$F 2>&1 | grep '^undefined symbol:'; then \
+ echo; \
+ echo "library $$F has undefined references. Please fix this before continuing."; \
+ exit 1; \
+ fi; \
+ done
+
+ # Upstream manpages are section 8C but installed as section 8
+ find $(installdir)/usr/share/man -name \*.8 \
+ | xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
+
+override_dh_installinit:
+ dh_installinit --no-restart-after-upgrade --error-handler=ignore_init_failure -- "defaults 19 80"
+
+ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
+override_dh_fixperms-arch:
+ dh_fixperms
+ chmod +x $(CURDIR)/debian/slapd/usr/share/slapd/ldiftopasswd
+endif
+
+override_dh_strip:
+ dh_strip -pslapd --dbgsym-migration='slapd-dbg (<< 2.4.45+dfsg-1~)'
+ dh_strip --remaining-packages
+ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
+ # hardlink these so not confined by apparmor; do this here and not
+ # in dh_link so that dh_strip doesn't get confused and put the wrong
+ # binary in the debug package.
+ for f in slapacl slapadd slapauth slapcat slapdn slapindex slapmodify slappasswd slapschema slaptest; do \
+ ln -f $(slapddir)/slapd $(slapddir)/$$f ; \
+ done
+endif
+
+override_dh_link:
+ sed -e"s/\$${DEB_HOST_MULTIARCH}/$(DEB_HOST_MULTIARCH)/g" < debian/libldap-dev.links.in > debian/libldap-dev.links
+ dh_link
+
+ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
+override_dh_makeshlibs:
+ echo "slapd:Provides=$$(objdump -p debian/slapd/usr/lib/$(DEB_HOST_MULTIARCH)/libslapi-*.so.* \
+ | sed -ne '/SONAME/ { s/[[:space:]]*SONAME[[:space:]]*//; \
+ s/\.so\./-/; p; q }' \
+ )" >> debian/slapd.substvars
+ dh_makeshlibs -pslapd -X/usr/lib/ldap/ -V "$$(sed -ne's/slapd:Provides=//p' debian/slapd.substvars)"
+ dh_makeshlibs --remaining-packages
+endif
+
+ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
+override_dh_installdeb:
+ dh_installdeb
+ perl -w debian/dh_installscripts-common -p slapd
+endif
+
+override_dh_missing:
+ dh_missing --fail-missing
+
+override_dh_auto_clean:
+ dh_auto_clean
+ # Update translation templates for debconf
+ debconf-updatepo
+ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
+ # Remove our stripped schema from the upstream source area.
+ if [ -z "$(DFSG_NONFREE)" ]; then \
+ set -e; for s in debian/schema/*.schema debian/schema/*.ldif; do \
+ rm -f servers/slapd/schema/`basename $$s`; \
+ done; \
+ fi
+
+ # Clean the contrib directory
+ for mod in $(CONTRIB_MODULES); do \
+ dh_auto_clean -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod || exit $?; \
+ done
+endif
diff --git a/debian/schema/README b/debian/schema/README
new file mode 100644
index 0000000..e601c45
--- /dev/null
+++ b/debian/schema/README
@@ -0,0 +1,15 @@
+This directory contains stripped versions of schema files that the
+OpenLDAP distribution includes in servers/slapd/schema. The original
+versions as distributed upstream contain text from the RFCs embedded as
+comments, and that text is covered by the Internet Society license which
+does not meet the Debian Free Software Guidelines. (It doesn't permit
+creation and distribution of modified versions.) Accordingly, Debian
+cannot include the original versions of these files in Debian packages.
+
+Instead, in this directory are equivalent versions of those files with all
+of the text taken from IETF RFCs or Internet-Drafts removed and only the
+functional schema definition retained.
+
+Where possible, the schema files as distributed by the OpenLDAP project
+are retained. This is only done where RFC or Internet-Draft text is
+embedded in the schema file and covered by the Internet Society license.
diff --git a/debian/schema/collective.schema b/debian/schema/collective.schema
new file mode 100644
index 0000000..c3dc1a1
--- /dev/null
+++ b/debian/schema/collective.schema
@@ -0,0 +1,65 @@
+# collective.schema -- Collective attribute schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/collective.schema,v 1.12.2.2 2007/08/31 23:14:06 quanah Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 3671, at (among other
+# places): http://www.ietf.org/rfc/rfc3671.txt
+
+attributeType ( 2.5.4.7.1 NAME 'c-l'
+ SUP l COLLECTIVE )
+
+attributeType ( 2.5.4.8.1 NAME 'c-st'
+ SUP st COLLECTIVE )
+
+attributeType ( 2.5.4.9.1 NAME 'c-street'
+ SUP street COLLECTIVE )
+
+attributeType ( 2.5.4.10.1 NAME 'c-o'
+ SUP o COLLECTIVE )
+
+attributeType ( 2.5.4.11.1 NAME 'c-ou'
+ SUP ou COLLECTIVE )
+
+attributeType ( 2.5.4.16.1 NAME 'c-PostalAddress'
+ SUP postalAddress COLLECTIVE )
+
+attributeType ( 2.5.4.17.1 NAME 'c-PostalCode'
+ SUP postalCode COLLECTIVE )
+
+attributeType ( 2.5.4.18.1 NAME 'c-PostOfficeBox'
+ SUP postOfficeBox COLLECTIVE )
+
+attributeType ( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName'
+ SUP physicalDeliveryOfficeName COLLECTIVE )
+
+attributeType ( 2.5.4.20.1 NAME 'c-TelephoneNumber'
+ SUP telephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.21.1 NAME 'c-TelexNumber'
+ SUP telexNumber COLLECTIVE )
+
+attributeType ( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber'
+ SUP facsimileTelephoneNumber COLLECTIVE )
+
+attributeType ( 2.5.4.25.1 NAME 'c-InternationalISDNNumber'
+ SUP internationalISDNNumber COLLECTIVE )
+
diff --git a/debian/schema/compare-schema b/debian/schema/compare-schema
new file mode 100755
index 0000000..ce6b80c
--- /dev/null
+++ b/debian/schema/compare-schema
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# Compare the stripped versions of the schema with the unmodified versions
+# from the source as distributed upstream and find any non-comment changes
+# so that our stripped versions can be updated.
+#
+# Takes the directory containing our stripped schema and the directory
+# containing the upstream schema. Uses the first directory as a working
+# area.
+
+set -e
+
+ours="$1"
+theirs="$2"
+if [ -z "$ours" ] || [ -z "$theirs" ] ; then
+ echo 'Usage: compare-schema <debian-schema-dir> <openldap-schema-dir>' >&2
+ exit 1
+fi
+
+cd $ours
+for schema in *.schema *.ldif ; do
+ grep -v '^#' "$schema" | grep -v '^ *$' > "${schema}.debian"
+ grep -v '^#' "$theirs/$schema" | grep -v '^ *$' > "${schema}.upstream"
+ diff -u "${schema}.debian" "${schema}.upstream"
+ rm "${schema}.debian" "${schema}.upstream"
+done
diff --git a/debian/schema/corba.schema b/debian/schema/corba.schema
new file mode 100644
index 0000000..918e9df
--- /dev/null
+++ b/debian/schema/corba.schema
@@ -0,0 +1,61 @@
+# corba.schema -- Corba Object Schema
+# depends upon core.schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/corba.schema,v 1.4.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2714, at (among other
+# places): http://www.ietf.org/rfc/rfc2714.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.14
+ NAME 'corbaIor'
+ DESC 'Stringified interoperable object reference of a CORBA object'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.15
+ NAME 'corbaRepositoryId'
+ DESC 'Repository ids of interfaces implemented by a CORBA object'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.10
+ NAME 'corbaContainer'
+ DESC 'Container for a CORBA object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.9
+ NAME 'corbaObject'
+ DESC 'CORBA object representation'
+ SUP top
+ ABSTRACT
+ MAY ( corbaRepositoryId $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.11
+ NAME 'corbaObjectReference'
+ DESC 'CORBA interoperable object reference'
+ SUP corbaObject
+ AUXILIARY
+ MUST corbaIor )
diff --git a/debian/schema/core.ldif b/debian/schema/core.ldif
new file mode 100644
index 0000000..2cbfb87
--- /dev/null
+++ b/debian/schema/core.ldif
@@ -0,0 +1,603 @@
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2003).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+#
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+#
+#
+# Standard attribute types from RFC 2256
+#
+dn: cn=core,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: core
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+#
+olcAttributeTypes: ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+#
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+olcAttributeTypes: ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+#
+# Deprecated by enhancedSearchGuide
+olcAttributeTypes: ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+#
+olcAttributeTypes: ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+#
+olcAttributeTypes: ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+#
+olcAttributeTypes: ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+#
+olcAttributeTypes: ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+#
+olcAttributeTypes: ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+#
+olcAttributeTypes: ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+#
+olcAttributeTypes: ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+#
+olcAttributeTypes: ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+#
+olcAttributeTypes: ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+#
+olcAttributeTypes: ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+#
+olcAttributeTypes: ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+#
+olcAttributeTypes: ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+#
+olcAttributeTypes: ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+#
+olcAttributeTypes: ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+#
+# system schema
+#olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+olcAttributeTypes: ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+# Must be stored and requested in the binary form
+olcAttributeTypes: ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+#
+# 2.5.4.41 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+olcAttributeTypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+#
+olcAttributeTypes: ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+#
+olcAttributeTypes: ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+#
+olcAttributeTypes: ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+#
+# 2.5.4.49 is defined above as it's used for subtyping
+#olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+#
+olcAttributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+#
+olcAttributeTypes: ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+#
+# Must be transferred using ;binary
+olcAttributeTypes: ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+#
+olcAttributeTypes: ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+#
+olcAttributeTypes: ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+#
+# Standard object classes from RFC2256
+#
+# system schema
+#olcObjectClasses: ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+#
+olcObjectClasses: ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+#
+olcObjectClasses: ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+#
+olcObjectClasses: ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+#
+olcObjectClasses: ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+#
+olcObjectClasses: ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+#
+olcObjectClasses: ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+#
+olcObjectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+#
+olcObjectClasses: ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+#
+olcObjectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+#
+olcObjectClasses: ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+#
+olcObjectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+#
+olcObjectClasses: ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+#
+#
+# Object Classes from RFC 2587
+#
+olcObjectClasses: ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+#
+olcObjectClasses: ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+#
+olcObjectClasses: ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC4523: X.509 delta CRL'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+#
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+olcObjectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ MAY ( labeledURI )
+ SUP top AUXILIARY )
+#
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#olcAttributeTypes: ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+#
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+#
+olcObjectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+#
+# RFC 1274 + RFC 2247
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+#
+# RFC 2247
+olcObjectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+#
+# RFC 2377
+olcObjectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+#
+# From COSINE Pilot
+olcAttributeTypes: ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+#
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+olcAttributeTypes: ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+#
diff --git a/debian/schema/core.schema b/debian/schema/core.schema
new file mode 100644
index 0000000..dcc04e9
--- /dev/null
+++ b/debian/schema/core.schema
@@ -0,0 +1,622 @@
+# OpenLDAP Core schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# RFC 2252/2256 (LDAPv3)
+#
+# Select standard track schema items:
+# RFC 1274 (uid/dc)
+# RFC 2079 (URI)
+# RFC 2247 (dc/dcObject)
+# RFC 2587 (PKI)
+# RFC 2589 (Dynamic Directory Services)
+# RFC 4524 (associatedDomain)
+#
+# Select informational schema items:
+# RFC 2377 (uidObject)
+
+#
+# Standard attribute types from RFC 2256
+#
+
+# system schema
+#attributetype ( 2.5.4.0 NAME 'objectClass'
+# DESC 'RFC2256: object classes of the entity'
+# EQUALITY objectIdentifierMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# system schema
+#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+# DESC 'RFC2256: name of aliased object'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+ DESC 'RFC2256: knowledge information'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# system schema
+#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+# DESC 'RFC2256: common name(s) for which the entity is known by'
+# SUP name )
+
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+ DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+ DESC 'RFC2256: serial number of the entity'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# RFC 4519 definition ('countryName' in X.500 and RFC2256)
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+ DESC 'RFC4519: two-letter ISO-3166 country code'
+ SUP name
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+ SINGLE-VALUE )
+
+#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+# DESC 'RFC2256: ISO-3166 country 2-letter code'
+# SUP name SINGLE-VALUE )
+
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+ DESC 'RFC2256: locality which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+ DESC 'RFC2256: state or province which this object resides in'
+ SUP name )
+
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+ DESC 'RFC2256: street address of this object'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+ DESC 'RFC2256: organization this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+ DESC 'RFC2256: organizational unit this object belongs to'
+ SUP name )
+
+attributetype ( 2.5.4.12 NAME 'title'
+ DESC 'RFC2256: title associated with the entity'
+ SUP name )
+
+# system schema
+#attributetype ( 2.5.4.13 NAME 'description'
+# DESC 'RFC2256: descriptive information'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Deprecated by enhancedSearchGuide
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+ DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+ DESC 'RFC2256: business category'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+ DESC 'RFC2256: postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.17 NAME 'postalCode'
+ DESC 'RFC2256: postal code'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+ DESC 'RFC2256: Post Office Box'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+ DESC 'RFC2256: Physical Delivery Office Name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+ DESC 'RFC2256: Telephone Number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+ DESC 'RFC2256: Telex Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+ DESC 'RFC2256: Teletex Terminal Identifier'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+ DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attributetype ( 2.5.4.24 NAME 'x121Address'
+ DESC 'RFC2256: X.121 Address'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+ DESC 'RFC2256: international ISDN number'
+ EQUALITY numericStringMatch
+ SUBSTR numericStringSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+ DESC 'RFC2256: registered postal address'
+ SUP postalAddress
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+ DESC 'RFC2256: destination indicator'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+ DESC 'RFC2256: preferred delivery method'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+ DESC 'RFC2256: presentation address'
+ EQUALITY presentationAddressMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+ SINGLE-VALUE )
+
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+ DESC 'RFC2256: supported application context'
+ EQUALITY objectIdentifierMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attributetype ( 2.5.4.31 NAME 'member'
+ DESC 'RFC2256: member of a group'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.32 NAME 'owner'
+ DESC 'RFC2256: owner (of the object)'
+ SUP distinguishedName )
+
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+ DESC 'RFC2256: occupant of role'
+ SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.34 NAME 'seeAlso'
+# DESC 'RFC2256: DN of related object'
+# SUP distinguishedName )
+
+# system schema
+#attributetype ( 2.5.4.35 NAME 'userPassword'
+# DESC 'RFC2256/2307: password of user'
+# EQUALITY octetStringMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+ DESC 'RFC2256: X.509 user certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+# with certificateExactMatch rule (per X.509)
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+ DESC 'RFC2256: X.509 CA certificate, use ;binary'
+ EQUALITY certificateExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+ DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+ DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# Must be stored and requested in the binary form
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+ DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# system schema
+#attributetype ( 2.5.4.41 NAME 'name'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+ DESC 'RFC2256: first name(s) for which the entity is known by'
+ SUP name )
+
+attributetype ( 2.5.4.43 NAME 'initials'
+ DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+ SUP name )
+
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+ DESC 'RFC2256: name qualifier indicating a generation'
+ SUP name )
+
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+ DESC 'RFC2256: X.500 unique identifier'
+ EQUALITY bitStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+ DESC 'RFC2256: DN qualifier'
+ EQUALITY caseIgnoreMatch
+ ORDERING caseIgnoreOrderingMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+ DESC 'RFC2256: enhanced search guide'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+ DESC 'RFC2256: protocol information'
+ EQUALITY protocolInformationMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# system schema
+#attributetype ( 2.5.4.49 NAME 'distinguishedName'
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+ DESC 'RFC2256: unique member of a group'
+ EQUALITY uniqueMemberMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+ DESC 'RFC2256: house identifier'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+ DESC 'RFC2256: supported algorithms'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# Must be transferred using ;binary
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+ DESC 'RFC2256: delta revocation list; use ;binary'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attributetype ( 2.5.4.54 NAME 'dmdName'
+ DESC 'RFC2256: name of DMD'
+ SUP name )
+
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+ DESC 'X.520(4th): pseudonym for the object'
+ SUP name )
+
+# Standard object classes from RFC2256
+
+# system schema
+#objectclass ( 2.5.6.0 NAME 'top'
+# DESC 'RFC2256: top of the superclass chain'
+# ABSTRACT
+# MUST objectClass )
+
+# system schema
+#objectclass ( 2.5.6.1 NAME 'alias'
+# DESC 'RFC2256: an alias'
+# SUP top STRUCTURAL
+# MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( member $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+ DESC 'RFC2256: an residential person'
+ SUP person STRUCTURAL
+ MUST l
+ MAY ( businessCategory $ x121Address $ registeredAddress $
+ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+objectclass ( 2.5.6.13 NAME 'dSA'
+ DESC 'RFC2256: a directory system agent (a server)'
+ SUP applicationEntity STRUCTURAL
+ MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device'
+ DESC 'RFC2256: a device'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+ DESC 'RFC2256: a strong authentication user'
+ SUP top AUXILIARY
+ MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+ DESC 'RFC2256: a user security information'
+ SUP top AUXILIARY
+ MAY ( supportedAlgorithms ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+
+objectclass ( 2.5.6.20 NAME 'dmd'
+ SUP top STRUCTURAL
+ MUST ( dmdName )
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ street $ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ st $ l $ description ) )
+
+#
+# Object Classes from RFC 2587
+#
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC4523: X.509 delta CRL'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+#
+# Standard Track URI label schema from RFC 2079
+# system schema
+#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+# DESC 'RFC2079: Uniform Resource Identifier with optional label'
+# EQUALITY caseExactMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ SUP top AUXILIARY
+ MAY ( labeledURI ) )
+
+#
+# Derived from RFC 1274, but with new "short names"
+#
+#attributetype ( 0.9.2342.19200300.100.1.1
+# NAME ( 'uid' 'userid' )
+# DESC 'RFC1274: user identifier'
+# EQUALITY caseIgnoreMatch
+# SUBSTR caseIgnoreSubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.3
+ NAME ( 'mail' 'rfc822Mailbox' )
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+# RFC 1274 + RFC 2247
+attributetype ( 0.9.2342.19200300.100.1.25
+ NAME ( 'dc' 'domainComponent' )
+ DESC 'RFC1274/2247: domain component'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# RFC 2247
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+
+# RFC 2377
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+
+# RFC 4524
+# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
+# host names [RFC1123] that are associated with an object. That is,
+# values of this attribute should conform to the following ABNF:
+#
+# domain = root / label *( DOT label )
+# root = SPACE
+# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
+# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
+# SPACE = %x20 ; space (" ")
+# HYPHEN = %x2D ; hyphen ("-")
+# DOT = %x2E ; period (".")
+attributetype ( 0.9.2342.19200300.100.1.37
+ NAME 'associatedDomain'
+ DESC 'RFC1274: domain associated with object'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
+attributetype ( 1.2.840.113549.1.9.1
+ NAME ( 'email' 'emailAddress' 'pkcs9email' )
+ DESC 'RFC3280: legacy attribute for email addresses in DNs'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
diff --git a/debian/schema/cosine.schema b/debian/schema/cosine.schema
new file mode 100644
index 0000000..024d859
--- /dev/null
+++ b/debian/schema/cosine.schema
@@ -0,0 +1,404 @@
+# RFC1274: Cosine and Internet X.500 schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.19.2.5 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# RFC1274: Cosine and Internet X.500 schema
+#
+# This file contains LDAPv3 schema derived from X.500 COSINE "pilot"
+# schema. As this schema was defined for X.500(89), some
+# oddities were introduced in the mapping to LDAPv3. The
+# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt
+# (a work in progress)
+#
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274. However, this document attempts to describes
+# RFC1274 as published.
+#
+# Depends on core.schema
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 1274, at (among other
+# places): http://www.ietf.org/rfc/rfc1274.txt
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+## EQUALITY caseIgnoreMatch
+## SUBSTR caseIgnoreSubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+#(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+ DESC 'RFC1274: general information'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
+
+attributetype ( 0.9.2342.19200300.100.1.5
+ NAME ( 'drink' 'favouriteDrink' )
+ DESC 'RFC1274: favorite drink'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+ DESC 'RFC1274: room number'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+ DESC 'RFC1274: photo (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+ DESC 'RFC1274: category of user'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+ DESC 'RFC1274: host computer'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+ DESC 'RFC1274: DN of manager'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+ DESC 'RFC1274: unique identifier of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+ DESC 'RFC1274: title of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+ DESC 'RFC1274: version of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+ DESC 'RFC1274: DN of author of document'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+ DESC 'RFC1274: location of document original'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.20
+ NAME ( 'homePhone' 'homeTelephoneNumber' )
+ DESC 'RFC1274: home telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+ DESC 'RFC1274: DN of secretary'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )
+
+## Deprecated in favor of modifyTimeStamp
+#attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+# DESC 'RFC1274: time of last modify, replaced by modifyTimestamp'
+# OBSOLETE
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
+# USAGE directoryOperation )
+
+## Deprecated in favor of modifiersName
+#attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+# DESC 'RFC1274: last modifier, replaced by modifiersName'
+# OBSOLETE
+# EQUALITY distinguishedNameMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+# USAGE directoryOperation )
+
+##(in core.schema)
+##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+## EQUALITY caseIgnoreIA5Match
+## SUBSTR caseIgnoreIA5SubstringsMatch
+## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## missing from RFC1274
+## incorrect syntax?
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+## incorrect syntax!!
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+# EQUALITY caseIgnoreIA5Match
+# SUBSTR caseIgnoreIA5SubstringsMatch
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+ DESC 'RFC1274: DN of entry associated with domain'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+ DESC 'RFC1274: home postal address'
+ EQUALITY caseIgnoreListMatch
+ SUBSTR caseIgnoreListSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+ DESC 'RFC1274: personal title'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.41
+ NAME ( 'mobile' 'mobileTelephoneNumber' )
+ DESC 'RFC1274: mobile telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.42
+ NAME ( 'pager' 'pagerTelephoneNumber' )
+ DESC 'RFC1274: pager telephone number'
+ EQUALITY telephoneNumberMatch
+ SUBSTR telephoneNumberSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attributetype ( 0.9.2342.19200300.100.1.43
+ NAME ( 'co' 'friendlyCountryName' )
+ DESC 'RFC1274: friendly country name'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+ DESC 'RFC1274: unique identifer'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+ DESC 'RFC1274: organizational status'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+ DESC 'RFC1274: Janet mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.47
+ NAME 'mailPreferenceOption'
+ DESC 'RFC1274: mail preference option'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+ DESC 'RFC1274: name of building'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+ DESC 'RFC1274: DSA Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+ DESC 'RFC1274: Single Level Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+ DESC 'RFC1274: Subtree Minimum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+ DESC 'RFC1274: Subtree Maximum Quality'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )
+
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+ DESC 'RFC1274: Personal Signature (G3 fax)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )
+
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+ DESC 'RFC1274: DIT Redirect'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+ DESC 'RFC1274: audio (u-law)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
+
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+ DESC 'RFC1274: publisher of document'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject'
+# DESC 'RFC1274: pilot object'
+# SUP top AUXILIARY
+# MAY ( info $ photo $ manager $ uniqueIdentifier $
+# lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio )
+# )
+
+objectclass ( 0.9.2342.19200300.100.4.4
+ NAME ( 'pilotPerson' 'newPilotPerson' )
+ SUP person STRUCTURAL
+ MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $
+ favouriteDrink $ roomNumber $ userClass $
+ homeTelephoneNumber $ homePostalAddress $ secretary $
+ personalTitle $ preferredDeliveryMethod $ businessCategory $
+ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
+ pagerTelephoneNumber $ organizationalStatus $
+ mailPreferenceOption $ personalSignature )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+ SUP top STRUCTURAL
+ MUST userid
+ MAY ( description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $ host )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+ SUP top STRUCTURAL
+ MUST documentIdentifier
+ MAY ( commonName $ description $ seeAlso $ localityName $
+ organizationName $ organizationalUnitName $
+ documentTitle $ documentVersion $ documentAuthor $
+ documentLocation $ documentPublisher )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( description $ seeAlso $ telephonenumber $
+ localityName $ organizationName $ organizationalUnitName )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+ MUST domainComponent
+ MAY ( associatedName $ organizationName $ description $
+ businessCategory $ seeAlso $ searchGuide $ userPassword $
+ localityName $ stateOrProvinceName $ streetAddress $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+ SUP domain STRUCTURAL
+ MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $
+ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+ SUP domain STRUCTURAL
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+ SUP country STRUCTURAL
+ MUST friendlyCountryName )
+
+## (in core.schema)
+## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+## SUP top AUXILIARY
+## MUST userPassword )
+
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+ SUP ( organization $ organizationalUnit ) STRUCTURAL
+ MAY buildingName )
+
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+ SUP dsa STRUCTURAL
+ MAY dSAQuality )
+
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+ SUP top AUXILIARY
+ MUST dsaQuality
+ MAY ( subtreeMinimumQuality $ subtreeMaximumQuality )
+ )
diff --git a/debian/schema/duaconf.schema b/debian/schema/duaconf.schema
new file mode 100644
index 0000000..8c1683f
--- /dev/null
+++ b/debian/schema/duaconf.schema
@@ -0,0 +1,153 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# DUA schema from draft-joslin-config-schema (a work in progress)
+
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
+## Notes:
+## - The matching rule for attributes followReferrals and dereferenceAliases
+## has been changed to booleanMatch since their syntax is boolean
+## - There was a typo in the name of the dereferenceAliases attributeType
+## in the DUAConfigProfile objectClass definition
+## - Credit goes to the original Authors
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the text
+# of the Internet-Draft.
+#
+# For an explanation of this schema, see
+# draft-joslin-config-schema-07.txt.
+
+objectidentifier DUAConfSchemaOID 1.3.6.1.4.1.11.1.3.1
+
+attributeType ( DUAConfSchemaOID:1.0 NAME 'defaultServerList'
+ DESC 'Default LDAP server host address used by a DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.1 NAME 'defaultSearchBase'
+ DESC 'Default LDAP base DN used by a DUA'
+ EQUALITY distinguishedNameMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.2 NAME 'preferredServerList'
+ DESC 'Preferred LDAP server host addresses to be used by a
+ DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.3 NAME 'searchTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for a
+ search to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.4 NAME 'bindTimeLimit'
+ DESC 'Maximum time in seconds a DUA should allow for the
+ bind operation to complete'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.5 NAME 'followReferrals'
+ DESC 'Tells DUA if it should follow referrals
+ returned by a DSA search result'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.16 NAME 'dereferenceAliases'
+ DESC 'Tells DUA if it should dereference aliases'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.6 NAME 'authenticationMethod'
+ DESC 'A keystring which identifies the type of
+ authentication method used to contact the DSA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.7 NAME 'profileTTL'
+ DESC 'Time to live, in seconds, before a client DUA
+ should re-read this configuration profile'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.14 NAME 'serviceSearchDescriptor'
+ DESC 'LDAP search descriptor list used by a DUA'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( DUAConfSchemaOID:1.9 NAME 'attributeMap'
+ DESC 'Attribute mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.10 NAME 'credentialLevel'
+ DESC 'Identifies type of credentials a DUA should
+ use when binding to the LDAP server'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.11 NAME 'objectclassMap'
+ DESC 'Objectclass mappings used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.12 NAME 'defaultSearchScope'
+ DESC 'Default search scope used by a DUA'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ SINGLE-VALUE )
+
+attributeType ( DUAConfSchemaOID:1.13 NAME 'serviceCredentialLevel'
+ DESC 'Identifies type of credentials a DUA
+ should use when binding to the LDAP server for a
+ specific service'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( DUAConfSchemaOID:1.15 NAME 'serviceAuthenticationMethod'
+ DESC 'Authentication method used by a service of the DUA'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectClass ( DUAConfSchemaOID:2.5 NAME 'DUAConfigProfile'
+ SUP top STRUCTURAL
+ DESC 'Abstraction of a base configuration for a DUA'
+ MUST ( cn )
+ MAY ( defaultServerList $ preferredServerList $
+ defaultSearchBase $ defaultSearchScope $
+ searchTimeLimit $ bindTimeLimit $
+ credentialLevel $ authenticationMethod $
+ followReferrals $ dereferenceAliases $
+ serviceSearchDescriptor $ serviceCredentialLevel $
+ serviceAuthenticationMethod $ objectclassMap $
+ attributeMap $ profileTTL ) )
diff --git a/debian/schema/inetorgperson.schema b/debian/schema/inetorgperson.schema
new file mode 100644
index 0000000..34c3bf8
--- /dev/null
+++ b/debian/schema/inetorgperson.schema
@@ -0,0 +1,113 @@
+# inetorgperson.schema -- InetOrgPerson (RFC2798)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# InetOrgPerson (RFC2798)
+#
+# Depends upon
+# Definition of an X.500 Attribute Type and an Object Class to Hold
+# Uniform Resource Identifiers (URIs) [RFC2079]
+# (core.schema)
+#
+# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
+# (core.schema)
+#
+# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2798, at (among other
+# places): http://www.ietf.org/rfc/rfc2798.txt
+
+attributetype ( 2.16.840.1.113730.3.1.1
+ NAME 'carLicense'
+ DESC 'RFC2798: vehicle license or registration plate'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.2
+ NAME 'departmentNumber'
+ DESC 'RFC2798: identifies a department within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 2.16.840.1.113730.3.1.241
+ NAME 'displayName'
+ DESC 'RFC2798: preferred name to be used when displaying entries'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.3
+ NAME 'employeeNumber'
+ DESC 'RFC2798: numerically identifies an employee within an organization'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113730.3.1.4
+ NAME 'employeeType'
+ DESC 'RFC2798: type of employment for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 0.9.2342.19200300.100.1.60
+ NAME 'jpegPhoto'
+ DESC 'RFC2798: a JPEG image'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
+
+attributetype ( 2.16.840.1.113730.3.1.39
+ NAME 'preferredLanguage'
+ DESC 'RFC2798: preferred written or spoken language for a person'
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.40
+ NAME 'userSMIMECertificate'
+ DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
+attributetype ( 2.16.840.1.113730.3.1.216
+ NAME 'userPKCS12'
+ DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
+
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 )
+ )
diff --git a/debian/schema/java.schema b/debian/schema/java.schema
new file mode 100644
index 0000000..24c1f1b
--- /dev/null
+++ b/debian/schema/java.schema
@@ -0,0 +1,109 @@
+# java.schema -- Java Object Schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/java.schema,v 1.5.2.3 2007/01/02 21:44:09 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+# Java Object Schema (defined in RFC 2713)
+# depends upon core.schema
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF RFC explaining the schema. Unfortunately,
+# that text is covered by a license that doesn't meet Debian's Free
+# Software Guidelines. This is a stripped version of the schema that
+# contains only the functional schema definition, not the text of the
+# RFC.
+#
+# For an explanation of this schema, see RFC 2713, at (among other
+# places): http://www.ietf.org/rfc/rfc2713.txt
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
+ NAME 'javaClassName'
+ DESC 'Fully qualified name of distinguished Java class or interface'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.7
+ NAME 'javaCodebase'
+ DESC 'URL(s) specifying the location of class definition'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.13
+ NAME 'javaClassNames'
+ DESC 'Fully qualified Java class or interface name'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.8
+ NAME 'javaSerializedData'
+ DESC 'Serialized form of a Java object'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.10
+ NAME 'javaFactory'
+ DESC 'Fully qualified Java class name of a JNDI object factory'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.11
+ NAME 'javaReferenceAddress'
+ DESC 'Addresses associated with a JNDI Reference'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.42.2.27.4.1.12
+ NAME 'javaDoc'
+ DESC 'The Java documentation for the class'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
+ NAME 'javaContainer'
+ DESC 'Container for a Java object'
+ SUP top
+ STRUCTURAL
+ MUST cn )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.4
+ NAME 'javaObject'
+ DESC 'Java object representation'
+ SUP top
+ ABSTRACT
+ MUST javaClassName
+ MAY ( javaClassNames $ javaCodebase $
+ javaDoc $ description ) )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.5
+ NAME 'javaSerializedObject'
+ DESC 'Java serialized object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.8
+ NAME 'javaMarshalledObject'
+ DESC 'Java marshalled object'
+ SUP javaObject
+ AUXILIARY
+ MUST javaSerializedData )
+
+objectclass ( 1.3.6.1.4.1.42.2.27.4.2.7
+ NAME 'javaNamingReference'
+ DESC 'JNDI reference'
+ SUP javaObject
+ AUXILIARY
+ MAY ( javaReferenceAddress $ javaFactory ) )
diff --git a/debian/schema/namedobject.schema b/debian/schema/namedobject.schema
new file mode 100644
index 0000000..d5b5d48
--- /dev/null
+++ b/debian/schema/namedobject.schema
@@ -0,0 +1,42 @@
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2021 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text from an IETF Internet-Draft explaining the schema.
+# Unfortunately, that text is covered by a license that doesn't meet
+# Debian's Free Software Guidelines. This is a stripped version of the
+# schema that contains only the functional schema definition, not the
+# text of the Internet-Draft.
+
+##
+## Definitions from draft Structural Object Classes for Named Objects
+## https://tools.ietf.org/html/draft-stroeder-namedobject
+##
+## Portions Copyright (c) 2013 IETF Trust and the persons identified
+## as the document authors. All rights reserved.
+#
+# Depends upon core.schema and cosine.schema
+
+objectclass ( 1.3.6.1.4.1.5427.1.389.6.20
+ NAME 'namedObject'
+ SUP top
+ STRUCTURAL
+ MUST ( cn )
+ MAY ( uniqueIdentifier $ description ) )
+
+objectclass ( 1.3.6.1.4.1.5427.1.389.6.21
+ NAME 'namedPolicy'
+ SUP namedObject
+ STRUCTURAL )
+
diff --git a/debian/schema/pmi.schema b/debian/schema/pmi.schema
new file mode 100644
index 0000000..6b0fe73
--- /dev/null
+++ b/debian/schema/pmi.schema
@@ -0,0 +1,476 @@
+# OpenLDAP X.509 PMI schema
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2014 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+
+# The version of this file as distributed by the OpenLDAP Foundation
+# contains text claiming copyright by the Internet Society and including
+# the IETF RFC license, which does not meet Debian's Free Software
+# Guidelines. However, apart from short and obvious comments, the text of
+# this file is purely a functional interface specification, which is not
+# subject to that license and is not copyrightable under US law.
+#
+# The license statement is retained below so as not to remove credit, but
+# as best as we can determine, it is not applicable to the contents of
+# this file.
+
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works. However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be
+## followed, or as required to translate it into languages other than
+## English.
+##
+## The limited permissions granted above are perpetual and will not be
+## revoked by the Internet Society or its successors or assigns.
+##
+## This document and the information contained herein is provided on an
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# ITU X.509 (08/2005)
+#
+## X.509 (08/2005) pp. 120-121
+##
+## -- object identifier assignments --
+## -- object classes --
+## id-oc-pmiUser OBJECT IDENTIFIER ::= {id-oc 24}
+## id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25}
+## id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26}
+## id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27}
+## id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32}
+## id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33}
+## id-oc-protectedPrivilegePolicy OBJECT IDENTIFIER ::= {id-oc 34}
+## -- directory attributes --
+## id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
+## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+## id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61}
+## id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62}
+## id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63}
+## id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71}
+## id-at-role OBJECT IDENTIFIER ::= {id-at 72}
+## id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73}
+## id-at-protPrivPolicy OBJECT IDENTIFIER ::= {id-at 74}
+## id-at-xMLPrivilegeInfo OBJECT IDENTIFIER ::= {id-at 75}
+## id-at-xMLPprotPrivPolicy OBJECT IDENTIFIER ::= {id-at 76}
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+## id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
+## id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45}
+## id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46}
+## id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53}
+## id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54}
+## id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55}
+## id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56}
+## id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57}
+## id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58}
+## id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59}
+## id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61}
+## id-mr-sOAIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 66}
+## id-mr-indirectIssuerMatch OBJECT IDENTIFIER ::= {id-mr 67}
+##
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+## role ATTRIBUTE ::= {
+## WITH SYNTAX RoleSyntax
+## ID id-at-role }
+## RoleSyntax ::= SEQUENCE {
+## roleAuthority [0] GeneralNames OPTIONAL,
+## roleName [1] GeneralName }
+##
+## 14.5 XML privilege information attribute
+## xmlPrivilegeInfo ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege information
+## ID id-at-xMLPrivilegeInfo }
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## pmiUser OBJECT-CLASS ::= {
+## -- a PMI user (i.e., a "holder")
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateAttribute}
+## ID id-oc-pmiUser }
+##
+## 17.1.2 PMI AA object class
+## pmiAA OBJECT-CLASS ::= {
+## -- a PMI AA
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {aACertificate |
+## attributeCertificateRevocationList |
+## attributeAuthorityRevocationList}
+## ID id-oc-pmiAA }
+##
+## 17.1.3 PMI SOA object class
+## pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {attributeCertificateRevocationList |
+## attributeAuthorityRevocationList |
+## attributeDescriptorCertificate}
+## ID id-oc-pmiSOA }
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+## attCertCRLDistributionPt OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { attributeCertificateRevocationList |
+## attributeAuthorityRevocationList }
+## ID id-oc-attCertCRLDistributionPts }
+##
+## 17.1.5 PMI delegation path
+## pmiDelegationPath OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN { delegationPath }
+## ID id-oc-pmiDelegationPath }
+##
+## 17.1.6 Privilege policy object class
+## privilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {privPolicy }
+## ID id-oc-privilegePolicy }
+##
+## 17.1.7 Protected privilege policy object class
+## protectedPrivilegePolicy OBJECT-CLASS ::= {
+## SUBCLASS OF {top}
+## KIND auxiliary
+## MAY CONTAIN {protPrivPolicy }
+## ID id-oc-protectedPrivilegePolicy }
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+## attributeCertificateAttribute ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeCertificate }
+##
+## 17.2.2 AA certificate attribute
+## aACertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-aACertificate }
+##
+## 17.2.3 Attribute descriptor certificate attribute
+## attributeDescriptorCertificate ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-attributeDescriptorCertificate }
+##
+## 17.2.4 Attribute certificate revocation list attribute
+## attributeCertificateRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeCertificateRevocationList}
+##
+## 17.2.5 AA certificate revocation list attribute
+## attributeAuthorityRevocationList ATTRIBUTE ::= {
+## WITH SYNTAX CertificateList
+## EQUALITY MATCHING RULE certificateListExactMatch
+## ID id-at-attributeAuthorityRevocationList }
+##
+## 17.2.6 Delegation path attribute
+## delegationPath ATTRIBUTE ::= {
+## WITH SYNTAX AttCertPath
+## ID id-at-delegationPath }
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+## privPolicy ATTRIBUTE ::= {
+## WITH SYNTAX PolicySyntax
+## ID id-at-privPolicy }
+##
+## 17.2.8 Protected privilege policy attribute
+## protPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX AttributeCertificate
+## EQUALITY MATCHING RULE attributeCertificateExactMatch
+## ID id-at-protPrivPolicy }
+##
+## 17.2.9 XML Protected privilege policy attribute
+## xmlPrivPolicy ATTRIBUTE ::= {
+## WITH SYNTAX UTF8String -- contains XML-encoded privilege policy information
+## ID id-at-xMLPprotPrivPolicy }
+##
+
+## -- object identifier assignments --
+## -- object classes --
+objectidentifier id-oc-pmiUser 2.5.6.24
+objectidentifier id-oc-pmiAA 2.5.6.25
+objectidentifier id-oc-pmiSOA 2.5.6.26
+objectidentifier id-oc-attCertCRLDistributionPts 2.5.6.27
+objectidentifier id-oc-privilegePolicy 2.5.6.32
+objectidentifier id-oc-pmiDelegationPath 2.5.6.33
+objectidentifier id-oc-protectedPrivilegePolicy 2.5.6.34
+## -- directory attributes --
+objectidentifier id-at-attributeCertificate 2.5.4.58
+objectidentifier id-at-attributeCertificateRevocationList 2.5.4.59
+objectidentifier id-at-aACertificate 2.5.4.61
+objectidentifier id-at-attributeDescriptorCertificate 2.5.4.62
+objectidentifier id-at-attributeAuthorityRevocationList 2.5.4.63
+objectidentifier id-at-privPolicy 2.5.4.71
+objectidentifier id-at-role 2.5.4.72
+objectidentifier id-at-delegationPath 2.5.4.73
+objectidentifier id-at-protPrivPolicy 2.5.4.74
+objectidentifier id-at-xMLPrivilegeInfo 2.5.4.75
+objectidentifier id-at-xMLPprotPrivPolicy 2.5.4.76
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+objectidentifier id-mr 2.5.13
+objectidentifier id-mr-attributeCertificateMatch id-mr:42
+objectidentifier id-mr-attributeCertificateExactMatch id-mr:45
+objectidentifier id-mr-holderIssuerMatch id-mr:46
+objectidentifier id-mr-authAttIdMatch id-mr:53
+objectidentifier id-mr-roleSpecCertIdMatch id-mr:54
+objectidentifier id-mr-basicAttConstraintsMatch id-mr:55
+objectidentifier id-mr-delegatedNameConstraintsMatch id-mr:56
+objectidentifier id-mr-timeSpecMatch id-mr:57
+objectidentifier id-mr-attDescriptorMatch id-mr:58
+objectidentifier id-mr-acceptableCertPoliciesMatch id-mr:59
+objectidentifier id-mr-delegationPathMatch id-mr:61
+objectidentifier id-mr-sOAIdentifierMatch id-mr:66
+objectidentifier id-mr-indirectIssuerMatch id-mr:67
+## -- syntaxes --
+## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
+## to this work in progress
+objectidentifier AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
+objectidentifier CertificateList 1.3.6.1.4.1.1466.115.121.1.9
+objectidentifier AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
+objectidentifier PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
+objectidentifier RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
+# NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
+#objectidentifier AttributeCertificate 1.2.826.0.1.3344810.7.5
+#objectidentifier AttCertPath 1.2.826.0.1.3344810.7.10
+#objectidentifier PolicySyntax 1.2.826.0.1.3344810.7.17
+#objectidentifier RoleSyntax 1.2.826.0.1.3344810.7.13
+##
+## Substitute syntaxes
+##
+## AttCertPath
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
+ NAME 'AttCertPath'
+ DESC 'X.509 PMI attribute certificate path: SEQUENCE OF AttributeCertificate'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## PolicySyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
+ NAME 'PolicySyntax'
+ DESC 'X.509 PMI policy syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## RoleSyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
+ NAME 'RoleSyntax'
+ DESC 'X.509 PMI role syntax'
+ X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+attributeType ( id-at-role
+ NAME 'role'
+ DESC 'X.509 Role attribute, use ;binary'
+ SYNTAX RoleSyntax )
+##
+## 14.5 XML privilege information attribute
+## -- contains XML-encoded privilege information
+attributeType ( id-at-xMLPrivilegeInfo
+ NAME 'xmlPrivilegeInfo'
+ DESC 'X.509 XML privilege information attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.2 PMI Directory attributes
+##
+## 17.2.1 Attribute certificate attribute
+attributeType ( id-at-attributeCertificate
+ NAME 'attributeCertificateAttribute'
+ DESC 'X.509 Attribute certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.2 AA certificate attribute
+attributeType ( id-at-aACertificate
+ NAME 'aACertificate'
+ DESC 'X.509 AA certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.3 Attribute descriptor certificate attribute
+attributeType ( id-at-attributeDescriptorCertificate
+ NAME 'attributeDescriptorCertificate'
+ DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.4 Attribute certificate revocation list attribute
+attributeType ( id-at-attributeCertificateRevocationList
+ NAME 'attributeCertificateRevocationList'
+ DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.5 AA certificate revocation list attribute
+attributeType ( id-at-attributeAuthorityRevocationList
+ NAME 'attributeAuthorityRevocationList'
+ DESC 'X.509 AA certificate revocation list attribute, use ;binary'
+ SYNTAX CertificateList
+ X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+##
+## 17.2.6 Delegation path attribute
+attributeType ( id-at-delegationPath
+ NAME 'delegationPath'
+ DESC 'X.509 Delegation path attribute, use ;binary'
+ SYNTAX AttCertPath )
+## AttCertPath ::= SEQUENCE OF AttributeCertificate
+##
+## 17.2.7 Privilege policy attribute
+attributeType ( id-at-privPolicy
+ NAME 'privPolicy'
+ DESC 'X.509 Privilege policy attribute, use ;binary'
+ SYNTAX PolicySyntax )
+##
+## 17.2.8 Protected privilege policy attribute
+attributeType ( id-at-protPrivPolicy
+ NAME 'protPrivPolicy'
+ DESC 'X.509 Protected privilege policy attribute, use ;binary'
+ SYNTAX AttributeCertificate
+ EQUALITY attributeCertificateExactMatch )
+##
+## 17.2.9 XML Protected privilege policy attribute
+## -- contains XML-encoded privilege policy information
+attributeType ( id-at-xMLPprotPrivPolicy
+ NAME 'xmlPrivPolicy'
+ DESC 'X.509 XML Protected privilege policy attribute'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.1 PMI directory object classes
+##
+## 17.1.1 PMI user object class
+## -- a PMI user (i.e., a "holder")
+objectClass ( id-oc-pmiUser
+ NAME 'pmiUser'
+ DESC 'X.509 PMI user object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateAttribute ) )
+##
+## 17.1.2 PMI AA object class
+## -- a PMI AA
+objectClass ( id-oc-pmiAA
+ NAME 'pmiAA'
+ DESC 'X.509 PMI AA object class'
+ SUP top
+ AUXILIARY
+ MAY ( aACertificate $
+ attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.3 PMI SOA object class
+## -- a PMI Source of Authority
+objectClass ( id-oc-pmiSOA
+ NAME 'pmiSOA'
+ DESC 'X.509 PMI SOA object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList $
+ attributeDescriptorCertificate
+ ) )
+##
+## 17.1.4 Attribute certificate CRL distribution point object class
+objectClass ( id-oc-attCertCRLDistributionPts
+ NAME 'attCertCRLDistributionPt'
+ DESC 'X.509 Attribute certificate CRL distribution point object class'
+ SUP top
+ AUXILIARY
+ MAY ( attributeCertificateRevocationList $
+ attributeAuthorityRevocationList
+ ) )
+##
+## 17.1.5 PMI delegation path
+objectClass ( id-oc-pmiDelegationPath
+ NAME 'pmiDelegationPath'
+ DESC 'X.509 PMI delegation path'
+ SUP top
+ AUXILIARY
+ MAY ( delegationPath ) )
+##
+## 17.1.6 Privilege policy object class
+objectClass ( id-oc-privilegePolicy
+ NAME 'privilegePolicy'
+ DESC 'X.509 Privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( privPolicy ) )
+##
+## 17.1.7 Protected privilege policy object class
+objectClass ( id-oc-protectedPrivilegePolicy
+ NAME 'protectedPrivilegePolicy'
+ DESC 'X.509 Protected privilege policy object class'
+ SUP top
+ AUXILIARY
+ MAY ( protPrivPolicy ) )
+
diff --git a/debian/slapd-contrib.examples b/debian/slapd-contrib.examples
new file mode 100644
index 0000000..2db0324
--- /dev/null
+++ b/debian/slapd-contrib.examples
@@ -0,0 +1,2 @@
+contrib/slapd-modules/passwd/apr1-atol.pl
+contrib/slapd-modules/passwd/apr1-ltoa.pl
diff --git a/debian/slapd-contrib.install b/debian/slapd-contrib.install
new file mode 100644
index 0000000..20c9ac0
--- /dev/null
+++ b/debian/slapd-contrib.install
@@ -0,0 +1,8 @@
+usr/lib/ldap/pw-apr1.so*
+usr/lib/ldap/pw-apr1.la
+usr/lib/ldap/pw-netscape.so*
+usr/lib/ldap/pw-netscape.la
+usr/lib/ldap/pw-pbkdf2.so*
+usr/lib/ldap/pw-pbkdf2.la
+usr/lib/ldap/smbk5pwd.so*
+usr/lib/ldap/smbk5pwd.la
diff --git a/debian/slapd-contrib.lintian-overrides b/debian/slapd-contrib.lintian-overrides
new file mode 100644
index 0000000..d981e33
--- /dev/null
+++ b/debian/slapd-contrib.lintian-overrides
@@ -0,0 +1,2 @@
+# #204975
+package-has-unnecessary-activation-of-ldconfig-trigger
diff --git a/debian/slapd-contrib.manpages b/debian/slapd-contrib.manpages
new file mode 100644
index 0000000..7d06ecf
--- /dev/null
+++ b/debian/slapd-contrib.manpages
@@ -0,0 +1,3 @@
+usr/share/man/man5/slapd-pw-pbkdf2.5
+usr/share/man/man5/slapd-pw-sha2.5
+usr/share/man/man5/slapo-smbk5pwd.5
diff --git a/debian/slapd-remain-after-exit.conf b/debian/slapd-remain-after-exit.conf
new file mode 100644
index 0000000..74ae991
--- /dev/null
+++ b/debian/slapd-remain-after-exit.conf
@@ -0,0 +1,2 @@
+[Service]
+RemainAfterExit=no
diff --git a/debian/slapd.NEWS b/debian/slapd.NEWS
new file mode 100644
index 0000000..a149cd0
--- /dev/null
+++ b/debian/slapd.NEWS
@@ -0,0 +1,77 @@
+openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium
+
+ This is a major release of OpenLDAP, and as such it introduces several
+ changes, new features and deprecations/removals. This is a
+ non-exhaustive list of things to be aware of:
+
+ * Removals:
+ - The shell backend (slapd-shell) has been removed.
+ - The BDB and HDB backends have been removed.
+
+ * Additions:
+ - New backend: slapd-asyncmeta(5).
+ - New core overlays: slapd-homedir(5), slapd-otp(5), and
+ slapd-remoteauth(5).
+
+ * Changes:
+ - The ppolicy module now provides its own built-in schema.
+ The external ppolicy schema has been removed.
+
+ You can find the upstream announcement containing the full list of
+ changes in the 2.5.x series at
+ <https://www.openldap.org/software/release/announce.html>.
+
+ In certain situations, it is possible that the post-installation
+ scripts will not be able to successfully migrate your current
+ installation to new formats (e.g., when you are using an old
+ backend like BDB/HDB). If this happens, you will be notified about
+ the failure and the slapd service will NOT be (re)started; you will
+ then have to take manual action in order to migrate your data and
+ start the service. Please look at the README.Debian file (under
+ /usr/share/doc/slapd/) for more instructions on how to cope with
+ some of the most problematic cases.
+
+ -- Ryan Tandy <ryan@nardis.ca> Fri, 11 Jun 2021 11:43:15 -0700
+
+openldap (2.4.49+dfsg-1) unstable; urgency=medium
+
+ This release fixes an issue with how the slapo-ppolicy(5) overlay
+ stores the pwdChangedTime attribute in the database. Existing
+ incorrect records could cause slapd to crash if a database
+ administrator uses the Relax control to modify pwdChangedTime.
+
+ Users of the ppolicy overlay are recommended to reload (slapcat and
+ slapadd) their database in order to fix existing data.
+
+ Please see <https://www.openldap.org/its/?findid=9126> for more
+ information.
+
+ -- Ryan Tandy <ryan@nardis.ca> Mon, 03 Feb 2020 09:58:29 -0800
+
+openldap (2.4.44+dfsg-1) unstable; urgency=medium
+
+ The slapd package no longer includes OpenSLP support. The
+ openslp-dfsg package is being retired due to lack of maintenance and
+ security concerns. Please see <https://bugs.debian.org/795428> for
+ more information.
+
+ -- Ryan Tandy <ryan@nardis.ca> Tue, 15 Mar 2016 03:59:27 +0000
+
+openldap (2.4.23-3) unstable; urgency=low
+
+ The OpenLDAP packages in Debian now use the slapd.d LDIF-based
+ configuration model by default. Please see README.Debian for more
+ information.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Mon, 19 Jul 2010 10:48:19 +0200
+
+openldap2.3 (2.3.23-1) unstable; urgency=low
+
+ The Debian slapd package no longer includes support for the LDBM backend.
+ It has been disabled as a result of concerns over data loss and lack of
+ upstream support. For more information, see:
+ http://www.openldap.org/faq/index.cgi?_highlightWords=ldbm&file=756
+ The BDB backend is now the main backend to use. This backend is supported
+ upstream and has several fixes included for known problems.
+
+ -- Matthijs Mohlmann <matthijs@cacholong.nl> Sun, 26 Feb 2006 20:05:44 +0100
diff --git a/debian/slapd.README.Debian b/debian/slapd.README.Debian
new file mode 100644
index 0000000..ff7d66b
--- /dev/null
+++ b/debian/slapd.README.Debian
@@ -0,0 +1,380 @@
+Notes about Debian's slapd package
+----------------------------------
+
+ Please see the bottom of this file for the ways in which the Debian
+ OpenLDAP packages differ from the upstream OpenLDAP releases. Please
+ report any bugs that may be related to those changes to Debian via
+ reportbug and not to upstream; upstream is not responsible for changes
+ made in the Debian package.
+
+ In addition to the man pages shipped with this package, please consult
+ the OpenLDAP Admin Guide for more information, including configuration
+ examples for common use cases. <http://www.openldap.org/doc/admin24/>
+
+Initial slapd configuration
+
+ Upon installation the slapd package performs a number of tasks. It
+ initializes the configuration database, stored in LDAP and rooted at
+ the DN "cn=config". It creates an initial directory database with a
+ DN rooted at a suffix derived from the DNS domain configured in
+ debconf (e.g. "dc=example,dc=com"). The default backend for the
+ directory database is the MDB backend. The root (administrative) DN
+ is set to "cn=admin,<suffix>". The root password is set to the
+ password configured in debconf, or a randomly generated password if
+ none was set.
+
+ If desired, a new configuration and directory database can be
+ created by running, as root:
+
+ dpkg-reconfigure slapd
+
+ Caution: this command completely resets the configuration and all
+ LDAP directory data (saving a backup in /var/backups), resetting
+ slapd to a new initial state.
+
+ The configuration database ("cn=config") and directory database
+ ("dc=<domain>,dc=<tld>") have different permissions. Upon
+ installation, the Unix root user has permission to manage the slapd
+ configuration ("cn=config") database. The LDAP directory manager
+ ("cn=admin,<suffix>") has permission to manage the directory database
+ ("dc=<domain>,dc=<tld>"). This policy is specific to Debian.
+
+Maintaining the slapd configuration
+
+ Since version 2.4.23-3 the default configuration of OpenLDAP has
+ been changed to "/etc/ldap/slapd.d"; configuration is stored in an
+ LDAP directory. The OpenLDAP packages in Debian provide an
+ automatic migration to the new configuration style. With the new
+ configuration style it is possible to change values on the fly
+ without restarting slapd. Changes are made through the use of ldif
+ files and ldap{add,modify}.
+
+ Debian defaults to granting the Unix root user, and only the Unix
+ root user, administrative privileges to the configuration database.
+ The configuration database is stored in LDAP. Administrative
+ privileges to the configuration database are granted to root when
+ the special SASL mechanism "EXTERNAL" is used for authentication.
+ The OpenLDAP client command option for this is "-Y EXTERNAL".
+
+ You can use the following shell command, as root, to search the
+ configuration:
+
+ ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
+
+ To modify configuration use the command:
+
+ ldapmodify -Y EXTERNAL -H ldapi:/// -f <file.ldif>
+
+ For configuration options see the several manpages that exist or the
+ documentation provided upstream.
+
+ To change the directory administrator's password, the olcRootPW
+ attribute of the database configuration must be updated. The new
+ password should be hashed using the slappasswd(8) command. Then, the
+ root user should update the attribute using ldapmodify(1):
+
+ ldapmodify -H ldapi:// -Y EXTERNAL << EOF
+ dn: olcDatabase={1}mdb,cn=config
+ changetype: modify
+ replace: olcRootPW
+ olcRootPW: <new hashed password>
+
+ EOF
+
+ Versions of slapd before 2.4.51+dfsg-1 additionally created a database
+ entry named the same as the rootDN (cn=admin,<suffix>) and having the
+ same password. If this entry exists in your directory, its password
+ must also be updated using ldappasswd(1), otherwise the old password
+ can still be used.
+
+Using the MDB Backend
+
+ MDB is a new database backend using the LMDB library created by the
+ OpenLDAP developers. The MDB backend has fewer configuration
+ parameters than the former Berkeley DB backend, and generally does not
+ require hand tuning.
+
+ The database is stored in a sparse file with a specified maximum size.
+ The size should be set larger than the database is ever anticipated to
+ grow, but can be increased later if needed. When the MDB backend is
+ chosen during initial configuration, the Debian package configures the
+ automatically created database with a maximum size of 1 GiB.
+
+ The space currently used by the database can be found using du(1); for
+ example: du -h /var/lib/ldap/data.mdb
+
+ When upgrading slapd to a new version where the database's storage
+ format has changed, the database has to be backed up using slapcat(8)
+ before upgrading and restored using slapadd(8) afterwards. Normally
+ the maintainer scripts will handle this automatically, performing the
+ dump and restore as needed. If the database format changes without a
+ corresponding dump and reload, this should be reported as a bug in the
+ slapd package. In this case you will have to downgrade slapd to the
+ previous version as the new tools are unable to dump the old database,
+ and the same error would prevent you from upgrading to the fixed
+ version. Old package versions can be found at
+ <http://snapshot.debian.org> if needed.
+
+Logging
+
+ slapd logs to the facility local4. If you want to direct slapd's logs to
+ a separate log file, add a line like:
+
+ local4.debug /var/log/slapd.log
+
+ to /etc/syslog.conf. You may also want to add ";local4.none" to the
+ catch-all entry that logs to /var/log/messages so that it doesn't
+ continue to receive slapd logs.
+
+SASL Configuration
+
+ To enable GSSAPI (Kerberos) authentication to slapd, install either the
+ libsasl2-modules-gssapi-mit or libsasl2-modules-gssapi-heimdal packages
+ depending on which Kerberos implementation you want to use.
+
+ SASL configuration files may be placed either in /usr/lib/sasl2 (the
+ standard path, but not a great place for configuration files) or in
+ /etc/ldap/sasl2. A SASL configuration file should be named after the
+ program that will use it. So, for instance, to configure SASL for
+ slapd, create a file named slapd.conf in /etc/ldap/sasl2 or in
+ /usr/lib/sasl2.
+
+TCP Wrappers
+
+ The Debian slapd package is compiled with TCP wrappers. This means that
+ you are able to restrict access to the LDAP server using /etc/hosts.deny
+ or /etc/hosts.allow.
+
+Running slapd under a Different UID/GID
+
+ By default, slapd runs as openldap in the openldap group. Keeping the
+ default is easiest. If for some reason you need to run slapd as a
+ different user:
+
+ - Create the user/group for slapd -- usually:
+
+ adduser --system --group <group> --disabled-login <user>
+
+ - Stop slapd:
+
+ /etc/init.d/slapd stop
+
+ - Tell slapd to run under a different UID by editing /etc/default/slapd
+ and setting SLAPD_USER and SLAPD_GROUP. (For example,
+ SLAPD_USER="ldap", SLAPD_GROUP="ldap")
+
+ - Tell linux slapd can access all database files -- usually:
+
+ chown -R <user>:<group> /var/lib/ldap
+
+ - Tell linux slapd can access configuration files -- usually:
+
+ chown -R <user>:<group> /etc/ldap/slapd.d
+
+ - Tell linux slapd can access /var/run/slapd and write a PID file:
+
+ chgrp <group> /var/run/slapd
+ chmod 0770 /var/run/slapd
+
+ - Start slapd -- /etc/init.d/slapd start
+
+ Once you have done so, remember to always run any utilities that access
+ or update the database (such as slapadd) as the same user that slapd is
+ running as. If you forget, you will need to redo the chown noted above.
+
+If slapd Depends on Other Service
+
+ In the event that you are running slapd with a different back-end module
+ that depends on other programs (such as an SQL database) you may need to
+ adjust the runlevels of slapd to start after the SQL database.
+
+Creating NSS Flat Files from LDAP
+
+ If you have need to create passwd/shadow/etc files from an LDAP
+ directory there is now a script included with these Debian packages
+ which may help you. The script is in /usr/share/slapd/ and is named
+ ldiftopasswd. In general you should be able to do:
+
+ ldapsearch | ldiftopasswd
+
+ and it will generate the files for you. You will need appropriate
+ privileges, of course, and appropriate arguments to ldapsearch.
+
+Modifications Compared to Upstream
+
+ Compared to stock OpenLDAP as shipped by the OpenLDAP project, the
+ Debian packages make the following modifications. If you see any
+ problems caused by or related to these modifications, please report them
+ via the Debian bug tracking system using reportbug, not to the OpenLDAP
+ project.
+
+ * The only LDAP library installed is libldap_r, which in the upstream
+ release is only used for slapd, and libldap is a symlink to it. This
+ library has thread safety for use with slapd, but that thread safety
+ is not checked for any application other than slapd by upstream.
+ Upstream does not support using libldap_r for programs other than
+ slapd. The current library installation strategy in the Debian
+ packages is an attempt to deal with problems caused by symbol
+ conflicts between libldap and libldap_r when both are pulled in by the
+ same process (most commonly by libnss-ldap) and the number of packages
+ that use libldap in threaded code expecting thread safety.
+
+ * libldap and libber have symbol versioning added to prevent problems
+ during partial upgrades from older versions of the libraries.
+
+ * slapindex has been patched to warn when run as root and the man page
+ has been patched to notify users that slapindex should be run as the
+ user slapd runs as. There is some upstream discussion of a better
+ fix.
+
+ * slapd is configured to look in /etc/ldap/sasl2 in addition to
+ /usr/lib/sasl2 for SASL configuration files.
+
+ * Several paths have been adjusted to fit Debian file permissions and
+ for Filesystem Hierarchy Standard compliance, namely:
+ - The ldapi socket is in /var/run/slapd
+ - The slapi error log has been moved to /var/log/slapi-errors
+ - The slapd database location is /var/lib/ldap
+
+ In addition, upstream patches from CVS may be applied to fix bugs in the
+ current release and will not be noted here unless they're not expected
+ to be in the next release.
+
+ Finally, note that the Debian OpenLDAP packages have been compiled
+ against GnuTLS instead of OpenSSL to avoid licensing problems for
+ GPL-covered packages that use the LDAP libraries. This is a supported
+ configuration, but it's not widely used outside of Debian.
+
+ For the exact patches applied to the upstream source and references to
+ the relevant upstream ITS numbers, Debian bugs, and upstream
+ synchronization status, see the debian/patches directory in the
+ openldap source package.
+
+ -- Russ Allbery <rra@debian.org>, Thu, 14 Feb 2008 18:47:07 -0800
+
+Migrating your installation to OpenLDAP 2.5.x
+
+ OpenLDAP 2.5 is a major new release and includes several incompatible
+ changes as described in the upstream ANNOUNCEMENT file. Depending on
+ your configuration, completing the upgrade from 2.4.x might require
+ manual intervention.
+
+ The package upgrade process first exports your databases to LDIF
+ format using slapcat(8), then updates the slapd package, and finally
+ imports the LDIF files using slapadd(8). If the slapadd process fails,
+ it must be completed manually after resolving whatever issues caused
+ the failure.
+
+ By default, the Debian package uses LDAP-based configuration
+ (cn=config). To resolve configuration issues with a cn=config
+ database, follow the steps below to reload the config database from an
+ LDIF file. If you use a slapd.conf configuration file, configuration
+ issues can be resolved by just editing that file.
+
+ The following steps assume your configuration database is stored in
+ the default location (/etc/ldap/slapd.d).
+
+ 1. Locate the backup LDIF file exported by the upgrade process:
+
+ /var/backups/slapd-<OLDVERSION>/cn=config.ldif
+
+ Make a copy of this file for working on.
+
+ 2. Edit your copy of cn=config.ldif to fix the issues noted by
+ slapadd, such as removed or renamed modules or backends. See below
+ for suggestions for some specific issues.
+
+ 3. Move away or delete the contents of /etc/ldap/slapd.d, so that it
+ is an empty directory.
+
+ 4. Load your edited cn=config.ldif into the cn=config database:
+
+ slapadd -F/etc/ldap/slapd.d -n0 -l /var/backups/slapd-<OLDVERSION>/cn=config.ldif
+
+ 5. If the slapadd command failed, go back to step 2.
+
+ 6. After the slapadd command succeeds, change the permissions on the
+ slapd.d directory to be owned by the openldap user:
+
+ chown -R openldap:openldap /etc/ldap/slapd.d
+
+ Now you can proceed with reloading the remaining databases. For each
+ configured database:
+
+ 1. Locate the backup LDIF file exported by the upgrade process:
+
+ /var/backups/slapd-<OLDVERSION>/<SUFFIX>.ldif
+
+ where <SUFFIX> is the database suffix such as dc=example,dc=com.
+
+ 2. Ensure the directory where the database is stored (for example
+ /var/lib/ldap) is empty. By default the upgrade process moves away
+ the database files to a directory named
+ /var/backups/<SUFFIX>-<OLDVERSION>.ldapdb.
+
+ 3. Reload the data using slapadd:
+
+ slapadd -l /var/backups/slapd-<OLDVERSION>/<SUFFIX>.ldif
+
+ 4. Make sure the slapadd command succeeded, and then change the
+ permissions on the data directory:
+
+ chown -R openldap:openldap /var/lib/ldap
+
+ After all of your databases have been reloaded successfully, you
+ should be able to start the slapd service again.
+
+Known issues for OpenLDAP 2.5.x upgrades
+
+ * BDB/HDB backends removed: migrating to LMDB backend
+
+ The slapd-bdb(5) and slapd-hdb(5) backends have been removed. These
+ were configured by default in older versions of the slapd package. If
+ you are still using one of these backends, slapadd fails with the
+ following message:
+
+ lt_dlopenext failed: (back_hdb) file not found
+
+ You have to change to the LMDB backend. Edit the exported
+ configuration LDIF as described above, and make the following changes:
+
+ 1. Change olcModuleLoad: back_bdb or back_hdb to back_mdb.
+ 2. If you have an olcBackend: bdb or hdb entry, change it to mdb, or
+ delete it if you don't have to override any global LMDB settings.
+ 2. For each configured BDB or HDB database:
+ - Change objectClass: olcBdbConfig or olcHdbConfig to olcMdbConfig.
+ Also update structuralObjectClass.
+ - Change olcDatabase: bdb or hdb to mdb. Also update the attribute
+ in the DN, for example: olcDatabase={1}mdb,cn=config.
+ - Delete any olcDbConfig attributes.
+ - Add the olcDbMaxSize attribute to set the maximum size of the
+ database, in bytes. If not configured, the default is 10 MiB.
+
+ * ppolicy schema changed to internal
+
+ The slapo-ppolicy(5) module now includes its schema compiled into the
+ module code itself. The external schema is no longer used, and
+ conflicts with the internal copy. If you have the ppolicy schema
+ loaded, slapadd fails with the following message:
+
+ olcAttributeTypes: value #0 olcAttributeTypes: Duplicate attributeType: "1.3.6.1.4.1.42.2.27.8.1.1"
+
+ Edit the exported configuration LDIF as described above. Remove the
+ entire ppolicy schema entry. That is, delete from the line like:
+
+ dn: cn={4}ppolicy,cn=schema,cn=config
+
+ all the way to the next blank line.
+
+ * argon2 module renamed
+
+ The pw-argon2 contrib passwd module was promoted to core and was
+ renamed to argon2. If your config loads the module by its old name,
+ slapadd fails with the following message:
+
+ lt_dlopenext failed: (pw-argon2) file not found
+
+ Edit the exported configuration LDIF as described above. Change
+ olcModuleLoad: pw-argon2 to argon2.
+
+ -- Ryan Tandy <ryan@nardis.ca> Sat, 14 Aug 2021 15:03:31 -0700
diff --git a/debian/slapd.backup b/debian/slapd.backup
new file mode 100644
index 0000000..4046f8c
--- /dev/null
+++ b/debian/slapd.backup
@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# Backup LDAP directories
+#
+# This script can be put in cron to create backups.
+#
+# Author: Matthijs Mohlmann <matthijs@cacholong.nl>
+# Date: Sat, 15 Jul 2006 21:13:14 +0200
+# License: GPLv2
+
+# Make sure the backups are secured.
+umask 077
+
+BACKUPDIR="/var/backups/slapd"
+DEFAULTS="/etc/default/slapd"
+
+# Check if there is a directory slapd, otherwise create it.
+if [ ! -d "$BACKUPDIR" ]; then
+ mkdir -p -m 0700 "$BACKUPDIR"
+fi
+
+# Load default settings.
+if [ -e "$DEFAULTS" ]; then
+ . "$DEFAULTS"
+fi
+
+# Specify a slapd.conf if not specified.
+if [ -z "$SLAPD_CONF" ]; then
+ SLAPD_CONF="/etc/ldap/slapd.conf"
+fi
+
+# Set IFS to end of line.
+ORIGIFS=$IFS
+IFS=`echo -en "\n\b"`
+
+# Backup recursive through all configfiles all suffix's in the form:
+# suffix.ldif in /var/backups/slapd
+function backupDirectories() {
+ local conf=$1
+ local directory=""
+ local include=""
+
+ suffix=`grep "^suffix" $conf | sed -e "s/\(^suffix\s\+\|\"\|\'\)//g"`
+ for directory in "$suffix"; do
+ if [ ! -z "$suffix" ]; then
+ slapcat -l "$BACKUPDIR/$suffix.ldif" -b "$suffix"
+ fi
+ done
+
+ includes=`grep "^include" $conf | awk '{print $2}'`
+ for include in $includes; do
+ backupDirectories "$include"
+ done
+}
+
+backupDirectories "$SLAPD_CONF"
+
+# Put IFS back.
+IFS=$ORIGIFS
+
+exit 0
+
diff --git a/debian/slapd.conf b/debian/slapd.conf
new file mode 100644
index 0000000..8680007
--- /dev/null
+++ b/debian/slapd.conf
@@ -0,0 +1,113 @@
+# This is the main slapd configuration file. See slapd.conf(5) for more
+# info on the configuration options.
+
+#######################################################################
+# Global Directives:
+
+# Schema and objectClass definitions
+include /etc/ldap/schema/core.schema
+include /etc/ldap/schema/cosine.schema
+include /etc/ldap/schema/nis.schema
+include /etc/ldap/schema/inetorgperson.schema
+
+# Where the pid file is put. The init.d script
+# will not stop the server if you change this.
+pidfile /var/run/slapd/slapd.pid
+
+# List of arguments that were passed to the server
+argsfile /var/run/slapd/slapd.args
+
+# Read slapd.conf(5) for possible values
+loglevel none
+
+# Where the dynamically loaded modules are stored
+modulepath /usr/lib/ldap
+moduleload back_mdb
+
+# The maximum number of entries that is returned for a search operation
+sizelimit 500
+
+# The tool-threads parameter sets the actual amount of cpu's that is used
+# for indexing.
+tool-threads 1
+
+#######################################################################
+# Specific Backend Directives for mdb:
+# Backend specific directives apply to this backend until another
+# 'backend' directive occurs
+backend mdb
+
+#######################################################################
+# Specific Backend Directives for 'other':
+# Backend specific directives apply to this backend until another
+# 'backend' directive occurs
+#backend <other>
+
+#######################################################################
+# Specific Directives for database #1, of type mdb:
+# Database specific directives apply to this databasse until another
+# 'database' directive occurs
+database mdb
+
+# The base of your directory in database #1
+suffix "dc=example,dc=com"
+
+# rootdn directive for specifying a superuser on the database. This is needed
+# for syncrepl.
+# rootdn "cn=admin,dc=example,dc=com"
+
+# Where the database file are physically stored for database #1
+directory "/var/lib/ldap"
+
+# Indexing options for database #1
+index objectClass eq
+
+# Save the time that the entry gets modified, for database #1
+lastmod on
+
+# Checkpoint the BerkeleyDB database periodically in case of system
+# failure and to speed slapd shutdown.
+checkpoint 512 30
+
+# The userPassword by default can be changed
+# by the entry owning it if they are authenticated.
+# Others should not be able to see it, except the
+# admin entry below
+# These access lines apply to database #1 only
+access to attrs=userPassword,shadowLastChange
+ by dn="cn=admin,dc=example,dc=com" write
+ by anonymous auth
+ by self write
+ by * none
+
+# Ensure read access to the base for things like
+# supportedSASLMechanisms. Without this you may
+# have problems with SASL not knowing what
+# mechanisms are available and the like.
+# Note that this is covered by the 'access to *'
+# ACL below too but if you change that as people
+# are wont to do you'll still need this if you
+# want SASL (and possible other things) to work
+# happily.
+access to dn.base="" by * read
+
+# The admin dn has full write access, everyone else
+# can read everything.
+access to *
+ by dn="cn=admin,dc=example,dc=com" write
+ by * read
+
+# For Netscape Roaming support, each user gets a roaming
+# profile for which they have write access to
+#access to dn=".*,ou=Roaming,o=morsnet"
+# by dn="cn=admin,dc=example,dc=com" write
+# by dnattr=owner write
+
+#######################################################################
+# Specific Directives for database #2, of type 'other' (can be mdb too):
+# Database specific directives apply to this databasse until another
+# 'database' directive occurs
+#database <other>
+
+# The base of your directory for database #2
+#suffix "dc=debian,dc=org"
diff --git a/debian/slapd.config b/debian/slapd.config
new file mode 100644
index 0000000..05f63e8
--- /dev/null
+++ b/debian/slapd.config
@@ -0,0 +1,154 @@
+#! /bin/sh
+
+set -e
+
+# Load debconf
+. /usr/share/debconf/confmodule
+
+# This will be replaced with debian/slapd.scripts-common which includes
+# various helper functions and $OLD_VERSION and $SLAPD_CONF
+#SCRIPTSCOMMON#
+
+# Check if the user wants to configure slapd manually
+want_manual_configuration() {
+ db_input medium slapd/no_configuration || true
+ db_go || true
+ db_get slapd/no_configuration
+ no_configuration="$RET"
+
+ if [ "$no_configuration" = "true" ]; then
+ return 0
+ fi
+ return 1
+}
+
+# Make sure the values entered make sense
+validate_initial_config() {
+ local invalid
+ invalid=""
+
+ # Make sure the domain name is valid
+ # The regexp doesn't work for UTF-8 domain names, but for that to
+ # work, we would also need to Base64 encode it in the LDIF; since
+ # we're not doing it at the moment, this should be fine for now
+ db_get slapd/domain
+ if [ -z "$RET" ] || ! echo "$RET" | LC_COLLATE='C.UTF-8' grep -q '^[a-zA-Z0-9.-]*$'; then
+ db_fset slapd/domain seen false
+ invalid=true
+ fi
+
+ # Suffix and Organization may not be empty
+ db_get shared/organization
+ if [ -z "$RET" ]; then
+ db_fset shared/organization seen false
+ invalid=true
+ fi
+
+ # Make sure the passwords match
+ local pass1 pass2
+ db_get slapd/password1
+ pass1="$RET"
+ db_get slapd/password2
+ pass2="$RET"
+
+ if [ "$pass1" != "$pass2" ]; then
+ db_fset slapd/password1 seen false
+ db_fset slapd/password2 seen false
+ invalid=true
+ fi
+
+ # Tell the user
+ if [ "$invalid" ]; then
+ db_fset slapd/invalid_config seen false
+ db_input critical slapd/invalid_config || true
+ db_go || true
+ db_get slapd/invalid_config
+ if [ "$RET" != "true" ]; then
+ db_set slapd/no_configuration true
+ invalid=
+ fi
+ fi
+
+ if [ "$invalid" ]; then
+ return 1
+ else
+ return 0
+ fi
+}
+
+# Query the information we need to create an initial directory
+query_initial_config() {
+ while true; do
+ db_input medium slapd/domain || true
+ db_input medium shared/organization || true
+ db_input high slapd/password1 || true
+ db_input high slapd/password2 || true
+ db_input low slapd/purge_database || true
+ # XXX - should be done more general, but for now this should do
+ # the trick
+ if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then
+ db_input low slapd/move_old_database || true
+ fi
+ db_go || true
+
+ if validate_initial_config; then
+ break
+ fi
+ done
+}
+
+# ----- Configuration of LDIF dumping and reloading--------------------- {{{
+#
+# Dumping the database can have negative effects on the system we are
+# running on. If there is a lot of data dumping it might fill a partition
+# for example. Therefore we must give the user exact control over what we
+# are doing.
+
+configure_dumping() { # {{{
+# Ask the user for the configuration of the dumping component
+# Usage: configure_dumping
+
+ # Look if the user wants to migrate to the BDB backend
+ if ! database_dumping_enabled; then
+ return 0
+ fi
+
+ # Configure if and where to dump the LDAP databases
+ db_input medium slapd/dump_database || true
+ db_go || true
+ db_get slapd/dump_database
+
+ # Abort if the user does not want dumping
+ if [ "$RET" = never ]; then
+ return 0
+ fi
+
+ db_input medium slapd/dump_database_destdir || true
+ db_go || true
+
+ # If the user entered the empty value, go back to the default
+ db_get slapd/dump_database_destdir
+ if [ "$RET" = "" ]; then
+ db_reset slapd/dump_database_destdir
+ fi
+}
+
+# }}}
+# }}}
+
+# Create an initial directory on fresh install
+if is_initial_configuration "$@"; then
+ if ! want_manual_configuration; then
+ set_defaults_for_unseen_entries
+ query_initial_config
+ fi
+fi
+
+# Configure the dumping component if we are upgrading some older version.
+if [ "$1" = configure ] && [ -n "$2" ]; then
+ configure_dumping
+fi
+
+db_go || true
+
+exit 0
diff --git a/debian/slapd.default b/debian/slapd.default
new file mode 100644
index 0000000..4212e07
--- /dev/null
+++ b/debian/slapd.default
@@ -0,0 +1,45 @@
+# Default location of the slapd.conf file or slapd.d cn=config directory. If
+# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
+# /etc/ldap/slapd.conf).
+SLAPD_CONF=
+
+# System account to run the slapd server under. If empty the server
+# will run as root.
+SLAPD_USER="openldap"
+
+# System group to run the slapd server under. If empty the server will
+# run in the primary group of its user.
+SLAPD_GROUP="openldap"
+
+# Path to the pid file of the slapd server. If not set the init.d script
+# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
+# default)
+SLAPD_PIDFILE=
+
+# slapd normally serves ldap only on all TCP-ports 389. slapd can also
+# service requests on TCP-port 636 (ldaps) and requests via unix
+# sockets.
+# Example usage:
+# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
+SLAPD_SERVICES="ldap:/// ldapi:///"
+
+# If SLAPD_NO_START is set, the init script will not start or restart
+# slapd (but stop will still work). Uncomment this if you are
+# starting slapd via some other means or if you don't want slapd normally
+# started at boot.
+#SLAPD_NO_START=1
+
+# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
+# the init script will not start or restart slapd (but stop will still
+# work). Use this for temporarily disabling startup of slapd (when doing
+# maintenance, for example, or through a configuration management system)
+# when you don't want to edit a configuration file.
+SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
+
+# For Kerberos authentication (via SASL), slapd by default uses the system
+# keytab file (/etc/krb5.keytab). To use a different keytab file,
+# uncomment this line and change the path.
+#export KRB5_KTNAME=/etc/krb5.keytab
+
+# Additional options to pass to slapd
+SLAPD_OPTIONS=""
diff --git a/debian/slapd.dirs b/debian/slapd.dirs
new file mode 100644
index 0000000..4bd6712
--- /dev/null
+++ b/debian/slapd.dirs
@@ -0,0 +1 @@
+etc/ldap/sasl2
diff --git a/debian/slapd.examples b/debian/slapd.examples
new file mode 100644
index 0000000..3676ae0
--- /dev/null
+++ b/debian/slapd.examples
@@ -0,0 +1,2 @@
+debian/slapd.backup
+debian/slapd.conf
diff --git a/debian/slapd.init b/debian/slapd.init
new file mode 100644
index 0000000..581f0a4
--- /dev/null
+++ b/debian/slapd.init
@@ -0,0 +1,202 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: slapd
+# Required-Start: $remote_fs $network $syslog
+# Required-Stop: $remote_fs $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: OpenLDAP standalone server (Lightweight Directory Access Protocol)
+### END INIT INFO
+
+# Specify path variable
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+. /lib/lsb/init-functions
+
+# Kill me on all errors
+set -e
+
+# Set the paths to slapd as a variable so that someone who really
+# wants to can override the path in /etc/default/slapd.
+SLAPD=/usr/sbin/slapd
+
+# Stop processing if slapd is not there
+[ -x $SLAPD ] || exit 0
+
+# debconf may have this file descriptor open and it makes things work a bit
+# more reliably if we redirect it as a matter of course. db_stop will take
+# care of this, but this won't hurt.
+exec 3>/dev/null
+
+# Source the init script configuration
+if [ -f "/etc/default/slapd" ]; then
+ . /etc/default/slapd
+fi
+
+# Load the default location of the slapd config file
+if [ -z "$SLAPD_CONF" ]; then
+ if [ -e /etc/ldap/slapd.d ]; then
+ SLAPD_CONF=/etc/ldap/slapd.d
+ else
+ SLAPD_CONF=/etc/ldap/slapd.conf
+ fi
+fi
+
+# Stop processing if the config file is not there
+if [ ! -r "$SLAPD_CONF" ]; then
+ log_warning_msg "No configuration file was found for slapd at $SLAPD_CONF."
+ # if there is no config at all, we should assume slapd is not running
+ # and exit 0 on stop so that unconfigured packages can be removed.
+ [ "x$1" = xstop ] && exit 0 || exit 1
+fi
+
+# extend options depending on config type
+if [ -f "$SLAPD_CONF" ]; then
+ SLAPD_OPTIONS="-f $SLAPD_CONF $SLAPD_OPTIONS"
+elif [ -d "$SLAPD_CONF" ] ; then
+ SLAPD_OPTIONS="-F $SLAPD_CONF $SLAPD_OPTIONS"
+fi
+
+# Find out the name of slapd's pid file
+if [ -z "$SLAPD_PIDFILE" ]; then
+ # If using old one-file configuration scheme
+ if [ -f "$SLAPD_CONF" ] ; then
+ SLAPD_PIDFILE=`sed -ne 's/^pidfile[[:space:]]\+\(.\+\)/\1/p' \
+ "$SLAPD_CONF"`
+ # Else, if using new directory configuration scheme
+ elif [ -d "$SLAPD_CONF" ] ; then
+ SLAPD_PIDFILE=`sed -ne \
+ 's/^olcPidFile:[[:space:]]\+\(.\+\)[[:space:]]*/\1/p' \
+ "$SLAPD_CONF"/'cn=config.ldif'`
+ fi
+fi
+
+# XXX: Breaks upgrading if there is no pidfile (invoke-rc.d stop will fail)
+# -- Torsten
+if [ -z "$SLAPD_PIDFILE" ]; then
+ log_failure_msg "The pidfile for slapd has not been specified"
+ exit 1
+fi
+
+# Pass the user and group to run under to slapd
+if [ "$SLAPD_USER" ]; then
+ SLAPD_OPTIONS="-u $SLAPD_USER $SLAPD_OPTIONS"
+fi
+
+if [ "$SLAPD_GROUP" ]; then
+ SLAPD_OPTIONS="-g $SLAPD_GROUP $SLAPD_OPTIONS"
+fi
+
+# Check whether we were configured to not start the services.
+check_for_no_start() {
+ if [ -n "$SLAPD_NO_START" ]; then
+ echo 'Not starting slapd: SLAPD_NO_START set in /etc/default/slapd' >&2
+ exit 0
+ fi
+ if [ -n "$SLAPD_SENTINEL_FILE" ] && [ -e "$SLAPD_SENTINEL_FILE" ]; then
+ echo "Not starting slapd: $SLAPD_SENTINEL_FILE exists" >&2
+ exit 0
+ fi
+}
+
+# Tell the user that something went wrong and give some hints for
+# resolving the problem.
+report_failure() {
+ log_end_msg 1
+ if [ -n "$reason" ]; then
+ log_failure_msg "$reason"
+ else
+ log_failure_msg "The operation failed but no output was produced."
+
+ if [ -n "$SLAPD_OPTIONS" -o \
+ -n "$SLAPD_SERVICES" ]; then
+ if [ -z "$SLAPD_SERVICES" ]; then
+ if [ -n "$SLAPD_OPTIONS" ]; then
+ log_failure_msg "Command line used: slapd $SLAPD_OPTIONS"
+ fi
+ else
+ log_failure_msg "Command line used: slapd -h '$SLAPD_SERVICES' $SLAPD_OPTIONS"
+ fi
+ fi
+ fi
+}
+
+# Start the slapd daemon and capture the error message if any to
+# $reason.
+start_slapd() {
+ # Make sure /var/run/slapd exists with correct permissions
+ if [ ! -d /var/run/slapd ]; then
+ mkdir -p /var/run/slapd
+ [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" /var/run/slapd
+ [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" /var/run/slapd
+ fi
+
+ # Make sure the pidfile directory exists with correct permissions
+ piddir=`dirname "$SLAPD_PIDFILE"`
+ if [ ! -d "$piddir" ]; then
+ mkdir -p "$piddir"
+ [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" "$piddir"
+ [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" "$piddir"
+ fi
+
+ if [ -z "$SLAPD_SERVICES" ]; then
+ reason="`start-stop-daemon --start --quiet --oknodo \
+ --pidfile "$SLAPD_PIDFILE" \
+ --exec $SLAPD -- $SLAPD_OPTIONS 2>&1`"
+ else
+ reason="`start-stop-daemon --start --quiet --oknodo \
+ --pidfile "$SLAPD_PIDFILE" \
+ --exec $SLAPD -- -h "$SLAPD_SERVICES" $SLAPD_OPTIONS 2>&1`"
+ fi
+
+ # Backward compatibility with OpenLDAP 2.1 client libraries.
+ if [ ! -h /var/run/ldapi ] && [ ! -e /var/run/ldapi ] ; then
+ ln -s slapd/ldapi /var/run/ldapi
+ fi
+}
+
+# Stop the slapd daemon and capture the error message (if any) to
+# $reason.
+stop_slapd() {
+ reason="`start-stop-daemon --stop --quiet --oknodo --retry TERM/10 \
+ --pidfile "$SLAPD_PIDFILE" \
+ --exec $SLAPD 2>&1`"
+}
+
+# Start the OpenLDAP daemons
+start_ldap() {
+ trap 'report_failure' 0
+ log_daemon_msg "Starting OpenLDAP" "slapd"
+ start_slapd
+ trap "-" 0
+ log_end_msg 0
+}
+
+# Stop the OpenLDAP daemons
+stop_ldap() {
+ trap 'report_failure' 0
+ log_daemon_msg "Stopping OpenLDAP" "slapd"
+ stop_slapd
+ trap "-" 0
+ log_end_msg 0
+}
+
+case "$1" in
+ start)
+ check_for_no_start
+ start_ldap ;;
+ stop)
+ stop_ldap ;;
+ restart|force-reload)
+ check_for_no_start
+ stop_ldap
+ start_ldap
+ ;;
+ status)
+ status_of_proc -p $SLAPD_PIDFILE $SLAPD slapd
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif
new file mode 100644
index 0000000..eacb116
--- /dev/null
+++ b/debian/slapd.init.ldif
@@ -0,0 +1,96 @@
+# Global config:
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+# Where the pid file is put. The init.d script
+# will not stop the server if you change this.
+olcPidFile: /var/run/slapd/slapd.pid
+# List of arguments that were passed to the server
+olcArgsFile: /var/run/slapd/slapd.args
+# Read slapd-config(5) for possible values
+olcLogLevel: none
+# The tool-threads parameter sets the actual amount of cpu's that is used
+# for indexing.
+olcToolThreads: 1
+
+# Frontend settings
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+# The maximum number of entries that is returned for a search operation
+olcSizeLimit: 500
+# Allow unlimited access to local connection from the local root user
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+# Allow unauthenticated read access for schema and base DN autodiscovery
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
+
+# Config db settings
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+# Allow unlimited access to local connection from the local root user
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+olcRootDN: cn=admin,cn=config
+
+# Load schemas
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/ldap/schema/core.ldif
+include: file:///etc/ldap/schema/cosine.ldif
+include: file:///etc/ldap/schema/nis.ldif
+include: file:///etc/ldap/schema/inetorgperson.ldif
+
+# Load module
+dn: cn=module{0},cn=config
+objectClass: olcModuleList
+cn: module{0}
+# Where the dynamically loaded modules are stored
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: back_mdb
+
+# The database definition.
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDatabase: mdb
+# Default to a 1 GiB database for compatibility with 32-bit systems.
+olcDbMaxSize: 1073741824
+# Checkpoint the database periodically in case of system
+# failure and to speed slapd shutdown.
+olcDbCheckpoint: 512 30
+# Save the time that the entry gets modified, for database #1
+olcLastMod: TRUE
+# The base of your directory in database #1
+olcSuffix: @SUFFIX@
+# Where the database file are physically stored for database #1
+olcDbDirectory: /var/lib/ldap
+# Database superuser credentials
+olcRootDN: cn=admin,@SUFFIX@
+olcRootPW: @PASSWORD@
+# Indexing options for database #1
+olcDbIndex: objectClass eq
+olcDbIndex: cn,uid eq
+olcDbIndex: uidNumber,gidNumber eq
+olcDbIndex: member,memberUid eq
+# The userPassword by default can be changed by the entry owning it if
+# they are authenticated. Others should not be able to see it, except
+# the admin entry above.
+olcAccess: to attrs=userPassword
+ by self write
+ by anonymous auth
+ by * none
+# Allow update of authenticated user's shadowLastChange attribute.
+# Updating it on password change is implemented at least by libpam-ldap,
+# libpam-ldapd, and the slapo-smbk5pwd overlay.
+olcAccess: to attrs=shadowLastChange
+ by self write
+ by * read
+# The admin dn (olcRootDN) bypasses ACLs and so has total access,
+# everyone else can read everything.
+olcAccess: to *
+ by * read
+
diff --git a/debian/slapd.install b/debian/slapd.install
new file mode 100644
index 0000000..a380094
--- /dev/null
+++ b/debian/slapd.install
@@ -0,0 +1,66 @@
+etc/ldap/schema
+usr/lib/slapd usr/sbin
+usr/lib/*/libslapi.so.2*
+debian/ldiftopasswd usr/share/slapd
+debian/slapd.init.ldif usr/share/slapd
+debian/slapd-remain-after-exit.conf lib/systemd/system/slapd.service.d
+
+usr/lib/ldap/back_*.so*
+usr/lib/ldap/back_*.la
+
+usr/lib/ldap/accesslog*.so*
+usr/lib/ldap/accesslog.la
+usr/lib/ldap/argon2*.so*
+usr/lib/ldap/argon2.la
+usr/lib/ldap/auditlog*.so*
+usr/lib/ldap/auditlog.la
+usr/lib/ldap/collect*.so*
+usr/lib/ldap/collect.la
+usr/lib/ldap/constraint*.so*
+usr/lib/ldap/constraint.la
+usr/lib/ldap/dds*.so*
+usr/lib/ldap/dds.la
+usr/lib/ldap/deref*.so*
+usr/lib/ldap/deref.la
+usr/lib/ldap/dyngroup*.so*
+usr/lib/ldap/dyngroup.la
+usr/lib/ldap/dynlist*.so*
+usr/lib/ldap/dynlist.la
+usr/lib/ldap/homedir*.so*
+usr/lib/ldap/homedir.la
+usr/lib/ldap/memberof*.so*
+usr/lib/ldap/memberof.la
+usr/lib/ldap/otp*.so*
+usr/lib/ldap/otp.la
+usr/lib/ldap/pcache*.so*
+usr/lib/ldap/pcache.la
+usr/lib/ldap/ppolicy*.so*
+usr/lib/ldap/ppolicy.la
+usr/lib/ldap/refint*.so*
+usr/lib/ldap/refint.la
+usr/lib/ldap/remoteauth*.so*
+usr/lib/ldap/remoteauth.la
+usr/lib/ldap/retcode*.so*
+usr/lib/ldap/retcode.la
+usr/lib/ldap/rwm*.so*
+usr/lib/ldap/rwm.la
+usr/lib/ldap/seqmod*.so*
+usr/lib/ldap/seqmod.la
+usr/lib/ldap/sssvlv*.so*
+usr/lib/ldap/sssvlv.la
+usr/lib/ldap/syncprov*.so*
+usr/lib/ldap/syncprov.la
+usr/lib/ldap/translucent*.so*
+usr/lib/ldap/translucent.la
+usr/lib/ldap/unique*.so*
+usr/lib/ldap/unique.la
+usr/lib/ldap/valsort*.so*
+usr/lib/ldap/valsort.la
+
+# contrib modules installed in main package
+usr/lib/ldap/autogroup.so*
+usr/lib/ldap/autogroup.la
+usr/lib/ldap/lastbind.so*
+usr/lib/ldap/lastbind.la
+usr/lib/ldap/pw-sha2.so*
+usr/lib/ldap/pw-sha2.la
diff --git a/debian/slapd.lintian-overrides b/debian/slapd.lintian-overrides
new file mode 100644
index 0000000..d6ee664
--- /dev/null
+++ b/debian/slapd.lintian-overrides
@@ -0,0 +1,3 @@
+# libslapi is a special case, used only for writing extension modules for
+# slapd, and is therefore shipped with slapd.
+package-name-doesnt-match-sonames libslapi2
diff --git a/debian/slapd.maintscript b/debian/slapd.maintscript
new file mode 100644
index 0000000..0a4bd07
--- /dev/null
+++ b/debian/slapd.maintscript
@@ -0,0 +1,2 @@
+rm_conffile /etc/ldap/schema/ppolicy.schema 2.5.4+dfsg-1~
+rm_conffile /etc/ldap/schema/ppolicy.ldif 2.5.4+dfsg-1~
diff --git a/debian/slapd.manpages b/debian/slapd.manpages
new file mode 100644
index 0000000..9dcbaf8
--- /dev/null
+++ b/debian/slapd.manpages
@@ -0,0 +1,48 @@
+usr/share/man/man5/slapd.*.5
+usr/share/man/man8/slap*.8
+
+usr/share/man/man5/slapd-asyncmeta.5
+usr/share/man/man5/slapd-config.5
+usr/share/man/man5/slapd-dnssrv.5
+usr/share/man/man5/slapd-ldap.5
+usr/share/man/man5/slapd-ldif.5
+usr/share/man/man5/slapd-mdb.5
+usr/share/man/man5/slapd-meta.5
+usr/share/man/man5/slapd-monitor.5
+usr/share/man/man5/slapd-null.5
+usr/share/man/man5/slapd-passwd.5
+usr/share/man/man5/slapd-perl.5
+usr/share/man/man5/slapd-relay.5
+usr/share/man/man5/slapd-sock.5
+usr/share/man/man5/slapd-sql.5
+
+usr/share/man/man5/slapo-accesslog.5
+usr/share/man/man5/slapo-auditlog.5
+usr/share/man/man5/slapo-chain.5
+usr/share/man/man5/slapo-collect.5
+usr/share/man/man5/slapo-constraint.5
+usr/share/man/man5/slapo-dds.5
+usr/share/man/man5/slapo-deref.5
+usr/share/man/man5/slapo-dyngroup.5
+usr/share/man/man5/slapo-dynlist.5
+usr/share/man/man5/slapo-homedir.5
+usr/share/man/man5/slapo-memberof.5
+usr/share/man/man5/slapo-otp.5
+usr/share/man/man5/slapo-pbind.5
+usr/share/man/man5/slapo-pcache.5
+usr/share/man/man5/slapo-ppolicy.5
+usr/share/man/man5/slapo-refint.5
+usr/share/man/man5/slapo-remoteauth.5
+usr/share/man/man5/slapo-retcode.5
+usr/share/man/man5/slapo-rwm.5
+usr/share/man/man5/slapo-sock.5
+usr/share/man/man5/slapo-sssvlv.5
+usr/share/man/man5/slapo-syncprov.5
+usr/share/man/man5/slapo-translucent.5
+usr/share/man/man5/slapo-unique.5
+usr/share/man/man5/slapo-valsort.5
+
+usr/share/man/man5/slappw-argon2.5
+
+# contrib modules installed in main package
+usr/share/man/man5/slapo-lastbind.5
diff --git a/debian/slapd.postinst b/debian/slapd.postinst
new file mode 100644
index 0000000..301572b
--- /dev/null
+++ b/debian/slapd.postinst
@@ -0,0 +1,114 @@
+#! /bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+# This will be replaced with debian/slapd.scripts-common which includes
+# various helper functions and $OLD_VERSION and $SLAPD_CONF
+#SCRIPTSCOMMON#
+
+postinst_initial_configuration() { # {{{
+# Configure slapd for the first time (when first installed)
+# Usage: postinst_initial_configuration
+
+ if manual_configuration_wanted; then
+ echo " Omitting slapd configuration as requested." >&2
+ else
+ crypt_admin_pass
+ create_new_configuration
+ fi
+}
+
+# }}}
+postinst_upgrade_configuration() { # {{{
+# Handle upgrading slapd from some older version
+# Usage: postinst_upgrade_configuration
+
+ # Better back up the config file in any case
+ backup_config_once
+
+ # Check if the database format has changed.
+ if database_format_changed; then
+
+ # During upgrading we have to load the old data
+ move_incompatible_databases_away
+ if ! load_databases; then
+ return 1
+ fi
+ fi
+
+ # Update permissions of all database directories and /var/run/slapd
+ update_databases_permissions
+ update_permissions /var/run/slapd
+
+ # Versions prior to 2.4.7-1 could create a slapd.conf that wasn't
+ # readable by the openldap user.
+ update_permissions "${SLAPD_CONF}"
+}
+
+# }}}
+# Ignore the init script failure and just calls "true". This is
+# useful when we don't want the failure to interrupt an upgrade
+# operation if there's been a failure to upgrade the configuration.
+ignore_init_failure() { # {{{
+ if [ "$MODE" = "configure" ] && [ "$FAILED_TO_UPGRADE_CONFIGURATION" -eq 1 ]; then
+ true
+ fi
+}
+# }}}
+
+# Create a new user. Don't create the user, however, if the local
+# administrator has already customized slapd to run as a different user.
+if [ "$MODE" = "configure" ] || [ "$MODE" = "reconfigure" ] ; then
+ if [ "openldap" = "$SLAPD_USER" ] ; then
+ create_new_user
+ fi
+fi
+
+# Initialize the FAILED_TO_UPGRADE_CONFIGURATION variable to 0. This
+# variable will be set if/when there is a failure during the attempt
+# to upgrade the existing configuration. It is useful to determine
+# e.g. whether we should ignore the init script failure that will
+# likely happen in these scenarios.
+FAILED_TO_UPGRADE_CONFIGURATION=0
+
+# Configuration.
+if is_initial_configuration "$@"; then
+ postinst_initial_configuration
+else
+ if ! postinst_upgrade_configuration; then
+ # An error occurred while attempting to upgrade the
+ # current configuration. This can mean many things,
+ # but usually it means that the user is using an
+ # unsupported backend.
+ #
+ # We need to:
+ #
+ # - Set the FAILED_TO_UPGRADE_CONFIGURATION to 1, in
+ # order to signal that there has been a problem
+ # while upgrading the configuration and the
+ # subsequent slapd init startup failure should not
+ # interefere with a possible dist-upgrade operation
+ # (see the "ignore_init_failure" function).
+ #
+ # - Display a critical notice to the user letting
+ # him/her know that manual action must be taken
+ # before the slapd can be started again.
+ #
+ # Note that the slapd service will fail to start after
+ # this, but that should be gracefully handled by
+ # dh_installinit's --error-handler option.
+ FAILED_TO_UPGRADE_CONFIGURATION=1
+ db_input critical slapd/postinst_error || true
+ db_go || true
+ fi
+fi
+
+db_stop || true
+
+#DEBHELPER#
+
+exit 0
+
+# vim: set sw=8 foldmethod=marker:
diff --git a/debian/slapd.postrm b/debian/slapd.postrm
new file mode 100644
index 0000000..4d7917a
--- /dev/null
+++ b/debian/slapd.postrm
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+# Load debconf if available (might have been removed before purging
+# slapd)
+
+if [ -e "/usr/share/debconf/confmodule" ]; then
+ . /usr/share/debconf/confmodule
+fi
+
+# Check if the user wants the database removed on purging slapd
+remove_database_on_purge() {
+ db_get slapd/purge_database || RET=false
+ if [ "$RET" = "true" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+if [ "$1" = "purge" ]; then
+ echo -n "Removing slapd configuration... "
+ rm -f /etc/ldap/slapd.conf 2>/dev/null || true
+ rm -rf /etc/ldap/slapd.d 2>/dev/null || true
+ echo "done."
+
+ if remove_database_on_purge; then
+ echo -n "Purging OpenLDAP database... "
+ rm -rf /var/lib/ldap || true
+ echo done
+ fi
+fi
+
+#DEBHELPER#
+
+exit 0
+
diff --git a/debian/slapd.preinst b/debian/slapd.preinst
new file mode 100755
index 0000000..888f04d
--- /dev/null
+++ b/debian/slapd.preinst
@@ -0,0 +1,37 @@
+#! /bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+# This will be replaced with debian/slapd.scripts-common which includes
+# various helper functions and $OLD_VERSION and $SLAPD_CONF
+#SCRIPTSCOMMON#
+
+# If we are upgrading from an old version then stop slapd and attempt to
+# slapcat out the data so we can use it in postinst to do the upgrade.
+# If slapd was removed and is being reinstalled, slapcat is not
+# available at this time, so the data should have been dumped before the
+# old slapd was removed.
+
+# dh_installinit currently does not stop the service in preinst (#989155)
+if [ "$MODE" = upgrade ] && [ -x /etc/init.d/slapd ]; then
+ invoke-rc.d slapd stop || exit 1
+fi
+
+# Dump the config database before upgrading to 2.5.
+# If the upgrade fails due to needing manual config changes, the LDIF
+# export is the preferred format for making those changes.
+if [ "$MODE" = upgrade ] && previous_version_older '2.5.5+dfsg-1~'; then
+ dump_config
+fi
+
+if [ "$MODE" = upgrade ]; then
+ dump_databases
+fi
+
+#DEBHELPER#
+
+exit 0
+
+# vim: set sw=8 foldmethod=marker:
diff --git a/debian/slapd.prerm b/debian/slapd.prerm
new file mode 100755
index 0000000..e6120a3
--- /dev/null
+++ b/debian/slapd.prerm
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+# This will be replaced with debian/slapd.scripts-common which includes
+# various helper functions and $OLD_VERSION and $SLAPD_CONF
+#SCRIPTSCOMMON#
+
+# dh_installinit's --error-handler option requires that the
+# error-handling function be defined in the prerm and postinst
+# scripts. This function is declared here as a formality, but we do
+# not want to ignore the init script failure during the prerm phase.
+ignore_init_failure() { # {{{
+ :
+}
+# }}}
+
+#DEBHELPER#
+
+# Dump config and data to LDIF before removing slapd.
+# If a later version is reinstalled without being purged first, the LDIF
+# files may be required for the upgrade, and the old slapcat won't be
+# available any more.
+# During an upgrade, the new preinst will be in a better position to
+# control whether dumping is needed.
+
+# If the config is badly broken, slapcat may fail, but this should not
+# prevent the package from being removed or purged.
+set +e
+
+if [ "$MODE" = remove ]; then
+ # scripts-common sets OLD_VERSION incorrectly for remove
+ OLD_VERSION="$(dpkg-query -W -f '${Version}' slapd)"
+
+ dump_config
+ dump_databases
+fi
+
+exit 0
+
+# vim: set foldmethod=marker:
diff --git a/debian/slapd.scripts-common b/debian/slapd.scripts-common
new file mode 100644
index 0000000..8f803f3
--- /dev/null
+++ b/debian/slapd.scripts-common
@@ -0,0 +1,713 @@
+# -*- sh -*-
+# This file can be included with #SCRIPTSCOMMON#
+
+
+# ===== Dumping and reloading using LDIF files ========================= {{{
+#
+# If incompatible changes are done to the database underlying a LDAP
+# directory we need to dump the contents and reload the data into a newly
+# created database after the new server was installed. The following
+# functions deal with this functionality.
+
+
+# ----- Configuration of this component -------------------------------- {{{
+#
+# Dumping the database can have negative effects on the system we are
+# running on. If there is a lot of data dumping it might fill a partition
+# for example. Therefore we must give the user exact control over what we
+# are doing.
+
+database_dumping_enabled() { # {{{
+# Check if the user has enabled database dumping for the current situation.
+# Return success if yes.
+# Usage: if database_dumping_enabled; then ... fi
+
+ # If the package is being removed, dump unconditionally as we
+ # don't know whether the next version will require reload.
+ [ "$MODE" = remove ] && return 0
+
+ db_get slapd/dump_database
+ case "$RET" in
+ always)
+ ;;
+ "when needed")
+ database_format_changed || return 1
+ ;;
+ never)
+ return 1
+ ;;
+ *)
+ echo >&2 "Unknown value for slapd/dump_database: $RET"
+ echo >&2 "Please report!"
+ exit 1
+ ;;
+ esac
+}
+
+# }}}
+database_format_changed() { # {{{
+# Check if the database format has changed since the old installed version
+# Return success if yes.
+# Usage: if database_format_changed; then
+
+ if dpkg --compare-versions "$OLD_VERSION" lt-nl 2.5; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# }}}
+database_dumping_destdir() { # {{{
+# Figure out the directory we are dumping the database to and create it
+# if it does not exist.
+# Usage: destdir=`database_dumping_destdir`
+
+ local dir
+ db_get slapd/dump_database_destdir
+ dir=`echo "$RET"|sed -e "s/VERSION/$OLD_VERSION/"`
+ mkdir -p -m 700 "$dir"
+ echo $dir
+}
+
+# }}}
+create_new_user() { # {{{
+ if [ -z "`getent group openldap`" ]; then
+ addgroup --quiet --system openldap
+ fi
+ if [ -z "`getent passwd openldap`" ]; then
+ echo -n " Creating new user openldap... " >&2
+ adduser --quiet --system --home /var/lib/ldap --shell /bin/false \
+ --ingroup openldap --disabled-password --disabled-login \
+ --gecos "OpenLDAP Server Account" openldap
+ echo "done." >&2
+ fi
+}
+# }}}
+create_ldap_directories() { # {{{
+ if [ ! -d /var/lib/ldap ]; then
+ mkdir -m 0700 /var/lib/ldap
+ fi
+ if [ ! -d /var/run/slapd ]; then
+ mkdir -m 0755 /var/run/slapd
+ fi
+ update_permissions /var/lib/ldap
+ update_permissions /var/run/slapd
+}
+# }}}
+update_permissions() { # {{{
+ local dir
+ dir="$1"
+ if [ -d "$dir" ]; then
+ [ -z "$SLAPD_USER" ] || chown -R -H "$SLAPD_USER" "$dir"
+ [ -z "$SLAPD_GROUP" ] || chgrp -R -H "$SLAPD_GROUP" "$dir"
+ fi
+}
+# }}}
+update_databases_permissions() { # {{{
+ get_suffix | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ update_permissions "$dbdir"
+ done
+}
+# }}}
+# }}}
+# ----- Dumping and loading the data ------------------------------------ {{{
+
+dump_config() { # {{{
+# Dump the cn=config database to the backup directory.
+# This is not the same as backup_config_once, which copies the slapd.d
+# directory verbatim.
+ local dir
+
+ [ -d "$SLAPD_CONF" ] || return 0
+
+ dir="$(database_dumping_destdir)"
+ echo "Saving current slapd configuration to $dir..." >&2
+ slapcat -F "$SLAPD_CONF" -n0 -l "$dir/cn=config.ldif"
+}
+# }}}
+dump_databases() { # {{{
+# If the user wants us to dump the databases they are dumped to the
+# configured directory.
+
+ local db suffix file dir failed slapcat_opts
+
+ database_dumping_enabled || return 0
+
+ dir=`database_dumping_destdir`
+ echo >&2 " Dumping to $dir: "
+ (get_suffix | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ if [ -n "$dbdir" ]; then
+ file="$dir/$suffix.ldif"
+ printf ' - directory %s... ' "$suffix" >&2
+ # Need to support slapd.d migration from preinst
+ if [ -f "${SLAPD_CONF}" ]; then
+ slapcat_opts="-g -f ${SLAPD_CONF}"
+ else
+ slapcat_opts="-g -F ${SLAPD_CONF}"
+ fi
+ slapcat ${slapcat_opts} -b "$suffix" > "$file" || failed=1
+ if [ "$failed" ]; then
+ rm -f "$file"
+ echo "failed." >&2
+ db_subst slapd/upgrade_slapcat_failure location "$dir" <&5
+ db_input critical slapd/upgrade_slapcat_failure <&5 || true
+ db_go <&5 || true
+ exit 1
+ fi
+ echo "done." >&2
+ fi
+ done) 5<&0 </dev/null
+}
+
+# }}}
+load_databases() { # {{{
+ local dir file db dbdir backupdir slapadd_opts
+
+ dir=`database_dumping_destdir`
+ echo >&2 " Loading from $dir: "
+ # restore by increasing suffix length due to possibly glued databases
+ get_suffix | awk '{ print length, $0 }' | sort -n | cut -d ' ' -f 2- \
+ | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ if [ -z "$dbdir" ]; then
+ continue
+ fi
+ if ! is_empty_dir "$dbdir"; then
+ echo >&2 \
+ " Directory $dbdir for $suffix not empty, aborting."
+ exit 1
+ fi
+
+ file="$dir/$suffix.ldif"
+ printf ' - directory %s... ' "$suffix" >&2
+
+ # If there is an old DB_CONFIG file, restore it before
+ # running slapadd
+ backupdir="$(compute_backup_path -n "$suffix")"
+ if [ -e "$backupdir"/DB_CONFIG ]; then
+ cp -a "$backupdir"/DB_CONFIG "$dbdir"/
+ fi
+
+ if [ -f "${SLAPD_CONF}" ]; then
+ slapadd_opts="-g -f ${SLAPD_CONF}"
+ else
+ slapadd_opts="-g -F ${SLAPD_CONF}"
+ fi
+ capture_diagnostics slapadd ${slapadd_opts} \
+ -q -b "$suffix" -l "$file" || failed=1
+ if [ "$failed" ]; then
+ rm -f "$dbdir"/*
+ echo "failed." >&2
+ echo >&2
+ cat <<-EOF
+ Loading the database from the LDIF dump failed with the following
+ error while running slapadd:
+EOF
+ release_diagnostics " "
+ return 1
+ fi
+ echo "done." >&2
+
+ if [ -n "$SLAPD_USER" ] || [ -n "$SLAPD_GROUP" ]; then
+ echo -n " - chowning database directory ($SLAPD_USER:$SLAPD_GROUP)... "
+ update_permissions "$dbdir"
+ echo "done";
+ fi
+ done
+}
+
+# }}}
+move_incompatible_databases_away() { # {{{
+ echo >&2 " Moving old database directories to /var/backups:"
+ (get_suffix | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ move_old_database_away "$dbdir" "$suffix" <&5
+ done) 5<&0 </dev/null
+}
+# }}}
+# }}}
+# }}}
+
+# ===== Parsing the slapd configuration file ============================ {{{
+#
+# For some operations we have to know the slapd configuration. These
+# functions are for parsing the slapd configuration file.
+
+# The following two functions need to support slapd.conf installations
+# as long as upgrading from slapd.conf environment is supported.
+# They're used to dump database in preinst which may have a slapd.conf file.
+get_suffix() { # {{{
+ if [ -f "${SLAPD_CONF}" ]; then
+ for f in `get_all_slapd_conf_files`; do
+ sed -n -e '/^suffix[[:space:]]/ { s/^suffix[[:space:]]\+"*\([^"]\+\)"*/\1/; s/\\\\/\\/g; p }' $f
+ done
+ else
+ grep -h ^olcSuffix ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif | cut -d: -f 2
+ fi | sort -u
+}
+# }}}
+get_directory() { # {{{
+# Returns the db directory for a given suffix
+ if [ -d "${SLAPD_CONF}" ] && get_suffix | grep -Fq "$1" ; then
+ sed -n 's/^olcDbDirectory: *//p' `grep -Flx "olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif`
+ elif [ -f "${SLAPD_CONF}" ]; then
+ # Extract the directory for the given suffix ($1)
+ # Quote backslashes once for slapd.conf parser, again for awk
+ quoted="$(printf '%s' "$1" | sed 's/\\/\\\\\\\\/g')"
+ for f in `get_all_slapd_conf_files`; do
+ awk ' BEGIN { DB=0; SUF=""; DIR="" } ;
+ /^database/ { DB=1; SUF=""; DIR="" } ;
+ DB==1 && /^suffix[ \t]+"?'"$quoted"'"?$/ { SUF=$2 ; } ;
+ DB==1 && /^directory/ { DIR=$2 ;} ;
+ DB==1 && SUF!="" && DIR!="" { sub(/^"/,"",DIR) ; sub(/"$/,"",DIR) ; print DIR; SUF=""; DIR="" }' "${f}" | \
+ sed -e's/\([^\\]\|^\)"/\1/g; s/\\"/"/g; s/\\\\/\\/g'
+
+ done
+ else
+ return 1
+ fi
+}
+# }}}
+get_all_slapd_conf_files() { # {{{
+# Returns the list of all the config files: slapd.conf and included files.
+ echo ${SLAPD_CONF}
+ awk '
+BEGIN { I=0 }
+/^include/ {
+ sub(/include/," ");
+ I=1;
+}
+I==1 && /^[ \t]+/ {
+ split($0,F) ;
+ for (f in F)
+ if (!match(F[f],/schema/)) {
+ print F[f]
+ } ;
+ next;
+}
+I==1 { I=0 }
+' ${SLAPD_CONF}
+}
+# }}}
+# }}}
+
+compute_backup_path() { # {{{
+# Compute the path to backup a database directory
+# This is used when backing up actual database files, either just before
+# reloading a dump, or before generating a new configuration.
+# The directory used for dumping and reloading LDIF across upgrades, as
+# well as for backing up the configuration before upgrading, is computed
+# by database_dumping_destdir().
+# Usage: compute_backup_path [-n] <basedn>
+
+# XXX: should ask the user via debconf
+# or maybe just use database_dumping_destdir
+
+ local basedn ok_exists
+ if [ "$1" = "-n" ]; then
+ ok_exists=yes
+ shift
+ fi
+ basedn="$1"
+
+ local id target
+ if [ "$MODE" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]; then
+ # reconfigure: use OLD_VERSION plus a timestamp.
+ id="${OLD_VERSION:+$OLD_VERSION-}$(date +%Y%m%d-%H%M%S)"
+ else
+ # install/upgrade: use OLD_VERSION or a timestamp, not both.
+ id="${OLD_VERSION:-$(date +%Y%m%d-%H%M%S)}"
+ fi
+ target="/var/backups/$basedn-$id.ldapdb"
+ if [ -e "$target" ] && [ -z "$ok_exists" ]; then
+ echo >&2
+ echo >&2 " Backup path $target exists. Giving up..."
+ exit 1
+ fi
+
+ printf '%s' "$target"
+}
+
+# }}}
+move_old_database_away() { # {{{
+# Move the old database away if it is still there
+#
+# In fact this function makes sure that the database directory is empty
+# with the exception of any DB_CONFIG file
+# and can be populated with a new database. If something is in the way
+# it is moved to a backup directory if the user accepted the debconf
+# option slapd/move_old_database. Otherwise we output a warning and let
+# the user fix it himself.
+# Usage: move_old_database_away <dbdir> [<basedn>]
+
+ local databasedir backupdir
+ databasedir="$1"
+ suffix="${2:-unknown}"
+
+ if [ ! -e "$databasedir" ] || is_empty_dir "$databasedir"; then
+ return 0
+ fi
+
+ # Note that we can't just move the database dir as it might be
+ # a mount point. Instead me move the content which might
+ # include mount points as well anyway, but it's much less likely.
+ db_get slapd/move_old_database
+ if [ "$RET" = true ]; then
+ backupdir="$(compute_backup_path "$suffix")"
+ printf ' - directory %s... ' "$suffix" >&2
+ mkdir -p "$backupdir"
+ find -H "$databasedir" -mindepth 1 -maxdepth 1 -type f \
+ -exec mv {} "$backupdir" \;
+ echo done. >&2
+ else
+ cat >&2 <<EOF
+ There are leftover files in $databasedir. This will probably break
+ creating the initial directory. If that's the case please move away
+ stuff in there and retry the configuration.
+EOF
+ fi
+}
+# }}}
+manual_configuration_wanted() { # {{{
+# Check if the user wants to configure everything himself (queries debconf)
+# Returns success if yes.
+
+ db_get slapd/no_configuration
+ if [ "$RET" = "true" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+# }}}
+create_new_configuration() { # {{{
+# Create a new configuration and directory
+
+ local basedn dc
+
+ # For the domain really.argh.org we create the basedn
+ # dc=really,dc=argh,dc=org with the dc entry dc: really
+ db_get slapd/domain
+ basedn="dc=`echo $RET | sed 's/^\.//; s/\.$//; s/\./,dc=/g'`"
+ dc="`echo $RET | sed 's/^\.//; s/\..*$//'`"
+
+ backup_config_once
+ if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then
+ echo >&2 " Moving old database directory to /var/backups:"
+ move_old_database_away /var/lib/ldap
+ fi
+ create_ldap_directories
+ create_new_slapd_conf "$basedn"
+ create_new_directory "$basedn" "$dc"
+
+ # Put the right permissions on this directory.
+ update_permissions /var/lib/ldap
+
+ # Now that we created the new directory we don't need the passwords in the
+ # debconf database anymore. So wipe them.
+ wipe_admin_pass
+}
+# }}}
+create_new_slapd_conf() { # {{{
+# Create the new slapd.d directory (configuration)
+# Usage: create_new_slapd_conf <basedn>
+
+ local initldif failed basedn adminpass
+
+ # Fetch configuration
+ basedn="$1"
+ db_get slapd/internal/adminpw
+ adminpass="$RET"
+
+ echo -n " Creating initial configuration... " >&2
+
+ # Create the slapd.d directory.
+ rm -rf ${SLAPD_CONF}/cn=config ${SLAPD_CONF}/cn=config.ldif
+ mkdir -p ${SLAPD_CONF}
+ initldif=`mktemp -t slapadd.XXXXXX`
+ cat /usr/share/slapd/slapd.init.ldif > ${initldif}
+
+ # Change some defaults
+ sed -i -e "s|@SUFFIX@|$basedn|g" ${initldif}
+ sed -i -e "s|@PASSWORD@|$adminpass|g" ${initldif}
+
+ capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "cn=config" \
+ -l "${initldif}" || failed=1
+ if [ "$failed" ]; then
+ cat <<-EOF
+Loading the initial configuration from the ldif file (${init_ldif}) failed with
+the following error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+
+ update_permissions "${SLAPD_CONF}"
+ rm -f "${initldif}"
+ echo "done." >&2
+}
+# }}}
+create_new_directory() { # {{{
+# Create a new directory. Takes the basedn and the dc value of that entry.
+# Other information is extracted from debconf.
+# Usage: create_new_directory <basedn> <dc>
+
+ local basedn dc organization adminpass
+ basedn="$1"
+ dc="$2"
+
+ db_get shared/organization
+ organization="$RET"
+ db_get slapd/internal/adminpw
+ adminpass="$RET"
+
+ echo -n " Creating LDAP directory... " >&2
+
+ initldif=`mktemp -t slapadd.XXXXXX`
+ cat <<-EOF > "${initldif}"
+ dn: $basedn
+ objectClass: top
+ objectClass: dcObject
+ objectClass: organization
+ o: $organization
+ dc: $dc
+
+ EOF
+
+ capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "${basedn}" \
+ -l "${initldif}" || failed=1
+ if [ "$failed" ]; then
+ rm -f ${initldif}
+ echo "failed." >&2
+ cat <<-EOF
+Loading the initial configuration from the ldif file (${init_ldif}) failed with
+the following error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+
+ rm -f ${initldif}
+ echo "done." >&2
+}
+# }}}
+backup_config_once() { # {{{
+# Create a backup of the current configuration files.
+# Usage: backup_config_once
+
+ local backupdir
+
+ if [ -z "$FLAG_CONFIG_BACKED_UP" ]; then
+ if [ -e "$SLAPD_CONF" ]; then
+ backupdir=`database_dumping_destdir`
+ echo -n " Backing up $SLAPD_CONF in ${backupdir}... " >&2
+ cp -a "$SLAPD_CONF" "$backupdir"
+ echo done. >&2
+ fi
+ FLAG_CONFIG_BACKED_UP=yes
+ fi
+}
+
+# }}}
+
+
+set_defaults_for_unseen_entries() { # {{{
+# Set up the defaults for our templates
+ DOMAIN=`hostname -d 2>/dev/null` || true
+ if [ -z "$DOMAIN" ]; then DOMAIN='nodomain'; fi
+
+ db_fget slapd/domain seen
+ if [ "$RET" = false ]; then
+ db_set slapd/domain "$DOMAIN"
+ fi
+
+ db_fget shared/organization seen
+ if [ "$RET" = false ]; then
+ db_set shared/organization "$DOMAIN"
+ fi
+}
+# }}}
+crypt_admin_pass() { # {{{
+# Store the encrypted admin password into the debconf db
+# Usage: crypt_admin_pass
+
+ local adminpw;
+
+ db_get slapd/password1
+ if [ ! -z "$RET" ]; then
+ db_set slapd/internal/adminpw "$(create_password_hash "$RET")"
+ else
+
+ # Set the password.
+ adminpw="$(generate_admin_pass)"
+ db_set slapd/internal/generated_adminpw "$adminpw"
+ db_set slapd/internal/adminpw "$(create_password_hash "$adminpw")"
+ fi
+}
+
+generate_admin_pass() {
+# Generate a password, if no password given then generate one.
+# Usage: generate_admin_pass
+
+ # 15 bytes of /dev/urandom provide 120 random bits, assuming the entropy pool is full enough.
+ # Coding these 15 bytes in base64 returns a 20 characters long password.
+ head -c 15 /dev/urandom | base64 | tr -d '[:space:]'
+}
+
+wipe_admin_pass() {
+# Remove passwords after creating the initial ldap database.
+# Usage: wipe_admin_pass
+ db_set slapd/password1 ""
+ db_set slapd/password2 ""
+ db_set slapd/internal/adminpw ""
+ db_set slapd/internal/generated_adminpw ""
+}
+
+# }}}
+create_password_hash() { # {{{
+# Create the password hash for the given password
+# Usage: hash=`create_password_hash "$password"`
+
+ slappasswd -s "$1"
+}
+
+# }}}
+previous_version_older() { # {{{
+# Check if the previous version is newer than the reference version passed.
+# If we are not upgrading the previous version is assumed to be newer than
+# any reference version.
+# Usage: previous_version_older <package version>
+
+ if dpkg --compare-versions "$OLD_VERSION" lt-nl "$1"; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# }}}
+previous_version_newer() { # {{{
+# Check if the previous version is newer than the reference version passed.
+# If we are not upgrading the previous version is assumed to be newer than
+# any reference version.
+# Usage: previous_version_newer <package version>
+
+ if dpkg --compare-versions "$OLD_VERSION" gt-nl "$1"; then
+ return 0
+ else
+ return 1
+ fi
+} # }}}
+
+is_initial_configuration() { # {{{
+# Check if this is the initial configuration and not an upgrade of an
+# existing configuration
+# Usage: if is_initial_configuration "$@"; then ... fi from top level
+
+ # Plain installation
+ if [ "$1" = configure ] && [ -z "$2" ]; then
+ return 0
+ fi
+ # Configuration via dpkg-reconfigure
+ if [ "$1" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]; then
+ return 0
+ fi
+ # Upgrade but slapd.conf doesn't exist. If the user is doing this
+ # intentionally because they want to put it somewhere else, they
+ # should select manual configuration in debconf.
+ if [ "$1" = configure ] && [ ! -e "${SLAPD_CONF}" ]; then
+ return 0
+ fi
+ return 1
+}
+
+# }}}
+is_empty_dir() { # {{{
+# Check if a path refers to a directory that is "empty" from the POV of slapd
+# (i.e., contains no files except for an optional DB_CONFIG).
+# Usage: if is_empty_dir "$dir"; then ... fi
+
+ output=`find -H "$1" -mindepth 1 -maxdepth 1 -type f \! -name DB_CONFIG 2>/dev/null`
+ if [ -n "$output" ]; then
+ return 1
+ else
+ return 0
+ fi
+}
+
+# }}}
+
+# ===== Global variables ================================================ {{{
+#
+# At some points we need to know which version we are upgrading from if
+# any. More precisely we only care about the configuration and data we
+# might have laying around. Some parts also want to know which mode the
+# script is running in.
+
+MODE="$1" # install, upgrade, etc. - see debian-policy
+OLD_VERSION="$2"
+
+# Source the init script configuration
+# See example file debian/slapd.default for variables defined here
+if [ -f "/etc/default/slapd" ]; then
+ . /etc/default/slapd
+fi
+
+# Load the default location of the slapd config file
+if [ -z "$SLAPD_CONF" ]; then
+ if [ -f "/etc/ldap/slapd.conf" ] && \
+ [ ! -e "/etc/ldap/slapd.d" ]
+ then
+ SLAPD_CONF="/etc/ldap/slapd.conf"
+ else
+ SLAPD_CONF="/etc/ldap/slapd.d"
+ fi
+fi
+
+# }}}
+
+# ----- Handling diagnostic output ------------------------------------ {{{
+#
+# Often you want to run a program while you are showing progress
+# information to the user. If the program you are running outputs some
+# diagnostics it will mess up your screen.
+#
+# This is what the following functions are designed for. When running the
+# program, use capture_diagnostics to store what the program outputs to
+# stderr and use release_diagnostics to write out the captured output.
+
+
+capture_diagnostics() { # {{{
+# Run the command passed and capture the diagnostic output in a temporary
+# file. You can dump that file using release_diagnostics.
+
+ # Create the temporary file
+ local tmpfile
+ tmpfile=`mktemp`
+ exec 7<>"$tmpfile"
+ rm "$tmpfile"
+
+ # Run the program and capture stderr. If the program fails the
+ # function fails with the same status.
+ "$@" 2>&7 || return $?
+}
+
+# }}}
+release_diagnostics() { # {{{
+# Dump the diagnostic output captured via capture_diagnostics, optionally
+# prefixing each line.
+# Usage: release_diagnostics "prefix"
+
+ { exec < /dev/stdin ; sed -e "s/^/$1/" ; } <&7
+}
+
+# }}}
+
+
+# }}}
+
+# vim: set sw=8 foldmethod=marker:
+
diff --git a/debian/slapd.templates b/debian/slapd.templates
new file mode 100644
index 0000000..04fc2fc
--- /dev/null
+++ b/debian/slapd.templates
@@ -0,0 +1,138 @@
+Template: slapd/no_configuration
+Type: boolean
+Default: false
+_Description: Omit OpenLDAP server configuration?
+ If you enable this option, no initial configuration or database will be
+ created for you.
+
+Template: slapd/dump_database
+Type: select
+__Choices: always, when needed, never
+Default: when needed
+_Description: Dump databases to file on upgrade:
+ Before upgrading to a new version of the OpenLDAP server, the data from
+ your LDAP directories can be dumped into plain text files in the
+ standard LDAP Data Interchange Format.
+ .
+ Selecting "always" will cause the databases to be dumped
+ unconditionally before an upgrade. Selecting "when needed" will only
+ dump the database if the new version is incompatible with the old
+ database format and it needs to be reimported. If you select "never",
+ no dump will be done.
+
+Template: slapd/dump_database_destdir
+Type: string
+Default: /var/backups/slapd-VERSION
+_Description: Directory to use for dumped databases:
+ Please specify the directory where the LDAP databases will be exported.
+ In this directory, several LDIF files will be created which correspond
+ to the search bases located on the server. Make sure you have enough
+ free space on the partition where the directory is located. The first
+ occurrence of the string "VERSION" is replaced with the server version
+ you are upgrading from.
+
+Template: slapd/move_old_database
+Type: boolean
+Default: true
+_Description: Move old database?
+ There are still files in /var/lib/ldap which will probably break
+ the configuration process. If you enable this option, the maintainer
+ scripts will move the old database files out of the way before
+ creating a new database.
+
+Template: slapd/invalid_config
+Type: boolean
+Default: true
+_Description: Retry configuration?
+ The configuration you entered is invalid. Make sure that the DNS domain name
+ is syntactically valid, the field for the organization is not left empty and
+ the admin passwords match. If you decide not to retry the configuration the
+ LDAP server will not be set up. Run 'dpkg-reconfigure slapd' if you want to
+ retry later.
+
+Template: slapd/domain
+Type: string
+_Description: DNS domain name:
+ The DNS domain name is used to construct the base DN of the LDAP directory.
+ For example, 'foo.example.org' will create the directory with
+ 'dc=foo, dc=example, dc=org' as base DN.
+
+Template: shared/organization
+Type: string
+_Description: Organization name:
+ Please enter the name of the organization to use in the base DN of your
+ LDAP directory.
+
+Template: slapd/password1
+Type: password
+_Description: Administrator password:
+ Please enter the password for the admin entry in your LDAP directory.
+
+Template: slapd/password2
+Type: password
+_Description: Confirm password:
+ Please enter the admin password for your LDAP directory again to verify
+ that you have typed it correctly.
+
+Template: slapd/password_mismatch
+Type: note
+_Description: Password mismatch
+ The two passwords you entered were not the same. Please try again.
+
+Template: slapd/purge_database
+Type: boolean
+Default: false
+_Description: Do you want the database to be removed when slapd is purged?
+
+Template: slapd/internal/adminpw
+Type: password
+Description: Encrypted admin password:
+ Internal template, should never be displayed to users.
+
+Template: slapd/internal/generated_adminpw
+Type: password
+Description: Generated admin password:
+ Internal template, should never be displayed to users.
+
+Template: slapd/upgrade_slapcat_failure
+Type: error
+#flag:translate!:5
+#flag:comment:4
+# This paragraph is followed by a (non translatable) paragraph
+# containing a command line
+#flag:comment:6
+# Translators: keep "${location}" unchanged. This is a variable that
+# will be replaced by a directory name at execution
+_Description: slapcat failure during upgrade
+ An error occurred while upgrading the LDAP directory.
+ .
+ The 'slapcat' program failed while extracting the LDAP directory. This
+ may be caused by an incorrect configuration file (for example, missing
+ 'moduleload' lines to support the backend database).
+ .
+ This failure will cause 'slapadd' to fail later as well. The old database
+ files will be moved to /var/backups. If you want to try this upgrade
+ again, you should move the old database files back into place, fix
+ whatever caused slapcat to fail, and run:
+ .
+ slapcat > ${location}
+ .
+ Then move the database files back to a backup area and then try running
+ slapadd from ${location}.
+
+Template: slapd/postinst_error
+Type: note
+_Description: Error while performing post-installation tasks
+ There has been one or more errors while performing some
+ post-installation tasks. This probably means that the slapd package
+ could not automatically migrate one or more LDAP databases, or that a
+ backend being used by the current OpenLDAP installation is not
+ supported anymore.
+ .
+ The maintainer script responsible for executing the post-installation
+ tasks has exited, but the slapd service has NOT been (re)started. You
+ will need to manually fix the problem and then start the service.
+ .
+ For more information on possible problematic scenarios and how to
+ address them, please take a look at the README.Debian file (under
+ /usr/share/doc/slapd/).
diff --git a/debian/slapi-dev.install b/debian/slapi-dev.install
new file mode 100644
index 0000000..aa8a25d
--- /dev/null
+++ b/debian/slapi-dev.install
@@ -0,0 +1,2 @@
+usr/include/slapi-plugin.h
+usr/lib/*/libslapi.so
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
new file mode 100644
index 0000000..6f6e1ae
--- /dev/null
+++ b/debian/source/lintian-overrides
@@ -0,0 +1,10 @@
+# this file lists copyright notices applying to the schemas
+openldap source: license-problem-non-free-RFC *servers/slapd/schema/README*
+# RFC text removed, files contain functional interface definitions only
+# Copyright notices have been retained to preserve attribution
+openldap source: license-problem-non-free-RFC *debian/schema/core.ldif*
+openldap source: license-problem-non-free-RFC *debian/schema/core.schema*
+openldap source: license-problem-non-free-RFC *debian/schema/pmi.schema*
+# internal templates, not shown to users
+openldap source: untranslatable-debconf-templates *slapd.templates:*89*
+openldap source: untranslatable-debconf-templates *slapd.templates:*94*
diff --git a/debian/tests/check_upgradepath b/debian/tests/check_upgradepath
new file mode 100755
index 0000000..d1f2578
--- /dev/null
+++ b/debian/tests/check_upgradepath
@@ -0,0 +1,173 @@
+#! /bin/sh
+
+set -e
+
+# WARNING: This script is obsolete and will require a fair bit of work to get
+# working again. It assumes woody, uses debconf questions that don't exist
+# any more, and probably doesn't check everything that you would want to
+# check. Preserved just because I haven't done the work to see if puiparts
+# can now do the same thing in a cleaner way.
+
+# Setup
+: ${chroot_dir:=../chroot}
+: ${debmirror:=http://ftp.de.debian.org/debian}
+: ${proxy:=http://proxy.galaxy:3128/}
+unset LC_ALL
+unset LC_CTYPE
+unset LC_MESSAGES
+# XXX: comment out when testing new versions. Needed so libc6 does not
+# ask for restarting services.
+export DEBIAN_FRONTEND=noninteractive
+
+woodytar=$chroot_dir/woody_base.tar.gz
+
+# List our packages
+list_packages() {
+ local p ver
+ ver=`dpkg-parsechangelog|sed -ne 's/^Version: //p'`
+ for p in `dh_listpackages`; do
+ (cd .. && echo ${p}_$ver*deb)
+ done
+}
+
+# Run a command inside the chroot
+
+in_target() {
+ chroot $chroot_dir/woody "$@"
+}
+
+# Set a debconf variable inside the chroot
+
+debconf_set() {
+ local name=$1
+ shift
+ cat >>$chroot_dir/woody/var/cache/debconf/config.dat <<EOF
+Name: $name
+Template: $name
+Flags: seen
+Value: $@
+
+EOF
+}
+
+# Setup a woody chroot
+
+setup_chroot() {
+ # Kill an existing chroot
+ rm -Rf $chroot_dir/woody
+
+ # If there is a tar archive with a base system we use it
+ if [ -e $woodytar ]; then
+ mkdir $chroot_dir/woody
+ echo -n "Unpacking system from $woodytar"
+ tar -C $chroot_dir/woody -xzf $woodytar
+ echo "done."
+ # Otherwise we need to create a new base system and save it
+ # to a tar for the next time
+ else
+ debootstrap woody $chroot_dir/woody $debmirror | \
+ shtool prop -p "Creating base system from $debmirror"
+ tar -C $chroot_dir/woody -czvf $woodytar . | \
+ shtool prop -p "Saving system to $woodytar"
+ fi
+
+ # Install a suitable apt configuration
+ echo "deb $debmirror woody main" \
+ > $chroot_dir/woody/etc/apt/sources.list
+ echo "Acquire::HTTP::Proxy \"$proxy\";" \
+ > $chroot_dir/woody/etc/apt/apt.conf
+ in_target apt-get update
+ in_target mount -t proc none /proc
+
+ # We don't want any debconf interaction
+ #debconf_set debconf/frontend Noninteractive
+}
+
+# These are our example configurations for testing the upgrade
+
+conf_domain_or_host() {
+ debconf_set slapd/fill_method auto
+ debconf_set slapd/suffix_type "domain or host"
+ debconf_set slapd/domain "some.example.net"
+ debconf_set slapd/replicate false
+ debconf_set shared/organization Some Organization
+}
+
+
+check_domain_or_host() {
+ sleep 2 # wait for slapd to startup
+ in_target ldapsearch -h localhost -b dc=some,dc=example,dc=net -x \
+ objectclass=\*
+}
+
+conf_location() {
+ debconf_set slapd/fill_method auto
+ debconf_set slapd/suffix_type "location"
+ debconf_set shared/locale/countrycode de
+ debconf_set shared/organization "Sample Organization"
+ debconf_set slapd/replicate false
+ debconf_set shared/organization Some Organization
+}
+
+check_location() {
+ sleep 2 # wait for slapd to startup
+ in_target ldapsearch -h localhost -b "o=Some Organization, c=de" \
+ -x objectclass=\*
+}
+# Install slapd inside the chroot
+
+install_slapd() {
+ in_target apt-get -y install slapd ldap-utils
+}
+
+# Do an upgrade of our packages inside the chroot
+
+upgrade() {
+ # Link our packages into the chroot
+ for p in `list_packages`; do
+ ln ../$p $chroot_dir/woody/root/
+ done
+
+ # Create a packages file
+ (cd $chroot_dir/woody/root && dpkg-scanpackages . /dev/null >Packages)
+
+ # Switch to unstable
+ echo "deb $debmirror unstable main" \
+ > $chroot_dir/woody/etc/apt/sources.list
+ echo "deb file:/root ./" >> $chroot_dir/woody/etc/apt/sources.list
+
+ # Update package lists
+ in_target apt-get update
+
+ # Tell our scripts to fix the config
+ debconf_set slapd/fix_directory true
+ debconf_set slapd/password1 foobar
+ debconf_set slapd/allow_ldap_v2
+
+ # Do an upgrade of our packages
+ in_target apt-get install -y `dh_listpackages`
+}
+
+# Checks if upgrading a woody system with slapd configured with the
+# command given works.
+
+check_upgrade() {
+ setup_chroot
+ conf_$1
+ debconf_set slapd/password1 foobar
+ debconf_set slapd/password2 foobar
+ install_slapd
+ check_$1
+ upgrade
+ check_$1
+ in_target /etc/init.d/slapd stop
+ in_target umount /proc
+}
+
+# Try upgrading our example setups
+
+for i in location domain_or_host; do
+ check_upgrade $i
+done
+
+echo "SUCCESS testing upgrading from woody"
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..5359d16
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,15 @@
+Tests: slapd
+Depends: ldap-utils
+Restrictions: allow-stderr, isolation-container, needs-root, superficial
+
+Tests: slapd-tls
+Depends: ldap-utils, ssl-cert
+Restrictions: allow-stderr, isolation-container, needs-root, superficial
+
+Tests: smbk5pwd
+Depends: ldap-utils, slapd, slapd-contrib, heimdal-kdc, samba, schema2ldif
+Restrictions: allow-stderr, isolation-container, needs-root, superficial
+
+Tests: sha2-contrib
+Depends: slapd, openssl
+Restrictions: superficial
diff --git a/debian/tests/create_account b/debian/tests/create_account
new file mode 100755
index 0000000..a5051af
--- /dev/null
+++ b/debian/tests/create_account
@@ -0,0 +1,24 @@
+#! /usr/bin/perl -w
+
+# Shows how to create an entry on the LDAP server
+
+$host = "localhost"; # LDAP server
+$basedn = "dc=galaxy"; # Base DN
+$admindn = "cn=admin, $basedn"; # Admin entry
+$adminpass = "foo"; # Password
+
+use Net::LDAP;
+
+$ldap = Net::LDAP->new("$host", onerror => "die");
+$ldap->bind($admindn, password => $adminpass);
+
+# Create "ou=People" entry if not there
+
+$results = $ldap->search(base => "$basedn",
+ filter => "ou=People", scope => "one");
+unless ($results->count > 0) {
+ $ldap->add("ou=People, $basedn", attr => [
+ ou => "People",
+ objectClass => [ "top", "organizationalUnit" ]
+ ]);
+}
diff --git a/debian/tests/find_unused_functions b/debian/tests/find_unused_functions
new file mode 100755
index 0000000..bd31d45
--- /dev/null
+++ b/debian/tests/find_unused_functions
@@ -0,0 +1,30 @@
+#! /usr/bin/perl -w
+
+use autouse Data::Dumper, qw{Dumper};
+
+# Script to find the unused shell functions in slapd.scripts-common
+
+our @code;
+
+# Get all shell code from maintainer scripts
+
+foreach my $file ((<slapd.*rm>, <slapd.*inst>, <slapd.config>,
+ <slapd.scripts-common>)) {
+ open SCRIPT, "<$file" or
+ die "Can't open $file: $!";
+ push @code, <SCRIPT>;
+ close SCRIPT;
+}
+
+# Find all function declarations
+
+our @functions = map { /^(\w+)\s*\(\).*$/; } @code;
+
+# Find unused functions
+
+foreach $function (@functions) {
+ @occurences = grep /$function/, @code;
+ @invocations = grep { !/^$function\s*\(\)/ and !/#.*$function/ }
+ @occurences;
+ print "$function\n" if @invocations == 0;
+}
diff --git a/debian/tests/hammer_slapd b/debian/tests/hammer_slapd
new file mode 100755
index 0000000..9ad7f99
--- /dev/null
+++ b/debian/tests/hammer_slapd
@@ -0,0 +1,98 @@
+#! /usr/bin/perl -w
+
+use Net::LDAP;
+use Data::Dumper;
+
+$host = "localhost"; # LDAP server
+$basedn = "dc=galaxy"; # Base DN
+$admindn = "cn=admin, $basedn"; # Admin entry
+$adminpass = "foo"; # Password
+$group = $ARGV[0] || "People";
+
+$ldap = Net::LDAP->new("$host", onerror => "die");
+$ldap->bind($admindn, password => $adminpass);
+
+sub create_group {
+ $results = $ldap->search(base => "$basedn",
+ filter => "ou=$group", scope => "one");
+ unless ($results->count > 0) {
+ $ldap->add("ou=$group, $basedn", attr => [
+ ou => "$group",
+ objectClass => [ "top", "organizationalUnit" ]
+ ]);
+ }
+}
+
+sub invent_name {
+ our @words;
+ unless (@words) {
+ open WORDS, "/usr/share/dict/british-english-large";
+ @words = grep /^[A-Z]\w{0,11}$/, <WORDS>;
+ map { chomp } @words;
+ close WORDS;
+ }
+
+ my $index = int(rand(@words));
+ $index = int(rand(@words)) while not defined $words[$index];
+ my $word = $words[$index];
+ delete $words[$index];
+ return $word;
+}
+
+sub invent_names {
+ our @names;
+
+ foreach (1..1000) {
+ push @names, { cn => invent_name, sn => invent_name };
+ }
+}
+
+sub create_entries {
+ foreach my $name (@names) {
+ create_account(%$name);
+ }
+}
+
+sub create_account {
+ our $uid;
+ $uid = 1000 if not defined $uid;
+
+ my %id = @_;
+ my $login = $id{cn};
+ $login =~ tr/A-Z/a-z/;
+ $ldap->add("uid=$login, ou=$group, $basedn", attr => [
+ %id,
+ objectClass => [ "top", "person", "posixAccount" ],
+ uid => $login,
+ uidNumber => $uid++,
+ gidNumber => 1000,
+ homeDirectory => "/home/$login" ]);
+}
+
+sub delete_entries {
+ foreach my $name (@names) {
+ delete_account(%$name);
+ }
+}
+
+sub delete_account {
+ my %id = @_;
+ my $login = $id{cn};
+ $login =~ tr/A-Z/a-z/;
+ $ldap->delete("uid=$login, ou=$group, $basedn");
+}
+
+sub search_entries {
+ foreach (1..10000) {
+ my $num = int(rand(@names));
+ $login = $names[$num]->{cn};
+ $login =~ tr/A-Z/a-z/;
+ $ldap->search(base => "$basedn", filter => "uid=$login");
+ }
+}
+
+create_group;
+invent_names;
+create_entries;
+search_entries;
+delete_entries;
diff --git a/debian/tests/sha2-contrib b/debian/tests/sha2-contrib
new file mode 100755
index 0000000..32f7637
--- /dev/null
+++ b/debian/tests/sha2-contrib
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+reference_hash="{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)"
+test_hash=$(/usr/sbin/slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2)
+
+echo "Reference hash of \"secret\" (openssl): ${reference_hash}"
+echo "slapd's pw-sha2 hash: ${test_hash}"
+
+if [ "${reference_hash}" != "${test_hash}" ]; then
+ echo "ERROR: hashes differ"
+ exit 1
+else
+ echo "PASS: hashes are identical"
+fi
diff --git a/debian/tests/slapd b/debian/tests/slapd
new file mode 100755
index 0000000..d79e225
--- /dev/null
+++ b/debian/tests/slapd
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -eux
+
+export DEBIAN_FRONTEND=noninteractive
+
+debconf-set-selections << eof
+slapd slapd/password1 password secret
+slapd slapd/password2 password secret
+slapd slapd/domain string example.com
+slapd slapd/organization string example.com
+eof
+
+apt-get -y install slapd
+
+test "$(ldapwhoami -x -D 'cn=admin,dc=example,dc=com' -w secret)" = 'dn:cn=admin,dc=example,dc=com'
diff --git a/debian/tests/slapd-tls b/debian/tests/slapd-tls
new file mode 100755
index 0000000..a5e387e
--- /dev/null
+++ b/debian/tests/slapd-tls
@@ -0,0 +1,32 @@
+#!/bin/sh
+set -eux
+
+SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
+SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
+SSL_PRIVATE_DIR=/etc/ssl/private
+
+export DEBIAN_FRONTEND=noninteractive
+
+debconf-set-selections << eof
+slapd slapd/password1 password secret
+slapd slapd/password2 password secret
+slapd slapd/domain string example.com
+slapd slapd/organization string example.com
+eof
+
+apt-get -y install slapd
+
+chgrp openldap "$SSL_PRIVATE_DIR" "$SSL_KEY"
+chmod g+r "$SSL_KEY"
+
+ldapmodify -H ldapi:// -Y EXTERNAL << EOF
+dn: cn=config
+add: olcTLSCertificateFile
+olcTLSCertificateFile: $SSL_CERT
+-
+add: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: $SSL_KEY
+
+EOF
+
+test "$(ldapwhoami -ZZ -o tls_cacert="$SSL_CERT" -x -D 'cn=admin,dc=example,dc=com' -w secret)" = 'dn:cn=admin,dc=example,dc=com'
diff --git a/debian/tests/smbk5pwd b/debian/tests/smbk5pwd
new file mode 100755
index 0000000..aeb5f81
--- /dev/null
+++ b/debian/tests/smbk5pwd
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+# Import the Samba and Heimdal schemas
+ldapadd -H ldapi:// -Y EXTERNAL -f /usr/share/doc/samba/examples/LDAP/samba.ldif
+schema2ldif /etc/ldap/schema/hdb.schema | ldapadd -H ldapi:// -Y EXTERNAL
+
+# Grant slapd access to the Heimdal master key
+chgrp openldap /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key
+chmod g+rX /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key
+
+# Instantiate the smbk5pwd overlay
+ldapmodify -H ldapi:// -Y EXTERNAL << eof
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: smbk5pwd
+
+dn: olcOverlay=smbk5pwd,olcDatabase={1}mdb,cn=config
+changetype: add
+objectClass: olcSmbK5PwdConfig
+olcSmbK5PwdEnable: krb5
+olcSmbK5PwdEnable: samba
+olcSmbK5PwdEnable: shadow
+
+eof
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
new file mode 100644
index 0000000..a71037e
--- /dev/null
+++ b/debian/upstream/signing-key.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF/ai/8BEAC7fHW1LpB6wrLXdxiYT/sKCZBLXG0cpk5uQBdK7mT0N26ZVT0u
+efls1AlzCXOPXdiGlmyAEvTZRPPsWd/3cULuwvEpz6Ns/8QN9TanT6LwboCxYAiM
+k5P9M+R91HIYFANaKb6KKVPKRQGdRGHPPMmd+oq+LZLU1IEJF41PlObO7jJ1E7uk
+YR4Zy6+liQOY4J0SOlDfwd/afPGyj8H+DUlUPvVgS9qfDjo0xWdknumS/bty3roU
+ewgY1Q/XpnRQP4P3/DeaX77bij+2ogPnY+5S1XWo9BWJe3AQBJsx8ZsQeDcBJvoT
+yh/MHu/ZdiqxHZFvahckqmEl6mg15bX0Fx3J6P34WV1eF39a8ByZEQssRm75Vac3
+DNoZkKLABJXA+3luo0dseDkPnc+rJGGKB5/fpZNEPNw3zr85cOuVhECiqsO3MoY+
+cEAKfj9owqOC0LHColFnhh0ehWqy5bRb7h/aYYxjj65DoFNhoonMjusBJ4QJtkMB
+MaxmOsihpDjL568Qfat6jCKlMpemRBEn2iwITkOxJHGOVSerSMNW/3bMXyvcCQnm
+oJtAGxwi5wO08HXIr7/w2x7liHq1+UxXAjFr0eDll8sj9caVc3UdmClWtKGzgO8w
+xe/v0JDhgcHBfwaUq1PWipjDoUGCYnEraknjWcMavcfmpGGsiTSVmDEe3wARAQAB
+tCdPcGVuTERBUCBQcm9qZWN0IDxwcm9qZWN0QG9wZW5sZGFwLm9yZz6JAk4EEwEK
+ADgWIQQ84mm1OYvIt4VkXph/Z9X9HOHLzgUCX9qL/wIbAwULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRB/Z9X9HOHLzkWPEACcYtXCvzps5z6ff9mudBi4UiPsEzUi
+rHVkYktghXXpFA8jkeNqcbLuj+yES6sPCkplDevf+v1agfuQQ1AOD+APKuPmE+uN
+Y3TFVPVii2YXMgZQFCboKcP2GL7T7SM75ZVfjQqhNW5bjwuouQK4nQvsjxBBddPB
+i5XGaW8oomy5RsCFgze6KloVkaZWj/XRh7AGfaqjwKTvsu0qyB5tIrKBdglrALgB
+UYaTPgyDtd55ZSc/BvQ/akc3A6KQRGvByMEzWyLKzQScZe9BUK7gvoNscGr5Z8nV
+GakTBp00aWvJvgfYgmQwJ64cwprETkkxTm0/iYVqYYx3NZ2euCatHWXPfSxQxU3d
+o1FhU5KXW20m/xCBX3vo3aMoxeHD3FsivUUlubA0N+hQqx8SB2jLIscpI/DTyoOD
+uTpQp7zRi0jUH2HFnXenqBNRvL3o4S3BJwXduW6Ty16lkO/rUKGJwffIEUrt9wzX
+EpgbHKlIJUtZuWyihxehnKewTLkQi7KigFfu31Q4oouaQ3sKfqtWx/V6umBa4IZv
+tB9lOF6vOrvpmplHo1kPgCZvGgHcwjdWLpNtn0RaqoLN8Y2ltqQ8U30WUhQkD4xs
+8mfxl05xsOi30LwpQ2iIoCup6sNOMF35cOK0PInzTUTHx/BJFMOYx3Hah3iceOQZ
+Ou1JFVBs/Q0aM7kCDQRf2ov/ARAA6/q9BCqFqsCPeYNeQV4GOmnHOjwu9qkfN4OL
+4h3WKx5ah07MW6okDoO0ZWORKgqC/ja3peLGNinNIqVjdZCn27RwTNfB2haB3mNx
+ofqa84WDvUVK/rLj8DTiCSu24McUzdtqwjz129z99/crzg7plYZCqNYoerySlWLk
+nkTX+Q72YPKZMoO4FzQkkSY84eeGynV/2gBYS8KqsaC8QFm9mN8/mGn0ouqw1ddw
+C7pZifFNBbletLj2ZCRxylkAsqvitWO3zLOOtUmqE+ddX9fzpBOoekiEs6kfge6l
+BSg1PjJ8CJDWSbHGVe7Y/AkERqC8UBKs3XQYiG7kejjX1OFszr/BvIfF3W6zBxM0
+Y4WOVnVbcYbLUdT1ybJ6T6rjrODcOgZ6VCGmwMFZuswTe/qq1ywFdd6/+e9pWDlO
+DN1lZM7cjlqGgvxAP31gMOA7MtvBHec914W4TXvh5tBbY69A4GtZ7VEF8PEz4i+F
+iRKNVbhmyi6jzaJjpqXEXvXLSl9HSV153KGaOsNnJG6zTLLFmL8sttO+gbcedJP8
+RaLKQSOS7E8IIC7Z7+b4NTVKb3ZTI5wR2ZNFTYEEcxVFFcKvOiBbtX2XNQjtMQLw
+S0fYrFcZyNC/8vpcUmHlxalLZlxO/EuMyNtPjScP+Ef71frrTFvnAFS6E7c9Q1u0
+vJZXRdEAEQEAAYkCNgQYAQoAIBYhBDziabU5i8i3hWRemH9n1f0c4cvOBQJf2ov/
+AhsMAAoJEH9n1f0c4cvOG8sQAKZfsK69muQX6ccalAlFzg+cUfW1ImabMGQcFNgs
+/ZpFZFXmOK16OaCYp0kMu2auRu4yNxhHeK0HXpQdjeNi26E0golKtjPssp0qbBfZ
+BjGIVq/5ag87nkib8d/CE5KUJQvathRmiDGPvArZ37jFghtMB7Znb3vK28MGiwCO
+vQeG9BW11eEUBTcmtXIisPOG5Ps0BciZMKTR6TafGo8LTYel9FomLRuVF+ofQhJz
+LTczDBottTFq/SkhfvmUZ1bdz3TnFkiZ9r43MD4NU6fRfrOQAfpQfhCnGr31uXcq
+W6nIDE20MsVsqeU2GS8J7PIAkGMAWtNEtaF4u49NxNKpORb0hnAQ9poq4U+PPFyQ
+IPj1tVGSTm4NCgLmpYq/lzuUQEb1lyeay+OpgGA/IeOJYwx9INLIuEeWTFYvIuiJ
+FJ+3iatQ/qlUjy7dnHH+BL5lOgTxgZ8TFL0Y8X0UfBAjE6JaZewwjVjltW3qvQrd
+L32WkGJIM7yn5JqWZV6qmMDSL9nY+QpKuyAa6zy0rANQU5atGmgd7zBz/UTAYAP+
+dud58BptClL+f8XSVjcZtSXox2rghfADjYMeoyNCNptwxwM1Ev4H1DRnSjrHOiV5
+3m+TwBRPQFBiZiarKekJWMuH/ffogdn8+5O7P9P5taLk2+rGc0zNsylr5zeH2oOc
+1AIw
+=8Mb7
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..0329cd1
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,4 @@
+version=4
+opts=pgpmode=auto,dversionmangle=s/\+dfsg//,repacksuffix=+dfsg \
+https://www.openldap.org/software/download/ \
+ (?:.*/)?openldap-@ANY_VERSION@@ARCHIVE_EXT@