[jackhill/guix/guix.git] / gnu / packages / openldap.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages openldap)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages check)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages cyrus-sasl)
  #:use-module (gnu packages databases)
  #:use-module (gnu packages documentation)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages gnuzilla)
  #:use-module (gnu packages groff)
  #:use-module (gnu packages icu4c)
  #:use-module (gnu packages kerberos)
  #:use-module (gnu packages libevent)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages networking)
  #:use-module (gnu packages pcre)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages python)
  #:use-module (gnu packages rsync)
  #:use-module (gnu packages selinux)
  #:use-module (gnu packages time)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages web)
  #:use-module (gnu packages)
  #:use-module ((guix licenses) #:select (openldap2.8 lgpl2.1+ gpl3+ psfl))
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system python))

(define-public openldap
  (package
   (name "openldap")
   (version "2.4.46")
   (source (origin
            (method url-fetch)

            ;; See <http://www.openldap.org/software/download/> for a list of
            ;; mirrors.
            (uri (list (string-append
                        "ftp://mirror.switch.ch/mirror/OpenLDAP/"
                        "openldap-release/openldap-" version ".tgz")
                       (string-append
                        "https://www.openldap.org/software/download/OpenLDAP/"
                        "openldap-release/openldap-" version ".tgz")
                       (string-append
                        "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
                        "openldap-release/openldap-" version ".tgz")))
            (sha256
             (base32
              "0bab1km8f2nan1x0zgwliknbxg0zlf2pafxrr867kblrdfwdr44s"))))
   (build-system gnu-build-system)
   (inputs `(("bdb" ,bdb-5.3)
             ("cyrus-sasl" ,cyrus-sasl)
             ("gnutls" ,gnutls)
             ("groff" ,groff)
             ("icu4c" ,icu4c)
             ("libgcrypt" ,libgcrypt)
             ("zlib" ,zlib)))
   (native-inputs `(("libtool" ,libtool)))
   (arguments
    `(#:tests? #f
      #:phases
      (modify-phases %standard-phases
        (add-after 'configure 'provide-libtool
          (lambda _ (copy-file (which "libtool") "libtool")
            #t))
        (add-after 'install 'patch-sasl-path
          ;; Give -L arguments for cyrus-sasl to avoid propagation.
          (lambda* (#:key inputs outputs #:allow-other-keys)
            (let ((out (assoc-ref outputs "out"))
                  (sasl (assoc-ref inputs "cyrus-sasl")))
              (substitute* (map (lambda (f) (string-append out "/" f))
                                '("lib/libldap.la" "lib/libldap_r.la"))
                (("-lsasl2" lib)
                 (string-append "-L" sasl "/lib " lib)))
              #t))))))
   (synopsis "Implementation of the Lightweight Directory Access Protocol")
   (description
    "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
   (license openldap2.8)
   (home-page "https://www.openldap.org/")))

(define-public nss-pam-ldapd
  (package
    (name "nss-pam-ldapd")
    (version "0.9.10")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://arthurdejong.org/nss-pam-ldapd/"
                                  "nss-pam-ldapd-" version ".tar.gz"))
              (sha256
               (base32
                "1cqamcr6qpgwxijlr6kg7jspjamjra8w0haan0qssn0yxn95d7c0"))))
    (build-system gnu-build-system)
    (arguments
     `(#:configure-flags
       (list (string-append "--with-pam-seclib-dir="
                            (assoc-ref %outputs "out") "/lib/security/")
             ;; nslcd cannot be convinced to look at run-time for its
             ;; configuration file at a location that differs from the
             ;; configured location.
             "--with-ldap-conf-file=/etc/nslcd.conf")
       #:phases
       (modify-phases %standard-phases
         ;; This is necessary because we tell nslcd with configure flags that
         ;; it should look for its configuration file at /etc/nslcd.conf.  The
         ;; build system tries to install a default configuration to that very
         ;; location.
         (add-after 'unpack 'override-nslcd.conf-install-path
           (lambda* (#:key outputs #:allow-other-keys)
             (substitute* "Makefile.in"
               (("\\$\\(DESTDIR\\)\\$\\(NSLCD_CONF_PATH\\)")
                (string-append (assoc-ref outputs "out")
                               "/etc/nslcd.conf.example")))
             #t)))))
    (inputs
     `(("linux-pam" ,linux-pam)
       ("openldap" ,openldap)
       ("mit-krb5" ,mit-krb5)
       ("python" ,python-2)))
    (home-page "https://arthurdejong.org/nss-pam-ldapd")
    (synopsis "NSS and PAM modules for LDAP")
    (description "nss-pam-ldapd provides a @dfn{Name Service Switch} (NSS)
module that allows your LDAP server to provide user account, group, host name,
alias, netgroup, and basically any other information that you would normally
get from @file{/etc} flat files or NIS.  It also provides a @dfn{Pluggable
Authentication Module} (PAM) to do identity and authentication management with
an LDAP server.")
    (license lgpl2.1+)))

(define-public python-ldap
  (package
    (name "python-ldap")
    (version "3.1.0")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri "python-ldap" version))
       (sha256
        (base32
         "1i97nwfnraylyn0myxlf3vciicrf5h6fymrcff9c00k581wmx5s1"))))
    (build-system python-build-system)
    (arguments
     `(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'configure-openldap-locations
           (lambda* (#:key inputs #:allow-other-keys)
             (let ((openldap (assoc-ref inputs "openldap")))
               (setenv "SLAPD"
                       (string-append openldap
                                      "/libexec/slapd"))
               (setenv "SCHEMA"
                       (string-append openldap
                                      "/etc/openldap/schema/")))
             #t)))))
    (inputs
     `(("openldap" ,openldap)
       ("cyrus-sasl" ,cyrus-sasl)
       ("mit-krb5" ,mit-krb5)))
    (propagated-inputs
     `(("python-pyasn1" ,python-pyasn1)
       ("python-pyasn1-modules" ,python-pyasn1-modules)))
    (home-page "https://www.python-ldap.org/")
    (synopsis "Python modules for implementing LDAP clients")
    (description
     "This package provides an object-oriented API to access LDAP directory
servers from Python programs.")
    (license psfl)))

(define-public 389-ds-base
  (package
    (name "389-ds-base")
    (version "1.4.0.13")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://releases.pagure.org/389-ds-base/"
                                  "389-ds-base-" version ".tar.bz2"))
              (sha256
               (base32
                "01dm3zq3w5ami9pwcjbjz8wfbx9krjxybjrgc4wyhrxlzd90ylzj"))))
    (build-system gnu-build-system)
    (arguments
     `(#:modules ((srfi srfi-1)
                  (guix build gnu-build-system)
                  (guix build utils))
       #:configure-flags
       (list (string-append "--with-db="
                            (assoc-ref %build-inputs "bdb"))
             (string-append "--with-sasl="
                            (assoc-ref %build-inputs "cyrus-sasl"))
             (string-append "--with-netsnmp="
                            (assoc-ref %build-inputs "net-snmp"))
             (string-append "--with-pcre="
                            (assoc-ref %build-inputs "pcre"))
             (string-append "--with-selinux="
                            (assoc-ref %build-inputs "libselinux"))
             ;; The Perl scripts are being removed in the 1.4.0 release.
             ;; Building them would require packaging of the outdated Mozilla
             ;; LDAP SDK (instead of OpenLDAP) and PerLDAP.
             "--disable-perl")
       #:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'fix-install-location-of-python-tools
           (lambda* (#:key inputs outputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
                    (get-python-version
                     ;; FIXME: copied from python-build-system
                     (lambda (python)
                       (let* ((version     (last (string-split python #\-)))
                              (components  (string-split version #\.))
                              (major+minor (take components 2)))
                         (string-join major+minor "."))))
                    (pythondir (string-append
                                out "/lib/python"
                                (get-python-version (assoc-ref inputs "python"))
                                "/site-packages/")))
               ;; Install directory must be on PYTHONPATH.
               (setenv "PYTHONPATH"
                       (string-append (getenv "PYTHONPATH")
                                      ":" pythondir))
               ;; Install directory must exist.
               (mkdir-p pythondir)
               (substitute* "src/lib389/setup.py"
                 (("/usr") out))
               (substitute* "Makefile.am"
                 (("setup.py install --skip-build" m)
                  (string-append m " --prefix=" out
                                 " --root=/ --single-version-externally-managed"))))
             #t))
         (add-after 'build 'build-python-tools
           (lambda* (#:key make-flags #:allow-other-keys)
             ;; Set DETERMINISTIC_BUILD to override the embedded mtime in pyc
             ;; files.
             (setenv "DETERMINISTIC_BUILD" "1")
             ;; Use deterministic hashes for strings, bytes, and datetime
             ;; objects.
             (setenv "PYTHONHASHSEED" "0")
             (apply invoke "make" "lib389" make-flags)
             #t))
         (add-after 'install 'install-python-tools
           (lambda* (#:key make-flags #:allow-other-keys)
             (apply invoke "make" "lib389-install" make-flags)
             #t))
         (add-after 'install-python-tools 'wrap-python-tools
           (lambda* (#:key outputs #:allow-other-keys)
             (let* ((out  (assoc-ref outputs "out"))
                    (path (getenv "PYTHONPATH")))
               (for-each (lambda (file)
                           (wrap-program (string-append out file)
                             `("PYTHONPATH" ":" prefix (,path))))
                         '("/sbin/dsconf"
                           "/sbin/dscreate"
                           "/sbin/dsctl"
                           "/sbin/dsidm"
                           "/bin/ds-logpipe.py"
                           "/bin/ds-replcheck"
                           "/bin/readnsstate")))
             #t)))))
    (inputs
     `(("bdb" ,bdb)
       ("cyrus-sasl" ,cyrus-sasl)
       ("gnutls" ,gnutls)
       ("httpd" ,httpd)
       ("icu4c" ,icu4c)
       ("libevent" ,libevent)
       ("libselinux" ,libselinux)
       ("linux-pam" ,linux-pam)
       ("mit-krb5" ,mit-krb5)
       ("net-snmp" ,net-snmp)
       ("nspr" ,nspr)
       ("nss" ,nss)
       ("openldap" ,openldap)
       ("pcre" ,pcre)
       ("perl" ,perl)
       ("python" ,python)
       ("python-pyasn1" ,python-pyasn1)
       ("python-pyasn1-modules" ,python-pyasn1-modules)
       ("python-pytest" ,python-pytest)
       ("python-dateutil" ,python-dateutil)
       ("python-six" ,python-six)
       ("python-argcomplete" ,python-argcomplete)
       ("python-argparse-manpage" ,python-argparse-manpage)
       ("python-ldap" ,python-ldap)))
    (native-inputs
     `(("autoconf" ,autoconf)
       ("automake" ,automake)
       ("doxygen" ,doxygen)
       ("gettext" ,gettext-minimal)
       ("libtool" ,libtool)
       ("rsync" ,rsync)
       ("pkg-config" ,pkg-config)))
    (home-page "https://directory.fedoraproject.org")
    (synopsis "Enterprise-class LDAP server")
    (description "389ds is an enterprise-class LDAP server.  It is hardened by
real-world use, is full-featured, and supports multi-master replication.

Other features include:

@enumerate
@item Online, zero downtime, LDAP-based update of schema, configuration, and
  management including @dfn{Access Control Information} (ACIs);
@item Asynchronous Multi-Master Replication, to provide fault tolerance and
  high write performance;
@item Extensive documentation;
@item Secure authentication and transport (TLS, and SASL);
@item LDAPv3 compliant server.
@end enumerate\n")
    ;; GPLv3+ with OpenSSL linking exception.
    (license gpl3+)))
Commit	Line	Data
2a75d4e6	1	;;; GNU Guix --- Functional package management for GNU
3246cc91	2	;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
2a75d4e6	3	;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
80c13759	4	;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
ab36fb17	5	;;; Copyright © 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
590594a1	6	;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
2a75d4e6 AE	7	;;;
	8	;;; This file is part of GNU Guix.
	9	;;;
	10	;;; GNU Guix is free software; you can redistribute it and/or modify it
	11	;;; under the terms of the GNU General Public License as published by
	12	;;; the Free Software Foundation; either version 3 of the License, or (at
	13	;;; your option) any later version.
	14	;;;
	15	;;; GNU Guix is distributed in the hope that it will be useful, but
	16	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	17	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	;;; GNU General Public License for more details.
	19	;;;
	20	;;; You should have received a copy of the GNU General Public License
	21	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	22
	23	(define-module (gnu packages openldap)
	24	#:use-module (gnu packages autotools)
f51d8e4c	25	#:use-module (gnu packages check)
2a75d4e6 AE	26	#:use-module (gnu packages compression)
2a75d4e6 AE	27	#:use-module (gnu packages cyrus-sasl)
8c0b8cce	28	#:use-module (gnu packages databases)
f51d8e4c RW	29	#:use-module (gnu packages documentation)
f51d8e4c RW	30	#:use-module (gnu packages gettext)
2a75d4e6	31	#:use-module (gnu packages gnupg)
f51d8e4c	32	#:use-module (gnu packages gnuzilla)
2a75d4e6 AE	33	#:use-module (gnu packages groff)
2a75d4e6 AE	34	#:use-module (gnu packages icu4c)
fadae857	35	#:use-module (gnu packages kerberos)
f51d8e4c	36	#:use-module (gnu packages libevent)
f8fe0e9d	37	#:use-module (gnu packages linux)
f51d8e4c RW	38	#:use-module (gnu packages networking)
	39	#:use-module (gnu packages pcre)
	40	#:use-module (gnu packages perl)
	41	#:use-module (gnu packages pkg-config)
f8fe0e9d	42	#:use-module (gnu packages python)
f51d8e4c RW	43	#:use-module (gnu packages rsync)
	44	#:use-module (gnu packages selinux)
	45	#:use-module (gnu packages time)
cc2b77df	46	#:use-module (gnu packages tls)
f51d8e4c	47	#:use-module (gnu packages web)
b0415c03	48	#:use-module (gnu packages)
f51d8e4c	49	#:use-module ((guix licenses) #:select (openldap2.8 lgpl2.1+ gpl3+ psfl))
2a75d4e6 AE	50	#:use-module (guix packages)
2a75d4e6 AE	51	#:use-module (guix download)
8c0b8cce RW	52	#:use-module (guix build-system gnu)
8c0b8cce RW	53	#:use-module (guix build-system python))
2a75d4e6 AE	54
	55	(define-public openldap
	56	(package
	57	(name "openldap")
590594a1	58	(version "2.4.46")
2a75d4e6 AE	59	(source (origin
2a75d4e6 AE	60	(method url-fetch)
969ee403 LC	61
	62	;; See <http://www.openldap.org/software/download/> for a list of
	63	;; mirrors.
	64	(uri (list (string-append
	65	"ftp://mirror.switch.ch/mirror/OpenLDAP/"
	66	"openldap-release/openldap-" version ".tgz")
	67	(string-append
47415332	68	"https://www.openldap.org/software/download/OpenLDAP/"
969ee403 LC	69	"openldap-release/openldap-" version ".tgz")
	70	(string-append
	71	"ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
	72	"openldap-release/openldap-" version ".tgz")))
	73	(sha256
	74	(base32
590594a1	75	"0bab1km8f2nan1x0zgwliknbxg0zlf2pafxrr867kblrdfwdr44s"))))
2a75d4e6	76	(build-system gnu-build-system)
a0adbb04	77	(inputs `(("bdb" ,bdb-5.3)
2a75d4e6	78	("cyrus-sasl" ,cyrus-sasl)
217f3fdf	79	("gnutls" ,gnutls)
2a75d4e6 AE	80	("groff" ,groff)
	81	("icu4c" ,icu4c)
	82	("libgcrypt" ,libgcrypt)
2a75d4e6	83	("zlib" ,zlib)))
3246cc91	84	(native-inputs `(("libtool" ,libtool)))
2a75d4e6	85	(arguments
c3f97617	86	`(#:tests? #f
2a75d4e6	87	#:phases
c9dba6c1 LF	88	(modify-phases %standard-phases
	89	(add-after 'configure 'provide-libtool
	90	(lambda _ (copy-file (which "libtool") "libtool")
4f493cba LF	91	#t))
	92	(add-after 'install 'patch-sasl-path
	93	;; Give -L arguments for cyrus-sasl to avoid propagation.
	94	(lambda* (#:key inputs outputs #:allow-other-keys)
	95	(let ((out (assoc-ref outputs "out"))
	96	(sasl (assoc-ref inputs "cyrus-sasl")))
	97	(substitute* (map (lambda (f) (string-append out "/" f))
	98	'("lib/libldap.la" "lib/libldap_r.la"))
	99	(("-lsasl2" lib)
	100	(string-append "-L" sasl "/lib " lib)))
	101	#t))))))
d4bf49b1	102	(synopsis "Implementation of the Lightweight Directory Access Protocol")
2a75d4e6 AE	103	(description
	104	"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
	105	(license openldap2.8)
47415332	106	(home-page "https://www.openldap.org/")))
b0415c03	107
f8fe0e9d RW	108	(define-public nss-pam-ldapd
	109	(package
	110	(name "nss-pam-ldapd")
ca1dc4c7	111	(version "0.9.10")
f8fe0e9d RW	112	(source (origin
	113	(method url-fetch)
	114	(uri (string-append "https://arthurdejong.org/nss-pam-ldapd/"
	115	"nss-pam-ldapd-" version ".tar.gz"))
	116	(sha256
	117	(base32
ca1dc4c7	118	"1cqamcr6qpgwxijlr6kg7jspjamjra8w0haan0qssn0yxn95d7c0"))))
f8fe0e9d RW	119	(build-system gnu-build-system)
	120	(arguments
	121	`(#:configure-flags
	122	(list (string-append "--with-pam-seclib-dir="
	123	(assoc-ref %outputs "out") "/lib/security/")
289a8980 RW	124	;; nslcd cannot be convinced to look at run-time for its
	125	;; configuration file at a location that differs from the
	126	;; configured location.
	127	"--with-ldap-conf-file=/etc/nslcd.conf")
	128	#:phases
	129	(modify-phases %standard-phases
	130	;; This is necessary because we tell nslcd with configure flags that
	131	;; it should look for its configuration file at /etc/nslcd.conf. The
	132	;; build system tries to install a default configuration to that very
	133	;; location.
	134	(add-after 'unpack 'override-nslcd.conf-install-path
	135	(lambda* (#:key outputs #:allow-other-keys)
	136	(substitute* "Makefile.in"
	137	(("\\$\\(DESTDIR\\)\\$\\(NSLCD_CONF_PATH\\)")
	138	(string-append (assoc-ref outputs "out")
	139	"/etc/nslcd.conf.example")))
	140	#t)))))
f8fe0e9d RW	141	(inputs
	142	`(("linux-pam" ,linux-pam)
	143	("openldap" ,openldap)
fadae857	144	("mit-krb5" ,mit-krb5)
f8fe0e9d RW	145	("python" ,python-2)))
	146	(home-page "https://arthurdejong.org/nss-pam-ldapd")
	147	(synopsis "NSS and PAM modules for LDAP")
	148	(description "nss-pam-ldapd provides a @dfn{Name Service Switch} (NSS)
	149	module that allows your LDAP server to provide user account, group, host name,
	150	alias, netgroup, and basically any other information that you would normally
	151	get from @file{/etc} flat files or NIS. It also provides a @dfn{Pluggable
	152	Authentication Module} (PAM) to do identity and authentication management with
	153	an LDAP server.")
	154	(license lgpl2.1+)))
8c0b8cce RW	155
	156	(define-public python-ldap
	157	(package
	158	(name "python-ldap")
	159	(version "3.1.0")
	160	(source
	161	(origin
	162	(method url-fetch)
	163	(uri (pypi-uri "python-ldap" version))
	164	(sha256
	165	(base32
	166	"1i97nwfnraylyn0myxlf3vciicrf5h6fymrcff9c00k581wmx5s1"))))
	167	(build-system python-build-system)
	168	(arguments
	169	`(#:phases
	170	(modify-phases %standard-phases
	171	(add-after 'unpack 'configure-openldap-locations
	172	(lambda* (#:key inputs #:allow-other-keys)
	173	(let ((openldap (assoc-ref inputs "openldap")))
	174	(setenv "SLAPD"
	175	(string-append openldap
	176	"/libexec/slapd"))
	177	(setenv "SCHEMA"
	178	(string-append openldap
	179	"/etc/openldap/schema/")))
	180	#t)))))
	181	(inputs
	182	`(("openldap" ,openldap)
	183	("cyrus-sasl" ,cyrus-sasl)
	184	("mit-krb5" ,mit-krb5)))
	185	(propagated-inputs
	186	`(("python-pyasn1" ,python-pyasn1)
	187	("python-pyasn1-modules" ,python-pyasn1-modules)))
	188	(home-page "https://www.python-ldap.org/")
	189	(synopsis "Python modules for implementing LDAP clients")
	190	(description
	191	"This package provides an object-oriented API to access LDAP directory
	192	servers from Python programs.")
	193	(license psfl)))
f51d8e4c RW	194
	195	(define-public 389-ds-base
	196	(package
	197	(name "389-ds-base")
	198	(version "1.4.0.13")
	199	(source (origin
	200	(method url-fetch)
	201	(uri (string-append "https://releases.pagure.org/389-ds-base/"
	202	"389-ds-base-" version ".tar.bz2"))
	203	(sha256
	204	(base32
	205	"01dm3zq3w5ami9pwcjbjz8wfbx9krjxybjrgc4wyhrxlzd90ylzj"))))
	206	(build-system gnu-build-system)
	207	(arguments
	208	`(#:modules ((srfi srfi-1)
	209	(guix build gnu-build-system)
	210	(guix build utils))
	211	#:configure-flags
	212	(list (string-append "--with-db="
	213	(assoc-ref %build-inputs "bdb"))
	214	(string-append "--with-sasl="
	215	(assoc-ref %build-inputs "cyrus-sasl"))
	216	(string-append "--with-netsnmp="
	217	(assoc-ref %build-inputs "net-snmp"))
	218	(string-append "--with-pcre="
	219	(assoc-ref %build-inputs "pcre"))
	220	(string-append "--with-selinux="
	221	(assoc-ref %build-inputs "libselinux"))
	222	;; The Perl scripts are being removed in the 1.4.0 release.
	223	;; Building them would require packaging of the outdated Mozilla
	224	;; LDAP SDK (instead of OpenLDAP) and PerLDAP.
	225	"--disable-perl")
	226	#:phases
	227	(modify-phases %standard-phases
	228	(add-after 'unpack 'fix-install-location-of-python-tools
	229	(lambda* (#:key inputs outputs #:allow-other-keys)
	230	(let* ((out (assoc-ref outputs "out"))
	231	(get-python-version
	232	;; FIXME: copied from python-build-system
	233	(lambda (python)
	234	(let* ((version (last (string-split python #\-)))
	235	(components (string-split version #\.))
	236	(major+minor (take components 2)))
	237	(string-join major+minor "."))))
	238	(pythondir (string-append
	239	out "/lib/python"
	240	(get-python-version (assoc-ref inputs "python"))
	241	"/site-packages/")))
	242	;; Install directory must be on PYTHONPATH.
	243	(setenv "PYTHONPATH"
	244	(string-append (getenv "PYTHONPATH")
	245	":" pythondir))
	246	;; Install directory must exist.
	247	(mkdir-p pythondir)
	248	(substitute* "src/lib389/setup.py"
	249	(("/usr") out))
	250	(substitute* "Makefile.am"
	251	(("setup.py install --skip-build" m)
	252	(string-append m " --prefix=" out
	253	" --root=/ --single-version-externally-managed"))))
	254	#t))
	255	(add-after 'build 'build-python-tools
	256	(lambda* (#:key make-flags #:allow-other-keys)
	257	;; Set DETERMINISTIC_BUILD to override the embedded mtime in pyc
258	;; files.
259	(setenv "DETERMINISTIC_BUILD" "1")
260	;; Use deterministic hashes for strings, bytes, and datetime
261	;; objects.
262	(setenv "PYTHONHASHSEED" "0")
263	(apply invoke "make" "lib389" make-flags)
264	#t))
265	(add-after 'install 'install-python-tools
266	(lambda* (#:key make-flags #:allow-other-keys)
267	(apply invoke "make" "lib389-install" make-flags)
268	#t))
269	(add-after 'install-python-tools 'wrap-python-tools
270	(lambda* (#:key outputs #:allow-other-keys)
271	(let* ((out (assoc-ref outputs "out"))
272	(path (getenv "PYTHONPATH")))
273	(for-each (lambda (file)
274	(wrap-program (string-append out file)
275	`("PYTHONPATH" ":" prefix (,path))))
276	'("/sbin/dsconf"
277	"/sbin/dscreate"
278	"/sbin/dsctl"
279	"/sbin/dsidm"
280	"/bin/ds-logpipe.py"
281	"/bin/ds-replcheck"
282	"/bin/readnsstate")))
283	#t)))))
284	(inputs
285	`(("bdb" ,bdb)
286	("cyrus-sasl" ,cyrus-sasl)
287	("gnutls" ,gnutls)
288	("httpd" ,httpd)
289	("icu4c" ,icu4c)
290	("libevent" ,libevent)
291	("libselinux" ,libselinux)
292	("linux-pam" ,linux-pam)
293	("mit-krb5" ,mit-krb5)
294	("net-snmp" ,net-snmp)
295	("nspr" ,nspr)
296	("nss" ,nss)
297	("openldap" ,openldap)
298	("pcre" ,pcre)
299	("perl" ,perl)
300	("python" ,python)
301	("python-pyasn1" ,python-pyasn1)
302	("python-pyasn1-modules" ,python-pyasn1-modules)
303	("python-pytest" ,python-pytest)
304	("python-dateutil" ,python-dateutil)
305	("python-six" ,python-six)
306	("python-argcomplete" ,python-argcomplete)
307	("python-argparse-manpage" ,python-argparse-manpage)
308	("python-ldap" ,python-ldap)))
309	(native-inputs
310	`(("autoconf" ,autoconf)
311	("automake" ,automake)
312	("doxygen" ,doxygen)
313	("gettext" ,gettext-minimal)
314	("libtool" ,libtool)
315	("rsync" ,rsync)
316	("pkg-config" ,pkg-config)))
317	(home-page "https://directory.fedoraproject.org")
318	(synopsis "Enterprise-class LDAP server")
319	(description "389ds is an enterprise-class LDAP server. It is hardened by
320	real-world use, is full-featured, and supports multi-master replication.
321
322	Other features include:
323
324	@enumerate
325	@item Online, zero downtime, LDAP-based update of schema, configuration, and
326	management including @dfn{Access Control Information} (ACIs);
327	@item Asynchronous Multi-Master Replication, to provide fault tolerance and
328	high write performance;
329	@item Extensive documentation;
330	@item Secure authentication and transport (TLS, and SASL);
331	@item LDAPv3 compliant server.
332	@end enumerate\n")
333	;; GPLv3+ with OpenSSL linking exception.
334	(license gpl3+)))