On Wed, Jun 03, 2020 at 07:06:28AM -0500, Lucas Raab wrote: > On Wed, Jun 03, 2020 at 12:56:00PM +0100, Stuart Henderson wrote: > > On 2020/06/03 06:02, Lucas Raab wrote: > > > On Wed, Jun 03, 2020 at 08:19:40AM +0200, Landry Breuil wrote: > > > > On Tue, Jun 02, 2020 at 05:01:06PM -0500, Lucas Raab wrote: > > > > > Hello, > > > > > > > > > > Here are three new ports, two deps, and the one piece de resistance, > > > > > web2ldap. > > > > > > > > > > sysutils/web2ldap - web-based LDAP client > > > > > devel/py-xlwt - dep for exporting LDAP query results as XLS files > > > > > devel/py-ldap0 - web2ldap's interface to the OpenLDAP libraries > > > > > > > > > > The author of web2ldap and py-ldap0 has been very responsive to some > > > > > questions I had a few months ago and accepted a change to make it > > > > > easier to manage on the BSDs as a whole. > > > > > > > > > > More information here: https://web2ldap.de/ > > > > > Project upstream here: https://gitlab.com/ae-dir/web2ldap > > > > > > > > > > I've been using this in my own tree for several months now with no > > > > > issues. That being said, I hope I didn't get complacent in the > > > > > submission. > > > > > > > > > > Completely understand if this is too niche to warrant being included > > > > > in > > > > > the tree. If not so terribly niche, feedback? > > > > > > > > That looks interesting and a very complete ldap client/admin tool. Will > > > > have to try it on some of my servers, but some porting nits first: > > > > > > > > - WANTLIB = python3.7m -> use ${MODPY_WANTLIB} > > > > - use MODPY_EGG_VERSION in web2ldap, this way it gets substituted in the > > > > PLIST > > > > > > See above about complacency :) I'll get those updated. > > > > > > > - are *all* those @sample required in ${SYSCONFDIR}/web2ldap ? that > > > > looks > > > > a lot. > > > > > > I suppose not. I was going for a `pkg_add web2ldap` and > > > `rcctl start web2ldap` style where moving files around was already > > > sorted out for the user. Being too helpful there? It is rather a lot of > > > files to manage in the PLIST... > > > > Rather than putting files in share/examples/web2ldap/templates and > > @sample'ing them across, another option is to put them in > > share/web2ldap/templates and installing a symlink at pkg_add time, > > something like this should work (untested): > > > > @exec-add [ -e ${SYSCONFDIR}/web2ldap ] || ln -s > > %D/share/web2ldap/templates ${SYSCONFDIR}/web2ldap/ > > > > That allows using the templates directory by default, but still > > allows pointing the link elsewhere if you want to customise them. > > > > tls/ca-bundle.pem should just use the system file instead, > > /etc/ssl/cert.pem (_don't_ use ${SYSCONFDIR} for that one). > > Got it, I'll give that a whirl. Thanks! > > > > > > > - instead of using 'nobody', create a new separate user for the daemon, > > > > look for examples in other ports' PLIST (@newuser/@newgroup, + > > > > db/user.list line) > > > > > > My rationale here was that there aren't any files that an extra user > > > would need to own for web2ldap to run. Using nobody seemed the simplest > > > approach to nulling out any privileges for the service to work. > > > > "nobody" is absolutely not allowed. > > > > $ getent passwd nobody > > nobody:*:32767:32767:Unprivileged user for NFS:/nonexistent:/sbin/nologin > > > Aha, that makes sense now. Consider myself chastised :) >
Updated ports attached. Changes: * py-ldap0 WANTLIB to use $(MODPY_WANTLIB} instead * use MODPY_EGG_VERSION in place of $V for web2ldap * new user _web2ldap to run the service * I backed off a bit from the two step install. I included a README to instruct the user to copy the template folder over. The templates can be customized, new ones added, etc so it didn't seem right to do a symlink. Thoughts? * Looking in hosts.py, the ca-bundle.pem file isn't specifically referenced. Instead, I added some words to the README mentioning that if a user needs to connect to TLS enabled servers, then he/she should point to /etc/ssl/cert.pem (unless otherwise needed). I forgot that that's what I ended up doing, looking at my own configuration.
web2ldap.tgz
Description: Binary data
