Commit 250-r1 with modified timeout values. Please see my blog posting http://tinyurl.com/qewur for a detailed explaination.

Package-Manager: portage-2.1

5 files changed, 163 insertions, 5 deletions

diff --git a/sys-auth/nss_ldap/ChangeLog b/sys-auth/nss_ldap/ChangeLog
index a8ed16d0b164..dbe9f91ffb6b 100644
--- a/sys-auth/nss_ldap/ChangeLog
+++ b/sys-auth/nss_ldap/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-auth/nss_ldap
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.23 2006/06/11 10:20:23 blubb Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.24 2006/06/14 09:27:42 robbat2 Exp $
+
+*nss_ldap-250-r1 (14 Jun 2006)
+
+  14 Jun 2006; Robin H. Johnson <robbat2@gentoo.org>
+  +files/nss_ldap-250-reconnect-timeouts.patch, +nss_ldap-250-r1.ebuild:
+  Commit 250-r1 with modified timeout values. Please see my blog posting
+  http://tinyurl.com/qewur for a detailed explaination.
 
   11 Jun 2006; Simon Stelling <blubb@gentoo.org> nss_ldap-249.ebuild:
   stable on amd64
diff --git a/sys-auth/nss_ldap/Manifest b/sys-auth/nss_ldap/Manifest
index 5bfa517b4efc..9609bdb244cc 100644
--- a/sys-auth/nss_ldap/Manifest
+++ b/sys-auth/nss_ldap/Manifest
@@ -18,6 +18,10 @@ AUX nss_ldap-249-sasl-compile.patch 282 RMD160 dcca3b25794db3d5db82ec6b9ed423af8
 MD5 28418d13af929c2bc04bb96248ddceda files/nss_ldap-249-sasl-compile.patch 282
 RMD160 dcca3b25794db3d5db82ec6b9ed423af829f2de0 files/nss_ldap-249-sasl-compile.patch 282
 SHA256 3da93087461fb970d5da9fe6b169f5493ca83ae2149cb03be9e8486bfcf437d6 files/nss_ldap-249-sasl-compile.patch 282
+AUX nss_ldap-250-reconnect-timeouts.patch 3469 RMD160 791e7d198e26144343498cf35b5cafb4b7ecfb4e SHA1 c99f896bf094a6497e6eb774be803ed92876e685 SHA256 4e8143e5c27573c54c905799c8475e13034fbd9eb43882098115cac6bcad1e01
+MD5 8e04b77c3bd44228a02b9765d204e57a files/nss_ldap-250-reconnect-timeouts.patch 3469
+RMD160 791e7d198e26144343498cf35b5cafb4b7ecfb4e files/nss_ldap-250-reconnect-timeouts.patch 3469
+SHA256 4e8143e5c27573c54c905799c8475e13034fbd9eb43882098115cac6bcad1e01 files/nss_ldap-250-reconnect-timeouts.patch 3469
 AUX nsswitch.ldap.diff 575 RMD160 6c429261de3f99eccfb6f613e0d8a499fa798245 SHA1 a2aada398f1db0eb162633d39992646ce513a3b6 SHA256 f3bf121d1fa4e3c0119d36ddd2445bcbbd955e2b7fe2f0fe65ebaa6d2808c43e
 MD5 1fe060c70b1c673346b696dbe194260a files/nsswitch.ldap.diff 575
 RMD160 6c429261de3f99eccfb6f613e0d8a499fa798245 files/nsswitch.ldap.diff 575
@@ -99,14 +103,18 @@ EBUILD nss_ldap-249.ebuild 1431 RMD160 3a752fab157ba4747cf59e6643b4908888e4a6f7
 MD5 c2d3fe70429961227a9843075d83515a nss_ldap-249.ebuild 1431
 RMD160 3a752fab157ba4747cf59e6643b4908888e4a6f7 nss_ldap-249.ebuild 1431
 SHA256 c7667a881cea60fc6466b01b542a0ce139973afe46866714a3b774ab7c77abd2 nss_ldap-249.ebuild 1431
+EBUILD nss_ldap-250-r1.ebuild 1693 RMD160 124f03a51c5327287dc8560fc1a8b5a5fe8680ad SHA1 08ca73cf8b647d2343e23995806575e710f88c18 SHA256 717735e0a60977b3fae0b965c15761bd99d340998304d3c10ead0bca1cd7e8f3
+MD5 69663163cd42ac20dc33fe8fb4a9b4a1 nss_ldap-250-r1.ebuild 1693
+RMD160 124f03a51c5327287dc8560fc1a8b5a5fe8680ad nss_ldap-250-r1.ebuild 1693
+SHA256 717735e0a60977b3fae0b965c15761bd99d340998304d3c10ead0bca1cd7e8f3 nss_ldap-250-r1.ebuild 1693
 EBUILD nss_ldap-250.ebuild 1635 RMD160 654f59b80ae4e74275b3e60d9eff2e94d4dc98be SHA1 00cfa3bfa8b4d986a2c4bf33af9130c63f3ed8c4 SHA256 1b30dcfdba73edaed5f1a2b529075695330b04e2a4e961120e6185a624e1446b
 MD5 56b97cbabe2edecf2df93dcc6d22ff68 nss_ldap-250.ebuild 1635
 RMD160 654f59b80ae4e74275b3e60d9eff2e94d4dc98be nss_ldap-250.ebuild 1635
 SHA256 1b30dcfdba73edaed5f1a2b529075695330b04e2a4e961120e6185a624e1446b nss_ldap-250.ebuild 1635
-MISC ChangeLog 9613 RMD160 fc1603ae4160f39da3c3ed840cd62cc30c4df7b7 SHA1 c5d4cb5dbf4ad71d9680b0047b263b313b41ef1f SHA256 47a75b1847aa77d04ef67f1407d147657e1fb62af4736756b0c0efb319f03a6a
-MD5 432df45beab449866bb7af94aacf4abd ChangeLog 9613
-RMD160 fc1603ae4160f39da3c3ed840cd62cc30c4df7b7 ChangeLog 9613
-SHA256 47a75b1847aa77d04ef67f1407d147657e1fb62af4736756b0c0efb319f03a6a ChangeLog 9613
+MISC ChangeLog 9903 RMD160 1a7cf30646bf0ebf579cdb86754e1689246ec8bc SHA1 501bd944cd9a9cc92e8180426036ec15731149a4 SHA256 9147bfa28080f521805dac23c26fa3c830f2b5454ddab5d8dc1a94c61325afbb
+MD5 bd941dbc53c5baf69399259aa6e1e792 ChangeLog 9903
+RMD160 1a7cf30646bf0ebf579cdb86754e1689246ec8bc ChangeLog 9903
+SHA256 9147bfa28080f521805dac23c26fa3c830f2b5454ddab5d8dc1a94c61325afbb ChangeLog 9903
 MISC metadata.xml 255 RMD160 2a5b1ef0df8360b2a563653844baae48e44c6e79 SHA1 8124f773eff8377a014c4a83dfb6f3071ad80bd1 SHA256 c3d87e158edbe4189c6e38c4c891285af2e68b0fbef16d59cb6326e287da0cb6
 MD5 5ba8c9c9be079ebcbc93c08f838665bd metadata.xml 255
 RMD160 2a5b1ef0df8360b2a563653844baae48e44c6e79 metadata.xml 255
@@ -162,3 +170,6 @@ SHA256 9eac77f088564033acecca13bf17a1b258551aaf8b90c92ee6299590cd531761 files/di
 MD5 7ac106fb359c99788821d3af16ba43b9 files/digest-nss_ldap-250 238
 RMD160 0011000e693134d77e1763f121fcfb49793d48e9 files/digest-nss_ldap-250 238
 SHA256 bd240b5c731421498f5b6a53f6abd38d28c9596e0175d6ed390ac46e98ca5a69 files/digest-nss_ldap-250 238
+MD5 7ac106fb359c99788821d3af16ba43b9 files/digest-nss_ldap-250-r1 238
+RMD160 0011000e693134d77e1763f121fcfb49793d48e9 files/digest-nss_ldap-250-r1 238
+SHA256 bd240b5c731421498f5b6a53f6abd38d28c9596e0175d6ed390ac46e98ca5a69 files/digest-nss_ldap-250-r1 238
diff --git a/sys-auth/nss_ldap/files/digest-nss_ldap-250-r1 b/sys-auth/nss_ldap/files/digest-nss_ldap-250-r1
new file mode 100644
index 000000000000..04f7f1e0783b
--- /dev/null
+++ b/sys-auth/nss_ldap/files/digest-nss_ldap-250-r1
@@ -0,0 +1,3 @@
+MD5 ac1bcdaf0765b57b7d9023aa9cd07fb6 nss_ldap-250.tar.gz 240122
+RMD160 52a27c0282d43c0b4e291dceaeeac7fcf43d8ece nss_ldap-250.tar.gz 240122
+SHA256 555c8fc9585478bc31b25349469685fbb6036cc6895e3761731c2c0e7accf2f0 nss_ldap-250.tar.gz 240122
diff --git a/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch
new file mode 100644
index 000000000000..dc8a37a916ed
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-250-reconnect-timeouts.patch
@@ -0,0 +1,71 @@
+This patch changes the default timeouts, so that they are much lower, and do
+not cause major delays when booting a system. This is a workaround until the
+core /etc/{passwd,group} contain all of the data needed for a system boot.
+
+Also add a note that 'ssl on' is broken and TLS should be used instead.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap-nss.h nss_ldap-250/ldap-nss.h
+--- nss_ldap-250.orig/ldap-nss.h	2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap-nss.h	2006-06-14 01:58:01.933005492 -0700
+@@ -96,9 +96,9 @@
+  * unacceptable, in which case you may wish to adjust
+  * the constants below.
+  */
+-#define LDAP_NSS_TRIES           5	/* number of sleeping reconnect attempts */
+-#define LDAP_NSS_SLEEPTIME       4	/* seconds to sleep; doubled until max */
+-#define LDAP_NSS_MAXSLEEPTIME    64	/* maximum seconds to sleep */
++#define LDAP_NSS_TRIES           4	/* number of sleeping reconnect attempts */
++#define LDAP_NSS_SLEEPTIME       1	/* seconds to sleep; doubled until max */
++#define LDAP_NSS_MAXSLEEPTIME    16	/* maximum seconds to sleep */
+ #define LDAP_NSS_MAXCONNTRIES    2	/* reconnect attempts before sleeping */
+ 
+ #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap.conf nss_ldap-250/ldap.conf
+--- nss_ldap-250.orig/ldap.conf	2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap.conf	2006-06-14 02:12:02.008444745 -0700
+@@ -1,4 +1,4 @@
+- @(#)$Id: ldap.conf,v 2.46 2006/04/13 03:25:56 lukeh Exp $
++# @(#)$Id: ldap.conf,v 2.46 2006/04/13 03:25:56 lukeh Exp $
+ #
+ # This is the configuration file for the LDAP nameservice
+ # switch library and the LDAP PAM module.
+@@ -283,7 +283,8 @@
+ # OpenLDAP SSL mechanism
+ # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
+ #ssl start_tls
+-#ssl on
++###ssl on
++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead.
+ 
+ # OpenLDAP SSL options
+ # Require and verify server certificate (yes/no)
+@@ -315,3 +316,27 @@
+ # Override the default Kerberos ticket cache location.
+ #krb5_ccname FILE:/etc/.ldapcache
+ 
++# Timeout behavior
++# Upstream nss_ldap hard-codes these values:
++#nss_reconnect_tries 5			# number of times to double the sleep time
++#nss_reconnect_sleeptime 4		# initial sleep value
++#nss_reconnect_maxsleeptime 64	# max sleep value to cap at
++#nss_reconnect_maxconntries 2	# how many tries before sleeping
++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the
++# server is not available.
++
++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values
++# (The hardwired constants in the code are changed to them as well):
++nss_reconnect_tries 4			# number of times to double the sleep time
++nss_reconnect_sleeptime 1		# initial sleep value
++nss_reconnect_maxsleeptime 16	# max sleep value to cap at
++nss_reconnect_maxconntries 2	# how many tries before sleeping
++# This leads to a delay of 15 seconds (1+2+4+8=15)
++
++# If you are impatient, and know your LDAP server is reliable, fast or local,
++# you may wish to use these values instead:
++#nss_reconnect_tries 1			# number of times to double the sleep time
++#nss_reconnect_sleeptime 1		# initial sleep value
++#nss_reconnect_maxsleeptime 1	# max sleep value to cap at
++#nss_reconnect_maxconntries 3	# how many tries before sleeping
++# This leads to a delay of 1 second.
diff --git a/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild b/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild
new file mode 100644
index 000000000000..c06012f9e6b1
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/nss_ldap-250-r1.ebuild,v 1.1 2006/06/14 09:27:42 robbat2 Exp $
+
+inherit fixheadtails eutils gnuconfig multilib
+
+IUSE="debug sasl"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+		sasl? ( dev-libs/cyrus-sasl )"
+RDEPEND="${DEPEND}"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/nsswitch.ldap.diff
+	epatch ${FILESDIR}/${PN}-239-tls-security-bug.patch
+	epatch ${FILESDIR}/${PN}-249-sasl-compile.patch
+	epatch ${FILESDIR}/${PN}-250-reconnect-timeouts.patch
+	# fix head/tail stuff
+	ht_fix_file ${S}/Makefile.am ${S}/Makefile.in ${S}/depcomp
+	# fix build borkage
+	for i in Makefile.{in,am}; do
+	  sed -i.orig \
+	    -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+	    ${S}/$i
+	done
+	# update config.{guess,sub}
+	gnuconfig_update
+}
+
+src_compile() {
+	local myconf=""
+	use debug && myconf="${myconf} --enable-debugging"
+
+	econf \
+		--with-ldap-lib=openldap \
+		--libdir=/$(get_libdir) \
+		--enable-schema-mapping \
+		--enable-paged-results \
+		--enable-rfc2307bis \
+		${myconf} || die "configure failed"
+
+	emake || die "make failed"
+}
+
+src_install() {
+	dodir /$(get_libdir)
+
+	emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+	insinto /etc
+	doins ldap.conf
+
+	dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+		COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+	docinto docs; dodoc doc/*
+}