- Update to 0.8.6

- Pass maintainership to submitter

PR:		ports/165659
Submitted by:	Mel Flynn <rflynn@acsalaska.net>
Approved by:	melifaro (former maintainer)
Feature safe:	yes

net/nss-pam-ldapd/Makefile

@@ -6,13 +6,12 @@
 #
 
 PORTNAME=		nss-pam-ldapd
-PORTVERSION=		0.7.13
-PORTREVISION=		2
+PORTVERSION=		0.8.6
 CATEGORIES=		net
 MASTER_SITES=		http://arthurdejong.org/nss-pam-ldapd/ \
 			http://static.ipfw.ru/files/
 
-MAINTAINER=		melifaro@ipfw.ru
+MAINTAINER=		rflynn@acsalaska.net
 COMMENT=		Advanced fork of nss_ldap
 
 LICENSE=		LGPL21 LGPL3
@@ -22,6 +21,8 @@ GNU_CONFIGURE=		yes
 USE_GMAKE=		yes
 USE_OPENLDAP=		yes
 USE_RC_SUBR=		nslcd
+PAM_LDAP_SHMAJOR=	1
+NSS_LDAP_SHMAJOR=	1
 
 NSLCD_PIDFILE?=		/var/run/nslcd.pid
 NSLCD_SOCKET?=		/var/run/nslcd.ctl
@@ -32,11 +33,7 @@ OPTIONS=		SASL		"Enable SASL" off \
 USERS=			nslcd
 GROUPS=			nslcd
 
-.include <bsd.port.pre.mk>
-
-.if ${OSVERSION} < 800000
-EXTRA_PATCHES+=		${FILESDIR}/rtld_nss__nslcd.c
-.endif
+.include <bsd.port.options.mk>
 
 CPPFLAGS+=		-I${LOCALBASE}/include
 LDFLAGS+=		-L${LOCALBASE}/lib
@@ -44,7 +41,7 @@ LDFLAGS+=		-L${LOCALBASE}/lib
 CONFIGURE_ARGS+=	--with-nslcd-pidfile=${NSLCD_PIDFILE} \
 			--with-nslcd-socket=${NSLCD_SOCKET} \
 			--with-ldap-lib=openldap --disable-kerberos \
-			--with-nss-ldap-soname=nss_ldap.so.1
+			--with-nss-ldap-soname=nss_ldap.so.${NSS_LDAP_SHMAJOR}
 
 CONFIG_FILE=		"nslcd.conf"
 CONFIGURE_ARGS+=	--with-ldap-conf-file=${PREFIX}/etc/${CONFIG_FILE}
@@ -58,7 +55,9 @@ CONFIGURE_ARGS+=	--disable-sasl
 .endif
 
 .if defined(WITH_PAM)
-CONFIGURE_ARGS+=	--enable-pam
+CONFIGURE_ARGS+=	--enable-pam \
+			--with-pam-seclib-dir=${PREFIX}/lib \
+			--with-pam-ldap-soname=pam_ldap.so.${PAM_LDAP_SHMAJOR}
 MAN8+=			pam_ldap.8
 CONFLICTS+=		pam_ldap-1.*
 PLIST_SUB+=		PAM=""
@@ -88,12 +87,19 @@ MAN8+=			nslcd.8
 
 post-extract:
 	@${REINPLACE_CMD} -e 's/\(INSTALL_\)\(.*\)) -D /\1\2) /' ${WRKSRC}/Makefile.in ${WRKSRC}/nss/Makefile.in
-	@${REINPLACE_CMD} -e 's/shadow.$$(OBJEXT)/shadow.$$(OBJEXT) bsdnss.$$(OBJEXT)/;s/shadow\.c/shadow.c bsdnss.c/' ${WRKSRC}/nss/Makefile.in
 
 post-configure:
 	${REINPLACE_CMD} -e 's/^\(CFLAGS.*\) \-O2 \(.*\)$$/\1 -O0 \2/' ${WRKSRC}/nss/Makefile
 
 post-install:
+.if !defined(WITHOUT_NSS)
+	@cd ${PREFIX}/lib && ${LN} -fs nss_ldap.so.${NSS_LDAP_SHMAJOR} \
+		nss_ldap.so
+.endif
+.if !defined(WITHOUT_PAM)
+	@cd ${PREFIX}/lib && ${LN} -fs pam_ldap.so.${PAM_LDAP_SHMAJOR} \
+		pam_ldap.so
+.endif
 	@${ECHO_MSG}
 	@${ECHO_MSG} =====================================================================
 	@${ECHO_MSG}
@@ -108,4 +114,4 @@ post-install:
 	@${ECHO_MSG} =====================================================================
 	@${ECHO_MSG}
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>

net/nss-pam-ldapd/distinfo

@@ -1,2 +1,2 @@
-SHA256 (nss-pam-ldapd-0.7.13.tar.gz) = 1bdba144669ac3220162d59bafe5ba4f83404f520bc9ead58b179745c82b8d4a
-SIZE (nss-pam-ldapd-0.7.13.tar.gz) = 478944
+SHA256 (nss-pam-ldapd-0.8.6.tar.gz) = 549f58c83c18ce8017f546138414e831b255a6edc5dfd8ff141aef52d94f25df
+SIZE (nss-pam-ldapd-0.8.6.tar.gz) = 466292

net/nss-pam-ldapd/files/nslcd.in

@@ -10,16 +10,32 @@
 #
 # nslcd_enable="YES"
 #
-
-nslcd_enable=${nslcd_enable-"NO"}
+# Optional:
+# nslcd_debug="NO" - start nslcd in debugging mode (does not daemonize).
+#
 
 . /etc/rc.subr
 
 name=nslcd
 rcvar=nslcd_enable
 
+load_rc_config ${name}
+
+: ${nslcd_enable="NO"}
+: ${nslcd_debug="NO"}
+
+command="%%PREFIX%%/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+start_precmd="nslcd_prestart"
 start_postcmd="nslcd_poststart"
 
+nslcd_prestart () {
+	if checkyesno nslcd_debug
+	then
+		command_args="-d"
+	fi
+}
+
 nslcd_poststart () {
        until $(%%PREFIX%%/sbin/${name} -c); do
                echo " Waiting for nslcd to start"
@@ -27,8 +43,5 @@ nslcd_poststart () {
        done
 }
 
-command="%%PREFIX%%/sbin/${name}"
-pidfile="/var/run/${name}.pid"
 
-load_rc_config ${name}
 run_rc_command "$1"

net/nss-pam-ldapd/files/patch-Makefile.in

@@ -1,18 +1,19 @@
---- Makefile.in.orig	2010-06-29 23:25:51.000000000 +0400
-+++ Makefile.in	2010-06-29 23:26:53.000000000 +0400
-@@ -759,13 +759,14 @@
+--- Makefile.in.orig	2012-03-02 12:50:47.000000000 -0900
++++ Makefile.in	2012-03-02 13:01:13.000000000 -0900
+@@ -774,6 +774,7 @@
  
  # install a default configuration file if it is not already there
  install-nslcd_conf:
-+	$(INSTALL_DATA) $(srcdir)/nslcd.conf $(DESTDIR)$(NSLCD_CONF_PATH).sample
++	$(INSTALL_DATA) $(srcdir)/nslcd.conf $(DESTDIR)/$(NSLCD_CONF_PATH).sample
  	@if [ -f $(DESTDIR)$(NSLCD_CONF_PATH) ]; then \
  	  echo "$(DESTDIR)$(NSLCD_CONF_PATH) already exists, install will not overwrite"; \
  	else \
- 	  $(INSTALL_DATA) $(srcdir)/nslcd.conf $(DESTDIR)$(NSLCD_CONF_PATH) || true; \
+@@ -781,7 +782,7 @@
+ 	  $(INSTALL_DATA) $(srcdir)/nslcd.conf $(DESTDIR)$(NSLCD_CONF_PATH); \
  	fi
  uninstall-nslcd_conf:
 -	-rm -f $(DESTDIR)$(NSLCD_CONF_PATH)
 +	-rm -f $(DESTDIR)$(NSLCD_CONF_PATH).sample
  
- # target for easily creating a Debian package
- # the find is an ugly hack to fix a bug if being built on an nfs filesystem
+ # fix permissions before distributing
+ dist-hook:

net/nss-pam-ldapd/files/patch-nslcd.conf

@@ -1,13 +0,0 @@
---- nslcd.conf.orig	2010-04-29 07:44:58.355014955 -0500
-+++ nslcd.conf	2010-04-29 07:45:10.741047860 -0500
-@@ -4,6 +4,10 @@
- # information in the directory.
- # See the manual page nslcd.conf(5) for more information.
- 
-+# The underprivileged user and group used for running the daemon.
-+uid nslcd
-+gid nslcd
-+
- # The uri pointing to the LDAP server to use for name lookups.
- # Multiple entries may be specified. The address that is used
- # here should be resolvable without using LDAP (obviously).

net/nss-pam-ldapd/files/patch-nss__bsdnss.c

@@ -1,237 +0,0 @@
---- /dev/null	2011-01-14 20:44:13.000000000 +0000
-+++ nss/bsdnss.c	2011-01-14 20:33:39.000000000 +0000
-@@ -0,0 +1,234 @@
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <sys/param.h>
-+#include <netinet/in.h>
-+#include <pwd.h>
-+#include <grp.h>
-+#include <nss.h>
-+#include <nsswitch.h>
-+#include <netdb.h>
-+
-+#define BUFFER_SIZE		1024
-+
-+extern enum nss_status _nss_ldap_getgrent_r(struct group *, char *, size_t,
-+    int *);
-+extern enum nss_status _nss_ldap_getgrnam_r(const char *, struct group *,
-+    char *, size_t, int *);
-+extern enum nss_status _nss_ldap_getgrgid_r(gid_t gid, struct group *, char *,
-+    size_t, int *);
-+extern enum nss_status _nss_ldap_setgrent(void);
-+extern enum nss_status _nss_ldap_endgrent(void);
-+
-+extern enum nss_status _nss_ldap_getpwent_r(struct passwd *, char *, size_t,
-+    int *);
-+extern enum nss_status _nss_ldap_getpwnam_r(const char *, struct passwd *,
-+    char *, size_t, int *);
-+extern enum nss_status _nss_ldap_getpwuid_r(gid_t gid, struct passwd *, char *,
-+    size_t, int *);
-+extern enum nss_status _nss_ldap_setpwent(void);
-+extern enum nss_status _nss_ldap_endpwent(void);
-+
-+extern enum nss_status _nss_ldap_gethostbyname_r (const char *name, struct hostent * result,
-+			   char *buffer, size_t buflen, int *errnop,
-+			   int *h_errnop);
-+
-+extern enum nss_status _nss_ldap_gethostbyname2_r (const char *name, int af, struct hostent * result,
-+			    char *buffer, size_t buflen, int *errnop,
-+			    int *h_errnop);
-+extern enum nss_status _nss_ldap_gethostbyaddr_r (struct in_addr * addr, int len, int type,
-+			   struct hostent * result, char *buffer,
-+			   size_t buflen, int *errnop, int *h_errnop);
-+extern enum nss_status _nss_ldap_initgroups_dyn(const char *, gid_t, long int *,
-+			   long int *, gid_t **, long int, int *);
-+
-+NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
-+NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
-+NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
-+NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
-+NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
-+static NSS_METHOD_PROTOTYPE(__freebsd_getgroupmembership);
-+
-+NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
-+NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
-+NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
-+NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
-+NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
-+
-+NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
-+NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
-+NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
-+
-+static ns_mtab methods[] = {
-+{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
-+{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
-+{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
-+{ NSDB_GROUP, "setgrent",   __nss_compat_setgrent,   _nss_ldap_setgrent },
-+{ NSDB_GROUP, "endgrent",   __nss_compat_endgrent,   _nss_ldap_endgrent },
-+{ NSDB_GROUP, "getgroupmembership", __freebsd_getgroupmembership, NULL },
-+
-+{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
-+{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
-+{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
-+{ NSDB_PASSWD, "setpwent",   __nss_compat_setpwent,   _nss_ldap_setpwent },
-+{ NSDB_PASSWD, "endpwent",   __nss_compat_endpwent,   _nss_ldap_endpwent },
-+
-+{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r },
-+{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r },
-+{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r },
-+
-+{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
-+{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
-+{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
-+{ NSDB_GROUP_COMPAT, "setgrent",   __nss_compat_setgrent,   _nss_ldap_setgrent },
-+{ NSDB_GROUP_COMPAT, "endgrent",   __nss_compat_endgrent,   _nss_ldap_endgrent },
-+
-+{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
-+{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
-+{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
-+{ NSDB_PASSWD_COMPAT, "setpwent",   __nss_compat_setpwent,   _nss_ldap_setpwent },
-+{ NSDB_PASSWD_COMPAT, "endpwent",   __nss_compat_endpwent,   _nss_ldap_endpwent },
-+
-+};
-+
-+
-+int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
-+{
-+	enum nss_status 	(*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
-+	const char 	*name;
-+	struct hostent 	*result;
-+	char 		buffer[BUFFER_SIZE];
-+	int 		errnop;
-+	int		h_errnop;
-+	int		af;
-+	enum nss_status	status;
-+	fn = mdata;
-+	name = va_arg(ap, const char*);
-+	af = va_arg(ap,int);
-+	result = va_arg(ap,struct hostent *);
-+	status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
-+	status = __nss_compat_result(status,errnop);
-+	h_errno = h_errnop;
-+	return (status);
-+}
-+
-+int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
-+{
-+	enum nss_status 	(*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
-+	const char 	*name;
-+	struct hostent 	*result;
-+	char 		buffer[BUFFER_SIZE];
-+	int 		errnop;
-+	int		h_errnop;
-+	int		af;
-+	enum nss_status	status;
-+	fn = mdata;
-+	name = va_arg(ap, const char*);
-+	af = va_arg(ap,int);
-+	result = va_arg(ap,struct hostent *);
-+	status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
-+	status = __nss_compat_result(status,errnop);
-+	h_errno = h_errnop;
-+	return (status);
-+}
-+
-+int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
-+{
-+	struct in_addr 	*addr;
-+	int 		len;
-+	int 		type;
-+	struct hostent	*result;
-+	char 		buffer[BUFFER_SIZE];
-+	int		errnop;
-+	int		h_errnop;
-+	enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
-+	enum nss_status status;
-+	fn = mdata;
-+	addr = va_arg(ap, struct in_addr*);
-+	len = va_arg(ap,int);
-+	type = va_arg(ap,int);
-+	result = va_arg(ap, struct hostent*);
-+	status = fn(addr, len, type, result, buffer, sizeof(buffer), &errnop, &h_errnop);
-+	status = __nss_compat_result(status,errnop);
-+	h_errno = h_errnop;
-+	return (status);
-+}
-+
-+static int
-+__gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *groupc)
-+{
-+	int	ret, dupc;
-+
-+						/* skip duplicates */
-+	for (dupc = 0; dupc < MIN(maxgrp, *groupc); dupc++) {
-+		if (groups[dupc] == gid)
-+			return 1;
-+	}
-+
-+	ret = 1;
-+	if (*groupc < maxgrp)			/* add this gid */
-+		groups[*groupc] = gid;
-+	else
-+		ret = 0;
-+	(*groupc)++;
-+	return ret;
-+}
-+
-+static int
-+__freebsd_getgroupmembership(void *retval, void *mdata, va_list ap)
-+{
-+
-+	int err;
-+	enum nss_status s;
-+    gid_t       group;
-+    gid_t       *tmpgroups;
-+    size_t      bufsize;
-+    const char  *user;
-+    gid_t       *groups;
-+    gid_t       agroup;
-+    int         maxgrp, *grpcnt;
-+    int     i, rv, ret_errno;
-+	long int lstart, lsize;
-+
-+   
-+    user = va_arg(ap, const char *);
-+    group = va_arg(ap, gid_t);
-+    groups = va_arg(ap, gid_t *);
-+    maxgrp = va_arg(ap, int);
-+    grpcnt = va_arg(ap, int *); 
-+    
-+
-+	tmpgroups = malloc(maxgrp * sizeof(gid_t));
-+	if (tmpgroups == NULL) {
-+        printf("Tried to mallog %u * %u\n", maxgrp, sizeof(gid_t));
-+        return NS_TRYAGAIN;
-+    }
-+
-+	/* insert primary membership */
-+	__gr_addgid(group, groups, maxgrp, grpcnt);
-+
-+	lstart = 0;
-+	lsize = maxgrp;
-+	s = _nss_ldap_initgroups_dyn(user, group, &lstart, &lsize,
-+		&tmpgroups, 0, &err);
-+	if (s == NSS_STATUS_SUCCESS) {
-+		for (i = 0; i < lstart; i++)
-+			if (! __gr_addgid(tmpgroups[i], groups, maxgrp, grpcnt)) { 
-+                ;;
-+            }
-+		s = NSS_STATUS_NOTFOUND;
-+	}
-+
-+	free(tmpgroups);
-+
-+	return __nss_compat_result(s, 0);
-+}
-+
-+ns_mtab *
-+nss_module_register(const char *source, unsigned int *mtabsize,
-+    nss_module_unregister_fn *unreg)
-+{
-+	*mtabsize = sizeof(methods)/sizeof(methods[0]);
-+	*unreg = NULL;
-+	return (methods);
-+}

net/nss-pam-ldapd/files/patch-nss__prototypes.h

@@ -0,0 +1,16 @@
+--- nss/prototypes.h.orig	2011-03-09 13:39:24.000000000 -0900
++++ nss/prototypes.h	2012-02-29 17:15:19.000000000 -0900
+@@ -125,11 +125,13 @@
+ nss_status_t _nss_ldap_getservent_r(struct servent *result,char *buffer,size_t buflen,int *errnop);
+ nss_status_t _nss_ldap_endservent(void);
+ 
++#ifdef HAVE_SHADOW_H
+ /* shadow - extended user information */
+ nss_status_t _nss_ldap_getspnam_r(const char *name,struct spwd *result,char *buffer,size_t buflen,int *errnop);
+ nss_status_t _nss_ldap_setspent(int stayopen);
+ nss_status_t _nss_ldap_getspent_r(struct spwd *result,char *buffer,size_t buflen,int *errnop);
+ nss_status_t _nss_ldap_endspent(void);
++#endif
+ 
+ #endif /* NSS_FLAVOUR_GLIBC */
+ 

net/nss-pam-ldapd/files/patch-nss_ldap.map

@@ -1,30 +0,0 @@
---- ./nss/nss_ldap.map.orig	2010-09-24 07:07:18.000000000 +0000
-+++ ./nss/nss_ldap.map		2010-12-16 13:13:25.000000000 +0000
-@@ -81,6 +78,27 @@
-     _nss_ldap_getspent_r;
-     _nss_ldap_endspent;
- 
-+    # compat 4 bsd 
-+    __nss_compat_getgrnam_r;
-+    __nss_compat_getgrgid_r;
-+    __nss_compat_getgrent_r;
-+    __nss_compat_setgrent;
-+    __nss_compat_endgrent;
-+
-+    __nss_compat_getpwnam_r;
-+    __nss_compat_getpwuid_r;
-+    __nss_compat_getpwent_r;
-+    __nss_compat_setpwent;
-+    __nss_compat_endpwent;
-+
-+    __nss_compat_gethostbyname;
-+    __nss_compat_gethostbyname2;
-+    __nss_compat_gethostbyaddr;
-+    
-+    # module init
-+    nss_module_register;
-+
-+
-   # everything else should not be exported
-   local:
-     *;

net/nss-pam-ldapd/files/patch-pam__makefile.in

@@ -1,12 +0,0 @@
---- pam/Makefile.in.orig	2009-12-20 20:47:00.000000000 +0300
-+++ pam/Makefile.in	2009-12-20 20:48:30.000000000 +0300
-@@ -470,7 +470,8 @@
- 
- # install pam_ldap.so
- install-pam_ldap_so: pam_ldap.so
--	$(INSTALL_PROGRAM) -D pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so
-+	$(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(libdir)/pam_ldap.so.1
-+	ln -sfh $(DESTDIR)$(libdir)/pam_ldap.so.1 $(DESTDIR)$(libdir)/pam_ldap.so
- uninstall-pam_ldap_so:
- 	-rm -f $(DESTDIR)$(libdir)/security/pam_ldap.so
- 

net/nss-pam-ldapd/files/patch-r1626

@@ -0,0 +1,50 @@
+Modified: compat/ldap_compat.h
+==============================================================================
+--- compat/ldap_compat.h	Wed Feb 29 22:44:31 2012	(r1625)
++++ compat/ldap_compat.h	Mon Mar  5 22:53:54 2012	(r1626)
+@@ -62,4 +62,12 @@
+ #define LDAP_SASL_QUIET 2U
+ #endif /* not LDAP_SASL_QUIET */
+ 
++/* on some systems LDAP_OPT_DIAGNOSTIC_MESSAGE isn't there but
++   LDAP_OPT_ERROR_STRING is */
++#ifndef LDAP_OPT_DIAGNOSTIC_MESSAGE
++#ifdef LDAP_OPT_ERROR_STRING
++#define LDAP_OPT_DIAGNOSTIC_MESSAGE LDAP_OPT_ERROR_STRING
++#endif /* LDAP_OPT_ERROR_STRING */
++#endif /* not LDAP_OPT_DIAGNOSTIC_MESSAGE */
++
+ #endif /* COMPAT__LDAP_COMPAT_H */
+
+Modified: nslcd/myldap.c
+==============================================================================
+--- nslcd/myldap.c	Wed Feb 29 22:44:31 2012	(r1625)
++++ nslcd/myldap.c	Mon Mar  5 22:53:54 2012	(r1626)
+@@ -378,6 +378,7 @@
+ static int do_bind(LDAP *ld,const char *binddn,const char *bindpw,const char *uri)
+ {
+   int rc;
++  char *msg=NULL;
+ #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+ #ifndef HAVE_SASL_INTERACT_T
+   struct berval cred;
+@@ -392,9 +393,16 @@
+     rc=ldap_start_tls_s(ld,NULL,NULL);
+     if (rc!=LDAP_SUCCESS)
+     {
+-      log_log(LOG_WARNING,"ldap_start_tls_s() failed: %s%s%s (uri=\"%s\")",
+-                          ldap_err2string(rc),(errno==0)?"":": ",
+-                          (errno==0)?"":strerror(errno),uri);
++#ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
++      ldap_get_option(ld,LDAP_OPT_DIAGNOSTIC_MESSAGE,&msg);
++#endif /* LDAP_OPT_DIAGNOSTIC_MESSAGE */
++      log_log(LOG_WARNING,"ldap_start_tls_s() failed: %s%s%s%s%s (uri=\"%s\")",
++                          ldap_err2string(rc),
++                          (msg==NULL)?"":": ",(msg==NULL)?"":msg,
++                          (errno==0)?"":": ",(errno==0)?"":strerror(errno),
++                          uri);
++      if (msg)
++        ldap_memfree(msg);
+       return rc;
+     }
+   }

net/nss-pam-ldapd/files/patch-r1631

@@ -0,0 +1,21 @@
+Modified: nslcd/common.h
+==============================================================================
+--- nslcd/common.h	Sat Mar 10 21:31:58 2012	(r1630)
++++ nslcd/common.h	Sat Mar 10 21:41:37 2012	(r1631)
+@@ -3,7 +3,7 @@
+    This file is part of the nss-pam-ldapd library.
+ 
+    Copyright (C) 2006 West Consulting
+-   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Arthur de Jong
++   Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong
+ 
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+@@ -25,6 +25,7 @@
+ #define NSLCD__COMMON_H 1
+ 
+ #include <errno.h>
++#include <limits.h>
+ 
+ #include "nslcd.h"
+ #include "common/nslcd-prot.h"

net/nss-pam-ldapd/files/rtld_nss__nslcd.c

@@ -1,20 +0,0 @@
---- nslcd/nslcd.c.orig	2011-01-09 13:45:07.000000000 +0300
-+++ nslcd/nslcd.c	2011-01-09 13:45:55.000000000 +0300
-@@ -574,7 +574,7 @@
-   char *error;
-   int *enable_flag;
-   /* try to load the NSS module */
--  handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY|RTLD_NODELETE);
-+  handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY);
-   if (handle==NULL)
-   {
-     log_log(LOG_WARNING,"Warning: LDAP NSS module not loaded: %s",dlerror());
-@@ -593,7 +593,7 @@
-     if (__nss_configure_lookup("hosts","files dns"))
-       log_log(LOG_ERR,"unable to override hosts lookup method: %s",strerror(errno));
- #endif /* HAVE___NSS_CONFIGURE_LOOKUP */
--    dlclose(handle);
-+    /* Do not dlclose() to keep reference count > 0 instead of RTLD_NODELETE */
-     return;
-   }
-   /* disable nss_ldap */

net/nss-pam-ldapd/pkg-plist

@@ -1,6 +1,8 @@
 @unexec if cmp -s %D/etc/%%CONFIG%%.sample %D/etc/%%CONFIG%%; then rm -f %D/etc/%%CONFIG%%; fi
 etc/%%CONFIG%%.sample
+%%NSS%%lib/nss_ldap.so
 %%NSS%%lib/nss_ldap.so.1
 %%NSLCD%%sbin/nslcd
 %%PAM%%lib/pam_ldap.so
 %%PAM%%lib/pam_ldap.so.1
+@exec if [ ! -f %D/etc/%%CONFIG%% ]; then cp -p %D/etc/%%CONFIG%%.sample %D/etc/%%CONFIG%%; fi