diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/add-tlscacert-option-to-ldap-conf | 10 | ||||
-rw-r--r-- | debian/patches/contrib-makefiles | 48 | ||||
-rw-r--r-- | debian/patches/debian-version | 14 | ||||
-rw-r--r-- | debian/patches/do-not-second-guess-sonames | 69 | ||||
-rw-r--r-- | debian/patches/fix-build-top-mk | 11 | ||||
-rw-r--r-- | debian/patches/getaddrinfo-is-threadsafe | 43 | ||||
-rw-r--r-- | debian/patches/index-files-created-as-root | 37 | ||||
-rw-r--r-- | debian/patches/ldap-conf-tls-cacertdir | 27 | ||||
-rw-r--r-- | debian/patches/ldapi-socket-place | 16 | ||||
-rw-r--r-- | debian/patches/man-slapd | 60 | ||||
-rw-r--r-- | debian/patches/sasl-default-path | 55 | ||||
-rw-r--r-- | debian/patches/series | 15 | ||||
-rw-r--r-- | debian/patches/set-maintainer-name | 16 | ||||
-rw-r--r-- | debian/patches/slapi-errorlog-file | 16 | ||||
-rw-r--r-- | debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff | 40 | ||||
-rw-r--r-- | debian/patches/wrong-database-location | 63 |
16 files changed, 540 insertions, 0 deletions
diff --git a/debian/patches/add-tlscacert-option-to-ldap-conf b/debian/patches/add-tlscacert-option-to-ldap-conf new file mode 100644 index 0000000..e8e731a --- /dev/null +++ b/debian/patches/add-tlscacert-option-to-ldap-conf @@ -0,0 +1,10 @@ +--- a/libraries/libldap/ldap.conf ++++ b/libraries/libldap/ldap.conf +@@ -11,3 +11,7 @@ + #SIZELIMIT 12 + #TIMELIMIT 15 + #DEREF never ++ ++# TLS certificates (needed for GnuTLS) ++TLS_CACERT /etc/ssl/certs/ca-certificates.crt ++ diff --git a/debian/patches/contrib-makefiles b/debian/patches/contrib-makefiles new file mode 100644 index 0000000..f130342 --- /dev/null +++ b/debian/patches/contrib-makefiles @@ -0,0 +1,48 @@ +--- a/contrib/slapd-modules/passwd/Makefile ++++ b/contrib/slapd-modules/passwd/Makefile +@@ -14,7 +14,7 @@ + INCS = $(LDAP_INC) + LIBS = $(LDAP_LIB) + +-PROGRAMS = pw-kerberos.la pw-netscape.la pw-radius.la pw-apr1.la ++PROGRAMS = pw-netscape.la pw-apr1.la + MANPAGES = slapd-pw-radius.5 + LTVER = 0:0:0 + +--- a/contrib/slapd-modules/passwd/pbkdf2/Makefile ++++ b/contrib/slapd-modules/passwd/pbkdf2/Makefile +@@ -13,7 +13,7 @@ + #DEFS = -DSLAPD_PBKDF2_DEBUG + + SSL_INC = +-SSL_LIB = -lcrypto ++SSL_LIB = -lnettle + + INCS = $(LDAP_INC) $(SSL_INC) + LIBS = $(LDAP_LIB) $(SSL_LIB) +--- a/contrib/slapd-modules/smbk5pwd/Makefile ++++ b/contrib/slapd-modules/smbk5pwd/Makefile +@@ -19,10 +19,10 @@ + $(LDAP_BUILD)/libraries/liblber/liblber.la + + SSL_INC = +-SSL_LIB = -lcrypto ++SSL_LIB = -lnettle + +-HEIMDAL_INC = -I/usr/heimdal/include +-HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv ++HEIMDAL_INC = $(shell krb5-config.heimdal --cflags krb5 kadm-server) ++HEIMDAL_LIB = $(shell krb5-config.heimdal --libs krb5 kadm-server) + + LIBTOOL = $(LDAP_BUILD)/libtool + INSTALL = /usr/bin/install +@@ -31,7 +31,8 @@ + # Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it. + DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW + INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC) +-LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB) ++# put /usr/lib/heimdal before /usr/lib in case libkrb5-dev is installed, #745356 ++LIBS = $(HEIMDAL_LIB) $(LDAP_LIB) $(SSL_LIB) + + PROGRAMS = smbk5pwd.la + MANPAGES = slapo-smbk5pwd.5 diff --git a/debian/patches/debian-version b/debian/patches/debian-version new file mode 100644 index 0000000..542346b --- /dev/null +++ b/debian/patches/debian-version @@ -0,0 +1,14 @@ +Description: Replace upstream version with Debian version in version strings +Forwarded: not-needed +Author: Ryan Tandy <ryan@nardis.ca> +--- a/build/version.sh ++++ b/build/version.sh +@@ -40,7 +40,7 @@ + echo OL_API_INC=$ol_api_inc + echo OL_API_LIB_RELEASE=$ol_api_lib_release + echo OL_API_LIB_VERSION=$ol_api_lib_version +-echo OL_VERSION=$ol_version ++echo OL_VERSION=\"${DEB_VERSION:-$ol_version}\" + echo OL_TYPE=$ol_type + echo OL_STRING=\"${ol_string}\" + echo OL_RELEASE_DATE=\"${ol_release_date}\" diff --git a/debian/patches/do-not-second-guess-sonames b/debian/patches/do-not-second-guess-sonames new file mode 100644 index 0000000..ecfc639 --- /dev/null +++ b/debian/patches/do-not-second-guess-sonames @@ -0,0 +1,69 @@ +Rip out code that second-guesses the libsasl soname / Debian shlibs. If +cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream +there, not kludged around upstream here! + +Debian bug #546885 + +Upstream ITS #6302 filed. + +--- a/libraries/libldap/cyrus.c ++++ b/libraries/libldap/cyrus.c +@@ -74,29 +74,6 @@ + */ + int ldap_int_sasl_init( void ) + { +-#ifdef HAVE_SASL_VERSION +- /* stringify the version number, sasl.h doesn't do it for us */ +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ +- SASL_VERSION_STEP) +- { int rc; +- sasl_version( NULL, &rc ); +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || +- (rc & 0xffff) < SASL_VERSION_STEP) { +- char version[sizeof("xxx.xxx.xxxxx")]; +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, +- rc & 0xffff ); +- +- Debug1( LDAP_DEBUG_ANY, +- "ldap_int_sasl_init: SASL library version mismatch:" +- " expected " SASL_VERSION_STRING "," +- " got %s\n", version ); +- return -1; +- } +- } +-#endif +- + /* SASL 2 takes care of its own memory completely internally */ + #if SASL_VERSION_MAJOR < 2 && !defined(CSRIMALLOC) + sasl_set_alloc( +--- a/servers/slapd/sasl.c ++++ b/servers/slapd/sasl.c +@@ -1271,26 +1271,6 @@ + rewrite_mapper_register( &slapd_mapper ); + + #ifdef HAVE_CYRUS_SASL +-#ifdef HAVE_SASL_VERSION +- /* stringify the version number, sasl.h doesn't do it for us */ +-#define VSTR0(maj, min, pat) #maj "." #min "." #pat +-#define VSTR(maj, min, pat) VSTR0(maj, min, pat) +-#define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ +- SASL_VERSION_STEP) +- +- sasl_version( NULL, &rc ); +- if ( ((rc >> 16) != ((SASL_VERSION_MAJOR << 8)|SASL_VERSION_MINOR)) || +- (rc & 0xffff) < SASL_VERSION_STEP) +- { +- char version[sizeof("xxx.xxx.xxxxx")]; +- sprintf( version, "%u.%d.%d", (unsigned)rc >> 24, (rc >> 16) & 0xff, +- rc & 0xffff ); +- Debug( LDAP_DEBUG_ANY, "slap_sasl_init: SASL library version mismatch:" +- " expected %s, got %s\n", +- SASL_VERSION_STRING, version ); +- return -1; +- } +-#endif + + sasl_set_mutex( + ldap_pvt_sasl_mutex_new, diff --git a/debian/patches/fix-build-top-mk b/debian/patches/fix-build-top-mk new file mode 100644 index 0000000..418fe35 --- /dev/null +++ b/debian/patches/fix-build-top-mk @@ -0,0 +1,11 @@ +--- a/build/top.mk ++++ b/build/top.mk +@@ -20,7 +20,7 @@ + RELEASEDATE= @OPENLDAP_RELEASE_DATE@ + + @SET_MAKE@ +-SHELL = /bin/sh ++SHELL = @SHELL@ + + top_builddir = @top_builddir@ + diff --git a/debian/patches/getaddrinfo-is-threadsafe b/debian/patches/getaddrinfo-is-threadsafe new file mode 100644 index 0000000..6785263 --- /dev/null +++ b/debian/patches/getaddrinfo-is-threadsafe @@ -0,0 +1,43 @@ +Author: Steve Langasek <vorlon@debian.org> + +OpenLDAP upstream conservatively assumes that certain resolver functions +(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we +know that the glibc implementations of these functions are thread-safe, so +we should bypass the use of this mutex. This fixes a locking problem when +an application uses libldap and libnss-ldap is also used for hosts +resolution. + +Closes Debian bug #340601. + +Not suitable for forwarding upstream; might be made suitable by adding a +configure-time check for glibc and disabling the mutex only on known +thread-safe implementations. + +--- a/libraries/libldap/os-ip.c ++++ b/libraries/libldap/os-ip.c +@@ -591,13 +591,7 @@ + hints.ai_socktype = socktype; + snprintf(serv, sizeof serv, "%d", port ); + +- /* most getaddrinfo(3) use non-threadsafe resolver libraries */ +- LDAP_MUTEX_LOCK(&ldap_int_resolv_mutex); +- + err = getaddrinfo( host, serv, &hints, &res ); +- +- LDAP_MUTEX_UNLOCK(&ldap_int_resolv_mutex); +- + if ( err != 0 ) { + Debug1(LDAP_DEBUG_TRACE, + "ldap_connect_to_host: getaddrinfo failed: %s\n", +--- a/libraries/libldap/util-int.c ++++ b/libraries/libldap/util-int.c +@@ -533,9 +533,7 @@ + int rc; + #if defined( HAVE_GETNAMEINFO ) + +- LDAP_MUTEX_LOCK( &ldap_int_resolv_mutex ); + rc = getnameinfo( sa, len, name, namelen, NULL, 0, 0 ); +- LDAP_MUTEX_UNLOCK( &ldap_int_resolv_mutex ); + if ( rc ) *err = (char *)AC_GAI_STRERROR( rc ); + return rc; + diff --git a/debian/patches/index-files-created-as-root b/debian/patches/index-files-created-as-root new file mode 100644 index 0000000..263b014 --- /dev/null +++ b/debian/patches/index-files-created-as-root @@ -0,0 +1,37 @@ +Document in the man page that slapindex should be run as the same user +as slapd, and print a warning if it's run as root (since Debian defaults +to running slapd as openldap). + +Not suitable for upstream in this form. This patch needs to be reworked +to check the BerkeleyDB database ownership and only warn if running as +root with a database that's not owned by root. + +Upstream ITS #5356 filed requesting better handling of this. Current +upstream discussion leans towards putting the check into the database +backend and aborting if slapd is run as a different user than the database +owner, which is an even better fix. + +--- a/doc/man/man8/slapindex.8 ++++ b/doc/man/man8/slapindex.8 +@@ -148,6 +148,10 @@ + should not be running (at least, not in read-write + mode) when you do this to ensure consistency of the database. + .LP ++slapindex ought to be run as the user specified for ++.BR slapd (8) ++to ensure correct database permissions. ++.LP + This command provides ample opportunity for the user to obtain + and drink their favorite beverage. + .SH EXAMPLES +--- a/servers/slapd/slapindex.c ++++ b/servers/slapd/slapindex.c +@@ -34,6 +34,8 @@ + int + slapindex( int argc, char **argv ) + { ++ if (geteuid() == 0) ++ fprintf( stderr, "\nWARNING!\nRunning as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n"); + ID id; + int rc = EXIT_SUCCESS; + const char *progname = "slapindex"; diff --git a/debian/patches/ldap-conf-tls-cacertdir b/debian/patches/ldap-conf-tls-cacertdir new file mode 100644 index 0000000..2a2c129 --- /dev/null +++ b/debian/patches/ldap-conf-tls-cacertdir @@ -0,0 +1,27 @@ +--- a/doc/man/man5/ldap.conf.5 ++++ b/doc/man/man5/ldap.conf.5 +@@ -390,13 +390,13 @@ + Specifying a minimum that is higher than that supported by the + OpenLDAP implementation will result in it requiring the + highest level that it does support. +-This parameter is ignored with GnuTLS. ++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS. + .TP + .B TLS_RANDFILE <filename> + Specifies the file to obtain random bits from when /dev/[u]random is + not available. Generally set to the name of the EGD/PRNGD socket. + The environment variable RANDFILE can also be used to specify the filename. +-This parameter is ignored with GnuTLS. ++This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS. + .TP + .B TLS_REQCERT <level> + Specifies what checks to perform on server certificates in a TLS session. +@@ -458,7 +458,7 @@ + used to verify if the server certificates have not been revoked. This + requires + .B TLS_CACERTDIR +-parameter to be set. This parameter is ignored with GnuTLS. ++parameter to be set. This parameter is ignored with GnuTLS. On Debian openldap is linked against GnuTLS. + .B <level> + can be specified as one of the following keywords: + .RS diff --git a/debian/patches/ldapi-socket-place b/debian/patches/ldapi-socket-place new file mode 100644 index 0000000..a482bbf --- /dev/null +++ b/debian/patches/ldapi-socket-place @@ -0,0 +1,16 @@ +Move the ldapi socket to /var/run/slapd from /var/run, since /var/run +is only writable by root and slapd runs as openldap. + +Debian-specific. + +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -39,7 +39,7 @@ + #define LDAP_ENV_PREFIX "LDAP" + + /* default ldapi:// socket */ +-#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "ldapi" ++#define LDAPI_SOCK LDAP_RUNDIR LDAP_DIRSEP "run" LDAP_DIRSEP "slapd" LDAP_DIRSEP "ldapi" + + /* + * SLAPD DEFINITIONS diff --git a/debian/patches/man-slapd b/debian/patches/man-slapd new file mode 100644 index 0000000..65b9a00 --- /dev/null +++ b/debian/patches/man-slapd @@ -0,0 +1,60 @@ +Patch the slapd man page to not refer to a header file that isn't +installed with the slapd package and to reference the correct path +for slapd. + +Debian-specific. + +--- a/doc/man/man8/slapd.8 ++++ b/doc/man/man8/slapd.8 +@@ -5,7 +5,7 @@ + .SH NAME + slapd \- Stand-alone LDAP Daemon + .SH SYNOPSIS +-.B LIBEXECDIR/slapd ++.B /usr/sbin/slapd + [\c + .BR \-V [ V [ V ]] + [\c +@@ -103,11 +103,10 @@ + will not fork or disassociate from the invoking terminal. Some general + operation and status messages are printed for any value of \fIdebug-level\fP. + \fIdebug-level\fP is taken as a bit string, with each bit corresponding to a +-different kind of debugging information. See <ldap_log.h> for details. +-Comma-separated arrays of friendly names can be specified to select +-debugging output of the corresponding debugging information. +-All the names recognized by the \fIloglevel\fP directive +-described in \fBslapd.conf\fP(5) are supported. ++different kind of debugging information. Comma-separated arrays of friendly ++names can be specified to select debugging output of the corresponding ++debugging information. All the names recognized by the \fIloglevel\fP ++directive described in \fBslapd.conf\fP(5) are supported. + If \fIdebug-level\fP is \fB?\fP, a list of installed debug-levels is printed, + and slapd exits. + +@@ -317,7 +316,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd ++ /usr/sbin/slapd + .ft + .fi + .LP +@@ -328,7 +327,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255 ++ /usr/sbin/slapd \-f /var/tmp/slapd.conf \-d 255 + .ft + .fi + .LP +@@ -336,7 +335,7 @@ + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-Tt ++ /usr/sbin/slapd \-Tt + .ft + .fi + .LP diff --git a/debian/patches/sasl-default-path b/debian/patches/sasl-default-path new file mode 100644 index 0000000..bb489e5 --- /dev/null +++ b/debian/patches/sasl-default-path @@ -0,0 +1,55 @@ +Add /etc/ldap/sasl2 to the SASL configuration search path. + +Not submitted upstream. Somewhat Debian-specific and probably not of +interest upstream. + +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -68,4 +68,6 @@ + */ + #define LLOADD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "lloadd.conf" + ++#define SASL_CONFIGPATH LDAP_SYSCONFDIR LDAP_DIRSEP "sasl2" ++ + #endif /* _LDAP_CONFIG_H */ +--- a/servers/slapd/sasl.c ++++ b/servers/slapd/sasl.c +@@ -1231,12 +1231,38 @@ + slapd_rw_destroy + }; + ++static int ++slap_sasl_getconfpath( void * context, char ** path ) ++{ ++ char * sasl_default_configpath; ++ size_t len; ++ ++#if SASL_VERSION_MAJOR >= 2 ++ sasl_default_configpath = "/usr/lib/sasl2"; ++#else ++ sasl_default_configpath = "/usr/lib/sasl"; ++#endif ++ ++ len = strlen(SASL_CONFIGPATH) + 1 /* colon */ + ++ strlen(sasl_default_configpath) + 1 /* \0 */; ++ *path = malloc( len ); ++ if ( *path == NULL ) ++ return SASL_FAIL; ++ ++ if (snprintf( *path, len, "%s:%s", SASL_CONFIGPATH, ++ sasl_default_configpath ) != len-1 ) ++ return SASL_FAIL; ++ ++ return SASL_OK; ++} ++ + int slap_sasl_init( void ) + { + #ifdef HAVE_CYRUS_SASL + int rc; + static sasl_callback_t server_callbacks[] = { + { SASL_CB_LOG, (slap_sasl_cb_ft)&slap_sasl_log, NULL }, ++ { SASL_CB_GETCONFPATH, (slap_sasl_cb_ft)&slap_sasl_getconfpath, NULL }, + { SASL_CB_GETOPT, (slap_sasl_cb_ft)&slap_sasl_getopt, NULL }, + { SASL_CB_LIST_END, NULL, NULL } + }; diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..a8d57cb --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,15 @@ +debian-version +man-slapd +slapi-errorlog-file +ldapi-socket-place +wrong-database-location +index-files-created-as-root +sasl-default-path +getaddrinfo-is-threadsafe +do-not-second-guess-sonames +contrib-makefiles +ldap-conf-tls-cacertdir +add-tlscacert-option-to-ldap-conf +fix-build-top-mk +switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff +set-maintainer-name diff --git a/debian/patches/set-maintainer-name b/debian/patches/set-maintainer-name new file mode 100644 index 0000000..35f8f77 --- /dev/null +++ b/debian/patches/set-maintainer-name @@ -0,0 +1,16 @@ +--- a/build/mkversion ++++ b/build/mkversion +@@ -50,12 +50,7 @@ + fi + + APPLICATION=$1 +-# Reproducible builds set SOURCE_DATE_EPOCH, want constant strings +-if [ -n "${SOURCE_DATE_EPOCH}" ]; then +- WHOWHERE="openldap" +-else +- WHOWHERE="$USER@$(uname -n):$(pwd)" +-fi ++WHOWHERE="${DEB_MAINTAINER:-openldap}" + + cat << __EOF__ + /* This work is part of OpenLDAP Software <http://www.openldap.org/>. diff --git a/debian/patches/slapi-errorlog-file b/debian/patches/slapi-errorlog-file new file mode 100644 index 0000000..4899451 --- /dev/null +++ b/debian/patches/slapi-errorlog-file @@ -0,0 +1,16 @@ +The slapi error log file defaults to /var/errors given our setting +of --localstatedir. Move it to /var/log/slapi-errors instead. + +Debian-specific. + +--- a/servers/slapd/slapi/slapi_overlay.c ++++ b/servers/slapd/slapi/slapi_overlay.c +@@ -930,7 +930,7 @@ int slapi_over_config( BackendDB *be, Co + ldap_pvt_thread_mutex_init( &slapi_printmessage_mutex ); + + if ( slapi_log_file == NULL ) +- slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "errors" ); ++ slapi_log_file = slapi_ch_strdup( LDAP_RUNDIR LDAP_DIRSEP "log" LDAP_DIRSEP "slapi-errors" ); + + rc = slapi_int_init_object_extensions(); + if ( rc != 0 ) diff --git a/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff new file mode 100644 index 0000000..f0dd4e1 --- /dev/null +++ b/debian/patches/switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff @@ -0,0 +1,40 @@ +From: Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de>
+Date: Tue, 18 May 2010 17:47:05 +0200
+Subject: Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
+ Open all modules with RTLD_GLOBAL, needed so that back_perl can load
+ non-trivial Perl extensions that require symbols from back_perl.so itself.
+Bug-Debian: http://bugs.debian.org/327585
+
+---
+--- a/servers/slapd/module.c ++++ b/servers/slapd/module.c +@@ -117,6 +117,20 @@ int module_unload( const char *file_name + return -1; /* not found */ + } + ++static lt_dlhandle slapd_lt_dlopenext_global( const char *filename ) ++{ ++ lt_dlhandle handle = 0; ++ lt_dladvise advise; ++ ++ if (!lt_dladvise_init (&advise) && !lt_dladvise_ext (&advise) ++ && !lt_dladvise_global (&advise)) ++ handle = lt_dlopenadvise (filename, advise); ++ ++ lt_dladvise_destroy (&advise); ++ ++ return handle; ++} ++ + int module_load(const char* file_name, int argc, char *argv[]) + { + module_loaded_t *module; +@@ -180,7 +194,7 @@ int module_load(const char* file_name, i + * to calling Debug. This is because Debug is a macro that expands + * into multiple function calls. + */ +- if ((module->lib = lt_dlopenext(file)) == NULL) { ++ if ((module->lib = slapd_lt_dlopenext_global(file)) == NULL) { + error = lt_dlerror(); + #ifdef HAVE_EBCDIC + strcpy( ebuf, error ); diff --git a/debian/patches/wrong-database-location b/debian/patches/wrong-database-location new file mode 100644 index 0000000..979241d --- /dev/null +++ b/debian/patches/wrong-database-location @@ -0,0 +1,63 @@ +Move the default slapd database location to /var/lib/ldap instead of +/var/openldap-data. + +Debian-specific. + +--- a/doc/man/man5/slapd.conf.5 ++++ b/doc/man/man5/slapd.conf.5 +@@ -2073,7 +2073,7 @@ + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-directory LOCALSTATEDIR/openldap\-data ++directory LOCALSTATEDIR/lib/ldap + # Indices to maintain + index objectClass eq + index cn,sn,mail pres,eq,approx,sub +--- a/include/ldap_defaults.h ++++ b/include/ldap_defaults.h +@@ -47,7 +47,7 @@ + /* location of the default slapd config file */ + #define SLAPD_DEFAULT_CONFIGFILE LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.conf" + #define SLAPD_DEFAULT_CONFIGDIR LDAP_SYSCONFDIR LDAP_DIRSEP "slapd.d" +-#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "openldap-data" ++#define SLAPD_DEFAULT_DB_DIR LDAP_RUNDIR LDAP_DIRSEP "lib" LDAP_DIRSEP "ldap" + #define SLAPD_DEFAULT_DB_MODE 0600 + #define SLAPD_DEFAULT_UCDATA LDAP_DATADIR LDAP_DIRSEP "ucdata" + /* default max deref depth for aliases */ +--- a/servers/slapd/Makefile.in ++++ b/servers/slapd/Makefile.in +@@ -439,9 +439,9 @@ + + install-db-config: FORCE + @-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir) +- @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data ++ @-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/lib/ldap + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ +- $(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example ++ $(DESTDIR)$(localstatedir)/lib/ldap/DB_CONFIG.example + $(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \ + $(DESTDIR)$(sysconfdir)/DB_CONFIG.example + +--- a/doc/man/man5/slapd-config.5 ++++ b/doc/man/man5/slapd-config.5 +@@ -2095,7 +2095,7 @@ + # The database directory MUST exist prior to + # running slapd AND should only be accessible + # by the slapd/tools. Mode 0700 recommended. +-olcDbDirectory: LOCALSTATEDIR/openldap\-data ++olcDbDirectory: LOCALSTATEDIR/lib/ldap + # Indices to maintain + olcDbIndex: objectClass eq + olcDbIndex: cn,sn,mail pres,eq,approx,sub +--- a/doc/man/man5/slapd-mdb.5 ++++ b/doc/man/man5/slapd-mdb.5 +@@ -51,7 +51,7 @@ + associated indexes live. + A separate directory must be specified for each database. + The default is +-.BR LOCALSTATEDIR/openldap\-data . ++.BR LOCALSTATEDIR/lib/ldap . + .TP + \fBenvflags \fR{\fBnosync\fR,\fBnometasync\fR,\fBwritemap\fR,\fBmapasync\fR,\fBnordahead\fR} + Specify flags for finer-grained control of the LMDB library's operation. |