Fixed bugs #93074, #97782, #87591. This means that the nasty double-build problem is now solved! New gencert.sh thanks to xmerlin. USE=minimal support to skip building the servers. This is a strong candidate for going stable after the 30 day period.

(Portage version: 2.0.51.22-r1)

2 files changed, 120 insertions, 0 deletions

diff --git a/net-nds/openldap/files/digest-openldap-2.2.27 b/net-nds/openldap/files/digest-openldap-2.2.27
new file mode 100644
index 000000000000..3f10c4ded588
--- /dev/null
+++ b/net-nds/openldap/files/digest-openldap-2.2.27
@@ -0,0 +1,2 @@
+MD5 51c053cc0ec82ff20b453f49ce78bb89 openldap-2.2.27.tgz 2628140
+MD5 e2ae8148c4bed07d7a70edd930bdc403 openldap-2.1.30.tgz 2044673
diff --git a/net-nds/openldap/files/gencert.sh-2.2.27 b/net-nds/openldap/files/gencert.sh-2.2.27
new file mode 100644
index 000000000000..a06c53345d17
--- /dev/null
+++ b/net-nds/openldap/files/gencert.sh-2.2.27
@@ -0,0 +1,118 @@
+#!/bin/sh
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# 
+# Originally written by me for the mdk distro 
+# On the old header you can find my old email <czoffoli@linux-mandrake.com>
+#
+# Last update 20050401 - Christian Zoffoli <xmerlin@gentoo.org>
+#
+
+VERSION="0.3"
+openssl="/usr/bin/openssl"
+opensslopts=""
+ldapconfdir="/etc/openldap/ssl"
+pemfile="${ldapconfdir}/ldap.pem"
+randfile="${ldapconfdir}/ldap.rand"
+cfgfile="${ldapconfdir}/ldap.cfg"
+
+function fixperms {
+	chown root:ldap ${ldapconfdir} -R
+	find ${ldapconfdir} -type f -exec chmod 640 \{\} \;
+	chmod 750 ${ldapconfdir}
+}
+
+
+if [ ! -x ${openssl} ]; then
+	exit 0
+fi
+
+if [ ! -d ${ldapconfdir} ]; then
+	mkdir -p ${ldapconfdir}
+fi
+
+fixperms
+
+if [ -f ${pemfile} ]; then
+	echo "${pemfile} already exist, dying"
+	exit 0
+fi
+
+
+dd if=/dev/urandom of=$randfile count=1 2>/dev/null
+
+echo ""
+echo "______________________________________________________________________${T_ME}"
+echo ""
+echo "Creating self-signed certificate -- Version ${VERSION}"
+echo ""
+echo "______________________________________________________________________${T_ME}"
+echo ""
+
+
+COMMONNAME=`hostname`
+if [ ! -n "$COMMONNAME" ]; then
+	COMMONNAME="www.openldap.org"
+fi
+
+
+if [ -f ${cfgfile} ]; then
+	echo "${cfgfile} found, would you like to use it ? (y/n)"
+	read answer
+	
+	case "$answer" in
+		y|Y)
+			opensslopts="-batch"
+		;;
+		n|N)
+			cat >${cfgfile} <<EOT
+			[ req ]
+			default_bits                    = 1024
+			distinguished_name              = req_DN
+			RANDFILE                        = ${randfile}
+			[ req_DN ]
+			countryName                     = "1. Country Name             (2 letter code)"
+			countryName_default             = "US"
+			countryName_min			= 2
+			countryName_max			= 2
+			stateOrProvinceName		= "2. State or Province Name   (full name)    "
+			stateOrProvinceName_default	= ""
+			localityName                    = "3. Locality Name            (eg, city)     "
+			localityName_default		= ""
+			0.organizationName		= "4. Organization Name        (eg, company)  "
+			0.organizationName_default	= "LDAP Server"
+			organizationalUnitName		= "5. Organizational Unit Name (eg, section)  "
+			organizationalUnitName_default	= "For testing purposes only"
+			commonName			= "6. Common Name              (eg, CA name)  "
+			commonName_max			= 64
+			commonName_default		= "${COMMONNAME}"
+			emailAddress			= "7. Email Address            (eg, name@FQDN)"
+			emailAddress_max		= 40
+			emailAddress_default		= ""
+EOT
+		;;
+		*)
+			echo "Wrong answer, retry!"
+			exit 1
+		;;
+	esac 
+fi
+
+echo ""
+
+${openssl} req -config ${cfgfile} ${opensslopts} -new -rand ${randfile} -x509 -nodes -out ${pemfile} -keyout ${pemfile} -days 999999  
+
+if [ $? -ne 0 ]; then
+	echo "cca:Error: Failed to generate certificate " 1>&2
+	exit 1
+else
+	echo -e "\nCertificate creation done!"
+fi
+
+if [ -f ${randfile} ]; then
+	rm -f ${randfile}
+fi
+
+if [ -f ${pemfile} ]; then
+	fixperms
+fi