summaryrefslogtreecommitdiffstats
path: root/source/n/nss-pam-ldapd
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2020-05-18 19:17:21 +0000
committer Eric Hameleers <alien@slackware.com>2020-05-18 23:25:14 +0200
commitffef56590d68c334819ecf26118a257bdafccf6b (patch)
tree6681fac1801c4a0569147ba9a731f323b38dff15 /source/n/nss-pam-ldapd
parenteba2e5b781702a60ac9f9613c9b8456c1594215c (diff)
downloadcurrent-ffef56590d68c334819ecf26118a257bdafccf6b.tar.gz
current-ffef56590d68c334819ecf26118a257bdafccf6b.tar.xz
Mon May 18 19:17:21 UTC 202020200518191721
Greetings! After three months in /testing, the PAM merge into the main tree is now complete. When updating, be sure to install the new pam, cracklib, and libpwquality packages or you may find yourself locked out of your machine. Otherwise, these changes should be completely transparent and you shouldn't notice any obvious operational differences. Be careful if you make any changes in /etc/pam.d/ - leaving an extra console logged in while testing PAM config changes is a recommended standard procedure. Thanks again to Robby Workman, Vincent Batts, Phantom X, and ivandi for help implementing this. It's not done yet and there will be more fine-tuning of the config files, but now we can move on to build some other updates. Enjoy! a/cracklib-2.9.7-x86_64-1.txz: Added. a/kernel-firmware-20200517_f8d32e4-noarch-1.txz: Upgraded. a/libcgroup-0.41-x86_64-7.txz: Rebuilt. Rebuilt to add PAM support. a/libpwquality-1.4.2-x86_64-1.txz: Added. a/lilo-24.2-x86_64-9.txz: Rebuilt. Enable the "compact" option by default. liloconfig: correctly set the root partition. a/pam-1.3.1-x86_64-1.txz: Added. a/shadow-4.8.1-x86_64-7.txz: Rebuilt. Rebuilt to add PAM support. a/utempter-1.2.0-x86_64-1.txz: Upgraded. a/util-linux-2.35.1-x86_64-6.txz: Rebuilt. Rebuilt to add PAM support. a/xfsprogs-5.6.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. ap/at-3.2.1-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/cups-2.3.3-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/hplip-3.20.5-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/mariadb-10.4.13-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/screen-4.8.0-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/soma-3.3.0-noarch-1.txz: Upgraded. Thanks to David Woodfall. ap/sqlite-3.31.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. ap/sudo-1.9.0-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. ap/vim-8.2.0788-x86_64-1.txz: Upgraded. d/bison-3.6.2-x86_64-1.txz: Upgraded. d/meson-0.54.2-x86_64-1.txz: Upgraded. d/python-setuptools-46.4.0-x86_64-1.txz: Upgraded. d/vala-0.48.6-x86_64-1.txz: Upgraded. kde/calligra-2.9.11-x86_64-36.txz: Rebuilt. Recompiled against icu4c-67.1. kde/kde-workspace-4.11.22-x86_64-7.txz: Rebuilt. Rebuilt to add PAM support. l/ConsoleKit2-1.2.1-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. l/boost-1.73.0-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/gnome-keyring-3.36.0-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. l/harfbuzz-2.6.6-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/icu4c-67.1-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/imagemagick-7.0.10_13-x86_64-1.txz: Upgraded. l/libcap-2.34-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. l/libical-3.0.8-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/libuv-1.38.0-x86_64-1.txz: Upgraded. l/libvisio-0.1.7-x86_64-3.txz: Rebuilt. Recompiled against icu4c-67.1. l/polkit-0.116-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. l/qt-4.8.7-x86_64-16.txz: Rebuilt. Recompiled against icu4c-67.1. l/qt5-5.13.2-x86_64-4.txz: Rebuilt. Recompiled against icu4c-67.1. l/qt5-webkit-5.212.0_alpha4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. l/raptor2-2.0.15-x86_64-9.txz: Rebuilt. Recompiled against icu4c-67.1. l/system-config-printer-1.5.12-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. l/vte-0.60.2-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. n/cifs-utils-6.10-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. n/cyrus-sasl-2.1.27-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. n/dovecot-2.3.10.1-x86_64-1.txz: Upgraded. Rebuilt to add PAM support. Compiled against icu4c-67.1. This update fixes several denial-of-service vulnerabilities. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10957 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10967 (* Security fix *) n/mutt-1.14.1-x86_64-1.txz: Upgraded. n/netatalk-3.1.12-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. n/netkit-rsh-0.17-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. n/nss-pam-ldapd-0.9.11-x86_64-1.txz: Added. n/openssh-8.2p1-x86_64-3.txz: Rebuilt. Rebuilt to add PAM support. n/openvpn-2.4.9-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. n/pam-krb5-4.9-x86_64-1.txz: Added. n/php-7.4.6-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. n/popa3d-1.0.3-x86_64-4.txz: Rebuilt. Rebuilt to add PAM support. n/postfix-3.5.2-x86_64-1.txz: Upgraded. Compiled against icu4c-67.1. n/ppp-2.4.8-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. n/proftpd-1.3.6c-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. n/samba-4.12.2-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. Recompiled against icu4c-67.1. n/tin-2.4.4-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. n/vsftpd-3.0.3-x86_64-6.txz: Rebuilt. Rebuilt to add PAM support. t/texlive-2019.190626-x86_64-4.txz: Rebuilt. Recompiled against icu4c-67.1. x/vulkan-sdk-1.2.135.0-x86_64-1.txz: Upgraded. x/xdm-1.1.11-x86_64-10.txz: Rebuilt. Rebuilt to add PAM support. x/xisxwayland-1-x86_64-1.txz: Added. xap/sane-1.0.30-x86_64-1.txz: Upgraded. This update fixes several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864 (* Security fix *) xap/vim-gvim-8.2.0788-x86_64-1.txz: Upgraded. xap/xlockmore-5.63-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. xap/xscreensaver-5.44-x86_64-2.txz: Rebuilt. Rebuilt to add PAM support. extra/brltty/brltty-6.1-x86_64-2.txz: Rebuilt. Recompiled against icu4c-67.1. extra/pure-alsa-system/qt5-5.13.2-x86_64-4_alsa.txz: Rebuilt. Recompiled against icu4c-67.1. isolinux/initrd.img: Rebuilt. Added PAM libraries, security modules, and config files. usb-and-pxe-installers/usbboot.img: Rebuilt. Added PAM libraries, security modules, and config files.
Diffstat (limited to 'source/n/nss-pam-ldapd')
-rw-r--r--source/n/nss-pam-ldapd/1025d5de336d8c9585b79df3154b5649da344281.patch42
-rw-r--r--source/n/nss-pam-ldapd/548efe5333b56a0a042843a044e0348317f80065.patch37
-rw-r--r--source/n/nss-pam-ldapd/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch26
-rw-r--r--source/n/nss-pam-ldapd/doinst.sh26
-rw-r--r--source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch49
-rwxr-xr-xsource/n/nss-pam-ldapd/nss-pam-ldapd.SlackBuild152
-rw-r--r--source/n/nss-pam-ldapd/nss-pam-ldapd.url1
-rw-r--r--source/n/nss-pam-ldapd/rc.nss-pam-ldapd37
-rw-r--r--source/n/nss-pam-ldapd/slack-desc19
9 files changed, 389 insertions, 0 deletions
diff --git a/source/n/nss-pam-ldapd/1025d5de336d8c9585b79df3154b5649da344281.patch b/source/n/nss-pam-ldapd/1025d5de336d8c9585b79df3154b5649da344281.patch
new file mode 100644
index 000000000..b21ab09ee
--- /dev/null
+++ b/source/n/nss-pam-ldapd/1025d5de336d8c9585b79df3154b5649da344281.patch
@@ -0,0 +1,42 @@
+From 1025d5de336d8c9585b79df3154b5649da344281 Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Sun, 13 Oct 2019 17:23:20 +0200
+Subject: [PATCH] Fix Python 3 compatibility in chsh.ldap
+
+---
+ utils/chsh.py | 6 +++---
+ utils/shells.py | 2 +-
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/utils/chsh.py b/utils/chsh.py
+index e7537e71..0f24bfcc 100755
+--- a/utils/chsh.py
++++ b/utils/chsh.py
+@@ -43,11 +43,11 @@
+ def ask_shell(oldshell):
+ """Ask the user to provide a shell."""
+ # Provide Python 2 compatibility
++ prompt = ' Login Shell [%s]: ' % oldshell
+ try:
+- input = raw_input
++ shell = raw_input(prompt)
+ except NameError:
+- pass
+- shell = input(' Login Shell [%s]: ' % oldshell)
++ shell = input(prompt)
+ return shell or oldshell
+
+
+diff --git a/utils/shells.py b/utils/shells.py
+index 92dba2f2..327b35e7 100644
+--- a/utils/shells.py
++++ b/utils/shells.py
+@@ -35,7 +35,7 @@ def list_shells():
+ shell = getusershell()
+ if not shell:
+ break
+- yield shell
++ yield shell.decode('utf-8')
+ libc.endusershell()
+
+
diff --git a/source/n/nss-pam-ldapd/548efe5333b56a0a042843a044e0348317f80065.patch b/source/n/nss-pam-ldapd/548efe5333b56a0a042843a044e0348317f80065.patch
new file mode 100644
index 000000000..d03f1552d
--- /dev/null
+++ b/source/n/nss-pam-ldapd/548efe5333b56a0a042843a044e0348317f80065.patch
@@ -0,0 +1,37 @@
+From 548efe5333b56a0a042843a044e0348317f80065 Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Mon, 11 Nov 2019 23:06:20 +0100
+Subject: [PATCH] Log the correct timeout value
+
+This fixes logging of the LDAP_OPT_TIMEOUT, LDAP_OPT_NETWORK_TIMEOUT and
+LDAP_X_OPT_CONNECT_TIMEOUT options to actually log the value of the
+bind_timelimit option instead of the timelimit option.
+---
+ nslcd/myldap.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/nslcd/myldap.c b/nslcd/myldap.c
+index 02b97195..0ee1be80 100644
+--- a/nslcd/myldap.c
++++ b/nslcd/myldap.c
+@@ -911,17 +911,17 @@ static int do_set_options(MYLDAP_SESSION *session)
+ tv.tv_usec = 0;
+ #ifdef LDAP_OPT_TIMEOUT
+ log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_TIMEOUT,%d)",
+- nslcd_cfg->timelimit);
++ nslcd_cfg->bind_timelimit);
+ LDAP_SET_OPTION(session->ld, LDAP_OPT_TIMEOUT, &tv);
+ #endif /* LDAP_OPT_TIMEOUT */
+ #ifdef LDAP_OPT_NETWORK_TIMEOUT
+ log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,%d)",
+- nslcd_cfg->timelimit);
++ nslcd_cfg->bind_timelimit);
+ LDAP_SET_OPTION(session->ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+ #endif /* LDAP_OPT_NETWORK_TIMEOUT */
+ #ifdef LDAP_X_OPT_CONNECT_TIMEOUT
+ log_log(LOG_DEBUG, "ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%d)",
+- nslcd_cfg->timelimit);
++ nslcd_cfg->bind_timelimit);
+ LDAP_SET_OPTION(session->ld, LDAP_X_OPT_CONNECT_TIMEOUT, &tv);
+ #endif /* LDAP_X_OPT_CONNECT_TIMEOUT */
+ log_log(LOG_DEBUG, "ldap_set_option(LDAP_OPT_REFERRALS,%s)",
diff --git a/source/n/nss-pam-ldapd/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch b/source/n/nss-pam-ldapd/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch
new file mode 100644
index 000000000..127243e0e
--- /dev/null
+++ b/source/n/nss-pam-ldapd/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch
@@ -0,0 +1,26 @@
+From b33551895b3c02dc7082363c6aae13f8e336f4e5 Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Mon, 10 Feb 2020 22:52:16 +0100
+Subject: [PATCH] Fix typo in manual page
+
+Thanks Benedict Reuschling for pointing this out.
+
+Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/39
+Fixes b93838d
+---
+ man/nslcd.conf.5.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
+index 7ae56b28..4e81645c 100644
+--- a/man/nslcd.conf.5.xml
++++ b/man/nslcd.conf.5.xml
+@@ -514,7 +514,7 @@
+ <term><option>idle_timelimit</option> <replaceable>SECONDS</replaceable></term>
+ <listitem>
+ <para>
+- Specifies the period if inactivity (in seconds) after which the
++ Specifies the period of inactivity (in seconds) after which the
+ connection to the <acronym>LDAP</acronym> server will be closed.
+ The default is not to time out connections.
+ </para>
diff --git a/source/n/nss-pam-ldapd/doinst.sh b/source/n/nss-pam-ldapd/doinst.sh
new file mode 100644
index 000000000..d483abce2
--- /dev/null
+++ b/source/n/nss-pam-ldapd/doinst.sh
@@ -0,0 +1,26 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ if [ -e $OLD ]; then
+ cp -a $OLD ${NEW}.incoming
+ cat $NEW > ${NEW}.incoming
+ mv ${NEW}.incoming $NEW
+ fi
+ config $NEW
+}
+
+config etc/nslcd.conf.new
+preserve_perms etc/rc.d/rc.nss-pam-ldapd.new
diff --git a/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch b/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch
new file mode 100644
index 000000000..13b0ace7f
--- /dev/null
+++ b/source/n/nss-pam-ldapd/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch
@@ -0,0 +1,49 @@
+From fea0f5ed287b04406afca0835b1a333bd1fe617b Mon Sep 17 00:00:00 2001
+From: Arthur de Jong <arthur@arthurdejong.org>
+Date: Sun, 13 Oct 2019 17:24:36 +0200
+Subject: [PATCH] Add pam_authc_ppolicy support in pynslcd
+
+See https://bugs.debian.org/900253
+---
+ pynslcd/cfg.py | 3 ++-
+ pynslcd/pam.py | 6 ++++--
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/pynslcd/cfg.py b/pynslcd/cfg.py
+index 877d4427..b970b5a7 100644
+--- a/pynslcd/cfg.py
++++ b/pynslcd/cfg.py
+@@ -87,6 +87,7 @@
+ nss_getgrent_skipmembers = False
+ nss_disable_enumeration = False
+ validnames = re.compile(r'^[a-z0-9._@$][a-z0-9._@$ \\~-]{0,98}[a-z0-9._@$~-]$', re.IGNORECASE)
++pam_authc_ppolicy = True
+ pam_authz_searches = []
+ pam_password_prohibit_message = None
+ reconnect_invalidate = set()
+@@ -184,7 +185,7 @@ def read(filename): # noqa: C901 (many simple branches)
+ # parse options with a single boolean argument
+ m = re.match(
+ r'(?P<keyword>referrals|nss_nested_groups|nss_getgrent_skipmembers|'
+- r'nss_disable_enumeration)\s+(?P<value>%s)' % (
++ r'nss_disable_enumeration|pam_authc_ppolicy)\s+(?P<value>%s)' % (
+ '|'.join(_boolean_options.keys())),
+ line, re.IGNORECASE)
+ if m:
+diff --git a/pynslcd/pam.py b/pynslcd/pam.py
+index b372cdda..5f5486b3 100644
+--- a/pynslcd/pam.py
++++ b/pynslcd/pam.py
+@@ -42,8 +42,10 @@ def authenticate(binddn, password):
+ # open a new connection
+ conn = search.Connection()
+ # bind using the specified credentials
+- pwctrl = PasswordPolicyControl()
+- res, data, msgid, ctrls = conn.simple_bind_s(binddn, password, serverctrls=[pwctrl])
++ serverctrls = []
++ if cfg.pam_authc_ppolicy:
++ serverctrls.append(PasswordPolicyControl())
++ res, data, msgid, ctrls = conn.simple_bind_s(binddn, password, serverctrls=serverctrls)
+ # go over bind result server controls
+ for ctrl in ctrls:
+ if ctrl.controlType == PasswordPolicyControl.controlType:
diff --git a/source/n/nss-pam-ldapd/nss-pam-ldapd.SlackBuild b/source/n/nss-pam-ldapd/nss-pam-ldapd.SlackBuild
new file mode 100755
index 000000000..204e96030
--- /dev/null
+++ b/source/n/nss-pam-ldapd/nss-pam-ldapd.SlackBuild
@@ -0,0 +1,152 @@
+#!/bin/bash
+
+# Copyright 2020 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=nss-pam-ldapd
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$(uname -m)" in
+ i?86) ARCH=i586 ;;
+ arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) ARCH=$(uname -m) ;;
+ esac
+ export ARCH
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "armv7hl" ]; then
+ SLKCFLAGS="-O3 -march=armv7-a -mfpu=vfpv3-d16"
+ LIBDIRSUFFIX=""
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+# Upstream patches from git:
+zcat $CWD/1025d5de336d8c9585b79df3154b5649da344281.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/548efe5333b56a0a042843a044e0348317f80065.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/b33551895b3c02dc7082363c6aae13f8e336f4e5.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/fea0f5ed287b04406afca0835b1a333bd1fe617b.patch.gz | patch -p1 --verbose || exit 1
+
+export PYTHON=python3
+
+# Configure, build, and install:
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --docdir=/usr/doc/$PKGNAM-$VERSION \
+ --with-pam-seclib-dir=/lib$LIBDIRSUFFIX/security \
+ --build=$ARCH-slackware-linux || exit 1
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+# Install config file as .new:
+mv $PKG/etc/nslcd.conf $PKG/etc/nslcd.conf.new
+# Restrict access since this file may include a secret credential:
+chmod 600 $PKG/etc/nslcd.conf.new
+
+# Install init script:
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.nss-pam-ldapd > $PKG/etc/rc.d/rc.nss-pam-ldapd.new
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Compress manual pages:
+find $PKG/usr/man -type f -exec gzip -9 {} \+
+for i in $( find $PKG/usr/man -type l ) ; do
+ ln -s $( readlink $i ).gz $i.gz
+ rm $i
+done
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION
+cp -a \
+ AUTHORS* ChangeLog COPYING* HACKING* LICENSE* NEWS* README* TODO* \
+ $PKG/usr/doc/${PKGNAM}-$VERSION
+
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+ DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+ cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+ touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
+
+mkdir -p $PKG/install
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
diff --git a/source/n/nss-pam-ldapd/nss-pam-ldapd.url b/source/n/nss-pam-ldapd/nss-pam-ldapd.url
new file mode 100644
index 000000000..2644c0ebd
--- /dev/null
+++ b/source/n/nss-pam-ldapd/nss-pam-ldapd.url
@@ -0,0 +1 @@
+https://arthurdejong.org/nss-pam-ldapd
diff --git a/source/n/nss-pam-ldapd/rc.nss-pam-ldapd b/source/n/nss-pam-ldapd/rc.nss-pam-ldapd
new file mode 100644
index 000000000..7a4252a38
--- /dev/null
+++ b/source/n/nss-pam-ldapd/rc.nss-pam-ldapd
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# rc.nss-pam-ldapd: start/stop/restart nslcd
+#
+# nslcd is a daemon that will do LDAP queries for local processes that want
+# to do user, group, and other naming lookups (NSS), or do user authentication,
+# authorization, or password modification (PAM).
+
+nslcd_start() {
+ if [ -x /usr/sbin/nslcd -a -r /etc/nslcd.conf ]; then
+ # Ensure /run directory exists:
+ mkdir -p /run/nslcd
+ echo "Starting local LDAP name service daemon: /usr/sbin/nslcd"
+ /usr/sbin/nslcd
+ fi
+}
+
+nslcd_stop() {
+ echo "Stopping local LDAP name service daemon."
+ killall --ns $$ nslcd
+}
+
+case "$1" in
+'start')
+ nslcd_start
+ ;;
+'stop')
+ nslcd_stop
+ ;;
+'restart')
+ nslcd_stop
+ sleep 2
+ nslcd_start
+ ;;
+*)
+ echo "usage $0 start|stop|restart"
+esac
diff --git a/source/n/nss-pam-ldapd/slack-desc b/source/n/nss-pam-ldapd/slack-desc
new file mode 100644
index 000000000..fed065b20
--- /dev/null
+++ b/source/n/nss-pam-ldapd/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+nss-pam-ldapd: nss-pam-ldapd (LDAP NSS/PAM module)
+nss-pam-ldapd:
+nss-pam-ldapd: nss-pam-ldapd is an NSS and PAM module that allows your LDAP server to
+nss-pam-ldapd: provide user account, group, host name, alias, netgroup, and basically
+nss-pam-ldapd: any other information that you would normally get from /etc/ flat
+nss-pam-ldapd: files or NIS. It also allows you to do authentication to an LDAP
+nss-pam-ldapd: server.
+nss-pam-ldapd:
+nss-pam-ldapd: Homepage: https://arthurdejong.org/nss-pam-ldapd/
+nss-pam-ldapd:
+nss-pam-ldapd: