From 325f19b7d42511012557bad6b56aa5fcda9343a7 Mon Sep 17 00:00:00 2001
From: "Robin H. Johnson" <robbat2@gentoo.org>
Date: Wed, 14 Jun 2006 23:35:24 +0000
Subject: [PATCH] Fix broken patch because of keyword expansion again.
 Package-Manager: portage-2.1

---
 sys-auth/nss_ldap/ChangeLog                   |  6 +-
 .../nss_ldap-250-reconnect-timeouts.patch     | 71 +++++++++++++++++++
 2 files changed, 76 insertions(+), 1 deletion(-)
 create mode 100644 sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch

diff --git a/sys-auth/nss_ldap/ChangeLog b/sys-auth/nss_ldap/ChangeLog
index 785e18613437..fd4cd26d0fdd 100644
--- a/sys-auth/nss_ldap/ChangeLog
+++ b/sys-auth/nss_ldap/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for sys-auth/nss_ldap
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.25 2006/06/14 11:40:51 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.26 2006/06/14 23:35:24 robbat2 Exp $
+
+  14 Jun 2006; Robin H. Johnson <robbat2@gentoo.org>
+  +files/nss_ldap-250-reconnect-timeouts.patch:
+  Fix broken patch because of keyword expansion again.
 
   14 Jun 2006; Robin H. Johnson <robbat2@gentoo.org> ChangeLog:
   Fix breakage due to CVS keyword expansion.
diff --git a/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch
new file mode 100644
index 000000000000..dc8a37a916ed
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch
@@ -0,0 +1,71 @@
+This patch changes the default timeouts, so that they are much lower, and do
+not cause major delays when booting a system. This is a workaround until the
+core /etc/{passwd,group} contain all of the data needed for a system boot.
+
+Also add a note that 'ssl on' is broken and TLS should be used instead.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap-nss.h nss_ldap-250/ldap-nss.h
+--- nss_ldap-250.orig/ldap-nss.h	2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap-nss.h	2006-06-14 01:58:01.933005492 -0700
+@@ -96,9 +96,9 @@
+  * unacceptable, in which case you may wish to adjust
+  * the constants below.
+  */
+-#define LDAP_NSS_TRIES           5	/* number of sleeping reconnect attempts */
+-#define LDAP_NSS_SLEEPTIME       4	/* seconds to sleep; doubled until max */
+-#define LDAP_NSS_MAXSLEEPTIME    64	/* maximum seconds to sleep */
++#define LDAP_NSS_TRIES           4	/* number of sleeping reconnect attempts */
++#define LDAP_NSS_SLEEPTIME       1	/* seconds to sleep; doubled until max */
++#define LDAP_NSS_MAXSLEEPTIME    16	/* maximum seconds to sleep */
+ #define LDAP_NSS_MAXCONNTRIES    2	/* reconnect attempts before sleeping */
+ 
+ #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap.conf nss_ldap-250/ldap.conf
+--- nss_ldap-250.orig/ldap.conf	2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap.conf	2006-06-14 02:12:02.008444745 -0700
+@@ -1,4 +1,4 @@
+- @(#)$Id: ldap.conf,v 2.46 2006/04/13 03:25:56 lukeh Exp $
++# @(#)$Id: ldap.conf,v 2.46 2006/04/13 03:25:56 lukeh Exp $
+ #
+ # This is the configuration file for the LDAP nameservice
+ # switch library and the LDAP PAM module.
+@@ -283,7 +283,8 @@
+ # OpenLDAP SSL mechanism
+ # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
+ #ssl start_tls
+-#ssl on
++###ssl on
++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead.
+ 
+ # OpenLDAP SSL options
+ # Require and verify server certificate (yes/no)
+@@ -315,3 +316,27 @@
+ # Override the default Kerberos ticket cache location.
+ #krb5_ccname FILE:/etc/.ldapcache
+ 
++# Timeout behavior
++# Upstream nss_ldap hard-codes these values:
++#nss_reconnect_tries 5			# number of times to double the sleep time
++#nss_reconnect_sleeptime 4		# initial sleep value
++#nss_reconnect_maxsleeptime 64	# max sleep value to cap at
++#nss_reconnect_maxconntries 2	# how many tries before sleeping
++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the
++# server is not available.
++
++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values
++# (The hardwired constants in the code are changed to them as well):
++nss_reconnect_tries 4			# number of times to double the sleep time
++nss_reconnect_sleeptime 1		# initial sleep value
++nss_reconnect_maxsleeptime 16	# max sleep value to cap at
++nss_reconnect_maxconntries 2	# how many tries before sleeping
++# This leads to a delay of 15 seconds (1+2+4+8=15)
++
++# If you are impatient, and know your LDAP server is reliable, fast or local,
++# you may wish to use these values instead:
++#nss_reconnect_tries 1			# number of times to double the sleep time
++#nss_reconnect_sleeptime 1		# initial sleep value
++#nss_reconnect_maxsleeptime 1	# max sleep value to cap at
++#nss_reconnect_maxconntries 3	# how many tries before sleeping
++# This leads to a delay of 1 second.
-- 
2.26.2