summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-auth/nss_ldap
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'sys-auth/nss_ldap')
-rw-r--r--sys-auth/nss_ldap/Manifest6
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch42
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch11
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch65
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch226
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-254-soname.patch12
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch92
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch65
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch109
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch432
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch35
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch101
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch481
-rw-r--r--sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch57
-rw-r--r--sys-auth/nss_ldap/files/nsswitch.ldap.diff15
-rw-r--r--sys-auth/nss_ldap/metadata.xml15
-rw-r--r--sys-auth/nss_ldap/nss_ldap-258.ebuild80
-rw-r--r--sys-auth/nss_ldap/nss_ldap-259.ebuild80
-rw-r--r--sys-auth/nss_ldap/nss_ldap-261.ebuild84
-rw-r--r--sys-auth/nss_ldap/nss_ldap-262.ebuild84
-rw-r--r--sys-auth/nss_ldap/nss_ldap-264-r1.ebuild102
-rw-r--r--sys-auth/nss_ldap/nss_ldap-264.ebuild99
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265-r1.ebuild114
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265-r2.ebuild122
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265-r4.ebuild141
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265-r5.ebuild149
-rw-r--r--sys-auth/nss_ldap/nss_ldap-265.ebuild106
27 files changed, 2925 insertions, 0 deletions
diff --git a/sys-auth/nss_ldap/Manifest b/sys-auth/nss_ldap/Manifest
new file mode 100644
index 000000000000..8a1698c3ee19
--- /dev/null
+++ b/sys-auth/nss_ldap/Manifest
@@ -0,0 +1,6 @@
+DIST nss_ldap-258.tar.gz 274694 SHA256 afa3bb64cd29557e775219585655721ac220de5804d95d0c307dab86f2308346 SHA512 0a92076214e6ffaa60929a9fdc34fe7c9a584a0789d54ea505e65a69eda88a3ee0382ea5a90c581073c95671fa3a50b8a8a529e30f4260afacb3820695773ecb WHIRLPOOL 2d9f5e950886b9714c9c8ca348df855054b9505ca0c7891ec919016c1fa8cd1ddc9723fe74c7ecadfa75504f8bb77b78c50a7e64d67f934d4064a26e3b381db1
+DIST nss_ldap-259.tar.gz 274878 SHA256 8b65a32717f6173911aaea8e89b2c89ccb901f14f1063f5e49b5ab77d45f1790
+DIST nss_ldap-261.tar.gz 276065 SHA256 7e9a6e8e1f07607b63f5f61fda755778fb1257e6599ac467327b6e817de5aad7
+DIST nss_ldap-262.tar.gz 274927 SHA256 179cd8458ae3cc23cb726cf15afb94089482dd22559ac503e7df5fd6fc2c4cbf
+DIST nss_ldap-264.tar.gz 278134 SHA256 556198f2774bdb61a597da3fa8a5ecc80a3271ed9ab177760df7c4f22d6b1d25 SHA512 e7decde11377f10ec98fd360a38cbf08b9af7e328e967e417367e9e501faf0868be67a6f8fc1dd9b1fe7ee2ae720ee791ed481e21e80f686e750351b3ea6e689 WHIRLPOOL 717bb86422fc93fdf157949e261858afbd61976d329d039854fab7c912b130c07ef226fa5c50ec3f2e3e7171e2ad0830017816eade377e36885cb5d0f8142245
+DIST nss_ldap-265.tar.gz 280976 SHA256 77b54d905f50d774f28d5559d49126f1bc76720f741b0864a64bb4936ec226a8 SHA512 c4584682968861dd5880992fe7d11c6005d94f0c17252ab1cda04380fd7a81b419ba7e87d0efa44c24c5ce5bf76b9fd8331034dddb4f1400f132eb2192472077 WHIRLPOOL 3e24f18cc9d40738b22f2f0747c081a70e788bc6eb4c742c4d70b153db1b500f27ea2a5bbb935438f020075a6dd198398dd335509fb523239a3f5184f92223c7
diff --git a/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch
new file mode 100644
index 000000000000..1dbd8dc889a1
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch
@@ -0,0 +1,42 @@
+--- ldap-nss.c 2004-09-28 03:20:11.000000000 +0100
++++ ldap-nss.c.new 2005-07-04 01:32:12.000000000 +0100
+@@ -330,6 +330,39 @@
+
+ timelimit = __session.ls_config->ldc_bind_timelimit;
+
++#ifdef HAVE_LDAP_START_TLS_S
++ if (__session.ls_config->ldc_ssl_on == SSL_START_TLS)
++ {
++ int version;
++
++ if (ldap_get_option
++ (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
++ &version) == LDAP_OPT_SUCCESS)
++ {
++ if (version < LDAP_VERSION3)
++ {
++ version = LDAP_VERSION3;
++ ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
++ &version);
++ }
++ }
++
++ debug ("==> start_tls");
++ if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS)
++ {
++ debug ("TLS startup succeeded");
++ }
++ else
++ {
++ debug ("TLS startup failed");
++ do_close ();
++ debug ("<== do_open");
++ return NSS_UNAVAIL;
++ }
++ debug ("<== start_tls");
++ }
++#endif /* HAVE_LDAP_START_TLS_S */
++
+ return do_bind (ld, timelimit, who, cred, with_sasl);
+ }
+ #else
diff --git a/sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch b/sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch
new file mode 100644
index 000000000000..1e92c9bb6fe5
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch
@@ -0,0 +1,11 @@
+--- ldap-nss.c~ 2006-02-25 02:43:33.503639826 -0800
++++ ldap-nss.c 2006-02-25 02:50:51.943806612 -0800
+@@ -72,6 +72,8 @@
+ #include <sasl/sasl.h>
+ #elif defined(HAVE_SASL_H)
+ #include <sasl.h>
++#elif defined(HAVE_SASL_SASL_H)
++#include <sasl/sasl.h>
+ #endif
+
+ #ifndef HAVE_SNPRINTF
diff --git a/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch
new file mode 100644
index 000000000000..285a34e3df4b
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch
@@ -0,0 +1,65 @@
+This patch changes the default timeouts, so that they are much lower, and do
+not cause major delays when booting a system. This is a workaround until the
+core /etc/{passwd,group} contain all of the data needed for a system boot.
+
+Also add a note that 'ssl on' is broken and TLS should be used instead.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap-nss.h nss_ldap-250/ldap-nss.h
+--- nss_ldap-250.orig/ldap-nss.h 2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap-nss.h 2006-06-14 01:58:01.933005492 -0700
+@@ -96,9 +96,9 @@
+ * unacceptable, in which case you may wish to adjust
+ * the constants below.
+ */
+-#define LDAP_NSS_TRIES 5 /* number of sleeping reconnect attempts */
+-#define LDAP_NSS_SLEEPTIME 4 /* seconds to sleep; doubled until max */
+-#define LDAP_NSS_MAXSLEEPTIME 64 /* maximum seconds to sleep */
++#define LDAP_NSS_TRIES 4 /* number of sleeping reconnect attempts */
++#define LDAP_NSS_SLEEPTIME 1 /* seconds to sleep; doubled until max */
++#define LDAP_NSS_MAXSLEEPTIME 16 /* maximum seconds to sleep */
+ #define LDAP_NSS_MAXCONNTRIES 2 /* reconnect attempts before sleeping */
+
+ #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)
+diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap.conf nss_ldap-250/ldap.conf
+--- nss_ldap-250.orig/ldap.conf 2006-04-26 18:19:00.000000000 -0700
++++ nss_ldap-250/ldap.conf 2006-06-14 02:12:02.008444745 -0700
+@@ -283,7 +283,8 @@
+ # OpenLDAP SSL mechanism
+ # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
+ #ssl start_tls
+-#ssl on
++###ssl on
++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead.
+
+ # OpenLDAP SSL options
+ # Require and verify server certificate (yes/no)
+@@ -315,3 +316,27 @@
+ # Override the default Kerberos ticket cache location.
+ #krb5_ccname FILE:/etc/.ldapcache
+
++# Timeout behavior
++# Upstream nss_ldap hard-codes these values:
++#nss_reconnect_tries 5 # number of times to double the sleep time
++#nss_reconnect_sleeptime 4 # initial sleep value
++#nss_reconnect_maxsleeptime 64 # max sleep value to cap at
++#nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the
++# server is not available.
++
++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values
++# (The hardwired constants in the code are changed to them as well):
++nss_reconnect_tries 4 # number of times to double the sleep time
++nss_reconnect_sleeptime 1 # initial sleep value
++nss_reconnect_maxsleeptime 16 # max sleep value to cap at
++nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 15 seconds (1+2+4+8=15)
++
++# If you are impatient, and know your LDAP server is reliable, fast or local,
++# you may wish to use these values instead:
++#nss_reconnect_tries 1 # number of times to double the sleep time
++#nss_reconnect_sleeptime 1 # initial sleep value
++#nss_reconnect_maxsleeptime 1 # max sleep value to cap at
++#nss_reconnect_maxconntries 3 # how many tries before sleeping
++# This leads to a delay of 1 second.
diff --git a/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch b/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch
new file mode 100644
index 000000000000..68809bcf1b1b
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch
@@ -0,0 +1,226 @@
+diff -c -r nss_ldap-250/ChangeLog nss_ldap-250.1/ChangeLog
+*** nss_ldap-250/ChangeLog Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ChangeLog Wed Aug 16 16:58:57 2006
+***************
+*** 1,6 ****
+--- 1,13 ----
+ $Id$
+ ===============================================================
+
++ 250.1 Paul B. Henson <henson@acm.org>
++
++ * add nss_getgrent_skipmembers parameter to ldap.conf,
++ if enabled will not request member attributes for
++ group lookups, greatly increasing performance in the
++ face of large groups
++
+ 250 Luke Howard <lukeh@padl.com>
+
+ * don't use static _nss_ldap_no_members buffer,
+diff -c -r nss_ldap-250/ldap-nss.c nss_ldap-250.1/ldap-nss.c
+*** nss_ldap-250/ldap-nss.c Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ldap-nss.c Wed Aug 16 16:51:49 2006
+***************
+*** 1258,1264 ****
+
+ cfg = __config;
+
+! _nss_ldap_init_attributes (cfg->ldc_attrtab);
+ _nss_ldap_init_filters ();
+
+ #ifdef HAVE_LDAP_SET_OPTION
+--- 1258,1264 ----
+
+ cfg = __config;
+
+! _nss_ldap_init_attributes (cfg->ldc_attrtab, cfg->ldc_getgrent_skipmembers);
+ _nss_ldap_init_filters ();
+
+ #ifdef HAVE_LDAP_SET_OPTION
+diff -c -r nss_ldap-250/ldap-nss.h nss_ldap-250.1/ldap-nss.h
+*** nss_ldap-250/ldap-nss.h Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ldap-nss.h Wed Aug 16 16:51:59 2006
+***************
+*** 390,395 ****
+--- 390,396 ----
+ time_t ldc_mtime;
+
+ char **ldc_initgroups_ignoreusers;
++ int ldc_getgrent_skipmembers;
+ };
+
+ typedef struct ldap_config ldap_config_t;
+diff -c -r nss_ldap-250/ldap-schema.c nss_ldap-250.1/ldap-schema.c
+*** nss_ldap-250/ldap-schema.c Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ldap-schema.c Wed Aug 16 16:54:52 2006
+***************
+*** 273,279 ****
+
+ static void init_pwd_attributes (const char ***pwd_attrs);
+ static void init_sp_attributes (const char ***sp_attrs);
+! static void init_grp_attributes (const char ***grp_attrs);
+ static void init_hosts_attributes (const char ***hosts_attrs);
+ static void init_services_attributes (const char ***services_attrs);
+ static void init_network_attributes (const char ***network_attrs);
+--- 273,279 ----
+
+ static void init_pwd_attributes (const char ***pwd_attrs);
+ static void init_sp_attributes (const char ***sp_attrs);
+! static void init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers);
+ static void init_hosts_attributes (const char ***hosts_attrs);
+ static void init_services_attributes (const char ***services_attrs);
+ static void init_network_attributes (const char ***network_attrs);
+***************
+*** 289,299 ****
+ * attribute table initialization routines
+ */
+ void
+! _nss_ldap_init_attributes (const char ***attrtab)
+ {
+ init_pwd_attributes (&attrtab[LM_PASSWD]);
+ init_sp_attributes (&attrtab[LM_SHADOW]);
+! init_grp_attributes (&attrtab[LM_GROUP]);
+ init_hosts_attributes (&attrtab[LM_HOSTS]);
+ init_services_attributes (&attrtab[LM_SERVICES]);
+ init_network_attributes (&attrtab[LM_NETWORKS]);
+--- 289,299 ----
+ * attribute table initialization routines
+ */
+ void
+! _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers)
+ {
+ init_pwd_attributes (&attrtab[LM_PASSWD]);
+ init_sp_attributes (&attrtab[LM_SHADOW]);
+! init_grp_attributes (&attrtab[LM_GROUP], ldc_getgrent_skipmembers);
+ init_hosts_attributes (&attrtab[LM_HOSTS]);
+ init_services_attributes (&attrtab[LM_SERVICES]);
+ init_network_attributes (&attrtab[LM_NETWORKS]);
+***************
+*** 357,363 ****
+ }
+
+ static void
+! init_grp_attributes (const char ***grp_attrs)
+ {
+ int i = 0;
+ static const char *__grp_attrs[ATTRTAB_SIZE + 1];
+--- 357,363 ----
+ }
+
+ static void
+! init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers)
+ {
+ int i = 0;
+ static const char *__grp_attrs[ATTRTAB_SIZE + 1];
+***************
+*** 366,374 ****
+
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
+! (*grp_attrs)[i++] = (char *) AT (memberUid);
+! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
+! (*grp_attrs)[i++] = (char *) AT (uniqueMember);
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
+ (*grp_attrs)[i] = NULL;
+ }
+--- 366,377 ----
+
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
+! if (!ldc_getgrent_skipmembers)
+! {
+! (*grp_attrs)[i++] = (char *) AT (memberUid);
+! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
+! (*grp_attrs)[i++] = (char *) AT (uniqueMember);
+! }
+ (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
+ (*grp_attrs)[i] = NULL;
+ }
+diff -c -r nss_ldap-250/ldap-schema.h nss_ldap-250.1/ldap-schema.h
+*** nss_ldap-250/ldap-schema.h Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/ldap-schema.h Wed Aug 16 16:54:07 2006
+***************
+*** 30,36 ****
+ * function to initialize global lookup filters.
+ */
+ void _nss_ldap_init_filters ();
+! void _nss_ldap_init_attributes (const char ***attrtab);
+
+ /**
+ * make filters formerly declared in ldap-*.h globally available.
+--- 30,36 ----
+ * function to initialize global lookup filters.
+ */
+ void _nss_ldap_init_filters ();
+! void _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers);
+
+ /**
+ * make filters formerly declared in ldap-*.h globally available.
+diff -c -r nss_ldap-250/nss_ldap.5 nss_ldap-250.1/nss_ldap.5
+*** nss_ldap-250/nss_ldap.5 Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/nss_ldap.5 Wed Aug 16 17:07:19 2006
+***************
+*** 445,450 ****
+--- 445,458 ----
+ to return NSS_STATUS_NOTFOUND if called with a listed users as
+ its argument.
+ .TP
++ .B nss_getgrent_skipmembers <yes|no>
++ Specifies whether or not to populate the members list in
++ the group structure for group lookups. If very large groups
++ are present, enabling this option will greatly increase
++ perforance, at the cost of some lost functionality. You should
++ verify no local applications rely on this information before
++ enabling this on a production system.
++ .TP
+ .B nss_srv_domain <domain>
+ This option determines the DNS domain used for performing SRV
+ lookups.
+diff -c -r nss_ldap-250/util.c nss_ldap-250.1/util.c
+*** nss_ldap-250/util.c Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/util.c Wed Aug 16 16:52:55 2006
+***************
+*** 660,665 ****
+--- 660,666 ----
+ result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME;
+ result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES;
+ result->ldc_initgroups_ignoreusers = NULL;
++ result->ldc_getgrent_skipmembers = 0;
+
+ for (i = 0; i <= LM_NONE; i++)
+ {
+***************
+*** 1137,1142 ****
+--- 1138,1156 ----
+ break;
+ }
+ }
++ else if (!strcasecmp (k, NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS))
++ {
++ if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
++ || !strcasecmp (v, "true"))
++ {
++ result->ldc_getgrent_skipmembers = 1;
++ }
++ else if (!strcasecmp (v, "off") || !strcasecmp (v, "no")
++ || !strcasecmp (v, "false"))
++ {
++ result->ldc_getgrent_skipmembers = 0;
++ }
++ }
+ else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY))
+ {
+ if (!strcasecmp (v, "oneshot"))
+diff -c -r nss_ldap-250/util.h nss_ldap-250.1/util.h
+*** nss_ldap-250/util.h Wed Apr 26 18:19:00 2006
+--- nss_ldap-250.1/util.h Wed Aug 16 16:49:52 2006
+***************
+*** 83,88 ****
+--- 83,89 ----
+ #define NSS_LDAP_KEY_PAGESIZE "pagesize"
+ #define NSS_LDAP_KEY_INITGROUPS "nss_initgroups"
+ #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers"
++ #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers"
+
+ /* more reconnect policy fine-tuning */
+ #define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries"
diff --git a/sys-auth/nss_ldap/files/nss_ldap-254-soname.patch b/sys-auth/nss_ldap/files/nss_ldap-254-soname.patch
new file mode 100644
index 000000000000..e832c2f0d218
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-254-soname.patch
@@ -0,0 +1,12 @@
+Set the soname which glibc expects us to have.
+--- nss_ldap-254/configure.in 2007-02-26 16:40:53.000000000 -0500
++++ nss_ldap-254/configure.in 2007-02-26 16:40:47.000000000 -0500
+@@ -92,7 +92,7 @@
+ nss_ldap_so_LDFLAGS="-b -dynamic -G `cat exports.hpux`"
+ CPPFLAGS="$CPPFLAGS -I. -DHPUX"
+ TARGET_OS=HPUX ;;
+-linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux" ;;
++linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux -Wl,-soname=libnss_ldap.so.2" ;;
+ *) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic" ;;
+ esac
+
diff --git a/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch
new file mode 100644
index 000000000000..d2f8efeec751
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch
@@ -0,0 +1,92 @@
+Gentoo-Bug: 155492
+Original-Author: Heath Caldwell <hncaldwell@csupomona.edu>
+Rediffed-by: Robin H. Johnson <robbat2@gentoo.org>
+
+--- nss_ldap-257.orig/ChangeLog 2007-09-18 15:02:59.997686000 -0700
++++ nss_ldap-257/ChangeLog 2007-09-18 15:04:07.925113592 -0700
+@@ -3,2 +3,7 @@
+
++257.1 Heath Caldwell <hncaldwell@csupomona.edu>
++
++ * add configurable maximum group depth with new
++ configuration file option called nss_max_group_depth
++
+ 257 Luke Howard <lukeh@padl.com>
+--- nss_ldap-257.orig/ldap-grp.c 2007-08-02 21:51:09.000000000 -0700
++++ nss_ldap-257/ldap-grp.c 2007-09-18 15:03:23.734619150 -0700
+@@ -308,7 +308,7 @@
+ uniquemember_attrs[0] = uniquemember_attr;
+ uniquemember_attrs[1] = NULL;
+
+- if (*depth > LDAP_NSS_MAXGR_DEPTH)
++ if (*depth > _nss_ldap_max_group_depth)
+ {
+ return NSS_NOTFOUND;
+ }
+@@ -844,7 +844,7 @@
+ const char *gidnumber_attrs[2];
+ int erange;
+
+- if (lia->depth > LDAP_NSS_MAXGR_DEPTH)
++ if (lia->depth > _nss_ldap_max_group_depth)
+ return NSS_NOTFOUND;
+
+ if (_nss_ldap_namelist_find (lia->known_groups, dn))
+@@ -890,7 +890,7 @@
+ size_t memberCount, i;
+ int erange;
+
+- if (lia->depth > LDAP_NSS_MAXGR_DEPTH)
++ if (lia->depth > _nss_ldap_max_group_depth)
+ return NSS_NOTFOUND;
+
+ for (memberCount = 0; membersOf[memberCount] != NULL; memberCount++)
+--- nss_ldap-257.orig/ldap-nss.h 2007-09-18 15:02:59.997686000 -0700
++++ nss_ldap-257/ldap-nss.h 2007-09-18 15:03:23.734619150 -0700
+@@ -105,7 +105,8 @@
+ #define LDAP_NSS_MAXNETGR_DEPTH 16 /* maximum depth of netgroup nesting for innetgr() */
+ #endif /* HAVE_NSSWITCH_H */
+
+-#define LDAP_NSS_MAXGR_DEPTH 16 /* maximum depth of group nesting for getgrent()/initgroups() */
++#define LDAP_NSS_MAXGR_DEPTH 16 /* default maximum depth of group nesting for getgrent()/initgroups() */
++extern int _nss_ldap_max_group_depth; /* global variable to hold maximum group depth */
+
+ #if LDAP_NSS_NGROUPS > 64
+ #define LDAP_NSS_BUFLEN_GROUP (NSS_BUFSIZ + (LDAP_NSS_NGROUPS * (sizeof (char *) + LOGNAME_MAX)))
+--- nss_ldap-257.orig/nss_ldap.5 2007-09-18 15:03:00.001020000 -0700
++++ nss_ldap-257/nss_ldap.5 2007-09-18 15:05:42.779508238 -0700
+@@ -453,6 +453,10 @@
+ verify no local applications rely on this information before
+ enabling this on a production system.
+ .TP
++.B nss_max_group_depth <value>
++Specifies the maximum depth to which nested groups are queried.
++A value of 0 effectively disables querying for nested groups.
++.TP
+ .B nss_srv_domain <domain>
+ This option determines the DNS domain used for performing SRV
+ lookups.
+--- nss_ldap-257.orig/util.c 2007-09-18 15:03:00.001020000 -0700
++++ nss_ldap-257/util.c 2007-09-18 15:04:35.032083555 -0700
+@@ -62,2 +62,5 @@
+
++/* Initialize global maximum group depth to default. */
++int _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH;
++
+ static NSS_STATUS do_getrdnvalue (const char *dn,
+@@ -805,2 +808,5 @@
+
++ /* Reset global maximum group depth to default. */
++ _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH;
++
+ while (fgets (b, sizeof (b), fp) != NULL)
+--- nss_ldap-257.orig/util.h 2007-09-18 15:03:00.001020000 -0700
++++ nss_ldap-257/util.h 2007-09-18 15:05:11.295822638 -0700
+@@ -84,6 +84,7 @@
+ #define NSS_LDAP_KEY_INITGROUPS "nss_initgroups"
+ #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers"
+ #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers"
++#define NSS_LDAP_KEY_MAX_GROUP_DEPTH "nss_max_group_depth"
+
+ /* more reconnect policy fine-tuning */
+ #define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries"
diff --git a/sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch b/sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch
new file mode 100644
index 000000000000..cec5517e741c
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch
@@ -0,0 +1,65 @@
+http://bugs.gentoo.org/show_bug.cgi?id=165638
+http://bugzilla.padl.com/show_bug.cgi?id=308
+
+Make nss_ldap compile with gssapi/gssapi.h even if there is no
+gssapi/gssapi_krb5.h present. This seems to be needed to compile against
+heimdal. Extended header checks and modified preprocessor logic a bit.
+
+2007-02-07 Martin von Gagern <Martin.vGagern@gmx.net>
+
+diff -ruN nss_ldap-257.2.orig/config.h.in nss_ldap-257.2/config.h.in
+--- nss_ldap-257.2.orig/config.h.in 2007-10-24 14:22:55.000000000 +0200
++++ nss_ldap-257.2/config.h.in 2007-10-24 14:25:15.000000000 +0200
+@@ -87,6 +87,9 @@
+ /* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+ #undef HAVE_GSSAPI_GSSAPI_KRB5_H
+
++/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
++#undef HAVE_GSSAPI_GSSAPI_H
++
+ /* Define to 1 if you have the <gssapi.h> header file. */
+ #undef HAVE_GSSAPI_H
+
+diff -ruN nss_ldap-257.2.orig/configure nss_ldap-257.2/configure
+--- nss_ldap-257.2.orig/configure 2007-10-24 14:22:55.000000000 +0200
++++ nss_ldap-257.2/configure 2007-10-24 14:25:49.000000000 +0200
+@@ -8409,7 +8409,7 @@
+
+
+
+-for ac_header in gssapi/gssapi_krb5.h gssapi.h
++for ac_header in gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h
+ do
+ as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ if eval "test \"\${$as_ac_Header+set}\" = set"; then
+diff -ruN nss_ldap-257.2.orig/configure.in nss_ldap-257.2/configure.in
+--- nss_ldap-257.2.orig/configure.in 2007-10-24 14:22:55.000000000 +0200
++++ nss_ldap-257.2/configure.in 2007-10-24 14:26:26.000000000 +0200
+@@ -182,7 +182,7 @@
+ AC_CHECK_HEADERS(strings.h)
+ AC_CHECK_HEADERS(gssldap.h)
+ AC_CHECK_HEADERS(gsssasl.h)
+-AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi.h)
++AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h)
+ AC_CHECK_HEADERS(krb5.h)
+
+ AC_CHECK_LIB(resolv, main)
+diff -ruN nss_ldap-257.2.orig/ldap-nss.c nss_ldap-257.2/ldap-nss.c
+--- nss_ldap-257.2.orig/ldap-nss.c 2007-10-24 14:22:55.000000000 +0200
++++ nss_ldap-257.2/ldap-nss.c 2007-10-24 14:27:32.000000000 +0200
+@@ -82,10 +82,14 @@
+ #endif
+ #ifdef HAVE_GSSAPI_H
+ #include <gssapi.h>
+-#elif defined(HAVE_GSSAPI_GSSAPI_KRB5_H)
++#else
++#ifdef HAVE_GSSAPI_GSSAPI_H
+ #include <gssapi/gssapi.h>
++#endif
++#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
+ #include <gssapi/gssapi_krb5.h>
+ #endif
++#endif
+ #ifdef CONFIGURE_KRB5_CCNAME
+ #include <krb5.h>
+ #endif
diff --git a/sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch b/sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch
new file mode 100644
index 000000000000..7671574da4da
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch
@@ -0,0 +1,109 @@
+Explicitly provide a way to disable Kerberos/SASL/SSL usage in nss_ldap, so
+that you can build non-kerberos versions on systems with Kerberos installed
+WITHOUT it linking due to presence.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar nss_ldap-264.orig/configure.in nss_ldap-264/configure.in
+--- nss_ldap-264.orig/configure.in 2009-07-28 10:35:27.599965878 -0700
++++ nss_ldap-264/configure.in 2009-07-28 10:36:00.620375469 -0700
+@@ -10,6 +10,21 @@
+ AC_PROG_INSTALL
+
+ dnl
++dnl Turn on/off SSL
++dnl
++AC_ARG_ENABLE(ssl, [ --enable-ssl enable SSL code ], [AC_DEFINE([WANT_SSL], [1], [Define if SSL is wanted])])
++
++dnl
++dnl Turn on/off Kerberos
++dnl
++AC_ARG_ENABLE(krb, [ --enable-krb enable Kerberos code ], [AC_DEFINE([WANT_KRB], [1], [Define if Kerberos is wanted])])
++
++dnl
++dnl Turn on/off SASL
++dnl
++AC_ARG_ENABLE(sasl, [ --enable-sasl enable Kerberos code ], [AC_DEFINE([WANT_SASL], [1], [Define if SASL is wanted])])
++
++dnl
+ dnl --enable-rfc2307bis is now deprecated; if this option is set,
+ dnl then RFC2307bis support will be enabled by default. However
+ dnl it can now always be enabled at runtime with the nss_schema
+@@ -178,12 +193,18 @@
+ AC_CHECK_HEADERS(sys/un.h)
+ AC_CHECK_HEADERS(libc-lock.h)
+ AC_CHECK_HEADERS(bits/libc-lock.h)
+-AC_CHECK_HEADERS(sasl.h sasl/sasl.h)
++if test "$enable_sasl" \!= "no"; then
++ AC_CHECK_HEADERS(sasl.h sasl/sasl.h)
++fi
+ AC_CHECK_HEADERS(strings.h)
+-AC_CHECK_HEADERS(gssldap.h)
+-AC_CHECK_HEADERS(gsssasl.h)
+-AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h)
+-AC_CHECK_HEADERS(krb5.h)
++if test "$enable_krb" \!= "no"; then
++ AC_CHECK_HEADERS(gssldap.h)
++ if test "$enable_sasl" \!= "no"; then
++ AC_CHECK_HEADERS(gsssasl.h)
++ fi
++ AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h)
++ AC_CHECK_HEADERS(krb5.h)
++fi
+
+ AC_CHECK_LIB(resolv, main)
+ AC_CHECK_LIB(nsl, main)
+@@ -286,19 +307,25 @@
+ AC_CHECK_LIB(dl, dlopen,[LIBS="-ldl $LIBS"],,$LIBS)
+ dnl AC_CHECK_LIB(db, main,[LIBS="-ldb $LIBS"],,$LIBS)
+
+-AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,[LIBS="-lgssapi $LIBS" found_gssapi_lib=yes],,$LIBS)
+-if test -z "$found_gssapi_lib"; then
+- AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,[LIBS="-lgssapi_krb5 $LIBS"],,$LIBS)
++if test "$enable_krb" \!= "no"; then
++ AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,[LIBS="-lgssapi $LIBS" found_gssapi_lib=yes],,$LIBS)
++ if test -z "$found_gssapi_lib"; then
++ AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,[LIBS="-lgssapi_krb5 $LIBS"],,$LIBS)
++ fi
+ fi
+
+ dnl Following checks probably not strictly necessary.
+ dnl AC_CHECK_LIB(crypto, main,[LIBS="-lcrypto $LIBS"],,$LIBS)
+ dnl AC_CHECK_LIB(ssl, main,[LIBS="-lssl $LIBS"],,$LIBS)
+ AC_CHECK_LIB(com_err, main,[LIBS="-lcom_err $LIBS"],,$LIBS)
+-dnl AC_CHECK_LIB(k5crypto, main,[LIBS="-lk5crypto $LIBS"],,$LIBS)
+-AC_CHECK_LIB(krb5, main,[LIBS="-lkrb5 $LIBS"],,$LIBS)
+-dnl AC_CHECK_LIB(krb4, main,[LIBS="-lkrb4 $LIBS"],,$LIBS)
+-AC_CHECK_LIB(sasl2, sasl_client_init)
++if test "$enable_krb" \!= "no"; then
++ dnl AC_CHECK_LIB(k5crypto, main,[LIBS="-lk5crypto $LIBS"],,$LIBS)
++ AC_CHECK_LIB(krb5, main,[LIBS="-lkrb5 $LIBS"],,$LIBS)
++ dnl AC_CHECK_LIB(krb4, main,[LIBS="-lkrb4 $LIBS"],,$LIBS)
++fi
++if test "$enable_sasl" \!= "no"; then
++ AC_CHECK_LIB(sasl2, sasl_client_init)
++fi
+
+ if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then
+ AC_CHECK_LIB(lber, main)
+@@ -331,13 +358,17 @@
+ AC_CHECK_LIB(pthread, main)
+ fi
+
+-AC_CHECK_LIB(gssldap, ldap_gss_bind,[LIBS="-lgssldap $LIBS"],,$LIBS)
++if test "$enable_krb" \!= "no"; then
++ AC_CHECK_LIB(gssldap, ldap_gss_bind,[LIBS="-lgssldap $LIBS"],,$LIBS)
++fi
+
+-AC_CHECK_FUNCS(sasl_auxprop_request)
+ AC_CHECK_FUNCS(ldap_init ldap_get_lderrno ldap_parse_result ldap_memfree ldap_controls_free)
+ AC_CHECK_FUNCS(ldap_ld_free ldap_explode_rdn ldap_set_option ldap_get_option)
+-AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s ldap_initialize ldap_search_ext)
++AC_CHECK_FUNCS(ldap_initialize ldap_search_ext)
+ AC_CHECK_FUNCS(ldap_create_control ldap_create_page_control ldap_parse_page_control)
++if test "$enable_sasl" \!= "no"; then
++ AC_CHECK_FUNCS(sasl_auxprop_request ldap_sasl_interactive_bind_s)
++fi
+ if test "$enable_ssl" \!= "no"; then
+ AC_CHECK_FUNCS(ldapssl_client_init ldap_start_tls_s ldap_pvt_tls_set_option ldap_start_tls)
+ fi
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch b/sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch
new file mode 100644
index 000000000000..1ae1171f88e5
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch
@@ -0,0 +1,432 @@
+--- Makefile.am.orig 2009-11-06 05:28:08.000000000 -0500
++++ Makefile.am 2010-01-12 23:24:17.000000000 -0500
+@@ -9,8 +9,12 @@
+ if AIX
+ INST_GID=system
+ else
++if FreeBSD
++INST_GID=wheel
++else
+ INST_GID=root
+ endif
++endif
+
+ EXTRA_DIST = CVSVersionInfo.txt ChangeLog \
+ AUTHORS ANNOUNCE NEWS INSTALL README LICENSE.OpenLDAP COPYING\
+@@ -23,7 +27,7 @@
+ ldap-alias.c ldap-service.c ldap-schema.c ldap-ethers.c \
+ ldap-bp.c ldap-automount.c util.c ltf.c snprintf.c resolve.c \
+ dnsconfig.c irs-nss.c pagectrl.c ldap-sldap.c ldap-init-krb5-cache.c \
+- vers.c
++ vers.c bsdnss.c
+
+ nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@
+
+@@ -103,11 +107,10 @@
+ $(mkinstalldirs) $(DESTDIR)$(dir $(NSS_LDAP_PATH_CONF)); \
+ $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/ldap.conf $(DESTDIR)$(NSS_LDAP_PATH_CONF); \
+ fi
+- $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/nsswitch.ldap $(DESTDIR)$(sysconfdir)/nsswitch.ldap;
+
+ uninstall-local:
+ @$(NORMAL_UNINSTALL)
+
+ vers.c: $(top_srcdir)/CVSVersionInfo.txt
+- CVSVERSIONDIR=$(top_srcdir) ./vers_string -v
++ $(top_srcdir)/vers_string -v
+
+
+--- configure.in.orig 2007-10-29 06:30:12.000000000 -0700
++++ configure.in 2008-09-26 20:38:20.000000000 -0700
+@@ -97,11 +97,15 @@
+ linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux" ;;
+ *) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic" ;;
+ esac
++case "$target_os" in
++freebsd*) TARGET_OS=FreeBSD ;;
++esac
+
+ AM_CONDITIONAL(GCC, test "$GCC" = "yes")
+ AM_CONDITIONAL(GLIBC, test "$target_os" = "linux" -o "$target_os" = "linux-gnu")
+ AM_CONDITIONAL(AIX, test "$TARGET_OS" = AIX)
+ AM_CONDITIONAL(HPUX, test "$TARGET_OS" = HPUX)
++AM_CONDITIONAL(FreeBSD, test "$TARGET_OS" = FreeBSD)
+
+ AM_CONDITIONAL(USE_NATIVE_LINKER, test -n "$nss_ldap_so_LD")
+
+@@ -153,7 +157,6 @@
+ aix*) AC_CHECK_HEADERS(irs.h usersec.h) ;;
+ hpux*) AC_CHECK_HEADERS(nsswitch.h) ;;
+ *) AC_CHECK_HEADERS(nss.h)
+- AC_CHECK_HEADERS(nsswitch.h)
+ AC_CHECK_HEADERS(irs.h) ;;
+ esac
+ AC_CHECK_HEADERS(thread.h)
+@@ -232,7 +235,6 @@
+ AC_CHECK_FUNCS(gethostbyname)
+ AC_CHECK_FUNCS(nsdispatch)
+ AC_CHECK_LIB(pthread_nonshared, main)
+-AC_CHECK_FUNCS(pthread_atfork)
+ AC_CHECK_FUNCS(pthread_once)
+ AC_CHECK_FUNCS(ether_aton)
+ AC_CHECK_FUNCS(ether_ntoa)
+
+--- ldap-ethers.c.orig 2009-11-06 10:28:08.000000000 +0000
++++ ldap-ethers.c 2009-12-23 17:01:14.000000000 +0000
+@@ -217,9 +217,9 @@
+ }
+
+ snprintf(fullmac, sizeof(fullmac), "%02x:%02x:%02x:%02x:%02x:%02x",
+- addr->ether_addr_octet[0], addr->ether_addr_octet[1],
+- addr->ether_addr_octet[2], addr->ether_addr_octet[3],
+- addr->ether_addr_octet[4], addr->ether_addr_octet[5]);
++ addr->octet[0], addr->octet[1],
++ addr->octet[2], addr->octet[3],
++ addr->octet[4], addr->octet[5]);
+
+ LA_INIT(a);
+ LA_STRING(a) = ether_ntoa(addr);
+@@ -343,14 +343,14 @@
+ if (i != 6)
+ return NULL;
+ for (i = 0; i < 6; i++)
+- ep.ether_addr_octet[i] = t[i];
++ ep.octet[i] = t[i];
+
+ return &ep;
+ }
+ #endif /* !HAVE_ETHER_ATON */
+
+ #ifndef HAVE_ETHER_NTOA
+-#define EI(i) (unsigned int)(e->ether_addr_octet[(i)])
++#define EI(i) (unsigned int)(e->octet[(i)])
+ static char *ether_ntoa (const struct ether_addr *e)
+ {
+ static char s[18];
+
+--- ldap-ethers.h.orig 2009-11-06 10:28:08.000000000 +0000
++++ ldap-ethers.h 2009-12-23 17:02:06.000000000 +0000
+@@ -32,7 +32,7 @@
+
+ #ifndef HAVE_STRUCT_ETHER_ADDR
+ struct ether_addr {
+- u_char ether_addr_octet[6];
++ u_char octet[6];
+ };
+ #endif
+
+--- ldap-nss.c.orig Sat May 27 16:23:40 2006
++++ ldap-nss.c Sat May 27 16:23:52 2006
+@@ -69,7 +69,7 @@
+ #endif
+
+ /* Try to handle systems with both SASL libraries installed */
+-#if defined(HAVE_SASL_SASL_H) && defined(HAVE_SASL_AUXPROP_REQUEST)
++#if defined(HAVE_SASL_SASL_H)
+ #include <sasl/sasl.h>
+ #elif defined(HAVE_SASL_H)
+ #include <sasl.h>
+
+--- ldap-pwd.c.orig 2008-10-30 21:50:15.000000000 +0100
++++ ldap-pwd.c 2008-12-06 00:37:30.216966282 +0100
+@@ -21,7 +21,10 @@
+ static char rcsId[] =
+ "$Id$";
+
++#include <sys/types.h>
++#include <unistd.h>
+ #include "config.h"
++
+
+ #ifdef HAVE_PORT_BEFORE_H
+ #include <port_before.h>
+@@ -90,9 +93,13 @@
+ size_t tmplen;
+ char *tmp;
+
+- if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS)
+- {
++/* if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS)
++ * {
++ */
+ /* don't include password for shadowAccount */
++ if (geteuid() != 0)
++ {
++ /* don't include password for non-root users */
+ if (buflen < 3)
+ return NSS_TRYAGAIN;
+
+@@ -163,6 +170,15 @@
+ }
++
++#ifdef HAVE_LOGIN_CLASSES
++ stat =
++ _nss_ldap_assign_attrval (e, AT (loginClass), &pw->pw_class, &buffer,
++ &buflen);
++ if (stat != NSS_SUCCESS)
++ (void) _nss_ldap_assign_emptystring (&pw->pw_class, &buffer, &buflen);
++#endif
++
+
+ stat =
+ _nss_ldap_assign_attrval (e, AT (homeDirectory), &pw->pw_dir, &buffer,
+ &buflen);
+ if (stat != NSS_SUCCESS)
+
+--- ldap-schema.c 2009-08-29 09:21:43.000000000 -0400
++++ ldap-schema.c 2009-08-28 12:09:52.000000000 -0400
+@@ -334,6 +334,9 @@
+ #ifdef HAVE_PASSWD_PW_EXPIRE
+ (*pwd_attrs)[i++] = AT (shadowExpire);
+ #endif /* HAVE_PASSWD_PW_EXPIRE */
++#ifdef HAVE_LOGIN_CLASSES
++ (*pwd_attrs)[i++] = AT (loginClass);
++#endif
+ (*pwd_attrs)[i] = NULL;
+ }
+
+--- ldap-schema.h 2009-08-29 09:21:43.000000000 -0400
++++ ldap-schema.h 2009-08-29 06:37:18.000000000 -0400
+@@ -24,7 +24,7 @@
+ #define _LDAP_NSS_LDAP_LDAP_SCHEMA_H
+
+ /* max number of attributes per object class */
+-#define ATTRTAB_SIZE 15
++#define ATTRTAB_SIZE 16
+
+ /**
+ * function to initialize global lookup filters.
+@@ -153,6 +153,10 @@
+ #define AT_gecos "gecos"
+ #define AT_homeDirectory "homeDirectory"
+
++#ifdef HAVE_LOGIN_CLASSES
++/* FreeBSD extension -Jacob Myers <jacob@whotokspaz.org> */
++#define AT_loginClass "loginClass"
++#endif
+ /*
+ * ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+ * DESC 'Additional attributes for shadow passwords'
+
+--- /dev/null 2013-04-13 01:27:01.290932001 +0200
++++ bsdnss.c 2013-04-14 03:17:47.794195349 +0200
+@@ -0,0 +1,219 @@
++#include <errno.h>
++#include <stdlib.h>
++#include <sys/param.h>
++#include <netinet/in.h>
++#include <pwd.h>
++#include <grp.h>
++#include <nss.h>
++#include <nsswitch.h>
++#include <netdb.h>
++
++extern enum nss_status _nss_ldap_getgrent_r(struct group *, char *, size_t,
++ int *);
++extern enum nss_status _nss_ldap_getgrnam_r(const char *, struct group *,
++ char *, size_t, int *);
++extern enum nss_status _nss_ldap_getgrgid_r(gid_t gid, struct group *, char *,
++ size_t, int *);
++extern enum nss_status _nss_ldap_setgrent(void);
++extern enum nss_status _nss_ldap_endgrent(void);
++extern enum nss_status _nss_ldap_initgroups_dyn(const char *, gid_t, long int *,
++ long int *, gid_t **, long int, int *);
++
++extern enum nss_status _nss_ldap_getpwent_r(struct passwd *, char *, size_t,
++ int *);
++extern enum nss_status _nss_ldap_getpwnam_r(const char *, struct passwd *,
++ char *, size_t, int *);
++extern enum nss_status _nss_ldap_getpwuid_r(gid_t gid, struct passwd *, char *,
++ size_t, int *);
++extern enum nss_status _nss_ldap_setpwent(void);
++extern enum nss_status _nss_ldap_endpwent(void);
++
++extern enum nss_status _nss_ldap_gethostbyname_r (const char *name, struct hostent * result,
++ char *buffer, size_t buflen, int *errnop,
++ int *h_errnop);
++
++extern enum nss_status _nss_ldap_gethostbyname2_r (const char *name, int af, struct hostent * result,
++ char *buffer, size_t buflen, int *errnop,
++ int *h_errnop);
++extern enum nss_status _nss_ldap_gethostbyaddr_r (struct in_addr * addr, int len, int type,
++ struct hostent * result, char *buffer,
++ size_t buflen, int *errnop, int *h_errnop);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
++static NSS_METHOD_PROTOTYPE(__freebsd_getgroupmembership);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
++
++static ns_mtab methods[] = {
++{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent },
++{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent },
++{ NSDB_GROUP, "getgroupmembership", __freebsd_getgroupmembership, NULL },
++
++{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent },
++{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent },
++
++{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r },
++{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r },
++{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r },
++
++{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent },
++{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent },
++
++{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent },
++{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent },
++
++};
++
++
++ns_mtab *
++nss_module_register(const char *source, unsigned int *mtabsize,
++ nss_module_unregister_fn *unreg)
++{
++ *mtabsize = sizeof(methods)/sizeof(methods[0]);
++ *unreg = NULL;
++ return (methods);
++}
++
++int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
++{
++ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++ const char *name;
++ struct hostent *result;
++ char buffer[1024];
++ size_t buflen = 1024;
++ int errnop;
++ int h_errnop;
++ int af;
++ enum nss_status status;
++ fn = mdata;
++ name = va_arg(ap, const char*);
++ af = va_arg(ap,int);
++ result = va_arg(ap,struct hostent *);
++ status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
++ status = __nss_compat_result(status,errnop);
++ h_errno = h_errnop;
++ return (status);
++}
++
++int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
++{
++ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++ const char *name;
++ struct hostent *result;
++ char buffer[1024];
++ size_t buflen = 1024;
++ int errnop;
++ int h_errnop;
++ int af;
++ enum nss_status status;
++ fn = mdata;
++ name = va_arg(ap, const char*);
++ af = va_arg(ap,int);
++ result = va_arg(ap,struct hostent *);
++ status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
++ status = __nss_compat_result(status,errnop);
++ h_errno = h_errnop;
++ return (status);
++}
++
++int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
++{
++ struct in_addr *addr;
++ int len;
++ int type;
++ struct hostent *result;
++ char buffer[1024];
++ size_t buflen = 1024;
++ int errnop;
++ int h_errnop;
++ enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
++ enum nss_status status;
++ fn = mdata;
++ addr = va_arg(ap, struct in_addr*);
++ len = va_arg(ap,int);
++ type = va_arg(ap,int);
++ result = va_arg(ap, struct hostent*);
++ status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop);
++ status = __nss_compat_result(status,errnop);
++ h_errno = h_errnop;
++ return (status);
++}
++
++static int
++__gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *groupc)
++{
++ int ret, dupc;
++
++ /* skip duplicates */
++ for (dupc = 0; dupc < MIN(maxgrp, *groupc); dupc++) {
++ if (groups[dupc] == gid)
++ return 1;
++ }
++
++ ret = 1;
++ if (*groupc < maxgrp) /* add this gid */
++ groups[*groupc] = gid;
++ else
++ ret = 0;
++ (*groupc)++;
++ return ret;
++}
++
++static int __freebsd_getgroupmembership(void *retval, void *mdata, va_list ap)
++{
++ int err;
++ enum nss_status s;
++ const char *user = va_arg(ap, const char *);
++ gid_t group = va_arg(ap, gid_t);
++ gid_t *groups = va_arg(ap, gid_t *);
++ int limit = va_arg(ap, int);
++ int *size = va_arg(ap, int*);
++ gid_t *tmpgroups;
++ long int lstart, lsize;
++ int i;
++
++ tmpgroups = malloc(limit * sizeof(gid_t));
++ if (tmpgroups == NULL)
++ return NS_TRYAGAIN;
++
++ /* insert primary membership */
++ __gr_addgid(group, groups, limit, size);
++
++ lstart = 0;
++ lsize = limit;
++ s = _nss_ldap_initgroups_dyn(user, group, &lstart, &lsize,
++ &tmpgroups, 0, &err);
++ if (s == NSS_STATUS_SUCCESS) {
++ for (i = 0; i < lstart; i++)
++ __gr_addgid(tmpgroups[i], groups, limit, size);
++ s = NSS_STATUS_NOTFOUND;
++ }
++
++ free(tmpgroups);
++
++ return __nss_compat_result(s, err);
++}
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch b/sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch
new file mode 100644
index 000000000000..daf507ad594a
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch
@@ -0,0 +1,35 @@
+Index: nss_ldap-265/Makefile.am
+===================================================================
+--- nss_ldap-265.orig/Makefile.am
++++ nss_ldap-265/Makefile.am
+@@ -38,17 +38,13 @@ NSS_LDAP_LDFLAGS = @NSS_LDAP_LDFLAGS@
+ DEFS = @DEFS@
+ #INCLUDES = -I$(top_builddir) -I$(srcdir)
+
+-if GCC
+-MULTI_OS_DIRECTORY=$(shell $(CC) $(CFLAGS) -print-multi-os-directory)
+-else
+ MULTI_OS_DIRECTORY=.
+-endif
+
+ if GLIBC
+-LIBC_VERS = $(shell ls /lib/$(MULTI_OS_DIRECTORY)/libc-*.so | tail -n 1 | sed -e 's|.*libc-\(.*\)\.so|\1|')
++LIBC_VERS = $(shell ls @GENTOO_PORTAGE_EPREFIX@/lib/$(MULTI_OS_DIRECTORY)/libc-*.so | tail -n 1 | sed -e 's|.*libc-\(.*\)\.so|\1|')
+ NSS_LDAP_LIBC_VERSIONED = libnss_ldap-$(LIBC_VERS).so
+
+-NSS_VERS = $(shell ls /lib/$(MULTI_OS_DIRECTORY)/libnss_files.so.? | tail -n 1 | sed -e 's|.*libnss_files\.so\.\(.*\)|\1|')
++NSS_VERS = $(shell ls @GENTOO_PORTAGE_EPREFIX@/lib/$(MULTI_OS_DIRECTORY)/libnss_files.so.? | tail -n 1 | sed -e 's|.*libnss_files\.so\.\(.*\)|\1|')
+ NSS_LDAP_NSS_VERSIONED = libnss_ldap.so.$(NSS_VERS)
+ endif
+
+@@ -83,8 +79,8 @@ if GLIBC
+ $(mkinstalldirs) $(DESTDIR)$(libdir)
+ $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/$(NSS_LDAP_LIBC_VERSIONED)
+ (cd $(DESTDIR)$(libdir); ln -sf $(NSS_LDAP_LIBC_VERSIONED) $(NSS_LDAP_NSS_VERSIONED))
+- $(mkinstalldirs) $(DESTDIR)/usr$(libdir)
+- (cd $(DESTDIR)/usr$(libdir); ln -sf ../..$(libdir)/$(NSS_LDAP_NSS_VERSIONED) .)
++ $(mkinstalldirs) $(DESTDIR)$(libdir:/lib=/usr/lib)
++ (cd $(DESTDIR)/$(libdir:/lib=/usr/lib); ln -sf ../../lib/$(NSS_LDAP_NSS_VERSIONED) .)
+ else
+ $(mkinstalldirs) $(DESTDIR)$(libdir)
+ if HPUX
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch b/sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch
new file mode 100644
index 000000000000..6730dc986dd1
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch
@@ -0,0 +1,101 @@
+Distinguish between contexts that are somewhat persistent and one-offs
+which are used to fulfill part of a larger request.
+
+diff -up nss_ldap-253/ldap-grp.c nss_ldap-253/ldap-grp.c
+--- nss_ldap-253/ldap-grp.c 2009-05-08 13:30:43.000000000 -0400
++++ nss_ldap-253/ldap-grp.c 2009-05-08 13:34:41.000000000 -0400
+@@ -857,7 +857,7 @@ ng_chase (const char *dn, ldap_initgroup
+ LA_STRING (a) = dn;
+ LA_TYPE (a) = LA_TYPE_STRING;
+
+- if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
++ if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
+ {
+ return NSS_UNAVAIL;
+ }
+@@ -930,7 +930,7 @@ ng_chase_backlink (const char ** members
+ LA_STRING_LIST (a) = filteredMembersOf;
+ LA_TYPE (a) = LA_TYPE_STRING_LIST_OR;
+
+- if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
++ if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
+ {
+ free (filteredMembersOf);
+ return NSS_UNAVAIL;
+diff -up nss_ldap-253/ldap-netgrp.c nss_ldap-253/ldap-netgrp.c
+--- nss_ldap-253/ldap-netgrp.c 2009-05-08 13:31:35.000000000 -0400
++++ nss_ldap-253/ldap-netgrp.c 2009-05-08 13:33:14.000000000 -0400
+@@ -691,7 +691,7 @@ do_innetgr_nested (ldap_innetgr_args_t *
+ LA_TYPE (a) = LA_TYPE_STRING;
+ LA_STRING (a) = nested; /* memberNisNetgroup */
+
+- if (_nss_ldap_ent_context_init_locked (&ctx) == NULL)
++ if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL)
+ {
+ debug ("<== do_innetgr_nested: failed to initialize context");
+ return NSS_UNAVAIL;
+diff -up nss_ldap-253/ldap-nss.c nss_ldap-253/ldap-nss.c
+--- nss_ldap-253/ldap-nss.c 2009-05-08 13:27:17.000000000 -0400
++++ nss_ldap-253/ldap-nss.c 2009-05-08 14:05:51.000000000 -0400
+@@ -1961,6 +1961,7 @@ _nss_ldap_ent_context_init_locked (ent_c
+ debug ("<== _nss_ldap_ent_context_init_locked");
+ return NULL;
+ }
++ ctx->ec_internal = 0;
+ *pctx = ctx;
+ }
+ else
+@@ -1990,6 +1991,15 @@ _nss_ldap_ent_context_init_locked (ent_c
+
+ return ctx;
+ }
++ent_context_t *
++_nss_ldap_ent_context_init_internal_locked (ent_context_t ** pctx)
++{
++ ent_context_t *ctx;
++ ctx = _nss_ldap_ent_context_init_locked (pctx);
++ if (ctx != NULL)
++ ctx->ec_internal = 1;
++ return ctx;
++}
+
+ /*
+ * Clears a given context; we require the caller
+@@ -2031,7 +2041,8 @@ _nss_ldap_ent_context_release (ent_conte
+
+ LS_INIT (ctx->ec_state);
+
+- if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT))
++ if (!ctx->ec_internal &&
++ _nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT))
+ {
+ do_close ();
+ }
+diff -up nss_ldap-253/ldap-nss.h nss_ldap-253/ldap-nss.h
+--- nss_ldap-253/ldap-nss.h 2009-05-08 13:35:47.000000000 -0400
++++ nss_ldap-253/ldap-nss.h 2009-05-08 13:52:25.000000000 -0400
+@@ -560,6 +560,8 @@ struct ent_context
+ ldap_state_t ec_state; /* eg. for services */
+ int ec_msgid; /* message ID */
+ LDAPMessage *ec_res; /* result chain */
++ int ec_internal; /* this context is just a part of a larger
++ * query for information */
+ ldap_service_search_descriptor_t *ec_sd; /* current sd */
+ struct berval *ec_cookie; /* cookie for paged searches */
+ };
+@@ -744,6 +746,15 @@ ent_context_t *_nss_ldap_ent_context_ini
+ ent_context_t *_nss_ldap_ent_context_init_locked (ent_context_t **);
+
+ /*
++ * _nss_ldap_ent_context_init_internal_locked() has the same
++ * behaviour, except it marks the context as one that's being
++ * used to fetch additional data used in answering a request, i.e.
++ * that this isn't the "main" context
++ */
++
++ent_context_t *_nss_ldap_ent_context_init_internal_locked (ent_context_t **);
++
++/*
+ * _nss_ldap_ent_context_release() is used to manually free a context
+ */
+ void _nss_ldap_ent_context_release (ent_context_t *);
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch b/sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch
new file mode 100644
index 000000000000..622ee5845e44
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch
@@ -0,0 +1,481 @@
+Index: ldap-nss.c
+===================================================================
+--- ldap-nss.c.orig
++++ ldap-nss.c
+@@ -142,7 +142,7 @@ static void (*__sigpipe_handler) (int) =
+ */
+ static ldap_session_t __session = { NULL, NULL, 0, LS_UNINITIALIZED };
+
+-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE)
+ static pthread_once_t __once = PTHREAD_ONCE_INIT;
+ #endif
+
+@@ -150,7 +150,7 @@ static pthread_once_t __once = PTHREAD_O
+ static FILE *__debugfile;
+ #endif /* LBER_OPT_LOG_PRINT_FILE */
+
+-#ifndef HAVE_PTHREAD_ATFORK
++#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE)
+ /*
+ * Process ID that opened the session.
+ */
+@@ -162,7 +162,7 @@ static uid_t __euid = -1;
+ static int __ssl_initialized = 0;
+ #endif /* HAVE_LDAPSSL_CLIENT_INIT */
+
+-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE)
+ /*
+ * Prepare for fork(); lock mutex.
+ */
+@@ -513,7 +513,7 @@ _nss_ldap_default_constr (nss_ldap_backe
+ }
+ #endif /* HAVE_NSSWITCH_H */
+
+-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE)
+ static void
+ do_atfork_prepare (void)
+ {
+@@ -547,7 +547,7 @@ do_atfork_setup (void)
+ #ifdef HAVE_PTHREAD_ATFORK
+ (void) pthread_atfork (do_atfork_prepare, do_atfork_parent,
+ do_atfork_child);
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_ATFORK)
+ (void) __libc_atfork (do_atfork_prepare, do_atfork_parent, do_atfork_child);
+ #endif
+
+@@ -1096,7 +1096,7 @@ static NSS_STATUS
+ do_init (void)
+ {
+ ldap_config_t *cfg;
+-#ifndef HAVE_PTHREAD_ATFORK
++#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE)
+ pid_t pid;
+ #endif
+ uid_t euid;
+@@ -1113,7 +1113,7 @@ do_init (void)
+ }
+
+ #ifndef HAVE_PTHREAD_ATFORK
+-#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE___LIBC_ONCE)
+ /*
+ * This bogosity is necessary because Linux uses different
+ * PIDs for different threads (like IRIX, which we don't
+@@ -1145,7 +1145,7 @@ do_init (void)
+ pid = -1; /* linked against libpthreads, don't care */
+ #else
+ pid = getpid ();
+-#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */
++#endif /* HAVE___LIBC_ONCE */
+ #endif /* HAVE_PTHREAD_ATFORK */
+
+ euid = geteuid ();
+@@ -1155,7 +1155,7 @@ do_init (void)
+ syslog (LOG_DEBUG,
+ "nss_ldap: __session.ls_state=%d, __session.ls_conn=%p, __euid=%i, euid=%i",
+ __session.ls_state, __session.ls_conn, __euid, euid);
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_ONCE)
+ syslog (LOG_DEBUG,
+ "nss_ldap: libpthreads=%s, __session.ls_state=%d, __session.ls_conn=%p, __pid=%i, pid=%i, __euid=%i, euid=%i",
+ ((__pthread_once == NULL || __pthread_atfork == NULL) ? "FALSE" : "TRUE"),
+@@ -1179,11 +1179,11 @@ do_init (void)
+ }
+ else
+ #ifndef HAVE_PTHREAD_ATFORK
+-#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#if defined(HAVE___LIBC_ONCE)
+ if ((__pthread_once == NULL || __pthread_atfork == NULL) && __pid != pid)
+ #else
+ if (__pid != pid)
+-#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */
++#endif /* HAVE___LIBC_ONCE */
+ {
+ do_close_no_unbind ();
+ }
+@@ -1244,9 +1244,9 @@ do_init (void)
+ debug ("<== do_init (pthread_once failed)");
+ return NSS_UNAVAIL;
+ }
+-#elif defined(HAVE_PTHREAD_ATFORK) && ( defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) )
++#elif defined(HAVE_PTHREAD_ATFORK) && defined(HAVE___LIBC_ONCE)
+ __libc_once (__once, do_atfork_setup);
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_ONCE)
+ /*
+ * Only install the pthread_atfork() handlers i
+ * we are linked against libpthreads. Otherwise,
+Index: ldap-nss.h
+===================================================================
+--- ldap-nss.h.orig
++++ ldap-nss.h
+@@ -670,7 +670,7 @@ extern int __multi_threaded;
+ #define NSS_LDAP_LOCK(m) mutex_lock(&m)
+ #define NSS_LDAP_UNLOCK(m) mutex_unlock(&m)
+ #define NSS_LDAP_DEFINE_LOCK(m) static mutex_t m = DEFAULTMUTEX
+-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
++#elif defined(HAVE___LIBC_LOCK_LOCK) && defined(HAVE___LIBC_LOCK_UNLOCK)
+ #define NSS_LDAP_LOCK(m) __libc_lock_lock(m)
+ #define NSS_LDAP_UNLOCK(m) __libc_lock_unlock(m)
+ #define NSS_LDAP_DEFINE_LOCK(m) static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER
+Index: configure.in
+===================================================================
+--- configure.in.orig
++++ configure.in
+@@ -1,6 +1,7 @@
+ AC_INIT(ldap-nss.c)
+ AC_CANONICAL_SYSTEM
+ AC_PREFIX_DEFAULT()
++AC_CONFIG_MACRO_DIR([m4])
+
+ AM_INIT_AUTOMAKE(nss_ldap, 265)
+ AM_CONFIG_HEADER(config.h)
+@@ -229,11 +230,18 @@ fi
+ AC_CHECK_FUNCS(snprintf)
+ AC_CHECK_FUNCS(gethostbyname)
+ AC_CHECK_FUNCS(nsdispatch)
++AC_CHECK_FUNCS(ether_aton)
++AC_CHECK_FUNCS(ether_ntoa)
++
++AX_PTHREAD
++LIBS="$PTHREAD_LIBS $LIBS"
++CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++CC="$PTHREAD_CC"
++
+ AC_CHECK_LIB(pthread_nonshared, main)
+ AC_CHECK_FUNCS(pthread_atfork)
+ AC_CHECK_FUNCS(pthread_once)
+-AC_CHECK_FUNCS(ether_aton)
+-AC_CHECK_FUNCS(ether_ntoa)
++AC_CHECK_FUNCS(__libc_once __libc_atfork __libc_lock_lock __libc_lock_unlock)
+
+ AC_MSG_CHECKING(for struct ether_addr)
+ AC_TRY_COMPILE([#include <sys/types.h>
+Index: m4/ax_pthread.m4
+===================================================================
+--- /dev/null
++++ m4/ax_pthread.m4
+@@ -0,0 +1,309 @@
++# ===========================================================================
++# http://www.gnu.org/software/autoconf-archive/ax_pthread.html
++# ===========================================================================
++#
++# SYNOPSIS
++#
++# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]])
++#
++# DESCRIPTION
++#
++# This macro figures out how to build C programs using POSIX threads. It
++# sets the PTHREAD_LIBS output variable to the threads library and linker
++# flags, and the PTHREAD_CFLAGS output variable to any special C compiler
++# flags that are needed. (The user can also force certain compiler
++# flags/libs to be tested by setting these environment variables.)
++#
++# Also sets PTHREAD_CC to any special C compiler that is needed for
++# multi-threaded programs (defaults to the value of CC otherwise). (This
++# is necessary on AIX to use the special cc_r compiler alias.)
++#
++# NOTE: You are assumed to not only compile your program with these flags,
++# but also link it with them as well. e.g. you should link with
++# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS
++#
++# If you are only building threads programs, you may wish to use these
++# variables in your default LIBS, CFLAGS, and CC:
++#
++# LIBS="$PTHREAD_LIBS $LIBS"
++# CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++# CC="$PTHREAD_CC"
++#
++# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant
++# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name
++# (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
++#
++# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the
++# PTHREAD_PRIO_INHERIT symbol is defined when compiling with
++# PTHREAD_CFLAGS.
++#
++# ACTION-IF-FOUND is a list of shell commands to run if a threads library
++# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it
++# is not found. If ACTION-IF-FOUND is not specified, the default action
++# will define HAVE_PTHREAD.
++#
++# Please let the authors know if this macro fails on any platform, or if
++# you have any other suggestions or comments. This macro was based on work
++# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help
++# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by
++# Alejandro Forero Cuervo to the autoconf macro repository. We are also
++# grateful for the helpful feedback of numerous users.
++#
++# Updated for Autoconf 2.68 by Daniel Richard G.
++#
++# LICENSE
++#
++# Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu>
++# Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG>
++#
++# This program is free software: you can redistribute it and/or modify it
++# under the terms of the GNU General Public License as published by the
++# Free Software Foundation, either version 3 of the License, or (at your
++# option) any later version.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
++# Public License for more details.
++#
++# You should have received a copy of the GNU General Public License along
++# with this program. If not, see <http://www.gnu.org/licenses/>.
++#
++# As a special exception, the respective Autoconf Macro's copyright owner
++# gives unlimited permission to copy, distribute and modify the configure
++# scripts that are the output of Autoconf when processing the Macro. You
++# need not follow the terms of the GNU General Public License when using
++# or distributing such scripts, even though portions of the text of the
++# Macro appear in them. The GNU General Public License (GPL) does govern
++# all other use of the material that constitutes the Autoconf Macro.
++#
++# This special exception to the GPL applies to versions of the Autoconf
++# Macro released by the Autoconf Archive. When you make and distribute a
++# modified version of the Autoconf Macro, you may extend this special
++# exception to the GPL to apply to your modified version as well.
++
++#serial 18
++
++AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
++AC_DEFUN([AX_PTHREAD], [
++AC_REQUIRE([AC_CANONICAL_HOST])
++AC_LANG_PUSH([C])
++ax_pthread_ok=no
++
++# We used to check for pthread.h first, but this fails if pthread.h
++# requires special compiler flags (e.g. on True64 or Sequent).
++# It gets checked for in the link test anyway.
++
++# First of all, check if the user has set any of the PTHREAD_LIBS,
++# etcetera environment variables, and if threads linking works using
++# them:
++if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then
++ save_CFLAGS="$CFLAGS"
++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++ save_LIBS="$LIBS"
++ LIBS="$PTHREAD_LIBS $LIBS"
++ AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS])
++ AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes)
++ AC_MSG_RESULT($ax_pthread_ok)
++ if test x"$ax_pthread_ok" = xno; then
++ PTHREAD_LIBS=""
++ PTHREAD_CFLAGS=""
++ fi
++ LIBS="$save_LIBS"
++ CFLAGS="$save_CFLAGS"
++fi
++
++# We must check for the threads library under a number of different
++# names; the ordering is very important because some systems
++# (e.g. DEC) have both -lpthread and -lpthreads, where one of the
++# libraries is broken (non-POSIX).
++
++# Create a list of thread flags to try. Items starting with a "-" are
++# C compiler flags, and other items are library names, except for "none"
++# which indicates that we try without any flags at all, and "pthread-config"
++# which is a program returning the flags for the Pth emulation library.
++
++ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
++
++# The ordering *is* (sometimes) important. Some notes on the
++# individual items follow:
++
++# pthreads: AIX (must check this before -lpthread)
++# none: in case threads are in libc; should be tried before -Kthread and
++# other compiler flags to prevent continual compiler warnings
++# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
++# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
++# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
++# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads)
++# -pthreads: Solaris/gcc
++# -mthreads: Mingw32/gcc, Lynx/gcc
++# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
++# doesn't hurt to check since this sometimes defines pthreads too;
++# also defines -D_REENTRANT)
++# ... -mt is also the pthreads flag for HP/aCC
++# pthread: Linux, etcetera
++# --thread-safe: KAI C++
++# pthread-config: use pthread-config program (for GNU Pth library)
++
++case ${host_os} in
++ solaris*)
++
++ # On Solaris (at least, for some versions), libc contains stubbed
++ # (non-functional) versions of the pthreads routines, so link-based
++ # tests will erroneously succeed. (We need to link with -pthreads/-mt/
++ # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather
++ # a function called by this macro, so we could check for that, but
++ # who knows whether they'll stub that too in a future libc.) So,
++ # we'll just look for -pthreads and -lpthread first:
++
++ ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
++ ;;
++
++ darwin*)
++ ax_pthread_flags="-pthread $ax_pthread_flags"
++ ;;
++esac
++
++if test x"$ax_pthread_ok" = xno; then
++for flag in $ax_pthread_flags; do
++
++ case $flag in
++ none)
++ AC_MSG_CHECKING([whether pthreads work without any flags])
++ ;;
++
++ -*)
++ AC_MSG_CHECKING([whether pthreads work with $flag])
++ PTHREAD_CFLAGS="$flag"
++ ;;
++
++ pthread-config)
++ AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no)
++ if test x"$ax_pthread_config" = xno; then continue; fi
++ PTHREAD_CFLAGS="`pthread-config --cflags`"
++ PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
++ ;;
++
++ *)
++ AC_MSG_CHECKING([for the pthreads library -l$flag])
++ PTHREAD_LIBS="-l$flag"
++ ;;
++ esac
++
++ save_LIBS="$LIBS"
++ save_CFLAGS="$CFLAGS"
++ LIBS="$PTHREAD_LIBS $LIBS"
++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++
++ # Check for various functions. We must include pthread.h,
++ # since some functions may be macros. (On the Sequent, we
++ # need a special flag -Kthread to make this header compile.)
++ # We check for pthread_join because it is in -lpthread on IRIX
++ # while pthread_create is in libc. We check for pthread_attr_init
++ # due to DEC craziness with -lpthreads. We check for
++ # pthread_cleanup_push because it is one of the few pthread
++ # functions on Solaris that doesn't have a non-functional libc stub.
++ # We try pthread_create on general principles.
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>
++ static void routine(void *a) { a = 0; }
++ static void *start_routine(void *a) { return a; }],
++ [pthread_t th; pthread_attr_t attr;
++ pthread_create(&th, 0, start_routine, 0);
++ pthread_join(th, 0);
++ pthread_attr_init(&attr);
++ pthread_cleanup_push(routine, 0);
++ pthread_cleanup_pop(0) /* ; */])],
++ [ax_pthread_ok=yes],
++ [])
++
++ LIBS="$save_LIBS"
++ CFLAGS="$save_CFLAGS"
++
++ AC_MSG_RESULT($ax_pthread_ok)
++ if test "x$ax_pthread_ok" = xyes; then
++ break;
++ fi
++
++ PTHREAD_LIBS=""
++ PTHREAD_CFLAGS=""
++done
++fi
++
++# Various other checks:
++if test "x$ax_pthread_ok" = xyes; then
++ save_LIBS="$LIBS"
++ LIBS="$PTHREAD_LIBS $LIBS"
++ save_CFLAGS="$CFLAGS"
++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
++
++ # Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
++ AC_MSG_CHECKING([for joinable pthread attribute])
++ attr_name=unknown
++ for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>],
++ [int attr = $attr; return attr /* ; */])],
++ [attr_name=$attr; break],
++ [])
++ done
++ AC_MSG_RESULT($attr_name)
++ if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then
++ AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name,
++ [Define to necessary symbol if this constant
++ uses a non-standard name on your system.])
++ fi
++
++ AC_MSG_CHECKING([if more special flags are required for pthreads])
++ flag=no
++ case ${host_os} in
++ aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";;
++ osf* | hpux*) flag="-D_REENTRANT";;
++ solaris*)
++ if test "$GCC" = "yes"; then
++ flag="-D_REENTRANT"
++ else
++ flag="-mt -D_REENTRANT"
++ fi
++ ;;
++ esac
++ AC_MSG_RESULT(${flag})
++ if test "x$flag" != xno; then
++ PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS"
++ fi
++
++ AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT],
++ ax_cv_PTHREAD_PRIO_INHERIT, [
++ AC_LINK_IFELSE([
++ AC_LANG_PROGRAM([[#include <pthread.h>]], [[int i = PTHREAD_PRIO_INHERIT;]])],
++ [ax_cv_PTHREAD_PRIO_INHERIT=yes],
++ [ax_cv_PTHREAD_PRIO_INHERIT=no])
++ ])
++ AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"],
++ AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.]))
++
++ LIBS="$save_LIBS"
++ CFLAGS="$save_CFLAGS"
++
++ # More AIX lossage: must compile with xlc_r or cc_r
++ if test x"$GCC" != xyes; then
++ AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC})
++ else
++ PTHREAD_CC=$CC
++ fi
++else
++ PTHREAD_CC="$CC"
++fi
++
++AC_SUBST(PTHREAD_LIBS)
++AC_SUBST(PTHREAD_CFLAGS)
++AC_SUBST(PTHREAD_CC)
++
++# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
++if test x"$ax_pthread_ok" = xyes; then
++ ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1])
++ :
++else
++ ax_pthread_ok=no
++ $2
++fi
++AC_LANG_POP
++])dnl AX_PTHREAD
+Index: Makefile.am
+===================================================================
+--- Makefile.am.orig
++++ Makefile.am
+@@ -1,3 +1,5 @@
++ACLOCAL_AMFLAGS = -I m4
++
+ if AIX
+ authmod = NSS_LDAP
+ else
diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch
new file mode 100644
index 000000000000..b377ad7bb326
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch
@@ -0,0 +1,57 @@
+diff -Nuar --exclude '*.orig' nss_ldap-265.orig/ldap.conf nss_ldap-265/ldap.conf
+--- nss_ldap-265.orig/ldap.conf 2009-11-06 10:28:08.000000000 +0000
++++ nss_ldap-265/ldap.conf 2010-02-19 18:36:58.272236290 +0000
+@@ -279,7 +279,8 @@
+ # OpenLDAP SSL mechanism
+ # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
+ #ssl start_tls
+-#ssl on
++###ssl on
++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead.
+
+ # OpenLDAP SSL options
+ # Require and verify server certificate (yes/no)
+@@ -311,3 +312,27 @@
+ # Override the default Kerberos ticket cache location.
+ #krb5_ccname FILE:/etc/.ldapcache
+
++# Timeout behavior
++# Upstream nss_ldap hard-codes these values:
++#nss_reconnect_tries 5 # number of times to double the sleep time
++#nss_reconnect_sleeptime 4 # initial sleep value
++#nss_reconnect_maxsleeptime 64 # max sleep value to cap at
++#nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the
++# server is not available.
++
++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values
++# (The hardwired constants in the code are changed to them as well):
++nss_reconnect_tries 4 # number of times to double the sleep time
++nss_reconnect_sleeptime 1 # initial sleep value
++nss_reconnect_maxsleeptime 16 # max sleep value to cap at
++nss_reconnect_maxconntries 2 # how many tries before sleeping
++# This leads to a delay of 15 seconds (1+2+4+8=15)
++
++# If you are impatient, and know your LDAP server is reliable, fast or local,
++# you may wish to use these values instead:
++#nss_reconnect_tries 1 # number of times to double the sleep time
++#nss_reconnect_sleeptime 1 # initial sleep value
++#nss_reconnect_maxsleeptime 1 # max sleep value to cap at
++#nss_reconnect_maxconntries 3 # how many tries before sleeping
++# This leads to a delay of 1 second.
+diff -Nuar --exclude '*.orig' nss_ldap-265.orig/ldap-nss.h nss_ldap-265/ldap-nss.h
+--- nss_ldap-265.orig/ldap-nss.h 2009-11-06 10:28:08.000000000 +0000
++++ nss_ldap-265/ldap-nss.h 2010-02-19 18:37:49.278474888 +0000
+@@ -96,9 +96,9 @@
+ * unacceptable, in which case you may wish to adjust
+ * the constants below.
+ */
+-#define LDAP_NSS_TRIES 5 /* number of sleeping reconnect attempts */
+-#define LDAP_NSS_SLEEPTIME 4 /* seconds to sleep; doubled until max */
+-#define LDAP_NSS_MAXSLEEPTIME 64 /* maximum seconds to sleep */
++#define LDAP_NSS_TRIES 4 /* number of sleeping reconnect attempts */
++#define LDAP_NSS_SLEEPTIME 1 /* seconds to sleep; doubled until max */
++#define LDAP_NSS_MAXSLEEPTIME 16 /* maximum seconds to sleep */
+ #define LDAP_NSS_MAXCONNTRIES 2 /* reconnect attempts before sleeping */
+
+ #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)
diff --git a/sys-auth/nss_ldap/files/nsswitch.ldap.diff b/sys-auth/nss_ldap/files/nsswitch.ldap.diff
new file mode 100644
index 000000000000..a8e96e05e8d8
--- /dev/null
+++ b/sys-auth/nss_ldap/files/nsswitch.ldap.diff
@@ -0,0 +1,15 @@
+--- nsswitch.ldap 2004-06-08 00:34:09.895330016 -0500
++++ nsswitch.ldap-modified 2004-06-08 00:35:21.518441648 -0500
+@@ -10,10 +10,10 @@
+ passwd: files ldap
+ group: files ldap
+
+-# consult DNS first, we will need it to resolve the LDAP host. (If we
++# consult files/dns first, we will need it to resolve the LDAP host. (If we
+ # can't resolve it, we're in infinite recursion, because libldap calls
+ # gethostbyname(). Careful!)
+-hosts: dns ldap
++hosts: files dns ldap
+
+ # LDAP is nominally authoritative for the following maps.
+ services: ldap [NOTFOUND=return] files
diff --git a/sys-auth/nss_ldap/metadata.xml b/sys-auth/nss_ldap/metadata.xml
new file mode 100644
index 000000000000..6a0008335c0c
--- /dev/null
+++ b/sys-auth/nss_ldap/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer>
+ <email>ldap-bugs@gentoo.org</email>
+ <name>Please assign bugs to this mail alias.</name>
+</maintainer>
+<maintainer>
+ <email>robbat2@gentoo.org</email>
+ <name>Robin H. Johnson</name>
+</maintainer>
+<maintainer>
+ <email>prometheanfire@gentoo.org</email>
+</maintainer>
+</pkgmetadata>
diff --git a/sys-auth/nss_ldap/nss_ldap-258.ebuild b/sys-auth/nss_ldap/nss_ldap-258.ebuild
new file mode 100644
index 000000000000..b08662905dbf
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-258.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 hppa ~ia64 ~mips ppc ppc64 sparc x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+ eautoreconf
+}
+
+src_compile() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-schema-mapping \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ ${myconf} || die "configure failed"
+
+ emake || die "make failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-259.ebuild b/sys-auth/nss_ldap/nss_ldap-259.ebuild
new file mode 100644
index 000000000000..b4d3fbec2f87
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-259.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+ eautoreconf
+}
+
+src_compile() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-schema-mapping \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ ${myconf} || die "configure failed"
+
+ emake || die "make failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-261.ebuild b/sys-auth/nss_ldap/nss_ldap-261.ebuild
new file mode 100644
index 000000000000..823ea94d4d4b
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-261.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+ # Upstream forgets the version number sometimes
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+ sed -i \
+ -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ "${S}"/configure.in
+ eautoreconf
+}
+
+src_compile() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-schema-mapping \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ ${myconf} || die "configure failed"
+
+ emake || die "make failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-262.ebuild b/sys-auth/nss_ldap/nss_ldap-262.ebuild
new file mode 100644
index 000000000000..823ea94d4d4b
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-262.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+ # Upstream forgets the version number sometimes
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+ sed -i \
+ -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ "${S}"/configure.in
+ eautoreconf
+}
+
+src_compile() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-schema-mapping \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ ${myconf} || die "configure failed"
+
+ emake || die "make failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-264-r1.ebuild b/sys-auth/nss_ldap/nss_ldap-264-r1.ebuild
new file mode 100644
index 000000000000..0f60d8096e91
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-264-r1.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 hppa ia64 ~mips ppc ppc64 sparc x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf} || die "configure failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-264.ebuild b/sys-auth/nss_ldap/nss_ldap-264.ebuild
new file mode 100644
index 000000000000..5b4782b98968
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-264.ebuild
@@ -0,0 +1,99 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-252-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf} || die "configure failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265-r1.ebuild b/sys-auth/nss_ldap/nss_ldap-265-r1.ebuild
new file mode 100644
index 000000000000..abd731b35b3e
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265-r1.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 sparc x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ sed -i \
+ -e 's, vers_string , ./vers_string ,g' \
+ "${S}"/Makefile.am
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf} || die "configure failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ # Append two blank lines and some skip entries
+ echo >>"${D}"/etc/ldap.conf
+ echo >>"${D}"/etc/ldap.conf
+ sed -i "${D}"/etc/ldap.conf \
+ -e '$inss_initgroups_ignoreusers ldap,openldap,mysql,syslog,root,postgres' \
+ || die "failed to sed /etc/ldap.conf"
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265-r2.ebuild b/sys-auth/nss_ldap/nss_ldap-265-r2.ebuild
new file mode 100644
index 000000000000..816c6f262391
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265-r2.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit fixheadtails eutils multilib autotools prefix
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 sparc x86 ~amd64-linux"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ if use prefix; then
+ epatch "${FILESDIR}"/${P}-installdir.patch
+ eprefixify Makefile.am
+ fi
+
+ # bug 438692
+ epatch "${FILESDIR}"/${P}-pthread.patch
+
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ sed -i \
+ -e 's, vers_string , ./vers_string ,g' \
+ "${S}"/Makefile.am
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ldap-conf-file="${EPREFIX}/etc/ldap.conf" \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf}
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install \
+ INST_UID=${PORTAGE_USER:-root} INST_GID=${PORTAGE_GROUP:-root}
+
+ insinto /etc
+ doins ldap.conf
+
+ # Append two blank lines and some skip entries
+ echo >>"${ED}"/etc/ldap.conf
+ echo >>"${ED}"/etc/ldap.conf
+ sed -i "${ED}"/etc/ldap.conf \
+ -e '$inss_initgroups_ignoreusers ldap,openldap,mysql,syslog,root,postgres'
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265-r4.ebuild b/sys-auth/nss_ldap/nss_ldap-265-r4.ebuild
new file mode 100644
index 000000000000..fadc3ca254ec
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265-r4.ebuild
@@ -0,0 +1,141 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit fixheadtails eutils multilib autotools prefix
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ if use prefix; then
+ epatch "${FILESDIR}"/${P}-installdir.patch
+ eprefixify Makefile.am
+ fi
+
+ # bug 438692
+ epatch "${FILESDIR}"/${P}-pthread.patch
+
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ #fix broken oneshot connections
+ epatch "${FILESDIR}/nss_ldap-265-missing-entries-oneshot.patch"
+
+ sed -i \
+ -e 's, vers_string , ./vers_string ,g' \
+ "${S}"/Makefile.am
+
+ if use kernel_FreeBSD; then
+ #fix broken fbsd support
+ EPATCH_OPTS="-p0 -d ${S}" epatch "${FILESDIR}/nss_ldap-265-fbsd.patch"
+ fi
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir="${EPREFIX}/$(get_libdir)" \
+ --with-ldap-conf-file="${EPREFIX}/etc/ldap.conf" \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf}
+
+ if use kernel_FreeBSD; then
+ # configure.in does not properly handle include dependencies
+ echo "#define HAVE_NETINET_IF_ETHER_H 1" >> ${S}/config.h
+ echo "#define HAVE_NET_ROUTE_H 1" >> ${S}/config.h
+ echo "#define HAVE_RESOLV_H 1" >> ${S}/config.h
+ fi
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ if use kernel_FreeBSD; then
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+ else
+ emake -j1 DESTDIR="${D}" install \
+ INST_UID=${PORTAGE_USER:-root} INST_GID=${PORTAGE_GROUP:-root}
+ fi
+
+ insinto /etc
+ doins ldap.conf
+
+ # Append two blank lines and some skip entries
+ echo >>"${ED}"/etc/ldap.conf
+ echo >>"${ED}"/etc/ldap.conf
+ sed -i "${ED}"/etc/ldap.conf \
+ -e '$inss_initgroups_ignoreusers ldap,openldap,mysql,syslog,root,postgres'
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265-r5.ebuild b/sys-auth/nss_ldap/nss_ldap-265-r5.ebuild
new file mode 100644
index 000000000000..01dd3ec8e084
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265-r5.ebuild
@@ -0,0 +1,149 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit fixheadtails eutils multilib multilib-minimal autotools prefix
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 sparc x86 ~amd64-linux"
+
+DEPEND=">=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}]
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r3[${MULTILIB_USEDEP}] )
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+ ssl? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r7
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+src_prepare() {
+ if use prefix; then
+ epatch "${FILESDIR}"/${P}-installdir.patch
+ eprefixify Makefile.am
+ fi
+
+ # bug 438692
+ epatch "${FILESDIR}"/${P}-pthread.patch
+
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ #fix broken oneshot connections
+ epatch "${FILESDIR}/nss_ldap-265-missing-entries-oneshot.patch"
+
+ sed -i \
+ -e 's, vers_string , PERL5LIB="@top_srcdir@" @top_srcdir@/vers_string ,g' \
+ "${S}"/Makefile.am
+
+ if use kernel_FreeBSD; then
+ #fix broken fbsd support
+ EPATCH_OPTS="-p0 -d ${S}" epatch "${FILESDIR}/nss_ldap-265-fbsd.patch"
+ fi
+
+ eautoreconf
+}
+
+multilib_src_configure() {
+ local myconf=()
+ use debug && myconf+=( --enable-debugging )
+ use kerberos && myconf+=( --enable-configurable-krb5-ccname-gssapi )
+ multilib_is_native_abi && myconf+=( --libdir="${EPREFIX}/$(get_libdir)" )
+ # --enable-schema-mapping \
+ ECONF_SOURCE=${S} \
+ econf \
+ --with-ldap-lib=openldap \
+ --with-ldap-conf-file="${EPREFIX}/etc/ldap.conf" \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ "${myconf[@]}"
+
+ if use kernel_FreeBSD; then
+ # configure.in does not properly handle include dependencies
+ echo "#define HAVE_NETINET_IF_ETHER_H 1" >> ${S}/config.h
+ echo "#define HAVE_NET_ROUTE_H 1" >> ${S}/config.h
+ echo "#define HAVE_RESOLV_H 1" >> ${S}/config.h
+ fi
+}
+
+multilib_src_install() {
+ if use kernel_FreeBSD; then
+ emake -j1 DESTDIR="${D}" install
+ else
+ emake -j1 DESTDIR="${D}" install \
+ INST_UID=${PORTAGE_USER:-root} INST_GID=${PORTAGE_GROUP:-root}
+ fi
+}
+
+multilib_src_install_all() {
+ # dumb /usr/lib* -> /lib* symlinks gone wrong
+ rm -rf "${ED}"/usr/usr
+
+ insinto /etc
+ doins ldap.conf
+
+ # Append two blank lines and some skip entries
+ echo >>"${ED}"/etc/ldap.conf
+ echo >>"${ED}"/etc/ldap.conf
+ sed -i "${ED}"/etc/ldap.conf \
+ -e '$inss_initgroups_ignoreusers ldap,openldap,mysql,syslog,root,postgres'
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}
diff --git a/sys-auth/nss_ldap/nss_ldap-265.ebuild b/sys-auth/nss_ldap/nss_ldap-265.ebuild
new file mode 100644
index 000000000000..cc441c33f9ee
--- /dev/null
+++ b/sys-auth/nss_ldap/nss_ldap-265.ebuild
@@ -0,0 +1,106 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=2
+inherit fixheadtails eutils multilib autotools
+
+IUSE="debug ssl sasl kerberos"
+
+DESCRIPTION="NSS LDAP Module"
+HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html"
+SRC_URI="http://www.padl.com/download/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="LGPL-2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+
+DEPEND=">=net-nds/openldap-2.1.30-r5
+ sasl? ( dev-libs/cyrus-sasl )
+ kerberos? ( virtual/krb5 )
+ ssl? ( dev-libs/openssl )"
+RDEPEND="${DEPEND}
+ !<net-fs/autofs-4.1.3"
+
+src_prepare() {
+ epatch "${FILESDIR}"/nsswitch.ldap.diff
+
+ # Applied by upstream
+ #epatch "${FILESDIR}"/${PN}-239-tls-security-bug.patch
+
+ epatch "${FILESDIR}"/${PN}-249-sasl-compile.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-265-reconnect-timeouts.patch
+
+ # Applied by upstream
+ #EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-254-nss_getgrent_skipmembers.patch
+
+ EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${PN}-257-nss_max_group_depth.patch
+
+ sed -i.orig \
+ -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \
+ "${S}"/ldap.conf || die "failed to clean up initial version marker"
+
+ # fix head/tail stuff
+ ht_fix_file "${S}"/Makefile.am "${S}"/Makefile.in "${S}"/depcomp
+
+ # fix build borkage
+ for i in Makefile.{in,am}; do
+ sed -i.orig \
+ -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \
+ "${S}"/$i
+ done
+
+ epatch "${FILESDIR}"/${PN}-257.2-gssapi-headers.patch
+
+ # Bug #214750, no automagic deps
+ epatch "${FILESDIR}"/${PN}-264-disable-automagic.patch
+
+ # Upstream forgets the version number sometimes
+ #sed -i \
+ # -e "/^AM_INIT_AUTOMAKE/s~2..~$PV~" \
+ # "${S}"/configure.in
+
+ # Include an SONAME
+ epatch "${FILESDIR}"/${PN}-254-soname.patch
+
+ sed -i \
+ -e 's, vers_string , ./vers_string ,g' \
+ "${S}"/Makefile.am
+
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=""
+ use debug && myconf="${myconf} --enable-debugging"
+ use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi"
+ # --enable-schema-mapping \
+ econf \
+ --with-ldap-lib=openldap \
+ --libdir=/$(get_libdir) \
+ --enable-paged-results \
+ --enable-rfc2307bis \
+ $(use_enable ssl) \
+ $(use_enable sasl) \
+ $(use_enable kerberos krb) \
+ ${myconf} || die "configure failed"
+}
+
+src_install() {
+ dodir /$(get_libdir)
+
+ emake -j1 DESTDIR="${D}" install || die "make install failed"
+
+ insinto /etc
+ doins ldap.conf
+
+ dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \
+ COPYING CVSVersionInfo.txt README nsswitch.ldap certutil
+ docinto docs; dodoc doc/*
+}
+
+pkg_postinst() {
+ elog "If you use a ldaps:// string in the 'uri' setting of"
+ elog "your /etc/ldap.conf, you must set 'ssl on'!"
+}