Merge remote-tracking branch 'origin/master' into OPENLDAP_REL_ENG_2_5

b518a597 · Quanah Gibson-Mount · b75c433d · 80cfd811 · b518a597 · b518a597
Commit b518a597 authored Mar 31, 2021 by Quanah Gibson-Mount
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,9 +25,10 @@ build-openssl-heimdal-lloadd:
    - apt update
    - DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev heimdal-multidev libssl-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev heimdal-kdc libsasl2-modules-gssapi-heimdal sasl2-bin libevent-dev libargon2-dev
    - autoreconf
-    - ./configure --enable-backends=mod --enable-overlays=mod --enable-modules --enable-dynamic --disable-ndb --enable-balancer=mod
+    - ./configure --enable-backends=mod --enable-overlays=mod --enable-modules --enable-dynamic --disable-ndb --enable-balancer=mod --enable-argon2
    - make depend
    - make
+    - export DEBUGINFOD_URLS="${DEBUGINFOD_URLS-https://debuginfod.debian.net}"
    - ulimit -n 4096 # back-monitor takes a while scanning a long connections array
    - SLAPD_COMMON_WRAPPER=gdb make test
  artifacts:
@@ -43,9 +44,10 @@ build-gnutls-mit-standalone-lloadd:
    - apt update
    - DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev krb5-user krb5-kdc krb5-admin-server libsasl2-modules-gssapi-mit sasl2-bin libgnutls28-dev libevent-dev libargon2-dev
    - autoreconf
-    - ./configure --enable-backends=mod --enable-overlays=mod --disable-autoca --enable-modules --enable-dynamic --disable-ndb --enable-balancer=yes
+    - ./configure --enable-backends=mod --enable-overlays=mod --disable-autoca --enable-modules --enable-dynamic --disable-ndb --enable-balancer=yes --enable-argon2
    - make depend
    - make
+    - export DEBUGINFOD_URLS="${DEBUGINFOD_URLS-https://debuginfod.debian.net}"
    - ulimit -n 4096 # back-monitor takes a while scanning a long connections array
    - SLAPD_COMMON_WRAPPER=gdb make test
  artifacts:

--- a/build/top.mk
+++ b/build/top.mk
@@ -104,6 +104,9 @@ LTFLAGS_MOD = $(@PLAT@_LTFLAGS_MOD)
 # LINK_LIBS referenced in library and module link commands.
 LINK_LIBS = $(MOD_LIBS) $(@PLAT@_LINK_LIBS)

+# compiler options for versioned library symbol support
+OL_VERSIONED_SYMBOLS = @OL_VERSIONED_SYMBOLS@
+
 LTSTATIC = @LTSTATIC@

 LTLINK   = $(LIBTOOL) --mode=link \
@@ -113,7 +116,7 @@ LTCOMPILE_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=compile \
 	$(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(LIB_DEFS) -c

 LTLINK_LIB = $(LIBTOOL) $(LTONLY_LIB) --mode=link \
-	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB)
+	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_LIB) $(SYMBOL_VERSION_FLAGS)

 LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
 	$(CC) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c

--- a/build/version.sh
+++ b/build/version.sh
@@ -22,11 +22,11 @@ if test $ol_patch != X ; then
 	ol_type=Release
 elif test $ol_minor != X ; then
 	ol_version=${ol_major}.${ol_minor}.${ol_patch}
-	ol_api_lib_release=${ol_major}.${ol_minor}-releng
+	ol_api_lib_release=${ol_major}.${ol_minor}.releng
 	ol_type=Engineering
 else
 	ol_version=${ol_major}.${ol_minor}
-	ol_api_lib_release=${ol_major}-devel
+	ol_api_lib_release=${ol_major}.devel
 	ol_type=Devel
 fi


--- a/clients/tools/ldapurl.c
+++ b/clients/tools/ldapurl.c
@@ -34,6 +34,7 @@
 #include <ac/stdlib.h>
 #include <stdio.h>
 #include <ac/unistd.h>
+#include <ac/socket.h>

 #include "ldap.h"
 #include "ldap_pvt.h"

--- a/configure
+++ b/configure
@@ -687,7 +687,9 @@ BUILD_REMOTEAUTH
 BUILD_REFINT
 BUILD_PROXYCACHE
 BUILD_PPOLICY
+BUILD_OTP
 BUILD_MEMBEROF
+BUILD_HOMEDIR
 BUILD_LASTMOD
 BUILD_DYNLIST
 BUILD_DYNGROUP
@@ -716,6 +718,7 @@ BUILD_DNSSRV
 SLAPD_SLAPI_DEPEND
 BUILD_SLAPI
 BUILD_SLAPD
+OL_VERSIONED_SYMBOLS
 BUILD_LIBS_DYNAMIC
 BUILD_THREAD
 WITH_ACI_ENABLED
@@ -878,7 +881,9 @@ enable_dds
 enable_deref
 enable_dyngroup
 enable_dynlist
+enable_homedir
 enable_memberof
+enable_otp
 enable_ppolicy
 enable_proxycache
 enable_refint
@@ -899,6 +904,7 @@ enable_balancer
 enable_xxliboptions
 enable_static
 enable_shared
+enable_versioning
 with_pic
 enable_fast_install
 with_aix_soname
@@ -1586,7 +1592,9 @@ SLAPD Overlay Options:
  --enable-deref          Dereference overlay no|yes|mod [no]
  --enable-dyngroup       Dynamic Group overlay no|yes|mod [no]
  --enable-dynlist        Dynamic List overlay no|yes|mod [no]
+  --enable-homedir        Home Directory Management overlay no|yes|mod [no]
  --enable-memberof       Reverse Group Membership overlay no|yes|mod [no]
+  --enable-otp            OTP 2-factor authentication overlay no|yes|mod [no]
  --enable-ppolicy        Password Policy overlay no|yes|mod [no]
  --enable-proxycache     Proxy Cache overlay no|yes|mod [no]
  --enable-refint         Referential Integrity overlay no|yes|mod [no]
@@ -1609,6 +1617,7 @@ LLOADD (Load Balancer Daemon) Options:
 Library Generation & Linking Options
  --enable-static[=PKGS]  build static libraries [default=yes]
  --enable-shared[=PKGS]  build shared libraries [default=yes]
+  --enable-versioning     Enable versioned symbols in shared library no|yes|auto [auto]
  --enable-fast-install[=PKGS]
                          optimize for fast installation [default=yes]
  --disable-libtool-lock  avoid locking (might break parallel builds)
@@ -3801,7 +3810,9 @@ Overlays="accesslog \
 	deref \
 	dyngroup \
 	dynlist \
+	homedir \
 	memberof \
+	otp \
 	ppolicy \
 	proxycache \
 	refint \
@@ -4040,6 +4051,28 @@ fi
  
 # end --enable-dynlist
  
+# OpenLDAP --enable-homedir
+
+	# Check whether --enable-homedir was given.
+if test "${enable_homedir+set}" = set; then :
+  enableval=$enable_homedir;
+	ol_arg=invalid
+	for ol_val in no yes mod ; do
+		if test "$enableval" = "$ol_val" ; then
+			ol_arg="$ol_val"
+		fi
+	done
+	if test "$ol_arg" = "invalid" ; then
+		as_fn_error $? "bad value $enableval for --enable-homedir" "$LINENO" 5
+	fi
+	ol_enable_homedir="$ol_arg"
+
+else
+  	ol_enable_homedir=${ol_enable_overlays:-no}
+fi
+
+# end --enable-homedir
+
 # OpenLDAP --enable-memberof
  
 	# Check whether --enable-memberof was given.
@@ -4062,6 +4095,28 @@ fi
  
 # end --enable-memberof
  
+# OpenLDAP --enable-otp
+
+	# Check whether --enable-otp was given.
+if test "${enable_otp+set}" = set; then :
+  enableval=$enable_otp;
+	ol_arg=invalid
+	for ol_val in no yes mod ; do
+		if test "$enableval" = "$ol_val" ; then
+			ol_arg="$ol_val"
+		fi
+	done
+	if test "$ol_arg" = "invalid" ; then
+		as_fn_error $? "bad value $enableval for --enable-otp" "$LINENO" 5
+	fi
+	ol_enable_otp="$ol_arg"
+
+else
+  	ol_enable_otp=${ol_enable_overlays:-no}
+fi
+
+# end --enable-otp
+
 # OpenLDAP --enable-ppolicy
  
 	# Check whether --enable-ppolicy was given.
@@ -4471,6 +4526,27 @@ fi
  
  
  
+# OpenLDAP --enable-versioning
+
+	# Check whether --enable-versioning was given.
+if test "${enable_versioning+set}" = set; then :
+  enableval=$enable_versioning;
+	ol_arg=invalid
+	for ol_val in no yes auto ; do
+		if test "$enableval" = "$ol_val" ; then
+			ol_arg="$ol_val"
+		fi
+	done
+	if test "$ol_arg" = "invalid" ; then
+		as_fn_error $? "bad value $enableval for --enable-versioning" "$LINENO" 5
+	fi
+	ol_enable_versioning="$ol_arg"
+
+else
+  	ol_enable_versioning=auto
+fi
+
+# end --enable-versioning
  
  
 if test $ol_enable_slapd = no ; then
@@ -4615,7 +4691,9 @@ BUILD_DEREF=no
 BUILD_DYNGROUP=no
 BUILD_DYNLIST=no
 BUILD_LASTMOD=no
+BUILD_HOMEDIR=no
 BUILD_MEMBEROF=no
+BUILD_OTP=no
 BUILD_PPOLICY=no
 BUILD_PROXYCACHE=no
 BUILD_REFINT=no
@@ -25046,6 +25124,22 @@ _ACEOF
  
 fi
  
+if test "$ol_enable_homedir" != no ; then
+	BUILD_HOMEDIR=$ol_enable_homedir
+	if test "$ol_enable_homedir" = mod ; then
+		MFLAG=SLAPD_MOD_DYNAMIC
+		SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS homedir.la"
+	else
+		MFLAG=SLAPD_MOD_STATIC
+		SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS homedir.o"
+	fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_HOMEDIR $MFLAG
+_ACEOF
+
+fi
+
 if test "$ol_enable_memberof" != no ; then
 	BUILD_MEMBEROF=$ol_enable_memberof
 	if test "$ol_enable_memberof" = mod ; then
@@ -25062,6 +25156,26 @@ _ACEOF
  
 fi
  
+if test "$ol_enable_otp" != no ; then
+	if test $ol_with_tls = no ; then
+		as_fn_error $? "--enable-otp=$ol_enable_otp requires --with-tls" "$LINENO" 5
+	fi
+
+	BUILD_OTP=$ol_enable_otp
+	if test "$ol_enable_otp" = mod ; then
+		MFLAG=SLAPD_MOD_DYNAMIC
+		SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS otp_2fa.la"
+	else
+		MFLAG=SLAPD_MOD_STATIC
+		SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS otp_2fa.o"
+	fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_OTP $MFLAG
+_ACEOF
+
+fi
+
 if test "$ol_enable_ppolicy" != no ; then
 	BUILD_PPOLICY=$ol_enable_ppolicy
 	if test "$ol_enable_ppolicy" = mod ; then
@@ -25424,6 +25538,18 @@ $as_echo "#define ENABLE_SLAPI 1" >>confdefs.h
 	SLAPD_SLAPI_DEPEND=libslapi.a
 fi
  
+OL_VERSIONED_SYMBOLS=""
+if test $ol_enable_versioning != no; then
+	LDVS=`$LD --help < /dev/null 2>/dev/null | grep version-script`
+	if test -z "$LDVS"; then
+		if test $ol_enable_versioning = "yes" ; then
+			as_fn_error $? "Library symbol versioning requested but not supported" "$LINENO" 5
+		fi
+	else
+		OL_VERSIONED_SYMBOLS="-Wl,--version-script="
+	fi
+fi
+
  
  
 if test "$ac_cv_mingw32" = yes -o $ol_cv_msvc = yes ; then
@@ -25529,6 +25655,9 @@ fi
  
  
  
+
+
+
  
  
  
@@ -25540,7 +25669,7 @@ fi
  
  
  
-ac_config_files="$ac_config_files Makefile:build/top.mk:Makefile.in:build/dir.mk doc/Makefile:build/top.mk:doc/Makefile.in:build/dir.mk doc/man/Makefile:build/top.mk:doc/man/Makefile.in:build/dir.mk doc/man/man1/Makefile:build/top.mk:doc/man/man1/Makefile.in:build/man.mk doc/man/man3/Makefile:build/top.mk:doc/man/man3/Makefile.in:build/man.mk doc/man/man5/Makefile:build/top.mk:doc/man/man5/Makefile.in:build/man.mk doc/man/man8/Makefile:build/top.mk:doc/man/man8/Makefile.in:build/man.mk clients/Makefile:build/top.mk:clients/Makefile.in:build/dir.mk clients/tools/Makefile:build/top.mk:clients/tools/Makefile.in:build/rules.mk include/Makefile:build/top.mk:include/Makefile.in libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/liblber/lber.pc libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/libldap/ldap.pc libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk servers/slapd/back-ldap/Makefile:build/top.mk:servers/slapd/back-ldap/Makefile.in:build/mod.mk servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk servers/slapd/back-mdb/Makefile:build/top.mk:servers/slapd/back-mdb/Makefile.in:build/mod.mk servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk servers/slapd/back-asyncmeta/Makefile:build/top.mk:servers/slapd/back-asyncmeta/Makefile.in:build/mod.mk servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk servers/slapd/back-ndb/Makefile:build/top.mk:servers/slapd/back-ndb/Makefile.in:build/mod.mk servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk servers/slapd/back-sock/Makefile:build/top.mk:servers/slapd/back-sock/Makefile.in:build/mod.mk servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk servers/slapd/back-wt/Makefile:build/top.mk:servers/slapd/back-wt/Makefile.in:build/mod.mk servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk servers/slapd/pwmods/Makefile:build/top.mk:servers/slapd/pwmods/Makefile.in:build/lib.mk servers/lloadd/Makefile:build/top.mk:servers/lloadd/Makefile.in servers/lloadd/Makefile.server:servers/lloadd/Makefile_server.in:build/srv.mk servers/lloadd/Makefile.module:servers/lloadd/Makefile_module.in:build/mod.mk tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk tests/run tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk"
+ac_config_files="$ac_config_files Makefile:build/top.mk:Makefile.in:build/dir.mk doc/Makefile:build/top.mk:doc/Makefile.in:build/dir.mk doc/man/Makefile:build/top.mk:doc/man/Makefile.in:build/dir.mk doc/man/man1/Makefile:build/top.mk:doc/man/man1/Makefile.in:build/man.mk doc/man/man3/Makefile:build/top.mk:doc/man/man3/Makefile.in:build/man.mk doc/man/man5/Makefile:build/top.mk:doc/man/man5/Makefile.in:build/man.mk doc/man/man8/Makefile:build/top.mk:doc/man/man8/Makefile.in:build/man.mk clients/Makefile:build/top.mk:clients/Makefile.in:build/dir.mk clients/tools/Makefile:build/top.mk:clients/tools/Makefile.in:build/rules.mk include/Makefile:build/top.mk:include/Makefile.in libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/liblber/lber.pc libraries/liblber/liblber.vers libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/libldap/ldap.pc libraries/libldap/libldap.vers libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk servers/slapd/back-ldap/Makefile:build/top.mk:servers/slapd/back-ldap/Makefile.in:build/mod.mk servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk servers/slapd/back-mdb/Makefile:build/top.mk:servers/slapd/back-mdb/Makefile.in:build/mod.mk servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk servers/slapd/back-asyncmeta/Makefile:build/top.mk:servers/slapd/back-asyncmeta/Makefile.in:build/mod.mk servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk servers/slapd/back-ndb/Makefile:build/top.mk:servers/slapd/back-ndb/Makefile.in:build/mod.mk servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk servers/slapd/back-sock/Makefile:build/top.mk:servers/slapd/back-sock/Makefile.in:build/mod.mk servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk servers/slapd/back-wt/Makefile:build/top.mk:servers/slapd/back-wt/Makefile.in:build/mod.mk servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk servers/slapd/pwmods/Makefile:build/top.mk:servers/slapd/pwmods/Makefile.in:build/lib.mk servers/lloadd/Makefile:build/top.mk:servers/lloadd/Makefile.in servers/lloadd/Makefile.server:servers/lloadd/Makefile_server.in:build/srv.mk servers/lloadd/Makefile.module:servers/lloadd/Makefile_module.in:build/mod.mk tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk tests/run tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk"
  
  
 ac_config_commands="$ac_config_commands default"
@@ -26466,8 +26595,10 @@ do
    "libraries/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk" ;;
    "libraries/liblber/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
    "libraries/liblber/lber.pc") CONFIG_FILES="$CONFIG_FILES libraries/liblber/lber.pc" ;;
+    "libraries/liblber/liblber.vers") CONFIG_FILES="$CONFIG_FILES libraries/liblber/liblber.vers" ;;
    "libraries/libldap/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
    "libraries/libldap/ldap.pc") CONFIG_FILES="$CONFIG_FILES libraries/libldap/ldap.pc" ;;
+    "libraries/libldap/libldap.vers") CONFIG_FILES="$CONFIG_FILES libraries/libldap/libldap.vers" ;;
    "libraries/liblunicode/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
    "libraries/liblutil/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
    "libraries/librewrite/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk" ;;

--- a/configure.ac
+++ b/configure.ac
@@ -346,7 +346,9 @@ Overlays="accesslog \
 	deref \
 	dyngroup \
 	dynlist \
+	homedir \
 	memberof \
+	otp \
 	ppolicy \
 	proxycache \
 	refint \
@@ -385,8 +387,12 @@ OL_ARG_ENABLE(dyngroup, [AS_HELP_STRING([--enable-dyngroup], [Dynamic Group over
 	no, [no yes mod], ol_enable_overlays)
 OL_ARG_ENABLE(dynlist, [AS_HELP_STRING([--enable-dynlist], [Dynamic List overlay])],
 	no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(homedir, [AS_HELP_STRING([--enable-homedir], [Home Directory Management overlay])],
+	no, [no yes mod], ol_enable_overlays)
 OL_ARG_ENABLE(memberof, [AS_HELP_STRING([--enable-memberof], [Reverse Group Membership overlay])],
 	no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(otp, [AS_HELP_STRING([--enable-otp], [OTP 2-factor authentication overlay])],
+	no, [no yes mod], ol_enable_overlays)
 OL_ARG_ENABLE(ppolicy, [AS_HELP_STRING([--enable-ppolicy], [Password Policy overlay])],
 	no, [no yes mod], ol_enable_overlays)
 OL_ARG_ENABLE(proxycache, [AS_HELP_STRING([--enable-proxycache], [Proxy Cache overlay])],
@@ -434,7 +440,8 @@ AC_ARG_ENABLE(xxliboptions,[
 Library Generation & Linking Options])
 AC_ENABLE_STATIC
 AC_ENABLE_SHARED
-
+OL_ARG_ENABLE(versioning, [AS_HELP_STRING([--enable-versioning], [Enable versioned symbols in shared library])],
+	auto, [no yes auto])
 dnl ----------------------------------------------------------------
 dnl Validate options
 dnl ----------------------------------------------------------------
@@ -584,7 +591,9 @@ BUILD_DEREF=no
 BUILD_DYNGROUP=no
 BUILD_DYNLIST=no
 BUILD_LASTMOD=no
+BUILD_HOMEDIR=no
 BUILD_MEMBEROF=no
+BUILD_OTP=no
 BUILD_PPOLICY=no
 BUILD_PROXYCACHE=no
 BUILD_REFINT=no
@@ -2819,6 +2828,18 @@ if test "$ol_enable_dynlist" != no ; then
 	AC_DEFINE_UNQUOTED(SLAPD_OVER_DYNLIST,$MFLAG,[define for Dynamic List overlay])
 fi

+if test "$ol_enable_homedir" != no ; then
+	BUILD_HOMEDIR=$ol_enable_homedir
+	if test "$ol_enable_homedir" = mod ; then
+		MFLAG=SLAPD_MOD_DYNAMIC
+		SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS homedir.la"
+	else
+		MFLAG=SLAPD_MOD_STATIC
+		SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS homedir.o"
+	fi
+	AC_DEFINE_UNQUOTED(SLAPD_OVER_HOMEDIR,$MFLAG,[define for Home Directory Management overlay])
+fi
+
 if test "$ol_enable_memberof" != no ; then
 	BUILD_MEMBEROF=$ol_enable_memberof
 	if test "$ol_enable_memberof" = mod ; then
@@ -2831,6 +2852,22 @@ if test "$ol_enable_memberof" != no ; then
 	AC_DEFINE_UNQUOTED(SLAPD_OVER_MEMBEROF,$MFLAG,[define for Reverse Group Membership overlay])
 fi

+if test "$ol_enable_otp" != no ; then
+	if test $ol_with_tls = no ; then
+		AC_MSG_ERROR([--enable-otp=$ol_enable_otp requires --with-tls])
+	fi
+
+	BUILD_OTP=$ol_enable_otp
+	if test "$ol_enable_otp" = mod ; then
+		MFLAG=SLAPD_MOD_DYNAMIC
+		SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS otp_2fa.la"
+	else
+		MFLAG=SLAPD_MOD_STATIC
+		SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS otp_2fa.o"
+	fi
+	AC_DEFINE_UNQUOTED(SLAPD_OVER_OTP,$MFLAG,[define for OTP 2-factor Authentication overlay])
+fi
+
 if test "$ol_enable_ppolicy" != no ; then
 	BUILD_PPOLICY=$ol_enable_ppolicy
 	if test "$ol_enable_ppolicy" = mod ; then
@@ -3037,6 +3074,18 @@ if test "$ol_enable_slapi" != no ; then
 	SLAPD_SLAPI_DEPEND=libslapi.a
 fi

+OL_VERSIONED_SYMBOLS=""
+if test $ol_enable_versioning != no; then
+	LDVS=`$LD --help < /dev/null 2>/dev/null | grep version-script`
+	if test -z "$LDVS"; then
+		if test $ol_enable_versioning = "yes" ; then
+			AC_MSG_ERROR([Library symbol versioning requested but not supported])
+		fi
+	else
+		OL_VERSIONED_SYMBOLS="-Wl,--version-script="
+	fi
+fi
+
 dnl ----------------------------------------------------------------

 dnl
@@ -3059,6 +3108,7 @@ AC_SUBST(WITH_MODULES_ENABLED)
 AC_SUBST(WITH_ACI_ENABLED)
 AC_SUBST(BUILD_THREAD)
 AC_SUBST(BUILD_LIBS_DYNAMIC)
+AC_SUBST(OL_VERSIONED_SYMBOLS)

 AC_SUBST(BUILD_SLAPD)
 dnl slapi
@@ -3091,7 +3141,9 @@ dnl overlays
  AC_SUBST(BUILD_DYNGROUP)
  AC_SUBST(BUILD_DYNLIST)
  AC_SUBST(BUILD_LASTMOD)
+  AC_SUBST(BUILD_HOMEDIR)
  AC_SUBST(BUILD_MEMBEROF)
+  AC_SUBST(BUILD_OTP)
  AC_SUBST(BUILD_PPOLICY)
  AC_SUBST(BUILD_PROXYCACHE)
  AC_SUBST(BUILD_REFINT)
@@ -3176,8 +3228,10 @@ AC_CONFIG_FILES([Makefile:build/top.mk:Makefile.in:build/dir.mk]
 [libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk]
 [libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk]
 [libraries/liblber/lber.pc]
+[libraries/liblber/liblber.vers]
 [libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk]
 [libraries/libldap/ldap.pc]
+[libraries/libldap/libldap.vers]
 [libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk]
 [libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk]
 [libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk]

--- a/contrib/slapd-modules/authzid/authzid.c
+++ b/contrib/slapd-modules/authzid/authzid.c
@@ -71,7 +71,7 @@ authzid_conn_find( Connection *c )
 	authzid_conn_t *ac = NULL, tmp = { 0 };

 	tmp.conn = c;
-	ac = (authzid_conn_t *)avl_find( authzid_tree, (caddr_t)&tmp, authzid_conn_cmp );
+	ac = (authzid_conn_t *)ldap_avl_find( authzid_tree, (caddr_t)&tmp, authzid_conn_cmp );
 	if ( ac == NULL || ( ac != NULL && ac->refcnt != 0 ) ) {
 		ac = NULL;
 	}
@@ -121,7 +121,7 @@ authzid_conn_insert( Connection *c, char flag )
 	ac->conn = c;
 	ac->refcnt = 0;
 	ac->authzid_flag = flag;
-	rc = avl_insert( &authzid_tree, (caddr_t)ac,
+	rc = ldap_avl_insert( &authzid_tree, (caddr_t)ac,
 		authzid_conn_cmp, authzid_conn_dup );
 	ldap_pvt_thread_mutex_unlock( &authzid_mutex );

@@ -139,7 +139,7 @@ authzid_conn_remove( Connection *c )
 		ldap_pvt_thread_mutex_unlock( &authzid_mutex );
 		return -1;
 	}
-	tmp = avl_delete( &authzid_tree, (caddr_t)ac, authzid_conn_cmp );
+	tmp = ldap_avl_delete( &authzid_tree, (caddr_t)ac, authzid_conn_cmp );
 	ldap_pvt_thread_mutex_unlock( &authzid_mutex );

 	assert( tmp == ac );

--- a/contrib/slapd-modules/datamorph/.gitignore
+++ b/contrib/slapd-modules/datamorph/.gitignore
+# test suite
+clients
+servers
--- a/contrib/slapd-modules/datamorph/Makefile
+++ b/contrib/slapd-modules/datamorph/Makefile
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2021 The OpenLDAP Foundation.
+# Copyright 2017 Ondřej Kuzník, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+SRCDIR = ./
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2 -Wall
+DEFS = -DSLAPD_OVER_DATAMORPH=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = datamorph.la
+MANPAGES = slapo-datamorph.5
+CLEAN = *.o *.lo *.la .libs
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+all: $(PROGRAMS)
+
+d :=
+sp :=
+dir := tests
+include $(dir)/Rules.mk
+
+%.lo: %.c
+	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
+
+%.la: %.lo
+	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
+		-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf $(CLEAN)
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
--- a/contrib/slapd-modules/datamorph/datamorph.c
+++ b/contrib/slapd-modules/datamorph/datamorph.c
--- a/contrib/slapd-modules/datamorph/slapo-datamorph.5
+++ b/contrib/slapd-modules/datamorph/slapo-datamorph.5
+.TH SLAPO-DATAMORPH 5 "RELEASEDATE" "OpenLDAP"
+.\" Copyright 2016-2017 Symas Corp. All Rights Reserved.
+.\" Copying restrictions apply.  See LICENSE.
+.SH NAME
+slapo\-datamorph \- store enumerated values and fixed size integers
+.SH SYNOPSIS
+olcOverlay=datamorph
+.SH DESCRIPTION
+The
+.B datamorph
+overlay to
+.BR slapd (8)
+allows attributes with a few pre-defined values to be saved more
+space-efficiently as well as signed or unsigned integer attributes.
+
+.LP
+The overlay operates on configured attributes that must have their syntax
+compatible with
+.BR 1.3.6.1.4.1.4203.666.11.12.1.1 ,
+there are three such syntaxes defined by the overlay:
+.B 1.3.6.1.4.1.4203.666.11.12.1.2
+(Enumerated value),
+.B 1.3.6.1.4.1.4203.666.11.12.1.3
+(Fixed-size integer), and
+.B 1.3.6.1.4.1.4203.666.11.12.1.4
+(Fixed-size signed integer).
+.LP
+
+While transforming the request, if a value for an attribute is not permitted by the configuration, the behaviour depends on the operation:
+
+.RS
+.TP
+.B Search
+The affected value assertions in a
+.B Search
+request filter are replaced by a filter returning
+.B Undefined .
+.TP
+.B Compare
+Request returns
+.B Compare
+.BR False .
+.TP
+.B Add, Modify
+Requests are rejected with a
+.B Constraint
+.BR Violation .
+.RE
+
+The supported allowed matching rules for the attribute types above are:
+
+.RS
+.TP
+.B EQUALITY fixedSizeIntegerMatch
+Appropriate for syntaxes
+.B 1.3.6.1.4.1.4203.666.11.12.1.2
+(Enumerated value), and
+.B 1.3.6.1.4.1.4203.666.11.12.1.3
+(Fixed-size integer).
+.TP
+.B EQUALITY fixedSizeSignedIntegerMatch
+Appropriate for syntax
+.B 1.3.6.1.4.1.4203.666.11.12.1.4
+(Fixed-size signed integer) only.
+.TP
+.B ORDERING fixedSizeIntegerOrderingMatch
+Appropriate for syntaxes
+.B 1.3.6.1.4.1.4203.666.11.12.1.2
+(Enumerated value), and
+.B 1.3.6.1.4.1.4203.666.11.12.1.3
+(Fixed-size integer). Enumerated value attributes are compared according to
+their stored database value.
+.TP
+.B ORDERING fixedSizeSignedIntegerOrderingMatch
+Appropriate for syntax
+.B 1.3.6.1.4.1.4203.666.11.12.1.4
+(Fixed-size signed integer) only.
+
+
+.SH CONFIGURATION LAYOUT
+
+The overlay has to be instantiated under a database adding an entry of
+.B olcOverlay=datamorph
+with objectClass of
+.BR olcDatamorphConfig.
+
+The overlay configuration subtree consists of the following levels:
+.RS