Created attachment 237304 [details] Git-formatted patch * FETCH_DESC is not present with client * FETCH applies to *both* client and server since both slapd and client tools use ldif_parse_line2() via libldap which can use libfetch * GSSAPI is also required for the client as well since ldap*(1) commands can be used to connect and authenticate to directory servers like Active Directory and OpenLDAP with Kerberos via SASL GSSAPI mechanism I use especially openldap26-client for Active Directory access through shell, msktutil and py-ldap as well. Tested with default options on head and recent quarterly as well as these options on in poudriere in and out. In server these spots use functions which (ldif_fetch_url()/ldif_open_url()) which use libfetch: ======== ./servers/slapd/entry.c: rc = ldif_parse_line2( s, type+i, vals+i, &freev ); ./servers/slapd/overlays/retcode.c: if ( ldif_parse_line2( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ], ======== ldd dump for libfetch usage: ============== nobody@123-release-amd64-default-ldadw_base:/usr/ports/net/openldap26-client % ldd /usr/local/bin/ldapsearch /usr/local/bin/ldapsearch: libldap.so.2 => /usr/local/lib/libldap.so.2 (0x800261000) liblber.so.2 => /usr/local/lib/liblber.so.2 (0x8002c6000) libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x8002d8000) libssl.so.111 => /usr/lib/libssl.so.111 (0x8002f8000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x80039c000) libfetch.so.6 => /usr/lib/libfetch.so.6 (0x80068e000) libthr.so.3 => /lib/libthr.so.3 (0x8006a4000) libc.so.7 => /lib/libc.so.7 (0x8006d1000) libdl.so.1 => /usr/lib/libdl.so.1 (0x800ac9000) nobody@123-release-amd64-default-ldadw_base:/usr/ports/net/openldap26-client % ldd /usr/local/lib/libldap.so.2 /usr/local/lib/libldap.so.2: liblber.so.2 => /usr/local/lib/liblber.so.2 (0x8006d8000) libfetch.so.6 => /usr/lib/libfetch.so.6 (0x8006ea000) libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x800700000) libssl.so.111 => /usr/lib/libssl.so.111 (0x800720000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x800e00000) libthr.so.3 => /lib/libthr.so.3 (0x8007c4000) libc.so.7 => /lib/libc.so.7 (0x80024e000) libdl.so.1 => /usr/lib/libdl.so.1 (0x8007f1000) ============================================== nobody@123-release-amd64-default-openldap_gssapi_fix:/usr/local/sbin % ldd slapadd slapadd: libldap.so.2 => /usr/local/lib/libldap.so.2 (0x8003c8000) liblber.so.2 => /usr/local/lib/liblber.so.2 (0x80042d000) libltdl.so.7 => /usr/local/lib/libltdl.so.7 (0x80043f000) libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x80044c000) libcrypt.so.5 => /lib/libcrypt.so.5 (0x80046d000) libssl.so.111 => /usr/lib/libssl.so.111 (0x80048e000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x800532000) libevent-2.1.so.7 => /usr/local/lib/libevent-2.1.so.7 (0x800824000) libfetch.so.6 => /usr/lib/libfetch.so.6 (0x80087a000) libthr.so.3 => /lib/libthr.so.3 (0x800890000) libc.so.7 => /lib/libc.so.7 (0x8008bd000) libdl.so.1 => /usr/lib/libdl.so.1 (0x800cb5000) nobody@123-release-amd64-default-openldap_gssapi_fix:/usr/local/sbin % ldd /usr/local/lib/libldap.so.2 /usr/local/lib/libldap.so.2: liblber.so.2 => /usr/local/lib/liblber.so.2 (0x8006d2000) libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x8006e4000) libssl.so.111 => /usr/lib/libssl.so.111 (0x800705000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x800e00000) libthr.so.3 => /lib/libthr.so.3 (0x8007a9000) libc.so.7 => /lib/libc.so.7 (0x80024e000) libdl.so.1 => /usr/lib/libdl.so.1 (0x8007d6000) ============= Willing to provide a PR for openldap25-* as well if this one gets merged.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=de29d5bd2acda093fe3a5472df80c7cbd5a7b794 commit de29d5bd2acda093fe3a5472df80c7cbd5a7b794 Author: Michael Osipov <michael.osipov@siemens.com> AuthorDate: 2022-10-14 16:54:06 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2022-10-16 01:02:32 +0000 net/openldap26-{server,client}: fix proper usage of FETCH/GSSAPI options * FETCH_DESC is not present with client * FETCH applies to *both* client and server since both slapd and client tools use ldif_parse_line2() via libldap which can use libfetch * GSSAPI is also required for the client as well since ldap*(1) commands can be used to connect and authenticate to directory servers like Active Directory and OpenLDAP with Kerberos via SASL GSSAPI mechanism PR: ports/267056 net/openldap26-server/Makefile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-)
Committed, thanks!
(In reply to Xin LI from comment #2) Can you backport this for 2022Q4 as well? This has been a problem (lacking transtitive GSS-API support) for me for quite seome time. 2023Q1 is still almost two months away. Should I also check 2.5 and provide a patch if necessary?
2.5 has the same issue. A patch should be a no-brainer if you want to.
Will give a shot tomorrow.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b7db3e41f324cdbc95a33256dd4cdf7e38928fc0 commit b7db3e41f324cdbc95a33256dd4cdf7e38928fc0 Author: Michael Osipov <michael.osipov@siemens.com> AuthorDate: 2022-10-21 17:22:50 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2022-10-21 17:23:06 +0000 net/openldap25-{server,client}: fix proper usage of FETCH/GSSAPI options * FETCH_DESC is not present with client * FETCH applies to *both* client and server since both slapd and client tools use ldif_parse_line2() via libldap which can use libfetch * GSSAPI is also required for the client as well since ldap*(1) commands can be used to connect and authenticate to directory servers like Active Directory and OpenLDAP with Kerberos via SASL GSSAPI mechanism PR: ports/267056 net/openldap25-server/Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)
A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b0c892cf60d8100033984cad7e3d97c43db2d917 commit b0c892cf60d8100033984cad7e3d97c43db2d917 Author: Michael Osipov <michael.osipov@siemens.com> AuthorDate: 2022-10-21 17:22:50 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2022-10-21 17:25:59 +0000 net/openldap25-{server,client}: fix proper usage of FETCH/GSSAPI options * FETCH_DESC is not present with client * FETCH applies to *both* client and server since both slapd and client tools use ldif_parse_line2() via libldap which can use libfetch * GSSAPI is also required for the client as well since ldap*(1) commands can be used to connect and authenticate to directory servers like Active Directory and OpenLDAP with Kerberos via SASL GSSAPI mechanism PR: ports/267056 (cherry picked from commit b7db3e41f324cdbc95a33256dd4cdf7e38928fc0) net/openldap25-server/Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)
A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e1ea7c7eeda200ffdf04846fe2dd35104d900a63 commit e1ea7c7eeda200ffdf04846fe2dd35104d900a63 Author: Michael Osipov <michael.osipov@siemens.com> AuthorDate: 2022-10-14 16:54:06 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2022-10-21 17:25:57 +0000 net/openldap26-{server,client}: fix proper usage of FETCH/GSSAPI options * FETCH_DESC is not present with client * FETCH applies to *both* client and server since both slapd and client tools use ldif_parse_line2() via libldap which can use libfetch * GSSAPI is also required for the client as well since ldap*(1) commands can be used to connect and authenticate to directory servers like Active Directory and OpenLDAP with Kerberos via SASL GSSAPI mechanism PR: ports/267056 (cherry picked from commit de29d5bd2acda093fe3a5472df80c7cbd5a7b794) net/openldap26-server/Makefile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-)