1 # Copyright 1999-2014 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
10 inherit autotools db-use eutils flag-o-matic multilib ssl-cert toolchain-funcs versionator user
12 DESCRIPTION="LDAP suite of application and development tools"
13 HOMEPAGE="http://www.OpenLDAP.org/"
14 SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
16 LICENSE="OPENLDAP GPL-2"
18 KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86 ~sparc-fbsd ~x86-fbsd"
19 IUSE="berkdb crypt debug gdbm ipv6 kerberos minimal odbc overlays perl samba sasl slp smbkrb5passwd ssl tcpd selinux"
21 # note that the 'samba' USE flag pulling in OpenSSL is NOT an error. OpenLDAP
22 # uses OpenSSL for LanMan/NTLM hashing (which is used in some enviroments, like
24 # Robin H. Johnson <robbat2@gentoo.org> March 8, 2004
26 RDEPEND="sys-libs/ncurses
27 tcpd? ( sys-apps/tcp-wrappers )
28 ssl? ( dev-libs/openssl )
29 sasl? ( dev-libs/cyrus-sasl )
31 odbc? ( dev-db/unixODBC )
32 slp? ( net-libs/openslp )
33 perl? ( || ( >=dev-lang/perl-5.16 <dev-lang/perl-5.16[-build] ) )
34 samba? ( dev-libs/openssl )
35 kerberos? ( virtual/krb5 )
40 >=sys-libs/db-4.2.52_p2-r1:4.2
44 gdbm? ( sys-libs/gdbm )
49 >=sys-libs/db-4.2.52_p2-r1:4.2
58 selinux? ( sec-policy/selinux-ldap )"
61 # for tracking versions
62 OPENLDAP_VERSIONTAG=".version-tag"
63 OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
65 openldap_upgrade_howto() {
67 eerror "A (possible old) installation of OpenLDAP was detected,"
68 eerror "installation will not proceed for now."
70 eerror "As major version upgrades can corrupt your database,"
71 eerror "you need to dump your database and re-create it afterwards."
74 l="/root/ldapdump.${d}"
76 eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
77 eerror " 2. slapcat -l ${i}"
78 eerror " 3. egrep -v '^(entry|context)CSN:' <${i} >${l}"
79 eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
80 eerror " 5. emerge --update \=net-nds/${PF}"
81 eerror " 6. etc-update, and ensure that you apply the changes"
82 eerror " 7. slapadd -l ${l}"
83 eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
84 eerror " 9. /etc/init.d/slapd start"
85 eerror "10. check that your data is intact."
86 eerror "11. set up the new replication system."
88 if [ "${FORCE_UPGRADE}" != "1" ]; then
89 die "You need to upgrade your database first"
91 eerror "You have the magical FORCE_UPGRADE=1 in place."
92 eerror "Don't say you weren't warned about data loss."
96 openldap_find_versiontags() {
97 # scan for all datadirs
99 if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then
100 openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
102 openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
105 einfo "Scanning datadir(s) from slapd.conf and"
106 einfo "the default installdir for Versiontags"
107 einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
110 # scan datadirs if we have a version tag
112 for each in ${openldap_datadirs}; do
113 CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
114 CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
115 if [ -d ${CURRENT_TAGDIR} ] && [ ${openldap_found_tag} == 0 ] ; then
116 einfo "- Checking ${each}..."
117 if [ -r ${CURRENT_TAG} ] ; then
118 # yey, we have one :)
119 einfo " Found Versiontag in ${each}"
120 source ${CURRENT_TAG}
121 if [ "${OLDPF}" == "" ] ; then
122 eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
123 eerror "Please delete it"
125 die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
128 OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
130 # are we on the same branch?
131 if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
132 ewarn " Versiontag doesn't match current major release!"
133 if [[ `ls -a ${CURRENT_TAGDIR} | wc -l` -gt 5 ]] ; then
134 eerror " Versiontag says other major and you (probably) have datafiles!"
136 openldap_upgrade_howto
138 einfo " No real problem, seems there's no database."
141 einfo " Versiontag is fine here :)"
144 einfo " Non-tagged dir ${each}"
145 if [[ `ls -a ${each} | wc -l` > 5 ]] ; then
146 einfo " EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
150 eerror "Your OpenLDAP Installation has a non tagged datadir that"
151 eerror "possibly contains a database at ${CURRENT_TAGDIR}"
153 eerror "Please export data if any entered and empty or remove"
154 eerror "the directory, installation has been stopped so you"
155 eerror "can take required action"
157 eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
159 die "Please move the datadir ${CURRENT_TAGDIR} away"
168 einfo "All datadirs are fine, proceeding with merge now..."
174 if has_version "<=dev-lang/perl-5.8.8_rc1" && built_with_use dev-lang/perl minimal ; then
175 die "You must have a complete (USE='-minimal') Perl install to use the perl backend!"
178 if use samba && ! use ssl ; then
179 eerror "LAN manager passwords need ssl flag set"
180 die "Please set ssl useflag"
183 if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
185 einfo "Skipping scan for previous datadirs as requested by minimal useflag"
188 openldap_find_versiontags
192 enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
196 # According to MDK, the link order needs to be changed so that
197 # on systems w/ MD5 passwords the system crypt library is used
198 # (the net result is that "passwd" can be used to change ldap passwords w/
199 # proper pam support)
200 sed -i -e 's/$(SECURITY_LIBS) $(LDIF_LIBS) $(LUTIL_LIBS)/$(LUTIL_LIBS) $(SECURITY_LIBS) $(LDIF_LIBS)/' \
201 "${S}"/servers/slapd/Makefile.in
203 # supersedes old fix for bug #31202
204 EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch
206 # ensure correct SLAPI path by default
207 sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
208 "${S}"/include/ldap_defaults.h
210 EPATCH_OPTS="-p0 -d ${S}"
212 # ximian connector 1.4.7 ntlm patch
213 epatch "${FILESDIR}"/${PN}-2.2.6-ntlm.patch
216 epatch "${FILESDIR}"/${PN}-2.3.21-ppolicy.patch
219 epatch "${FILESDIR}"/${PN}-2.3.37-libldap_r.patch
221 # fix up stuff for newer autoconf that simulates autoconf-2.13, but doesn't
225 ln -s shtool install.sh
226 einfo "Making sure upstream build strip does not do stripping too early"
228 -e '/^STRIP/s,-s,,g' \
229 top.mk || die "Failed to block stripping"
232 # patch contrib modules
233 if ! use minimal ; then
235 epatch "${FILESDIR}"/${PN}-2.3.24-contrib-smbk5pwd.patch
237 # Fix gcc-4.4 compat, bug 264761
238 epatch "${FILESDIR}/openldap-2.3.XY-gcc44.patch"
240 # Backport random-hang fix from 2.4
241 # http://www.openldap.org/lists/openldap-technical/201208/msg00120.html
244 epatch "${FILESDIR}/openldap-2.3.43-fix-hang.patch"
250 #Fix for glibc-2.8 and ucred. Bug 228457.
251 append-flags -D_GNU_SOURCE
253 # HDB is only available with BerkDB
254 myconf_berkdb='--enable-bdb --enable-ldbm-api=berkeley --enable-hdb=mod'
255 myconf_gdbm='--disable-bdb --enable-ldbm-api=gdbm --disable-hdb'
257 use debug && myconf="${myconf} --enable-debug" # there is no disable-debug
259 # enable slapd/slurpd servers if not doing a minimal build
260 if ! use minimal ; then
261 myconf="${myconf} --enable-slapd --enable-slurpd"
263 myconf="${myconf} --enable-ldbm"
265 einfo "Using Berkeley DB for local backend"
266 myconf="${myconf} ${myconf_berkdb}"
267 # We need to include the slotted db.h dir for FreeBSD
268 append-cppflags -I$(db_includedir 4.5 4.4 4.3 4.2 )
270 einfo "Using GDBM for local backend"
271 myconf="${myconf} ${myconf_gdbm}"
273 ewarn "Neither gdbm or berkdb USE flags present, falling back to"
274 ewarn "Berkeley DB for local backend"
275 myconf="${myconf} ${myconf_berkdb}"
276 # We need to include the slotted db.h dir for FreeBSD
277 append-cppflags -I$(db_includedir 4.5 4.4 4.3 4.2 )
279 # extra backend stuff
280 myconf="${myconf} --enable-passwd=mod --enable-phonetic=mod"
281 myconf="${myconf} --enable-dnssrv=mod --enable-ldap"
282 myconf="${myconf} --enable-meta=mod --enable-monitor=mod"
283 myconf="${myconf} --enable-null=mod --enable-shell=mod"
284 myconf="${myconf} --enable-relay=mod"
285 myconf="${myconf} $(use_enable perl perl mod)"
286 myconf="${myconf} $(use_enable odbc sql mod)"
288 myconf="${myconf} $(use_enable crypt) $(use_enable slp)"
289 myconf="${myconf} --enable-rewrite --enable-rlookups"
290 myconf="${myconf} --enable-aci --enable-modules"
291 myconf="${myconf} --enable-cleartext --enable-slapi"
292 myconf="${myconf} $(use_enable samba lmpasswd)"
293 # slapd overlay options
294 myconf="${myconf} --enable-dyngroup --enable-proxycache"
295 use overlays && myconf="${myconf} --enable-overlays=mod"
296 myconf="${myconf} --enable-syncprov"
298 myconf="${myconf} --disable-slapd --disable-slurpd"
299 myconf="${myconf} --disable-bdb --disable-ldbm"
300 myconf="${myconf} --disable-hdb --disable-monitor"
301 myconf="${myconf} --disable-slurpd --disable-overlays"
302 myconf="${myconf} --disable-relay"
305 # basic functionality stuff
306 myconf="${myconf} --enable-syslog --enable-dynamic"
307 myconf="${myconf} --enable-local --enable-proctitle"
309 myconf="${myconf} $(use_enable ipv6)"
310 myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)"
311 myconf="${myconf} $(use_enable tcpd wrappers) $(use_with ssl tls)"
313 if [ $(get_libdir) != "lib" ] ; then
314 append-ldflags -L/usr/$(get_libdir)
321 --libexecdir=/usr/$(get_libdir)/openldap \
322 ${myconf} || die "configure failed"
326 emake depend || die "make depend failed"
327 emake || die "make failed"
331 if ! use minimal ; then
333 einfo "Building contributed dsaschema"
334 cd "${S}"/contrib/slapd-modules/dsaschema
335 ${CC} -shared -I../../../include ${CFLAGS} -fPIC \
336 -Wall -o libdsaschema-plugin.so dsaschema.c || \
337 die "failed to compile dsaschema module"
339 if use kerberos ; then
340 einfo "Building contributed pw-kerberos"
341 cd "${S}"/contrib/slapd-modules/passwd/ && \
342 ${CC} -shared -I../../../include ${CFLAGS} -fPIC \
343 $(krb5-config --cflags) \
344 -DHAVE_KRB5 -o pw-kerberos.so kerberos.c || \
345 die "failed to compile kerberos password module"
347 # netscape mta-md5 password
348 einfo "Building contributed pw-netscape"
349 cd "${S}"/contrib/slapd-modules/passwd/ && \
350 ${CC} -shared -I../../../include ${CFLAGS} -fPIC \
351 -o pw-netscape.so netscape.c || \
352 die "failed to compile netscape password module"
354 # Note: this modules builds, but may not work with
355 # Gentoo's MIT-Kerberos. It was designed for Heimdal
357 if use smbkrb5passwd ; then
358 einfo "Building contributed smbk5pwd"
361 mydef="-DDO_SAMBA -DDO_KRB5"
362 mykrb5inc="$(krb5-config --cflags)"
363 cd "${S}"/contrib/slapd-modules/smbk5pwd && \
364 libexecdir="/usr/$(get_libdir)/openldap" \
365 DEFS="${mydef}" KRB5_INC="${mykrb5inc}" emake || \
366 die "failed to compile smbk5pwd module"
369 einfo "Building contributed addrdnvalues"
370 cd "${S}"/contrib/slapi-plugins/addrdnvalues/ && \
371 ${CC} -shared -I../../../include ${CFLAGS} -fPIC \
372 -o libaddrdnvalues-plugin.so addrdnvalues.c || \
373 die "failed to compile addrdnvalues plugin"
379 cd tests ; make tests || die "make tests failed"
383 emake DESTDIR="${D}" install || die "make install failed"
385 dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
386 docinto rfc ; dodoc doc/rfc/*.txt
388 # openldap modules go here
389 # TODO: write some code to populate slapd.conf with moduleload statements
390 keepdir /usr/$(get_libdir)/openldap/openldap/
392 # make state directories
394 if ! use minimal; then
395 dirlist="${dirlist} slurp ldbm"
397 for x in ${dirlist}; do
398 keepdir /var/lib/openldap-${x}
399 fowners ldap:ldap /var/lib/openldap-${x}
400 fperms 0700 /var/lib/openldap-${x}
403 echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
404 echo "# do NOT delete this. it is used" >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
405 echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
407 # manually remove /var/tmp references in .la
408 # because it is packaged with an ancient libtool
409 #for x in "${D}"/usr/$(get_libdir)/lib*.la; do
410 # sed -i -e "s:-L${S}[/]*libraries::" ${x}
413 # change slapd.pid location in configuration file
414 keepdir /var/run/openldap
415 fowners ldap:ldap /var/run/openldap
416 fperms 0755 /var/run/openldap
418 if ! use minimal; then
420 rm "${D}"etc/openldap/slapd.con*
421 insinto /etc/openldap
422 newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
423 configfile="${D}"etc/openldap/slapd.conf
425 # populate with built backends
426 ebegin "populate config with built backends"
427 for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
428 elog "Adding $(basename ${x})"
429 sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
431 sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
432 fowners root:ldap /etc/openldap/slapd.conf
433 fperms 0640 /etc/openldap/slapd.conf
434 cp "${configfile}" "${configfile}".default
437 # install our own init scripts
438 newinitd "${FILESDIR}"/slapd-initd slapd
439 newinitd "${FILESDIR}"/slurpd-initd slurpd
440 newconfd "${FILESDIR}"/slapd-confd slapd
442 if [ $(get_libdir) != lib ]; then
443 sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/{slapd,slurpd}
446 # install contributed modules
448 if [ -e "${S}"/contrib/slapd-modules/dsaschema/libdsaschema-plugin.so ];
450 cd "${S}"/contrib/slapd-modules/dsaschema/
451 newdoc README README.contrib.dsaschema
452 exeinto /usr/$(get_libdir)/openldap/openldap
453 doexe libdsaschema-plugin.so || \
454 die "failed to install dsaschema module"
456 if [ -e "${S}"/contrib/slapd-modules/passwd/pw-kerberos.so ]; then
457 cd "${S}"/contrib/slapd-modules/passwd/
458 newdoc README README.contrib.passwd
459 exeinto /usr/$(get_libdir)/openldap/openldap
460 doexe pw-kerberos.so || \
461 die "failed to install kerberos passwd module"
463 if [ -e "${S}"/contrib/slapd-modules/passwd/pw-netscape.so ]; then
464 cd "${S}"/contrib/slapd-modules/passwd/
465 newdoc README README.contrib.passwd
466 exeinto /usr/$(get_libdir)/openldap/openldap
467 doexe "${S}"/contrib/slapd-modules/passwd/pw-netscape.so || \
468 die "failed to install Netscape MTA-MD5 passwd module"
470 if [ -e "${S}"/contrib/slapd-modules/smbk5pwd/.libs/smbk5pwd.so ]; then
471 cd "${S}"/contrib/slapd-modules/smbk5pwd
472 newdoc README README.contrib.smbk5pwd
473 libexecdir="/usr/$(get_libdir)/openldap" \
474 emake DESTDIR="${D}" install-mod || \
475 die "failed to install smbk5pwd overlay module"
477 if [ -e "${S}"/contrib/slapd-tools/statslog ]; then
478 cd "${S}"/contrib/slapd-tools
480 newexe statslog ldapstatslog || \
481 die "failed to install ldapstatslog script"
483 if [ -e "${S}"/contrib/slapi-plugins/addrdnvalues/libaddrdnvalues-plugin.so ];
485 cd "${S}"/contrib/slapi-plugins/addrdnvalues
486 newdoc README README.contrib.addrdnvalues
487 exeinto /usr/$(get_libdir)/openldap/openldap
488 doexe libaddrdnvalues-plugin.so || \
489 die "failed to install addrdnvalues plugin"
495 # keep old libs if any
496 LIBSUFFIXES=".so.2.0.130 -2.2.so.7"
497 for LIBSUFFIX in ${LIBSUFFIXES} ; do
498 for each in libldap libldap_r liblber ; do
499 preserve_old_lib "usr/$(get_libdir)/${each}${LIBSUFFIX}"
505 if ! use minimal ; then
506 # You cannot build SSL certificates during src_install that will make
507 # binary packages containing your SSL key, which is both a security risk
508 # and a misconfiguration if multiple machines use the same key and cert.
509 # Additionally, it overwrites
511 install_cert /etc/openldap/ssl/ldap
512 chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.*
513 ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
514 ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
515 ewarn "add 'TLS_REQCERT never' if you want to use them."
517 # These lines force the permissions of various content to be correct
518 chown ldap:ldap "${ROOT}"var/run/openldap
519 chmod 0755 "${ROOT}"var/run/openldap
520 chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default}
521 chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default}
522 chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm,slurp}
525 # Reference inclusion bug #77330
528 elog "Getting started using OpenLDAP? There is some documentation available:"
529 elog "Gentoo Guide to OpenLDAP Authentication"
530 elog "(https://www.gentoo.org/doc/en/ldap-howto.xml)"
533 # note to bug #110412
536 elog "An example file for tuning BDB backends with openldap is"
537 elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
540 LIBSUFFIXES=".so.2.0.130 -2.2.so.7"
541 for LIBSUFFIX in ${LIBSUFFIXES} ; do
542 for each in liblber libldap libldap_r ; do
543 preserve_old_lib_notify "usr/$(get_libdir)/${each}${LIBSUFFIX}"