The smbk5pwd keeps samba/kerberos/ldap passwords in sync automagically... I'm attaching an ebuild along with the patch to add the module, however it will changes the dependancies a bit since it requires heimdal. Of course it doesn't make any sense to try and use the kerberos password sync unless you are using heimdal...
Created attachment 75100 [details, diff] Patch to add module
Created attachment 75101 [details] Ebuild
The included patch contains a Makefile that fails to compile if user has USE="samba -kerberos" and kerberos libraries are not installed. I too would like to have this functionality added to the portage once it works for all users.
please attach a diff to the current openldap-2.3 series ebuilds.
Created attachment 86105 [details] openldap-2.3.21.ebuild builds contrib modules This ebuild goes a bit beyond the original bug by including a few other modules in contrib. Needs the contrib-smbk5pwd-Makefile.patch below.
Created attachment 86106 [details, diff] openldap-2.3.21.ebuild.diff diff from current portage A diff from current portage 2.3.21 ebuild.
Created attachment 86107 [details, diff] smbk5pwd Makefile patch Uses makefile conditionals to use/omit krb5 libs. Probably only works with GNU make, not a problem for Gentoo but probably won't fly upstream.
Created attachment 86831 [details, diff] smbk5pwd Makefile patch Two fixes: (1) allow setting of app-crypt/heimdal include dir from ebuild (2) add build-dir lib path for libldap_r so overlay doesn't need a previous openldap install.
Created attachment 86832 [details] openldap-2.3.21-r1 builds contrib modules & overlays fix: smbk5pwd: now builds with app-crypt/heimdal
Created attachment 86834 [details] openldap-2.3.21-r1.ebuild builds contrib modules fixed to better match 2.3.21-r1 in portage
Created attachment 86835 [details, diff] openldap-2.3.21-r1.ebuild.diff diff from current portage diff to openldap-2.3.21-r1 currently in portage. Adds smbk5pwd and a few other contributed modules.
Not quite ready yet. When trying to install this in amd64 system without previous openldap installation I get this. QA Notice: the following files contain insecure RUNPATH's Please file a bug about this at http://bugs.gentoo.org/ For more information on this issue, kindly review: http://bugs.gentoo.org/81745 /var/tmp/portage/openldap-2.3.21-r1/work/openldap-2.3.21/libraries/libldap_r/.libs usr/lib64/openldap/openldap/smbk5pwd.so /var/tmp/portage/openldap-2.3.21-r1/work/openldap-2.3.21/libraries/libldap_r/.libs usr/lib64/openldap/openldap/smbk5pwd.so.0 /var/tmp/portage/openldap-2.3.21-r1/work/openldap-2.3.21/libraries/libldap_r/.libs usr/lib64/openldap/openldap/smbk5pwd.so.0.0.0 When checking the smb5pwd.so file you can see the problem. $ ldd /var/tmp/portage/openldap-2.3.21-r1/image/usr/lib64/openldap/openldap/smbk5pwd.so libldap_r-2.3.so.0 => /var/tmp/portage/openldap-2.3.21-r1/work/openldap-2.3.21/libraries/libldap_r/.libs/libldap_r-2.3.so.0 (0x00002b3303e20000) ... liblber-2.3.so.0 => /var/tmp/portage/openldap-2.3.21-r1/work/openldap-2.3.21/libraries/liblber/.libs/liblber-2.3.so.0 (0x00002b33043b8000)
Created attachment 86913 [details, diff] smbk5pwd Makefile patch Fixes rpath problem. smbk5pwd works in amd64.
Created attachment 86914 [details, diff] openldap-2.3.21-r1.ebuild.diff diff from current portage Module smbk5pwd works in amd64.
Fixed in 2.3.24, thanks for this extensive testing ;)