On Wed, Jun 03, 2020 at 12:56:00PM +0100, Stuart Henderson wrote: > On 2020/06/03 06:02, Lucas Raab wrote: > > On Wed, Jun 03, 2020 at 08:19:40AM +0200, Landry Breuil wrote: > > > On Tue, Jun 02, 2020 at 05:01:06PM -0500, Lucas Raab wrote: > > > > Hello, > > > > > > > > Here are three new ports, two deps, and the one piece de resistance, > > > > web2ldap. > > > > > > > > sysutils/web2ldap - web-based LDAP client > > > > devel/py-xlwt - dep for exporting LDAP query results as XLS files > > > > devel/py-ldap0 - web2ldap's interface to the OpenLDAP libraries > > > > > > > > The author of web2ldap and py-ldap0 has been very responsive to some > > > > questions I had a few months ago and accepted a change to make it > > > > easier to manage on the BSDs as a whole. > > > > > > > > More information here: https://web2ldap.de/ > > > > Project upstream here: https://gitlab.com/ae-dir/web2ldap > > > > > > > > I've been using this in my own tree for several months now with no > > > > issues. That being said, I hope I didn't get complacent in the > > > > submission. > > > > > > > > Completely understand if this is too niche to warrant being included in > > > > the tree. If not so terribly niche, feedback? > > > > > > That looks interesting and a very complete ldap client/admin tool. Will > > > have to try it on some of my servers, but some porting nits first: > > > > > > - WANTLIB = python3.7m -> use ${MODPY_WANTLIB} > > > - use MODPY_EGG_VERSION in web2ldap, this way it gets substituted in the > > > PLIST > > > > See above about complacency :) I'll get those updated. > > > > > - are *all* those @sample required in ${SYSCONFDIR}/web2ldap ? that looks > > > a lot. > > > > I suppose not. I was going for a `pkg_add web2ldap` and > > `rcctl start web2ldap` style where moving files around was already > > sorted out for the user. Being too helpful there? It is rather a lot of > > files to manage in the PLIST... > > Rather than putting files in share/examples/web2ldap/templates and > @sample'ing them across, another option is to put them in > share/web2ldap/templates and installing a symlink at pkg_add time, > something like this should work (untested): > > @exec-add [ -e ${SYSCONFDIR}/web2ldap ] || ln -s %D/share/web2ldap/templates > ${SYSCONFDIR}/web2ldap/ > > That allows using the templates directory by default, but still > allows pointing the link elsewhere if you want to customise them. > > tls/ca-bundle.pem should just use the system file instead, > /etc/ssl/cert.pem (_don't_ use ${SYSCONFDIR} for that one).
Got it, I'll give that a whirl. Thanks! > > > > - instead of using 'nobody', create a new separate user for the daemon, > > > look for examples in other ports' PLIST (@newuser/@newgroup, + > > > db/user.list line) > > > > My rationale here was that there aren't any files that an extra user > > would need to own for web2ldap to run. Using nobody seemed the simplest > > approach to nulling out any privileges for the service to work. > > "nobody" is absolutely not allowed. > > $ getent passwd nobody > nobody:*:32767:32767:Unprivileged user for NFS:/nonexistent:/sbin/nologin > Aha, that makes sense now. Consider myself chastised :)
