Bug 200550

Summary: www/nginx - HTTP_AUTH_LDAP is in dire need of an update
Product: Ports & Packages Reporter: Peter Wemm <peter>
Component: Individual Port(s)Assignee: Peter Wemm <peter>
Status: Closed FIXED    
Severity: Affects Only Me CC: osa
Priority: --- Flags: bugzilla: maintainer-feedback? (osa)
Version: Latest   
Hardware: Any   
OS: Any   

Description Peter Wemm freebsd_committer freebsd_triage 2015-05-31 06:56:23 UTC 
The HTTP_AUTH_LDAP module of nginx is in dire need of an update.  We would like to use this in the freebsd.org cluster but the one shipped is several years old and painfully out of date and IMHO almost unusable.  It closes and reopens an ldap session for every single request.  The newer versions have caching.

This is the patch that we are using in the freebsd.org cluster. It will likely need some adjustments but it is working for us.

root@pb00:/p/poudriere/ports/cluster/www/nginx # svn diff
Index: Makefile
===================================================================
--- Makefile	(revision 388046)
+++ Makefile	(working copy)
@@ -290,10 +290,11 @@
 
 .if ${PORT_OPTIONS:MHTTP_AUTH_LDAP}
 # WWW: https://github.com/kvspb/nginx-auth-ldap
-GIT_HTTP_AUTH_LDAP_VERSION=	c4dc7c9153
-MASTER_SITES+=	LOCAL/rm:http_auth_ldap
-DISTFILES+=	http_auth_ldap-${GIT_HTTP_AUTH_LDAP_VERSION}.tar.gz:http_auth_ldap
-CONFIGURE_ARGS+=--add-module=${WRKDIR}/http_auth_ldap-${GIT_HTTP_AUTH_LDAP_VERSION}
+GIT_HTTP_AUTH_LDAP_VERSION=	928856aa95
+GH_ACCOUNT+=	kvspb:http_auth_ldap
+GH_PROJECT+=	nginx-auth-ldap:http_auth_ldap
+GH_TAGNAME+=	${GIT_HTTP_AUTH_LDAP_VERSION}:http_auth_ldap
+CONFIGURE_ARGS+=--add-module=${WRKDIR}/nginx-auth-ldap-${GIT_HTTP_AUTH_LDAP_VERSION}
 USE_OPENLDAP=	yes
 .endif
 
Index: distinfo
===================================================================
--- distinfo	(revision 388046)
+++ distinfo	(working copy)
@@ -2,8 +2,8 @@
 SIZE (nginx-1.8.0.tar.gz) = 832104
 SHA256 (nginx-accesskey-2.0.3.tar.gz) = d9e94321e78a02de16c57f3e048fd31059fd8116ed03d6de7180f435c52502b1
 SIZE (nginx-accesskey-2.0.3.tar.gz) = 2632
-SHA256 (http_auth_ldap-c4dc7c9153.tar.gz) = ac082a36afdbcfd883303bc2b1aaea5f2b4d2a772ad8eec9ecf3328e81300e1a
-SIZE (http_auth_ldap-c4dc7c9153.tar.gz) = 5323
+SHA256 (kvspb-nginx-auth-ldap-928856aa95_GH0.tar.gz) = de21b7d9ef0953e96736f6b02d11236c46b138a0bc7889725e8b31f7482e67de
+SIZE (kvspb-nginx-auth-ldap-928856aa95_GH0.tar.gz) = 15237
 SHA256 (ngx_http_auth_pam_module-1.2.tar.gz) = 5a85970ba61a99f55a26d2536a11d512b39bbd622f5737d25a9a8c10db81efa9
 SIZE (ngx_http_auth_pam_module-1.2.tar.gz) = 5424
 SHA256 (ngx_cache_purge-2.3.tar.gz) = 279e0d8a46d3b1521fd43b3f78bc1c08b263899142a7cc5058c1c0361a92c89c
Comment 1 Sergey A. Osokin freebsd_committer freebsd_triage 2015-05-31 13:54:26 UTC 
Approved, please go ahead and commit changes.
Comment 2 commit-hook freebsd_committer freebsd_triage 2015-06-02 07:51:42 UTC 
A commit references this bug:

Author: peter
Date: Tue Jun  2 07:51:01 UTC 2015
New revision: 388308
URL: https://svnweb.freebsd.org/changeset/ports/388308

Log:
  Update the optional (defaults to off) ldap authentication module to a more
  recent version.  Of particular importance is that the old one
  connected/disconnected to the ldap server for every single URL being served
  while this one has a configurable cache.

  PR:		200550
  Reviewed by:	osa

Changes:
  head/www/nginx/Makefile
  head/www/nginx/distinfo
  head/www/nginx-devel/Makefile
  head/www/nginx-devel/distinfo