* Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes: - Enable AppArmor support: - d/apparmor-profile: add AppArmor profile - d/rules: use dh_apparmor - d/control: Build-Depends on dh-apparmor - d/slapd.README.Debian: add note about AppArmor - Enable GSSAPI support: - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal - d/configure.options: Configure with --with-gssapi - d/control: Added heimdal-dev as a build depend - Enable ufw support: - d/control: suggest ufw. - d/rules: install ufw profile. - d/slapd.ufw.profile: add ufw profile. - Enable nss overlay: - d/{patches/nssov-build,rules}: Apply, build and package the nss overlay. - d/{rules,slapd.py}: Add apport hook. - d/slapd.init.ldif: don't set olcRootDN since it's not defined in either the default DIT nor via an Authn mapping. - d/slapd.scripts-common: - add slapcat_opts to local variables. - Remove unused variable new_conf. - Fix backup directory naming for multiple reconfiguration. - d/{slapd.default,slapd.README.Debian}: use the new configuration style. - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support in the openldap library, as required by Likewise-Open - Show distribution in version: - d/control: added lsb-release - d/patches/fix-ldap-distribution.patch: show distribution in version * Drop patches included upstream: - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch - d/patches/bdb-deadlock.patch - d/patches/its-7354-fix-delta-sync-mmr.diff * Drop hardening-wrapper as Debian now sets PIE and bindnow flags. * debian/patches/nssov-build: Adjust for upstream changes. * debian/apparmor-profile: - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor kernel ABI v7 (utopic and later). (LP: #1392018) - Reduce permissions on /run/nslcd to just the nslcd socket. * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713. (LP: #1293250)