From owner-freebsd-ports-bugs@freebsd.org Fri Jul 15 14:16:15 2016 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29A4EB99C7B for ; Fri, 15 Jul 2016 14:16:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E72201D01 for ; Fri, 15 Jul 2016 14:16:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6FEGECC086256 for ; Fri, 15 Jul 2016 14:16:14 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 211142] net/samba42 - PORT_OPTIONS:MADS should enforce WANT_OPENLDAP_SASL Date: Fri, 15 Jul 2016 14:16:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: prj@rootwyrm.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: timur@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jul 2016 14:16:15 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211142 Bug ID: 211142 Summary: net/samba42 - PORT_OPTIONS:MADS should enforce WANT_OPENLDAP_SASL Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: timur@FreeBSD.org Reporter: prj@rootwyrm.com Assignee: timur@FreeBSD.org Flags: maintainer-feedback?(timur@FreeBSD.org) Also impacts net/samba43 net/samba44=20 This one has been causing me headaches for a while and definitely needs some discussion around the implications. It appears to have been previously attempted (net/samba42/Makefile at 349) but commented out. So currently it obeys make.conf settings. However, in an actual modern AD environment, LDAP queries should implicitly use KRB5 which requires GSSAPI. This means the po= rt is more or less 'broken by default' for properly configured AD environments. It also impacts security/sssd which currently does not have an explicit requirement for openldap24-sasl-client defined, but absolutely requires it.= =20 This obviously has implications since it is a change to defaults which could impact dependent ports and pkg builds. However, as it is essentially incompatible with the current AD security model, are there specific reasons= to not switch Samba ports to require OPENLDAP_SASL? --=20 You are receiving this mail because: You are the assignee for the bug.=