Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 342439

Summary: net-nds/openldap add connection less LDAP support
Product: Gentoo Linux Reporter: Attila Fazekas <turul16>
Component: New packagesAssignee: Gentoo LDAP project <ldap-bugs>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=892009
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: openldap-2.4.23.ebuild
slapd-initd2
slapd-confd

Description Attila Fazekas 2010-10-24 09:51:20 UTC 
Both openldap libraries and server can support the cldap://.

Per the ldap_open(3) and lber-sockbuf(3) man page needs to build with the LDAP_CONNECTIONLESS macro in order to get cldap:// support.

Looks like now none of the available use flag turns it on.

Without this macro with the below configuration the slapd failed to start.
/etc/conf.d/slapd:
OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// cldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"

With this macro it is working.


Another minor issue, usually the slapd not running as root and the /etc/krb5.keytab file recommended to be readable only for root user.
We need to use different krb5 keytab file with openldap.
Comment 1 Attila Fazekas 2010-10-24 09:57:40 UTC 
Created attachment 251785 [details]
openldap-2.4.23.ebuild

Introduce cldap use flag
Comment 2 Attila Fazekas 2010-10-24 09:59:31 UTC 
Created attachment 251787 [details]
slapd-initd2

init script with KRB5_KTNAME export option
Comment 3 Attila Fazekas 2010-10-24 10:00:36 UTC 
Created attachment 251789 [details]
slapd-confd

slapd-confs with KRB5_KTNAME comment
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2012-02-12 21:13:02 UTC 
Both cldap and kerberoes fixes in 2.4.28-r1.