Lots has changed since 2.6.0 currently in Gentoo
fwiw I think we'd really appreciate a dedicated maintainer for this who is actively using it - it's usually kind of fragile to touch and needs a fair bit of love
Created attachment 837285 [details] sssd-9999.ebuild My sssd-9999.ebuild
SSSD 2.8.2 Release Notes Highlights General information SSSD can be configured not to perform a DNS search during DNS name resolution. This behavior is governed by the new dns_resolver_use_search_list. This parameter can be used in the domain section. Default value is true - that means that SSSD follows the system settings. --enable-files-domain configure option is deprecated and will be removed in one of the next versions of SSSD. sssctl analyze tool doesn't require anymore to be run under root. New features New mapping template for serial number, subject key id, SID, certificate hashes and DN components are added to libsss_certmap.
Where can I get the krb5_pw_locked.patch to test?
Created attachment 859133 [details] Latest sssd-9999.ebuild
Created attachment 859135 [details, diff] krb5_pw_locked.patch
(In reply to John M. Drescher from comment #4) > Where can I get the krb5_pw_locked.patch to test? Here you go PS. Stay away from net-nds/openldap-2.6.3-r7
(In reply to Joakim Tjernlund from comment #7) > PS. > Stay away from net-nds/openldap-2.6.3-r7 If you're having a problem, please file a bug for it - or reference the bug you're talking about. Otherwise it's just scaremongering. Maybe you mean bug 911674, but I can't really guess.
(In reply to Sam James from comment #8) > (In reply to Joakim Tjernlund from comment #7) > > PS. > > Stay away from net-nds/openldap-2.6.3-r7 > > If you're having a problem, please file a bug for it - or reference the bug > you're talking about. Otherwise it's just scaremongering. > > Maybe you mean bug 911674, but I can't really guess. Always a pleasure! No it is https://bugs.gentoo.org/892009, it started here though: https://github.com/SSSD/sssd/issues/6537 It is about openldap lost -DLDAP_CONNECTIONLESS conf and it turns out that adcli/sssd needs it to function properly. Now Gentoo openlap has USE=experimental which will add back LDAP_CONNECTIONLESS
Ah, thanks. Let's stable that then.
(In reply to Sam James from comment #10) > Ah, thanks. Let's stable that then. Yes, stabling >=openldap-2.6.4-r2 is a good idea
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e446ceef146a87ec68f2629ea69674a8393dc43 commit 1e446ceef146a87ec68f2629ea69674a8393dc43 Author: Christopher Byrne <salah.coronya@gmail.com> AuthorDate: 2023-09-06 08:29:13 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2023-09-06 08:29:13 +0000 sys-auth/sssd: add 2.9.1 Closes: https://bugs.gentoo.org/499578 Closes: https://bugs.gentoo.org/542324 Closes: https://bugs.gentoo.org/592402 Closes: https://bugs.gentoo.org/640760 Closes: https://bugs.gentoo.org/752978 Closes: https://bugs.gentoo.org/878177 Closes: https://bugs.gentoo.org/880097 Closes: https://bugs.gentoo.org/904280 Closes: https://bugs.gentoo.org/906292 Closes: https://github.com/gentoo/gentoo/pull/32466 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Signed-off-by: David Seifert <soap@gentoo.org> sys-auth/sssd/Manifest | 1 + .../sssd/files/sssd-2.8.2-krb5_pw_locked.patch | 12 + ...ept-krb5-1.21-for-building-the-PAC-plugin.patch | 31 ++ ...9.1-certmap-fix-partial-string-comparison.patch | 87 ++++++ .../sssd-2.9.1-conditional-python-install.patch | 19 ++ ...-cert-show-and-cert-eval-rule-as-non-root.patch | 39 +++ sys-auth/sssd/metadata.xml | 10 + sys-auth/sssd/sssd-2.9.1.ebuild | 330 +++++++++++++++++++++ 8 files changed, 529 insertions(+)