223987 – patch to add support for embedding realm in (open)ldap via ldap USE flag.

Bug 223987 - patch to add support for embedding realm in (open)ldap via ldap USE flag.

Summary: patch to add support for embedding realm in (open)ldap via ldap USE flag.

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High enhancement with 1 vote (vote)
Assignee:	Gentoo Kerberos Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-05-28 18:32 UTC by Jeff Schmidt
Modified:	2010-07-17 08:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
adds ldap USE flag (mit-krb5-1.6.3-r2.ebuild,2.59 KB, text/plain) 2008-05-28 18:35 UTC, Jeff Schmidt	Details
moved schema insert from src_compile to src_install - seems to have fixed it. (mit-krb5-1.6.3-r2.ebuild,2.63 KB, text/plain) 2008-05-28 19:05 UTC, Jeff Schmidt	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeff Schmidt 2008-05-28 18:32:48 UTC

simple addition of 'ldap' USE flag for ldap support in mit-krb5. allows embedding of realm into an LDAP directory. compiles ldap utils/libs, and adds schema to openldap.

Reproducible: Always

Steps to Reproduce:
1. only tested on x86
2. tested as incremental release in a portage overlay


Actual Results:  
current stable release does not build the kdb5_ldap_util utility & related libs (kldap.so, libkdb_ldap.so).

Expected Results:  
the patch ebuild allows the use of kdb5_ldap_util. seems to work correctly for me, according to the MIT Kerberos docs:

kdb5_ldap_util -D  cn=Manager,dc=linuxi86,dc=net create \
-subtrees ou=Kerberos,dc=linuxi86,dc=net \
-containerref ou=Kerberos,dc=linuxi86,dc=net \
-r LINUXI86.NET -s


adding the schema to openldap doesn't seem to work quite right - I copied the relevant portion from a (working?) samba ebuild.

ebuild /usr/local/portage/app-crypt/mit-krb5/mit-krb5-1.6.3-r2.ebuild unpack
find /var/tmp/portage/app-crypt/mit-krb5-1.6.3-r2 -name "*schema"
gives me:
"/var/tmp/portage/app-crypt/mit-krb5-1.6.3-r2/work/krb5-1.6.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema"

I'm not sure why ${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema isn't getting inserted into /etc/openldap/schema, according to:

if use ldap ; then
  insinto /etc/openldap/schema
  doins ${S}/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
fi

Comment 1 Jeff Schmidt 2008-05-28 18:35:14 UTC

Created attachment 154609 [details]
adds ldap USE flag

Comment 2 Jeff Schmidt 2008-05-28 19:05:41 UTC

Created attachment 154613 [details]
moved schema insert from src_compile to src_install - seems to have fixed it.

Comment 3 Mathias Pietsch 2008-11-05 10:54:09 UTC

The ldap use-flag introduced with mit-krb5-1.6.3-r2 has been dropped again with mit-krb5-1.6.3-r4.

Comment 4 Michael Hammer (RETIRED) gentoo-dev

2008-11-05 11:57:38 UTC

Ldap support in kerberos is really problematic as it produces a lot of circular dependencies if the USE is called "ldap". I am planning to enable a "hdb-ldap" USE similar to heimdal. I wan't to wait for the 1.6.4 release and the stabilization process to do so.

greets, mueli

Comment 5 ulysse31 2009-10-29 13:10:15 UTC

we are now at version 1.7-r1 on the ebuilds and not ldap/hdb_ldap flag ...
is it coming someday or did we have to use another distro to get mit kerberos with kerberos backend ?

Comment 6 ulysse31 2009-10-29 13:19:28 UTC

(In reply to comment #5)
> we are now at version 1.7-r1 on the ebuilds and not ldap/hdb_ldap flag ...
> is it coming someday or did we have to use another distro to get mit kerberos
> with kerberos backend ?
> 
meant ldap backend, sorry.

Comment 7 Tobias Schröpf 2009-11-13 17:16:24 UTC

This bug seems to me as if it is the same as bug #177522  ???

Comment 8 Eray Aslan gentoo-dev

2010-07-17 08:20:22 UTC

Closing.  Both heimdal and mit-krb5 has ldap support in the tree.