net-nds/openldap: Bump to 2.4.23 with sammba4

git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@2444 6952d904-891a-0410-993b-d76249ca496b
2010-09-30 07:59:24 +00:00 · 2010-09-30 07:59:24 +00:00 · 4536a9fc4a
parent 53a7082acd
commit 4536a9fc4a
12 changed files with 1106 additions and 3 deletions
--- a/net-nds/openldap/ChangeLog
+++ b/net-nds/openldap/ChangeLog
@ -2,6 +2,16 @@
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/ChangeLog,v 1.370 2010/04/11 15:24:10 jokey Exp $

+  30 Sep 2010; Mario Fetka <mario.fetka@gmail.com>
+  +files/openldap-2.2.6-ntlm.patch, +files/openldap-2.3.21-ppolicy.patch,
+  +files/openldap-2.3.24-contrib-smbk5pwd.patch,
+  +files/openldap-2.3.XY-gcc44.patch, +files/openldap-2.3.34-slapd-conf,
+  +files/openldap-2.3.37-libldap_r.patch,
+  +files/openldap-2.4.17-contrib-smbk5pwd.patch,
+  files/openldap-2.4.22.ebuild.diff, +openldap-2.4.23.ebuild,
+  +files/slapd-initd:
+  Bump to 2.4.23 with sammba4
+
  09 Jul 2010; Mario Fetka <mario.fetka@gmail.com>
  +files/openldap-2.4.22.ebuild.diff:
  add new file
--- a/net-nds/openldap/Manifest
+++ b/net-nds/openldap/Manifest
@ -1,15 +1,25 @@
 AUX DB_CONFIG.fast.example 746 RMD160 03d179d1c58d695c442eb5e3e69c245f3c2f2358 SHA1 c76a2a9f346a733ed6617d42229b434ce723c59e SHA256 69fc9aa6e4f0b888bc02d3f75642fe1ebf9345c685257a5c1236b2e79ed56e0b
 AUX openldap-2.2.14-perlthreadsfix.patch 614 RMD160 6e868aa5a5cc4e80c0340af25d18d010b342ed15 SHA1 3bb05c7ed511e8464331619ce23064d236a5fe82 SHA256 bb719cc1fed47ff0f111c960f3295781ae6f0d9e98b4266a87751044b4bb3175
+AUX openldap-2.2.6-ntlm.patch 5011 RMD160 317f4b6dc9589826739a14a8ad7200ed287c87be SHA1 29b8e9c4835235c976f026cd5883228b77581083 SHA256 1f7e766bcafb412ec336aad7e07295d6d62d2e2a62b6804b07b06a5056102243
+AUX openldap-2.3.21-ppolicy.patch 402 RMD160 72da1c4a886a329607608f8fa07857874ea8973a SHA1 0c6fe313ad06ccee5a96402fc116cf243d37146b SHA256 97feaaff03e839aaad402024082ba62fb2cbe0c721664a85af8674ebb28d7dbd
+AUX openldap-2.3.24-contrib-smbk5pwd.patch 1631 RMD160 01e394da82c2ca8493d0dc15c400675545f463bb SHA1 33781455168d2041f3ec00bbaf2da4ffbe411396 SHA256 277990c6bc9e00c29bc5123d5074e1a741a224e884f92651b301375b02edc70e
+AUX openldap-2.3.34-slapd-conf 2067 RMD160 40be06ab9188480f9ae9d5e639b8f5c5787942f1 SHA1 ef8693eb4f13843261945460259ebab184f80210 SHA256 f7611233b83fa70dac313b4e734041dfe1ddac07c804bdb12a775d7cf88c36a1
+AUX openldap-2.3.37-libldap_r.patch 862 RMD160 1ab42b2cdc6f3d9d412ccdfa7a7a288c29733231 SHA1 c2f997f2e28b7452a3ef981db9c6d527342ad400 SHA256 82471cc13806a9260e441aea90c8dfe9ce21b6d3edabb71766a2afcff6f80dfb
+AUX openldap-2.3.XY-gcc44.patch 1169 RMD160 51be41a0a3440e00507c540171fdcc4bf2eddd57 SHA1 ac2891193493415960509083dd78dd3ea422ef75 SHA256 c799ad2adde0e0801bfd641c1a43860180121a04897b8e2a01ad000ea31e2a8d
 AUX openldap-2.4.11-libldap_r.patch 515 RMD160 aa778bad59d498601bab84e215b2bcb6d125cf00 SHA1 e2c52828e719c137802966879f8da93a196cfde3 SHA256 3310a89d38bc39e6eb4333799d475411b274482b8bccab212b3edfd4385db70e
 AUX openldap-2.4.15-ppolicy.patch 418 RMD160 5b32da96fbc6002a2d464ea765ad72ebf23727f5 SHA1 cdd7c2bdfb0011561965a39f99e46cbb9f266aba SHA256 98269fa1e8a1a0e62dad9acd36fd9a33614fca9a5830d6e7e606db8eb7f85de5
+AUX openldap-2.4.17-contrib-smbk5pwd.patch 2046 RMD160 8e3834159767183535efa2144631e4cdfcd04a11 SHA1 6af3ca3f212414411e05c8766297b74573c103bc SHA256 81c146b2ee96ef03c169665f366ac25ebf93e2f1abb8ff41dc8741cb0927b813
 AUX openldap-2.4.17-fix-lmpasswd-gnutls-symbols.patch 3542 RMD160 7e17304b2b85e2dec12e0bc49b82e35443cc703e SHA1 7a25d0002581ae6f78ffe498c3e05eef0119f7a6 SHA256 31e816eb9f3b52f5f9d183f82adebff75892e45e764187e579a92204c90889cb
 AUX openldap-2.4.17-gcc44.patch 509 RMD160 07c1b8400e1b24cb8f20f2647b1354d2b28f653d SHA1 5df5a165acec74667f5989f291aedd958be56358 SHA256 33345882f601050ecaa6bb3dd7458e6b5f8e3684345847f7a53d4a1b0f514bda
 AUX openldap-2.4.19-contrib-smbk5pwd.patch 1555 RMD160 ce8f5caafa4b3d89dc11537f0045335b25c59404 SHA1 372906228b2ab6be13a689f895e173abb4862f2e SHA256 8e08af4235529cbc0c4541a28d5cf7e8cf3f41f7504af41527e993e1399fee92
-AUX openldap-2.4.22.ebuild.diff 1335 RMD160 e35bc9777cbd605811b0dbaf969a9132bf87067e SHA1 f8445cc3f1228e08e3f9998cafe94e81d8611636 SHA256 d7dc94585a1dfa96bfb7c758da1237438c385b5821873cb18c19df69a67da398
+AUX openldap-2.4.22.ebuild.diff 1335 RMD160 354600fa5dfae4768777d3b806bcdef609dcc248 SHA1 73d46065a1e55c94074da950a383c69f8082f517 SHA256 afdbeb2746ce606465ccc581f0a05a134c71857a153748b08efd88a958399268
 AUX slapd-confd 436 RMD160 764d5e2915d9af33fd1db2489ceac6d953750984 SHA1 a16b4674b45ac1e1c8a8f9e84ad0de519c81aa11 SHA256 1ccb8a3b78b65b125b24779dd065cf8000e2d5e4da267bb0a892e730edd2055d
+AUX slapd-initd 609 RMD160 3e1daa2bbbbec78aad265a1c4190098730a4234d SHA1 56d5f1d1f59e37bbcef2399847328c7963694f0a SHA256 840f984031b1fc84d4c6ba59c5ba0de5794be596215f0089c7739dba88d610d5
 AUX slapd-initd2 622 RMD160 750d7c59d1b7e47b0b21b96d301244c3ec3e28bf SHA1 a438adef50bfb925cc7550156b6dbefd68dcb856 SHA256 abd3ab5c58b18845f6946bbf93c987d833c8a94b88841c587ce453faf738cefa
 AUX slurpd-initd 494 RMD160 9f3a06bcab2e4ce8e66783af506d26595bbbdcd2 SHA1 8ab66a984510fa91755cbcbac29883cea1435db7 SHA256 b23e010f701620ec34c39cd215891c7c0afc773341392a1e762e84166d9863ff
 DIST openldap-2.4.22.tgz 5179727 RMD160 4edf1a822fcb34a06d18a28ce2f50cd040946453 SHA1 dd506b461c1fccd55dfff123b87aa6d07c899136 SHA256 c29b34031305616cf2c847d30706e2d2cdfc2cf91431e0bddab5d483395a40c1
+DIST openldap-2.4.23.tgz 5182440 RMD160 d2268e8fb894680d1d9926fedca736f195e0a0be SHA1 26027e7020256c5f47e17787f17ee8b31af42378 SHA256 5a5ede91d5e8ab3c7f637620aa29a3b96eb34318a8b26c8eef2d2c789fc055e3
 EBUILD openldap-2.4.22.ebuild 20379 RMD160 b7c7defdfcf7aa14b80064219326af823c7b7631 SHA1 4d331c21e40fea26fab163c50843fac897f5f64c SHA256 b2e5bb9586925bb1dc8bff7a9a8850812639bcaa4f2fb89c6efa03882f5e7644
-MISC ChangeLog 64578 RMD160 ecf192d0e9c93ab6bcce286bae0c0fe8cd880dd7 SHA1 72e2abc34f23641f816421f04dd137e7dc3417b6 SHA256 cecbba9735ba348340542e0c862e88aa1657849f4db458e93dc9223c8cf54daf
+EBUILD openldap-2.4.23.ebuild 20369 RMD160 d52fe7a2dc476bb341279fc921e562ce3081569c SHA1 ddc1dc5da8f444bc0e535cc23170e196b6de6008 SHA256 e7afb0b3fbd8c14288d22f4349cff9d40c78fa12f3dd8d9211df6f78dd3624e9
+MISC ChangeLog 65031 RMD160 226c0839b737b5fe17b7ffb09fe45090de031169 SHA1 48e1d342fd7c65ec7a29246e5f8ed0c087a82985 SHA256 9615e2738bc3672e72d00cd44e85da7e8d3ce2b39a502736cec51f70f8256659
 MISC metadata.xml 556 RMD160 14eae07812da4eecd05e467d1dccf841e6e16be6 SHA1 fa4c8d1aa03dd6bb9c27a7758fbaba5355cfe590 SHA256 405d4cd6f15d8495d0c7365f7b7d6bda9b82775d7e157339f3a6e92d46eed2c8
--- a/net-nds/openldap/files/openldap-2.2.6-ntlm.patch
+++ b/net-nds/openldap/files/openldap-2.2.6-ntlm.patch
@ -0,0 +1,199 @@
+(Note that this patch is not useful on its own... it just adds some
+hooks to work with the LDAP authentication process at a lower level
+than the API otherwise allows. The code that calls these hooks and
+actually drives the NTLM authentication process is in
+lib/e2k-global-catalog.c, and the code that actually implements the
+NTLM algorithms is in xntlm/.)
+
+This is a patch against OpenLDAP 2.2.6. Apply with -p0
+
+
+--- include/ldap.h.orig	2004-01-01 13:16:28.000000000 -0500
+++ include/ldap.h	2004-07-14 11:58:49.000000000 -0400
+@@ -1753,5 +1753,26 @@
+ 	LDAPControl **cctrls ));
+ 
+ 
+/*
+ * hacks for NTLM
+ */
+#define LDAP_AUTH_NTLM_REQUEST	((ber_tag_t) 0x8aU)
+#define LDAP_AUTH_NTLM_RESPONSE	((ber_tag_t) 0x8bU)
+LDAP_F( int )
+ldap_ntlm_bind LDAP_P((
+	LDAP		*ld,
+	LDAP_CONST char	*dn,
+	ber_tag_t	tag,
+	struct berval	*cred,
+	LDAPControl	**sctrls,
+	LDAPControl	**cctrls,
+	int		*msgidp ));
+LDAP_F( int )
+ldap_parse_ntlm_bind_result LDAP_P((
+	LDAP		*ld,
+	LDAPMessage	*res,
+	struct berval	*challenge));
+
+
+ LDAP_END_DECL
+ #endif /* _LDAP_H */
+--- libraries/libldap/Makefile.in.orig	2004-01-01 13:16:29.000000000 -0500
+++ libraries/libldap/Makefile.in	2004-07-14 13:37:23.000000000 -0400
+@@ -20,7 +20,7 @@
+ SRCS	= bind.c open.c result.c error.c compare.c search.c \
+ 	controls.c messages.c references.c extended.c cyrus.c \
+ 	modify.c add.c modrdn.c delete.c abandon.c \
+-	sasl.c sbind.c kbind.c unbind.c cancel.c  \
+	sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c  \
+ 	filter.c free.c sort.c passwd.c whoami.c \
+ 	getdn.c getentry.c getattr.c getvalues.c addentry.c \
+ 	request.c os-ip.c url.c sortctrl.c vlvctrl.c \
+@@ -29,7 +29,7 @@
+ OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
+ 	controls.lo messages.lo references.lo extended.lo cyrus.lo \
+ 	modify.lo add.lo modrdn.lo delete.lo abandon.lo \
+-	sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+	sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+ 	filter.lo free.lo sort.lo passwd.lo whoami.lo \
+ 	getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
+ 	request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
+--- /dev/null	2004-06-30 15:04:37.000000000 -0400
+++ libraries/libldap/ntlm.c	2004-07-14 13:44:18.000000000 -0400
+@@ -0,0 +1,137 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
+/*
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+/* Mostly copied from sasl.c */
+
+#include "portable.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+
+#include "ldap-int.h"
+
+int
+ldap_ntlm_bind(
+	LDAP		*ld,
+	LDAP_CONST char	*dn,
+	ber_tag_t	tag,
+	struct berval	*cred,
+	LDAPControl	**sctrls,
+	LDAPControl	**cctrls,
+	int		*msgidp )
+{
+	BerElement	*ber;
+	int rc;
+	ber_int_t id;
+
+	Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
+
+	assert( ld != NULL );
+	assert( LDAP_VALID( ld ) );
+	assert( msgidp != NULL );
+
+	if( msgidp == NULL ) {
+		ld->ld_errno = LDAP_PARAM_ERROR;
+		return ld->ld_errno;
+	}
+
+	/* create a message to send */
+	if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+
+	assert( LBER_VALID( ber ) );
+
+	LDAP_NEXT_MSGID( ld, id );
+	rc = ber_printf( ber, "{it{istON}" /*}*/,
+			 id, LDAP_REQ_BIND,
+			 ld->ld_version, dn, tag,
+			 cred );
+
+	/* Put Server Controls */
+	if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+		ber_free( ber, 1 );
+		return ld->ld_errno;
+	}
+
+	if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+		ld->ld_errno = LDAP_ENCODING_ERROR;
+		ber_free( ber, 1 );
+		return ld->ld_errno;
+	}
+
+	/* send the message */
+	*msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
+
+	if(*msgidp < 0)
+		return ld->ld_errno;
+
+	return LDAP_SUCCESS;
+}
+
+int
+ldap_parse_ntlm_bind_result(
+	LDAP		*ld,
+	LDAPMessage	*res,
+	struct berval	*challenge)
+{
+	ber_int_t	errcode;
+	ber_tag_t	tag;
+	BerElement	*ber;
+	ber_len_t	len;
+
+	Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
+
+	assert( ld != NULL );
+	assert( LDAP_VALID( ld ) );
+	assert( res != NULL );
+
+	if ( ld == NULL || res == NULL ) {
+		return LDAP_PARAM_ERROR;
+	}
+
+	if( res->lm_msgtype != LDAP_RES_BIND ) {
+		ld->ld_errno = LDAP_PARAM_ERROR;
+		return ld->ld_errno;
+	}
+
+	if ( ld->ld_error ) {
+		LDAP_FREE( ld->ld_error );
+		ld->ld_error = NULL;
+	}
+	if ( ld->ld_matched ) {
+		LDAP_FREE( ld->ld_matched );
+		ld->ld_matched = NULL;
+	}
+
+	/* parse results */
+
+	ber = ber_dup( res->lm_ber );
+
+	if( ber == NULL ) {
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+
+	tag = ber_scanf( ber, "{ioa" /*}*/,
+			 &errcode, challenge, &ld->ld_error );
+	ber_free( ber, 0 );
+
+	if( tag == LBER_ERROR ) {
+		ld->ld_errno = LDAP_DECODING_ERROR;
+		return ld->ld_errno;
+	}
+
+	ld->ld_errno = errcode;
+
+	return( ld->ld_errno );
+}
--- a/net-nds/openldap/files/openldap-2.3.21-ppolicy.patch
+++ b/net-nds/openldap/files/openldap-2.3.21-ppolicy.patch
@ -0,0 +1,13 @@
+--- clients.orig/tools/common.c	2006-05-05 00:24:01.000000000 -0700
+++ clients/tools/common.c	2006-05-05 00:24:13.000000000 -0700
+@@ -904,8 +904,8 @@
+ tool_bind( LDAP *ld )
+ {
+ #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+-	if ( ppolicy ) {
+ 		LDAPControl *ctrls[2], c;
+	if ( ppolicy ) {
+ 		c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+ 		c.ldctl_value.bv_val = NULL;
+ 		c.ldctl_value.bv_len = 0;
+
--- a/net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch
+++ b/net-nds/openldap/files/openldap-2.3.24-contrib-smbk5pwd.patch
@ -0,0 +1,53 @@
+--- contrib/slapd-modules/smbk5pwd/Makefile.ORIG	2006-05-17 13:11:57.194660019 +0300
+++ contrib/slapd-modules/smbk5pwd/Makefile	2006-05-17 13:11:14.503082288 +0300
+@@ -9,29 +9,39 @@
+ # top-level directory of the distribution or, alternatively, at
+ # <http://www.OpenLDAP.org/license.html>.
+ 
+#libexecdir=/usr/lib/openldap
+moduledir=$(libexecdir)/openldap
+ LIBTOOL=../../../libtool
+-OPT=-g -O2
+#OPT=
+ CC=gcc
+ 
+ # Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
+-DEFS=-DDO_KRB5 -DDO_SAMBA
+#DEFS=
+ 
+-HEIMDAL_INC=-I/usr/heimdal/include
+#KRB5_INC=
+ SSL_INC=
+ LDAP_INC=-I../../../include -I../../../servers/slapd
+-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC)
+ 
+-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
+KRB5_LIB=-lkrb5 -lkadm5srv
+ SSL_LIB=-lcrypto
+-LDAP_LIB=-lldap_r -llber
+-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
+-
+LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber
+ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
+	LIBS=$(LDAP_LIB) $(SSL_LIB)
+else
+	LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
+endif
+	
+ all:	smbk5pwd.la
+ 
+ 
+ smbk5pwd.lo:	smbk5pwd.c
+-	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $?
+ 
+ smbk5pwd.la:	smbk5pwd.lo
+-	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
+-	-rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS)
+	$(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+install-mod:
+	$(LIBTOOL) --mode=install ../../../build/shtool install -c \
+	-m 755 smbk5pwd.la $(DESTDIR)$(moduledir)
--- a/net-nds/openldap/files/openldap-2.3.34-slapd-conf
+++ b/net-nds/openldap/files/openldap-2.3.34-slapd-conf
@ -0,0 +1,64 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include		/etc/openldap/schema/core.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral	ldap://root.openldap.org
+
+pidfile		/var/run/openldap/slapd.pid
+argsfile	/var/run/openldap/slapd.args
+
+# Load dynamic backend modules:
+###INSERTDYNAMICMODULESHERE###
+
+# Sample security restrictions
+#	Require integrity protection (prevent hijacking)
+#	Require 112-bit (3DES or better) encryption for updates
+#	Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+#	Root DSE: allow anyone to read it
+#	Subschema (sub)entry DSE: allow anyone to read it
+#	Other DSEs:
+#		Allow self write access
+#		Allow authenticated users read access
+#		Allow anonymous users to authenticate
+#	Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+#	by self write
+#	by users read
+#	by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# BDB database definitions
+#######################################################################
+
+database	hdb
+suffix		"dc=my-domain,dc=com"
+#         <kbyte> <min>
+checkpoint	32	30 
+rootdn		"cn=Manager,dc=my-domain,dc=com"
+# Cleartext passwords, especially for the rootdn, should
+# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw		secret
+# The database directory MUST exist prior to running slapd AND 
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory	/var/lib/openldap-data
+# Indices to maintain
+index	objectClass	eq
--- a/net-nds/openldap/files/openldap-2.3.37-libldap_r.patch
+++ b/net-nds/openldap/files/openldap-2.3.37-libldap_r.patch
@ -0,0 +1,21 @@
+--- libraries/libldap_r/Makefile.in.old	2007-01-02 22:43:50.000000000 +0100
+++ libraries/libldap_r/Makefile.in	2007-08-22 13:32:20.000000000 +0200
+@@ -56,7 +56,7 @@
+ XXLIBS = $(SECURITY_LIBS) $(LUTIL_LIBS)
+ XXXLIBS = $(LTHREAD_LIBS)
+ NT_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+-UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS)
+UNIX_LINK_LIBS = $(LDAP_LIBLBER_LA) $(AC_LIBS) $(SECURITY_LIBS) $(LTHREAD_LIBS)
+ 
+ .links : Makefile
+ 	@for i in $(XXSRCS); do \
+--- servers/slapd/slapi/Makefile.in.old	2007-01-02 22:44:10.000000000 +0100
+++ servers/slapd/slapi/Makefile.in	2007-08-22 14:58:51.000000000 +0200
+@@ -37,6 +37,7 @@
+ XLIBS = $(LIBRARY)
+ XXLIBS = 
+ NT_LINK_LIBS = $(AC_LIBS)
+UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
+ 
+ XINCPATH = -I$(srcdir)/.. -I$(srcdir)
+ XDEFS = $(MODULES_CPPFLAGS)
--- a/net-nds/openldap/files/openldap-2.3.XY-gcc44.patch
+++ b/net-nds/openldap/files/openldap-2.3.XY-gcc44.patch
@ -0,0 +1,30 @@
+--- include/ldap_pvt_thread.h	2009-04-03 08:51:30.000000000 -0400
+++ include/ldap_pvt_thread.h	2009-04-03 08:56:36.000000000 -0400
+@@ -57,12 +57,12 @@
+ 
+ #ifndef LDAP_PVT_THREAD_H_DONE
+ #define	LDAP_PVT_THREAD_SET_STACK_SIZE
+-#ifndef LDAP_PVT_THREAD_STACK_SIZE
+-	/* LARGE stack. Will be twice as large on 64 bit machine. */
+-#define LDAP_PVT_THREAD_STACK_SIZE	( 1 * 1024 * 1024 * sizeof(void *) )
+ /* May be explicitly defined to zero to disable it */
+-#elif LDAP_PVT_THREAD_STACK_SIZE == 0
+#if defined( LDAP_PVT_THREAD_STACK_SIZE ) && LDAP_PVT_THREAD_STACK_SIZE == 0
+ #undef LDAP_PVT_THREAD_SET_STACK_SIZE
+#elif !defined(LDAP_PVT_THREAD_STACK_SIZE)
+	/* LARGE stack. Will be twice as large on 64 bit machine. */
+#define LDAP_PVT_THREAD_STACK_SIZE	( 1 * 1024 * 1024 * sizeof(void *) )
+ #endif
+ #endif /* !LDAP_PVT_THREAD_H_DONE */
+ 
+--- libraries/libldap/os-ip.c	2009-04-03 08:51:30.000000000 -0400
+++ libraries/libldap/os-ip.c	2009-04-03 08:54:47.000000000 -0400
+@@ -652,7 +652,7 @@
+ 		char *herr;
+ #ifdef NI_MAXHOST
+ 		char hbuf[NI_MAXHOST];
+-#elif defined( MAXHOSTNAMELEN
+#elif defined( MAXHOSTNAMELEN )
+ 		char hbuf[MAXHOSTNAMELEN];
+ #else
+ 		char hbuf[256];
--- a/net-nds/openldap/files/openldap-2.4.17-contrib-smbk5pwd.patch
+++ b/net-nds/openldap/files/openldap-2.4.17-contrib-smbk5pwd.patch
@ -0,0 +1,61 @@
+diff -Nuar --exclude 'openldap-2.4*' --exclude p -I '$OpenLDAP' openldap-2.4.17.orig/contrib/slapd-modules/smbk5pwd/Makefile openldap-2.4.17/contrib/slapd-modules/smbk5pwd/Makefile
+--- openldap-2.4.17.orig/contrib/slapd-modules/smbk5pwd/Makefile	2009-04-27 16:36:57.000000000 -0700
+++ openldap-2.4.17/contrib/slapd-modules/smbk5pwd/Makefile	2009-07-27 15:00:37.097428029 -0700
+@@ -9,37 +9,43 @@
+ # top-level directory of the distribution or, alternatively, at
+ # <http://www.OpenLDAP.org/license.html>.
+ 
+#libexecdir=/usr/lib/openldap
+moduledir=$(libexecdir)
+ LIBTOOL=../../../libtool
+-OPT=-g -O2
+#OPT=
+ CC=gcc
+ 
+ # Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
+-DEFS=-DDO_KRB5 -DDO_SAMBA
+#DEFS=
+ 
+-HEIMDAL_INC=-I/usr/heimdal/include
+#KRB5_INC=
+ SSL_INC=
+ LDAP_INC=-I../../../include -I../../../servers/slapd
+-INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+INCS=$(LDAP_INC) $(SSL_INC) $(KRB5_INC)
+ 
+-HEIMDAL_LIB=-L/usr/heimdal/lib -lkrb5 -lkadm5srv
+KRB5_LIB=-lkrb5 -lkadm5srv
+ SSL_LIB=-lcrypto
+-LDAP_LIB=-lldap_r -llber
+-LIBS=$(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
+-
+LDAP_LIB=-L../../../libraries/libldap_r -lldap_r -llber
+ifneq (DDO_KRB5,$(findstring DDO_KRB5,$(DEFS)))
+	LIBS=$(LDAP_LIB) $(SSL_LIB)
+else
+	LIBS=$(LDAP_LIB) $(KRB5_LIB) $(SSL_LIB)
+endif
+	
+ all:	smbk5pwd.la
+ 
+ 
+ smbk5pwd.lo:	smbk5pwd.c
+-	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(DEFS) $(INCS) -c $?
+ 
+ smbk5pwd.la:	smbk5pwd.lo
+-	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
+-	-rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
+	$(LIBTOOL) --mode=link $(CC) $(CFLAGS) -version-info 0:0:0 \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+ 
+ clean:
+ 	rm -f smbk5pwd.lo smbk5pwd.la
+ 
+ install: smbk5pwd.la
+-	mkdir -p $(PREFIX)/lib/openldap
+-	$(LIBTOOL) --mode=install cp smbk5pwd.la $(PREFIX)/lib/openldap
+-	$(LIBTOOL) --finish $(PREFIX)/lib
+	mkdir -p $(DESTDIR)$(moduledir)
+	$(LIBTOOL) --mode=install cp smbk5pwd.la $(DESTDIR)$(moduledir)
+	$(LIBTOOL) --finish $(DESTDIR)$(libexecdir)
--- a/net-nds/openldap/files/openldap-2.4.22.ebuild.diff
+++ b/net-nds/openldap/files/openldap-2.4.22.ebuild.diff
@ -1,5 +1,5 @@
 --- /usr/portage/net-nds/openldap/openldap-2.4.21.ebuild	2010-04-11 17:14:48.000000000 +0200
-+++ openldap-2.4.22.ebuild	2010-06-03 05:27:07.963282627 +0200
+++ openldap-2.4.23.ebuild	2010-06-03 05:27:07.963282627 +0200
@@ -17,7 +17,7 @@
 IUSE_BACKEND="+berkdb"
 IUSE_OVERLAY="overlays perl"
--- a/net-nds/openldap/files/slapd-initd
+++ b/net-nds/openldap/files/slapd-initd
@ -0,0 +1,21 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd,v 1.3 2009/07/28 21:28:25 robbat2 Exp $
+
+depend() {
+	need net
+	before dbus hald avahi-daemon
+}
+
+start() {
+	ebegin "Starting ldap-server"
+	eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ldap-server"
+	start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid 
+	eend $?
+}
--- a/net-nds/openldap/openldap-2.4.23.ebuild
+++ b/net-nds/openldap/openldap-2.4.23.ebuild
@ -0,0 +1,621 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/openldap-2.4.23.ebuild,v 1.7 2010/09/12 04:34:43 josejx Exp $
+
+EAPI="2"
+inherit db-use eutils flag-o-matic multilib ssl-cert versionator toolchain-funcs
+
+DESCRIPTION="LDAP suite of application and development tools"
+HOMEPAGE="http://www.OpenLDAP.org/"
+SRC_URI="mirror://openldap/openldap-release/${P}.tgz"
+
+LICENSE="OPENLDAP"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
+
+IUSE_DAEMON="crypt icu samba slp tcpd experimental minimal"
+IUSE_BACKEND="+berkdb"
+IUSE_OVERLAY="overlays perl"
+IUSE_OPTIONAL="gnutls iodbc sasl ssl odbc debug ipv6 syslog selinux"
+IUSE_CONTRIB="smbkrb5passwd kerberos samba4"
+IUSE_CONTRIB="${IUSE_CONTRIB} -cxx"
+IUSE="${IUSE_DAEMON} ${IUSE_BACKEND} ${IUSE_OVERLAY} ${IUSE_OPTIONAL} ${IUSE_CONTRIB}"
+
+# openssl is needed to generate lanman-passwords required by samba
+RDEPEND="sys-libs/ncurses
+	icu? ( dev-libs/icu )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? ( !gnutls? ( dev-libs/openssl )
+		gnutls? ( net-libs/gnutls ) )
+	sasl? ( dev-libs/cyrus-sasl )
+	!minimal? (
+		odbc? ( !iodbc? ( dev-db/unixODBC )
+			iodbc? ( dev-db/libiodbc ) )
+		slp? ( net-libs/openslp )
+		perl? ( dev-lang/perl[-build] )
+		samba? ( dev-libs/openssl )
+		berkdb? ( sys-libs/db )
+		smbkrb5passwd? (
+			dev-libs/openssl
+			app-crypt/heimdal )
+		kerberos? ( virtual/krb5 )
+		cxx? ( dev-libs/cyrus-sasl )
+	)
+	selinux? ( sec-policy/selinux-openldap )"
+DEPEND="${RDEPEND}"
+
+# for tracking versions
+OPENLDAP_VERSIONTAG=".version-tag"
+OPENLDAP_DEFAULTDIR_VERSIONTAG="/var/lib/openldap-data"
+
+openldap_filecount() {
+	local dir="$1"
+	find "${dir}" -type f ! -name '.*' ! -name 'DB_CONFIG.example' | wc -l
+}
+
+openldap_find_versiontags() {
+	# scan for all datadirs
+	openldap_datadirs=""
+	if [ -f "${ROOT}"/etc/openldap/slapd.conf ]; then
+		openldap_datadirs="$(awk '{if($1 == "directory") print $2 }' ${ROOT}/etc/openldap/slapd.conf)"
+	fi
+	openldap_datadirs="${openldap_datadirs} ${OPENLDAP_DEFAULTDIR_VERSIONTAG}"
+
+	einfo
+	einfo "Scanning datadir(s) from slapd.conf and"
+	einfo "the default installdir for Versiontags"
+	einfo "(${OPENLDAP_DEFAULTDIR_VERSIONTAG} may appear twice)"
+	einfo
+
+	# scan datadirs if we have a version tag
+	openldap_found_tag=0
+	have_files=0
+	for each in ${openldap_datadirs}; do
+		CURRENT_TAGDIR=${ROOT}`echo ${each} | sed "s:\/::"`
+		CURRENT_TAG=${CURRENT_TAGDIR}/${OPENLDAP_VERSIONTAG}
+		if [ -d ${CURRENT_TAGDIR} ] &&	[ ${openldap_found_tag} == 0 ] ; then
+			einfo "- Checking ${each}..."
+			if [ -r ${CURRENT_TAG} ] ; then
+				# yey, we have one :)
+				einfo "   Found Versiontag in ${each}"
+				source ${CURRENT_TAG}
+				if [ "${OLDPF}" == "" ] ; then
+					eerror "Invalid Versiontag found in ${CURRENT_TAGDIR}"
+					eerror "Please delete it"
+					eerror
+					die "Please kill the invalid versiontag in ${CURRENT_TAGDIR}"
+				fi
+
+				OLD_MAJOR=`get_version_component_range 2-3 ${OLDPF}`
+
+				[ $(openldap_filecount ${CURRENT_TAGDIR}) -gt 0 ] && have_files=1
+
+				# are we on the same branch?
+				if [ "${OLD_MAJOR}" != "${PV:0:3}" ] ; then
+					ewarn "   Versiontag doesn't match current major release!"
+					if [[ "${have_files}" == "1" ]] ; then
+						eerror "   Versiontag says other major and you (probably) have datafiles!"
+						echo
+						openldap_upgrade_howto
+					else
+						einfo "   No real problem, seems there's no database."
+					fi
+				else
+					einfo "   Versiontag is fine here :)"
+				fi
+			else
+				einfo "   Non-tagged dir ${each}"
+				[ $(openldap_filecount ${each}) -gt 0 ] && have_files=1
+				if [[ "${have_files}" == "1" ]] ; then
+					einfo "   EEK! Non-empty non-tagged datadir, counting `ls -a ${each} | wc -l` files"
+					echo
+
+					eerror
+					eerror "Your OpenLDAP Installation has a non tagged datadir that"
+					eerror "possibly contains a database at ${CURRENT_TAGDIR}"
+					eerror
+					eerror "Please export data if any entered and empty or remove"
+					eerror "the directory, installation has been stopped so you"
+					eerror "can take required action"
+					eerror
+					eerror "For a HOWTO on exporting the data, see instructions in the ebuild"
+					eerror
+					die "Please move the datadir ${CURRENT_TAGDIR} away"
+				fi
+			fi
+			einfo
+		fi
+	done
+	[ "${have_files}" == "1" ] && einfo "DB files present" || einfo "No DB files present"
+
+	# Now we must check for the major version of sys-libs/db linked against.
+	SLAPD_PATH=${ROOT}/usr/$(get_libdir)/openldap/slapd
+	if [ "${have_files}" == "1" -a -f "${SLAPD_PATH}" ]; then
+		OLDVER="$(/usr/bin/ldd ${SLAPD_PATH} \
+			| awk '/libdb-/{gsub("^libdb-","",$1);gsub(".so$","",$1);print $1}')"
+		NEWVER="$(use berkdb && db_findver sys-libs/db)"
+		local fail=0
+		if [ -z "${OLDVER}" -a -z "${NEWVER}" ]; then
+			:
+			# Nothing wrong here.
+		elif [ -z "${OLDVER}" -a -n "${NEWVER}" ]; then
+			eerror "	Your existing version of OpenLDAP was not built against"
+			eerror "	any version of sys-libs/db, but the new one will build"
+			eerror "	against	${NEWVER} and your database may be inaccessible."
+			echo
+			fail=1
+		elif [ -n "${OLDVER}" -a -z "${NEWVER}" ]; then
+			eerror "	Your existing version of OpenLDAP was built against"
+			eerror "	sys-libs/db:${OLDVER}, but the new one will not be"
+			eerror "	built against any version and your database may be"
+			eerror "	inaccessible."
+			echo
+			fail=1
+		elif [ "${OLDVER}" != "${NEWVER}" ]; then
+			eerror "	Your existing version of OpenLDAP was built against"
+			eerror "	sys-libs/db:${OLDVER}, but the new one will build against"
+			eerror "	${NEWVER} and your database would be inaccessible."
+			echo
+			fail=1
+		fi
+		[ "${fail}" == "1" ] && openldap_upgrade_howto
+	fi
+
+	echo
+	einfo
+	einfo "All datadirs are fine, proceeding with merge now..."
+	einfo
+}
+
+openldap_upgrade_howto() {
+	eerror
+	eerror "A (possible old) installation of OpenLDAP was detected,"
+	eerror "installation will not proceed for now."
+	eerror
+	eerror "As major version upgrades can corrupt your database,"
+	eerror "you need to dump your database and re-create it afterwards."
+	eerror
+	eerror "Additionally, rebuilding against different major versions of the"
+	eerror "sys-libs/db libraries will cause your database to be inaccessible."
+	eerror ""
+	d="$(date -u +%s)"
+	l="/root/ldapdump.${d}"
+	i="${l}.raw"
+	eerror " 1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop"
+	eerror " 2. slapcat -l ${i}"
+	eerror " 3. egrep -v '^entryCSN:' <${i} >${l}"
+	eerror " 4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/"
+	eerror " 5. emerge --update \=net-nds/${PF}"
+	eerror " 6. etc-update, and ensure that you apply the changes"
+	eerror " 7. slapadd -l ${l}"
+	eerror " 8. chown ldap:ldap /var/lib/openldap-data/*"
+	eerror " 9. /etc/init.d/slapd start"
+	eerror "10. check that your data is intact."
+	eerror "11. set up the new replication system."
+	eerror
+	if [ "${FORCE_UPGRADE}" != "1" ]; then
+		die "You need to upgrade your database first"
+	else
+		eerror "You have the magical FORCE_UPGRADE=1 in place."
+		eerror "Don't say you weren't warned about data loss."
+	fi
+}
+
+pkg_setup() {
+	if ! use sasl && use cxx ; then
+		die "To build the ldapc++ library you must emerge openldap with sasl support"
+	fi
+	if use minimal && has_version "net-nds/openldap" && built_with_use net-nds/openldap minimal ; then
+		einfo
+		einfo "Skipping scan for previous datadirs as requested by minimal useflag"
+		einfo
+	else
+		openldap_find_versiontags
+	fi
+
+	enewgroup ldap 439
+	enewuser ldap 439 -1 /usr/$(get_libdir)/openldap ldap
+}
+
+src_prepare() {
+	# ensure correct SLAPI path by default
+	sed -i -e 's,\(#define LDAPI_SOCK\).*,\1 "/var/run/openldap/slapd.sock",' \
+		"${S}"/include/ldap_defaults.h
+
+	epatch "${FILESDIR}"/${PN}-2.4.17-gcc44.patch
+
+	epatch \
+		"${FILESDIR}"/${PN}-2.2.14-perlthreadsfix.patch \
+		"${FILESDIR}"/${PN}-2.4.15-ppolicy.patch
+
+	# bug #116045 - still present in 2.4.19
+	epatch "${FILESDIR}"/${PN}-2.4.19-contrib-smbk5pwd.patch
+
+	# bug #189817
+	epatch "${FILESDIR}"/${PN}-2.4.11-libldap_r.patch
+
+	# bug #233633
+	epatch "${FILESDIR}"/${PN}-2.4.17-fix-lmpasswd-gnutls-symbols.patch
+
+	cd "${S}"/build
+	einfo "Making sure upstream build strip does not do stripping too early"
+	sed -i.orig \
+		-e '/^STRIP/s,-s,,g' \
+		top.mk || die "Failed to block stripping"
+
+	# wrong assumption that /bin/sh is /bin/bash
+	sed -i \
+		-e 's|/bin/sh|/bin/bash|g' \
+		"${S}"/tests/scripts/* || die "sed failed"
+}
+
+build_contrib_module() {
+	lt="${S}/libtool"
+	# <dir> <sources> <outputname>
+	cd "${S}/contrib/slapd-modules/$1"
+	einfo "Compiling contrib-module: $3"
+	# Make sure it's uppercase
+	local define_name="$(echo "SLAPD_OVER_${1}" | LC_ALL=C tr '[:lower:]' '[:upper:]')"
+	"${lt}" --mode=compile --tag=CC \
+		"${CC}" \
+		-D${define_name}=SLAPD_MOD_DYNAMIC \
+		-I../../../include -I../../../servers/slapd ${CFLAGS} \
+		-o ${2%.c}.lo -c $2 || die "compiling $3 failed"
+	einfo "Linking contrib-module: $3"
+	"${lt}" --mode=link --tag=CC \
+		"${CC}" -module \
+		${CFLAGS} \
+		${LDFLAGS} \
+		-rpath /usr/$(get_libdir)/openldap/openldap \
+		-o $3.la ${2%.c}.lo || die "linking $3 failed"
+}
+
+src_configure() {
+	local myconf
+
+	#Fix for glibc-2.8 and ucred. Bug 228457.
+	append-flags -D_GNU_SOURCE
+
+	use debug && myconf="${myconf} $(use_enable debug)"
+
+	# ICU usage is not configurable
+	export ac_cv_header_unicode_utypes_h="$(use icu && echo yes || echo no)"
+
+	if ! use minimal ; then
+		# re-enable serverside overlay chains per bug #296567
+		# see ldap docs chaper 12.3.1 for details
+		myconf="${myconf} --enable-ldap"
+
+		# backends
+		myconf="${myconf} --enable-slapd"
+		if use berkdb ; then
+			einfo "Using Berkeley DB for local backend"
+			myconf="${myconf} --enable-bdb --enable-hdb"
+			# We need to include the slotted db.h dir for FreeBSD
+			append-cppflags -I$(db_includedir)
+		else
+			ewarn
+			ewarn "Note: if you disable berkdb, you can only use remote-backends!"
+			ewarn
+			ebeep 5
+			myconf="${myconf} --disable-bdb --disable-hdb"
+		fi
+		for backend in dnssrv ldap meta monitor null passwd relay shell sock; do
+			myconf="${myconf} --enable-${backend}=mod"
+		done
+
+		myconf="${myconf} $(use_enable perl perl mod)"
+
+		myconf="${myconf} $(use_enable odbc sql mod)"
+		if use odbc ; then
+			local odbc_lib="unixodbc"
+			if use iodbc ; then
+				odbc_lib="iodbc"
+				append-cppflags -I/usr/include/iodbc
+			fi
+			myconf="${myconf} --with-odbc=${odbc_lib}"
+		fi
+
+		# slapd options
+		myconf="${myconf} $(use_enable crypt) $(use_enable slp)"
+		myconf="${myconf} $(use_enable samba lmpasswd) $(use_enable syslog)"
+		if use experimental ; then
+			myconf="${myconf} --enable-dynacl"
+			myconf="${myconf} --enable-aci=mod"
+		fi
+		for option in aci cleartext modules rewrite rlookups slapi; do
+			myconf="${myconf} --enable-${option}"
+		done
+
+		# slapd overlay options
+		# Compile-in the syncprov, the others as module
+		myconf="${myconf} --enable-syncprov=yes"
+		use overlays && myconf="${myconf} --enable-overlays=mod"
+
+	else
+		myconf="${myconf} --disable-slapd --disable-bdb --disable-hdb"
+		myconf="${myconf} --disable-overlays --disable-syslog"
+	fi
+
+	# basic functionality stuff
+	myconf="${myconf} $(use_enable ipv6)"
+	myconf="${myconf} $(use_with sasl cyrus-sasl) $(use_enable sasl spasswd)"
+	myconf="${myconf} $(use_enable tcpd wrappers)"
+
+	local ssl_lib="no"
+	if use ssl || ( use ! minimal && use samba ) ; then
+		ssl_lib="openssl"
+		use gnutls && ssl_lib="gnutls"
+	fi
+
+	myconf="${myconf} --with-tls=${ssl_lib}"
+
+	for basicflag in dynamic local proctitle shared static; do
+		myconf="${myconf} --enable-${basicflag}"
+	done
+
+	tc-export CC AR CXX
+	STRIP=/bin/true \
+	econf \
+		--libexecdir=/usr/$(get_libdir)/openldap \
+		${myconf} || die "econf failed"
+}
+
+src_configure_cxx() {
+	# This needs the libraries built by the first build run.
+	# So we have to run it AFTER the main build, not just after the main
+	# configure.
+	if ! use minimal ; then
+		 if use cxx ; then
+		 	local myconf_ldapcpp
+		 	myconf_ldapcpp="${myconf_ldapcpp} --with-ldap-includes=../../include"
+		 	cd "${S}/contrib/ldapc++"
+		 	OLD_LDFLAGS="$LDFLAGS"
+		 	OLD_CPPFLAGS="$CPPFLAGS"
+		 	append-ldflags -L../../libraries/liblber/.libs -L../../libraries/libldap/.libs
+		 	append-ldflags -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs
+		 	append-cppflags -I../../../include
+		 	econf ${myconf_ldapcpp} \
+		 		CC="${CC}" \
+		 		CXX="${CXX}" \
+		 		|| die "econf ldapc++ failed"
+		 	CPPFLAGS="$OLD_CPPFLAGS"
+			LDFLAGS="${OLD_LDFLAGS}"
+		 fi
+	fi
+}
+
+src_compile() {
+	emake depend || die "emake depend failed"
+	emake CC="${CC}" AR="${AR}" || die "emake failed"
+	lt="${S}/libtool"
+	export echo="echo"
+
+	if ! use minimal ; then
+		 if use cxx ; then
+		 	einfo "Building contrib library: ldapc++"
+			src_configure_cxx
+		 	cd "${S}/contrib/ldapc++"
+		 	emake \
+		 		CC="${CC}" CXX="${CXX}" \
+		 		|| die "emake ldapc++ failed"
+		 fi
+
+		if use smbkrb5passwd ; then
+			einfo "Building contrib-module: smbk5pwd"
+			cd "${S}/contrib/slapd-modules/smbk5pwd"
+
+			emake \
+				DEFS="-DDO_SAMBA -DDO_KRB5" \
+				KRB5_INC="$(krb5-config --cflags)" \
+				CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
+				|| die "emake smbk5pwd failed"
+		fi
+
+		if use samba4 ; then
+			einfo "Building contrib-module: samba4"
+			cd "${S}/contrib/slapd-modules/samba4"
+
+			emake \
+				CC="${CC}" libexecdir="/usr/$(get_libdir)/openldap" \
+				|| die "emake samba4 failed"
+		fi
+
+		if use kerberos ; then
+			cd "${S}/contrib/slapd-modules/passwd"
+			einfo "Compiling contrib-module: pw-kerberos"
+			"${lt}" --mode=compile --tag=CC \
+				"${CC}" \
+				-I../../../include \
+				${CFLAGS} \
+				$(krb5-config --cflags) \
+				-DHAVE_KRB5 \
+				-o kerberos.lo \
+				-c kerberos.c || die "compiling pw-kerberos failed"
+			einfo "Linking contrib-module: pw-kerberos"
+			"${lt}" --mode=link --tag=CC \
+				"${CC}" -module \
+				${CFLAGS} \
+				${LDFLAGS} \
+				-rpath /usr/$(get_libdir)/openldap/openldap \
+				-o pw-kerberos.la \
+				kerberos.lo || die "linking pw-kerberos failed"
+		fi
+		# We could build pw-radius if GNURadius would install radlib.h
+		cd "${S}/contrib/slapd-modules/passwd"
+		einfo "Compiling contrib-module: pw-netscape"
+		"${lt}" --mode=compile --tag=CC \
+			"${CC}" \
+			-I../../../include \
+			${CFLAGS} \
+			-o netscape.lo \
+			-c netscape.c || die "compiling pw-netscape failed"
+		einfo "Linking contrib-module: pw-netscape"
+		"${lt}" --mode=link --tag=CC \
+			"${CC}" -module \
+			${CFLAGS} \
+			${LDFLAGS} \
+			-rpath /usr/$(get_libdir)/openldap/openldap \
+			-o pw-netscape.la \
+			netscape.lo || die "linking pw-netscape failed"
+
+		build_contrib_module "addpartial" "addpartial-overlay.c" "addpartial-overlay"
+		build_contrib_module "allop" "allop.c" "overlay-allop"
+		build_contrib_module "allowed" "allowed.c" "allowed"
+		build_contrib_module "autogroup" "autogroup.c" "autogroup"
+		build_contrib_module "denyop" "denyop.c" "denyop-overlay"
+		build_contrib_module "dsaschema" "dsaschema.c" "dsaschema-plugin"
+		# lastmod may not play well with other overlays
+		build_contrib_module "lastmod" "lastmod.c" "lastmod"
+		build_contrib_module "nops" "nops.c" "nops-overlay"
+	    build_contrib_module "trace" "trace.c" "trace"
+		# build slapi-plugins
+		cd "${S}/contrib/slapi-plugins/addrdnvalues"
+		einfo "Building contrib-module: addrdnvalues plugin"
+		"${CC}" -shared \
+			-I../../../include \
+			${CFLAGS} \
+			-fPIC \
+			${LDFLAGS} \
+			-o libaddrdnvalues-plugin.so \
+			addrdnvalues.c || die "Building libaddrdnvalues-plugin.so failed"
+
+	fi
+}
+
+src_test() {
+	cd tests ; make tests || die "make tests failed"
+}
+
+src_install() {
+	lt="${S}/libtool"
+	emake DESTDIR="${D}" install || die "make install failed"
+
+	dodoc ANNOUNCEMENT CHANGES COPYRIGHT README "${FILESDIR}"/DB_CONFIG.fast.example
+	docinto rfc ; dodoc doc/rfc/*.txt
+
+	# openldap modules go here
+	# TODO: write some code to populate slapd.conf with moduleload statements
+	keepdir /usr/$(get_libdir)/openldap/openldap/
+
+	# initial data storage dir
+	keepdir /var/lib/openldap-data
+	fowners ldap:ldap /var/lib/openldap-data
+	fperms 0700 /var/lib/openldap-data
+
+	echo "OLDPF='${PF}'" > "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+	echo "# do NOT delete this. it is used"	>> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+	echo "# to track versions for upgrading." >> "${D}${OPENLDAP_DEFAULTDIR_VERSIONTAG}/${OPENLDAP_VERSIONTAG}"
+
+	# change slapd.pid location in configuration file
+	keepdir /var/run/openldap
+	fowners ldap:ldap /var/run/openldap
+	fperms 0755 /var/run/openldap
+
+	if ! use minimal; then
+		# use our config
+		rm "${D}"etc/openldap/slapd.conf
+		insinto /etc/openldap
+		newins "${FILESDIR}"/${PN}-2.3.34-slapd-conf slapd.conf
+		configfile="${D}"etc/openldap/slapd.conf
+
+		# populate with built backends
+		ebegin "populate config with built backends"
+		for x in "${D}"usr/$(get_libdir)/openldap/openldap/back_*.so; do
+			elog "Adding $(basename ${x})"
+			sed -e "/###INSERTDYNAMICMODULESHERE###$/a# moduleload\t$(basename ${x})" -i "${configfile}"
+		done
+		sed -e "s:###INSERTDYNAMICMODULESHERE###$:# modulepath\t/usr/$(get_libdir)/openldap/openldap:" -i "${configfile}"
+		fowners root:ldap /etc/openldap/slapd.conf
+		fperms 0640 /etc/openldap/slapd.conf
+		cp "${configfile}" "${configfile}".default
+		eend
+
+		# install our own init scripts
+		newinitd "${FILESDIR}"/slapd-initd2 slapd
+		newconfd "${FILESDIR}"/slapd-confd slapd
+		if [ $(get_libdir) != lib ]; then
+			sed -e "s,/usr/lib/,/usr/$(get_libdir)/," -i "${D}"etc/init.d/slapd
+		fi
+
+		 if use cxx ; then
+		 	einfo "Install the ldapc++ library"
+		 	cd "${S}/contrib/ldapc++"
+		 	emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install ldapc++ failed"
+		 	newdoc README ldapc++-README
+		 fi
+
+		if use smbkrb5passwd ; then
+			einfo "Install the smbk5pwd module"
+			cd "${S}/contrib/slapd-modules/smbk5pwd"
+			emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install smbk5pwd failed"
+			newdoc README smbk5pwd-README
+		fi
+
+		if use samba4 ; then
+			einfo "Install the samba4 module"
+			cd "${S}/contrib/slapd-modules/samba4"
+			emake DESTDIR="${D}" libexecdir="/usr/$(get_libdir)/openldap" install || die "emake install samba4 failed"
+			newdoc README samba4-README
+		fi
+
+		einfo "Installing contrib modules"
+		cd "${S}/contrib/slapd-modules"
+		for l in */*.la; do
+			"${lt}" --mode=install cp ${l} \
+				"${D}"usr/$(get_libdir)/openldap/openldap || \
+				die "installing ${l} failed"
+		done
+		docinto contrib
+		newdoc addpartial/README addpartial-README
+		newdoc allop/README allop-README
+		doman allop/slapo-allop.5
+		newdoc autogroup/README autogroup-README
+		newdoc denyop/denyop.c denyop-denyop.c
+		newdoc dsaschema/README dsaschema-README
+		doman lastmod/slapo-lastmod.5
+		doman nops/slapo-nops.5
+		newdoc passwd/README passwd-README
+		cd "${S}/contrib/slapi-plugins"
+		insinto /usr/$(get_libdir)/openldap/openldap
+		doins  */*.so
+		docinto contrib
+		newdoc addrdnvalues/README addrdnvalues-README
+	fi
+}
+
+pkg_preinst() {
+	# keep old libs if any
+	preserve_old_lib usr/$(get_libdir)/{libldap,libldap_r,liblber}-2.3.so.0
+}
+
+pkg_postinst() {
+	if ! use minimal ; then
+		# You cannot build SSL certificates during src_install that will make
+		# binary packages containing your SSL key, which is both a security risk
+		# and a misconfiguration if multiple machines use the same key and cert.
+		if use ssl; then
+			install_cert /etc/openldap/ssl/ldap
+			chown ldap:ldap "${ROOT}"etc/openldap/ssl/ldap.*
+			ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+			ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]"
+			ewarn "add 'TLS_REQCERT never' if you want to use them."
+		fi
+
+		# These lines force the permissions of various content to be correct
+		chown ldap:ldap "${ROOT}"var/run/openldap
+		chmod 0755 "${ROOT}"var/run/openldap
+		chown root:ldap "${ROOT}"etc/openldap/slapd.conf{,.default}
+		chmod 0640 "${ROOT}"etc/openldap/slapd.conf{,.default}
+		chown ldap:ldap "${ROOT}"var/lib/openldap-{data,ldbm}
+	fi
+
+	elog "Getting started using OpenLDAP? There is some documentation available:"
+	elog "Gentoo Guide to OpenLDAP Authentication"
+	elog "(http://www.gentoo.org/doc/en/ldap-howto.xml)"
+	elog "---"
+	elog "An example file for tuning BDB backends with openldap is"
+	elog "DB_CONFIG.fast.example in /usr/share/doc/${PF}/"
+
+	preserve_old_lib_notify /usr/$(get_libdir)/{liblber,libldap,libldap_r}-2.3.so.0
+}