1 # Copyright 1999-2014 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
10 inherit autotools db-use eutils flag-o-matic multilib ssl-cert toolchain-funcs versionator user
12 DESCRIPTION="LDAP suite of application and development tools"
13 HOMEPAGE="http://www.OpenLDAP.org/"
14 SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
16 LICENSE="OPENLDAP GPL-2"
18 KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
19 IUSE="berkdb crypt debug gdbm ipv6 kerberos minimal odbc overlays perl samba sasl slp smbkrb5passwd ssl tcpd selinux"
21 # note that the 'samba' USE flag pulling in OpenSSL is NOT an error. OpenLDAP
22 # uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like
24 # Robin H. Johnson <robbat2@gentoo.org> March 8, 2004
26 RDEPEND="sys-libs/ncurses
27 tcpd? ( sys-apps/tcp-wrappers )
28 ssl? ( dev-libs/openssl )
29 sasl? ( dev-libs/cyrus-sasl )
31 odbc? ( dev-db/unixODBC )
32 slp? ( net-libs/openslp )
33 perl? ( || ( >=dev-lang/perl-5.16 <dev-lang/perl-5.16[-build] ) )
34 samba? ( dev-libs/openssl )
35 kerberos? ( virtual/krb5 )
40 >=sys-libs/db-4.2.52_p2-r1:4.2
44 gdbm? ( sys-libs/gdbm )
49 >=sys-libs/db-4.2.52_p2-r1:4.2
58 selinux? ( sec-policy/selinux-ldap )"
61 # for tracking versions
62 OPENLDAP_VERSIONTAG=".version-tag"
63 OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
65 openldap_upgrade_howto() {
67 eerror "A (possible old) installation of OpenLDAP was detected,"
68 eerror "installation will not proceed for now."
70 eerror "As major version upgrades can corrupt your database,"
71 eerror "you need to dump your database and re-create it afterwards."
74 l="/root/ldapdump.${d}"
76 eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
77 eerror " 2. slapcat -l ${i}"
78 eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
79 eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
80 eerror " 5. emerge --update \=net-nds/${PF}"
81 eerror " 6. etc-update, and ensure that you apply the changes"
82 eerror " 7. slapadd -l ${l}"
83 eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
84 eerror " 9. /etc/init.d/slapd start"
85 eerror "10. check that your data is intact."
86 eerror "11. set up the new replication system."
88 if [ "${FORCE_UPGRADE}" != "1" ]; then
89 die "You need to upgrade your database first"
91 eerror "You have the magical FORCE_UPGRADE=1 in place."
92 eerror "Don't say you weren't warned about data loss."
96 openldap_find_versiontags() {
97 # scan for all datadirs
99 if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then
100 openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
102 openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
105 einfo "Scanning datadir(s) from slapd.conf and"
106 einfo "the default installdir for Versiontags"
107 einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
110 # scan datadirs if we have a version tag
112 for each in ${openldap_datadirs}; do
113 CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
114 CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
115 if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
116 einfo "- Checking ${each}..."
117 if [ -r ${CURRENT_TAG} ] ; then
118 # yey, we have one :)
119 einfo " Found Versiontag in ${each}"
120 source ${CURRENT_TAG}
121 if [ "${OLDPF}" == "" ] ; then
122 eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
123 eerror "Please delete it"
125 die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
128 OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
130 # are we on the same branch?
131 if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
132 ewarn " Versiontag doesn't match current major release!"
133 if [[ `ls -a ${CURRENT_TAGDIR} | wc -l` -gt 5 ]] ; then
134 eerror " Versiontag says other major and you (probably) have datafiles!"
136 openldap_upgrade_howto
138 einfo " No real problem, seems there's no database."
141 einfo " Versiontag is fine here :)"
144 einfo " Non-tagged dir ${each}"
145 if [[ `ls -a ${each} | wc -l` > 5 ]] ; then
146 einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
150 eerror "Your OpenLDAP Installation has a non tagged datadir that"
151 eerror "possibly contains a database at ${CURRENT_TAGDIR}"
153 eerror "Please export data if any entered and empty or remove"
154 eerror "the directory, installation has been stopped so you"
155 eerror "can take required action"
157 eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
159 die "Please move the datadir ${CURRENT_TAGDIR} away"
168 einfo "All datadirs are fine, proceeding with merge now..."
174 if has_version "<=dev-lang/perl-5.8.8_rc1" && built_with_use dev-lang/perl minimal ; then
175 die "You must have a complete (USE='-minimal') Perl install to use the perl backend!"
178 if use samba && ! use ssl ; then
179 eerror "LAN manager passwords need ssl flag set"
180 die "Please set ssl useflag"
183 if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
185 einfo "Skipping scan for previous datadirs as requested by minimal useflag"
188 openldap_find_versiontags
192 enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
196 # According to MDK, the link order needs to be changed so that
197 # on systems w/ MD5 passwords the system crypt library is used
198 # (the net result is that "passwd" can be used to change ldap passwords w/
199 # proper pam support)
200 sed -i -e 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \
201 "${S}"/servers/slapd/Makefile.in
203 # supersedes old fix for bug #31202
204 EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
206 # ensure correct SLAPI path by default
207 sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
208 "${S}"/include/ldap_defaults.h
210 EPATCH_OPTS="-p0 -d ${S}"
212 # ximian connector 1.4.7 ntlm patch
213 epatch "${FILESDIR}"/${PN}-2.2.6-ntlm.patch
216 epatch "${FILESDIR}"/${PN}-2.3.21-ppolicy.patch
219 epatch "${FILESDIR}"/${PN}-2.3.37-libldap_r.patch
221 # fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't
225 ln -s shtool install.sh
226 einfo "Making sure upstream build strip does not do stripping too early"
228 -e '/^STRIP/s,-s,,g' \
229 top.mk || die "Failed to block stripping"
232 # patch contrib modules
233 if ! use minimal ; then
235 epatch "${FILESDIR}"/${PN}-2.3.24-contrib-smbk5pwd.patch
237 # Fix gcc-4.4 compat, bug 264761
238 epatch "${FILESDIR}/openldap-2.3.XY-gcc44.patch"
244 #Fix for glibc-2.8 and ucred. Bug 228457.
245 append-flags -D_GNU_SOURCE
247 # HDB is only available with BerkDB
248 myconf_berkdb='--enable-bdb --enable-ldbm-api=berkeley --enable-hdb=mod'
249 myconf_gdbm='--disable-bdb --enable-ldbm-api=gdbm --disable-hdb'
251 use debug && myconf="${myconf} --enable-debug" # there is no disable-debug
253 # enable slapd/slurpd servers if not doing a minimal build
254 if ! use minimal ; then
255 myconf="${myconf} --enable-slapd --enable-slurpd"
257 myconf="${myconf} --enable-ldbm"
259 einfo "Using Berkeley DB for local backend"
260 myconf="${myconf} ${myconf_berkdb}"
261 # We need to include the slotted db.h dir for FreeBSD
262 append-cppflags -I$(db_includedir 4.5 4.4 4.3 4.2 )
264 einfo "Using GDBM for local backend"
265 myconf="${myconf} ${myconf_gdbm}"
267 ewarn "Neither gdbm or berkdb USE flags present, falling back to"
268 ewarn "Berkeley DB for local backend"
269 myconf="${myconf} ${myconf_berkdb}"
270 # We need to include the slotted db.h dir for FreeBSD
271 append-cppflags -I$(db_includedir 4.5 4.4 4.3 4.2 )
273 # extra backend stuff
274 myconf="${myconf} --enable-passwd=mod --enable-phonetic=mod"
275 myconf="${myconf} --enable-dnssrv=mod --enable-ldap"
276 myconf="${myconf} --enable-meta=mod --enable-monitor=mod"
277 myconf="${myconf} --enable-null=mod --enable-shell=mod"
278 myconf="${myconf} --enable-relay=mod"
279 myconf="${myconf} $(use_enable perl perl mod)"
280 myconf="${myconf} $(use_enable odbc sql mod)"
282 myconf="${myconf} $(use_enable crypt) $(use_enable slp)"
283 myconf="${myconf} --enable-rewrite --enable-rlookups"
284 myconf="${myconf} --enable-aci --enable-modules"
285 myconf="${myconf} --enable-cleartext --enable-slapi"
286 myconf="${myconf} $(use_enable samba lmpasswd)"
287 # slapd overlay options
288 myconf="${myconf} --enable-dyngroup --enable-proxycache"
289 use overlays && myconf="${myconf} --enable-overlays=mod"
290 myconf="${myconf} --enable-syncprov"
292 myconf="${myconf} --disable-slapd --disable-slurpd"
293 myconf="${myconf} --disable-bdb --disable-ldbm"
294 myconf="${myconf} --disable-hdb --disable-monitor"
295 myconf="${myconf} --disable-slurpd --disable-overlays"
296 myconf="${myconf} --disable-relay"
299 # basic functionality stuff
300 myconf="${myconf} --enable-syslog --enable-dynamic"
301 myconf="${myconf} --enable-local --enable-proctitle"
303 myconf="${myconf} $(use_enable ipv6)"
304 myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)"
305 myconf="${myconf} $(use_enable tcpd wrappers) $(use_with ssl tls)"
307 if [ $(get_libdir) != "lib" ] ; then
308 append-ldflags -L/usr/$(get_libdir)
315 --libexecdir=/usr/$(get_libdir)/openldap \
316 ${myconf} || die "configure failed"
320 emake depend || die "make depend failed"
321 emake || die "make failed"
325 if ! use minimal ; then
327 einfo "Building contributed dsaschema"
328 cd "${S}"/contrib/slapd-modules/dsaschema
329 ${CC} -shared -I../../../include ${CFLAGS} -fPIC \
330 -Wall -o libdsaschema-plugin.so dsaschema.c || \
331 die "failed to compile dsaschema module"
333 if use kerberos ; then
334 einfo "Building contributed pw-kerberos"
335 cd "${S}"/contrib/slapd-modules/passwd/ && \
336 ${CC} -shared -I../../../include ${CFLAGS} -fPIC \
337 $(krb5-config --cflags) \
338 -DHAVE_KRB5 -o pw-kerberos.so kerberos.c || \
339 die "failed to compile kerberos password module"
341 # netscape mta-md5 password
342 einfo "Building contributed pw-netscape"
343 cd "${S}"/contrib/slapd-modules/passwd/ && \
344 ${CC} -shared -I../../../include ${CFLAGS} -fPIC \
345 -o pw-netscape.so netscape.c || \
346 die "failed to compile netscape password module"
348 # Note: this modules builds, but may not work with
349 # Gentoo's MIT-Kerberos. It was designed for Heimdal
351 if use smbkrb5passwd ; then
352 einfo "Building contributed smbk5pwd"
355 mydef="-DDO_SAMBA -DDO_KRB5"
356 mykrb5inc="$(krb5-config --cflags)"
357 cd "${S}"/contrib/slapd-modules/smbk5pwd && \
358 libexecdir="/usr/$(get_libdir)/openldap" \
359 DEFS="${mydef}" KRB5_INC="${mykrb5inc}" emake || \
360 die "failed to compile smbk5pwd module"
363 einfo "Building contributed addrdnvalues"
364 cd "${S}"/contrib/slapi-plugins/addrdnvalues/ && \
365 ${CC} -shared -I../../../include ${CFLAGS} -fPIC \
366 -o libaddrdnvalues-plugin.so addrdnvalues.c || \
367 die "failed to compile addrdnvalues plugin"
373 cd tests ; make tests || die "make tests failed"
377 emake DESTDIR="${D}" install || die "make install failed"
379 dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
380 docinto rfc ; dodoc doc/rfc/*.txt
382 # openldap modules go here
383 # TODO: write some code to populate slapd.conf with moduleload statements
384 keepdir /usr/$(get_libdir)/openldap/openldap/
386 # make state directories
388 if ! use minimal; then
389 dirlist="${dirlist} slurp ldbm"
391 for x in ${dirlist}; do
392 keepdir /var/lib/openldap-${x}
393 fowners ldap:ldap /var/lib/openldap-${x}
394 fperms 0700 /var/lib/openldap-${x}
397 echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
398 echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
399 echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
401 # manually remove /var/tmp references in .la
402 # because it is packaged with an ancient libtool
403 #for x in "${D}"/usr/$(get_libdir)/lib*.la; do
404 # sed -i -e "s:-L${S}[/]*libraries::" ${x}
407 # change slapd.pid location in configuration file
408 keepdir /var/run/openldap
409 fowners ldap:ldap /var/run/openldap
410 fperms 0755 /var/run/openldap
412 if ! use minimal; then
414 rm "${D}"etc/openldap/slapd.con*
415 insinto /etc/openldap
416 newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
417 configfile="${D}"etc/openldap/slapd.conf
419 # populate with built backends
420 ebegin "populate config with built backends"
421 for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
422 elog "Adding $(basename ${x})"
423 sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
425 sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
426 fowners root:ldap /etc/openldap/slapd.conf
427 fperms 0640 /etc/openldap/slapd.conf
428 cp "${configfile}" "${configfile}".default
431 # install our own init scripts
432 newinitd "${FILESDIR}"/slapd-initd slapd
433 newinitd "${FILESDIR}"/slurpd-initd slurpd
434 newconfd "${FILESDIR}"/slapd-confd slapd
436 if [ $(get_libdir) != lib ]; then
437 sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/{slapd,slurpd}
440 # install contributed modules
442 if [ -e "${S}"/contrib/slapd-modules/dsaschema/libdsaschema-plugin.so ];
444 cd "${S}"/contrib/slapd-modules/dsaschema/
445 newdoc README README.contrib.dsaschema
446 exeinto /usr/$(get_libdir)/openldap/openldap
447 doexe libdsaschema-plugin.so || \
448 die "failed to install dsaschema module"
450 if [ -e "${S}"/contrib/slapd-modules/passwd/pw-kerberos.so ]; then
451 cd "${S}"/contrib/slapd-modules/passwd/
452 newdoc README README.contrib.passwd
453 exeinto /usr/$(get_libdir)/openldap/openldap
454 doexe pw-kerberos.so || \
455 die "failed to install kerberos passwd module"
457 if [ -e "${S}"/contrib/slapd-modules/passwd/pw-netscape.so ]; then
458 cd "${S}"/contrib/slapd-modules/passwd/
459 newdoc README README.contrib.passwd
460 exeinto /usr/$(get_libdir)/openldap/openldap
461 doexe "${S}"/contrib/slapd-modules/passwd/pw-netscape.so || \
462 die "failed to install Netscape MTA-MD5 passwd module"
464 if [ -e "${S}"/contrib/slapd-modules/smbk5pwd/.libs/smbk5pwd.so ]; then
465 cd "${S}"/contrib/slapd-modules/smbk5pwd
466 newdoc README README.contrib.smbk5pwd
467 libexecdir="/usr/$(get_libdir)/openldap" \
468 emake DESTDIR="${D}" install-mod || \
469 die "failed to install smbk5pwd overlay module"
471 if [ -e "${S}"/contrib/slapd-tools/statslog ]; then
472 cd "${S}"/contrib/slapd-tools
474 newexe statslog ldapstatslog || \
475 die "failed to install ldapstatslog script"
477 if [ -e "${S}"/contrib/slapi-plugins/addrdnvalues/libaddrdnvalues-plugin.so ];
479 cd "${S}"/contrib/slapi-plugins/addrdnvalues
480 newdoc README README.contrib.addrdnvalues
481 exeinto /usr/$(get_libdir)/openldap/openldap
482 doexe libaddrdnvalues-plugin.so || \
483 die "failed to install addrdnvalues plugin"
489 # keep old libs if any
490 LIBSUFFIXES=".so.2.0.130 -2.2.so.7"
491 for LIBSUFFIX in ${LIBSUFFIXES} ; do
492 for each in libldap libldap_r liblber ; do
493 preserve_old_lib "usr/$(get_libdir)/${each}${LIBSUFFIX}"
499 if ! use minimal ; then
500 # You cannot build SSL certificates during src_install that will make
501 # binary packages containing your SSL key, which is both a security risk
502 # and a misconfiguration if multiple machines use the same key and cert.
503 # Additionally, it overwrites
505 install_cert /etc/openldap/ssl/ldap
506 chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.*
507 ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
508 ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
509 ewarn "add 'TLS_REQCERT never' if you want to use them."
511 # These lines force the permissions of various content to be correct
512 chown ldap:ldap "${ROOT}"var/run/openldap
513 chmod 0755 "${ROOT}"var/run/openldap
514 chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default}
515 chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default}
516 chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm,slurp}
519 # Reference inclusion bug #77330
522 elog "Getting started using OpenLDAP? There is some documentation available:"
523 elog "Gentoo Guide to OpenLDAP Authentication"
524 elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
527 # note to bug #110412
530 elog "An example file for tuning BDB backends with openldap is"
531 elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
534 LIBSUFFIXES=".so.2.0.130 -2.2.so.7"
535 for LIBSUFFIX in ${LIBSUFFIXES} ; do
536 for each in liblber libldap libldap_r ; do
537 preserve_old_lib_notify "usr/$(get_libdir)/${each}${LIBSUFFIX}"