* Merge from Debian testing. Remaining changes: - Install a default DIT (LP: #442498). - Document cn=config in README file (LP: #370784). - remaining changes: + AppArmor support: - debian/apparmor-profile: add AppArmor profile - use dh_apparmor: - debian/rules: use dh_apparmor - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 - updated debian/slapd.README.Debian for note on AppArmor - debian/slapd.dirs: add etc/apparmor.d/force-complain + Enable GSSAPI support (LP: #495418): - debian/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal - debian/patches/series: apply gssapi.diff patch. - debian/configure.options: Configure with --with-gssapi - debian/control: Added libkrb5-dev as a build depend + debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support in the openldap library, as required by Likewise-Open (LP: #390579) + Don't build smbk5pwd overlay since it uses heimdal instead of krb5: - debian/control: - remove build-dependency on heimdal-dev. - remove slapd-smbk5pwd binary package. - debian/rules: don't build smbk5pwd slapd module. + debian/{control,rules}: enable PIE hardening + ufw support (LP: #423246): - debian/control: suggest ufw. - debian/rules: install ufw profile. - debian/slapd.ufw.profile: add ufw profile. + Enable nssoverlay: - debian/patches/nssov-build, debian/series, debian/rules: Apply, build and package the nss overlay. - debian/schema/extra/misc.ldif: add ldif file for the misc schema which defines rfc822MailMember (required by the nss overlay). + debian/rules, debian/schema/extra/: Fix configure rule to supports extra schemas shipped as part of the debian/schema/ directory. + debian/rules, debian/slapd.py: Add apport hook. (LP: #610544) + debian/slapd.init.ldif: don't set olcRootDN since it's not defined in neither the default DIT nor via an Authn mapping. + debian/slapd.scripts-common: adjust minimum version that triggers a database upgrade. Upgrade from maverick shouldn't trigger database upgrade (which would happen with the version used in Debian). + debian/slapd.scripts-common: add slapcat_opts to local variables. Remove unused variable new_conf. + debian/slapd.script-common: Fix package reconfiguration. - Fix backup directory naming for multiple reconfiguration. + debian/slapd.default, debian/slapd.README.Debian: use the new configuration style. + Install nss overlay (LP: #675391): - debian/rules: run install target for nssov module. - debian/patches/nssov-build: fix patch to install schema in /etc/ldap/schema + debian/patches/gssapi.diff: - Update patch so that likewise-open is usuable again. (LP: #661547) + debian/patches/service-operational-before-detach: New patch replacing old one of the same name as previous could cause database corruption based on upstream commits. (LP: #727973) + debian/patches/CVE-2011-4079: fix off by one error in postalAddressNormalize() (CVE-2011-4079)