Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 15 Jul 2003 15:49:53 -0500
From:      "Jacques A. Vidrine" <nectar@FreeBSD.org>
To:        Jean-Baptiste Quenot <jb.quenot@caraldi.com>
Cc:        ports@freebsd.org
Subject:   Re: Patch port nss_ldap's Makefile for ldap.conf location
Message-ID:  <20030715204952.GE86657@madman.celabo.org>
In-Reply-To: <20030710110751.GA6966@watt.intra.caraldi.com>
References:  <20030710110751.GA6966@watt.intra.caraldi.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 10, 2003 at 01:07:53PM +0200, Jean-Baptiste Quenot wrote:
> Please  find below  a  patch that  fixes the  location  of ldap.conf  to
> reflect the  location specified  by the  associated port  pam_ldap.  The
> config file should be $(PREFIX)/etc/ldap.conf, not /etc/ldap.conf.
> 
> -----------------------------------8<-----------------------------------
> --- Makefile.orig	Wed Jul  9 17:59:19 2003
> +++ Makefile	Wed Jul  9 17:58:50 2003
> @@ -25,6 +25,9 @@
>  CONFIGURE_ENV=	CPPFLAGS="-I${LOCALBASE}/include" \
>  		LDFLAGS="-L${LOCALBASE}/lib -Wl,-rpath,${LOCALBASE}/lib"
>  
> +CONFIGURE_ARGS=	--with-ldap-conf-file=${PREFIX}/etc/ldap.conf \
> +		--with-ldap-secret-file=${PREFIX}/etc/ldap.secret
> +
>  post-extract:
>  	${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}
> -----------------------------------8<-----------------------------------
> 
> I've been struggling  for hours trying to make nss_ldap  work on FreeBSD
> 5.1 Release, and it was just that damn' file.  

Heh, sorry.  I remember scratching my head about the default location
myself, but it never occurred to me to do something about it :-)

I agree that it should be under ${PREFIX}, and the location mentioned
at install time.  I wonder if additionally it should be named
something specific to this port ... I wouldn't want the configuration
file to clash with some other use of OpenLDAP.  Perhaps
${PREFIX}/etc/nss_ldap.conf and ${PREFIX}/etc/nss_ldap.secret?

> BTW, it was not clear for
> me  before,  but pam_ldap  is  only  used for  authentication.   Without
> nss_ldap, pam_ldap is pretty useless, ie it requires user entries in the
> local password file.

Yep, PAM just does authentication, not directory services.  You don't
even have to use pam_ldap in conjunction with nss_ldap... you could
use e.g. pam_krb5 instead for stronger authentication.

> Thank you, and keep up the good work!

Cheers!
-- 
Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030715204952.GE86657>