[Bug 241347] security/sssd: Update to 1.16.4

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241347

--- Comment #17 from Phillip R. Jaenke <prj at rootwyrm.com> ---
Created attachment 210896
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=210896&action=edit
sssd_binalias_python3.patch

This is currently being blocked by #242077 (databases/ldb14 PLIST error) since
November, and I have submitted a patch to resolve that issue. It was suggested
to use a newer LDB and indicated that ldb14 will be expired, so, now it builds
with ldb15. Because we still don't have anything newer than 1.5. C'est la vie.

The attached patch slaps a BINARY_ALIAS fix on the python3 issue in autoconf,
which should be fine, since everything else is looking in the right place. It's
just autoconf being autoconf. Note that this goes on top of Lukas' patch, not
separately.

Since we haven't heard any updates in quite some time now, I'm inclined to
suggest we go ahead and commit the combined patches in hopes of getting broader
testing, and do some additional cleanup based on results. I have not had time
to do ANY proper testing of functionality yet due to Samba also being broken.
We need people to get testing whether or not this functions as intended at this
point.

------------
The following make.conf (or equivalent) settings are REQUIRED to generate a
fully functional SSSD for both AD and LDAP(S) environments. If you use defaults
for the dependencies, it should NOT be expected to work in reasonable
environments through no fault of it's own. (OpenLDAP does not have SASL by
default, see D21855.)

## make.conf snippet
# DEFAULT_VERSIONS must be set exactly this way! openssl can be base or ports.
DEFAULT_VERSIONS+=perl5=5.30
DEFAULT_VERSIONS+=python3=3.6    # 3.6 is minimum, not maximum - dep safety
DEFAULT_VERSIONS+=samba=4.10

# security/sssd options for maximum testing
security_sssd_SET+=SMB

# Do not rely on these, not all ports obey or use these names.
OPTIONS_SET+=GSSAPI_MIT
OPTIONS_UNSET+=GSSAPI_BASE GSSAPI_HEIMDAL
# openldap is not SASL by default; AD requires SASL
WANT_OPENLDAP_SASL=yes
OPTIONS_SET+=WANT_OPENLDAP_SASL

# required for DNS registration to work 
dns_bind-tools_SET+=GSSAPI_MIT
dns_bind-tools_UNSET+=GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_NONE

# net/samba410 has very specific settings required
# mDNS/ZeroConf can be anything but AVAHI works best for now
# XXX: NEVER mix GSSAPI_MIT and AD_DC, you will have a BAD TIME.
net_samba410_set+=ADS GSSAPI_MIT NSUPDATE
net_samba410_unset+=AD_DC GSSAPI_BUILTIN BIND911 BIND914

-- 
You are receiving this mail because:
You are the assignee for the bug.