# $Id: /trunk/debian/dists/libapache-mod-authz-ldap/debian/packages 5 2005-02-16T19:48:00.421413Z svm  $

# Environment variables:
#   with_debug=%{$with_debug}  - use debug option

%define with_debug %{?$with_debug:1}%{!?$with_debug:0}

%define automake_version 1.7
%define apache_version %`dpkg -s apache-dev|grep ^Version|sed 's/^Version: //'`

Source: libapache-mod-authz-ldap
Section: web
Priority: extra
Maintainer: Piotr Roszatycki <dexter@debian.org>
Standards-Version: 3.6.1
Upstream-Source: <URL:http://authzldap.othello.ch/download/mod_authz_ldap-(.*)\.tar\.gz>
Home-Page: <URL:http://authzldap.othello.ch/>
Description: module for Apache which provides LDAP authentication/authorization
 This Apache LDAP authentication/authorization module tries to solve the
 following problems that other such modules may not solve in all cases: 
 .
 1. Map the short form of the distinguished name of a certificate and its
    issuer obtained from the environment of mod_ssl to a user distinguished
    name in an LDAP directory. 
 .
 2. Check the age of a password in an LDAP directory, denying authorization in
    case the password is to old. 
 .
 3. Authorize a user based on roles or an arbitrary LDAP filter expression. 
 .
 4. Authorize a user based on whether he owns a file or belongs to the group
    owning a file. The module can perform an ordinary LDAP authentication
    using an LDAP bind call, but is incapable of verifying an SHA1 or crypt
    password hash from the directory, as mod_auth_ldap can. 
 .
 The module also tries to do reduce LDAP connection overhead by caching a
 connection between requests (one per server record). This is most likely
 to improve performance in the case of certificate authentication, as for
 basic authentication a bind to the directory on a new connection is
 necessary with every request. Future development may add a cache to
 improve performance.
Origin: debian
Copyright: .
    This module is distributed under the terms of the Apache License,
    please check the LICENSE file in your apache distribution or the
    COPYING file of the mod_authz_ldap distribution for the exact terms of
    the license. In particular, the following disclaimer applies:
 THIS SOFTWARE IS PROVIDED BY ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 IN NO EVENT SHALL THE AUTHOR OR THE CONTRIBUTORS BE LIABLE FOR ANY
 DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE.
 .
 .
 (c) Dr. Andreas Mller, Beratung und Entwicklung.
 .
 .
 Apache License
 --------------
 .
 The `Apache Software License' is an Open Source Initiative Approved
 License.
 .
 The Apache Software License, Version 1.1
 .
 Copyright (c) 2000 The Apache Software Foundation.  All rights
 reserved.
 .
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 .
 1. Redistributions of source code must retain the above copyright
    notice, this list of conditions and the following disclaimer.
 .
 2. Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in
    the documentation and/or other materials provided with the
    distribution.
 .
 3. The end-user documentation included with the redistribution,
    if any, must include the following acknowledgment:
       "This product includes software developed by the
        Apache Software Foundation (http://www.apache.org/)."
    Alternately, this acknowledgment may appear in the software itself,
    if and wherever such third-party acknowledgments normally appear.
 .
 4. The names "Apache" and "Apache Software Foundation" must
    not be used to endorse or promote products derived from this
    software without prior written permission. For written
    permission, please contact apache@apache.org.
 .
 5. Products derived from this software may not be called "Apache",
    nor may "Apache" appear in their name, without prior written
    permission of the Apache Software Foundation.
 .
 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGE.
 ====================================================================
 .
 This software consists of voluntary contributions made by many
 individuals on behalf of the Apache Software Foundation.  For more
 information on the Apache Software Foundation, please see
 <http://www.apache.org/>.
 .
 Portions of this software are based upon public domain software
 originally written at the National Center for Supercomputing Applications,
 University of Illinois, Urbana-Champaign.
Patches: patches/*.diff
Major-Changes:
 [001] Debian patch:
       * Add support for LDAPv3
       * start_tls option
       * user defined filter and attribute for direct cert
Build-Depends: apache-dev, libssl-dev, libldap2-dev
Build-Depends: automake%{automake_version}, autoconf, libtool
Build: sh
 aclocal-%{automake_version}
 autoheader
 libtoolize --copy --force
 automake-%{automake_version} --add-missing --copy
 autoconf
 CC=${CC:-gcc}
 CFLAGS=${CFLAGS:--Wall -g}
 if [ "${DEB_BUILD_OPTIONS#*noopt}" != "$DEB_BUILD_OPTIONS" ]; then
      CFLAGS="$CFLAGS -O0"
 else
      CFLAGS="$CFLAGS -O2"
 fi
 CFLAGS="$CFLAGS -I/usr/include/openssl -DEAPI"
 CC="$CC" CFLAGS="$CFLAGS" ./configure --prefix=/usr --mandir=/usr/share/man \
     --with-apxs=/usr/bin/apxs --with-openssl-path=/usr %{?with_debug:--with-debug}
 make
Clean: sh
 rm -rf autom4te.cache
 make distclean || true

Package: libapache-mod-authz-ldap
%if %{with_debug}
Version: %{VERSION}+debug
%endif
Architecture: any
Depends: libapache-mod-ssl, apache-common (>= %{apache_version}), []
Recommends: libapache-mod-authz-ldap-tools, []
Description: Module for Apache which provides LDAP authentication/authorization
 This package provides the module for Apache 1.3 server.
%if %{with_debug}
 .
 The package was compiled with debug option.
%endif
Install: sh
 yada install -lib -into /usr/lib/apache/1.3 module/.libs/*.so
 yada install -data -into /usr/lib/apache/1.3 debian/conf/*.info
 yada install -doc ldap/authzldap.schema
 yada install -doc -subdir html docs/*.html docs/*.jpg docs/*.txt docs/*.HOWTO
Postinst: sh
 if [ "$1" = "configure" ]; then
     test -f /usr/sbin/apacheconfig && apacheconfig --force-modules --fullauto
 fi
Postrm: sh
 if [ "$1" = "remove" ]; then
     test -f /usr/sbin/apacheconfig && apacheconfig --force-modules --fullauto
 fi

Package: libapache-mod-authz-ldap-tools
Architecture: any
Depends: []
Description: Tools for mod_authz_ldap Apache module
 This package contains two programs useful for administering the
 directory. cert2ldap allows to put a certificate in the directory
 with the right definitions. certfind performs the same search algorithm
 as the Apache module to find the user based on the certificate.
Install: sh
 ( cd tools; make install DESTDIR=$ROOT ) || false
 ( cd docs; make install DESTDIR=$ROOT ) || false