Blob Blame History Raw

%global pkgname   dirsrv
%global srcname   389-ds-base

# Exclude i686 bit arches
ExcludeArch: i686

# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release
# also remove the space between % and global - this space is needed because
# fedpkg verrel stupidly ignores comment lines
#% global prerel .rc3
# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release
#% global relprefix 0.

# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
%global use_Socket6 0

%global use_asan 0
%global use_rust 1
%global use_legacy 1
%global bundle_jemalloc 1
%if %{use_asan}
%global bundle_jemalloc 0

%if %{bundle_jemalloc}
%global jemalloc_name jemalloc
%global jemalloc_ver 5.3.0
%global __provides_exclude ^libjemalloc\\.so.*$

# Use Clang instead of GCC
%global use_clang 0

# fedora 15 and later uses tmpfiles.d
# otherwise, comment this out
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}

# systemd support
%global groupname %{pkgname}.target

# set PIE flag
%global _hardened_build 1

# Filter argparse-manpage from autogenerated package Requires
%global __requires_exclude ^python.*argparse-manpage

Summary:          389 Directory Server (base)
Name:             389-ds-base
Release:          %{?relprefix}1%{?prerel}%{?dist}
License:          GPLv3+ and ASL 2.0 and MIT
Group:            System Environment/Daemons
Conflicts:        selinux-policy-base < 3.9.8
Conflicts:        freeipa-server < 4.0.3
Obsoletes:        %{name} <=
Provides:         ldif2ldbm >= 0

##### Bundled cargo crates list - START #####
Provides:  bundled(crate(ahash)) = 0.7.6
Provides:  bundled(crate(ansi_term)) = 0.12.1
Provides:  bundled(crate(atty)) = 0.2.14
Provides:  bundled(crate(autocfg)) = 1.1.0
Provides:  bundled(crate(base64)) = 0.13.1
Provides:  bundled(crate(bitflags)) = 1.3.2
Provides:  bundled(crate(byteorder)) = 1.4.3
Provides:  bundled(crate(cbindgen)) = 0.9.1
Provides:  bundled(crate(cc)) = 1.0.76
Provides:  bundled(crate(cfg-if)) = 1.0.0
Provides:  bundled(crate(clap)) = 2.34.0
Provides:  bundled(crate(concread)) = 0.2.21
Provides:  bundled(crate(crossbeam)) = 0.8.2
Provides:  bundled(crate(crossbeam-channel)) = 0.5.6
Provides:  bundled(crate(crossbeam-deque)) = 0.8.2
Provides:  bundled(crate(crossbeam-epoch)) = 0.9.11
Provides:  bundled(crate(crossbeam-queue)) = 0.3.6
Provides:  bundled(crate(crossbeam-utils)) = 0.8.12
Provides:  bundled(crate(entryuuid)) = 0.1.0
Provides:  bundled(crate(entryuuid_syntax)) = 0.1.0
Provides:  bundled(crate(fastrand)) = 1.8.0
Provides:  bundled(crate(fernet)) = 0.1.4
Provides:  bundled(crate(foreign-types)) = 0.3.2
Provides:  bundled(crate(foreign-types-shared)) = 0.1.1
Provides:  bundled(crate(getrandom)) = 0.2.8
Provides:  bundled(crate(hashbrown)) = 0.12.3
Provides:  bundled(crate(hermit-abi)) = 0.1.19
Provides:  bundled(crate(instant)) = 0.1.12
Provides:  bundled(crate(itoa)) = 1.0.4
Provides:  bundled(crate(jobserver)) = 0.1.25
Provides:  bundled(crate(libc)) = 0.2.137
Provides:  bundled(crate(librnsslapd)) = 0.1.0
Provides:  bundled(crate(librslapd)) = 0.1.0
Provides:  bundled(crate(lock_api)) = 0.4.9
Provides:  bundled(crate(log)) = 0.4.17
Provides:  bundled(crate(lru)) = 0.7.8
Provides:  bundled(crate(memoffset)) = 0.6.5
Provides:  bundled(crate(once_cell)) = 1.16.0
Provides:  bundled(crate(openssl)) = 0.10.42
Provides:  bundled(crate(openssl-macros)) = 0.1.0
Provides:  bundled(crate(openssl-sys)) = 0.9.77
Provides:  bundled(crate(parking_lot)) = 0.11.2
Provides:  bundled(crate(parking_lot_core)) = 0.8.5
Provides:  bundled(crate(paste)) = 0.1.18
Provides:  bundled(crate(paste-impl)) = 0.1.18
Provides:  bundled(crate(pin-project-lite)) = 0.2.9
Provides:  bundled(crate(pkg-config)) = 0.3.26
Provides:  bundled(crate(ppv-lite86)) = 0.2.17
Provides:  bundled(crate(proc-macro-hack)) = 0.5.19
Provides:  bundled(crate(proc-macro2)) = 1.0.47
Provides:  bundled(crate(pwdchan)) = 0.1.0
Provides:  bundled(crate(quote)) = 1.0.21
Provides:  bundled(crate(rand)) = 0.8.5
Provides:  bundled(crate(rand_chacha)) = 0.3.1
Provides:  bundled(crate(rand_core)) = 0.6.4
Provides:  bundled(crate(redox_syscall)) = 0.2.16
Provides:  bundled(crate(remove_dir_all)) = 0.5.3
Provides:  bundled(crate(rsds)) = 0.1.0
Provides:  bundled(crate(ryu)) = 1.0.11
Provides:  bundled(crate(scopeguard)) = 1.1.0
Provides:  bundled(crate(serde)) = 1.0.147
Provides:  bundled(crate(serde_derive)) = 1.0.147
Provides:  bundled(crate(serde_json)) = 1.0.87
Provides:  bundled(crate(slapd)) = 0.1.0
Provides:  bundled(crate(slapi_r_plugin)) = 0.1.0
Provides:  bundled(crate(smallvec)) = 1.10.0
Provides:  bundled(crate(strsim)) = 0.8.0
Provides:  bundled(crate(syn)) = 1.0.103
Provides:  bundled(crate(synstructure)) = 0.12.6
Provides:  bundled(crate(tempfile)) = 3.3.0
Provides:  bundled(crate(textwrap)) = 0.11.0
Provides:  bundled(crate(tokio)) = 1.21.2
Provides:  bundled(crate(tokio-macros)) = 1.8.0
Provides:  bundled(crate(toml)) = 0.5.9
Provides:  bundled(crate(unicode-ident)) = 1.0.5
Provides:  bundled(crate(unicode-width)) = 0.1.10
Provides:  bundled(crate(unicode-xid)) = 0.2.4
Provides:  bundled(crate(uuid)) = 0.8.2
Provides:  bundled(crate(vcpkg)) = 0.2.15
Provides:  bundled(crate(vec_map)) = 0.8.2
Provides:  bundled(crate(version_check)) = 0.9.4
Provides:  bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1
Provides:  bundled(crate(winapi)) = 0.3.9
Provides:  bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
Provides:  bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
Provides:  bundled(crate(zeroize)) = 1.5.7
Provides:  bundled(crate(zeroize_derive)) = 1.3.2
##### Bundled cargo crates list - END #####

BuildRequires:    nspr-devel >= 4.32
BuildRequires:    nss-devel >= 3.67.0-7
BuildRequires:    perl-generators
BuildRequires:    openldap-devel
BuildRequires:    libdb-devel
BuildRequires:    cyrus-sasl-devel
BuildRequires:    icu
BuildRequires:    libicu-devel
BuildRequires:    pcre-devel
BuildRequires:    cracklib-devel
%if %{use_clang}
BuildRequires:    libatomic
BuildRequires:    clang
BuildRequires:    gcc
BuildRequires:    gcc-c++
# The following are needed to build the snmp ldap-agent
BuildRequires:    net-snmp-devel
BuildRequires:    lm_sensors-devel
BuildRequires:    bzip2-devel
BuildRequires:    zlib-devel
BuildRequires:    openssl-devel
# the following is for the pam passthru auth plug-in
BuildRequires:    pam-devel
BuildRequires:    systemd-units
BuildRequires:    systemd-devel
%if %{use_asan}
BuildRequires:    libasan
# If rust is enabled
%if %{use_rust}
BuildRequires: cargo
BuildRequires: rust
BuildRequires:    pkgconfig
BuildRequires:    pkgconfig(systemd)
BuildRequires:    pkgconfig(krb5)

# Needed to support regeneration of the autotool artifacts.
BuildRequires:    autoconf
BuildRequires:    automake
BuildRequires:    libtool
# For our documentation
BuildRequires:    doxygen
# For tests!
BuildRequires:    libcmocka-devel
BuildRequires:    libevent-devel
# For lib389 and related components
BuildRequires:    python%{python3_pkgversion}
BuildRequires:    python%{python3_pkgversion}-devel
BuildRequires:    python%{python3_pkgversion}-setuptools
BuildRequires:    python%{python3_pkgversion}-ldap
BuildRequires:    python%{python3_pkgversion}-six
BuildRequires:    python%{python3_pkgversion}-pyasn1
BuildRequires:    python%{python3_pkgversion}-pyasn1-modules
BuildRequires:    python%{python3_pkgversion}-dateutil
BuildRequires:    python%{python3_pkgversion}-argcomplete
BuildRequires:    python%{python3_pkgversion}-argparse-manpage
BuildRequires:    python%{python3_pkgversion}-policycoreutils
BuildRequires:    python%{python3_pkgversion}-libselinux

# For cockpit
BuildRequires:    rsync

Requires:         %{name}-libs = %{version}-%{release}
Requires:         python%{python3_pkgversion}-lib389 = %{version}-%{release}

# this is needed for using semanage from our setup scripts
Requires:         policycoreutils-python-utils
Requires:         /usr/sbin/semanage
Requires:         libsemanage-python%{python3_pkgversion}

Requires:         selinux-policy >= 3.14.1-29

# the following are needed for some of our scripts
Requires:         openldap-clients
Requires:         openssl-perl
Requires:         python%{python3_pkgversion}-ldap

# this is needed to setup SSL if you are not using the
# administration server package
Requires:         nss-tools
Requires:         nspr >= 4.32
Requires:         nss >= 3.67.0-7

# these are not found by the auto-dependency method
# they are required to support the mandatory LDAP SASL mechs
Requires:         cyrus-sasl-gssapi
Requires:         cyrus-sasl-md5
Requires:         cyrus-sasl-plain

# this is needed for
Requires:         libdb-utils

# Needed for password dictionary checks
Requires:         cracklib-dicts

# This picks up as a Requires, so we add this versioned one
Requires:         perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires:         perl-Errno >= 1.23-360

# Needed by
Requires:         perl-DB_File
Requires:         perl-Archive-Tar

# Needed for password dictionary checks
Requires:         cracklib-dicts

# Picks up our systemd deps.

Obsoletes:        %{name} <=

# should be used to generate the source tarball from git
Source1:          %{name}
Source2:          %{name}-devel.README
%if %{bundle_jemalloc}
%if %{use_rust}
Source4:          vendor-%{version}-1.tar.gz
Source5:          Cargo.lock

389 Directory Server is an LDAPv3 compliant server.  The base package includes
the LDAP server and command line utilities for server administration.
%if %{use_asan}
WARNING! This build is linked to Address Sanitisation libraries. This probably
isn't what you want. Please contact support immediately.
Please see for more information.

%package          libs
Summary:          Core libraries for 389 Directory Server
Group:            System Environment/Daemons
BuildRequires:    nspr-devel >= 4.32
BuildRequires:    nss-devel >= 3.67.0-7
BuildRequires:    openldap-devel
BuildRequires:    libdb-devel
BuildRequires:    cyrus-sasl-devel
BuildRequires:    libicu-devel
BuildRequires:    pcre-devel
BuildRequires:    libtalloc-devel
BuildRequires:    libevent-devel
BuildRequires:    libtevent-devel
Requires:         krb5-libs
Requires:         libevent
BuildRequires:    systemd-devel
Provides:         svrcore = 4.1.4
Conflicts:        svrcore
Obsoletes:        svrcore <= 4.1.3

%description      libs
Core libraries for the 389 Directory Server base package.  These libraries
are used by the main package and the -devel package.  This allows the -devel
package to be installed with just the -libs package and without the main package.

%if %{use_legacy}
%package          legacy-tools
Summary:          Legacy utilities for 389 Directory Server
Group:            System Environment/Daemons
Obsoletes:        %{name} <=
Requires:         %{name}-libs = %{version}-%{release}
# for to support ipv6
%if %{use_Socket6}
Requires:         perl-Socket6
Requires:         perl-Socket
Requires:         perl-NetAddr-IP
# use_openldap assumes perl-Mozilla-LDAP is built with openldap support
Requires:         perl-Mozilla-LDAP
# for
Requires:         bind-utils
%global __provides_exclude_from %{_libdir}/%{pkgname}/perl
%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog)

%description      legacy-tools
Legacy (and deprecated) utilities for 389 Directory Server. This includes
the old account management and task scripts. These are deprecated in favour of
the dscreate, dsctl, dsconf and dsidm tools.

%package          devel
Summary:          Development libraries for 389 Directory Server
Group:            Development/Libraries
Requires:         %{name}-libs = %{version}-%{release}
Requires:         pkgconfig
Requires:         nspr-devel >= 4.32
Requires:         nss-devel >= 3.67.0-7
Requires:         openldap-devel
Requires:         libtalloc
Requires:         libevent
Requires:         libtevent
Requires:         systemd-libs
Provides:         svrcore-devel = 4.1.4
Conflicts:        svrcore-devel
Obsoletes:        svrcore-devel <= 4.1.3

%description      devel
Development Libraries and headers for the 389 Directory Server base package.

%package          snmp
Summary:          SNMP Agent for 389 Directory Server
Group:            System Environment/Daemons
Requires:         %{name} = %{version}-%{release}

Obsoletes:        %{name} <=

%description      snmp
SNMP Agent for the 389 Directory Server base package.

%package -n python%{python3_pkgversion}-lib389
Summary:  A library for accessing, testing, and configuring the 389 Directory Server
BuildArch:        noarch
Group:            Development/Libraries
Requires: 389-ds-base
Requires: openssl
Requires: iproute
Requires: platform-python
Recommends: bash-completion
Requires: python%{python3_pkgversion}-ldap
Requires: python%{python3_pkgversion}-six
Requires: python%{python3_pkgversion}-pyasn1
Requires: python%{python3_pkgversion}-pyasn1-modules
Requires: python%{python3_pkgversion}-dateutil
Requires: python%{python3_pkgversion}-argcomplete
Requires: python%{python3_pkgversion}-libselinux
Requires: python%{python3_pkgversion}-setuptools
Requires: python%{python3_pkgversion}-distro
%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}

%description -n python%{python3_pkgversion}-lib389
This module contains tools and libraries for accessing, testing,
 and configuring the 389 Directory Server.

%package -n cockpit-389-ds
Summary:          Cockpit UI Plugin for configuring and administering the 389 Directory Server
BuildArch:        noarch
Requires:         cockpit
Requires:         platform-python
Requires:         python%{python3_pkgversion}-lib389

%description -n cockpit-389-ds
A cockpit UI Plugin for configuring and administering the 389 Directory Server

%autosetup -p1 -v -n %{name}-%{version}%{?prerel}
%if %{use_rust}
tar xvzf %{SOURCE4}
cp %{SOURCE5} src/
%if %{bundle_jemalloc}
%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
cp %{SOURCE2} README.devel


%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
# hack hack hack
NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"

%if %{use_asan}
ASAN_FLAGS="--enable-asan --enable-debug"

%if %{use_rust}
RUST_FLAGS="--enable-rust --enable-rust-offline"

%if %{use_legacy}
LEGACY_FLAGS="--enable-legacy --enable-perl"
LEGACY_FLAGS="--disable-legacy --disable-perl"

%if %{use_clang}
export CC=clang
export CXX=clang++

%if %{bundle_jemalloc}
# Override page size, bz #1545539
# 4K
%ifarch %ix86 %arm x86_64 s390x
%define lg_page --with-lg-page=12

# 64K
%ifarch ppc64 ppc64le aarch64
%define lg_page --with-lg-page=16

# Override huge page size on aarch64
# 2M instead of 512M
%ifarch aarch64
%define lg_hugepage --with-lg-hugepage=21

# Build jemalloc
pushd ../%{jemalloc_name}-%{jemalloc_ver}
%configure \
        --libdir=%{_libdir}/%{pkgname}/lib \
        --bindir=%{_libdir}/%{pkgname}/bin \
make %{?_smp_mflags}        

# Enforce strict linking
%define _strict_symbol_defs_build 1

# Rebuild the autotool artifacts now.
autoreconf -fiv

%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
           --with-systemd \
           --with-systemdsystemunitdir=%{_unitdir} \
           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
           --with-systemdgroupname=%{groupname}  \
           --libexecdir=%{_libexecdir}/%{pkgname} \

# lib389
pushd ./src/lib389
# argparse-manpage dynamic man pages have hardcoded man v1 in header,
# need to change it to v8
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8
sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8

# Generate symbolic info for debuggers

#make %{?_smp_mflags}


mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
mkdir -p %{buildroot}%{_datadir}/cockpit
make DESTDIR="$RPM_BUILD_ROOT" install

# Cockpit file list
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list

# Copy in our docs from doxygen.
cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3

# lib389
pushd src/lib389

mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/3lock/%{pkgname}

# for systemd
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants

#remove libtool archives and static libs
find %{buildroot} -type f -name "*.la" -delete
find %{buildroot} -type f -name "*.a" -delete

%if %{use_legacy}
# make sure perl scripts have a proper shebang
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl

%if %{bundle_jemalloc}
pushd ../%{jemalloc_name}-%{jemalloc_ver}
make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc
cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc

# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi


if [ -n "$DEBUGPOSTTRANS" ] ; then

# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :

# Soft static allocation for UID and GID

getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME
if ! getent passwd $USERNAME >/dev/null ; then
    if ! getent passwd $ALLOCATED_UID >/dev/null ; then
      /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
      /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME

# Reload our sysctl before we restart (if we can)
sysctl --system &> $output; true

if [ $1 -eq 0 ]; then # Final removal
    # remove instance specific service files/links
    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :

if [ $1 = 0 ]; then # Final removal
    rm -rf /var/run/%{pkgname}

%post snmp
%systemd_post %{pkgname}-snmp.service

%preun snmp
%systemd_preun %{pkgname}-snmp.service %{groupname}

%postun snmp
%systemd_postun_with_restart %{pkgname}-snmp.service

%if %{use_legacy}
%post legacy-tools


if [ -n "$DEBUGPOSTTRANS" ] ; then

# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total

echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
for dir in $instbase/slapd-* ; do
    echo dir = $dir >> $output 2>&1 || :
    if [ ! -d "$dir" ] ; then continue ; fi
    case "$dir" in *.removed) continue ;; esac
    basename=`basename $dir`
    inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
    echo found instance $inst - getting status  >> $output 2>&1 || :
    if /bin/systemctl -q is-active $inst ; then
       echo instance $inst is running >> $output 2>&1 || :
       instances="$instances $inst"
       echo instance $inst is not running >> $output 2>&1 || :
    ninst=`expr $ninst + 1`
if [ $ninst -eq 0 ] ; then
    echo no instances to upgrade >> $output 2>&1 || :
    exit 0 # have no instances to upgrade - just skip the rest
# shutdown all instances
echo shutting down all instances . . . >> $output 2>&1 || :
for inst in $instances ; do
    echo stopping instance $inst >> $output 2>&1 || :
    /bin/systemctl stop $inst >> $output 2>&1 || :
echo remove pid files . . . >> $output 2>&1 || :
/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid
# do the upgrade
echo upgrading instances . . . >> $output 2>&1 || :
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
    %{_sbindir}/ -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
    %{_sbindir}/ -u -s General.UpdateMode=offline >> $output 2>&1 || :

# restart instances that require it
for inst in $instances ; do
    echo restarting instance $inst >> $output 2>&1 || :
    /bin/systemctl start $inst >> $output 2>&1 || :

exit 0

%if %{bundle_jemalloc}
%license COPYING.jemalloc
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%dir %{_sysconfdir}/%{pkgname}/config
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
# Remove for now: %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
%dir %{_libdir}/%{pkgname}/plugins
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
# sysctl.d is always in /lib.
%dir %{_localstatedir}/lib/%{pkgname}
%dir %{_localstatedir}/log/%{pkgname}
%ghost %dir %{_localstatedir}/lock/%{pkgname}
%exclude %{_sbindir}/ldap-agent*
%exclude %{_mandir}/man1/ldap-agent.1.gz
%exclude %{_unitdir}/%{pkgname}-snmp.service
%if %{bundle_jemalloc}
%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
%exclude %{_libdir}/%{pkgname}/bin/
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
%exclude %{_libdir}/%{pkgname}/lib/
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
%exclude %{_libdir}/%{pkgname}/lib/pkgconfig

%files devel

%files libs
%dir %{_libdir}/%{pkgname}
%if %{bundle_jemalloc}

%if %{use_legacy}
%files legacy-tools

%files snmp

%files -n python%{python3_pkgversion}-lib389

%files -n cockpit-389-ds -f cockpit.list

* Tue Nov 15 2022 Mark Reynolds <> -
- Bump version to
- Resolves: Bug 2098138 - broken nsslapd-subtree-rename-switch option in rhds11
- Resolves: Bug 2119063 - entryuuid fixup tasks fails because entryUUID is not mutable
- Resolves: Bug 2136610 - [RFE] Add 'cn' attribute to IPA audit logs 
- Resolves: Bug 2142638 - pam mutex lock causing high etimes, affecting red hat internal sso
- Resolves: Bug 2096795 - [RFE] Support ECDSA private keys for TLS