Date: Mon, 20 Jan 2020 15:23:37 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 241347] security/sssd: Update to 1.16.4 Message-ID: <bug-241347-7788-cd8RYiLiWZ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-241347-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-241347-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241347 --- Comment #17 from Phillip R. Jaenke <prj@rootwyrm.com> --- Created attachment 210896 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D210896&action= =3Dedit sssd_binalias_python3.patch This is currently being blocked by #242077 (databases/ldb14 PLIST error) si= nce November, and I have submitted a patch to resolve that issue. It was sugges= ted to use a newer LDB and indicated that ldb14 will be expired, so, now it bui= lds with ldb15. Because we still don't have anything newer than 1.5. C'est la v= ie. The attached patch slaps a BINARY_ALIAS fix on the python3 issue in autocon= f, which should be fine, since everything else is looking in the right place. = It's just autoconf being autoconf. Note that this goes on top of Lukas' patch, n= ot separately. Since we haven't heard any updates in quite some time now, I'm inclined to suggest we go ahead and commit the combined patches in hopes of getting bro= ader testing, and do some additional cleanup based on results. I have not had ti= me to do ANY proper testing of functionality yet due to Samba also being broke= n. We need people to get testing whether or not this functions as intended at = this point. ------------ The following make.conf (or equivalent) settings are REQUIRED to generate a fully functional SSSD for both AD and LDAP(S) environments. If you use defa= ults for the dependencies, it should NOT be expected to work in reasonable environments through no fault of it's own. (OpenLDAP does not have SASL by default, see D21855.) ## make.conf snippet # DEFAULT_VERSIONS must be set exactly this way! openssl can be base or por= ts. DEFAULT_VERSIONS+=3Dperl5=3D5.30 DEFAULT_VERSIONS+=3Dpython3=3D3.6 # 3.6 is minimum, not maximum - dep sa= fety DEFAULT_VERSIONS+=3Dsamba=3D4.10 # security/sssd options for maximum testing security_sssd_SET+=3DSMB # Do not rely on these, not all ports obey or use these names. OPTIONS_SET+=3DGSSAPI_MIT OPTIONS_UNSET+=3DGSSAPI_BASE GSSAPI_HEIMDAL # openldap is not SASL by default; AD requires SASL WANT_OPENLDAP_SASL=3Dyes OPTIONS_SET+=3DWANT_OPENLDAP_SASL # required for DNS registration to work=20 dns_bind-tools_SET+=3DGSSAPI_MIT dns_bind-tools_UNSET+=3DGSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_NONE # net/samba410 has very specific settings required # mDNS/ZeroConf can be anything but AVAHI works best for now # XXX: NEVER mix GSSAPI_MIT and AD_DC, you will have a BAD TIME. net_samba410_set+=3DADS GSSAPI_MIT NSUPDATE net_samba410_unset+=3DAD_DC GSSAPI_BUILTIN BIND911 BIND914 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241347-7788-cd8RYiLiWZ>