Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-auth
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2006-06-14 09:27:42 +0000
committerRobin H. Johnson <robbat2@gentoo.org>2006-06-14 09:27:42 +0000
commit3cf3cec57f27004c64c52e67d3817917d1d4bbf7 (patch)
tree9bdb2e57e72611ab6f7d77a6ae6d8a36ecfe552c /sys-auth
parentppc stable (diff)
downloadgentoo-2-3cf3cec57f27004c64c52e67d3817917d1d4bbf7.tar.gz
gentoo-2-3cf3cec57f27004c64c52e67d3817917d1d4bbf7.tar.bz2
gentoo-2-3cf3cec57f27004c64c52e67d3817917d1d4bbf7.zip
Commit 250-r1 with modified timeout values. Please see my blog posting http://tinyurl.com/qewur for a detailed explaination.
(Portage version: 2.1)
Diffstat (limited to 'sys-auth')
-rw-r--r--sys-auth/nss_ldap/ChangeLog9
-rw-r--r--sys-auth/nss_ldap/files/digest-nss_ldap-250-r13
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch71
-rw-r--r--sys-auth/nss_ldap/nss_ldap-250-r1.ebuild66
4 files changed, 148 insertions, 1 deletions
diff --git a/sys-auth/nss_ldap/ChangeLog b/sys-auth/nss_ldap/ChangeLog
index a8ed16d0b164..dbe9f91ffb6b 100644
--- a/sys-auth/nss_ldap/ChangeLog
+++ b/sys-auth/nss_ldap/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-auth/nss_ldap
# Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.23 2006/06/11 10:20:23 blubb Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.24 2006/06/14 09:27:42 robbat2 Exp $
+
+*nss_ldap-250-r1 (14 Jun 2006)
+
+ 14 Jun 2006; Robin H. Johnson <robbat2@gentoo.org>
+ +files/nss_ldap-250-reconnect-timeouts.patch, +nss_ldap-250-r1.ebuild:
+ Commit 250-r1 with modified timeout values. Please see my blog posting
+ http://tinyurl.com/qewur for a detailed explaination.
11 Jun 2006; Simon Stelling <blubb@gentoo.org> nss_ldap-249.ebuild:
stable on amd64
diff --git a/sys-auth/nss_ldap/files/digest-nss_ldap-250-r1 b/sys-auth/nss_ldap/files/digest-nss_ldap-250-r1
new file mode 100644
index 000000000000..04f7f1e0783b
--- /dev/null
+++ b/sys-auth/nss_ldap/files/digest-nss_ldap-250-r1
@@ -0,0 +1,3 @@
+MD5 ac1bcdaf0765b57b7d9023aa9cd07fb6 nss_ldap-250.tar.gz 240122
+RMD160 52a27c0282d43c0b4e291dceaeeac7fcf43d8ece nss_ldap-250.tar.gz 240122
+SHA256 555c8fc9585478bc31b25349469685fbb6036cc6895e3761731c2c0e7accf2f0 nss_ldap-250.tar.gz 240122
diff --git a/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch
new file mode 100644
index 000000000000..dc8a37a916ed
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch
@@ -0,0 +1,71 @@
+This patch changes the default timeouts, so that they are much lower, and do
+not cause major delays when booting a system. This is a workaround until the
+core /etc/{passwd,group} contain all of the data needed for a system boot.
+
+Also add a note that 'ssl on' is broken and TLS should be used instead.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap-nss.h nss_ldap-250/ldap-nss.h
+--- nss_ldap-250.orig/ldap-nss.h 2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap-nss.h 2006-06-14 01:58:01.933005492 -0700
+@@ -96,9 +96,9 @@
+ * unacceptable, in which case you may wish to adjust
+ * the constants below.
+ */
+-#define LDAP_NSS_TRIES 5 /* number of sleeping reconnect attempts */
+-#define LDAP_NSS_SLEEPTIME 4 /* seconds to sleep; doubled until max */
+-#define LDAP_NSS_MAXSLEEPTIME 64 /* maximum seconds to sleep */
++#define LDAP_NSS_TRIES 4 /* number of sleeping reconnect attempts */
++#define LDAP_NSS_SLEEPTIME 1 /* seconds to sleep; doubled until max */
++#define LDAP_NSS_MAXSLEEPTIME 16 /* maximum seconds to sleep */
+ #define LDAP_NSS_MAXCONNTRIES 2 /* reconnect attempts before sleeping */
+
+ #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap.conf nss_ldap-250/ldap.conf
+--- nss_ldap-250.orig/ldap.conf 2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap.conf 2006-06-14 02:12:02.008444745 -0700
+@@ -1,4 +1,4 @@
+- @(#)$Id: ldap.conf,v 2.46 2006/04/13 03:25:56 lukeh Exp $
++# @(#)$Id: ldap.conf,v 2.46 2006/04/13 03:25:56 lukeh Exp $
+ #
+ # This is the configuration file for the LDAP nameservice
+ # switch library and the LDAP PAM module.
+@@ -283,7 +283,8 @@
+ # OpenLDAP SSL mechanism
+ # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
+ #ssl start_tls
+-#ssl on
++###ssl on
++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead.
+
+ # OpenLDAP SSL options
+ # Require and verify server certificate (yes/no)
+@@ -315,3 +316,27 @@
+ # Override the default Kerberos ticket cache location.
+ #krb5_ccname FILE:/etc/.ldapcache
+
++# Timeout behavior
++# Upstream nss_ldap hard-codes these values:
++#nss_reconnect_tries 5 # number of times to double the sleep time
++#nss_reconnect_sleeptime 4 # initial sleep value
++#nss_reconnect_maxsleeptime 64 # max sleep value to cap at
++#nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the
++# server is not available.
++
++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values
++# (The hardwired constants in the code are changed to them as well):
++nss_reconnect_tries 4 # number of times to double the sleep time
++nss_reconnect_sleeptime 1 # initial sleep value
++nss_reconnect_maxsleeptime 16 # max sleep value to cap at
++nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 15 seconds (1+2+4+8=15)
++
++# If you are impatient, and know your LDAP server is reliable, fast or local,
++# you may wish to use these values instead:
++#nss_reconnect_tries 1 # number of times to double the sleep time
++#nss_reconnect_sleeptime 1 # initial sleep value
++#nss_reconnect_maxsleeptime 1 # max sleep value to cap at
++#nss_reconnect_maxconntries 3 # how many tries before sleeping
++# This leads to a delay of 1 second.
diff --git a/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild b/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild
new file mode 100644
index 000000000000..c06012f9e6b1
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild,v 1.1 2006/06/14 09:27:42 robbat2 Exp $
+
+inherit fixheadtails eutils gnuconfig multilib
+
+IUSE="debug sasl"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )"
+RDEPEND="${DEPEND}"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ epatch ${FILESDIR}/nsswitch.ldap.diff
+ epatch ${FILESDIR}/${PN}-239-tls-security-bug.patch
+ epatch ${FILESDIR}/${PN}-249-sasl-compile.patch
+ epatch ${FILESDIR}/${PN}-250-reconnect-timeouts.patch
+ # fix head/tail stuff
+ ht_fix_file ${S}/Makefile.am ${S}/Makefile.in ${S}/depcomp
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ ${S}/$i
+ done
+ # update config.{guess,sub}
+ gnuconfig_update
+}
+
+src_compile() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-schema-mapping \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ ${myconf} || die "configure failed"
+
+ emake || die "make failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}