| 1 | ;;; GNU Guix --- Functional package management for GNU |
| 2 | ;;; Copyright © 2013, 2014, 2015, 2019, 2020 Ludovic Courtès <ludo@gnu.org> |
| 3 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> |
| 4 | ;;; Copyright © 2016, 2021 Leo Famulari <leo@famulari.name> |
| 5 | ;;; Copyright © 2017, 2018, 2019 Ricardo Wurmus <rekado@elephly.net> |
| 6 | ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> |
| 7 | ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> |
| 8 | ;;; Copyright © 2020 Lars-Dominik Braun <ldb@leibniz-psychology.org> |
| 9 | ;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il> |
| 10 | ;;; |
| 11 | ;;; This file is part of GNU Guix. |
| 12 | ;;; |
| 13 | ;;; GNU Guix is free software; you can redistribute it and/or modify it |
| 14 | ;;; under the terms of the GNU General Public License as published by |
| 15 | ;;; the Free Software Foundation; either version 3 of the License, or (at |
| 16 | ;;; your option) any later version. |
| 17 | ;;; |
| 18 | ;;; GNU Guix is distributed in the hope that it will be useful, but |
| 19 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of |
| 20 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 21 | ;;; GNU General Public License for more details. |
| 22 | ;;; |
| 23 | ;;; You should have received a copy of the GNU General Public License |
| 24 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. |
| 25 | |
| 26 | (define-module (gnu packages openldap) |
| 27 | #:use-module (gnu packages autotools) |
| 28 | #:use-module (gnu packages check) |
| 29 | #:use-module (gnu packages compression) |
| 30 | #:use-module (gnu packages cyrus-sasl) |
| 31 | #:use-module (gnu packages dbm) |
| 32 | #:use-module (gnu packages documentation) |
| 33 | #:use-module (gnu packages gettext) |
| 34 | #:use-module (gnu packages gnupg) |
| 35 | #:use-module (gnu packages groff) |
| 36 | #:use-module (gnu packages icu4c) |
| 37 | #:use-module (gnu packages kerberos) |
| 38 | #:use-module (gnu packages libevent) |
| 39 | #:use-module (gnu packages linux) |
| 40 | #:use-module (gnu packages networking) |
| 41 | #:use-module (gnu packages nss) |
| 42 | #:use-module (gnu packages password-utils) |
| 43 | #:use-module (gnu packages pcre) |
| 44 | #:use-module (gnu packages perl) |
| 45 | #:use-module (gnu packages pkg-config) |
| 46 | #:use-module (gnu packages python) |
| 47 | #:use-module (gnu packages python-xyz) |
| 48 | #:use-module (gnu packages rsync) |
| 49 | #:use-module (gnu packages selinux) |
| 50 | #:use-module (gnu packages time) |
| 51 | #:use-module (gnu packages tls) |
| 52 | #:use-module (gnu packages web) |
| 53 | #:use-module (gnu packages) |
| 54 | #:use-module ((guix licenses) #:select (openldap2.8 lgpl2.1+ gpl3+ psfl expat)) |
| 55 | #:use-module (guix packages) |
| 56 | #:use-module (guix utils) |
| 57 | #:use-module (guix download) |
| 58 | #:use-module (guix build-system gnu) |
| 59 | #:use-module (guix build-system python)) |
| 60 | |
| 61 | (define-public openldap |
| 62 | (package |
| 63 | (name "openldap") |
| 64 | (replacement openldap-2.4.57) |
| 65 | (version "2.4.50") |
| 66 | (source (origin |
| 67 | (method url-fetch) |
| 68 | ;; See <http://www.openldap.org/software/download/> for a list of |
| 69 | ;; mirrors. |
| 70 | (uri (list (string-append |
| 71 | "ftp://mirror.switch.ch/mirror/OpenLDAP/" |
| 72 | "openldap-release/openldap-" version ".tgz") |
| 73 | (string-append |
| 74 | "https://www.openldap.org/software/download/OpenLDAP/" |
| 75 | "openldap-release/openldap-" version ".tgz") |
| 76 | (string-append |
| 77 | "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/" |
| 78 | "openldap-release/openldap-" version ".tgz"))) |
| 79 | (sha256 |
| 80 | (base32 |
| 81 | "1f46nlfwmys110j36sifm7ah8m8f3s10c3vaiikmmigmifapvdaw")))) |
| 82 | (build-system gnu-build-system) |
| 83 | (inputs `(("bdb" ,bdb-5.3) |
| 84 | ("cyrus-sasl" ,cyrus-sasl) |
| 85 | ("gnutls" ,gnutls) |
| 86 | ("libgcrypt" ,libgcrypt) |
| 87 | ("zlib" ,zlib))) |
| 88 | (native-inputs `(("libtool" ,libtool) |
| 89 | ("groff" ,groff) |
| 90 | ("bdb" ,bdb-5.3))) |
| 91 | (arguments |
| 92 | `(#:tests? #f |
| 93 | #:configure-flags |
| 94 | '("--disable-static" |
| 95 | ,@(if (%current-target-system) |
| 96 | '("--with-yielding_select=yes" |
| 97 | "ac_cv_func_memcmp_working=yes") |
| 98 | '())) |
| 99 | ;; Disable install stripping as it breaks cross-compiling. |
| 100 | #:make-flags '("STRIP=") |
| 101 | #:phases |
| 102 | (modify-phases %standard-phases |
| 103 | ,@(if (%current-target-system) |
| 104 | '((add-before 'configure 'fix-cross-gcc |
| 105 | (lambda* (#:key target #:allow-other-keys) |
| 106 | (setenv "CC" (string-append target "-gcc")) |
| 107 | #t))) |
| 108 | '()) |
| 109 | (add-after 'install 'patch-sasl-path |
| 110 | ;; Give -L arguments for cyrus-sasl to avoid propagation. |
| 111 | (lambda* (#:key inputs outputs #:allow-other-keys) |
| 112 | (let ((out (assoc-ref outputs "out")) |
| 113 | (krb5 (assoc-ref inputs "mit-krb5"))) ;propagated from cyrus-sasl |
| 114 | |
| 115 | ;; The ancient Libtool bundled with OpenLDAP copies the linker flags |
| 116 | ;; from Cyrus-SASL and embeds them into its own .la files. Add an |
| 117 | ;; absolute reference to Kerberos so it does not have to be propagated. |
| 118 | (substitute* (map (lambda (f) (string-append out "/" f)) |
| 119 | '("lib/libldap.la" "lib/libldap_r.la")) |
| 120 | (("-lkrb5" lib) |
| 121 | (string-append "-L" krb5 "/lib " lib))) |
| 122 | #t)))))) |
| 123 | (synopsis "Implementation of the Lightweight Directory Access Protocol") |
| 124 | (description |
| 125 | "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") |
| 126 | (license openldap2.8) |
| 127 | (home-page "https://www.openldap.org/"))) |
| 128 | |
| 129 | (define-public openldap-2.4.57 |
| 130 | (package |
| 131 | (inherit openldap) |
| 132 | (version "2.4.57") |
| 133 | (source (origin |
| 134 | (method url-fetch) |
| 135 | ;; See <http://www.openldap.org/software/download/> for a list of |
| 136 | ;; mirrors. |
| 137 | (uri (list (string-append |
| 138 | "ftp://mirror.switch.ch/mirror/OpenLDAP/" |
| 139 | "openldap-release/openldap-" version ".tgz") |
| 140 | (string-append |
| 141 | "https://www.openldap.org/software/download/OpenLDAP/" |
| 142 | "openldap-release/openldap-" version ".tgz") |
| 143 | (string-append |
| 144 | "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/" |
| 145 | "openldap-release/openldap-" version ".tgz"))) |
| 146 | (sha256 |
| 147 | (base32 |
| 148 | "0nmlyqhc52v24b4awh914sczmvxbazgq2cnlycvb9dgcwvhlgfn7")))))) |
| 149 | |
| 150 | (define-public nss-pam-ldapd |
| 151 | (package |
| 152 | (name "nss-pam-ldapd") |
| 153 | (version "0.9.11") |
| 154 | (source (origin |
| 155 | (method url-fetch) |
| 156 | (uri (string-append "https://arthurdejong.org/nss-pam-ldapd/" |
| 157 | "nss-pam-ldapd-" version ".tar.gz")) |
| 158 | (sha256 |
| 159 | (base32 |
| 160 | "1dna3r0q6sjhhlkhcp8x2zkslrd4y7701kk6fl5r940sdph1pmyh")))) |
| 161 | (build-system gnu-build-system) |
| 162 | (arguments |
| 163 | `(#:configure-flags |
| 164 | (list (string-append "--with-pam-seclib-dir=" |
| 165 | (assoc-ref %outputs "out") "/lib/security/") |
| 166 | ;; nslcd cannot be convinced to look at run-time for its |
| 167 | ;; configuration file at a location that differs from the |
| 168 | ;; configured location. |
| 169 | "--with-ldap-conf-file=/etc/nslcd.conf") |
| 170 | #:phases |
| 171 | (modify-phases %standard-phases |
| 172 | ;; This is necessary because we tell nslcd with configure flags that |
| 173 | ;; it should look for its configuration file at /etc/nslcd.conf. The |
| 174 | ;; build system tries to install a default configuration to that very |
| 175 | ;; location. |
| 176 | (add-after 'unpack 'override-nslcd.conf-install-path |
| 177 | (lambda* (#:key outputs #:allow-other-keys) |
| 178 | (substitute* "Makefile.in" |
| 179 | (("\\$\\(DESTDIR\\)\\$\\(NSLCD_CONF_PATH\\)") |
| 180 | (string-append (assoc-ref outputs "out") |
| 181 | "/etc/nslcd.conf.example"))) |
| 182 | #t))))) |
| 183 | (inputs |
| 184 | `(("linux-pam" ,linux-pam) |
| 185 | ("openldap" ,openldap) |
| 186 | ("mit-krb5" ,mit-krb5) |
| 187 | ("python" ,python))) |
| 188 | (home-page "https://arthurdejong.org/nss-pam-ldapd") |
| 189 | (synopsis "NSS and PAM modules for LDAP") |
| 190 | (description "nss-pam-ldapd provides a @dfn{Name Service Switch} (NSS) |
| 191 | module that allows your LDAP server to provide user account, group, host name, |
| 192 | alias, netgroup, and basically any other information that you would normally |
| 193 | get from @file{/etc} flat files or NIS. It also provides a @dfn{Pluggable |
| 194 | Authentication Module} (PAM) to do identity and authentication management with |
| 195 | an LDAP server.") |
| 196 | (license lgpl2.1+))) |
| 197 | |
| 198 | (define-public python-ldap |
| 199 | (package |
| 200 | (name "python-ldap") |
| 201 | (version "3.3.1") |
| 202 | (source |
| 203 | (origin |
| 204 | (method url-fetch) |
| 205 | (uri (pypi-uri "python-ldap" version)) |
| 206 | (sha256 |
| 207 | (base32 |
| 208 | "198as30xy6p760niqps2zdvq2xcmr765h06pmda8fa9y077wl4a7")))) |
| 209 | (build-system python-build-system) |
| 210 | (arguments |
| 211 | `(#:phases |
| 212 | (modify-phases %standard-phases |
| 213 | (add-after 'unpack 'configure-openldap-locations |
| 214 | (lambda* (#:key inputs #:allow-other-keys) |
| 215 | (let ((openldap (assoc-ref inputs "openldap"))) |
| 216 | (setenv "SLAPD" |
| 217 | (string-append openldap |
| 218 | "/libexec/slapd")) |
| 219 | (setenv "SCHEMA" |
| 220 | (string-append openldap |
| 221 | "/etc/openldap/schema/"))) |
| 222 | #t))))) |
| 223 | (inputs |
| 224 | `(("openldap" ,openldap) |
| 225 | ("cyrus-sasl" ,cyrus-sasl) |
| 226 | ("mit-krb5" ,mit-krb5))) |
| 227 | (propagated-inputs |
| 228 | `(("python-pyasn1" ,python-pyasn1) |
| 229 | ("python-pyasn1-modules" ,python-pyasn1-modules))) |
| 230 | (home-page "https://www.python-ldap.org/") |
| 231 | (synopsis "Python modules for implementing LDAP clients") |
| 232 | (description |
| 233 | "This package provides an object-oriented API to access LDAP directory |
| 234 | servers from Python programs.") |
| 235 | (license psfl))) |
| 236 | |
| 237 | (define-public 389-ds-base |
| 238 | (package |
| 239 | (name "389-ds-base") |
| 240 | (version "1.4.0.31") |
| 241 | (source (origin |
| 242 | (method url-fetch) |
| 243 | (uri (string-append "https://releases.pagure.org/389-ds-base/" |
| 244 | "389-ds-base-" version ".tar.bz2")) |
| 245 | (sha256 |
| 246 | (base32 |
| 247 | "1rs218iqxyclccsdqb529favdsmz88zw785lsxd9ln43ja3x3l65")))) |
| 248 | (build-system gnu-build-system) |
| 249 | (arguments |
| 250 | `(#:modules ((srfi srfi-1) |
| 251 | (guix build gnu-build-system) |
| 252 | ((guix build python-build-system) |
| 253 | #:select (python-version)) |
| 254 | (guix build utils)) |
| 255 | #:imported-modules ((guix build python-build-system) |
| 256 | ,@%gnu-build-system-modules) |
| 257 | #:configure-flags |
| 258 | (list (string-append "--with-db=" |
| 259 | (assoc-ref %build-inputs "bdb")) |
| 260 | (string-append "--with-sasl=" |
| 261 | (assoc-ref %build-inputs "cyrus-sasl")) |
| 262 | (string-append "--with-netsnmp=" |
| 263 | (assoc-ref %build-inputs "net-snmp")) |
| 264 | (string-append "--with-pcre=" |
| 265 | (assoc-ref %build-inputs "pcre")) |
| 266 | (string-append "--with-selinux=" |
| 267 | (assoc-ref %build-inputs "libselinux")) |
| 268 | "--localstatedir=/var" |
| 269 | "--with-instconfigdir=/etc/dirsrv" |
| 270 | ;; The Perl scripts are being removed in the 1.4.0 release. |
| 271 | ;; Building them would require packaging of the outdated Mozilla |
| 272 | ;; LDAP SDK (instead of OpenLDAP) and PerLDAP. |
| 273 | "--disable-perl") |
| 274 | #:phases |
| 275 | (modify-phases %standard-phases |
| 276 | (add-after 'unpack 'fix-references |
| 277 | (lambda _ |
| 278 | (substitute* "include/ldaputil/certmap.h" |
| 279 | (("nss3/cert.h") "nss/cert.h")) |
| 280 | (substitute* "src/lib389/lib389/nss_ssl.py" |
| 281 | (("'/usr/bin/certutil'") |
| 282 | (string-append "'" (which "certutil") "'")) |
| 283 | (("'/usr/bin/c_rehash'") |
| 284 | (string-append "'" (which "perl") "', '" (which "c_rehash") "'"))) |
| 285 | #t)) |
| 286 | (add-after 'unpack 'overwrite-default-locations |
| 287 | (lambda* (#:key outputs #:allow-other-keys) |
| 288 | (let ((out (assoc-ref outputs "out"))) |
| 289 | (substitute* "src/lib389/lib389/paths.py" |
| 290 | (("/usr/share/dirsrv/inf/defaults.inf") |
| 291 | (string-append out "/share/dirsrv/inf/defaults.inf"))) |
| 292 | ;; This directory can only be specified relative to sysconfdir. This |
| 293 | ;; is used to determine where to look for installed directory |
| 294 | ;; servers, so in the absence of a search path it needs to be global. |
| 295 | (substitute* "ldap/admin/src/defaults.inf.in" |
| 296 | (("^initconfig_dir =.*") |
| 297 | "initconfig_dir = /etc/dirsrv/registry\n")) |
| 298 | ;; This is used to determine where to write certificate files |
| 299 | ;; when installing new directory server instances. |
| 300 | (substitute* '("src/lib389/lib389/instance/setup.py" |
| 301 | "src/lib389/lib389/instance/remove.py") |
| 302 | (("etc_dirsrv_path = .*") |
| 303 | "etc_dirsrv_path = '/etc/dirsrv/'\n")) |
| 304 | #t))) |
| 305 | (add-after 'unpack 'fix-install-location-of-python-tools |
| 306 | (lambda* (#:key inputs outputs #:allow-other-keys) |
| 307 | (let* ((out (assoc-ref outputs "out")) |
| 308 | (pythondir (string-append |
| 309 | out "/lib/python" |
| 310 | (python-version (assoc-ref inputs "python")) |
| 311 | "/site-packages/"))) |
| 312 | ;; Install directory must be on PYTHONPATH. |
| 313 | (setenv "PYTHONPATH" |
| 314 | (string-append (getenv "PYTHONPATH") |
| 315 | ":" pythondir)) |
| 316 | ;; Install directory must exist. |
| 317 | (mkdir-p pythondir) |
| 318 | (substitute* "src/lib389/setup.py" |
| 319 | (("/usr") out)) |
| 320 | (substitute* "Makefile.am" |
| 321 | (("setup.py install --skip-build" m) |
| 322 | (string-append m " --prefix=" out |
| 323 | " --root=/ --single-version-externally-managed")))) |
| 324 | #t)) |
| 325 | (add-after 'build 'build-python-tools |
| 326 | (lambda* (#:key make-flags #:allow-other-keys) |
| 327 | ;; Set DETERMINISTIC_BUILD to override the embedded mtime in pyc |
| 328 | ;; files. |
| 329 | (setenv "DETERMINISTIC_BUILD" "1") |
| 330 | ;; Use deterministic hashes for strings, bytes, and datetime |
| 331 | ;; objects. |
| 332 | (setenv "PYTHONHASHSEED" "0") |
| 333 | (apply invoke "make" "lib389" make-flags) |
| 334 | #t)) |
| 335 | (add-after 'install 'install-python-tools |
| 336 | (lambda* (#:key make-flags #:allow-other-keys) |
| 337 | (apply invoke "make" "lib389-install" make-flags) |
| 338 | #t)) |
| 339 | (add-after 'install-python-tools 'wrap-python-tools |
| 340 | (lambda* (#:key outputs #:allow-other-keys) |
| 341 | (let* ((out (assoc-ref outputs "out")) |
| 342 | (path (getenv "PYTHONPATH"))) |
| 343 | (for-each (lambda (file) |
| 344 | (wrap-program (string-append out file) |
| 345 | `("PYTHONPATH" ":" prefix (,path)))) |
| 346 | '("/sbin/dsconf" |
| 347 | "/sbin/dscreate" |
| 348 | "/sbin/dsctl" |
| 349 | "/sbin/dsidm" |
| 350 | "/bin/ds-logpipe.py" |
| 351 | "/bin/ds-replcheck" |
| 352 | "/bin/readnsstate"))) |
| 353 | #t))))) |
| 354 | (inputs |
| 355 | `(("bdb" ,bdb) |
| 356 | ("cracklib" ,cracklib) |
| 357 | ("cyrus-sasl" ,cyrus-sasl) |
| 358 | ("gnutls" ,gnutls) |
| 359 | ("httpd" ,httpd) |
| 360 | ("icu4c" ,icu4c) |
| 361 | ("libevent" ,libevent) |
| 362 | ("libselinux" ,libselinux) |
| 363 | ("linux-pam" ,linux-pam) |
| 364 | ("mit-krb5" ,mit-krb5) |
| 365 | ("net-snmp" ,net-snmp) |
| 366 | ("nspr" ,nspr) |
| 367 | ("nss" ,nss) |
| 368 | ("nss:bin" ,nss "bin") ; for certutil |
| 369 | ("openldap" ,openldap) |
| 370 | ("openssl" ,openssl) ; #included by net-snmp |
| 371 | ("pcre" ,pcre) |
| 372 | ("perl" ,perl) |
| 373 | ("python" ,python) |
| 374 | ("python-pyasn1" ,python-pyasn1) |
| 375 | ("python-pyasn1-modules" ,python-pyasn1-modules) |
| 376 | ("python-pytest" ,python-pytest) |
| 377 | ("python-dateutil" ,python-dateutil) |
| 378 | ("python-six" ,python-six) |
| 379 | ("python-argcomplete" ,python-argcomplete) |
| 380 | ("python-argparse-manpage" ,python-argparse-manpage) |
| 381 | ("python-ldap" ,python-ldap))) |
| 382 | (native-inputs |
| 383 | `(("autoconf" ,autoconf) |
| 384 | ("automake" ,automake) |
| 385 | ("doxygen" ,doxygen) |
| 386 | ("gettext" ,gettext-minimal) |
| 387 | ("libtool" ,libtool) |
| 388 | ("rsync" ,rsync) |
| 389 | ("pkg-config" ,pkg-config))) |
| 390 | (home-page "https://directory.fedoraproject.org") |
| 391 | (synopsis "Enterprise-class LDAP server") |
| 392 | (description "389ds is an enterprise-class LDAP server. It is hardened by |
| 393 | real-world use, is full-featured, and supports multi-master replication. |
| 394 | |
| 395 | Other features include: |
| 396 | |
| 397 | @enumerate |
| 398 | @item Online, zero downtime, LDAP-based update of schema, configuration, and |
| 399 | management including @dfn{Access Control Information} (ACIs); |
| 400 | @item Asynchronous Multi-Master Replication, to provide fault tolerance and |
| 401 | high write performance; |
| 402 | @item Extensive documentation; |
| 403 | @item Secure authentication and transport (TLS, and SASL); |
| 404 | @item LDAPv3 compliant server. |
| 405 | @end enumerate\n") |
| 406 | ;; GPLv3+ with OpenSSL linking exception. |
| 407 | (license gpl3+))) |
| 408 | |
| 409 | (define-public python-bonsai |
| 410 | (package |
| 411 | (name "python-bonsai") |
| 412 | (version "1.2.0") |
| 413 | (source |
| 414 | (origin |
| 415 | (method url-fetch) |
| 416 | (uri (pypi-uri "bonsai" version)) |
| 417 | (sha256 |
| 418 | (base32 |
| 419 | "013bl6h1m3f7vg1lk89d4vi28wbf31zdcs4f9g8css7ngx63v6px")))) |
| 420 | (build-system python-build-system) |
| 421 | (inputs |
| 422 | `(("mit-krb5" ,mit-krb5) |
| 423 | ("cyrus-sasl" ,cyrus-sasl) |
| 424 | ("openldap" ,openldap))) |
| 425 | ;; disabling tests, since they require docker and extensive setup |
| 426 | (arguments `(#:tests? #f)) |
| 427 | (home-page "https://github.com/noirello/bonsai") |
| 428 | (synopsis "Access LDAP directory servers from Python") |
| 429 | (description |
| 430 | "This is a module for handling LDAP operations in Python. LDAP entries |
| 431 | are mapped to a special Python case-insensitive dictionary, tracking the |
| 432 | changes of the dictionary to modify the entry on the server easily.") |
| 433 | (license expat))) |
| 434 | |