Re: openldap-client vs openldap-sasl-client

[Julian Elischer]

On 5/01/2017 6:44 PM, Julian Elischer wrote:

On 5/01/2017 6:30 PM, Jan Bramkamp wrote:

On 04/01/2017 18:32, Andriy Gapon wrote:


Do you I understand correctly that it is impossible now to install 
both samba44

and libreoffice using the official FreeBSD package repository?
Or samba44 and KDE?

If yes, then that sucks...


similar happened recently with the two jpeg libraries.
They can't be installed at the same time but some packages wanted 
one and some the other.




Yes and yes it sucks. The "solution" is to build your own repo and 
set the right flags to always use the same LDAP client port. With 
binary packages and the speed of modern x86_64 systems I for one no 
longer see removing SASL support from OpenLDAP as useful enough to 
justify the complexity. Are there any reasons other than saved 
build time to disable this dependency (e.g. a bad security track 
record/process, different licenses)?

___
no, I think the "solution" is to think of an architectural way around 
this.

One thought:
 maybe we can have a 'virtual dependency"  that more than one package 
can satisfy?
 the USES stuff seems to be heading in that direction.  Maybe someone 
who knows more about it can tell us more about it?


I'd also like to see packages have more htan one way to install, to 
give the same effect as the linux -devel and regular packages.

pkg install --runtime vs  pkg install --devel
 (and I'd like to see a --minimal,  no docs, examples etc.)
Each would have their own depednencies as well, probably building up 
from minimal->runtime->devel






___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client (Miroslav Lachman)

[Andriy Gapon]

On 11/01/2017 03:27, Miroslav Lachman wrote:
> It should be fixed now in the ports tree. I don't know when new packages will 
> be
> available for pkg install / pkg upgrade.
> 
> https://svnweb.freebsd.org/ports?view=revision=431079

Good news!
Thanks for the fix.

-- 
Andriy Gapon
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client (Miroslav Lachman)

[Lee Brown]

On Tue, Jan 10, 2017 at 5:27 PM, Miroslav Lachman <000.f...@quip.cz> wrote:
> Lee Brown wrote on 2017/01/11 00:31:
>>>
>>> Jan Bramkamp wrote on 2017/01/05 11:30:

 On 04/01/2017 18:32, Andriy Gapon wrote:
>
>
> Do you I understand correctly that it is impossible now to install
> both samba44
> and libreoffice using the official FreeBSD package repository?
> Or samba44 and KDE?
>
> If yes, then that sucks...


 Yes and yes it sucks. The "solution" is to build your own repo and set
 the right flags to always use the same LDAP client port. With binary
 packages and the speed of modern x86_64 systems I for one no longer see
 removing SASL support from OpenLDAP as useful enough to justify the
 complexity. Are there any reasons other than saved build time to disable
 this dependency (e.g. a bad security track record/process, different
 licenses)?
>>>
>>>
>>> And what is the right way to choose SASL / NON-SASL version globaly?
>>> We are building packages in our poudriere, but I cannot find the proper
>>> variable / option for this.
>>>
>>> Miroslav Lachman
>>
>> (sorry for losing the headers, I had to copy/paste this as I switched
>> from digest to individual).
>>
>> Is there a satisfactory answer to Miroslav's question?
>>
>> I'm in the same predicament, I can't upgrade anything without removing
>> libreoffice, presumably because of samba.
>> I've tried looking through the tree of options for libreoffice and
>> samba, but I'm at a loss.
>
>
> It should be fixed now in the ports tree. I don't know when new packages
> will be available for pkg install / pkg upgrade.
>
> https://svnweb.freebsd.org/ports?view=revision=431079
>
> Miroslav Lachman
>
Oh awesome, that should be ready for me tomorrow morning then (I build
by own too).
Thank you -- lee
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client (Miroslav Lachman)

[Miroslav Lachman]

Lee Brown wrote on 2017/01/11 00:31:

Jan Bramkamp wrote on 2017/01/05 11:30:

On 04/01/2017 18:32, Andriy Gapon wrote:


Do you I understand correctly that it is impossible now to install
both samba44
and libreoffice using the official FreeBSD package repository?
Or samba44 and KDE?

If yes, then that sucks...


Yes and yes it sucks. The "solution" is to build your own repo and set
the right flags to always use the same LDAP client port. With binary
packages and the speed of modern x86_64 systems I for one no longer see
removing SASL support from OpenLDAP as useful enough to justify the
complexity. Are there any reasons other than saved build time to disable
this dependency (e.g. a bad security track record/process, different
licenses)?


And what is the right way to choose SASL / NON-SASL version globaly?
We are building packages in our poudriere, but I cannot find the proper
variable / option for this.

Miroslav Lachman

(sorry for losing the headers, I had to copy/paste this as I switched
from digest to individual).

Is there a satisfactory answer to Miroslav's question?

I'm in the same predicament, I can't upgrade anything without removing
libreoffice, presumably because of samba.
I've tried looking through the tree of options for libreoffice and
samba, but I'm at a loss.


It should be fixed now in the ports tree. I don't know when new packages 
will be available for pkg install / pkg upgrade.


https://svnweb.freebsd.org/ports?view=revision=431079

Miroslav Lachman

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client (Miroslav Lachman)

[Lee Brown]

> Jan Bramkamp wrote on 2017/01/05 11:30:
> > On 04/01/2017 18:32, Andriy Gapon wrote:
> >>
> >> Do you I understand correctly that it is impossible now to install
> >> both samba44
> >> and libreoffice using the official FreeBSD package repository?
> >> Or samba44 and KDE?
> >>
> >> If yes, then that sucks...
> >
> > Yes and yes it sucks. The "solution" is to build your own repo and set
> > the right flags to always use the same LDAP client port. With binary
> > packages and the speed of modern x86_64 systems I for one no longer see
> > removing SASL support from OpenLDAP as useful enough to justify the
> > complexity. Are there any reasons other than saved build time to disable
> > this dependency (e.g. a bad security track record/process, different
> > licenses)?
>
> And what is the right way to choose SASL / NON-SASL version globaly?
> We are building packages in our poudriere, but I cannot find the proper
> variable / option for this.
>
> Miroslav Lachman
(sorry for losing the headers, I had to copy/paste this as I switched
from digest to individual).

Is there a satisfactory answer to Miroslav's question?

I'm in the same predicament, I can't upgrade anything without removing
libreoffice, presumably because of samba.
I've tried looking through the tree of options for libreoffice and
samba, but I'm at a loss.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Miroslav Lachman]

Franco Fichtner wrote on 2017/01/10 06:48:



On 9 Jan 2017, at 11:54 PM, Miroslav Lachman <000.f...@quip.cz> wrote:

I don't need SASL for LDAP client, but somebody messed up ports tree with 
WANT_OPENLDAP_SASL which is for users and not maintainers:

# WANT_OPENLDAP_SASL
#   - User-defined variable to depend upon 
SASL-enabled OpenLDAP
# client. Must NOT be set in a port Makefile.


This note was added two days ago and it's simply not correct,
and/or overcome by events as it is against the common practice
in the tree *and* adhering to it would break currently working
ports.


Even if this doesn't exist at all the change was bad handled. No info in 
UPDATING and what was working for years now doesn't work. Simple "pkg 
upgrade" failed because of conflicting versions of openldap-client.



OpenLDAP needs framework improvements of the sort that gssapi
or ssl received, but we have yet to hear from the maintainer of
OpenLDAP on the matter.


And changes like this must be better tested before committing...

Breakages are too common in these days.

Miroslav Lachman
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Sergei Vyshenski]

Edemic enforcement of unwanted security technologies propagates further on.

Port net/p5-perl-ldap requires port security/p5-Authen-SASL,
which by defaul turns ON kerberos support.
This brings situation, when
private key infrastructure (PKI) software by default depends from Kerberos,
which is as if: nginx depends from apache.

Cf PR here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215835

Regards, Sergei

On Tue, Jan 10, 2017 at 1:54 AM, Miroslav Lachman <000.f...@quip.cz> wrote:

> Miroslav Lachman wrote on 2017/01/09 23:48:
>
>> Jan Bramkamp wrote on 2017/01/05 11:30:
>>
>>> On 04/01/2017 18:32, Andriy Gapon wrote:
>>>

 Do you I understand correctly that it is impossible now to install
 both samba44
 and libreoffice using the official FreeBSD package repository?
 Or samba44 and KDE?

 If yes, then that sucks...

>>>
>>> Yes and yes it sucks. The "solution" is to build your own repo and set
>>> the right flags to always use the same LDAP client port. With binary
>>> packages and the speed of modern x86_64 systems I for one no longer see
>>> removing SASL support from OpenLDAP as useful enough to justify the
>>> complexity. Are there any reasons other than saved build time to disable
>>> this dependency (e.g. a bad security track record/process, different
>>> licenses)?
>>>
>>
>> And what is the right way to choose SASL / NON-SASL version globaly?
>> We are building packages in our poudriere, but I cannot find the proper
>> variable / option for this.
>>
>> Miroslav Lachman
>>
>
> I don't need SASL for LDAP client, but somebody messed up ports tree with
> WANT_OPENLDAP_SASL which is for users and not maintainers:
>
> # WANT_OPENLDAP_SASL
> #   - User-defined variable to depend upon
> SASL-enabled OpenLDAP
> # client. Must NOT be set in a port
> Makefile.
>
> So why it is set there
>
> https://svnweb.freebsd.org/ports/head/databases/ldb/Makefile
> ?r1=430417=430416=430417
>
> and there
>
> https://svnweb.freebsd.org/ports/head/net/samba43/Makefile?
> r1=429692=429691=429692
>
> and maybe in some other places
>
> Miroslav Lachman
> ___
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
>
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Franco Fichtner]

> On 9 Jan 2017, at 11:54 PM, Miroslav Lachman <000.f...@quip.cz> wrote:
> 
> I don't need SASL for LDAP client, but somebody messed up ports tree with 
> WANT_OPENLDAP_SASL which is for users and not maintainers:
> 
> # WANT_OPENLDAP_SASL
> #   - User-defined variable to depend upon 
> SASL-enabled OpenLDAP
> # client. Must NOT be set in a port Makefile.

This note was added two days ago and it's simply not correct,
and/or overcome by events as it is against the common practice
in the tree *and* adhering to it would break currently working
ports.

OpenLDAP needs framework improvements of the sort that gssapi
or ssl received, but we have yet to hear from the maintainer of
OpenLDAP on the matter.

So far, there was a single answer on the suggestion to unify
SASL into OpenLDAP as a default option, to be taken out by avid
self-made port builders when they are sure they don't need it
and don't break their ports.  The plus would be no more
package name changes of the sort openldap-{sasl-,}client and
the dependency tracking issues associated with having two
ports clash with each other, because they are "same same but
different".


Cheers,
Franco
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Miroslav Lachman]

Miroslav Lachman wrote on 2017/01/09 23:48:

Jan Bramkamp wrote on 2017/01/05 11:30:

On 04/01/2017 18:32, Andriy Gapon wrote:


Do you I understand correctly that it is impossible now to install
both samba44
and libreoffice using the official FreeBSD package repository?
Or samba44 and KDE?

If yes, then that sucks...


Yes and yes it sucks. The "solution" is to build your own repo and set
the right flags to always use the same LDAP client port. With binary
packages and the speed of modern x86_64 systems I for one no longer see
removing SASL support from OpenLDAP as useful enough to justify the
complexity. Are there any reasons other than saved build time to disable
this dependency (e.g. a bad security track record/process, different
licenses)?


And what is the right way to choose SASL / NON-SASL version globaly?
We are building packages in our poudriere, but I cannot find the proper
variable / option for this.

Miroslav Lachman


I don't need SASL for LDAP client, but somebody messed up ports tree 
with WANT_OPENLDAP_SASL which is for users and not maintainers:


# WANT_OPENLDAP_SASL
#   - User-defined variable to depend upon 
SASL-enabled OpenLDAP
# client. Must NOT be set in a port 
Makefile.


So why it is set there

https://svnweb.freebsd.org/ports/head/databases/ldb/Makefile?r1=430417=430416=430417

and there

https://svnweb.freebsd.org/ports/head/net/samba43/Makefile?r1=429692=429691=429692

and maybe in some other places

Miroslav Lachman
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Miroslav Lachman]

Jan Bramkamp wrote on 2017/01/05 11:30:

On 04/01/2017 18:32, Andriy Gapon wrote:


Do you I understand correctly that it is impossible now to install
both samba44
and libreoffice using the official FreeBSD package repository?
Or samba44 and KDE?

If yes, then that sucks...


Yes and yes it sucks. The "solution" is to build your own repo and set
the right flags to always use the same LDAP client port. With binary
packages and the speed of modern x86_64 systems I for one no longer see
removing SASL support from OpenLDAP as useful enough to justify the
complexity. Are there any reasons other than saved build time to disable
this dependency (e.g. a bad security track record/process, different
licenses)?


And what is the right way to choose SASL / NON-SASL version globaly?
We are building packages in our poudriere, but I cannot find the proper 
variable / option for this.


Miroslav Lachman
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Jan Bramkamp]

On 05/01/2017 11:56, Franco Fichtner wrote:



On 5 Jan 2017, at 11:44 AM, Julian Elischer  wrote:

On 5/01/2017 6:30 PM, Jan Bramkamp wrote:

On 04/01/2017 18:32, Andriy Gapon wrote:


Do you I understand correctly that it is impossible now to install both samba44
and libreoffice using the official FreeBSD package repository?
Or samba44 and KDE?

If yes, then that sucks...


similar happened recently with the two jpeg libraries.
They can't be installed at the same time but some packages wanted one and some 
the other.


The OpenLDAP package state is a bit behind more modern ports framework
approaches.  Fixing the offending packages away from OpenLDAP is nice,
but eventually the issues will reappear port for port, time after time.

If we strive for default ports options that are sane for most users,
globally setting WANT_OPENLDAP_SASL=yes is the way to prevent that
from happening again.

There is probably a very valid historic reason for not having done so,
but people can still build their own ports without SASL if they want and
incompatibility issues are unlikely when the support is built in.  At
least we haven't seen anything in the past 6 months in OPNsense since we
switched to avoid this in our build runs.

And besides, having a package name flip-flop using arcane toggles should
be removed as it breaks POLA.

Long story short: make SASL an OPTION, add it to defaults, don't mess
with the package name anymore?


That would be my prefered short term solution. Can we get some input 
from the ports maintainer? Maybe there is still a good reason for the 
current state of affairs.

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Jan Bramkamp]

On 05/01/2017 12:04, Matthew Seaman wrote:

On 01/05/17 10:43, Kurt Jaeger wrote:

Hi!

[openldap-client vs openldap-sasl-client and libreoffice etc]

Yes and yes it sucks. The "solution" is to build your own repo and set
the right flags to always use the same LDAP client port. With binary
packages and the speed of modern x86_64 systems I for one no longer see
removing SASL support from OpenLDAP as useful enough to justify the
complexity.


The other question is: What's the use of SASL anyway ? I've seen it
for years in mailserver setups, etc, and it always caused trouble.



SASL effectively gets you a number of new authentication mechanisms.
Most of these are ways of proving you know a secret without sending the
actual secret (ie. password) over the net in plain text, but I think it
also adds the ability to use client TLS certificates for authentication.
IIRC.

I don't see much value in the extra mechanisms for secure login over
unencrypted links nowadays.  Pretty much everything I'm using currently
already requires TLS for good security reasons, so there's no real
downside to using plain LOGIN over the encrypted channel.  Plus the
'proof of knowledge' authentication mechanisms have a big downside: they
need the secret stored in the LDAP database in plain text, or in some
locally reversible encryption.  With LOGIN over TLS, I can use salted
password hashes in much the same way as Unix passwords.

SASL would be worth it for TLS client certificate functionality, if
that's the only way to enable that.


SASL external is required by OpenLDAP to extract authentication data 
from TLS client certificates and not all SASL mechs require plaintext 
passwords inside the database to avoid leaking the credentials over the 
wire e.g. SASL SCRAM (RFC 5802). You can also use SASL to authenticate 
against PAM.

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Matthew Seaman]

On 01/05/17 10:43, Kurt Jaeger wrote:

Hi!

[openldap-client vs openldap-sasl-client and libreoffice etc]

Yes and yes it sucks. The "solution" is to build your own repo and set
the right flags to always use the same LDAP client port. With binary
packages and the speed of modern x86_64 systems I for one no longer see
removing SASL support from OpenLDAP as useful enough to justify the
complexity.


The other question is: What's the use of SASL anyway ? I've seen it
for years in mailserver setups, etc, and it always caused trouble.



SASL effectively gets you a number of new authentication mechanisms.
Most of these are ways of proving you know a secret without sending the 
actual secret (ie. password) over the net in plain text, but I think it 
also adds the ability to use client TLS certificates for authentication. 
IIRC.


I don't see much value in the extra mechanisms for secure login over 
unencrypted links nowadays.  Pretty much everything I'm using currently 
already requires TLS for good security reasons, so there's no real 
downside to using plain LOGIN over the encrypted channel.  Plus the 
'proof of knowledge' authentication mechanisms have a big downside: they 
need the secret stored in the LDAP database in plain text, or in some 
locally reversible encryption.  With LOGIN over TLS, I can use salted 
password hashes in much the same way as Unix passwords.


SASL would be worth it for TLS client certificate functionality, if 
that's the only way to enable that.


Cheers,

Matthew

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Jan Bramkamp]

On 05/01/2017 11:43, Kurt Jaeger wrote:

Hi!

[openldap-client vs openldap-sasl-client and libreoffice etc]

Yes and yes it sucks. The "solution" is to build your own repo and set
the right flags to always use the same LDAP client port. With binary
packages and the speed of modern x86_64 systems I for one no longer see
removing SASL support from OpenLDAP as useful enough to justify the
complexity.


The other question is: What's the use of SASL anyway ? I've seen it
for years in mailserver setups, etc, and it always caused trouble.


SASL is a authentication API. It allows an application to reuse the 
tested SASL protocol and code. SASL differs from PAM in that it allows 
its authentication mechanisms more possibilities as required to deal 
with X.509 client certificates and Kerberos tickets. Without SASL 
OpenLDAP is limited to password based authentication against passwords 
stored inside the LDAP database as plaintext or salted MD5/SHA1 hashes. 
With SASL you can the supported SASL mechanisms:


* SASL external: Let the transport layer provide authentication. TLS 
protected connections can reuse the client certificate common name and 
map it to a LDAP object. Local connections over UNIX domain sockets can 
use the effective client user and primary group id to search for a 
matching user object inside the LDAP database.


* SASL GSSAPI: Use Kerberos to authenticate against the LDAP service. 
Works great for interactive use if you already have Kerberos deployed. 
Can be used to centralize password storage in the Kerberos KDCs instead 
of the LDAP service while still supporting LDAP simple binds.


In theory you could use a bunch of additional SASL mechs but these are 
the two I have encountered in everyday use.

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Franco Fichtner]

> On 5 Jan 2017, at 11:44 AM, Julian Elischer  wrote:
> 
> On 5/01/2017 6:30 PM, Jan Bramkamp wrote:
>> On 04/01/2017 18:32, Andriy Gapon wrote:
>>> 
>>> Do you I understand correctly that it is impossible now to install both 
>>> samba44
>>> and libreoffice using the official FreeBSD package repository?
>>> Or samba44 and KDE?
>>> 
>>> If yes, then that sucks...
> 
> similar happened recently with the two jpeg libraries.
> They can't be installed at the same time but some packages wanted one and 
> some the other.

The OpenLDAP package state is a bit behind more modern ports framework
approaches.  Fixing the offending packages away from OpenLDAP is nice,
but eventually the issues will reappear port for port, time after time.

If we strive for default ports options that are sane for most users,
globally setting WANT_OPENLDAP_SASL=yes is the way to prevent that
from happening again.

There is probably a very valid historic reason for not having done so,
but people can still build their own ports without SASL if they want and
incompatibility issues are unlikely when the support is built in.  At
least we haven't seen anything in the past 6 months in OPNsense since we
switched to avoid this in our build runs.

And besides, having a package name flip-flop using arcane toggles should
be removed as it breaks POLA.

Long story short: make SASL an OPTION, add it to defaults, don't mess
with the package name anymore?


Cheers,
Franco
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Julian Elischer]

On 5/01/2017 6:30 PM, Jan Bramkamp wrote:

On 04/01/2017 18:32, Andriy Gapon wrote:


Do you I understand correctly that it is impossible now to install 
both samba44

and libreoffice using the official FreeBSD package repository?
Or samba44 and KDE?

If yes, then that sucks...


similar happened recently with the two jpeg libraries.
They can't be installed at the same time but some packages wanted one 
and some the other.




Yes and yes it sucks. The "solution" is to build your own repo and 
set the right flags to always use the same LDAP client port. With 
binary packages and the speed of modern x86_64 systems I for one no 
longer see removing SASL support from OpenLDAP as useful enough to 
justify the complexity. Are there any reasons other than saved build 
time to disable this dependency (e.g. a bad security track 
record/process, different licenses)?

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to 
"freebsd-ports-unsubscr...@freebsd.org"




___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Kurt Jaeger]

Hi!

[openldap-client vs openldap-sasl-client and libreoffice etc]
> Yes and yes it sucks. The "solution" is to build your own repo and set 
> the right flags to always use the same LDAP client port. With binary 
> packages and the speed of modern x86_64 systems I for one no longer see 
> removing SASL support from OpenLDAP as useful enough to justify the 
> complexity.

The other question is: What's the use of SASL anyway ? I've seen it
for years in mailserver setups, etc, and it always caused trouble.

-- 
p...@opsec.eu+49 171 3101372 3 years to go !
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Jan Bramkamp]

On 04/01/2017 18:32, Andriy Gapon wrote:


Do you I understand correctly that it is impossible now to install both samba44
and libreoffice using the official FreeBSD package repository?
Or samba44 and KDE?

If yes, then that sucks...


Yes and yes it sucks. The "solution" is to build your own repo and set 
the right flags to always use the same LDAP client port. With binary 
packages and the speed of modern x86_64 systems I for one no longer see 
removing SASL support from OpenLDAP as useful enough to justify the 
complexity. Are there any reasons other than saved build time to disable 
this dependency (e.g. a bad security track record/process, different 
licenses)?

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: openldap-client vs openldap-sasl-client

[Derek Schrock]

On Wed, Jan 04, 2017 at 12:32:56PM EST, Andriy Gapon wrote:
> 
> Do you I understand correctly that it is impossible now to install both 
> samba44
> and libreoffice using the official FreeBSD package repository?
> Or samba44 and KDE?
> 
> If yes, then that sucks...
> 

I believe this is being fix but for now yes you can't have
openldap-sasl-client installed when something else needs openldap-client
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

openldap-client vs openldap-sasl-client

[Andriy Gapon]

Do you I understand correctly that it is impossible now to install both samba44
and libreoffice using the official FreeBSD package repository?
Or samba44 and KDE?

If yes, then that sucks...

-- 
Andriy Gapon
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"