Summary: | net-nds/openldap USE=kerberos with app-crypt/heimdal compile fails | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Spooky Ghost <spookyghost> |
Component: | Current packages | Assignee: | Gentoo LDAP project <ldap-bugs> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | galtgendo, Hloupy.Honza, ldap-bugs, mrpoole, pacho, stijn+gentoo |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | openldap-2.4.40-heimdal.patch |
Description
Spooky Ghost
2016-12-01 13:53:11 UTC
I've done a good deal of research and `=net-nds/openldap-2.4.43` is simply not compatible with heimdal. While there is an actual krb5.h file in /usr/include for heimdal, the defined structures are incompatible with what openldap is expecting. This needs to be switched from a depend on virtual/krb5 to a depend specifically on app-crypt/mit-krb5. The rest of the build passes and I can authenticate with kerberos, e.g. ldapsearch -Y GSSAPI returns correctly and I have an ldap service ticket after. I don't know if that is simply the SASL layer doing all the work though. Also looking at the README for the smbk5pwd module that states: "The Kerberos support is written for Heimdal using its hdb-ldap backend." so I think there is a bit of a mix of supported kerberos libraries. The passwd module pw-kerberos builds with heimdal. So for me at least it is only the kinit module which fails with heimdal and other kerberos components are fine. Changing to from virtual/krb5 to mit-krb5 will break the components which do work. Created attachment 483974 [details, diff]
openldap-2.4.40-heimdal.patch
A patch to compile >=net-nds/openldap-2.4.40 with kerberos support and heimdal. Not tested with mit-krb5, applied conditionaly on has-version app-crypt/heimdal.
(In reply to Chris White from comment #1) > I've done a good deal of research and `=net-nds/openldap-2.4.43` is simply > not compatible with heimdal. That is probably wrong. I have not done extensive testing, but I compile net-nds/openldap with kerberos support and heimdal. I only have to use since about the version 2.4.40 a small patch. still valid with 2.4.48? |