200550 – www/nginx - HTTP_AUTH_LDAP is in dire need of an update

Bug 200550 - www/nginx - HTTP_AUTH_LDAP is in dire need of an update

Summary: www/nginx - HTTP_AUTH_LDAP is in dire need of an update

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Peter Wemm

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-05-31 06:56 UTC by Peter Wemm
Modified:	2015-06-03 00:42 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (osa)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Wemm freebsd_committer

2015-05-31 06:56:23 UTC

The HTTP_AUTH_LDAP module of nginx is in dire need of an update.  We would like to use this in the freebsd.org cluster but the one shipped is several years old and painfully out of date and IMHO almost unusable.  It closes and reopens an ldap session for every single request.  The newer versions have caching.

This is the patch that we are using in the freebsd.org cluster. It will likely need some adjustments but it is working for us.

root@pb00:/p/poudriere/ports/cluster/www/nginx # svn diff
Index: Makefile
===================================================================
--- Makefile	(revision 388046)
+++ Makefile	(working copy)
@@ -290,10 +290,11 @@
 
 .if ${PORT_OPTIONS:MHTTP_AUTH_LDAP}
 # WWW: https://github.com/kvspb/nginx-auth-ldap
-GIT_HTTP_AUTH_LDAP_VERSION=	c4dc7c9153
-MASTER_SITES+=	LOCAL/rm:http_auth_ldap
-DISTFILES+=	http_auth_ldap-${GIT_HTTP_AUTH_LDAP_VERSION}.tar.gz:http_auth_ldap
-CONFIGURE_ARGS+=--add-module=${WRKDIR}/http_auth_ldap-${GIT_HTTP_AUTH_LDAP_VERSION}
+GIT_HTTP_AUTH_LDAP_VERSION=	928856aa95
+GH_ACCOUNT+=	kvspb:http_auth_ldap
+GH_PROJECT+=	nginx-auth-ldap:http_auth_ldap
+GH_TAGNAME+=	${GIT_HTTP_AUTH_LDAP_VERSION}:http_auth_ldap
+CONFIGURE_ARGS+=--add-module=${WRKDIR}/nginx-auth-ldap-${GIT_HTTP_AUTH_LDAP_VERSION}
 USE_OPENLDAP=	yes
 .endif
 
Index: distinfo
===================================================================
--- distinfo	(revision 388046)
+++ distinfo	(working copy)
@@ -2,8 +2,8 @@
 SIZE (nginx-1.8.0.tar.gz) = 832104
 SHA256 (nginx-accesskey-2.0.3.tar.gz) = d9e94321e78a02de16c57f3e048fd31059fd8116ed03d6de7180f435c52502b1
 SIZE (nginx-accesskey-2.0.3.tar.gz) = 2632
-SHA256 (http_auth_ldap-c4dc7c9153.tar.gz) = ac082a36afdbcfd883303bc2b1aaea5f2b4d2a772ad8eec9ecf3328e81300e1a
-SIZE (http_auth_ldap-c4dc7c9153.tar.gz) = 5323
+SHA256 (kvspb-nginx-auth-ldap-928856aa95_GH0.tar.gz) = de21b7d9ef0953e96736f6b02d11236c46b138a0bc7889725e8b31f7482e67de
+SIZE (kvspb-nginx-auth-ldap-928856aa95_GH0.tar.gz) = 15237
 SHA256 (ngx_http_auth_pam_module-1.2.tar.gz) = 5a85970ba61a99f55a26d2536a11d512b39bbd622f5737d25a9a8c10db81efa9
 SIZE (ngx_http_auth_pam_module-1.2.tar.gz) = 5424
 SHA256 (ngx_cache_purge-2.3.tar.gz) = 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c

Comment 1 Sergey A. Osokin freebsd_committer

2015-05-31 13:54:26 UTC

Approved, please go ahead and commit changes.

Comment 2 commit-hook freebsd_committer

2015-06-02 07:51:42 UTC

A commit references this bug:

Author: peter
Date: Tue Jun  2 07:51:01 UTC 2015
New revision: 388308
URL: https://svnweb.freebsd.org/changeset/ports/388308

Log:
  Update the optional (defaults to off) ldap authentication module to a more
  recent version.  Of particular importance is that the old one
  connected/disconnected to the ldap server for every single URL being served
  while this one has a configurable cache.

  PR:		200550
  Reviewed by:	osa

Changes:
  head/www/nginx/Makefile
  head/www/nginx/distinfo
  head/www/nginx-devel/Makefile
  head/www/nginx-devel/distinfo