Commit | Line | Data |
---|---|---|
2a75d4e6 | 1 | ;;; GNU Guix --- Functional package management for GNU |
aff0cce9 | 2 | ;;; Copyright © 2013, 2014, 2015, 2019 Ludovic Courtès <ludo@gnu.org> |
2a75d4e6 | 3 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> |
80c13759 | 4 | ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> |
cbc6a28b | 5 | ;;; Copyright © 2017, 2018, 2019 Ricardo Wurmus <rekado@elephly.net> |
590594a1 | 6 | ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> |
1c8b1870 | 7 | ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> |
e5d71802 | 8 | ;;; Copyright © 2020 Lars-Dominik Braun <ldb@leibniz-psychology.org> |
0b258128 | 9 | ;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il> |
2a75d4e6 AE |
10 | ;;; |
11 | ;;; This file is part of GNU Guix. | |
12 | ;;; | |
13 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
14 | ;;; under the terms of the GNU General Public License as published by | |
15 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
16 | ;;; your option) any later version. | |
17 | ;;; | |
18 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
19 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | ;;; GNU General Public License for more details. | |
22 | ;;; | |
23 | ;;; You should have received a copy of the GNU General Public License | |
24 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
25 | ||
26 | (define-module (gnu packages openldap) | |
27 | #:use-module (gnu packages autotools) | |
f51d8e4c | 28 | #:use-module (gnu packages check) |
2a75d4e6 AE |
29 | #:use-module (gnu packages compression) |
30 | #:use-module (gnu packages cyrus-sasl) | |
255d1bbe | 31 | #:use-module (gnu packages dbm) |
f51d8e4c RW |
32 | #:use-module (gnu packages documentation) |
33 | #:use-module (gnu packages gettext) | |
2a75d4e6 AE |
34 | #:use-module (gnu packages gnupg) |
35 | #:use-module (gnu packages groff) | |
36 | #:use-module (gnu packages icu4c) | |
fadae857 | 37 | #:use-module (gnu packages kerberos) |
f51d8e4c | 38 | #:use-module (gnu packages libevent) |
f8fe0e9d | 39 | #:use-module (gnu packages linux) |
f51d8e4c | 40 | #:use-module (gnu packages networking) |
aff0cce9 | 41 | #:use-module (gnu packages nss) |
cbc6a28b | 42 | #:use-module (gnu packages password-utils) |
f51d8e4c RW |
43 | #:use-module (gnu packages pcre) |
44 | #:use-module (gnu packages perl) | |
45 | #:use-module (gnu packages pkg-config) | |
f8fe0e9d | 46 | #:use-module (gnu packages python) |
44d10b1f | 47 | #:use-module (gnu packages python-xyz) |
f51d8e4c RW |
48 | #:use-module (gnu packages rsync) |
49 | #:use-module (gnu packages selinux) | |
50 | #:use-module (gnu packages time) | |
cc2b77df | 51 | #:use-module (gnu packages tls) |
f51d8e4c | 52 | #:use-module (gnu packages web) |
b0415c03 | 53 | #:use-module (gnu packages) |
e5d71802 | 54 | #:use-module ((guix licenses) #:select (openldap2.8 lgpl2.1+ gpl3+ psfl expat)) |
2a75d4e6 | 55 | #:use-module (guix packages) |
1c8b1870 | 56 | #:use-module (guix utils) |
2a75d4e6 | 57 | #:use-module (guix download) |
8c0b8cce RW |
58 | #:use-module (guix build-system gnu) |
59 | #:use-module (guix build-system python)) | |
2a75d4e6 AE |
60 | |
61 | (define-public openldap | |
62 | (package | |
63 | (name "openldap") | |
f224a8bb | 64 | (replacement openldap-2.4.50) |
090f33d6 | 65 | (version "2.4.49") |
2a75d4e6 AE |
66 | (source (origin |
67 | (method url-fetch) | |
969ee403 LC |
68 | |
69 | ;; See <http://www.openldap.org/software/download/> for a list of | |
70 | ;; mirrors. | |
71 | (uri (list (string-append | |
72 | "ftp://mirror.switch.ch/mirror/OpenLDAP/" | |
73 | "openldap-release/openldap-" version ".tgz") | |
74 | (string-append | |
47415332 | 75 | "https://www.openldap.org/software/download/OpenLDAP/" |
969ee403 LC |
76 | "openldap-release/openldap-" version ".tgz") |
77 | (string-append | |
78 | "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/" | |
79 | "openldap-release/openldap-" version ".tgz"))) | |
80 | (sha256 | |
81 | (base32 | |
090f33d6 | 82 | "0vp524rsngdcykf6ki7vprsyg7gj8z7hszg8xwxz50219fa1gcg3")))) |
2a75d4e6 | 83 | (build-system gnu-build-system) |
a0adbb04 | 84 | (inputs `(("bdb" ,bdb-5.3) |
2a75d4e6 | 85 | ("cyrus-sasl" ,cyrus-sasl) |
217f3fdf | 86 | ("gnutls" ,gnutls) |
2a75d4e6 | 87 | ("libgcrypt" ,libgcrypt) |
2a75d4e6 | 88 | ("zlib" ,zlib))) |
1c8b1870 MO |
89 | (native-inputs `(("libtool" ,libtool) |
90 | ("groff" ,groff) | |
fe994a0c | 91 | ("bdb" ,bdb-5.3))) |
2a75d4e6 | 92 | (arguments |
c3f97617 | 93 | `(#:tests? #f |
1c8b1870 MO |
94 | #:configure-flags |
95 | '("--disable-static" | |
96 | ,@(if (%current-target-system) | |
97 | '("--with-yielding_select=yes" | |
98 | "ac_cv_func_memcmp_working=yes") | |
99 | '())) | |
100 | ;; Disable install stripping as it breaks cross-compiling. | |
101 | #:make-flags '("STRIP=") | |
2a75d4e6 | 102 | #:phases |
c9dba6c1 | 103 | (modify-phases %standard-phases |
1c8b1870 MO |
104 | ,@(if (%current-target-system) |
105 | '((add-before 'configure 'fix-cross-gcc | |
106 | (lambda* (#:key target #:allow-other-keys) | |
107 | (setenv "CC" (string-append target "-gcc")) | |
108 | #t))) | |
109 | '()) | |
4f493cba LF |
110 | (add-after 'install 'patch-sasl-path |
111 | ;; Give -L arguments for cyrus-sasl to avoid propagation. | |
112 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
113 | (let ((out (assoc-ref outputs "out")) | |
af0162bc MB |
114 | (krb5 (assoc-ref inputs "mit-krb5"))) ;propagated from cyrus-sasl |
115 | ||
116 | ;; The ancient Libtool bundled with OpenLDAP copies the linker flags | |
117 | ;; from Cyrus-SASL and embeds them into its own .la files. Add an | |
118 | ;; absolute reference to Kerberos so it does not have to be propagated. | |
4f493cba LF |
119 | (substitute* (map (lambda (f) (string-append out "/" f)) |
120 | '("lib/libldap.la" "lib/libldap_r.la")) | |
af0162bc MB |
121 | (("-lkrb5" lib) |
122 | (string-append "-L" krb5 "/lib " lib))) | |
4f493cba | 123 | #t)))))) |
d4bf49b1 | 124 | (synopsis "Implementation of the Lightweight Directory Access Protocol") |
2a75d4e6 AE |
125 | (description |
126 | "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") | |
127 | (license openldap2.8) | |
47415332 | 128 | (home-page "https://www.openldap.org/"))) |
b0415c03 | 129 | |
f224a8bb | 130 | (define openldap-2.4.50 |
0b258128 EF |
131 | (package |
132 | (inherit openldap) | |
f224a8bb LF |
133 | (version "2.4.50") |
134 | (source (origin | |
135 | (method url-fetch) | |
136 | (uri (string-append "https://www.openldap.org/software/download/" | |
137 | "OpenLDAP/openldap-release/openldap-" version | |
138 | ".tgz")) | |
139 | (sha256 | |
140 | (base32 | |
141 | "1f46nlfwmys110j36sifm7ah8m8f3s10c3vaiikmmigmifapvdaw")))))) | |
0b258128 | 142 | |
f8fe0e9d RW |
143 | (define-public nss-pam-ldapd |
144 | (package | |
145 | (name "nss-pam-ldapd") | |
4722330d | 146 | (version "0.9.11") |
f8fe0e9d RW |
147 | (source (origin |
148 | (method url-fetch) | |
149 | (uri (string-append "https://arthurdejong.org/nss-pam-ldapd/" | |
150 | "nss-pam-ldapd-" version ".tar.gz")) | |
151 | (sha256 | |
152 | (base32 | |
4722330d | 153 | "1dna3r0q6sjhhlkhcp8x2zkslrd4y7701kk6fl5r940sdph1pmyh")))) |
f8fe0e9d RW |
154 | (build-system gnu-build-system) |
155 | (arguments | |
156 | `(#:configure-flags | |
157 | (list (string-append "--with-pam-seclib-dir=" | |
158 | (assoc-ref %outputs "out") "/lib/security/") | |
289a8980 RW |
159 | ;; nslcd cannot be convinced to look at run-time for its |
160 | ;; configuration file at a location that differs from the | |
161 | ;; configured location. | |
162 | "--with-ldap-conf-file=/etc/nslcd.conf") | |
163 | #:phases | |
164 | (modify-phases %standard-phases | |
165 | ;; This is necessary because we tell nslcd with configure flags that | |
166 | ;; it should look for its configuration file at /etc/nslcd.conf. The | |
167 | ;; build system tries to install a default configuration to that very | |
168 | ;; location. | |
169 | (add-after 'unpack 'override-nslcd.conf-install-path | |
170 | (lambda* (#:key outputs #:allow-other-keys) | |
171 | (substitute* "Makefile.in" | |
172 | (("\\$\\(DESTDIR\\)\\$\\(NSLCD_CONF_PATH\\)") | |
173 | (string-append (assoc-ref outputs "out") | |
174 | "/etc/nslcd.conf.example"))) | |
175 | #t))))) | |
f8fe0e9d RW |
176 | (inputs |
177 | `(("linux-pam" ,linux-pam) | |
178 | ("openldap" ,openldap) | |
fadae857 | 179 | ("mit-krb5" ,mit-krb5) |
4722330d | 180 | ("python" ,python))) |
f8fe0e9d RW |
181 | (home-page "https://arthurdejong.org/nss-pam-ldapd") |
182 | (synopsis "NSS and PAM modules for LDAP") | |
183 | (description "nss-pam-ldapd provides a @dfn{Name Service Switch} (NSS) | |
184 | module that allows your LDAP server to provide user account, group, host name, | |
185 | alias, netgroup, and basically any other information that you would normally | |
186 | get from @file{/etc} flat files or NIS. It also provides a @dfn{Pluggable | |
187 | Authentication Module} (PAM) to do identity and authentication management with | |
188 | an LDAP server.") | |
189 | (license lgpl2.1+))) | |
8c0b8cce RW |
190 | |
191 | (define-public python-ldap | |
192 | (package | |
193 | (name "python-ldap") | |
194 | (version "3.1.0") | |
195 | (source | |
196 | (origin | |
197 | (method url-fetch) | |
198 | (uri (pypi-uri "python-ldap" version)) | |
199 | (sha256 | |
200 | (base32 | |
201 | "1i97nwfnraylyn0myxlf3vciicrf5h6fymrcff9c00k581wmx5s1")))) | |
202 | (build-system python-build-system) | |
203 | (arguments | |
204 | `(#:phases | |
205 | (modify-phases %standard-phases | |
206 | (add-after 'unpack 'configure-openldap-locations | |
207 | (lambda* (#:key inputs #:allow-other-keys) | |
208 | (let ((openldap (assoc-ref inputs "openldap"))) | |
209 | (setenv "SLAPD" | |
210 | (string-append openldap | |
211 | "/libexec/slapd")) | |
212 | (setenv "SCHEMA" | |
213 | (string-append openldap | |
214 | "/etc/openldap/schema/"))) | |
215 | #t))))) | |
216 | (inputs | |
217 | `(("openldap" ,openldap) | |
218 | ("cyrus-sasl" ,cyrus-sasl) | |
219 | ("mit-krb5" ,mit-krb5))) | |
220 | (propagated-inputs | |
221 | `(("python-pyasn1" ,python-pyasn1) | |
222 | ("python-pyasn1-modules" ,python-pyasn1-modules))) | |
223 | (home-page "https://www.python-ldap.org/") | |
224 | (synopsis "Python modules for implementing LDAP clients") | |
225 | (description | |
226 | "This package provides an object-oriented API to access LDAP directory | |
227 | servers from Python programs.") | |
228 | (license psfl))) | |
f51d8e4c RW |
229 | |
230 | (define-public 389-ds-base | |
231 | (package | |
232 | (name "389-ds-base") | |
cbc6a28b | 233 | (version "1.4.0.21") |
f51d8e4c RW |
234 | (source (origin |
235 | (method url-fetch) | |
236 | (uri (string-append "https://releases.pagure.org/389-ds-base/" | |
237 | "389-ds-base-" version ".tar.bz2")) | |
238 | (sha256 | |
239 | (base32 | |
cbc6a28b | 240 | "1qd1ap5d5nxyiq0d19czfwc3h7iwl9lmr5sy7d7xmpr2by59aysr")))) |
f51d8e4c RW |
241 | (build-system gnu-build-system) |
242 | (arguments | |
243 | `(#:modules ((srfi srfi-1) | |
244 | (guix build gnu-build-system) | |
9c2563a8 LC |
245 | ((guix build python-build-system) |
246 | #:select (python-version)) | |
f51d8e4c | 247 | (guix build utils)) |
9c2563a8 LC |
248 | #:imported-modules ((guix build python-build-system) |
249 | ,@%gnu-build-system-modules) | |
f51d8e4c RW |
250 | #:configure-flags |
251 | (list (string-append "--with-db=" | |
252 | (assoc-ref %build-inputs "bdb")) | |
253 | (string-append "--with-sasl=" | |
254 | (assoc-ref %build-inputs "cyrus-sasl")) | |
255 | (string-append "--with-netsnmp=" | |
256 | (assoc-ref %build-inputs "net-snmp")) | |
257 | (string-append "--with-pcre=" | |
258 | (assoc-ref %build-inputs "pcre")) | |
259 | (string-append "--with-selinux=" | |
260 | (assoc-ref %build-inputs "libselinux")) | |
7627bad6 | 261 | "--localstatedir=/var" |
af184b68 | 262 | "--with-instconfigdir=/etc/dirsrv" |
f51d8e4c RW |
263 | ;; The Perl scripts are being removed in the 1.4.0 release. |
264 | ;; Building them would require packaging of the outdated Mozilla | |
265 | ;; LDAP SDK (instead of OpenLDAP) and PerLDAP. | |
266 | "--disable-perl") | |
267 | #:phases | |
268 | (modify-phases %standard-phases | |
19a0a060 | 269 | (add-after 'unpack 'fix-references |
cbc6a28b RW |
270 | (lambda _ |
271 | (substitute* "include/ldaputil/certmap.h" | |
272 | (("nss3/cert.h") "nss/cert.h")) | |
19a0a060 RW |
273 | (substitute* "src/lib389/lib389/nss_ssl.py" |
274 | (("'/usr/bin/certutil'") | |
275 | (string-append "'" (which "certutil") "'")) | |
276 | (("'/usr/bin/c_rehash'") | |
277 | (string-append "'" (which "perl") "', '" (which "c_rehash") "'"))) | |
cbc6a28b | 278 | #t)) |
af184b68 RW |
279 | (add-after 'unpack 'overwrite-default-locations |
280 | (lambda* (#:key outputs #:allow-other-keys) | |
281 | (let ((out (assoc-ref outputs "out"))) | |
282 | (substitute* "src/lib389/lib389/paths.py" | |
283 | (("/usr/share/dirsrv/inf/defaults.inf") | |
284 | (string-append out "/share/dirsrv/inf/defaults.inf"))) | |
285 | ;; This directory can only be specified relative to sysconfdir. This | |
286 | ;; is used to determine where to look for installed directory | |
287 | ;; servers, so in the absence of a search path it needs to be global. | |
288 | (substitute* "ldap/admin/src/defaults.inf.in" | |
289 | (("^initconfig_dir =.*") | |
290 | "initconfig_dir = /etc/dirsrv/registry\n")) | |
291 | ;; This is used to determine where to write certificate files | |
292 | ;; when installing new directory server instances. | |
293 | (substitute* '("src/lib389/lib389/instance/setup.py" | |
294 | "src/lib389/lib389/instance/remove.py") | |
295 | (("etc_dirsrv_path = .*") | |
296 | "etc_dirsrv_path = '/etc/dirsrv/'\n")) | |
297 | #t))) | |
f51d8e4c RW |
298 | (add-after 'unpack 'fix-install-location-of-python-tools |
299 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
300 | (let* ((out (assoc-ref outputs "out")) | |
f51d8e4c RW |
301 | (pythondir (string-append |
302 | out "/lib/python" | |
9c2563a8 | 303 | (python-version (assoc-ref inputs "python")) |
f51d8e4c RW |
304 | "/site-packages/"))) |
305 | ;; Install directory must be on PYTHONPATH. | |
306 | (setenv "PYTHONPATH" | |
307 | (string-append (getenv "PYTHONPATH") | |
308 | ":" pythondir)) | |
309 | ;; Install directory must exist. | |
310 | (mkdir-p pythondir) | |
311 | (substitute* "src/lib389/setup.py" | |
312 | (("/usr") out)) | |
313 | (substitute* "Makefile.am" | |
314 | (("setup.py install --skip-build" m) | |
315 | (string-append m " --prefix=" out | |
316 | " --root=/ --single-version-externally-managed")))) | |
317 | #t)) | |
318 | (add-after 'build 'build-python-tools | |
319 | (lambda* (#:key make-flags #:allow-other-keys) | |
320 | ;; Set DETERMINISTIC_BUILD to override the embedded mtime in pyc | |
321 | ;; files. | |
322 | (setenv "DETERMINISTIC_BUILD" "1") | |
323 | ;; Use deterministic hashes for strings, bytes, and datetime | |
324 | ;; objects. | |
325 | (setenv "PYTHONHASHSEED" "0") | |
326 | (apply invoke "make" "lib389" make-flags) | |
327 | #t)) | |
328 | (add-after 'install 'install-python-tools | |
329 | (lambda* (#:key make-flags #:allow-other-keys) | |
330 | (apply invoke "make" "lib389-install" make-flags) | |
331 | #t)) | |
332 | (add-after 'install-python-tools 'wrap-python-tools | |
333 | (lambda* (#:key outputs #:allow-other-keys) | |
334 | (let* ((out (assoc-ref outputs "out")) | |
335 | (path (getenv "PYTHONPATH"))) | |
336 | (for-each (lambda (file) | |
337 | (wrap-program (string-append out file) | |
338 | `("PYTHONPATH" ":" prefix (,path)))) | |
339 | '("/sbin/dsconf" | |
340 | "/sbin/dscreate" | |
341 | "/sbin/dsctl" | |
342 | "/sbin/dsidm" | |
343 | "/bin/ds-logpipe.py" | |
344 | "/bin/ds-replcheck" | |
345 | "/bin/readnsstate"))) | |
346 | #t))))) | |
347 | (inputs | |
348 | `(("bdb" ,bdb) | |
cbc6a28b | 349 | ("cracklib" ,cracklib) |
f51d8e4c RW |
350 | ("cyrus-sasl" ,cyrus-sasl) |
351 | ("gnutls" ,gnutls) | |
352 | ("httpd" ,httpd) | |
353 | ("icu4c" ,icu4c) | |
354 | ("libevent" ,libevent) | |
355 | ("libselinux" ,libselinux) | |
356 | ("linux-pam" ,linux-pam) | |
357 | ("mit-krb5" ,mit-krb5) | |
358 | ("net-snmp" ,net-snmp) | |
359 | ("nspr" ,nspr) | |
360 | ("nss" ,nss) | |
19a0a060 | 361 | ("nss:bin" ,nss "bin") ; for certutil |
f51d8e4c | 362 | ("openldap" ,openldap) |
6d7ca74b | 363 | ("openssl" ,openssl) ; #included by net-snmp |
f51d8e4c RW |
364 | ("pcre" ,pcre) |
365 | ("perl" ,perl) | |
366 | ("python" ,python) | |
367 | ("python-pyasn1" ,python-pyasn1) | |
368 | ("python-pyasn1-modules" ,python-pyasn1-modules) | |
369 | ("python-pytest" ,python-pytest) | |
370 | ("python-dateutil" ,python-dateutil) | |
371 | ("python-six" ,python-six) | |
372 | ("python-argcomplete" ,python-argcomplete) | |
373 | ("python-argparse-manpage" ,python-argparse-manpage) | |
374 | ("python-ldap" ,python-ldap))) | |
375 | (native-inputs | |
376 | `(("autoconf" ,autoconf) | |
377 | ("automake" ,automake) | |
378 | ("doxygen" ,doxygen) | |
379 | ("gettext" ,gettext-minimal) | |
380 | ("libtool" ,libtool) | |
381 | ("rsync" ,rsync) | |
382 | ("pkg-config" ,pkg-config))) | |
383 | (home-page "https://directory.fedoraproject.org") | |
384 | (synopsis "Enterprise-class LDAP server") | |
385 | (description "389ds is an enterprise-class LDAP server. It is hardened by | |
386 | real-world use, is full-featured, and supports multi-master replication. | |
387 | ||
388 | Other features include: | |
389 | ||
390 | @enumerate | |
391 | @item Online, zero downtime, LDAP-based update of schema, configuration, and | |
392 | management including @dfn{Access Control Information} (ACIs); | |
393 | @item Asynchronous Multi-Master Replication, to provide fault tolerance and | |
394 | high write performance; | |
395 | @item Extensive documentation; | |
396 | @item Secure authentication and transport (TLS, and SASL); | |
397 | @item LDAPv3 compliant server. | |
398 | @end enumerate\n") | |
399 | ;; GPLv3+ with OpenSSL linking exception. | |
400 | (license gpl3+))) | |
e5d71802 LDB |
401 | |
402 | (define-public python-bonsai | |
403 | (package | |
404 | (name "python-bonsai") | |
405 | (version "1.2.0") | |
406 | (source | |
407 | (origin | |
408 | (method url-fetch) | |
409 | (uri (pypi-uri "bonsai" version)) | |
410 | (sha256 | |
411 | (base32 | |
412 | "013bl6h1m3f7vg1lk89d4vi28wbf31zdcs4f9g8css7ngx63v6px")))) | |
413 | (build-system python-build-system) | |
414 | (inputs | |
415 | `(("mit-krb5" ,mit-krb5) | |
416 | ("cyrus-sasl" ,cyrus-sasl) | |
417 | ("openldap" ,openldap))) | |
418 | ;; disabling tests, since they require docker and extensive setup | |
419 | (arguments `(#:tests? #f)) | |
420 | (home-page "https://github.com/noirello/bonsai") | |
421 | (synopsis "Access LDAP directory servers from Python") | |
422 | (description | |
423 | "This is a module for handling LDAP operations in Python. LDAP entries | |
424 | are mapped to a special Python case-insensitive dictionary, tracking the | |
425 | changes of the dictionary to modify the entry on the server easily.") | |
426 | (license expat))) | |
427 |