summaryrefslogtreecommitdiffstats
path: root/m4
Commit message (Collapse)AuthorAgeFilesLines
* OpenLDAP supportcleanupRich Megginson2009-07-072-37/+198
| | | | | | | | | | These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes: * #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks * where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs * I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP * I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated * I removed some unused code NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
* Use thread aware library for complex regex searchesNoriko Hosoi2009-05-281-0/+87
| | | | | | | | For more details, see the design doc at http://directory.fedoraproject.org/wiki/Thread_Aware_Regex Additional 2 unrelated changes are being made: 1) dbgen.pl.in: secretary and manager are having a dn format value "cn=...". 2) slapi_counter_sunos_sparcv9.S: adding "#define _ASM 1" to force to set an assembler code macro _ASM.
* Resolves: bug 469261Rich Megginson2008-11-041-0/+199
| | | | | | | | | | | | | | | Bug Description: Support server-to-server SASL - part 1 Reviewed by: nkinder, nhosoi, ssorce (Thanks!) Fix Description: I've created two new functions to handle the client side of LDAP in the server - slapi_ldap_init_ext and slapi_ldap_bind. These two functions are designed to work with any connection type (ldap, ldaps, ldap+starttls, and eventually ldapi) and bind type (plain, sasl, client cert). The secure flag has been extended to use a value of 2 to mean use startTLS. One tricky part is that there is no place to store the startTLS flag in init to pass to bind, so we store that in the clientcontrols field which is currently unused. We do that because the semantics of ldap_init are not to do any network traffic, but defer that until the bind operation (or whatever the first actual operation is e.g. start_tls). I plan to replace all of the places in the code that do ldap init and bind with these functions. I started with replication. I extended the transport to add tls for startTLS and the bind method to add sasl/gssapi and sasl/digest-md5. I removed a lot of code from repl5_connection that is now done with just slapi_ldap_init_ext and slapi_ldap_bind. One tricky part of the replication code is that it polls the connection for write available, using some ldap sdk internals. I had to fix that code to work within the public ldap api since nspr and sasl muck with the internals in different incompatible ways. Finally, there is a lot of new kerberos code in the server. The way the server does sasl/gssapi auth with its keytab is similar to the way it does client cert auth with its ssl server cert. One big difference is that the server cannot pass the kerberos identity and credentials through the ldap/sasl/gssapi layers directly. Instead, we have to create a memory credentials cache and set the environment variable to point to it. This allows the sasl/gssapi layer to grab the credentials for use with kerberos. The way the code is written, it should also allow "external" kerberos auth e.g. if someone really wants to do some script which does a periodic kinit to refresh the file based cache, that should also work. I added some kerberos configure options. configure tries to first use krb5-config to get the compiler and linker information. If that fails, it just looks for some standard system libraries. Note that Solaris does not allow direct use of the kerberos api until Solaris 11, so most likely Solaris builds will have to use --without-kerberos (--with-kerberos is on by default). Fixed a bug in kerberos.m4 found by nkinder. ssorce has pointed out a few problems with my kerberos usage that will be addressed in the next patch. Changed the log level in ldap_sasl_get_val - pointed out by nkinder Platforms tested: Fedora 9, Fedora 8 Flag Day: yes Doc impact: oh yes
* Resolves: bug 340361Rich Megginson2007-10-191-0/+4
| | | | | | | | | Bug Description: build links wrong libdb on 64-bit systems Reviewed by: nhosoi (Thanks!) Fix Description: Once again, libtool attempts to be helpful but is instead harmful. If you have both db4-devel.i386 and db4-devel.x86_64 installed, this will install /usr/lib/libdb-4.N.la. If you use libtool to link with -ldb-4.N, and you do not specify a search path, libtool will attempt to find this library in it's default search path, which is something like /usr/lib/gcc/x86_64/blahblahblah/../../../lib. This will find /usr/lib/libdb-4.N.la and will use the information in that file and link the object with /usr/lib/libdb-4.N.so, instead of just passing -ldb-4.N through to the linker which is what it ought to do (darn libtool). In order to make libtool do the right thing, we must pass in -L$libdir -ldb-4.N to libtool so that it will use $libdir first in its search path. Platforms tested: RHEL5 x86_64, RHEL4 x86_64 Flag Day: yes - autotool file changes Doc impact: no
* Resolves: 253582Nathan Kinder2007-08-201-2/+6
| | | | Summary: Check if pkgconfig is available before trying to use it.
* Resolves: bug 248145Rich Megginson2007-07-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug Description: Replace ds_newinst binary with perl script Reviewed by: nhosoi (Thanks!) Fix Description: The time has come. We can finally get rid of the instance creation C code once and for all. I've created a DSCreate module that has all of the functionality of the old create_instance.c code, along with a few items from ldap/admin/lib. The way it works is this: it first creates the dse.ldif file using template-dse.ldif and the suffix-db template to create the initial db and suffix. It then adds additional optional configuration depending on what optional features have been enabled. It creates other config files and copies in the schema. It then initializes the database. It uses a template file based on the type of entry implied by the suffix, then adds the default ACIs. If the user chose to do so, it will also create the ou=people, ou=groups, etc. entries. The user can also supply an LDIF file which will be used to populate the initial database, in which case none of the default entries or ACIs will be used. It then starts the server (if desired). I had to create a function makePaths that works like mkdir -p except that it will chown, chgrp, and chmod all paths created. I had to change the other places where instance creation was called to use the new calling semantics. ds_create changed quite a bit, since it can just use an Inf to pass in the information instead of calling ds_newinst as a CGI program. I had to change FileConn to add support for namingContexts (i.e. entries with no parent), and to have it write each change each time, and to return copies of entries when searching, to avoid modifying the tree in place. This makes it act much more like LDAP. I found and fixed a few bugs in Migration along the way that were revealed while integrating the new DSCreate code. Platforms tested: RHEL4, FC6 Flag Day: Yes. New instance creation code and autotool changes. Doc impact: no
* Resolves: bug 243639Rich Megginson2007-06-111-2/+17
| | | | | | | | | Description: --with-ldapsdk-bin required for configure argument Fix Description: In m4/mozldap.m4, there is a code to check whether ldapsdk_bindir is specified, but you can't specify it except for --with-ldapsdk argument or using pkg-config. So using --with-ldapsdk-lib and --with-ldapsdk-inc requires the additional argument '--with-ldapsdk-bin'.
* Resolves: 236612Nathan Kinder2007-04-261-0/+4
| | | | Summary: Modified the with-fhs and with-fhs-opt configure options
* Resolves: 236612Nathan Kinder2007-04-241-0/+13
| | | | Summary: Added a configure option for FHS optional software layout style.
* Resolves: #233215Noriko Hosoi2007-03-302-2/+11
| | | | | | | Summary: verify-db.pl still assumes the db dir is always in the instance dir (Comment #10) Description: To set db_bindir, if db.pc exists, check if bindir variable is defined in the file or not. If it's defined, set it to db_bindir. If not, set the default path /usr/bin to db_bindir.
* esolves: bug 227618Rich Megginson2007-02-071-1/+1
| | | | | | | | | | | | | | | | | | | Bug Description: FHS: move exes to _bindir; move ns-slapd to _sbindir Reviewed by: many people (Thanks!) Fix Description: In order to be more FHS compliant, we need to make the following changes: 1) move files executable by end users to _bindir (e.g. /usr/bin) - this means logconv.pl, ds_newinst, dbscan, etc. 2) move the server executable ns-slapd to _sbindir (e.g. /usr/sbin) And, to be more packaging friendly, the additional changes: 3) move libback-ldbm to the plugins dir - it is a plugin 4) use the libtool -avoid-version flag with plugins - we don't need the .so.0.0.0 for plugins I had to add support for sbindir and SBINDIR to create_instance and ds_newinst. We were using serverdir for 3 things - command line programs, server specific shared libs, and the server executable itself. These are now in 3 different places. The biggest change was to the scripts. I kept serverdir and SERVER-DIR to be the location of the server shared libs to avoid changing even more stuff. I had to add SERVERBIN-DIR to the scripts - this is the location of ns-slapd and is set by sbindir in create_instance (which defaults to SBINDIR from Makefile.am which defaults to $prefix/sbin in configure - whew). I've tested instance creation with these diffs - everything seems to work fine. 5) reorder files in alphabetical order - suggested by nkinder 6) add $LDFLAGS to test in db.m4 7) touch all template/wrapper .in files to make them newer than their corresponding files Platforms tested: RHEL4, FC6 Flag Day: no Doc impact: Yes, but the docs will have to change quite a bit for all of the FHS related changes.
* Resolves: 227754Nathan Kinder2007-02-073-5/+27
| | | | Summary: Set library search path when using AC_CHECK_LIB in db.m4.
* Resolves: bug 227452Rich Megginson2007-02-064-7/+9
| | | | | | | | | | Bug Description: Solaris build: Need to add other libs for autotool build Reviewed by: nhosoi (Thanks!) Fix Description: The AC_CHECK_LIB test for db_create needs -lnsl because libdb links with it on Solaris. Other executables require -lnsl, -lsocket, and -ldl. The strategy is to put these in the platform specific section in configure.ac so they can be exported to the Makefile. Then we can just use the macros directly in Makefile. On platforms where these are not required, they will evaluate to empty. There was a bug in the regexp that derived the libdir from pkg-config in several m4 files. We needed to use .* instead of just *. pkg-config --libs-only-L returns multiple paths on Solaris but not on linux. Platforms tested: Solaris 9 Flag Day: no Doc impact: no
* fix licensing in sasl.m4Rich Megginson2007-02-021-2/+19
|
* fix build problems on Solaris; minor m4 cleanupRich Megginson2007-02-023-6/+7
|
* Resolves: bug 222398Rich Megginson2007-01-123-9/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bug Description: Allow building on Fedora Reviewed by: nhosoi (Thanks!) Fix Description: There are a few issues with building on Fedora (5 or later): 1) Need to be able to build with db4.2, db4.3, db4.4, etc. This version auto-detects the db version from the db.h file it finds. In order to use a different db version, just use configure --with-db=path or --with-db-inc=path that points to a different db.h 2) mozldap and svrcore are now part of Fedora, so we need to look for those components. Look for mozldap6 first to allow building on RHEL-4 as well. mozldap now includes libldif, so add that to the link line. svrcore-devel is now just svrcore - a svrcore runtime package and a svrcore-devel build time package. 3) FHS means FHS - /etc, /var/, prefix=/usr and exec_prefix=/usr. It doesn't make any sense to talk about FHS under a prefix. This means the default build will do /opt/fedora-ds/etc, var, lib, bin, share, and so on instead of /opt/fedora-ds/usr/etc. --with-fhs resets prefix=/usr and exec_prefix=/usr, and overrides the default settings for sysconfdir and localstatedir So, different build types: FHS - use configure --with-fhs - uses /etc, /var, /usr/lib, /usr/share, etc. Nothing - configure - uses /opt/fedora-ds/etc/, var/, bin/, lib/, etc. GNU style - configure --prefix=/usr/local - /usr/local/etc, /usr/local/bin, /usr/local/var, and so on Developers can use configure --prefix=/home/user/fds && make && make install to install local versions Platforms tested: FC-6 Flag Day: no Doc impact: no
* Bug: 210947Rich Megginson2006-11-221-2/+5
| | | | | | | | | Description: parameterizing the hardcoded paths (phase 3. installed binaries, change log, setup) Fix Description: RHEL4 64 is not able to find ldapsearch because the ldapsdk_bindir is hardcoded to /usr/lib/mozldap6. We should get ldapsdk_bindir from pkg-config or just simply use $libdir/mozldap6. Added -o -z "$ldapsdk_bindir" check suggested by nhosoi Reviewed by: nhosoi (Thanks!)
* Resolves: #214533Noriko Hosoi2006-11-101-0/+34
| | | | | | | Summary: configure needs to support --with-fhs (Comment #1) Changes: 1. introduced a new option --with-fhs 2. instead of passing the define macro with -D, generate config.h
* Resolves: #212098Noriko Hosoi2006-10-252-0/+5
| | | | | | | | Summary: Use autoconf to generate task perl script templates Changes: 1) added template files to AC_CONFIG_FILES list 2) added db_bindir and ldapsdk_bindir to pass their tools path to the template files. The paths are hardcoded for now.
* Resolves: 212038Nathan Kinder2006-10-246-3/+19
| | | | Make configure create program wrapper scripts.
* Bug(s) fixed: 211426Rich Megginson2006-10-194-4/+55
| | | | | | | | | | | | | Bug Description: autotools: support dirsec packages, mozldap6, svrcore Reviewed by: nkinder (Thanks!) Fix Description: Look for the dirsec-nspr and dirsec-nss if nspr and nss are not found in pkg-config. Look for mozldap6 then mozldap in pkg-config. Look for svrcore-devel in pkg-config, then look for it in the system directories. Nathan pointed out that we do not support mozldap v5.x anymore, so we should just look for mozldap6 with pkg-config. I also added an explicit check of the vendor version in the header file to make sure we are using 600 or greater. Platforms tested: RHEL4 Flag Day: no Doc impact: no
* Related: 210736Nathan Kinder2006-10-178-0/+683
Phase one of implementing new GNU Automake/Autoconf build system.