From nobody Wed Aug 11 14:52:03 2021 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 64D55175D15B for ; Wed, 11 Aug 2021 14:52:09 +0000 (UTC) (envelope-from peo@nethead.se) Received: from ns1.nethead.se (ns1.nethead.se [5.150.237.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ns1.nethead.se", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GlCTN3Qrvz3JNP for ; Wed, 11 Aug 2021 14:52:08 +0000 (UTC) (envelope-from peo@nethead.se) X-Virus-Scanned: amavisd-new at Nethead AB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nethead.se; s=NETHEADSE; t=1628693525; bh=i5sS9dYHNTj+Ny81S9Ap0/bEmhBCDb0Ly/YThz3lZrk=; h=Subject:To:References:From:Date:In-Reply-To; b=uyelyThj5cwQ8B2sEJgfmFNZ/a8+2NZwP74nwwgqtxA2P99Vw4mNjijNNHxXSvSSo CBKWijq0bBKFiPtpbsSdcg2NRJ3/m5ZCLAsHwYrrCW6euOZRNcavr/8hqR00t3oAfT uSyl/wzo7VAPiFPDdAyW0+pyar5mso3RTBH6iS9w= Subject: Re: Update of OpenLdap To: ports@freebsd.org References: <20210807072442.0000095d@seibercom.net> <46245ca6-3f26-5acb-933b-fd8ab864ff30@nethead.se> From: Per olof Ljungmark Message-ID: <1409f3c6-b903-8993-c0ed-e3135e833348@nethead.se> Date: Wed, 11 Aug 2021 16:52:03 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4GlCTN3Qrvz3JNP X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=nethead.se header.s=NETHEADSE header.b=uyelyThj; dmarc=pass (policy=none) header.from=nethead.se; spf=pass (mx1.freebsd.org: domain of peo@nethead.se designates 5.150.237.139 as permitted sender) smtp.mailfrom=peo@nethead.se X-Spamd-Result: default: False [-0.20 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[nethead.se:s=NETHEADSE]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:5.150.237.139]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_SHORT(0.80)[0.798]; DKIM_TRACE(0.00)[nethead.se:+]; DMARC_POLICY_ALLOW(-0.50)[nethead.se,none]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8473, ipnet:5.150.192.0/18, country:SE]; MID_RHS_MATCH_FROM(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[5.150.237.139:from] X-ThisMailContainsUnwantedMimeParts: N On 8/11/21 12:01 PM, Per olof Ljungmark wrote: > On 8/11/21 11:33 AM, Carmel wrote: >> On Wed, 11 Aug 2021 10:49:49 +0200, Per olof Ljungmark stated: >>> On 8/7/21 1:24 PM, Jerry Seibert wrote: >>>> FreeBSD 11.4-RELEASE-p9 >>>> >>>> After the recent updating of "openldap", the follow error/warning >>>> message is presented whenever I attempt to access the database. >>>> >>>> Aug  7 07:13:57 scorpio slapd[82175]: OTP unavailable because can't >>>> read/write key database /etc/opiekeys: Permission denied >>>> >>>> Everything works fine so I don't understand what the problem is or >>>> how to correct it, or if it even needs correction. >>> >>> I have a similar problem and I think the reason is that the >>> openldap24-sasl-client port vanished and was merged into >>> openldap24-client. >>> >>> However, this made one of our ldap slaves stop working, I think this >>> is a showstopper. A switch for this is needed, in the meantime, how do >>> we build the client WITHOUT sasl? >>> >>> 20210801: >>>    AFFECTS: users of OpenLDAP >>>    AUTHOR: delphij@FreeBSD.org >>> >>>    SASL is now always enabled for OpenLDAP. >>> >>>    If you use portmaster: >>>          portmaster -o net/openldap24-client openldap-sasl-client >>>    If you use portupgrade: >>>          portupgrade -fo net/openldap24-client openldap-sasl-client >>>    If you use pkg with binary packages: >>>          pkg set -o net/openldap24-sasl-client:net/openldap24-client >>> >> >> I had to change the permissions on the /etc/opiekeys file to 0666 to >> stop the message from repeating. I don't know if that is actually a >> safe solution, but it works. >> >> I agree with you that the change to this port was probably not well >> thought out. >> > > I already did this. We use saslauthd exclusively and now it looks like, > > # ldapsearch > SASL/SCRAM-SHA-1 authentication started > Please enter your password: > ldap_sasl_interactive_bind_s: Invalid credentials (49) >         additional info: SASL(-13): user not found: no secret in database > > So I have no idea how I can convince slapd not look look in sasldb2.db. Sorted by reverting to 2021Q2 branch, no time to try to figure out. Does anybody know why sasl2 became a necessity? Per