lp:~11111nonononono-deactivatedaccount-deactivatedaccount-deactivatedaccount/ubuntu/lucid/openldap/fixes-bug-538848

Branch merges

Propose for merging

No branches dependent on this one.

Merged into lp:ubuntu/lucid/openldap

Mathias Gug: Approve on 2010-04-13

Ubuntu branches: Pending requested 2010-04-12

Diff: 26 lines (+8/-0)

2 files modified

debian/changelog (+7/-0)
debian/slapd.postinst (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #538848: slapd.postinst output doesn't mention configuration conversion step

Wishlist

Fix Released

Link a bug report

Related blueprints

24. By No on 2010-04-12

Show a message after successful migration (LP: #538848)

23. By Thierry Carrez on 2010-03-29

* debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
  before trying to convert to slapd.d, to avoid upgrade failure from hardy
  (LP: #536958)
* debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
  olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)

22. By Chuck Short on 2010-03-09

debian/apparmor-profile: Update apparmor profile. (LP: #508190)

21. By Mathias Gug on 2010-02-18

* New upstream release.
* debian/rules, debian/schema/extra/:
  Fix get-orig-source rule to supports extra schemas shipped as part of the
  debian/schema/ directory.

20. By Thierry Carrez on 2009-12-11

* debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
  - Add --with-gssapi support
  - Make guess_service_principal() more robust when determining principal
* Enable GSSAPI support (LP: #495418):
  - debian/configure.options: Configure with --with-gssapi
  - debian/control: Added libkrb5-dev as a build depend

19. By Mathias Gug on 2009-09-07

* New upstream release: (LP: #419515):
  + pcache overlay supports disconnected mode.
* Fix nss overlay load (LP: #417163).

18. By Mathias Gug on 2009-08-11

 * Install a minimal slapd configuration instead of creating a default
   database with a default DIT:
   + Move openldap user home from /var/lib/ldap to /nonexistent.
   + Remove all code and templates dealing with the default database and DIT
     creation.
   + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
     grant all access to the latter in the cn=config database as well as the
     default backend configuration.
 * Add cn=localroot,cn=config authz mapping on upgrades.

17. By Mathias Gug on 2009-07-31

[ Thierry Carrez ]
* debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
  in the openldap library, as required by Likewise-Open (LP: #390579)

[ Mathias Gug ]
* debian/patches/its6077-uniqueness-overlay: fixes some issues with the
  uniqueness overlay.
* debian/patches/its6220-writetimeout-directive: fixes a problem with the
  writetimeout directive being in effect even if it wasn't set,
  closing connections incorrectly.
* debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
  dncachesize parameter that was added in RE24, so that if it is set to
  "0" (now the default), it has an unlimited DN cache (RE23 always
  had an unlimited DN cache).

16. By Mathias Gug on 2009-07-30

[ Steve Langasek ]
* Fix up the lintian warnings:
  - add missing misc-depends on all packages
  - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
    overrides
  - bump Standards-Version to 3.8.2, no changes required.

[ Mathias Gug ]
* Resynchronise with Debian. Remaining changes:
  - AppArmor support:
    - debian/apparmor-profile: add AppArmor profile
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
    - debian/rules: install apparmor profile.
  - Don't use local statement in config script as it fails if /bin/sh
    points to bash.
  - debian/slapd.postinst, debian/slapd.script-common: set correct
    ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
    readable) and /var/run/slapd (world readable).
  - Enable nssoverlay:
    - debian/patches/nssov-build, debian/rules: Build and package the nss
      overlay.
    - debian/schema/misc.ldif: add ldif file for the misc schema which
      defines rfc822MailMember (required by the nss overlay).
  - debian/{control,rules}: enable PIE hardening
  - Use cn=config as the default configuration backend instead of
    slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
    asking the end user to enter a new password to control the access to
    the cn=config tree.
  - debian/slapd.postinst: create /var/run/slapd before updating its
    permissions.
  - debian/slapd.init: Correctly set slapd config backend option even if
    the pidfile is configured in slapd default file.
* Dropped:
  - Merged in Debian:
    - Update priority of libldap-2.4-2 to match the archive override.
    - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
      the ldapurl(1) manpage.
    - Bump build-dependency on debhelper to 6 instead of 5, since that's
      what we're using.
    - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
      the built-in default of ldap:/// only.
  - Fixed in upstream release:
    - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
      failure when built with PIE.
    - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
      trusted.
  - Update Apparmor profile support: don't support upgrade from pre-hardy
    systems:
    - debian/slapd.postinst: Reload AA profile on configuration
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles <<
      2.1+1075-0ubuntu4 to make sure that if earlier version of
      apparmor-profiles gets installed it won't overwrite our profile.
    - follow ApparmorProfileMigration and force apparmor complain mode on
      some upgrades
    - debian/slapd.preinst: create symlink for force-complain on
      pre-feisty upgrades, upgrades where apparmor-profiles profile is
      unchanged (ie non-enforcing) and upgrades where apparmor profile
      does not exist.
  - debian/patches/autogen.sh: no longer needed with karmic libtool.
    - Call libtoolize with the --install option to install
      config.{guess,sub} files.

15. By Colin Watson on 2009-06-24

* Resynchronise with Debian. Remaining changes:
  - AppArmor support:
    - debian/apparmor-profile: add AppArmor profile
    - debian/slapd.postinst: Reload AA profile on configuration
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles <<
      2.1+1075-0ubuntu4 to make sure that if earlier version of
      apparmor-profiles gets installed it won't overwrite our profile.
    - follow ApparmorProfileMigration and force apparmor complain mode on
      some upgrades
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.preinst: create symlink for force-complain on
      pre-feisty upgrades, upgrades where apparmor-profiles profile is
      unchanged (ie non-enforcing) and upgrades where apparmor profile
      does not exist.
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
  - debian/patches/autogen.sh:
    - Call libtoolize with the --install option to install
      config.{guess,sub} files.
  - Don't use local statement in config script as it fails if /bin/sh
    points to bash.
  - debian/slapd.postinst, debian/slapd.script-common: set correct
    ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
    readable) and /var/run/slapd (world readable).
  - Enable nssoverlay:
    - debian/patches/nssov-build, debian/rules: Build and package the nss
      overlay.
    - debian/schema/misc.ldif: add ldif file for the misc schema which
      defines rfc822MailMember (required by the nss overlay).
  - debian/{control,rules}: enable PIE hardening
  - Use cn=config as the default configuration backend instead of
    slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
    asking the end user to enter a new password to control the access to
    the cn=config tree.
  - Update priority of libldap-2.4-2 to match the archive override.
  - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
    the ldapurl(1) manpage.
  - Bump build-dependency on debhelper to 6 instead of 5, since that's
    what we're using.
  - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
    the built-in default of ldap:/// only.
  - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
    failure when built with PIE.
  - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
    trusted.
  - debian/slapd.postinst: create /var/run/slapd before updating its
    permissions.
  - debian/slapd.init: Correctly set slapd config backend option even if
    the pidfile is configured in slapd default file.
* Drop patch to avoid the test suite on hppa, as hppa is EOL.