source: projects/specs/trunk/n/nss_ldap/nss_ldap-vl.spec @ 521

%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}

%define pam_ldap_version 184
Summary: NSS library and PAM module for LDAP
Summary(ja): LDAP を利用する NSS ライブラリ および PAM モジュール
Name: nss_ldap
Version: 264
Release: 1%{?_dist_release}
URL: http://www.padl.com/
License: LGPLv2+
Group: System Environment/Base

Source0: ftp://ftp.padl.com/pub/nss_ldap-%{version}.tar.gz
Source1: ftp://ftp.padl.com/pub/pam_ldap-%{pam_ldap_version}.tar.gz
Source3: nss_ldap.versions
Source4: pam_ldap.versions
Source5: README.TLS
Source6: version.c
Source7: dlopen.sh
Patch0: pam_ldap-184-dnsconfig.patch
Patch1: pam_ldap-180-local_users.patch
Patch3: pam_ldap-180-install-perms.patch
Patch4: pam_ldap-180-bind.patch
Patch6: nss_ldap-257-over-recursion.patch
Patch7: pam_ldap-182-manpointer.patch
Patch8: nss_ldap-254-soname.patch
Patch11: nss_ldap-257-initgroups-minimum_uid.patch
Patch13: pam_ldap-176-exop-modify.patch
Patch15: nss_ldap-257-mozldap.patch
Patch16: pam_ldap-184-referral-passwd2.patch
Patch17: nss_ldap-259-res_init.patch
Patch19: pam_ldap-184-broken-sasl-rebind.patch
Patch20: pam_ldap-184-nsrole.patch
Patch22: nss_ldap-264-ent_internal.patch
Patch23: pam_ldap-183-releaseconfig.patch
Patch24: nss_ldap-264-cloexec.patch

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: autoconf, automake, libtool
BuildRequires: openssl-devel, pam-devel
BuildRequires: cyrus-sasl-devel >= 2.1
BuildRequires: openldap-devel >= 2.0.27
BuildRequires: krb5-devel >= 1.4
Requires: nscd
Obsoletes: pam_ldap
Requires(post): grep, sed, coreutils, /sbin/ldconfig

%description
This package includes two LDAP access clients: nss_ldap and pam_ldap.
Nss_ldap is a set of C library extensions that allow X.500 and LDAP
directory servers to be used as a primary source of aliases, ethers,
groups, hosts, networks, protocol, users, RPCs, services, and shadow
passwords (instead of or in addition to using flat files or NIS).

Pam_ldap is a module for Linux-PAM that supports password changes, V2
clients, Netscape's SSL, ypldapd, Netscape Directory Server password
policies, access authorization, and crypted hashes.

# compat32
%package -n compat32-%{name}
Summary: NSS library and PAM module for LDAP
Summary(ja): LDAP を利用する NSS ライブラリ および PAM モジュール
Group: System Environment/Base
Requires: %{name} = %{version}-%{release}

%description -n compat32-%{name}
This package includes two LDAP access clients: nss_ldap and pam_ldap.
Nss_ldap is a set of C library extensions that allow X.500 and LDAP
directory servers to be used as a primary source of aliases, ethers,
groups, hosts, networks, protocol, users, RPCs, services, and shadow
passwords (instead of or in addition to using flat files or NIS).

Pam_ldap is a module for Linux-PAM that supports password changes, V2
clients, Netscape's SSL, ypldapd, Netscape Directory Server password
policies, access authorization, and crypted hashes.

%prep
%setup -q -c -a 1
cp %{SOURCE5} .
cp nss_ldap-%{version}/ldap.conf ldap.conf.nss_ldap
cp pam_ldap-%{pam_ldap_version}/ldap.conf ldap.conf.pam_ldap

cp nss_ldap-%{version}/resolve.c pam_ldap-%{pam_ldap_version}/
cp nss_ldap-%{version}/resolve.h pam_ldap-%{pam_ldap_version}/
cp nss_ldap-%{version}/snprintf.c pam_ldap-%{pam_ldap_version}/
cp nss_ldap-%{version}/snprintf.h pam_ldap-%{pam_ldap_version}/

pushd nss_ldap-%{version}
%patch8 -p1 -b .soname
%patch17 -p1 -b .res_init
%patch22 -p1 -b .ent_internal
%patch24 -p1 -b .cloexec
autoreconf -f -i
popd

pushd pam_ldap-%{pam_ldap_version}
%patch0 -p1 -b .dnsconfig
%patch3 -p1 -b .install-perms
%patch4 -p1 -b .bind
%patch1 -p1 -b .local_users
%patch7 -p1 -b .manpointer
%patch13 -p1 -b .exop-modify
%patch16 -p1 -b .referral-passwd2
%patch19 -p1 -b .broken-sasl-rebind
%patch20 -p1 -b .nsrole
%patch23 -p1 -b .releaseconfig
autoreconf -f -i
popd

rm -f pam.d/*.pam_console

cp nss_ldap-%{version}/ANNOUNCE             ANNOUNCE.nss_ldap
cp nss_ldap-%{version}/AUTHORS              AUTHORS.nss_ldap
cp nss_ldap-%{version}/ChangeLog            ChangeLog.nss_ldap
cp nss_ldap-%{version}/COPYING              COPYING.nss_ldap
cp nss_ldap-%{version}/NEWS                 NEWS.nss_ldap
cp nss_ldap-%{version}/README               README.nss_ldap
cp nss_ldap-%{version}/nsswitch.ldap        nsswitch.ldap
cp pam_ldap-%{pam_ldap_version}/AUTHORS     AUTHORS.pam_ldap
cp pam_ldap-%{pam_ldap_version}/ChangeLog   ChangeLog.pam_ldap
cp pam_ldap-%{pam_ldap_version}/COPYING     COPYING.pam_ldap
cp pam_ldap-%{pam_ldap_version}/COPYING.LIB COPYING.LIB.pam_ldap
cp pam_ldap-%{pam_ldap_version}/NEWS        NEWS.pam_ldap
cp pam_ldap-%{pam_ldap_version}/README      README.pam_ldap

cp %{_datadir}/libtool/config/config.{sub,guess} nss_ldap-%{version}/
cp %{_datadir}/libtool/config/config.{sub,guess} pam_ldap-%{pam_ldap_version}/

%build
# We're building modules here, so make sure -fPIC is always used.
CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS

# Build pam_ldap.
pushd pam_ldap-%{pam_ldap_version}
%configure --libdir=/%{_lib}
make %{?_smp_mflags}
popd

pushd nss_ldap-%{version}
%configure \
        --with-ldap=openldap \
        --enable-schema-mapping \
        --enable-rfc2307bis \
        --enable-configurable-krb5-ccname-gssapi
make %{?_smp_mflags} LIBS="-Wl,-Bstatic -lldap -llber -Wl,-Bdynamic -lsasl2 -lgssapi_krb5 -lssl -ldl -lpthread_nonshared -lnsl -lresolv"
popd

# Check that the modules are actually loadable.
%{SOURCE7}       ./nss_ldap-%{version}/nss_ldap.so
%{SOURCE7} -lpam ./pam_ldap-%{pam_ldap_version}/pam_ldap.so

%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/{etc,%{_lib}/security,%{_libdir}}

# Let the nss_ldap install target do its thing, skipping the chown/chgrp bits
# and making sure we only get one libc version, even on multilib boxen.
# We used to do some gymnastics to match the form of libnss_ldap-$libcversion.so
# filenames that the glibc-bundled modules do, but that doesn't tell us anything
# more than which version of libc was available at build time.  People tend to
# assume that's also the nss_ldap version, too, so forget that.
libcver=%{version}
make -C nss_ldap-%{version} install \
        DESTDIR=$RPM_BUILD_ROOT \
        INST_UID=`id -un` INST_GID=`id -gn` \
        LIBC_VERS=$libcver

# Install the direct-linking symlink.
ln -s libnss_ldap-$libcver.so $RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so

# Install the module for PAM.
pushd pam_ldap-%{pam_ldap_version}
make install DESTDIR=$RPM_BUILD_ROOT

# Install the default configuration file, but change the search bases to
# something generic to avoid overloading padl.com servers and to match
# good practice when using DNS domains in example configurations.
sed 's|dc=padl|dc=example|g' ldap.conf > $RPM_BUILD_ROOT/etc/ldap.conf
chmod 644 $RPM_BUILD_ROOT/etc/ldap.conf
popd

# Remove a doc file from /etc; we'll included it as a %%doc file.
rm -f $RPM_BUILD_ROOT/etc/nsswitch.ldap

# The makefile assumes installation into /lib, which is incorrect.
rm -f $RPM_BUILD_ROOT/%{_libdir}/../%{_libdir}/libnss_ldap.so.2

%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT

%post
/sbin/ldconfig
# Fix a logic mismatch between what the version of authconfig in RHL 7.2 would
# generate and this version of pam_ldap.
if grep -q '^account     required      /lib/security/pam_ldap.so$' /etc/pam.d/system-auth ; then
        newfile=`mktemp /etc/pam.d/system-auth-XXXXXX`
        if [ ! -z "$newfile" ] ; then
                cat /etc/pam.d/system-auth > $newfile
                sed 's,account     required      /lib/security/pam_ldap.so,account     [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] pam_ldap.so,g' $newfile > /etc/pam.d/system-auth
                rm -f $newfile
        fi
fi

%postun -p /sbin/ldconfig

%post -n compat32-%{name} -p /sbin/ldconfig
%postun -n compat32-%{name} -p /sbin/ldconfig

%files
%defattr(-,root,root)
%attr(0755,root,root) /%{_libdir}/libnss_ldap-*.so
%attr(0755,root,root) /%{_libdir}/libnss_ldap.so.?
%attr(0755,root,root) /%{_lib}/security/*.so*
%attr(0755,root,root) %{_libdir}/libnss_ldap.so
%attr(0644,root,root) %{_mandir}/man5/*.5*
%attr(0644,root,root) %config(noreplace) /etc/ldap.conf
%doc README.TLS
%doc nsswitch.ldap *.nss_ldap *.pam_ldap
%doc pam_ldap-%{pam_ldap_version}/pam.d
%doc pam_ldap-%{pam_ldap_version}/ldapns.schema
%doc pam_ldap-%{pam_ldap_version}/ns-pwd-policy.schema

%if %{build_compat32}
%files -n compat32-%{name}
%defattr(-,root,root)
%attr(0755,root,root) /%{_libdir}/libnss_ldap-*.so
%attr(0755,root,root) /%{_libdir}/libnss_ldap.so.?
%attr(0755,root,root) %{_libdir}/libnss_ldap.so
%endif

%changelog
* Fri Aug 14 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 264-1
- new upstream release
  - update to nss_ldap-264
- merged with fedora package
- enable krb5, add BR: krb5-devel
- add compat32 package

* Sun Jan 04 2009 NAKAMURA Kenta <kenta@vinelinux.org> 261-2
- rebuilt with openldap-2.4.11

* Sun Aug 24 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 261-1
- new upstream release
  - update to nss_ldap-261, pam_ldap-184
- merged with fedora package

* Mon Aug 28 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 251-0vl1
- new upstream release
  - update to nss_ldap-251, pam_ldap-182

* Sun Aug 27 2006 NAKAMURA Kenta <kenta@vinelinux.org> 249-0vl3
- rebuilt with openldap-2.3.27-0vl1

* Sun Jul 02 2006 Satoshi MACHINO <machino@vinelinux.org> 249-0vl2
- rebuilt with openldap-2.3.24-0vl1

* Thu Mar 16 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 249-0vl1
- new upstream release
  needed by new pam package. (thanks to Hideki MIWA)
- remove unneeded patches(0,1,2,3)

* Sat Apr 10 2004 Satoshi MACHINO <machino@vinelinux.org> 217-1vl1
- new upstream version
- merged fedora core's package 
  * Thu Mar 25 2004 Nalin Dahyabhai <nalin@redhat.com> 217-1
  - include patch to set errno to ENOENT when returning NSS_STATUS_NOTFOUND to
  glibc
  * Tue Mar 23 2004 Nalin Dahyabhai <nalin@redhat.com>
  - update to 217
  * Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 212-1
  - update to 212, pam_ldap 167
  - link nss_ldap with libgssapi_krb5, the static libsasl2 includes the gssapi
    mech, at least for now, and we pick up its unresolved symbols at link-time
  - fix out-of-bounds error at initialization-time (part of #101269)
  - include pam_ldap's authorization schema files for slapd as a doc file
  * Thu Nov 20 2003 Nalin Dahyabhai <nalin@redhat.com> 207-5
  - fix objectclass and attribute mapping, which failed due to uninitialized
    fields in mapping index structures, fixed upstream in 210 (#110547)
  * Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com> 207-4
  - link with the proper libsasl (1 or 2) for the version of OpenLDAP we
    are linking with (#106801)
  * Thu Aug 14 2003 Nalin Dahyabhai <nalin@redhat.com> 207-3
  - link dynamically with libcom_err if it isn't in /usr/kerberos/%{_lib} (which
    we assume means that it's in /%{_lib})
  * Wed Aug 13 2003 Nalin Dahyabhai <nalin@redhat.com> 207-2
  - relax openldap-devel buildreq to 2.0.27
  * Thu Jun  5 2003 Nalin Dahyabhai <nalin@redhat.com> 207-1
  - update to build with newer OpenLDAP
  - add README.TLS to remind people that in order for TLS support to be usable,
    the server's certificate has to pass validation checks made by the client
  * Sun Mar 09 2003 Florian La Roche <Florian.LaRoche@redhat.de>
  - move pam into /lib64/security directory
  * Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com> 202-4
  - rework static link order to account for libssl requiring libkrb5
  - force assembly locking on %%ix86 systems
  - link with libz, which libssl also requires
  * Thu Dec 12 2002 Elliot Lee <sopwith@redhat.com> 202-3
  - Fix wildcard for symlink in %%install
  * Thu Nov 14 2002 Nalin Dahyabhai <nalin@redhat.com> 202-2
  - apply DB patches from sleepycat.com
  - correctly point nss_ldap at the bundled DB library
  - create /%%{_lib} instead of /lib to install into
  * Wed Oct  2 2002 Nalin Dahyabhai <nalin@redhat.com> 202-1
  - update to nss_ldap 202, pam_ldap 153
  - update DB from 4.0.14 to 4.1.24.NC
  - try to address multilib path changes
  * Fri Aug  9 2002 Nalin Dahyabhai <nalin@redhat.com> 198-2
  - handle larger-than-expected DNS responses correctly
  * Wed Aug  7 2002 Nalin Dahyabhai <nalin@redhat.com> 198-1
  - update to nss_ldap 198, closing a possible buffer overflow in DNS autoconfig
  * Fri Jul 19 2002 Nalin Dahyabhai <nalin@redhat.com> 197-1
  - update to nss_ldap 197, pam_ldap 150
  * Fri Jun 21 2002 Tim Powers <timp@redhat.com>
  - automated rebuild
  * Mon Jun 10 2002 Nalin Dahyabhai <nalin@redhat.com> 194-1
  - update to nss_ldap 194, pam_ldap 148
  * Sun May 26 2002 Tim Powers <timp@redhat.com>
  - automated rebuild
  * Mon May 20 2002 Nalin Dahyabhai <nalin@redhat.com> 189-3
  - rebuild in new environment
  * Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 189-2
  - build for RHL 7.2/7.3
  * Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 189-1.7
  - build for RHL 7/7.1
  * Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 189-1.6
  - fix up logic generated by authconfig from RHL 7.2 in %%post
  - build for RHL 6.x
  * Wed May 15 2002 Nalin Dahyabhai <nalin@redhat.com>
  - the triggerun should be a trigger postun
  * Tue May  7 2002 Nalin Dahyabhai <nalin@redhat.com> 189-0.6
  - update to nss_ldap 189, pam_ldap 145
  * Tue May  7 2002 Nalin Dahyabhai <nalin@redhat.com> 188-0.6
  - rebuild for RHL 6.2
  - change dependency on pam-devel to /usr/include/security/pam_modules.h
  - drop build deps on cyrus-sasl-devel and openldap >= 2.x
  - modify pam_ldap versions file so that binutils from RHL 6.2 can parse it
  - update to nss_ldap 188
  - update to pam_ldap 144
  * Fri Apr  5 2002 Nalin Dahyabhai <nalin@redhat.com> 185-1
  - update to nss_ldap 185
  - update to pam_ldap 140
  * Thu Feb 28 2002 Nalin Dahyabhai <nalin@redhat.com> 184-1
  - update to pam_ldap 138
  - enable rfc2307bis schema support
  - version the pam_ldap module
  - add the proper soname to the nss_ldap module and remove the symlink
  - add a trigger to run ldconfig again when an upgrade removes the symlink,
    which used to be in this package (doh!)
  - fix the symlink from %%{_libdir} to the module (for linking directly to it)
  * Thu Feb 14 2002 Nalin Dahyabhai <nalin@redhat.com>
  - update to nss_ldap 184, pam_ldap 137

* Thu Apr 10 2002 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 181-1vl2
- rebuild
                                                                                
* Sat Jan 26 2002 MACHINO Satoshi <machino@vinelinux.org> 181-1vl1
- updated to nss_ldap 181, pam_ldap 136
                                                                                
* Sun Nov 19 2000 Satoshi MACHINO <machino@vinelinux.org> 122-4vl1
- build with gcc-2.95.3
- removed krb5-devel in BuildPrereq tag
- removed nss_ldap-122-redhat.patch
- added nss_ldap-122-vine.patch
- partially used rpmmacros
                                                                                
* Fri Oct 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 122
- link statically with libsasl, require the first devel package that supplied it                                                                                
                                                                                
* Thu Oct 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 120 and pam_ldap 77
                                                                                
* Wed Oct  4 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 116 and pam_ldap 74

* Fri Sep  7 2000 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
                                                                                
* Thu Jul 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to pam_ldap 67 to fix a bug in template user code
- convert symlink in /usr/lib to a relative one (#16132)
                                                                                
* Thu Jul 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 113 and pam_ldap 66
                                                                                
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
                                                                                
* Tue Jun 27 2000 Matt Wilson <msw@redhat.com>
- changed all the -,- in attr statements to root,root
                                                                                
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update pam_ldap to 63
                                                                                
* Wed May 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- update pam_ldap to 56
                                                                                
* Tue May 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- update pam_ldap to 55
- back out no-threads patch for pam_ldap, not needed any more
                                                                                
* Thu May 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 110
- revert prototype patch, looks like a problem with the new glibc after all
                                                                                
* Fri May 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- get libpthread out of the NSS module
- fix prototype problems in getpwXXX()
                                                                                
* Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 109
                                                                                
* Sat Apr 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- update pam_ldap 51
                                                                                
* Tue Apr 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 108 and pam_ldap 49
                                                                                
* Thu Apr 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to pam_ldap 48

* Thu Mar 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 107
- note: check http://www.advogato.org/person/lukeh/ for Luke's changelog
                                                                                
* Tue Mar 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 106
                                                                                
* Wed Feb  9 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 105
                                                                                
* Mon Feb  7 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 104 and pam_ldap 46
- disable link against libpthread in pam_ldap
                                                                                
* Tue Feb  1 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove migration tools, because this package requires openldap now, which
  also includes them
                                                                                
* Fri Jan 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to nss_ldap 103
                                                                                
* Mon Jan 24 2000 Preston Brown <pbrown@redhat.com>
- fix typo in linuxconf-pair pam cfg file (#7800)

* Tue Jan 11 2000 Preston Brown <pbrown@redhat.com>
- v99, made it require pam_ldap
- added perl migration tools
- integrate pam_ldap stuff
                                                                                
* Fri Oct 22 1999 Bill Nottingham <notting@redhat.com>
- statically link ldap libraries (they're in /usr/lib)
                                                                                
* Tue Aug 10 1999 Cristian Gafton <gafton@redhat.com>
- use the ldap.conf file as an external source
- don't forcibly build the support for version 3
- imported the default spec file from the tarball and fixed it up for RH 6.1