Date: Tue, 15 Jul 2003 15:49:53 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Jean-Baptiste Quenot <jb.quenot@caraldi.com> Cc: ports@freebsd.org Subject: Re: Patch port nss_ldap's Makefile for ldap.conf location Message-ID: <20030715204952.GE86657@madman.celabo.org> In-Reply-To: <20030710110751.GA6966@watt.intra.caraldi.com> References: <20030710110751.GA6966@watt.intra.caraldi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 10, 2003 at 01:07:53PM +0200, Jean-Baptiste Quenot wrote:
> Please find below a patch that fixes the location of ldap.conf to
> reflect the location specified by the associated port pam_ldap. The
> config file should be $(PREFIX)/etc/ldap.conf, not /etc/ldap.conf.
>
> -----------------------------------8<-----------------------------------
> --- Makefile.orig Wed Jul 9 17:59:19 2003
> +++ Makefile Wed Jul 9 17:58:50 2003
> @@ -25,6 +25,9 @@
> CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
> LDFLAGS="-L${LOCALBASE}/lib -Wl,-rpath,${LOCALBASE}/lib"
>
> +CONFIGURE_ARGS= --with-ldap-conf-file=${PREFIX}/etc/ldap.conf \
> + --with-ldap-secret-file=${PREFIX}/etc/ldap.secret
> +
> post-extract:
> ${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}
> -----------------------------------8<-----------------------------------
>
> I've been struggling for hours trying to make nss_ldap work on FreeBSD
> 5.1 Release, and it was just that damn' file.
Heh, sorry. I remember scratching my head about the default location
myself, but it never occurred to me to do something about it :-)
I agree that it should be under ${PREFIX}, and the location mentioned
at install time. I wonder if additionally it should be named
something specific to this port ... I wouldn't want the configuration
file to clash with some other use of OpenLDAP. Perhaps
${PREFIX}/etc/nss_ldap.conf and ${PREFIX}/etc/nss_ldap.secret?
> BTW, it was not clear for
> me before, but pam_ldap is only used for authentication. Without
> nss_ldap, pam_ldap is pretty useless, ie it requires user entries in the
> local password file.
Yep, PAM just does authentication, not directory services. You don't
even have to use pam_ldap in conjunction with nss_ldap... you could
use e.g. pam_krb5 instead for stronger authentication.
> Thank you, and keep up the good work!
Cheers!
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030715204952.GE86657>