Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/lucid/openldap
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

25. By Mathias Gug

Fix local root connection access: replace olcAuthzRegexp mapping to
cn=localroot,cn=config with using the SASL dn directly in olcAccess.
Makes upgrades much simpler and robust (LP: #563829).

24. By Scott Moser

[ Simon Olofsson ]
* debian/slapd.postinst:
  - Show a message after successful migration (LP: #538848)

[ Jorgen Rosink ]
* debian/slapd.init: add simple status checking with LSB compatible exit
  codes (LP: #562377)
* debian/slapd.init.ldif:
  - remove admin user in default config database (LP: #556176)
  - in default config, add olcAccess entries giving access to controls
    available and cn=subschema (LP: #427842)

[ Scott Moser ]
* debian/slapd.scripts-common: Do not create /nonexistent directory
   for openldap user's home (LP: #556176)
* debian/slapd.postinst: fix cn=config olcAccess migration (LP: #559070)

23. By Thierry Carrez

* debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
  before trying to convert to slapd.d, to avoid upgrade failure from hardy
  (LP: #536958)
* debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
  olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)

22. By Chuck Short

debian/apparmor-profile: Update apparmor profile. (LP: #508190)

21. By Mathias Gug

* New upstream release.
* debian/rules, debian/schema/extra/:
  Fix get-orig-source rule to supports extra schemas shipped as part of the
  debian/schema/ directory.

20. By Thierry Carrez

* debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
  - Add --with-gssapi support
  - Make guess_service_principal() more robust when determining principal
* Enable GSSAPI support (LP: #495418):
  - debian/configure.options: Configure with --with-gssapi
  - debian/control: Added libkrb5-dev as a build depend

19. By Mathias Gug

* New upstream release: (LP: #419515):
  + pcache overlay supports disconnected mode.
* Fix nss overlay load (LP: #417163).

18. By Mathias Gug

 * Install a minimal slapd configuration instead of creating a default
   database with a default DIT:
   + Move openldap user home from /var/lib/ldap to /nonexistent.
   + Remove all code and templates dealing with the default database and DIT
   + Add an Authz map from root user (UID=0) to cn=localroot,cn=config and
     grant all access to the latter in the cn=config database as well as the
     default backend configuration.
 * Add cn=localroot,cn=config authz mapping on upgrades.

17. By Mathias Gug

[ Thierry Carrez ]
* debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
  in the openldap library, as required by Likewise-Open (LP: #390579)

[ Mathias Gug ]
* debian/patches/its6077-uniqueness-overlay: fixes some issues with the
  uniqueness overlay.
* debian/patches/its6220-writetimeout-directive: fixes a problem with the
  writetimeout directive being in effect even if it wasn't set,
  closing connections incorrectly.
* debian/patches/its6222-dncachesize-parameter: fixes the behavior of the
  dncachesize parameter that was added in RE24, so that if it is set to
  "0" (now the default), it has an unlimited DN cache (RE23 always
  had an unlimited DN cache).

16. By Mathias Gug

[ Steve Langasek ]
* Fix up the lintian warnings:
  - add missing misc-depends on all packages
  - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
  - bump Standards-Version to 3.8.2, no changes required.

[ Mathias Gug ]
* Resynchronise with Debian. Remaining changes:
  - AppArmor support:
    - debian/apparmor-profile: add AppArmor profile
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
    - debian/rules: install apparmor profile.
  - Don't use local statement in config script as it fails if /bin/sh
    points to bash.
  - debian/slapd.postinst, debian/slapd.script-common: set correct
    ownership and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group
    readable) and /var/run/slapd (world readable).
  - Enable nssoverlay:
    - debian/patches/nssov-build, debian/rules: Build and package the nss
    - debian/schema/misc.ldif: add ldif file for the misc schema which
      defines rfc822MailMember (required by the nss overlay).
  - debian/{control,rules}: enable PIE hardening
  - Use cn=config as the default configuration backend instead of
    slapd.conf. Migrate slapd.conf file to /etc/ldap/slapd.d/ on upgrade
    asking the end user to enter a new password to control the access to
    the cn=config tree.
  - debian/slapd.postinst: create /var/run/slapd before updating its
  - debian/slapd.init: Correctly set slapd config backend option even if
    the pidfile is configured in slapd default file.
* Dropped:
  - Merged in Debian:
    - Update priority of libldap-2.4-2 to match the archive override.
    - Add the missing ldapexop and ldapurl tools to ldap-utils, as well as
      the ldapurl(1) manpage.
    - Bump build-dependency on debhelper to 6 instead of 5, since that's
      what we're using.
    - Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
      the built-in default of ldap:/// only.
  - Fixed in upstream release:
    - debian/patches/fix-ldap_back_entry_get_rwa.patch: fix test-0034
      failure when built with PIE.
    - debian/patches/gnutls-enable-v1-ca-certs: Enable V1 CA certs to be
  - Update Apparmor profile support: don't support upgrade from pre-hardy
    - debian/slapd.postinst: Reload AA profile on configuration
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles <<
      2.1+1075-0ubuntu4 to make sure that if earlier version of
      apparmor-profiles gets installed it won't overwrite our profile.
    - follow ApparmorProfileMigration and force apparmor complain mode on
      some upgrades
    - debian/slapd.preinst: create symlink for force-complain on
      pre-feisty upgrades, upgrades where apparmor-profiles profile is
      unchanged (ie non-enforcing) and upgrades where apparmor profile
      does not exist.
  - debian/patches/autogen.sh: no longer needed with karmic libtool.
    - Call libtoolize with the --install option to install
      config.{guess,sub} files.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.