openldap bug fix and enhancement update

Updated OpenLDAP packages that fix various bugs and add two enhancements
are now available.

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of protocols
for accessing directory services (usually phone book style information, but
other information is possible) over the Internet, similar to the way DNS
(Domain Name System) information is propagated over the Internet. The
openldap package contains configuration files, libraries, and documentation
for OpenLDAP.

These updated packages address the following issues:

* the init script now reports a warning if the slapd daemon cannot read a
TLS certificate file.

* the DB-4 database shipped in openldap-servers package was updated with
latest patches to improve stability of BDB and HDB backend.

* all libraries in the openldap-debuginfo package are now unstripped.

* when running as a syncrepl consumer, the OpenLDAP server now respects the
"timelimit" option in the "syncrepl" statement in its configuration file.

* the "modrdn" operation is now correctly propagated from master to
syncrepl consumers.

* the NETWORK_TIMEOUT option can now be used in client configuration files
to specify network timeout. The same network timeout can be also specified
by using the client tools' "-o nettimeout=" command line option.

* the "/etc/sysconfig/ldap" file can now contain the "SLURPD_KRB5CCNAME"
option to specify a KRB5CCNAME environment variable for started slurpd
processes.

* the updated openldap-servers package should no longer dump and restore
the BDB database to /var/lib/ldap/. This action will only be performed when
absolutely necessary (for example, during the update from openldap-2.3 to
openldap-2.4 in a future release of Red Hat Enterprise Linux).

* removing the openldap-devel package no longer breaks openldap libraries.

This update also provides the following enhancements:

* OpenLDAP was rebased to openldap-2.3.43, the latest stable release in the
openldap-2.3 branch.

* OpenLDAP is now packaged with standard overlays, including smbk5pwd. (See
the openldap-overlays-servers package for more information).

All OpenLDAP Users should upgrade to these updated packages, which resolve
these issues.

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

246060 - Some debuginfo libraries are stripped
329441 - Please package the smbk5pwd overlay
356401 - slapd aborts on startup when /etc/openldap/ldap.conf contains an invalid TLS_CACERT entry
370411 - RPM for openldap ppolicy overlay module (patch included)
428638 - RFE: provide a way to specify KRB5CCNAME for slurpd + run as non-root
436046 - openldap-servers RPM unnecessarily does dump / restore of database
440693 - slapd when running as a syncrepl consumer uses the search timout from ldap.conf over the one from the syncrepl statement in slapd.conf
442324 - Package openldap overlays
454857 - db-4 in openldap needs new patches
454994 - Rebase to openldap-2.3.43
460307 - Removing openldap-devel breaks sudo command

ldap, openldap