From nobody Wed Aug 11 14:52:03 2021
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 64D55175D15B
	for <ports@mlmmj.nyi.freebsd.org>; Wed, 11 Aug 2021 14:52:09 +0000 (UTC)
	(envelope-from peo@nethead.se)
Received: from ns1.nethead.se (ns1.nethead.se [5.150.237.139])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "ns1.nethead.se", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4GlCTN3Qrvz3JNP
	for <ports@freebsd.org>; Wed, 11 Aug 2021 14:52:08 +0000 (UTC)
	(envelope-from peo@nethead.se)
X-Virus-Scanned: amavisd-new at Nethead AB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nethead.se;
	s=NETHEADSE; t=1628693525;
	bh=i5sS9dYHNTj+Ny81S9Ap0/bEmhBCDb0Ly/YThz3lZrk=;
	h=Subject:To:References:From:Date:In-Reply-To;
	b=uyelyThj5cwQ8B2sEJgfmFNZ/a8+2NZwP74nwwgqtxA2P99Vw4mNjijNNHxXSvSSo
	 CBKWijq0bBKFiPtpbsSdcg2NRJ3/m5ZCLAsHwYrrCW6euOZRNcavr/8hqR00t3oAfT
	 uSyl/wzo7VAPiFPDdAyW0+pyar5mso3RTBH6iS9w=
Subject: Re: Update of OpenLdap
To: ports@freebsd.org
References: <20210807072442.0000095d@seibercom.net>
 <46245ca6-3f26-5acb-933b-fd8ab864ff30@nethead.se>
 <PH0PR16MB4245C4AD54C5E74910DFC0B380F89@PH0PR16MB4245.namprd16.prod.outlook.com>
 <bac9a38e-9ec9-5ccb-a6f7-94580a18f929@nethead.se>
From: Per olof Ljungmark <peo@nethead.se>
Message-ID: <1409f3c6-b903-8993-c0ed-e3135e833348@nethead.se>
Date: Wed, 11 Aug 2021 16:52:03 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
In-Reply-To: <bac9a38e-9ec9-5ccb-a6f7-94580a18f929@nethead.se>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4GlCTN3Qrvz3JNP
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=nethead.se header.s=NETHEADSE header.b=uyelyThj;
	dmarc=pass (policy=none) header.from=nethead.se;
	spf=pass (mx1.freebsd.org: domain of peo@nethead.se designates 5.150.237.139 as permitted sender) smtp.mailfrom=peo@nethead.se
X-Spamd-Result: default: False [-0.20 / 15.00];
	 ARC_NA(0.00)[];
	 R_DKIM_ALLOW(-0.20)[nethead.se:s=NETHEADSE];
	 FROM_HAS_DN(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 R_SPF_ALLOW(-0.20)[+ip4:5.150.237.139];
	 MIME_GOOD(-0.10)[text/plain];
	 TO_DN_NONE(0.00)[];
	 RCPT_COUNT_ONE(0.00)[1];
	 NEURAL_SPAM_SHORT(0.80)[0.798];
	 DKIM_TRACE(0.00)[nethead.se:+];
	 DMARC_POLICY_ALLOW(-0.50)[nethead.se,none];
	 RCVD_COUNT_ZERO(0.00)[0];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 ASN(0.00)[asn:8473, ipnet:5.150.192.0/18, country:SE];
	 MID_RHS_MATCH_FROM(0.00)[];
	 RWL_MAILSPIKE_POSSIBLE(0.00)[5.150.237.139:from]
X-ThisMailContainsUnwantedMimeParts: N

On 8/11/21 12:01 PM, Per olof Ljungmark wrote:
> On 8/11/21 11:33 AM, Carmel wrote:
>> On Wed, 11 Aug 2021 10:49:49 +0200, Per olof Ljungmark stated:
>>> On 8/7/21 1:24 PM, Jerry Seibert wrote:
>>>> FreeBSD 11.4-RELEASE-p9
>>>>
>>>> After the recent updating of "openldap", the follow error/warning
>>>> message is presented whenever I attempt to access the database.
>>>>
>>>> Aug  7 07:13:57 scorpio slapd[82175]: OTP unavailable because can't
>>>> read/write key database /etc/opiekeys: Permission denied
>>>>
>>>> Everything works fine so I don't understand what the problem is or
>>>> how to correct it, or if it even needs correction.
>>>
>>> I have a similar problem and I think the reason is that the
>>> openldap24-sasl-client port vanished and was merged into
>>> openldap24-client.
>>>
>>> However, this made one of our ldap slaves stop working, I think this
>>> is a showstopper. A switch for this is needed, in the meantime, how do
>>> we build the client WITHOUT sasl?
>>>
>>> 20210801:
>>>    AFFECTS: users of OpenLDAP
>>>    AUTHOR: delphij@FreeBSD.org
>>>
>>>    SASL is now always enabled for OpenLDAP.
>>>
>>>    If you use portmaster:
>>>          portmaster -o net/openldap24-client openldap-sasl-client
>>>    If you use portupgrade:
>>>          portupgrade -fo net/openldap24-client openldap-sasl-client
>>>    If you use pkg with binary packages:
>>>          pkg set -o net/openldap24-sasl-client:net/openldap24-client
>>>
>>
>> I had to change the permissions on the /etc/opiekeys file to 0666 to
>> stop the message from repeating. I don't know if that is actually a
>> safe solution, but it works.
>>
>> I agree with you that the change to this port was probably not well
>> thought out.
>>
> 
> I already did this. We use saslauthd exclusively and now it looks like,
> 
> # ldapsearch
> SASL/SCRAM-SHA-1 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>          additional info: SASL(-13): user not found: no secret in database
> 
> So I have no idea how I can convince slapd not look look in sasldb2.db.

Sorted by reverting to 2021Q2 branch, no time to try to figure out. Does 
anybody know why sasl2 became a necessity?

Per