Bug 257374

Summary: net/openldap24-client: organizations needing LDAP SASL support cannot use pre-built packages
Product: Ports & Packages Reporter: David E. O'Brien <obrien>
Component: Individual Port(s)Assignee: Xin LI <delphij>
Status: Closed FIXED    
Severity: Affects Many People CC: bugzilla.freebsd, delphij, dgilbert, grahamperrin, portmgr
Priority: --- Flags: delphij: maintainer-feedback+
delphij: merge-quarterly?
antoine: exp-run+
Version: Latest   
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 257502    
Attachments:
Description Flags
Patch for exp-run that permanently enables SASL for OpenLDAP port
none
Refresh with latest main delphij: maintainer-approval? (portmgr)

Description David E. O'Brien freebsd_committer 2021-07-24 04:52:06 UTC
As an example, Juniper Networks needs openldap-sasl-client in order to authenticate on our FreeBSD build systems.  But openldap-client is a dependacy for a LARGE number of other ports we need to use.


The 'ldd' difference that SASL support adds is only:
 /usr/local/bin/ldapsearch:
 	libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2
 	liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2
+	libsasl2.so.3 => /usr/local/lib/libsasl2.so.3
 	libssl.so.111 => /usr/lib/libssl.so.111
 	libcrypto.so.111 => /lib/libcrypto.so.111
 	libc.so.7 => /lib/libc.so.7
+	libdl.so.1 => /usr/lib/libdl.so.1
 	libthr.so.3 => /lib/libthr.so.3

I do not see this as a burden given the LARGE number of dependancies most of our other ports have grown in the last decade as every knob of functionality seems turned on in many.

SASL support should be the default for openldap-client given it is so low cost, but the cost of having to build 1000 packages from source is a high burden on an organization.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-07-24 05:03:44 UTC
*** Bug 257375 has been marked as a duplicate of this bug. ***
Comment 2 Graham Perrin 2021-07-24 09:34:56 UTC
See also: bug 248222
Comment 3 Xin LI freebsd_committer 2021-07-25 08:02:38 UTC
Created attachment 226671 [details]
Patch for exp-run that permanently enables SASL for OpenLDAP port
Comment 4 Xin LI freebsd_committer 2021-07-25 08:16:57 UTC
(For portmgr@ -- should the exp-run passes, may I also request an approval to commit the change to individual ports that depends on openldap24-client instead of seeking approval from maintainers individually?  These are mainly to adapt with new port option.  I can revert the databases/mysql57-server/Makefile change which drops llvm 9.0 dependency, if that's considered controversial.).
Comment 5 Xin LI freebsd_committer 2021-07-25 08:21:09 UTC
*** Bug 257234 has been marked as a duplicate of this bug. ***
Comment 6 Xin LI freebsd_committer 2021-07-25 08:22:37 UTC
https://reviews.freebsd.org/D31301 is the same patch
Comment 7 Harald Schmalzbauer 2021-07-25 09:32:52 UTC
(In reply to Xin LI from comment #6)
Why do you want to remove the option to build without SASL support, instead of only swaping the default?
Pre-built packages would fit the needs as described in this report, but anyobody else, not needing/wanting SASL dependency, still was able to build the lean package?

I'd strongly vote for keeping options in place and just add SASL to OPTIONS_DEFAULT (along with the fixes in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257234)
The port even respects build-time installation variants nicely.
I'm missing the benefit of removing the variant.

-harry
Comment 8 Xin LI freebsd_committer 2021-07-25 22:08:06 UTC
(In reply to Harald Schmalzbauer from comment #7)
Supporting SASL is part of LDAPv3 RFC wire protocol, so it's not unreasonable that a third party expected it and as you can see there are some highly used packages that depended on it.

And immediately after flipping the default, we are reinforcing that expectation; ports which will not work with a non-SASL variant of OpenLDAP would be silently broken instead of being pointed out by package builders, and it would be a waste of time for users who opt to a !SASL version of OpenLDAP.

Therefore, making it an option is a no go in my opinion.
Comment 9 Antoine Brodin freebsd_committer 2021-07-27 10:26:47 UTC
Can you refresh the patch?

error: patch failed: mail/postfix-current/Makefile:2
error: mail/postfix-current/Makefile: patch does not apply
error: patch failed: mail/postfix/Makefile:2
error: mail/postfix/Makefile: patch does not apply
error: patch failed: mail/postfix35/Makefile:2
error: mail/postfix35/Makefile: patch does not apply
Comment 10 Xin LI freebsd_committer 2021-07-28 04:14:41 UTC
Created attachment 226751 [details]
Refresh with latest main

Sure, here you go
Comment 11 Antoine Brodin freebsd_committer 2021-07-30 20:27:02 UTC
Exp-run looks fine
Comment 12 commit-hook freebsd_committer 2021-08-01 08:32:52 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=974e13b50148c5c8e7b33a1cb7e9dbaa9aedbc70

commit 974e13b50148c5c8e7b33a1cb7e9dbaa9aedbc70
Author:     Xin LI <delphij@FreeBSD.org>
AuthorDate: 2021-08-01 08:31:01 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2021-08-01 08:32:35 +0000

    net/openldap24-server: Make SASL permanent for OpenLDAP port.

    PR:             ports/257374
    Reviewed by:    obrien
    Approved by:    portmgr (exp-run by antoine)
    Differential Revision: https://reviews.freebsd.org/D31301

 CHANGES                                    |  5 +++
 MOVED                                      |  1 +
 Mk/bsd.ldap.mk                             | 13 +-------
 Mk/bsd.port.mk                             |  5 +--
 UPDATING                                   | 13 ++++++++
 databases/mysql57-client/Makefile          |  4 +--
 databases/mysql57-server/Makefile          | 11 -------
 databases/percona57-client/Makefile        |  4 +--
 lang/php73/Makefile                        |  2 +-
 lang/php73/Makefile.ext                    |  6 +---
 lang/php74/Makefile                        |  2 +-
 lang/php74/Makefile.ext                    |  6 +---
 lang/php80/Makefile                        |  2 +-
 lang/php80/Makefile.ext                    |  6 +---
 mail/opendkim/Makefile                     |  6 +---
 mail/postfix-current/Makefile              | 13 ++------
 mail/postfix/Makefile                      | 13 ++------
 mail/postfix35/Makefile                    | 13 ++------
 mail/vpopmail/Makefile                     |  8 ++---
 net-mgmt/adcli/Makefile                    |  3 +-
 net/Makefile                               |  1 -
 net/ldapscripts/Makefile                   |  2 +-
 net/nss-pam-ldapd/Makefile                 |  2 +-
 net/nss_ldap/Makefile                      | 10 ++----
 net/openldap24-sasl-client/Makefile (gone) |  7 ----
 net/openldap24-server/Makefile             | 53 +++++-------------------------
 net/py-ldap/Makefile                       | 10 +-----
 net/py-ldap0/Makefile                      |  4 +--
 security/cyrus-sasl2-ldapdb/Makefile       |  7 ----
 security/cyrus-sasl2-saslauthd/Makefile    |  6 ++--
 security/cyrus-sasl2/Makefile              |  2 +-
 security/heimdal/Makefile                  |  5 +--
 sysutils/ldapvi/Makefile                   |  7 +---
 sysutils/msktutil/Makefile                 |  3 +-
 34 files changed, 65 insertions(+), 190 deletions(-)
Comment 13 Xin LI freebsd_committer 2021-08-01 08:34:27 UTC
*** Bug 248222 has been marked as a duplicate of this bug. ***