| Message ID | 20220325153439.1478493-1-zimon.toutoune@gmail.com |
|---|---|
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D7E7B27BBEA; Fri, 25 Mar 2022 15:35:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id AD78427BBE9 for <patchwork@mira.cbaines.net>; Fri, 25 Mar 2022 15:35:16 +0000 (GMT) Received: from localhost ([::1]:53142 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>) id 1nXly7-0006oa-Qn for patchwork@mira.cbaines.net; Fri, 25 Mar 2022 11:35:15 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44994) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nXlxv-0006mh-An for guix-patches@gnu.org; Fri, 25 Mar 2022 11:35:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:58314) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nXlxv-0001ec-20 for guix-patches@gnu.org; Fri, 25 Mar 2022 11:35:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1nXlxu-0001Eu-VK for guix-patches@gnu.org; Fri, 25 Mar 2022 11:35:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#52578] [PATCH v2 0/2] OpenLDAP service References: <e4b25a81bb9401c74aa5db6c47185efe@imap.univ-nantes.prive> In-Reply-To: <e4b25a81bb9401c74aa5db6c47185efe@imap.univ-nantes.prive> Resent-From: zimoun <zimon.toutoune@gmail.com> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 25 Mar 2022 15:35:02 +0000 Resent-Message-ID: <handler.52578.B52578.16482225014752@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52578 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 52578@debbugs.gnu.org Cc: jean-francois.guillaume@univ-nantes.fr, zimoun <zimon.toutoune@gmail.com> Received: via spool by 52578-submit@debbugs.gnu.org id=B52578.16482225014752 (code B ref 52578); Fri, 25 Mar 2022 15:35:02 +0000 Received: (at 52578) by debbugs.gnu.org; 25 Mar 2022 15:35:01 +0000 Received: from localhost ([127.0.0.1]:52210 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1nXlxt-0001ET-AM for submit@debbugs.gnu.org; Fri, 25 Mar 2022 11:35:01 -0400 Received: from mail-wr1-f52.google.com ([209.85.221.52]:40686) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <zimon.toutoune@gmail.com>) id 1nXlxr-0001EB-W8 for 52578@debbugs.gnu.org; Fri, 25 Mar 2022 11:35:00 -0400 Received: by mail-wr1-f52.google.com with SMTP id d7so11377770wrb.7 for <52578@debbugs.gnu.org>; Fri, 25 Mar 2022 08:34:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ckFW+jBDZWWP7hkzBbJZBnFGzc5ckAbYcsaMhQ6Zevs=; b=nFTEjZWYIJnT8zfFB/XXA523hcE6Sczbh5I96AEwxJ91jS8gmzuMEJP2mX4wFg0bzz /0YRA7zPqj+8BVfxcbEjHXUkc4D6Z8rQX/aOYVUsTHUmUk/L4D3C/p0U5DeBG2IXcv14 6MRvMgOh9xqsFO7jj9evXzUvwBxT+j901ALt1HkYC1ZShMwbqwSrLNdWkbQ5OajTezIM mQrCRb7AFHwY5Ux6L9paKN6esMkeYZ6MPaWWZwQ8tWO98/jwCoaUhZ9XEGnlY4RJAtHt 4LaO7EAMOynBCKTgGMdAjUWcBzukT4sNOc3nEZe9B+G/xxlQGtdg9RXXwg/oUFUPTsIt i8TQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ckFW+jBDZWWP7hkzBbJZBnFGzc5ckAbYcsaMhQ6Zevs=; b=r1Z/xQupQB6cVrkpiP5CWn1iuRACkwEHcxtZnvNOCI5cGv92nlNzv2aZp5QO3Jtj8C sZMYb6OphdWPMyy8GYQwWYC6hRbbR6t4ziVR3/H47C80tiYs2FOL8oNc4EivhgeR9dyk nK3bMyaNrDvrvflXn/I9P5dxsFNe2oLD6MfoS/Vz3V/IPql45Gt/+ntXXcRhtqtr8sHG tujHW/sb6ICUPLeJoOFEObGSCeHUHhKCsaDDsoRFwaLO7AEd/ToZGYTJVIPAvrpmO802 ErvOSSvNxBMTKb/7sWseo1GFPOR60ihtmlwh9uBIIyX0rjymqK5LhaVdDZixjKu98UkT CVSw== X-Gm-Message-State: AOAM530/TJqtcwEdbe10QVqVflA4k19fGeHu+b0F7wlrrLqa4j+DUlAL a14vCGfAIi4iO5M4cIfFSRXg5lSQ5NA= X-Google-Smtp-Source: ABdhPJx5M2reqksr7J5P4iCkWu5IBvcRoh9/bQXDoZdE39jqKBvyEVPtHess1tbA0g+dXplVKV5MyA== X-Received: by 2002:adf:df01:0:b0:203:d6f0:794b with SMTP id y1-20020adfdf01000000b00203d6f0794bmr9308512wrl.394.1648222494026; Fri, 25 Mar 2022 08:34:54 -0700 (PDT) Received: from localhost.localdomain ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id q16-20020adfea10000000b00203e0735791sm5360350wrm.39.2022.03.25.08.34.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 25 Mar 2022 08:34:53 -0700 (PDT) From: zimoun <zimon.toutoune@gmail.com> Date: Fri, 25 Mar 2022 16:34:39 +0100 Message-Id: <20220325153439.1478493-1-zimon.toutoune@gmail.com> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-getmail-retrieved-from-mailbox: Patches |
| Series |
OpenLDAP service
|
|
Message
Simon Tournier
March 25, 2022, 3:34 p.m. UTC
Hi, Sorry for the delay. Well, I am not convinced that the package 'openldap-for-services' is really required and perhaps the tweak of openldap-2.6 is enough. Moreover, do you need openssl instead of gnutls? I would be in favor to keep gnutls as the base package and if you absolutely need openssl, write a variant; along the proposed modify-inputs. About the old versions of openldap, I am going to send you a recipe for your own channel. I am not convinced that maintain such old variants makes sense at the Guix level. About the service, it still misses some documentation for the manual. And 'tests' would also be very welcome. :-) Note that gnu/tests/ldap.scm already some tests. Maybe this file could be updated with the new service. WDYT? Cheers, simon Jean-François Guillaume (1): DRAFT services: Add openldap service. zimoun (1): DRAFT gnu: Add openldap-for-services. gnu/packages/openldap.scm | 47 ++++++++++++++++++++++ gnu/services/openldap.scm | 84 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+) create mode 100644 gnu/services/openldap.scm base-commit: f76898be6ded531e459f106549886afbdc426a78
Comments
Hello, > Sorry for the delay. No worries, I must admit that I didn't have much time on hand to correct things on my side. > Well, I am not convinced that the package 'openldap-for-services' is > really > required and perhaps the tweak of openldap-2.6 is enough. It's only required if you have the need for a fully featured server like we do (we use this definition in our openldap cluster infrastructure). Given enough time, we will provides a stable repository and artifacts for our definitions. > Moreover, do you need openssl instead of gnutls? Nope, I just took the définition of the RHEL package and moved it into a guix format. > About the old versions of openldap, I am going to send you a recipe for > your > own channel. I am not convinced that maintain such old variants makes > sense > at the Guix level. I think we still have this old version because it's the version provided in .deb anb .rpm distributions. > About the service, it still misses some documentation for the manual. Yep, I still need to take the time to check how to do it. > And 'tests' would also be very welcome. :-) > Note that gnu/tests/ldap.scm already some tests. Maybe this file could > be > updated with the new service. From what I see, what is already present gnu/tests/ldap.scm should be sufficient. --- Cordialement, Jean-François GUILLAUME Plateforme Bioinformatique BiRD Tél. : +33 (0)2 28 08 00 57 www.pf-bird.univ-nantes.fr Inserm UMR 1087/CNRS UMR 6291 IRS-UN - 8 quai Moncousu - BP 70721 44007 Nantes Cedex 1
Hello, Damn, it’s been two years already since you submitted these OpenLDAP patches. 😱 You probably had problems with the NSS plugins to get LDAP user/group lookups working. I have good news: <https://issues.guix.gnu.org/70992> probably fixes that. (Besides, we should finally schedule some time to finish the reviewing effort of these patches that Simon started.) Ludo’.
Hi, On jeu., 16 mai 2024 at 23:08, Ludovic Courtès <ludovic.courtes@inria.fr> wrote: > (Besides, we should finally schedule some time to finish the reviewing > effort of these patches that Simon started.) Sorry, I have never felt confident about the service part. Yeah, it definitively needs some love. :-) Cheers, simon
Hello, > Damn, it’s been two years already since you submitted these OpenLDAP > patches. 😱 Well, damn the time fly fast... > You probably had problems with the NSS plugins to get LDAP user/group > lookups working. I have good news: <https://issues.guix.gnu.org/70992> > probably fixes that. We indeed had a problème with lookup, we did trace it back to the libnss-ldap not in the correct path. We are doing a quick and dirty fix for now using our rc-local service : > mount -o remount,rw /gnu/store > echo 'export LD_LIBRARY_PATH="/run/current-system/profile/lib"' >> > /run/current-system/profile/etc/profile > echo " " >> /run/current-system/profile/etc/profile > mount -o remount,ro /gnu/store Theses services indeed need some love, especially on the config file part. At glicid we are building it by using split files : > (define slapd-part-1a (call-with-input-file > "../common/conf/slapd-part-01-a.conf" get-string-all)) > (define openldap-modules-path (string-append "modulepath " (with-store > store (package-output store glicid:openldap)) "/libexec/openldap")) > (define slapd-part-1b (call-with-input-file > "../common/conf/slapd-part-01-b.conf" get-string-all)) > (define slapd-part-serverid (call-with-input-file > "./conf/serverID.conf" get-string-all)) > (define slapd-part-2 (call-with-input-file > "../common/conf/slapd-part-02.conf" get-string-all)) > (define slapd-part-syncrepl (call-with-input-file > "./conf/syncrepl.conf" get-string-all)) > (define slapd-part-3 (call-with-input-file > "../common/conf/slapd-part-03.conf" get-string-all)) > (define slapd-conf-file (plain-file "slapd-merged.conf" > (string-append slapd-part-1a > > openldap-modules-path > slapd-part-1b > slapd-part-serverid > slapd-part-2 > slapd-part-syncrepl > slapd-part-3))) But it definitively need some love to have a proper config file builder (way above my current guix/guile expertise). --- Cordialement, Jean-François GUILLAUME Ingénieur Systèmes, Réseaux, Virtualisation Plateforme Bioinformatique BiRD, GLiCID, Nantes Université, CHU Nantes, CNRS, Inserm, BioCore, US16, SFR Bonamy, F tél : 02-28-08-00-57 (320057) mail: Jean-Francois.Guillaume@univ-nantes.fr Bâtiment 06, IRS UN - 8 quai Moncousu - BP 70721 - 44007 Nantes Cedex 1 https://www.pf-bird.univ-nantes.fr/ https://clam.glicid.fr/ https://www.univ-nantes.fr/
Hi Jean-Francois, Jean-Francois GUILLAUME <Jean-Francois.Guillaume@univ-nantes.fr> skribis: >> You probably had problems with the NSS plugins to get LDAP user/group >> lookups working. I have good news: <https://issues.guix.gnu.org/70992> >> probably fixes that. > > We indeed had a problème with lookup, we did trace it back to the > libnss-ldap not in the correct path. We are doing a quick and dirty > fix for now using our rc-local service : Ah well, you’ll no longer need this hack. :-) > But it definitively need some love to have a proper config file > builder (way above my current guix/guile expertise). Yes, one of us should take a closer look. Thanks, Ludo’.