New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openldap: enable sha2 and pbkdf2 modules #79286
Conversation
@ju1m I suggest finding people that can review and approve this PR. Typically that's the maintainer(s) or other people that have made (recent) changes. |
@@ -51,9 +64,12 @@ stdenv.mkDerivation rec { | |||
|
|||
rm -rf $out/var | |||
rm -r libraries/*/.libs | |||
rm -r contrib/slapd-modules/passwd/*/.libs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a comment just above explaining it, which I'm naively following. Maybe this can be changed now that NixOS/patchelf#98 has been merged.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, I tried removing these three lines, but ran into
RPATH of binary /nix/store/3iwmkw16wvr5fcl7h3g49gh1jx5prsms-openldap-2.4.49/bin/ldapsearch contains a forbidden reference to /build/
So it's probably still necessary.
It seems |
I've only tested it on my live system. But I've disabled it last February because it triggered the local build of too many reverse dependencies each time I was upgrading nixpkgs, which I could not afford.
|
Okay, let's merge this. If this unexpectedly breaks anything, it can be fixed in a follow-up PR. |
This breaks openldap on darwin #88634 |
Motivation for this change
Being able to bind to LDAP using a SHA2 or PBKDF2 scheme in
userPassword
.Things done
Build and install
contrib/slapd-modules/passwd/{sha2,pbkdf2}/
already released within OpenLDAP.sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)