%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
%define pam_ldap_version 184
Summary: NSS library and PAM module for LDAP
Summary(ja): LDAP を利用する NSS ライブラリ および PAM モジュール
Name: nss_ldap
Version: 264
Release: 4%{?_dist_release}
URL: http://www.padl.com/
License: LGPLv2+
Group: System Environment/Base
Source0: ftp://ftp.padl.com/pub/nss_ldap-%{version}.tar.gz
Source1: ftp://ftp.padl.com/pub/pam_ldap-%{pam_ldap_version}.tar.gz
Source3: nss_ldap.versions
Source4: pam_ldap.versions
Source5: README.TLS
Source6: version.c
Source7: dlopen.sh
Patch0: pam_ldap-184-dnsconfig.patch
Patch1: pam_ldap-180-local_users.patch
Patch3: pam_ldap-180-install-perms.patch
Patch4: pam_ldap-180-bind.patch
Patch6: nss_ldap-257-over-recursion.patch
Patch7: pam_ldap-182-manpointer.patch
Patch8: nss_ldap-254-soname.patch
Patch11: nss_ldap-257-initgroups-minimum_uid.patch
Patch13: pam_ldap-176-exop-modify.patch
Patch15: nss_ldap-257-mozldap.patch
Patch16: pam_ldap-184-referral-passwd2.patch
Patch17: nss_ldap-259-res_init.patch
Patch19: pam_ldap-184-broken-sasl-rebind.patch
Patch20: pam_ldap-184-nsrole.patch
Patch22: nss_ldap-264-ent_internal.patch
Patch23: pam_ldap-183-releaseconfig.patch
Patch24: nss_ldap-264-cloexec.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: autoconf, automake, libtool
BuildRequires: openssl-devel, pam-devel
BuildRequires: cyrus-sasl-devel >= 2.1
BuildRequires: openldap-devel >= 2.0.27
BuildRequires: krb5-devel >= 1.4
Requires: nscd
Obsoletes: pam_ldap
Requires(post): grep, sed, coreutils, /sbin/ldconfig
%description
This package includes two LDAP access clients: nss_ldap and pam_ldap.
Nss_ldap is a set of C library extensions that allow X.500 and LDAP
directory servers to be used as a primary source of aliases, ethers,
groups, hosts, networks, protocol, users, RPCs, services, and shadow
passwords (instead of or in addition to using flat files or NIS).
Pam_ldap is a module for Linux-PAM that supports password changes, V2
clients, Netscape's SSL, ypldapd, Netscape Directory Server password
policies, access authorization, and crypted hashes.
# compat32
%package -n compat32-%{name}
Summary: NSS library and PAM module for LDAP
Summary(ja): LDAP を利用する NSS ライブラリ および PAM モジュール
Group: System Environment/Base
Requires: %{name} = %{version}-%{release}
%description -n compat32-%{name}
This package includes two LDAP access clients: nss_ldap and pam_ldap.
Nss_ldap is a set of C library extensions that allow X.500 and LDAP
directory servers to be used as a primary source of aliases, ethers,
groups, hosts, networks, protocol, users, RPCs, services, and shadow
passwords (instead of or in addition to using flat files or NIS).
Pam_ldap is a module for Linux-PAM that supports password changes, V2
clients, Netscape's SSL, ypldapd, Netscape Directory Server password
policies, access authorization, and crypted hashes.
%prep
%setup -q -c -a 1
cp %{SOURCE5} .
cp nss_ldap-%{version}/ldap.conf ldap.conf.nss_ldap
cp pam_ldap-%{pam_ldap_version}/ldap.conf ldap.conf.pam_ldap
cp nss_ldap-%{version}/resolve.c pam_ldap-%{pam_ldap_version}/
cp nss_ldap-%{version}/resolve.h pam_ldap-%{pam_ldap_version}/
cp nss_ldap-%{version}/snprintf.c pam_ldap-%{pam_ldap_version}/
cp nss_ldap-%{version}/snprintf.h pam_ldap-%{pam_ldap_version}/
pushd nss_ldap-%{version}
%patch8 -p1 -b .soname
%patch17 -p1 -b .res_init
%patch22 -p1 -b .ent_internal
%patch24 -p1 -b .cloexec
autoreconf -f -i
popd
pushd pam_ldap-%{pam_ldap_version}
%patch0 -p1 -b .dnsconfig
%patch3 -p1 -b .install-perms
%patch4 -p1 -b .bind
%patch1 -p1 -b .local_users
%patch7 -p1 -b .manpointer
%patch13 -p1 -b .exop-modify
%patch16 -p1 -b .referral-passwd2
%patch19 -p1 -b .broken-sasl-rebind
%patch20 -p1 -b .nsrole
%patch23 -p1 -b .releaseconfig
autoreconf -f -i
popd
rm -f pam.d/*.pam_console
cp nss_ldap-%{version}/ANNOUNCE ANNOUNCE.nss_ldap
cp nss_ldap-%{version}/AUTHORS AUTHORS.nss_ldap
cp nss_ldap-%{version}/ChangeLog ChangeLog.nss_ldap
cp nss_ldap-%{version}/COPYING COPYING.nss_ldap
cp nss_ldap-%{version}/NEWS NEWS.nss_ldap
cp nss_ldap-%{version}/README README.nss_ldap
cp nss_ldap-%{version}/nsswitch.ldap nsswitch.ldap
cp pam_ldap-%{pam_ldap_version}/AUTHORS AUTHORS.pam_ldap
cp pam_ldap-%{pam_ldap_version}/ChangeLog ChangeLog.pam_ldap
cp pam_ldap-%{pam_ldap_version}/COPYING COPYING.pam_ldap
cp pam_ldap-%{pam_ldap_version}/COPYING.LIB COPYING.LIB.pam_ldap
cp pam_ldap-%{pam_ldap_version}/NEWS NEWS.pam_ldap
cp pam_ldap-%{pam_ldap_version}/README README.pam_ldap
cp %{_datadir}/libtool/config/config.{sub,guess} nss_ldap-%{version}/
cp %{_datadir}/libtool/config/config.{sub,guess} pam_ldap-%{pam_ldap_version}/
%build
# We're building modules here, so make sure -fPIC is always used.
CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS
# Build pam_ldap.
pushd pam_ldap-%{pam_ldap_version}
%configure --libdir=/%{_lib}
make %{?_smp_mflags}
popd
pushd nss_ldap-%{version}
%configure \
--with-ldap=openldap \
--enable-schema-mapping \
--enable-rfc2307bis \
--enable-configurable-krb5-ccname-gssapi
make %{?_smp_mflags} LIBS="-Wl,-Bstatic -lldap -llber -Wl,-Bdynamic -lsasl2 -lgssapi_krb5 -lssl -ldl -lpthread_nonshared -lnsl -lresolv"
popd
# Check that the modules are actually loadable.
%{SOURCE7} ./nss_ldap-%{version}/nss_ldap.so
%{SOURCE7} -lpam ./pam_ldap-%{pam_ldap_version}/pam_ldap.so
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/{etc,%{_lib}/security,%{_libdir}}
# Let the nss_ldap install target do its thing, skipping the chown/chgrp bits
# and making sure we only get one libc version, even on multilib boxen.
# We used to do some gymnastics to match the form of libnss_ldap-$libcversion.so
# filenames that the glibc-bundled modules do, but that doesn't tell us anything
# more than which version of libc was available at build time. People tend to
# assume that's also the nss_ldap version, too, so forget that.
libcver=%{version}
make -C nss_ldap-%{version} install \
DESTDIR=$RPM_BUILD_ROOT \
INST_UID=`id -un` INST_GID=`id -gn` \
LIBC_VERS=$libcver
# Install the direct-linking symlink.
ln -s libnss_ldap-$libcver.so $RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so
# Install the module for PAM.
pushd pam_ldap-%{pam_ldap_version}
make install DESTDIR=$RPM_BUILD_ROOT
# Install the default configuration file, but change the search bases to
# something generic to avoid overloading padl.com servers and to match
# good practice when using DNS domains in example configurations.
sed 's|dc=padl|dc=example|g' ldap.conf > $RPM_BUILD_ROOT/etc/ldap.conf
chmod 644 $RPM_BUILD_ROOT/etc/ldap.conf
popd
# Remove a doc file from /etc; we'll included it as a %%doc file.
rm -f $RPM_BUILD_ROOT/etc/nsswitch.ldap
# The makefile assumes installation into /lib, which is incorrect.
rm -f $RPM_BUILD_ROOT/%{_libdir}/../%{_libdir}/libnss_ldap.so.2
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%post
/sbin/ldconfig
# Fix a logic mismatch between what the version of authconfig in RHL 7.2 would
# generate and this version of pam_ldap.
if grep -q '^account required /lib/security/pam_ldap.so$' /etc/pam.d/system-auth ; then
newfile=`mktemp /etc/pam.d/system-auth-XXXXXX`
if [ ! -z "$newfile" ] ; then
cat /etc/pam.d/system-auth > $newfile
sed 's,account required /lib/security/pam_ldap.so,account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] pam_ldap.so,g' $newfile > /etc/pam.d/system-auth
rm -f $newfile
fi
fi
%postun -p /sbin/ldconfig
%post -n compat32-%{name} -p /sbin/ldconfig
%postun -n compat32-%{name} -p /sbin/ldconfig
%files
%defattr(-,root,root)
%attr(0755,root,root) /%{_libdir}/libnss_ldap-*.so
%attr(0755,root,root) /%{_libdir}/libnss_ldap.so.?
%attr(0755,root,root) /%{_lib}/security/*.so*
%attr(0755,root,root) %{_libdir}/libnss_ldap.so
%attr(0644,root,root) %{_mandir}/man5/*.5*
%attr(0644,root,root) %config(noreplace) /etc/ldap.conf
%doc README.TLS
%doc nsswitch.ldap *.nss_ldap *.pam_ldap
%doc pam_ldap-%{pam_ldap_version}/pam.d
%doc pam_ldap-%{pam_ldap_version}/ldapns.schema
%doc pam_ldap-%{pam_ldap_version}/ns-pwd-policy.schema
%if %{build_compat32}
%files -n compat32-%{name}
%defattr(-,root,root)
%attr(0755,root,root) /%{_libdir}/libnss_ldap-*.so
%attr(0755,root,root) /%{_libdir}/libnss_ldap.so.?
%attr(0755,root,root) %{_libdir}/libnss_ldap.so
%endif
%changelog
* Tue Dec 16 2014 Ryoichi INAGAKI <ryo1@toki.waseda.jp> 264-4
- rebuilt with cyrus-sasl 2.1.26
* Sat Apr 02 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 264-3
- rebuild with krb5-1.8.2
* Tue Jan 11 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 264-2
- rebuild with openssl-1.0.0c
* Fri Aug 14 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 264-1
- new upstream release
- update to nss_ldap-264
- merged with fedora package
- enable krb5, add BR: krb5-devel
- add compat32 package
* Sun Jan 04 2009 NAKAMURA Kenta <kenta@vinelinux.org> 261-2
- rebuilt with openldap-2.4.11
* Sun Aug 24 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 261-1
- new upstream release
- update to nss_ldap-261, pam_ldap-184
- merged with fedora package
* Mon Aug 28 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 251-0vl1
- new upstream release
- update to nss_ldap-251, pam_ldap-182
* Sun Aug 27 2006 NAKAMURA Kenta <kenta@vinelinux.org> 249-0vl3
- rebuilt with openldap-2.3.27-0vl1
* Sun Jul 02 2006 Satoshi MACHINO <machino@vinelinux.org> 249-0vl2
- rebuilt with openldap-2.3.24-0vl1
* Thu Mar 16 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 249-0vl1
- new upstream release
needed by new pam package. (thanks to Hideki MIWA)
- remove unneeded patches(0,1,2,3)
* Sat Apr 10 2004 Satoshi MACHINO <machino@vinelinux.org> 217-1vl1
- new upstream version
- merged fedora core's package
* Thu Mar 25 2004 Nalin Dahyabhai <nalin@redhat.com> 217-1
- include patch to set errno to ENOENT when returning NSS_STATUS_NOTFOUND to
glibc
* Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com>
- update to 217
* Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 212-1
- update to 212, pam_ldap 167
- link nss_ldap with libgssapi_krb5, the static libsasl2 includes the gssapi
mech, at least for now, and we pick up its unresolved symbols at link-time
- fix out-of-bounds error at initialization-time (part of #101269)
- include pam_ldap's authorization schema files for slapd as a doc file
* Thu Nov 20 2003 Nalin Dahyabhai <nalin@redhat.com> 207-5
- fix objectclass and attribute mapping, which failed due to uninitialized
fields in mapping index structures, fixed upstream in 210 (#110547)
* Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com> 207-4
- link with the proper libsasl (1 or 2) for the version of OpenLDAP we
are linking with (#106801)
* Thu Aug 14 2003 Nalin Dahyabhai <nalin@redhat.com> 207-3
- link dynamically with libcom_err if it isn't in /usr/kerberos/%{_lib} (which
we assume means that it's in /%{_lib})
* Wed Aug 13 2003 Nalin Dahyabhai <nalin@redhat.com> 207-2
- relax openldap-devel buildreq to 2.0.27
* Thu Jun 5 2003 Nalin Dahyabhai <nalin@redhat.com> 207-1
- update to build with newer OpenLDAP
- add README.TLS to remind people that in order for TLS support to be usable,
the server's certificate has to pass validation checks made by the client
* Sun Mar 09 2003 Florian La Roche <Florian.LaRoche@redhat.de>
- move pam into /lib64/security directory
* Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com> 202-4
- rework static link order to account for libssl requiring libkrb5
- force assembly locking on %%ix86 systems
- link with libz, which libssl also requires
* Thu Dec 12 2002 Elliot Lee <sopwith@redhat.com> 202-3
- Fix wildcard for symlink in %%install
* Thu Nov 14 2002 Nalin Dahyabhai <nalin@redhat.com> 202-2
- apply DB patches from sleepycat.com
- correctly point nss_ldap at the bundled DB library
- create /%%{_lib} instead of /lib to install into
* Wed Oct 2 2002 Nalin Dahyabhai <nalin@redhat.com> 202-1
- update to nss_ldap 202, pam_ldap 153
- update DB from 4.0.14 to 4.1.24.NC
- try to address multilib path changes
* Fri Aug 9 2002 Nalin Dahyabhai <nalin@redhat.com> 198-2
- handle larger-than-expected DNS responses correctly
* Wed Aug 7 2002 Nalin Dahyabhai <nalin@redhat.com> 198-1
- update to nss_ldap 198, closing a possible buffer overflow in DNS autoconfig
* Fri Jul 19 2002 Nalin Dahyabhai <nalin@redhat.com> 197-1
- update to nss_ldap 197, pam_ldap 150
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Mon Jun 10 2002 Nalin Dahyabhai <nalin@redhat.com> 194-1
- update to nss_ldap 194, pam_ldap 148
* Sun May 26 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Mon May 20 2002 Nalin Dahyabhai <nalin@redhat.com> 189-3
- rebuild in new environment
* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 189-2
- build for RHL 7.2/7.3
* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 189-1.7
- build for RHL 7/7.1
* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 189-1.6
- fix up logic generated by authconfig from RHL 7.2 in %%post
- build for RHL 6.x
* Wed May 15 2002 Nalin Dahyabhai <nalin@redhat.com>
- the triggerun should be a trigger postun
* Tue May 7 2002 Nalin Dahyabhai <nalin@redhat.com> 189-0.6
- update to nss_ldap 189, pam_ldap 145
* Tue May 7 2002 Nalin Dahyabhai <nalin@redhat.com> 188-0.6
- rebuild for RHL 6.2
- change dependency on pam-devel to /usr/include/security/pam_modules.h
- drop build deps on cyrus-sasl-devel and openldap >= 2.x
- modify pam_ldap versions file so that binutils from RHL 6.2 can parse it
- update to nss_ldap 188
- update to pam_ldap 144
* Fri Apr 5 2002 Nalin Dahyabhai <nalin@redhat.com> 185-1
- update to nss_ldap 185
- update to pam_ldap 140
* Thu Feb 28 2002 Nalin Dahyabhai <nalin@redhat.com> 184-1
- update to pam_ldap 138
- enable rfc2307bis schema support
- version the pam_ldap module
- add the proper soname to the nss_ldap module and remove the symlink
- add a trigger to run ldconfig again when an upgrade removes the symlink,
which used to be in this package (doh!)
- fix the symlink from %%{_libdir} to the module (for linking directly to it)
* Thu Feb 14 2002 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 184, pam_ldap 137
* Thu Apr 10 2002 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 181-1vl2
- rebuild
* Sat Jan 26 2002 MACHINO Satoshi <machino@vinelinux.org> 181-1vl1
- updated to nss_ldap 181, pam_ldap 136
* Sun Nov 19 2000 Satoshi MACHINO <machino@vinelinux.org> 122-4vl1
- build with gcc-2.95.3
- removed krb5-devel in BuildPrereq tag
- removed nss_ldap-122-redhat.patch
- added nss_ldap-122-vine.patch
- partially used rpmmacros
* Fri Oct 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 122
- link statically with libsasl, require the first devel package that supplied it
* Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 120 and pam_ldap 77
* Wed Oct 4 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 116 and pam_ldap 74
* Fri Sep 7 2000 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
* Thu Jul 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to pam_ldap 67 to fix a bug in template user code
- convert symlink in /usr/lib to a relative one (#16132)
* Thu Jul 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 113 and pam_ldap 66
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
* Tue Jun 27 2000 Matt Wilson <msw@redhat.com>
- changed all the -,- in attr statements to root,root
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update pam_ldap to 63
* Wed May 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- update pam_ldap to 56
* Tue May 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- update pam_ldap to 55
- back out no-threads patch for pam_ldap, not needed any more
* Thu May 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 110
- revert prototype patch, looks like a problem with the new glibc after all
* Fri May 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- get libpthread out of the NSS module
- fix prototype problems in getpwXXX()
* Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 109
* Sat Apr 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- update pam_ldap 51
* Tue Apr 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 108 and pam_ldap 49
* Thu Apr 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to pam_ldap 48
* Thu Mar 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 107
- note: check http://www.advogato.org/person/lukeh/ for Luke's changelog
* Tue Mar 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 106
* Wed Feb 9 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 105
* Mon Feb 7 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 104 and pam_ldap 46
- disable link against libpthread in pam_ldap
* Tue Feb 1 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove migration tools, because this package requires openldap now, which
also includes them
* Fri Jan 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 103
* Mon Jan 24 2000 Preston Brown <pbrown@redhat.com>
- fix typo in linuxconf-pair pam cfg file (#7800)
* Tue Jan 11 2000 Preston Brown <pbrown@redhat.com>
- v99, made it require pam_ldap
- added perl migration tools
- integrate pam_ldap stuff
* Fri Oct 22 1999 Bill Nottingham <notting@redhat.com>
- statically link ldap libraries (they're in /usr/lib)
* Tue Aug 10 1999 Cristian Gafton <gafton@redhat.com>
- use the ldap.conf file as an external source
- don't forcibly build the support for version 3
- imported the default spec file from the tarball and fixed it up for RH 6.1