update to OpenLDAP 2.6.2

- BDB/HDB are no longer supported in 2.5+, if you're using these you
need to move to MDB (MDB is supported in the 2.4.x version already in
ports).

*Before* upgrading use slapcat to dump your database to an ldif file.
(You should be doing this regularly anyway)

Update your database configuration to use mdb instead of bdb.
Note that if you are using the on-line configuration database (cn=config)
rather than slapd.conf it can be fiddly to change in an existing
configuration; you may prefer to regenerate the configuration too.

Reload your database from the ldif file using slapadd (or if you are
updating a read-only replica you can let syncrepl pick it up).

- The port has switched to a modular build. The most important backends
and overlays (in particular mdb and syncrepl) are still compiled into
slapd so in those cases you don't need to make any changes to adapt to
this. If using more exotic configuration then you may need to load
the relevant modules (for OLC see "olcModuleLoad", for slapd.conf see
"moduleload").

- Switch from BUILD_DEPENDS on groff (only soelim is used) to an awk
script.

Next commit will adjust other ports to cope.

databases/openldap/Makefile

@@ -1,21 +1,18 @@
-DPB_PROPERTIES =	parallel
+COMMENT-main =	  LDAP client library and tools
+COMMENT-server =  LDAP directory server
 
-COMMENT-main =		open-source LDAP software (client)
-COMMENT-server =	open-source LDAP software (server)
+DISTNAME =	  openldap-2.6.2
 
-DISTNAME =		openldap-2.4.59
-REVISION =		1
+MULTI_PACKAGES =  -main -server
+PKGNAME-main =	  ${DISTNAME:S/-/-client-/}
+EXTRACT_SUFX =		.tgz
+# aci only affects the server; override pkgname/path for the client
+FULLPKGNAME-main = ${DISTNAME:S/-/-client-/}${FLAVOR_EXT:S/-aci//}
+FULLPKGPATH-main = databases/openldap,-main${FLAVOR_EXT:S/-aci//:S/-/,/g}
+EPOCH =		0
 
-PKGNAME-main =		${DISTNAME:S/-/-client-/}
-EPOCH =			0
-
-# overwrite -main pkgname/path to strip FLAVOR, aci only affects the server
-FULLPKGNAME-main =	${DISTNAME:S/-/-client-/}${FLAVOR_EXT:S/-aci//}
-FULLPKGPATH-main =	databases/openldap,-main${FLAVOR_EXT:S/-aci//:S/-/,/g}
-
-SHARED_LIBS +=	lber                 15.0
-SHARED_LIBS +=	ldap                 15.0
-SHARED_LIBS +=	ldap_r               15.0
+SHARED_LIBS +=	lber	16.0
+SHARED_LIBS +=	ldap	16.0
 
 CATEGORIES =	databases net
 
@@ -27,7 +24,7 @@ MAINTAINER =	Stuart Henderson <stu.ports@spacehopper.org>
 PERMIT_PACKAGE =	Yes
 
 WANTLIB=	c crypto pthread sasl2 ssl
-WANTLIB-server=	${WANTLIB} lber ldap_r lib/db4/db>=4 m perl
+WANTLIB-server=	${WANTLIB} lber ldap ltdl m perl sodium
 
 MASTER_SITES =	https://openldap.org/software/download/OpenLDAP/openldap-release/ \
 		https://mirror.eu.oneandone.net/software/openldap/ \
@@ -35,13 +32,13 @@ MASTER_SITES =	https://openldap.org/software/download/OpenLDAP/openldap-release/
 		ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/
 
 COMPILER =		base-clang ports-gcc
-
-EXTRACT_SUFX =		.tgz
+DPB_PROPERTIES =	parallel
+DEBUG_PACKAGES =	${BUILD_PACKAGES}
 
 SEPARATE_BUILD =	Yes
-AUTOCONF_VERSION =	2.65
+AUTOCONF_VERSION =	2.69
 CONFIGURE_STYLE =	autoconf
-DEBUG_PACKAGES =	${BUILD_PACKAGES}
+USE_GMAKE =		Yes
 
 FLAVOR ?=
 FLAVORS =		aci gssapi
@@ -50,29 +47,41 @@ CONFIGURE_ARGS +=	--enable-dynamic \
 			--enable-ipv6 \
 			--with-tls=openssl
 
-# slapd options
-CONFIGURE_ARGS +=	--enable-slapd \
+# lloadd needs the ports version of libevent, autoconf check
+# needs tweaking for this
+CONFIGURE_ARGS +=	--disable-balancer
+# --enable-balancer / --enable-balancer=mod
+
+# options
+CONFIGURE_ARGS +=	--enable-argon2 \
 			--enable-cleartext \
 			--enable-crypt \
-			--with-cyrus-sasl \
-			--enable-spasswd
+			--enable-modules \
+			--enable-spasswd \
+			--with-argon2=libsodium \
+			--with-cyrus-sasl
 
-# slapd modules
-CONFIGURE_ARGS +=	--enable-bdb \
-			--enable-dnssrv \
-			--enable-hdb \
-			--enable-ldap \
-			--enable-meta \
-			--enable-null \
-			--enable-overlays \
-			--enable-passwd \
-			--enable-perl
+# default to using modules rather than linked in to slapd directly
+# doing this enables everything by default rather than having a mix of
+# on/off so some are either disabled below or set to 'yes' to link in
+# directly. link in the mdb backend and syncprov overlay to slapd
+# itself so in the common case there's no need to change config to
+# load modules.
+CONFIGURE_ARGS +=	--enable-backends=mod \
+			--enable-mdb=yes \
+			--enable-overlays=mod \
+			--enable-syncprov=yes
 
-# Enable MDB support, N.B. patch-servers_slapd_back-mdb_init_c.
-CONFIGURE_ARGS +=	--enable-mdb
+# disabled backends (other available backends are built as modules)
+CONFIGURE_ARGS +=	--disable-passwd \
+			--disable-sock \
+			--disable-sql \
+			--disable-wt
 
+# aci cannot be built as a module
 .if ${FLAVOR:Maci}
-CONFIGURE_ARGS +=	--enable-aci
+CONFIGURE_ARGS +=	--enable-dynacl \
+			--enable-aci
 .endif
 
 .if ${FLAVOR:Mgssapi}
@@ -88,34 +97,32 @@ MODGNU_CONFIG_GUESS_DIRS = ${WRKSRC} ${WRKSRC}/build
 TEST_TARGET =		test
 TEST_DEPENDS =		shells/bash
 
-MULTI_PACKAGES =	-main -server
-
-# formatting is ok with mandoc, but soelim is used at build time
-BUILD_DEPENDS +=	textproc/groff
 LIB_DEPENDS +=		security/cyrus-sasl2
-LIB_DEPENDS-server =	${LIB_DEPENDS-main} \
-			databases/db/v4,no_java,no_tcl \
-			databases/openldap,-main
+LIB_DEPENDS-server =	${LIB_DEPENDS} \
+			${BUILD_PKGPATH},-main \
+			devel/libtool,-ltdl \
+			security/libsodium
 
-CPPFLAGS =		-I${LOCALBASE}/include/sasl \
-			-I${LOCALBASE}/include/db4 \
-			-I${LOCALBASE}/include
+CPPFLAGS =		-I${LOCALBASE}/include/sasl -I${LOCALBASE}/include
+LDFLAGS =		-L${LOCALBASE}/lib -Wl,--export-dynamic
 CFLAGS +=		-Wno-format-extra-args
+CONFIGURE_ENV +=	CPPFLAGS="${CPPFLAGS}" LDFLAGS="${LDFLAGS}"
 
-CONFIGURE_ENV +=	CPPFLAGS="${CPPFLAGS}" \
-			LDFLAGS="-L${LOCALBASE}/lib/db4 -L${LOCALBASE}/lib"
+# bypass autoconf check for OpenSSL 1.1.1+ function which is not
+# actually used in OpenLDAP code
+CONFIGURE_ENV +=	ac_cv_lib_ssl_SSL_export_keying_material_early=yes
 
+# just to allow lining up @samples in PLISTs
 LDAP_SYSCONF =		${SYSCONFDIR}/openldap
 SUBST_VARS +=		LDAP_SYSCONF
-FAKE_FLAGS =		sysconfdir=${PREFIX}/share/examples/openldap
 
-pre-build:
-	@cd ${WRKBUILD}; ${MAKE_PROGRAM} depend
+post-extract:
+	${INSTALL_SCRIPT} ${FILESDIR}/soelim.awk ${WRKDIR}/bin/soelim
 
+# mv config files rather than overriding in FAKE_FLAGS; the filenames
+# are merged into manpages during fake-install
 post-install:
-	rm ${PREFIX}/share/examples/openldap/{slapd.conf,slapd.ldif,ldap.conf}.default
-
-pre-test:
-	sed -i 's,^#!/bin/bash,#!${LOCALBASE}/bin/bash,' ${WRKSRC}/tests/scripts/test064-constraint
+	mv ${WRKINST}${SYSCONFDIR}/openldap ${PREFIX}/share/examples/
+	rm ${PREFIX}/share/examples/openldap/*.default
 
 .include <bsd.port.mk>

databases/openldap/distinfo

@@ -1,2 +1,2 @@
-SHA256 (openldap-2.4.59.tgz) = mfN9Z0fYggbEcAZ+2mJNXkjBAR6UPsCrIXuuhxLiLzQ=
-SIZE (openldap-2.4.59.tgz) = 5886272
+SHA256 (openldap-2.6.2.tgz) = gdCTRSMutiSG7PWsrNLFbAxFtKbIwGZhLn9CGiOhz4c=
+SIZE (openldap-2.6.2.tgz) = 6448362

databases/openldap/files/soelim.awk

@@ -0,0 +1,8 @@
+#!/usr/bin/awk -f
+
+/^\.so/ {
+	gsub(/"/, "", $2)
+	system("cat " $2)
+	next
+}
+{ print }

databases/openldap/patches/patch-Makefile_in

@@ -1,13 +1,10 @@
 Index: Makefile.in
 --- Makefile.in.orig
 +++ Makefile.in
-@@ -36,3 +36,9 @@ distclean: veryclean FORCE
+@@ -36,3 +36,6 @@ distclean: veryclean FORCE
  check: test
  test: FORCE
- 	cd tests; $(MAKE) test
+ 	cd tests && $(MAKE) test
 +
 +test-ldbm: FORCE
 +	cd tests; $(MAKE) ldbm
-+
-+test-bdb: FORCE
-+	cd tests; $(MAKE) bdb

databases/openldap/patches/patch-aclocal_m4

@@ -1,13 +0,0 @@
-Don't automatically run ldconfig -m.
-
-Index: aclocal.m4
---- aclocal.m4.orig
-+++ aclocal.m4
-@@ -2071,7 +2071,6 @@ openbsd*)
-     *)                         need_version=no  ;;
-   esac
-   library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
--  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-   shlibpath_var=LD_LIBRARY_PATH
-   if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
-     case $host_os in

databases/openldap/patches/patch-build_top_mk

@@ -1,15 +1,6 @@
 Index: build/top.mk
 --- build/top.mk.orig
 +++ build/top.mk
-@@ -74,7 +74,7 @@ MKVERSION = $(top_srcdir)/build/mkversion -v "$(VERSIO
- LIBTOOL = @LIBTOOL@
- LIBRELEASE = @OPENLDAP_LIBRELEASE@
- LIBVERSION = @OPENLDAP_LIBVERSION@
--LTVERSION = -release $(LIBRELEASE) -version-info $(LIBVERSION)
-+LTVERSION = -version-info $(LIBVERSION)
- 
- # libtool --only flag for libraries: platform specific
- NT_LTONLY_LIB = # --only-$(BUILD_LIBS_DYNAMIC)
 @@ -90,7 +90,7 @@ LTONLY_MOD = $(LTONLY_$(BUILD_MOD))
  NT_LTFLAGS_LIB = -no-undefined -avoid-version -rpath $(libdir)
  NT_LTFLAGS_MOD = -no-undefined -avoid-version -rpath $(moduledir)

databases/openldap/patches/patch-configure_ac

@@ -1,14 +1,13 @@
 OpenLDAP's first choice uuid functions are close to but not quite the same
 as we have in libc, differences being that we don't have uuid_to_str() (in
 fact I don't see which other OS might have it either, no other software in
-debian codesearch uses this), and it needs uuid.h not sys/uuid.h.
+Debian codesearch uses this), and it needs uuid.h not sys/uuid.h.
+Patch to use it, avoiding the need for Linux/libext2fs libuuid.
 
-Patch to use it, avoiding the need for Linux libuuid.
-
-Index: configure.in
---- configure.in.orig
-+++ configure.in
-@@ -1018,11 +1018,11 @@ dnl --------------------------------------------------
+Index: configure.ac
+--- configure.ac.orig
++++ configure.ac
+@@ -1066,11 +1066,11 @@ dnl --------------------------------------------------
  dnl UUID Support
  
  have_uuid=no

databases/openldap/patches/patch-include_ldap_pvt_h

@@ -0,0 +1,12 @@
+Index: include/ldap_pvt.h
+--- include/ldap_pvt.h.orig
++++ include/ldap_pvt.h
+@@ -178,7 +178,7 @@ ldap_pvt_get_hname LDAP_P((
+ 	char **herr ));
+ 
+ #ifdef LDAP_PF_LOCAL
+-#define LDAP_IPADDRLEN	(MAXPATHLEN + sizeof("PATH="))
++#define LDAP_IPADDRLEN	(PATH_MAX + sizeof("PATH="))
+ #elif defined(LDAP_PF_INET6)
+ #define LDAP_IPADDRLEN	sizeof("IP=[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535")
+ #else

databases/openldap/patches/patch-libraries_libldap_os-ip_c

@@ -1,25 +1,25 @@
 Index: libraries/libldap/os-ip.c
 --- libraries/libldap/os-ip.c.orig
 +++ libraries/libldap/os-ip.c
-@@ -282,8 +282,8 @@ ldap_int_poll(
+@@ -287,8 +287,8 @@ ldap_int_poll(
  	int		rc;
  		
  
--	osip_debug(ld, "ldap_int_poll: fd: %d tm: %ld\n",
--		s, tvp ? tvp->tv_sec : -1L, 0);
-+	osip_debug(ld, "ldap_int_poll: fd: %d tm: %lld\n",
-+		s, tvp ? (long long)tvp->tv_sec : -1L, 0);
+-	Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %ld\n",
+-		s, tvp ? tvp->tv_sec : -1L );
++	Debug2(LDAP_DEBUG_TRACE, "ldap_int_poll: fd: %d tm: %lld\n",
++		s, tvp ? (long long)tvp->tv_sec : -1LL );
  
  #ifdef HAVE_POLL
  	{
-@@ -432,8 +432,8 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s,
- 		opt_tv = &tv;
+@@ -439,8 +439,8 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s,
  	}
  
--	osip_debug(ld, "ldap_pvt_connect: fd: %d tm: %ld async: %d\n",
+ 	Debug3(LDAP_DEBUG_TRACE,
+-			"ldap_pvt_connect: fd: %d tm: %ld async: %d\n",
 -			s, opt_tv ? tv.tv_sec : -1L, async);
-+	osip_debug(ld, "ldap_pvt_connect: fd: %d tm: %lld async: %d\n",
-+			s, opt_tv ? (long long)tv.tv_sec : -1L, async);
++			"ldap_pvt_connect: fd: %d tm: %lld async: %d\n",
++			s, opt_tv ? (long long)tv.tv_sec : -1LL, async);
  
  	if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
  		return ( -1 );

databases/openldap/patches/patch-libraries_libldap_os-local_c

@@ -1,14 +1,14 @@
 Index: libraries/libldap/os-local.c
 --- libraries/libldap/os-local.c.orig
 +++ libraries/libldap/os-local.c
-@@ -176,8 +176,8 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sock
- 		opt_tv = &tv;
+@@ -164,8 +164,8 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sock
  	}
  
--	oslocal_debug(ld, "ldap_connect_timeout: fd: %d tm: %ld async: %d\n",
+ 	Debug3(LDAP_DEBUG_TRACE,
+-		"ldap_connect_timeout: fd: %d tm: %ld async: %d\n",
 -		s, opt_tv ? tv.tv_sec : -1L, async);
-+	oslocal_debug(ld, "ldap_connect_timeout: fd: %d tm: %lld async: %d\n",
-+		s, opt_tv ? (long long)tv.tv_sec : -1L, async);
++		"ldap_connect_timeout: fd: %d tm: %lld async: %d\n",
++		s, opt_tv ? (long long)tv.tv_sec : -1LL, async);
  
  	if ( ldap_pvt_ndelay_on(ld, s) == -1 ) return -1;
  

databases/openldap/patches/patch-libraries_libldap_tls_o_c

@@ -1,25 +0,0 @@
-requires SSL_CTX_set_ciphersuites/SSL_set_ciphersuites API which are
-present in src/lib/libssl and headers, but the symbols are not yet
-exported to the library
-
-Index: libraries/libldap/tls_o.c
---- libraries/libldap/tls_o.c.orig
-+++ libraries/libldap/tls_o.c
-@@ -273,7 +273,7 @@ tlso_ctx_free ( tls_ctx *ctx )
- 	SSL_CTX_free( c );
- }
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10101000
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
- static char *
- tlso_stecpy( char *dst, const char *src, const char *end )
- {
-@@ -382,7 +382,7 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls 
- 		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 );
- 
- 	if ( lo->ldo_tls_ciphersuite ) {
--#if OPENSSL_VERSION_NUMBER >= 0x10101000
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
- 		tlso_ctx_cipher13( ctx, lt->lt_ciphersuite );
- #endif /* OpenSSL 1.1.1 */
- 		if ( !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )

databases/openldap/patches/patch-libraries_liblutil_uuid_c

@@ -2,7 +2,6 @@ OpenLDAP's first choice uuid functions are close to but not quite the same
 as we have in libc, differences being that we don't have uuid_to_str() (in
 fact I don't see which other OS might have it either, no other software in
 debian codesearch uses this), and it needs uuid.h not sys/uuid.h.
-
 Patch to use it, avoiding the need for Linux libuuid.
 
 Index: libraries/liblutil/uuid.c

databases/openldap/patches/patch-servers_slapd_Makefile_in

@@ -1,12 +0,0 @@
-Index: servers/slapd/Makefile.in
---- servers/slapd/Makefile.in.orig
-+++ servers/slapd/Makefile.in
-@@ -447,8 +447,6 @@ install-db-config: FORCE
- 	@-$(MKDIR) $(DESTDIR)$(localstatedir) $(DESTDIR)$(sysconfdir)
- 	@-$(INSTALL) -m 700 -d $(DESTDIR)$(localstatedir)/openldap-data
- 	$(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
--		$(DESTDIR)$(localstatedir)/openldap-data/DB_CONFIG.example
--	$(INSTALL) $(INSTALLFLAGS) -m 600 $(srcdir)/DB_CONFIG \
- 		$(DESTDIR)$(sysconfdir)/DB_CONFIG.example
- 
- install-tools: FORCE

databases/openldap/patches/patch-servers_slapd_back-mdb_init_c

@@ -1,7 +1,7 @@
 Index: servers/slapd/back-mdb/init.c
 --- servers/slapd/back-mdb/init.c.orig
 +++ servers/slapd/back-mdb/init.c
-@@ -166,6 +166,32 @@ mdb_db_open( BackendDB *be, ConfigReply *cr )
+@@ -169,6 +169,32 @@ mdb_db_open( BackendDB *be, ConfigReply *cr )
  
  	flags = mdb->mi_dbenv_flags;
  

databases/openldap/patches/patch-servers_slapd_daemon_c

@@ -0,0 +1,19 @@
+https://bugs.openldap.org/show_bug.cgi?id=9847#c3
+
+Index: servers/slapd/daemon.c
+--- servers/slapd/daemon.c.orig
++++ servers/slapd/daemon.c
+@@ -227,11 +227,10 @@ static slap_daemon_st *slap_daemon;
+     slap_daemon[t].sd_kq = kqueue(); \
+ } while (0)
+ 
+-/* a kqueue fd obtained before a fork can't be used in child process.
+- * close it and reacquire it.
++/* a kqueue(2) fd "is not inherited by a child created with fork(2)".
++ * no need to close the old one, but a new one must be acquired.
+  */
+ # define SLAP_SOCK_INIT2() do { \
+-	close(slap_daemon[0].sd_kq); \
+ 	slap_daemon[0].sd_kq = kqueue(); \
+ } while (0)
+ 

databases/openldap/patches/patch-servers_slapd_slapd_conf

@@ -1,6 +1,17 @@
+#1: this is subst'ed in "make install"; patch to avoid using share/examples/...
+
 Index: servers/slapd/slapd.conf
 --- servers/slapd/slapd.conf.orig
 +++ servers/slapd/slapd.conf
+@@ -2,7 +2,7 @@
+ # See slapd.conf(5) for details on configuration options.
+ # This file should NOT be world readable.
+ #
+-include		%SYSCONFDIR%/schema/core.schema
++include		/etc/openldap/schema/core.schema
+ 
+ # Define global ACLs to disable default read access.
+ 
 @@ -10,8 +10,8 @@ include		%SYSCONFDIR%/schema/core.schema
  # service AND an understanding of referrals.
  #referral	ldap://root.openldap.org
@@ -11,4 +22,4 @@ Index: servers/slapd/slapd.conf
 +argsfile	%LOCALSTATEDIR%/run/openldap/slapd.args
  
  # Load dynamic backend modules:
- # modulepath	%MODULEDIR%
+ modulepath	%MODULEDIR%

databases/openldap/pkg/DESCR-main

@@ -10,5 +10,5 @@ is distributed under a Perl-style "Artistic License".
 This is the client portion of OpenLDAP, it provides the client binaries,
 libraries and headers.
 
-Flavors:
+Flavours:
 	gssapi	build with GSSAPI support

databases/openldap/pkg/PLIST-main

@@ -7,6 +7,7 @@ bin/ldapadd
 @bin bin/ldappasswd
 @bin bin/ldapsearch
 @bin bin/ldapurl
+@bin bin/ldapvc
 @bin bin/ldapwhoami
 include/lber.h
 include/lber_types.h
@@ -24,9 +25,8 @@ lib/liblber.la
 @static-lib lib/libldap.a
 lib/libldap.la
 @lib lib/libldap.so.${LIBldap_VERSION}
-@static-lib lib/libldap_r.a
-lib/libldap_r.la
-@lib lib/libldap_r.so.${LIBldap_r_VERSION}
+lib/pkgconfig/lber.pc
+lib/pkgconfig/ldap.pc
 @man man/man1/ldapadd.1
 @man man/man1/ldapcompare.1
 @man man/man1/ldapdelete.1
@@ -36,6 +36,7 @@ lib/libldap_r.la
 @man man/man1/ldappasswd.1
 @man man/man1/ldapsearch.1
 @man man/man1/ldapurl.1
+@man man/man1/ldapvc.1
 @man man/man1/ldapwhoami.1
 @man man/man3/ber_alloc_t.3
 @man man/man3/ber_bvarray_add.3
@@ -130,6 +131,7 @@ lib/libldap_r.la
 @man man/man3/ldap_first_message.3
 @man man/man3/ldap_first_reference.3
 @man man/man3/ldap_free_urldesc.3
+@man man/man3/ldap_get_attribute_ber.3
 @man man/man3/ldap_get_dn.3
 @man man/man3/ldap_get_option.3
 @man man/man3/ldap_get_values.3

databases/openldap/pkg/PLIST-server

@@ -2,30 +2,92 @@
 @conflict openldap-client-<=2.4.45p0
 @pkgpath databases/openldap,-server,bdb
 @pkgpath databases/openldap23
-@ask-update openldap-server-<2.4 You will need to recreate the database. Make sure your existing database is backed up
+@ask-update openldap-server-<2.5 BDB/HDB backends are removed in 2.5, convert to MDB before updating if you use them. Backup your existing database with slapcat
 @newgroup _openldap:544
 @newuser _openldap:544:_openldap:daemon:OpenLDAP Account:/nonexistent:/sbin/nologin
-@extraunexec rm -Rf ${LDAP_SYSCONF}/slapd.d/*
-@extraunexec rm -Rf /var/openldap-data/*
+@comment XXXextra @extraunexec rm -Rf ${LDAP_SYSCONF}/slapd.d/*
+@comment XXXextra @extraunexec rm -Rf /var/openldap-data/*
 @rcscript ${RCDIR}/slapd
+libexec/openldap/
+libexec/openldap/accesslog.la
+@so libexec/openldap/accesslog.so
+libexec/openldap/argon2.la
+@so libexec/openldap/argon2.so
+libexec/openldap/auditlog.la
+@so libexec/openldap/auditlog.so
+libexec/openldap/autoca.la
+@so libexec/openldap/autoca.so
+libexec/openldap/back_asyncmeta.la
+@so libexec/openldap/back_asyncmeta.so
+libexec/openldap/back_dnssrv.la
+@so libexec/openldap/back_dnssrv.so
+libexec/openldap/back_ldap.la
+@so libexec/openldap/back_ldap.so
+libexec/openldap/back_meta.la
+@so libexec/openldap/back_meta.so
+libexec/openldap/back_null.la
+@so libexec/openldap/back_null.so
+libexec/openldap/back_perl.la
+@so libexec/openldap/back_perl.so
+libexec/openldap/back_relay.la
+@so libexec/openldap/back_relay.so
+libexec/openldap/collect.la
+@so libexec/openldap/collect.so
+libexec/openldap/constraint.la
+@so libexec/openldap/constraint.so
+libexec/openldap/dds.la
+@so libexec/openldap/dds.so
+libexec/openldap/deref.la
+@so libexec/openldap/deref.so
+libexec/openldap/dyngroup.la
+@so libexec/openldap/dyngroup.so
+libexec/openldap/dynlist.la
+@so libexec/openldap/dynlist.so
+libexec/openldap/homedir.la
+@so libexec/openldap/homedir.so
+libexec/openldap/memberof.la
+@so libexec/openldap/memberof.so
+libexec/openldap/otp.la
+@so libexec/openldap/otp.so
+libexec/openldap/pcache.la
+@so libexec/openldap/pcache.so
+libexec/openldap/ppolicy.la
+@so libexec/openldap/ppolicy.so
+libexec/openldap/refint.la
+@so libexec/openldap/refint.so
+libexec/openldap/remoteauth.la
+@so libexec/openldap/remoteauth.so
+libexec/openldap/retcode.la
+@so libexec/openldap/retcode.so
+libexec/openldap/rwm.la
+@so libexec/openldap/rwm.so
+libexec/openldap/seqmod.la
+@so libexec/openldap/seqmod.so
+libexec/openldap/sssvlv.la
+@so libexec/openldap/sssvlv.so
+libexec/openldap/translucent.la
+@so libexec/openldap/translucent.so
+libexec/openldap/unique.la
+@so libexec/openldap/unique.so
+libexec/openldap/valsort.la
+@so libexec/openldap/valsort.so
 @bin libexec/slapd
-@man man/man5/slapd-bdb.5
+@comment @man man/man5/lloadd.conf.5
+@man man/man5/slapd-asyncmeta.5
 @man man/man5/slapd-config.5
 @man man/man5/slapd-dnssrv.5
-@man man/man5/slapd-hdb.5
 @man man/man5/slapd-ldap.5
 @man man/man5/slapd-ldif.5
 @man man/man5/slapd-mdb.5
 @man man/man5/slapd-meta.5
 @man man/man5/slapd-monitor.5
-@man man/man5/slapd-ndb.5
 @man man/man5/slapd-null.5
 @man man/man5/slapd-passwd.5
 @man man/man5/slapd-perl.5
 @man man/man5/slapd-relay.5
-@man man/man5/slapd-shell.5
 @man man/man5/slapd-sock.5
 @man man/man5/slapd-sql.5
+@man man/man5/slapd-wt.5
 @man man/man5/slapd.access.5
 @man man/man5/slapd.backends.5
 @man man/man5/slapd.conf.5
@@ -33,17 +95,22 @@
 @man man/man5/slapd.plugin.5
 @man man/man5/slapo-accesslog.5
 @man man/man5/slapo-auditlog.5
+@man man/man5/slapo-autoca.5
 @man man/man5/slapo-chain.5
 @man man/man5/slapo-collect.5
 @man man/man5/slapo-constraint.5
 @man man/man5/slapo-dds.5
+@man man/man5/slapo-deref.5
 @man man/man5/slapo-dyngroup.5
 @man man/man5/slapo-dynlist.5
+@man man/man5/slapo-homedir.5
 @man man/man5/slapo-memberof.5
+@man man/man5/slapo-otp.5
 @man man/man5/slapo-pbind.5
 @man man/man5/slapo-pcache.5
 @man man/man5/slapo-ppolicy.5
 @man man/man5/slapo-refint.5
+@man man/man5/slapo-remoteauth.5
 @man man/man5/slapo-retcode.5
 @man man/man5/slapo-rwm.5
 @man man/man5/slapo-sock.5
@@ -52,6 +119,8 @@
 @man man/man5/slapo-translucent.5
 @man man/man5/slapo-unique.5
 @man man/man5/slapo-valsort.5
+@man man/man5/slappw-argon2.5
+@comment @man man/man8/lloadd.8
 @man man/man8/slapacl.8
 @man man/man8/slapadd.8
 @man man/man8/slapauth.8
@@ -59,6 +128,7 @@
 @man man/man8/slapd.8
 @man man/man8/slapdn.8
 @man man/man8/slapindex.8
+@man man/man8/slapmodify.8
 @man man/man8/slappasswd.8
 @man man/man8/slapschema.8
 @man man/man8/slaptest.8
@@ -68,19 +138,10 @@ sbin/slapauth
 sbin/slapcat
 sbin/slapdn
 sbin/slapindex
+sbin/slapmodify
 sbin/slappasswd
 sbin/slapschema
 sbin/slaptest
-share/examples/openldap/DB_CONFIG.example
-@owner _openldap
-@group _openldap
-@mode 700
-@sample /var/openldap-data/
-@mode 600
-@sample /var/openldap-data/DB_CONFIG
-@mode
-@owner
-@group
 share/examples/openldap/schema/
 @sample ${LDAP_SYSCONF}/schema/
 share/examples/openldap/schema/README
@@ -100,6 +161,10 @@ share/examples/openldap/schema/cosine.ldif
 @sample ${LDAP_SYSCONF}/schema/cosine.ldif
 share/examples/openldap/schema/cosine.schema
 @sample ${LDAP_SYSCONF}/schema/cosine.schema
+share/examples/openldap/schema/dsee.ldif
+@sample ${LDAP_SYSCONF}/schema/dsee.ldif
+share/examples/openldap/schema/dsee.schema
+@sample ${LDAP_SYSCONF}/schema/dsee.schema
 share/examples/openldap/schema/duaconf.ldif
 @sample ${LDAP_SYSCONF}/schema/duaconf.ldif
 share/examples/openldap/schema/duaconf.schema
@@ -120,6 +185,14 @@ share/examples/openldap/schema/misc.ldif
 @sample ${LDAP_SYSCONF}/schema/misc.ldif
 share/examples/openldap/schema/misc.schema
 @sample ${LDAP_SYSCONF}/schema/misc.schema
+share/examples/openldap/schema/msuser.ldif
+@sample ${LDAP_SYSCONF}/schema/msuser.ldif
+share/examples/openldap/schema/msuser.schema
+@sample ${LDAP_SYSCONF}/schema/msuser.schema
+share/examples/openldap/schema/namedobject.ldif
+@sample ${LDAP_SYSCONF}/schema/namedobject.ldif
+share/examples/openldap/schema/namedobject.schema
+@sample ${LDAP_SYSCONF}/schema/namedobject.schema
 share/examples/openldap/schema/nis.ldif
 @sample ${LDAP_SYSCONF}/schema/nis.ldif
 share/examples/openldap/schema/nis.schema
@@ -132,14 +205,14 @@ share/examples/openldap/schema/pmi.ldif
 @sample ${LDAP_SYSCONF}/schema/pmi.ldif
 share/examples/openldap/schema/pmi.schema
 @sample ${LDAP_SYSCONF}/schema/pmi.schema
-share/examples/openldap/schema/ppolicy.ldif
-@sample ${LDAP_SYSCONF}/schema/ppolicy.ldif
-share/examples/openldap/schema/ppolicy.schema
-@sample ${LDAP_SYSCONF}/schema/ppolicy.schema
 share/examples/openldap/slapd.conf
-@comment -- slapd.conf is intentionally not @sampled -- see commit r1.22
+@comment -- slapd.conf is intentionally not @sampled, OLC is used by default
+@mode 0640
 share/examples/openldap/slapd.ldif
 @sample ${LDAP_SYSCONF}/slapd.ldif
 @mode 0750
 @group _openldap
 @sample ${LDAP_SYSCONF}/slapd.d/
+@mode 0700
+@owner _openldap
+@sample /var/openldap-data/