%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} %define pam_ldap_version 184 Summary: NSS library and PAM module for LDAP Summary(ja): LDAP を利用する NSS ライブラリ および PAM モジュール Name: nss_ldap Version: 264 Release: 3%{?_dist_release} URL: http://www.padl.com/ License: LGPLv2+ Group: System Environment/Base Source0: ftp://ftp.padl.com/pub/nss_ldap-%{version}.tar.gz Source1: ftp://ftp.padl.com/pub/pam_ldap-%{pam_ldap_version}.tar.gz Source3: nss_ldap.versions Source4: pam_ldap.versions Source5: README.TLS Source6: version.c Source7: dlopen.sh Patch0: pam_ldap-184-dnsconfig.patch Patch1: pam_ldap-180-local_users.patch Patch3: pam_ldap-180-install-perms.patch Patch4: pam_ldap-180-bind.patch Patch6: nss_ldap-257-over-recursion.patch Patch7: pam_ldap-182-manpointer.patch Patch8: nss_ldap-254-soname.patch Patch11: nss_ldap-257-initgroups-minimum_uid.patch Patch13: pam_ldap-176-exop-modify.patch Patch15: nss_ldap-257-mozldap.patch Patch16: pam_ldap-184-referral-passwd2.patch Patch17: nss_ldap-259-res_init.patch Patch19: pam_ldap-184-broken-sasl-rebind.patch Patch20: pam_ldap-184-nsrole.patch Patch22: nss_ldap-264-ent_internal.patch Patch23: pam_ldap-183-releaseconfig.patch Patch24: nss_ldap-264-cloexec.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: autoconf, automake, libtool BuildRequires: openssl-devel, pam-devel BuildRequires: cyrus-sasl-devel >= 2.1 BuildRequires: openldap-devel >= 2.0.27 BuildRequires: krb5-devel >= 1.4 Requires: nscd Obsoletes: pam_ldap Requires(post): grep, sed, coreutils, /sbin/ldconfig %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services, and shadow passwords (instead of or in addition to using flat files or NIS). Pam_ldap is a module for Linux-PAM that supports password changes, V2 clients, Netscape's SSL, ypldapd, Netscape Directory Server password policies, access authorization, and crypted hashes. # compat32 %package -n compat32-%{name} Summary: NSS library and PAM module for LDAP Summary(ja): LDAP を利用する NSS ライブラリ および PAM モジュール Group: System Environment/Base Requires: %{name} = %{version}-%{release} %description -n compat32-%{name} This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services, and shadow passwords (instead of or in addition to using flat files or NIS). Pam_ldap is a module for Linux-PAM that supports password changes, V2 clients, Netscape's SSL, ypldapd, Netscape Directory Server password policies, access authorization, and crypted hashes. %prep %setup -q -c -a 1 cp %{SOURCE5} . cp nss_ldap-%{version}/ldap.conf ldap.conf.nss_ldap cp pam_ldap-%{pam_ldap_version}/ldap.conf ldap.conf.pam_ldap cp nss_ldap-%{version}/resolve.c pam_ldap-%{pam_ldap_version}/ cp nss_ldap-%{version}/resolve.h pam_ldap-%{pam_ldap_version}/ cp nss_ldap-%{version}/snprintf.c pam_ldap-%{pam_ldap_version}/ cp nss_ldap-%{version}/snprintf.h pam_ldap-%{pam_ldap_version}/ pushd nss_ldap-%{version} %patch8 -p1 -b .soname %patch17 -p1 -b .res_init %patch22 -p1 -b .ent_internal %patch24 -p1 -b .cloexec autoreconf -f -i popd pushd pam_ldap-%{pam_ldap_version} %patch0 -p1 -b .dnsconfig %patch3 -p1 -b .install-perms %patch4 -p1 -b .bind %patch1 -p1 -b .local_users %patch7 -p1 -b .manpointer %patch13 -p1 -b .exop-modify %patch16 -p1 -b .referral-passwd2 %patch19 -p1 -b .broken-sasl-rebind %patch20 -p1 -b .nsrole %patch23 -p1 -b .releaseconfig autoreconf -f -i popd rm -f pam.d/*.pam_console cp nss_ldap-%{version}/ANNOUNCE ANNOUNCE.nss_ldap cp nss_ldap-%{version}/AUTHORS AUTHORS.nss_ldap cp nss_ldap-%{version}/ChangeLog ChangeLog.nss_ldap cp nss_ldap-%{version}/COPYING COPYING.nss_ldap cp nss_ldap-%{version}/NEWS NEWS.nss_ldap cp nss_ldap-%{version}/README README.nss_ldap cp nss_ldap-%{version}/nsswitch.ldap nsswitch.ldap cp pam_ldap-%{pam_ldap_version}/AUTHORS AUTHORS.pam_ldap cp pam_ldap-%{pam_ldap_version}/ChangeLog ChangeLog.pam_ldap cp pam_ldap-%{pam_ldap_version}/COPYING COPYING.pam_ldap cp pam_ldap-%{pam_ldap_version}/COPYING.LIB COPYING.LIB.pam_ldap cp pam_ldap-%{pam_ldap_version}/NEWS NEWS.pam_ldap cp pam_ldap-%{pam_ldap_version}/README README.pam_ldap cp %{_datadir}/libtool/config/config.{sub,guess} nss_ldap-%{version}/ cp %{_datadir}/libtool/config/config.{sub,guess} pam_ldap-%{pam_ldap_version}/ %build # We're building modules here, so make sure -fPIC is always used. CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS # Build pam_ldap. pushd pam_ldap-%{pam_ldap_version} %configure --libdir=/%{_lib} make %{?_smp_mflags} popd pushd nss_ldap-%{version} %configure \ --with-ldap=openldap \ --enable-schema-mapping \ --enable-rfc2307bis \ --enable-configurable-krb5-ccname-gssapi make %{?_smp_mflags} LIBS="-Wl,-Bstatic -lldap -llber -Wl,-Bdynamic -lsasl2 -lgssapi_krb5 -lssl -ldl -lpthread_nonshared -lnsl -lresolv" popd # Check that the modules are actually loadable. %{SOURCE7} ./nss_ldap-%{version}/nss_ldap.so %{SOURCE7} -lpam ./pam_ldap-%{pam_ldap_version}/pam_ldap.so %install [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/{etc,%{_lib}/security,%{_libdir}} # Let the nss_ldap install target do its thing, skipping the chown/chgrp bits # and making sure we only get one libc version, even on multilib boxen. # We used to do some gymnastics to match the form of libnss_ldap-$libcversion.so # filenames that the glibc-bundled modules do, but that doesn't tell us anything # more than which version of libc was available at build time. People tend to # assume that's also the nss_ldap version, too, so forget that. libcver=%{version} make -C nss_ldap-%{version} install \ DESTDIR=$RPM_BUILD_ROOT \ INST_UID=`id -un` INST_GID=`id -gn` \ LIBC_VERS=$libcver # Install the direct-linking symlink. ln -s libnss_ldap-$libcver.so $RPM_BUILD_ROOT/%{_libdir}/libnss_ldap.so # Install the module for PAM. pushd pam_ldap-%{pam_ldap_version} make install DESTDIR=$RPM_BUILD_ROOT # Install the default configuration file, but change the search bases to # something generic to avoid overloading padl.com servers and to match # good practice when using DNS domains in example configurations. sed 's|dc=padl|dc=example|g' ldap.conf > $RPM_BUILD_ROOT/etc/ldap.conf chmod 644 $RPM_BUILD_ROOT/etc/ldap.conf popd # Remove a doc file from /etc; we'll included it as a %%doc file. rm -f $RPM_BUILD_ROOT/etc/nsswitch.ldap # The makefile assumes installation into /lib, which is incorrect. rm -f $RPM_BUILD_ROOT/%{_libdir}/../%{_libdir}/libnss_ldap.so.2 %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT %post /sbin/ldconfig # Fix a logic mismatch between what the version of authconfig in RHL 7.2 would # generate and this version of pam_ldap. if grep -q '^account required /lib/security/pam_ldap.so$' /etc/pam.d/system-auth ; then newfile=`mktemp /etc/pam.d/system-auth-XXXXXX` if [ ! -z "$newfile" ] ; then cat /etc/pam.d/system-auth > $newfile sed 's,account required /lib/security/pam_ldap.so,account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] pam_ldap.so,g' $newfile > /etc/pam.d/system-auth rm -f $newfile fi fi %postun -p /sbin/ldconfig %post -n compat32-%{name} -p /sbin/ldconfig %postun -n compat32-%{name} -p /sbin/ldconfig %files %defattr(-,root,root) %attr(0755,root,root) /%{_libdir}/libnss_ldap-*.so %attr(0755,root,root) /%{_libdir}/libnss_ldap.so.? %attr(0755,root,root) /%{_lib}/security/*.so* %attr(0755,root,root) %{_libdir}/libnss_ldap.so %attr(0644,root,root) %{_mandir}/man5/*.5* %attr(0644,root,root) %config(noreplace) /etc/ldap.conf %doc README.TLS %doc nsswitch.ldap *.nss_ldap *.pam_ldap %doc pam_ldap-%{pam_ldap_version}/pam.d %doc pam_ldap-%{pam_ldap_version}/ldapns.schema %doc pam_ldap-%{pam_ldap_version}/ns-pwd-policy.schema %if %{build_compat32} %files -n compat32-%{name} %defattr(-,root,root) %attr(0755,root,root) /%{_libdir}/libnss_ldap-*.so %attr(0755,root,root) /%{_libdir}/libnss_ldap.so.? %attr(0755,root,root) %{_libdir}/libnss_ldap.so %endif %changelog * Sat Apr 02 2011 Daisuke SUZUKI 264-3 - rebuild with krb5-1.8.2 * Tue Jan 11 2011 Yoji TOYODA 264-2 - rebuild with openssl-1.0.0c * Fri Aug 14 2009 Daisuke SUZUKI 264-1 - new upstream release - update to nss_ldap-264 - merged with fedora package - enable krb5, add BR: krb5-devel - add compat32 package * Sun Jan 04 2009 NAKAMURA Kenta 261-2 - rebuilt with openldap-2.4.11 * Sun Aug 24 2008 Daisuke SUZUKI 261-1 - new upstream release - update to nss_ldap-261, pam_ldap-184 - merged with fedora package * Mon Aug 28 2006 Daisuke SUZUKI 251-0vl1 - new upstream release - update to nss_ldap-251, pam_ldap-182 * Sun Aug 27 2006 NAKAMURA Kenta 249-0vl3 - rebuilt with openldap-2.3.27-0vl1 * Sun Jul 02 2006 Satoshi MACHINO 249-0vl2 - rebuilt with openldap-2.3.24-0vl1 * Thu Mar 16 2006 Daisuke SUZUKI 249-0vl1 - new upstream release needed by new pam package. (thanks to Hideki MIWA) - remove unneeded patches(0,1,2,3) * Sat Apr 10 2004 Satoshi MACHINO 217-1vl1 - new upstream version - merged fedora core's package * Thu Mar 25 2004 Nalin Dahyabhai 217-1 - include patch to set errno to ENOENT when returning NSS_STATUS_NOTFOUND to glibc * Tue Mar 23 2004 Nalin Dahyabhai - update to 217 * Wed Mar 10 2004 Nalin Dahyabhai 212-1 - update to 212, pam_ldap 167 - link nss_ldap with libgssapi_krb5, the static libsasl2 includes the gssapi mech, at least for now, and we pick up its unresolved symbols at link-time - fix out-of-bounds error at initialization-time (part of #101269) - include pam_ldap's authorization schema files for slapd as a doc file * Thu Nov 20 2003 Nalin Dahyabhai 207-5 - fix objectclass and attribute mapping, which failed due to uninitialized fields in mapping index structures, fixed upstream in 210 (#110547) * Mon Nov 10 2003 Nalin Dahyabhai 207-4 - link with the proper libsasl (1 or 2) for the version of OpenLDAP we are linking with (#106801) * Thu Aug 14 2003 Nalin Dahyabhai 207-3 - link dynamically with libcom_err if it isn't in /usr/kerberos/%{_lib} (which we assume means that it's in /%{_lib}) * Wed Aug 13 2003 Nalin Dahyabhai 207-2 - relax openldap-devel buildreq to 2.0.27 * Thu Jun 5 2003 Nalin Dahyabhai 207-1 - update to build with newer OpenLDAP - add README.TLS to remind people that in order for TLS support to be usable, the server's certificate has to pass validation checks made by the client * Sun Mar 09 2003 Florian La Roche - move pam into /lib64/security directory * Wed Jan 15 2003 Nalin Dahyabhai 202-4 - rework static link order to account for libssl requiring libkrb5 - force assembly locking on %%ix86 systems - link with libz, which libssl also requires * Thu Dec 12 2002 Elliot Lee 202-3 - Fix wildcard for symlink in %%install * Thu Nov 14 2002 Nalin Dahyabhai 202-2 - apply DB patches from sleepycat.com - correctly point nss_ldap at the bundled DB library - create /%%{_lib} instead of /lib to install into * Wed Oct 2 2002 Nalin Dahyabhai 202-1 - update to nss_ldap 202, pam_ldap 153 - update DB from 4.0.14 to 4.1.24.NC - try to address multilib path changes * Fri Aug 9 2002 Nalin Dahyabhai 198-2 - handle larger-than-expected DNS responses correctly * Wed Aug 7 2002 Nalin Dahyabhai 198-1 - update to nss_ldap 198, closing a possible buffer overflow in DNS autoconfig * Fri Jul 19 2002 Nalin Dahyabhai 197-1 - update to nss_ldap 197, pam_ldap 150 * Fri Jun 21 2002 Tim Powers - automated rebuild * Mon Jun 10 2002 Nalin Dahyabhai 194-1 - update to nss_ldap 194, pam_ldap 148 * Sun May 26 2002 Tim Powers - automated rebuild * Mon May 20 2002 Nalin Dahyabhai 189-3 - rebuild in new environment * Thu May 16 2002 Nalin Dahyabhai 189-2 - build for RHL 7.2/7.3 * Thu May 16 2002 Nalin Dahyabhai 189-1.7 - build for RHL 7/7.1 * Thu May 16 2002 Nalin Dahyabhai 189-1.6 - fix up logic generated by authconfig from RHL 7.2 in %%post - build for RHL 6.x * Wed May 15 2002 Nalin Dahyabhai - the triggerun should be a trigger postun * Tue May 7 2002 Nalin Dahyabhai 189-0.6 - update to nss_ldap 189, pam_ldap 145 * Tue May 7 2002 Nalin Dahyabhai 188-0.6 - rebuild for RHL 6.2 - change dependency on pam-devel to /usr/include/security/pam_modules.h - drop build deps on cyrus-sasl-devel and openldap >= 2.x - modify pam_ldap versions file so that binutils from RHL 6.2 can parse it - update to nss_ldap 188 - update to pam_ldap 144 * Fri Apr 5 2002 Nalin Dahyabhai 185-1 - update to nss_ldap 185 - update to pam_ldap 140 * Thu Feb 28 2002 Nalin Dahyabhai 184-1 - update to pam_ldap 138 - enable rfc2307bis schema support - version the pam_ldap module - add the proper soname to the nss_ldap module and remove the symlink - add a trigger to run ldconfig again when an upgrade removes the symlink, which used to be in this package (doh!) - fix the symlink from %%{_libdir} to the module (for linking directly to it) * Thu Feb 14 2002 Nalin Dahyabhai - update to nss_ldap 184, pam_ldap 137 * Thu Apr 10 2002 MATSUBAYASHI Kohji 181-1vl2 - rebuild * Sat Jan 26 2002 MACHINO Satoshi 181-1vl1 - updated to nss_ldap 181, pam_ldap 136 * Sun Nov 19 2000 Satoshi MACHINO 122-4vl1 - build with gcc-2.95.3 - removed krb5-devel in BuildPrereq tag - removed nss_ldap-122-redhat.patch - added nss_ldap-122-vine.patch - partially used rpmmacros * Fri Oct 27 2000 Nalin Dahyabhai - update to nss_ldap 122 - link statically with libsasl, require the first devel package that supplied it * Thu Oct 19 2000 Nalin Dahyabhai - update to nss_ldap 120 and pam_ldap 77 * Wed Oct 4 2000 Nalin Dahyabhai - update to nss_ldap 116 and pam_ldap 74 * Fri Sep 7 2000 Nalin Dahyabhai - rebuild in new environment * Thu Jul 27 2000 Nalin Dahyabhai - update to pam_ldap 67 to fix a bug in template user code - convert symlink in /usr/lib to a relative one (#16132) * Thu Jul 27 2000 Nalin Dahyabhai - update to nss_ldap 113 and pam_ldap 66 * Wed Jul 12 2000 Prospector - automatic rebuild * Tue Jun 27 2000 Matt Wilson - changed all the -,- in attr statements to root,root * Tue Jun 27 2000 Nalin Dahyabhai - update pam_ldap to 63 * Wed May 31 2000 Nalin Dahyabhai - update pam_ldap to 56 * Tue May 30 2000 Nalin Dahyabhai - update pam_ldap to 55 - back out no-threads patch for pam_ldap, not needed any more * Thu May 25 2000 Nalin Dahyabhai - update to 110 - revert prototype patch, looks like a problem with the new glibc after all * Fri May 19 2000 Nalin Dahyabhai - get libpthread out of the NSS module - fix prototype problems in getpwXXX() * Mon May 15 2000 Nalin Dahyabhai - update to nss_ldap 109 * Sat Apr 29 2000 Nalin Dahyabhai - update pam_ldap 51 * Tue Apr 25 2000 Nalin Dahyabhai - update to nss_ldap 108 and pam_ldap 49 * Thu Apr 20 2000 Nalin Dahyabhai - update to pam_ldap 48 * Thu Mar 30 2000 Nalin Dahyabhai - update to nss_ldap 107 - note: check http://www.advogato.org/person/lukeh/ for Luke's changelog * Tue Mar 21 2000 Nalin Dahyabhai - update to nss_ldap 106 * Wed Feb 9 2000 Nalin Dahyabhai - update to nss_ldap 105 * Mon Feb 7 2000 Nalin Dahyabhai - update to nss_ldap 104 and pam_ldap 46 - disable link against libpthread in pam_ldap * Tue Feb 1 2000 Nalin Dahyabhai - remove migration tools, because this package requires openldap now, which also includes them * Fri Jan 28 2000 Nalin Dahyabhai - update to nss_ldap 103 * Mon Jan 24 2000 Preston Brown - fix typo in linuxconf-pair pam cfg file (#7800) * Tue Jan 11 2000 Preston Brown - v99, made it require pam_ldap - added perl migration tools - integrate pam_ldap stuff * Fri Oct 22 1999 Bill Nottingham - statically link ldap libraries (they're in /usr/lib) * Tue Aug 10 1999 Cristian Gafton - use the ldap.conf file as an external source - don't forcibly build the support for version 3 - imported the default spec file from the tarball and fixed it up for RH 6.1