Migrate to openldap 2.5+

.github/workflows/build.yml

@@ -49,6 +49,28 @@ jobs:
           path: |
             build/RPMS/noarch/bdii-*-1.el8.noarch.rpm
 
+  centos9:
+    name: Build CentOS Stream 9 RPMs
+    runs-on: ubuntu-latest
+    container: quay.io/centos/centos:stream9
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Install build requisites
+        run: |
+          yum install -y rpm-build rpmlint make rsync systemd-rpm-macros
+      - name: build rpm
+        run: |
+          make rpm
+          rpmlint --file .rpmlint.ini build/RPMS/noarch/*.rpm
+      - name: Upload RPMs
+        uses: actions/upload-artifact@v3
+        with:
+          name: rpms9
+          path: |
+            build/RPMS/noarch/bdii-*-1.el9.noarch.rpm
+
   # XXX BDII dependency taken from EPEL: glue-schema
   centos7-install:
     name: Install CentOS 7 RPMs
@@ -62,10 +84,9 @@ jobs:
       - name: Install generated RPMs
         run: |
           yum install -y epel-release
-          yum localinstall -y bdii-*.rpm
+          yum localinstall -y bdii-*.el7.noarch.rpm
 
-  # XXX BDII dependencies taken from non default repositories
-  # EPEL: glue-schema
+  # XXX BDII dependencies taken from EPEL: glue-schema
   centos8-install:
     name: Install CentOS Stream 8 RPMs
     needs: centos8
@@ -79,4 +100,19 @@ jobs:
         run: |
           yum install -y epel-release
           sed -i 's/^enabled=0/enabled=1/' /etc/yum.repos.d/CentOS-Stream-PowerTools.repo
-          yum localinstall -y bdii-*.rpm
+          yum localinstall -y bdii-*.el8.noarch.rpm
+
+  # XXX BDII dependencies taken from EPEL: glue-schema
+  centos9-install:
+    name: Install CentOS Stream 9 RPMs
+    needs: centos9
+    runs-on: ubuntu-latest
+    container: quay.io/centos/centos:stream9
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: rpms9
+      - name: Install generated RPMs
+        run: |
+          yum install -y epel-release
+          yum localinstall -y bdii-*.el9.noarch.rpm

.github/workflows/release.yml

@@ -9,7 +9,7 @@ on:
     tags:
       - "v*"
     branches:
-      - "main"
+      - "master"
 
 jobs:
   centos7:
@@ -58,6 +58,29 @@ jobs:
             build/RPMS/noarch/bdii-*-1.el8.noarch.rpm
             build/SRPMS/bdii-*-1.el8.src.rpm
 
+  centos9:
+    name: Build CentOS Stream 9 RPMs
+    runs-on: ubuntu-latest
+    container: quay.io/centos/centos:stream9
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Install build requisites
+        run: |
+          yum install -y rpm-build rpmlint make rsync systemd-rpm-macros
+      - name: build rpm
+        run: |
+          make rpm
+          rpmlint --file .rpmlint.ini build/RPMS/noarch/*.rpm
+      - name: Upload RPMs
+        uses: actions/upload-artifact@v3
+        with:
+          name: rpms9
+          path: |
+            build/RPMS/noarch/bdii-*-1.el9.noarch.rpm
+            build/SRPMS/bdii-*-1.el9.src.rpm
+
   release7:
     name: Upload CentOS 7 release artefacts
     needs: centos7
@@ -107,3 +130,28 @@ jobs:
           files: |
             ${{ steps.package_name_centos8.outputs.rpm_path }}
             ${{ steps.package_name_centos8.outputs.src_path }}
+
+  release9:
+    name: Upload CentOS Stream 9 release artefacts
+    needs: centos8
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: rpms9
+      - name: Find package name
+        id: package_name_centos9
+        run: |
+          rpm_path=$(find . -name 'bdii-*-1.el9.noarch.rpm')
+          src_path=$(find . -name 'bdii-*-1.el9.src.rpm')
+          echo "rpm_path=${rpm_path}" >> "$GITHUB_OUTPUT"
+          echo "src_path=${src_path}" >> "$GITHUB_OUTPUT"
+      - name: Attach CentOS Stream 9 RPMs to the release
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          fail_on_unmatched_files: true
+          files: |
+            ${{ steps.package_name_centos9.outputs.rpm_path }}
+            ${{ steps.package_name_centos9.outputs.src_path }}

0001-Use-mdb-slapd-backend.patch

@@ -0,0 +1,85 @@
+From a3312f93c372f9a8dd420fb991d04383531faae6 Mon Sep 17 00:00:00 2001
+From: Mattias Ellert <mattias.ellert@physics.uu.se>
+Date: Sun, 4 Dec 2022 08:52:00 +0100
+Subject: [PATCH] Use mdb slapd backend
+
+The bdb and hdb backends were removed from slapd in openldap 2.5
+---
+ etc/bdii-slapd.conf     | 9 +++------
+ etc/bdii-top-slapd.conf | 9 +++------
+ 2 files changed, 6 insertions(+), 12 deletions(-)
+
+diff --git a/etc/bdii-slapd.conf b/etc/bdii-slapd.conf
+index 841dbf3..984a111 100644
+--- a/etc/bdii-slapd.conf
++++ b/etc/bdii-slapd.conf
+@@ -25,9 +25,8 @@ moduleload back_relay
+ # GLUE 1.3 database definitions
+ #######################################################################
+
+-database        hdb
++database        mdb
+ suffix          "o=grid"
+-cachesize       30000
+ checkpoint      1024 0
+ dbnosync
+ rootdn          "o=grid"
+@@ -78,9 +77,8 @@ suffixmassage   "GLUE2GroupID=resource,GLUE2DomainID=*,GLUE2GroupID=grid,o=glue"
+ # GLUE 2.0 database definitions
+ #######################################################################
+
+-database        hdb
++database        mdb
+ suffix          "o=glue"
+-cachesize       30000
+ checkpoint      1024 0
+ dbnosync
+ rootdn          "o=glue"
+@@ -114,9 +112,8 @@ index objectClass eq,pres
+ #######################################################################
+ # Stats database definitions
+ #######################################################################
+-database        hdb
++database        mdb
+ suffix          "o=infosys"
+-cachesize       10
+ checkpoint      1024 0
+ dbnosync
+ rootdn          "o=infosys"
+diff --git a/etc/bdii-top-slapd.conf b/etc/bdii-top-slapd.conf
+index c4113bb..df295bd 100644
+--- a/etc/bdii-top-slapd.conf
++++ b/etc/bdii-top-slapd.conf
+@@ -26,8 +26,7 @@ moduleload back_relay
+ # GLUE 1.3 database definitions
+ #######################################################################
+
+-database        hdb
+-cachesize       300000
++database        mdb
+ dbnosync
+ suffix          "o=shadow"
+ checkpoint      1024 0
+@@ -87,8 +86,7 @@ suffixmassage   "GLUE2GroupID=resource,GLUE2DomainID=*,GLUE2GroupID=grid,o=glue"
+ # GLUE 2.0 database definitions
+ #######################################################################
+
+-database        hdb
+-cachesize       300000
++database        mdb
+ dbnosync
+ suffix          "o=glue"
+ checkpoint      1024 0
+@@ -123,8 +121,7 @@ index objectClass eq,pres
+ #######################################################################
+ # Stats database definitions
+ #######################################################################
+-database        hdb
+-cachesize       10
++database        mdb
+ dbnosync
+ suffix          "o=infosys"
+ checkpoint      1024 0
+-- 
+2.38.1
+

AUTHORS.md

@@ -2,6 +2,7 @@
 
 ## Maintainers
 
+- Andrea Manzi <andrea.manzi@egi.eu>
 - Enol Fernandez <enol.fernandez@egi.eu>
 - Baptiste Grenier <baptiste.grenier@egi.eu>
 

CHANGELOG

@@ -7,6 +7,10 @@ and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+- Migrate to MDB backend for OpenLDAP 2.5 on recent OS (#42) (Mattias Ellert)
+- Fix runtime errore while iterating dictionary in python 3 (#39) (Andrea Manzi)
+- Migrate to Python 3 (#25) (Laurence Field, Mattias Ellert)
+- Quality control using GitHub actions, update community files (#26) (Baptiste Grenier)
 
 ## [5.2.26]
 - Truncate LDIF password file before updating (#14) (Petr Vokac)

Makefile

@@ -59,6 +59,7 @@ prepare: dist
 	@mkdir -p  $(build)/SOURCES/
 	@mkdir -p  $(build)/BUILD/
 	cp $(build)/$(NAME)-$(VERSION).tar.gz $(build)/SOURCES
+	cp *.patch $(build)/SOURCES
 	cp $(NAME).spec $(build)/SPECS
 
 srpm: prepare

README.md

@@ -1,43 +1,39 @@
-# README for bdii package
+# BDII
 
 Documentation: [bdii.readthedocs.io](http://bdii.readthedocs.io)
 
 ## Function
 
-The Berkeley Database Information Index (BDII) consists of two or more
-standard LDAP databases that are populated by an update process.
-Port forwarding is used to enable one or more databases to serve data
-while one database is being refreshed. The databases are refreshed
-cyclically. Any incoming connection is forwarded to the most recently
-updated database, while old connections are allowed to linger until
-it is the turn of their database to be refreshed and restarted.
-The update process obtains LDIF from either doing an ldapsearch on LDAP
-URLs or by running a local script (given by a URL with "file" protocol)
-that generates LDIF. The LDIF is then inserted into the LDAP database.
-Options exist to update the list of LDAP URLs from a web page and
-to use an LDIF file from a web page to modify the data before it is
-inserted into the database.
+The Berkeley Database Information Index (BDII) consists of two or more standard
+LDAP databases that are populated by an update process. Port forwarding is used
+to enable one or more databases to serve data while one database is being
+refreshed. The databases are refreshed cyclically. Any incoming connection is
+forwarded to the most recently updated database, while old connections are
+allowed to linger until it is the turn of their database to be refreshed and
+restarted. The update process obtains LDIF from either doing an `ldapsearch` on
+LDAP URLs or by running a local script (given by a URL with "file" protocol)
+that generates LDIF. The LDIF is then inserted into the LDAP database. Options
+exist to update the list of LDAP URLs from a web page and to use an LDIF file
+from a web page to modify the data before it is inserted into the database.
 
 ## Cache use
 
-Whenever a remote server is contacted and the ldapsearch command times out
-the update process tries to find an (old) cached entry in the `/var/cache/`
+Whenever a remote server is contacted and the `ldapsearch` command times out the
+update process tries to find an (old) cached entry in the `/var/cache/`
 directory. If no entry is found a message is printed to the logfile.
 
-_Attention!_
-If the remote host cannot be contacted due to a connection problem
+_Attention!_ If the remote host cannot be contacted due to a connection problem
 no cached entry is taken. No message is printed to the logfile.
 
 ## Compressed Content Exchange Mechanism (CCEM)
 
-The Compressed Content Exchange Mechanism is intended to speed up the
-gathering of information in case of a ldapsearch to another BDII instance.
-The update process first tries to find the entry containing the compressed
-content of the queried instance and subsequently adds the information to
-its upcoming database. If the CCEM fails the normal procedure as described
-in the previous paragraph is executed.
-The CCEM function is enabled by default in version `>= 3.9.1`. To disable,
-add the following to your bdii.conf:
+The Compressed Content Exchange Mechanism is intended to speed up the gathering
+of information in case of a `ldapsearch` to another BDII instance. The update
+process first tries to find the entry containing the compressed content of the
+queried instance and subsequently adds the information to its upcoming database.
+If the CCEM fails the normal procedure as described in the previous paragraph is
+executed. The CCEM function is enabled by default in version `>= 3.9.1`. To
+disable, add the following to your `bdii.conf`:
 
 ```sh
 BDII_CCEM=no
@@ -47,10 +43,10 @@ BDII_CCEM=no
 
 The BDII Status Information Mechanism is intended to allow better monitoring
 possibilities, spotting of upraising problems and resulting failure prevention.
-It adds status information about the BDII instance into the 'o=infosys' root
-containing metrics like the number of entries added in the last cycle,
-the time to do so, etc.
-The description of thoese metrics can be found in the etc/BDII.schema file.
+It adds status information about the BDII instance into the `o=infosys` root
+containing metrics like the number of entries added in the last cycle, the time
+to do so, etc. The description of those metrics can be found in the
+etc/BDII.schema file.
 
 ## Installing from source
 
@@ -70,14 +66,15 @@ The required build dependencies are:
 - rpm-build
 - make
 - rsync
+- systemd-rpm-macros, for RHEL >= 8
 
 ```sh
 # Checkout tag to be packaged
 git clone https://github.com/EGI-Federation/bdii.git
 cd bdii
 git checkout X.X.X
 # Building in a container
-docker run --rm -v $(pwd):/source -it centos:7
+docker run --rm -v $(pwd):/source -it quay.io/centos/centos:7
 yum install -y rpm-build make rsync
 cd /source && make rpm
 ```
@@ -114,6 +111,5 @@ The DEB will be available into the `build/` directory.
 ## History
 
 This work started under the EGEE project, and was hosted and maintained for a
-long time by CERN.
-This is now hosted here on GitHub, maintained by the BDII community with
-support of members of the EGI Federation.
+long time by CERN. This is now hosted here on GitHub, maintained by the BDII
+community with support of members of the EGI Federation.

bdii.spec

@@ -5,6 +5,12 @@
 %global use_systemd 0
 %endif
 
+%if %{?fedora}%{!?fedora:0} >= 36 || %{?rhel}%{!?rhel:0} >= 9
+%global use_mdb 1
+%else
+%global use_mdb 0
+%endif
+
 Name:		bdii
 Version:	5.2.26
 Release:	1%{?dist}
@@ -22,6 +28,7 @@ Requires: openldap-clients
 Requires: openldap-servers
 Requires: glue-schema >= 2.0.0
 Requires: python3
+Requires: logrotate
 
 Requires(post):		/usr/bin/mkpasswd
 %if %{use_systemd}
@@ -41,6 +48,9 @@ Requires(post):		policycoreutils-python
 Requires(postun):	policycoreutils-python
 %endif
 
+# Use mdb on recent systems
+Patch1: 0001-Use-mdb-slapd-backend.patch
+
 %description
 The Berkeley Database Information Index (BDII) consists of a standard
 LDAP database which is updated by an external process. The update process
@@ -50,6 +60,9 @@ differences. This is then used to update the database.
 
 %prep
 %setup -q
+%if %{use_mdb}
+%patch1 -p1
+%endif
 
 %build