Created attachment 388360 [details] build log It seems openldap-2.4.40-r2 doesn't compile against heimdal, while I have openldap-2.4.39 compiled against it. * Compiling contrib-module: kinit libtool: compile: x86_64-pc-linux-gnu-gcc -DSLAPD_OVER_KINIT=SLAPD_MOD_DYNAMIC -I/var/tmp/portage/net-nds/openldap-2.4.40-r2/work/openldap-2.4.40-abi_x86_64.am d64/include -I../../../include -I../../../servers/slapd -march=amdfam10 -O2 -ggd b -pipe -c kinit.c -fPIC -DPIC -o .libs/kinit.o kinit.c:28:23: fatal error: krb5/krb5.h: No such file or directory #include <krb5/krb5.h> ^ compilation terminated. Heimdal ships a file called /usr/include/krb5.h but no krb5/krb5.h. Funny thing is, looking at a diff of the ebuilds, the new one specifically mentions heimdal in one place of its dependencies, in addition to virtual/krb5.
Still an issue in 2.4.40-r3. Changing from <krb5/krb5.h> to <krb5.h> solves the include problem, but there is some access to MIT-specific data structures. Seems like Heimdal isn't supported by this module, as also indicated by its initial announcement, http://www.openldap.org/lists/openldap-technical/201010/msg00227.html I guess I MIGHT be able to make it work with Heimdal, but I don't have a test environment at the moment, so I couldn't verify my test. Therefore I suggest you disable the kinit addon (just like it was disabled in the 2.4.39 ebuild) at least for heimdal-based systems, until someone turns up who could test this.
i have a working heimdal installation, and i can confirm that the openldap ebuild till openldap-2.4.39 is working fine out of the box. in my opinion the problem is the ebuild, i have changed openldap-2.4.39.ebuild so it compiles with the source from openldap-2.4.40. The problem is the multilib_src_compile() part from the ebuild, especially the parts smbkrb5passwd kerberos and overlays In my installation i use samba version 3 and compiled openldap with the following use flags net-nds/openldap-2.4.40-r3 was built with the following: USE="berkdb crypt gnutls ipv6 kerberos overlays samba sasl smbkrb5passwd ssl syslog tcpd -cxx -debug -experimental -icu -iodbc -minimal -odbc -perl (-selinux) -slp" ABI_X86="64 -32 -x32" CFLAGS="-march=native -O2 -pipe -D_GNU_SOURCE" CXXFLAGS="-march=native -O2 -pipe -D_GNU_SOURCE" the ebuild should be changed so it differences between samba4 and samba3 installation or it should depend on samba4.
ping. would ne nice to fix it... samba4 doesn't work with mit-krb5 and openldap-2.4.40 doesn't build with heimdal. :-/
Yes, would be definitely nice to have a permanent fix! ATM, I circumvent the issue by prepending a '#' to the line that builds the kinit module...
This bug still exists in 2.4.40-r4. Using the kerberos USE flag causes package to depend on virtual/krb5, however it attempts to build contrib module "kinit" which will only build against app-crypt/mit-krb5. In addition, using the smbkrb5passwd AND kerberos USE flags will implicitly depend on app-crypt/heimdal, which, due to the previously mentioned issue, will always fail. Unfortunately, contrib/slapd-modules/smbk5pwd was written specifically for heimdal and contrib/slapd-modules/kinit was written specifically for mit-krb5 so it's unlikely they can both be built simultaneously at this point.
Happy birthday to this bug! Can we please get SOME way to disable the kinit addon for heimdal users? Either disable it unconditionally until someone complains, or disable it conditionally if heimdal is detected, or give us a USE flag for it, or whatever? This is really annoying, having to manually copy and tweak the ebuild after every openldap bump.
(In reply to Martin von Gagern from comment #6) > Happy birthday to this bug! Can we please get SOME way to disable the kinit > addon for heimdal users? Either disable it unconditionally until someone > complains, or disable it conditionally if heimdal is detected, or give us a > USE flag for it, or whatever? This is really annoying, having to manually > copy and tweak the ebuild after every openldap bump. I concur!
2.4.43 has some references to heimdal, if using smbkrb5passwd and kerberos. let us know if it doesn't work and we are always open to patches.
(In reply to Matthew Thode ( prometheanfire ) from comment #8) > 2.4.43 has some references to heimdal, if using smbkrb5passwd and kerberos. > let us know if it doesn't work and we are always open to patches. The problem isn't smbkrb5passwd, but this line, which tries to build a contrib module unconditionally: build_contrib_module "kinit" "kinit.c" "kinit" The kinit module just doesn't build with heimdal, which causes the whole openldap ebuild to fail. This is just annoying, especially given that most users will never need this contrib module. Building it thus could be handled either 1. by a local use flag "kinit", which could be handled in CDEPEND like this: kerberos? ( virtual/krb5 kinit? ( !app-crypt/heimdal ) ) I know that there usually is a policy not to introduce new USE flags in abundance, but since smbkrb5passwd made it into a USE flag, too, a long while ago, I do not see any reason, why "kinit" shouldn't be a USE flag, too. or 2. By detecting which kerberos implementation is installed and building the kinit module only upon detection of mit-krb5, but not, if heimdal is being detected. Hope that cleared the matter up a bit. Best, Torsten
ebuilds shouldn't inspect the system at build time (looking for heimdal). If heimdal isn't a use flag then we need to choose the use flag. I'm in favor of adding it.
(In reply to Matthew Thode ( prometheanfire ) from comment #10) > ebuilds shouldn't inspect the system at build time (looking for heimdal). > If heimdal isn't a use flag then we need to choose the use flag. I'm in > favor of adding it. That would be fine with me!
fixed in 2.4.43-r1
