[Bug 211142] net/samba42 - PORT_OPTIONS:MADS should enforce WANT_OPENLDAP_SASL

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211142

            Bug ID: 211142
           Summary: net/samba42 - PORT_OPTIONS:MADS should enforce
                    WANT_OPENLDAP_SASL
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: timur at FreeBSD.org
          Reporter: prj at rootwyrm.com
          Assignee: timur at FreeBSD.org
             Flags: maintainer-feedback?(timur at FreeBSD.org)

Also impacts net/samba43 net/samba44 

This one has been causing me headaches for a while and definitely needs some
discussion around the implications. It appears to have been previously
attempted (net/samba42/Makefile at 349) but commented out. So currently it
obeys make.conf settings. However, in an actual modern AD environment, LDAP
queries should implicitly use KRB5 which requires GSSAPI. This means the port
is more or less 'broken by default' for properly configured AD environments.
It also impacts security/sssd which currently does not have an explicit
requirement for openldap24-sasl-client defined, but absolutely requires it. 

This obviously has implications since it is a change to defaults which could
impact dependent ports and pkg builds. However, as it is essentially
incompatible with the current AD security model, are there specific reasons to
not switch Samba ports to require OPENLDAP_SASL?

-- 
You are receiving this mail because:
You are the assignee for the bug.