diff --git a/.gitignore b/.gitignore index 5911e3b..528a221 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openldap-2.6.3.tgz +SOURCES/openldap-2.6.6.tgz SOURCES/openldap-ppolicy-check-password-1.1.tar.gz diff --git a/.openldap.metadata b/.openldap.metadata index 6cef5a9..6dd6183 100644 --- a/.openldap.metadata +++ b/.openldap.metadata @@ -1,2 +1,2 @@ -058712d53024e745e71487c77ab9c721571f5865 SOURCES/openldap-2.6.3.tgz +633bc0ce9b5d91852c1fe38c720763f32d18390f SOURCES/openldap-2.6.6.tgz d9f2c30aa3ec5760d4eb5923f461ca8eed92703d SOURCES/openldap-ppolicy-check-password-1.1.tar.gz diff --git a/SOURCES/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch b/SOURCES/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch new file mode 100644 index 0000000..50262a2 --- /dev/null +++ b/SOURCES/openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch @@ -0,0 +1,139 @@ +From aa5c93049d48b7fd1ff98661a00e4e12d7d47324 Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Wed, 13 Dec 2023 11:03:20 -0800 +Subject: [PATCH] Revert "ITS#9917 Remove 'h' and 'p' from options[] in client + tools" + +This reverts commit a8f7fd00043e2c63b6216aeb3ba69b0d0485311b. +--- + clients/tools/ldapcompare.c | 2 +- + clients/tools/ldapdelete.c | 2 +- + clients/tools/ldapexop.c | 2 +- + clients/tools/ldapmodify.c | 2 +- + clients/tools/ldapmodrdn.c | 2 +- + clients/tools/ldappasswd.c | 2 +- + clients/tools/ldapsearch.c | 2 +- + clients/tools/ldapvc.c | 2 +- + clients/tools/ldapwhoami.c | 2 +- + 9 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/clients/tools/ldapcompare.c b/clients/tools/ldapcompare.c +index 63c30408f..a83c8d4ac 100644 +--- a/clients/tools/ldapcompare.c ++++ b/clients/tools/ldapcompare.c +@@ -104,7 +104,7 @@ static int docompare LDAP_P(( + + + const char options[] = "z" +- "Cd:D:e:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z"; ++ "Cd:D:e:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z"; + + #ifdef LDAP_CONTROL_DONTUSECOPY + int dontUseCopy = 0; +diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c +index a66900d48..53f6e0278 100644 +--- a/clients/tools/ldapdelete.c ++++ b/clients/tools/ldapdelete.c +@@ -82,7 +82,7 @@ usage( void ) + + + const char options[] = "r" +- "cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:z:Z"; ++ "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapexop.c b/clients/tools/ldapexop.c +index bfe6e4eac..bd6e02979 100644 +--- a/clients/tools/ldapexop.c ++++ b/clients/tools/ldapexop.c +@@ -52,7 +52,7 @@ usage( void ) + + + const char options[] = "" +- "d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z"; ++ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c +index 33b723bda..c94c11a3a 100644 +--- a/clients/tools/ldapmodify.c ++++ b/clients/tools/ldapmodify.c +@@ -125,7 +125,7 @@ usage( void ) + + + const char options[] = "aE:rS:" +- "cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z"; ++ "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c +index 40a482f5d..d5cf43f7a 100644 +--- a/clients/tools/ldapmodrdn.c ++++ b/clients/tools/ldapmodrdn.c +@@ -95,7 +95,7 @@ usage( void ) + + + const char options[] = "rs:" +- "cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z"; ++ "cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c +index 9a48aabf3..1958a30f6 100644 +--- a/clients/tools/ldappasswd.c ++++ b/clients/tools/ldappasswd.c +@@ -83,7 +83,7 @@ usage( void ) + + + const char options[] = "Ea:As:St:T:" +- "d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z"; ++ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c +index 69e172c6c..48793314b 100644 +--- a/clients/tools/ldapsearch.c ++++ b/clients/tools/ldapsearch.c +@@ -363,7 +363,7 @@ parse_vlv(char *cvalue) + } + + const char options[] = "a:Ab:cE:F:l:Ls:S:tT:uz:" +- "Cd:D:e:f:H:IMnNO:o:P:QR:U:vVw:WxX:y:Y:Z"; ++ "Cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapvc.c b/clients/tools/ldapvc.c +index 4f35025ec..846561847 100644 +--- a/clients/tools/ldapvc.c ++++ b/clients/tools/ldapvc.c +@@ -86,7 +86,7 @@ usage( void ) + + + const char options[] = "abE:" +- "d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z"; ++ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c +index e8ac4b34b..45d32f5d9 100644 +--- a/clients/tools/ldapwhoami.c ++++ b/clients/tools/ldapwhoami.c +@@ -62,7 +62,7 @@ usage( void ) + + + const char options[] = "" +- "d:D:e:H:InNO:o:QR:U:vVw:WxX:y:Y:Z"; ++ "d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z"; + + int + handle_private_option( int i ) +-- +2.43.0 + diff --git a/SOURCES/openldap.sysusers b/SOURCES/openldap.sysusers new file mode 100644 index 0000000..37ef083 --- /dev/null +++ b/SOURCES/openldap.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g ldap 55 +u ldap 55:55 "OpenLDAP server" /var/lib/ldap /sbin/nologin diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec index 5fc2b33..8ccecb9 100644 --- a/SPECS/openldap.spec +++ b/SPECS/openldap.spec @@ -15,10 +15,10 @@ %global __brp_remove_la_files %nil Name: openldap -Version: 2.6.3 -Release: 1%{?dist} +Version: 2.6.6 +Release: 3%{?dist} Summary: LDAP support libraries -License: OpenLDAP +License: OLDAP-2.8 URL: http://www.openldap.org/ Source0: https://openldap.org/software/download/OpenLDAP/openldap-release/openldap-%{version}.tgz @@ -27,6 +27,7 @@ Source2: slapd.tmpfiles Source3: slapd.ldif Source4: ldap.conf Source5: UPGRADE_INSTRUCTIONS +Source6: openldap.sysusers Source10: https://github.com/ltb-project/openldap-ppolicy-check-password/archive/v%{check_password_version}/openldap-ppolicy-check-password-%{check_password_version}.tar.gz Source50: libexec-functions Source52: libexec-check-config.sh @@ -49,6 +50,7 @@ Patch6: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch Patch7: openldap-openssl-manpage-defaultCA.patch Patch8: openldap-add-export-symbols-LDAP_CONNECTIONLESS.patch Patch9: openldap-Revert-ITS-8618-Remove-deprecated-h-and-p.patch +Patch10: openldap-Revert-ITS-9917-Remove--h-and-p-from-options.patch # check-password module specific patches Patch90: check-password-makefile.patch @@ -71,6 +73,8 @@ BuildRequires: unixODBC-devel BuildRequires: systemd BuildRequires: libdb-devel BuildRequires: cracklib-devel +BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access @@ -153,15 +157,16 @@ programs needed for accessing and modifying OpenLDAP directories. %setup -q -c -a 0 -a 10 pushd openldap-%{version} -%patch0 -p1 -%patch1 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 +%patch -P0 -p1 +%patch -P1 -p1 +%patch -P3 -p1 +%patch -P4 -p1 +%patch -P5 -p1 +%patch -P6 -p1 +%patch -P7 -p1 +%patch -P8 -p1 +%patch -P9 -p1 +%patch -P10 -p1 # build smbk5pwd with other overlays ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays @@ -182,8 +187,8 @@ done popd pushd openldap-ppolicy-check-password-%{check_password_version} -%patch90 -p1 -%patch91 -p1 +%patch -P90 -p1 +%patch -P91 -p1 popd %build @@ -245,6 +250,9 @@ popd %install mkdir -p %{buildroot}%{_libdir}/ +%if %{with servers} +install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/openldap.conf +%endif pushd openldap-%{version} %make_install STRIP_OPTS="" @@ -382,10 +390,8 @@ rm %{buildroot}%{_libdir}/*.la # because we do not want files in %{_libdir}/ope %if %{with servers} %pre servers # create ldap user and group -getent group ldap &>/dev/null || groupadd -r -g 55 ldap -getent passwd ldap &>/dev/null || \ - useradd -r -g ldap -u 55 -d %{_sharedstatedir}/ldap -s /sbin/nologin -c "OpenLDAP server" ldap -exit 0 +# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format +%sysusers_create_compat %{SOURCE6} %post servers %systemd_post slapd.service @@ -498,6 +504,7 @@ exit 0 %{_mandir}/man5/slapd*.5* %{_mandir}/man5/slapo-*.5* %{_mandir}/man5/slappw-argon2.5* +%{_sysusersdir}/openldap.conf # obsolete configuration %ghost %config(noreplace,missingok) %attr(0640,ldap,ldap) %{_sysconfdir}/openldap/slapd.conf %else @@ -541,6 +548,21 @@ exit 0 %{_libdir}/libslapi-2.4*.so.* %changelog +* Fri Feb 9 2024 Simon Pichugin - 2.6.6-3 +- Use systemd-sysusers for ldap user and group + Replace License with SPDX identifier + Resolves: RHEL-5140 + +* Thu Dec 14 2023 Simon Pichugin - 2.6.6-2 +- The client tools parameters '-h' and '-p' are still deprecated, + but this release brings back the client tools options that + were removed during the previous rebase. + Resolves: RHEL-19384 + +* Wed Oct 11 2023 Simon Pichugin - 2.6.6-1 +- Rebase OpenLDAP in RHEL 9.4 + Resolves: RHEL-11306 + * Wed Jun 14 2023 Simon Pichugin - 2.6.3-1 - Rebase OpenLDAP to 2.6.3 Related: rhbz#2212983