Commit | Line | Data |
---|---|---|
2a75d4e6 | 1 | ;;; GNU Guix --- Functional package management for GNU |
3246cc91 | 2 | ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> |
2a75d4e6 | 3 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> |
80c13759 | 4 | ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> |
ab36fb17 | 5 | ;;; Copyright © 2017, 2018 Ricardo Wurmus <rekado@elephly.net> |
590594a1 | 6 | ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> |
2a75d4e6 AE |
7 | ;;; |
8 | ;;; This file is part of GNU Guix. | |
9 | ;;; | |
10 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
11 | ;;; under the terms of the GNU General Public License as published by | |
12 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
13 | ;;; your option) any later version. | |
14 | ;;; | |
15 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
16 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ;;; GNU General Public License for more details. | |
19 | ;;; | |
20 | ;;; You should have received a copy of the GNU General Public License | |
21 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
22 | ||
23 | (define-module (gnu packages openldap) | |
24 | #:use-module (gnu packages autotools) | |
f51d8e4c | 25 | #:use-module (gnu packages check) |
2a75d4e6 AE |
26 | #:use-module (gnu packages compression) |
27 | #:use-module (gnu packages cyrus-sasl) | |
8c0b8cce | 28 | #:use-module (gnu packages databases) |
f51d8e4c RW |
29 | #:use-module (gnu packages documentation) |
30 | #:use-module (gnu packages gettext) | |
2a75d4e6 | 31 | #:use-module (gnu packages gnupg) |
f51d8e4c | 32 | #:use-module (gnu packages gnuzilla) |
2a75d4e6 AE |
33 | #:use-module (gnu packages groff) |
34 | #:use-module (gnu packages icu4c) | |
fadae857 | 35 | #:use-module (gnu packages kerberos) |
f51d8e4c | 36 | #:use-module (gnu packages libevent) |
f8fe0e9d | 37 | #:use-module (gnu packages linux) |
f51d8e4c RW |
38 | #:use-module (gnu packages networking) |
39 | #:use-module (gnu packages pcre) | |
40 | #:use-module (gnu packages perl) | |
41 | #:use-module (gnu packages pkg-config) | |
f8fe0e9d | 42 | #:use-module (gnu packages python) |
f51d8e4c RW |
43 | #:use-module (gnu packages rsync) |
44 | #:use-module (gnu packages selinux) | |
45 | #:use-module (gnu packages time) | |
cc2b77df | 46 | #:use-module (gnu packages tls) |
f51d8e4c | 47 | #:use-module (gnu packages web) |
b0415c03 | 48 | #:use-module (gnu packages) |
f51d8e4c | 49 | #:use-module ((guix licenses) #:select (openldap2.8 lgpl2.1+ gpl3+ psfl)) |
2a75d4e6 AE |
50 | #:use-module (guix packages) |
51 | #:use-module (guix download) | |
8c0b8cce RW |
52 | #:use-module (guix build-system gnu) |
53 | #:use-module (guix build-system python)) | |
2a75d4e6 AE |
54 | |
55 | (define-public openldap | |
56 | (package | |
57 | (name "openldap") | |
590594a1 | 58 | (version "2.4.46") |
2a75d4e6 AE |
59 | (source (origin |
60 | (method url-fetch) | |
969ee403 LC |
61 | |
62 | ;; See <http://www.openldap.org/software/download/> for a list of | |
63 | ;; mirrors. | |
64 | (uri (list (string-append | |
65 | "ftp://mirror.switch.ch/mirror/OpenLDAP/" | |
66 | "openldap-release/openldap-" version ".tgz") | |
67 | (string-append | |
47415332 | 68 | "https://www.openldap.org/software/download/OpenLDAP/" |
969ee403 LC |
69 | "openldap-release/openldap-" version ".tgz") |
70 | (string-append | |
71 | "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/" | |
72 | "openldap-release/openldap-" version ".tgz"))) | |
73 | (sha256 | |
74 | (base32 | |
590594a1 | 75 | "0bab1km8f2nan1x0zgwliknbxg0zlf2pafxrr867kblrdfwdr44s")))) |
2a75d4e6 | 76 | (build-system gnu-build-system) |
a0adbb04 | 77 | (inputs `(("bdb" ,bdb-5.3) |
2a75d4e6 | 78 | ("cyrus-sasl" ,cyrus-sasl) |
217f3fdf | 79 | ("gnutls" ,gnutls) |
2a75d4e6 AE |
80 | ("groff" ,groff) |
81 | ("icu4c" ,icu4c) | |
82 | ("libgcrypt" ,libgcrypt) | |
2a75d4e6 | 83 | ("zlib" ,zlib))) |
3246cc91 | 84 | (native-inputs `(("libtool" ,libtool))) |
2a75d4e6 | 85 | (arguments |
c3f97617 | 86 | `(#:tests? #f |
2a75d4e6 | 87 | #:phases |
c9dba6c1 LF |
88 | (modify-phases %standard-phases |
89 | (add-after 'configure 'provide-libtool | |
90 | (lambda _ (copy-file (which "libtool") "libtool") | |
4f493cba LF |
91 | #t)) |
92 | (add-after 'install 'patch-sasl-path | |
93 | ;; Give -L arguments for cyrus-sasl to avoid propagation. | |
94 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
95 | (let ((out (assoc-ref outputs "out")) | |
96 | (sasl (assoc-ref inputs "cyrus-sasl"))) | |
97 | (substitute* (map (lambda (f) (string-append out "/" f)) | |
98 | '("lib/libldap.la" "lib/libldap_r.la")) | |
99 | (("-lsasl2" lib) | |
100 | (string-append "-L" sasl "/lib " lib))) | |
101 | #t)))))) | |
d4bf49b1 | 102 | (synopsis "Implementation of the Lightweight Directory Access Protocol") |
2a75d4e6 AE |
103 | (description |
104 | "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") | |
105 | (license openldap2.8) | |
47415332 | 106 | (home-page "https://www.openldap.org/"))) |
b0415c03 | 107 | |
f8fe0e9d RW |
108 | (define-public nss-pam-ldapd |
109 | (package | |
110 | (name "nss-pam-ldapd") | |
ca1dc4c7 | 111 | (version "0.9.10") |
f8fe0e9d RW |
112 | (source (origin |
113 | (method url-fetch) | |
114 | (uri (string-append "https://arthurdejong.org/nss-pam-ldapd/" | |
115 | "nss-pam-ldapd-" version ".tar.gz")) | |
116 | (sha256 | |
117 | (base32 | |
ca1dc4c7 | 118 | "1cqamcr6qpgwxijlr6kg7jspjamjra8w0haan0qssn0yxn95d7c0")))) |
f8fe0e9d RW |
119 | (build-system gnu-build-system) |
120 | (arguments | |
121 | `(#:configure-flags | |
122 | (list (string-append "--with-pam-seclib-dir=" | |
123 | (assoc-ref %outputs "out") "/lib/security/") | |
289a8980 RW |
124 | ;; nslcd cannot be convinced to look at run-time for its |
125 | ;; configuration file at a location that differs from the | |
126 | ;; configured location. | |
127 | "--with-ldap-conf-file=/etc/nslcd.conf") | |
128 | #:phases | |
129 | (modify-phases %standard-phases | |
130 | ;; This is necessary because we tell nslcd with configure flags that | |
131 | ;; it should look for its configuration file at /etc/nslcd.conf. The | |
132 | ;; build system tries to install a default configuration to that very | |
133 | ;; location. | |
134 | (add-after 'unpack 'override-nslcd.conf-install-path | |
135 | (lambda* (#:key outputs #:allow-other-keys) | |
136 | (substitute* "Makefile.in" | |
137 | (("\\$\\(DESTDIR\\)\\$\\(NSLCD_CONF_PATH\\)") | |
138 | (string-append (assoc-ref outputs "out") | |
139 | "/etc/nslcd.conf.example"))) | |
140 | #t))))) | |
f8fe0e9d RW |
141 | (inputs |
142 | `(("linux-pam" ,linux-pam) | |
143 | ("openldap" ,openldap) | |
fadae857 | 144 | ("mit-krb5" ,mit-krb5) |
f8fe0e9d RW |
145 | ("python" ,python-2))) |
146 | (home-page "https://arthurdejong.org/nss-pam-ldapd") | |
147 | (synopsis "NSS and PAM modules for LDAP") | |
148 | (description "nss-pam-ldapd provides a @dfn{Name Service Switch} (NSS) | |
149 | module that allows your LDAP server to provide user account, group, host name, | |
150 | alias, netgroup, and basically any other information that you would normally | |
151 | get from @file{/etc} flat files or NIS. It also provides a @dfn{Pluggable | |
152 | Authentication Module} (PAM) to do identity and authentication management with | |
153 | an LDAP server.") | |
154 | (license lgpl2.1+))) | |
8c0b8cce RW |
155 | |
156 | (define-public python-ldap | |
157 | (package | |
158 | (name "python-ldap") | |
159 | (version "3.1.0") | |
160 | (source | |
161 | (origin | |
162 | (method url-fetch) | |
163 | (uri (pypi-uri "python-ldap" version)) | |
164 | (sha256 | |
165 | (base32 | |
166 | "1i97nwfnraylyn0myxlf3vciicrf5h6fymrcff9c00k581wmx5s1")))) | |
167 | (build-system python-build-system) | |
168 | (arguments | |
169 | `(#:phases | |
170 | (modify-phases %standard-phases | |
171 | (add-after 'unpack 'configure-openldap-locations | |
172 | (lambda* (#:key inputs #:allow-other-keys) | |
173 | (let ((openldap (assoc-ref inputs "openldap"))) | |
174 | (setenv "SLAPD" | |
175 | (string-append openldap | |
176 | "/libexec/slapd")) | |
177 | (setenv "SCHEMA" | |
178 | (string-append openldap | |
179 | "/etc/openldap/schema/"))) | |
180 | #t))))) | |
181 | (inputs | |
182 | `(("openldap" ,openldap) | |
183 | ("cyrus-sasl" ,cyrus-sasl) | |
184 | ("mit-krb5" ,mit-krb5))) | |
185 | (propagated-inputs | |
186 | `(("python-pyasn1" ,python-pyasn1) | |
187 | ("python-pyasn1-modules" ,python-pyasn1-modules))) | |
188 | (home-page "https://www.python-ldap.org/") | |
189 | (synopsis "Python modules for implementing LDAP clients") | |
190 | (description | |
191 | "This package provides an object-oriented API to access LDAP directory | |
192 | servers from Python programs.") | |
193 | (license psfl))) | |
f51d8e4c RW |
194 | |
195 | (define-public 389-ds-base | |
196 | (package | |
197 | (name "389-ds-base") | |
198 | (version "1.4.0.13") | |
199 | (source (origin | |
200 | (method url-fetch) | |
201 | (uri (string-append "https://releases.pagure.org/389-ds-base/" | |
202 | "389-ds-base-" version ".tar.bz2")) | |
203 | (sha256 | |
204 | (base32 | |
205 | "01dm3zq3w5ami9pwcjbjz8wfbx9krjxybjrgc4wyhrxlzd90ylzj")))) | |
206 | (build-system gnu-build-system) | |
207 | (arguments | |
208 | `(#:modules ((srfi srfi-1) | |
209 | (guix build gnu-build-system) | |
210 | (guix build utils)) | |
211 | #:configure-flags | |
212 | (list (string-append "--with-db=" | |
213 | (assoc-ref %build-inputs "bdb")) | |
214 | (string-append "--with-sasl=" | |
215 | (assoc-ref %build-inputs "cyrus-sasl")) | |
216 | (string-append "--with-netsnmp=" | |
217 | (assoc-ref %build-inputs "net-snmp")) | |
218 | (string-append "--with-pcre=" | |
219 | (assoc-ref %build-inputs "pcre")) | |
220 | (string-append "--with-selinux=" | |
221 | (assoc-ref %build-inputs "libselinux")) | |
222 | ;; The Perl scripts are being removed in the 1.4.0 release. | |
223 | ;; Building them would require packaging of the outdated Mozilla | |
224 | ;; LDAP SDK (instead of OpenLDAP) and PerLDAP. | |
225 | "--disable-perl") | |
226 | #:phases | |
227 | (modify-phases %standard-phases | |
228 | (add-after 'unpack 'fix-install-location-of-python-tools | |
229 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
230 | (let* ((out (assoc-ref outputs "out")) | |
231 | (get-python-version | |
232 | ;; FIXME: copied from python-build-system | |
233 | (lambda (python) | |
234 | (let* ((version (last (string-split python #\-))) | |
235 | (components (string-split version #\.)) | |
236 | (major+minor (take components 2))) | |
237 | (string-join major+minor ".")))) | |
238 | (pythondir (string-append | |
239 | out "/lib/python" | |
240 | (get-python-version (assoc-ref inputs "python")) | |
241 | "/site-packages/"))) | |
242 | ;; Install directory must be on PYTHONPATH. | |
243 | (setenv "PYTHONPATH" | |
244 | (string-append (getenv "PYTHONPATH") | |
245 | ":" pythondir)) | |
246 | ;; Install directory must exist. | |
247 | (mkdir-p pythondir) | |
248 | (substitute* "src/lib389/setup.py" | |
249 | (("/usr") out)) | |
250 | (substitute* "Makefile.am" | |
251 | (("setup.py install --skip-build" m) | |
252 | (string-append m " --prefix=" out | |
253 | " --root=/ --single-version-externally-managed")))) | |
254 | #t)) | |
255 | (add-after 'build 'build-python-tools | |
256 | (lambda* (#:key make-flags #:allow-other-keys) | |
257 | ;; Set DETERMINISTIC_BUILD to override the embedded mtime in pyc | |
258 | ;; files. | |
259 | (setenv "DETERMINISTIC_BUILD" "1") | |
260 | ;; Use deterministic hashes for strings, bytes, and datetime | |
261 | ;; objects. | |
262 | (setenv "PYTHONHASHSEED" "0") | |
263 | (apply invoke "make" "lib389" make-flags) | |
264 | #t)) | |
265 | (add-after 'install 'install-python-tools | |
266 | (lambda* (#:key make-flags #:allow-other-keys) | |
267 | (apply invoke "make" "lib389-install" make-flags) | |
268 | #t)) | |
269 | (add-after 'install-python-tools 'wrap-python-tools | |
270 | (lambda* (#:key outputs #:allow-other-keys) | |
271 | (let* ((out (assoc-ref outputs "out")) | |
272 | (path (getenv "PYTHONPATH"))) | |
273 | (for-each (lambda (file) | |
274 | (wrap-program (string-append out file) | |
275 | `("PYTHONPATH" ":" prefix (,path)))) | |
276 | '("/sbin/dsconf" | |
277 | "/sbin/dscreate" | |
278 | "/sbin/dsctl" | |
279 | "/sbin/dsidm" | |
280 | "/bin/ds-logpipe.py" | |
281 | "/bin/ds-replcheck" | |
282 | "/bin/readnsstate"))) | |
283 | #t))))) | |
284 | (inputs | |
285 | `(("bdb" ,bdb) | |
286 | ("cyrus-sasl" ,cyrus-sasl) | |
287 | ("gnutls" ,gnutls) | |
288 | ("httpd" ,httpd) | |
289 | ("icu4c" ,icu4c) | |
290 | ("libevent" ,libevent) | |
291 | ("libselinux" ,libselinux) | |
292 | ("linux-pam" ,linux-pam) | |
293 | ("mit-krb5" ,mit-krb5) | |
294 | ("net-snmp" ,net-snmp) | |
295 | ("nspr" ,nspr) | |
296 | ("nss" ,nss) | |
297 | ("openldap" ,openldap) | |
298 | ("pcre" ,pcre) | |
299 | ("perl" ,perl) | |
300 | ("python" ,python) | |
301 | ("python-pyasn1" ,python-pyasn1) | |
302 | ("python-pyasn1-modules" ,python-pyasn1-modules) | |
303 | ("python-pytest" ,python-pytest) | |
304 | ("python-dateutil" ,python-dateutil) | |
305 | ("python-six" ,python-six) | |
306 | ("python-argcomplete" ,python-argcomplete) | |
307 | ("python-argparse-manpage" ,python-argparse-manpage) | |
308 | ("python-ldap" ,python-ldap))) | |
309 | (native-inputs | |
310 | `(("autoconf" ,autoconf) | |
311 | ("automake" ,automake) | |
312 | ("doxygen" ,doxygen) | |
313 | ("gettext" ,gettext-minimal) | |
314 | ("libtool" ,libtool) | |
315 | ("rsync" ,rsync) | |
316 | ("pkg-config" ,pkg-config))) | |
317 | (home-page "https://directory.fedoraproject.org") | |
318 | (synopsis "Enterprise-class LDAP server") | |
319 | (description "389ds is an enterprise-class LDAP server. It is hardened by | |
320 | real-world use, is full-featured, and supports multi-master replication. | |
321 | ||
322 | Other features include: | |
323 | ||
324 | @enumerate | |
325 | @item Online, zero downtime, LDAP-based update of schema, configuration, and | |
326 | management including @dfn{Access Control Information} (ACIs); | |
327 | @item Asynchronous Multi-Master Replication, to provide fault tolerance and | |
328 | high write performance; | |
329 | @item Extensive documentation; | |
330 | @item Secure authentication and transport (TLS, and SASL); | |
331 | @item LDAPv3 compliant server. | |
332 | @end enumerate\n") | |
333 | ;; GPLv3+ with OpenSSL linking exception. | |
334 | (license gpl3+))) |