[PATCH] updating openldap and adding service definition

2.5.8, 2.5.9

---

gnu/packages/openldap.scm | 148 ++++++++++++++++++++++++++++++++++++++

gnu/services/openldap.scm | 87 ++++++++++++++++++++++

2 files changed, 235 insertions(+)

create mode 100644 gnu/services/openldap.scm

--

2.30.2

Hi,

A single "--disable-static" should be suficient.

"ac_cv_func_memcmp_working=yes")

is this speculation on what's necessary for cross-compilation, or has

it been determined these flags are necessary?

Why?

This is the default, no need to mention it.

You can use ,(cc-for-target) here. Also, CC can be set in #:make-flags.

Protocol")

Lightweight Directory Access Protocol.")

That's a very terse description --- is it a server, a client

application, programming APIs for communicating with a server, or all

of these? Also, no need to mention it's free, everything in Guix is

free.

What's the reason for defining multiple versions of openldap?

Usually, it is only necessary to keep the latest version of a package

(with some rare exceptions).

A copyright + license header is missing, and this file needs to be

added to Makefile.am (or local.mk, I'm not sure about the details).

This seems unlikely to compile, what's the space doing here?

Something I'm missing here, is some documentation. As it is, this

openldap service isn't documented anywhere, so nobody would figure out

it even exists, unless they search in the source code.

As-is, this service would be run as root, which is very suboptimal from

a security perspective. Consider running it as a separate user & group,

and if feasible in a container (the latter is optional but would be

great).

I don't see the point in making this customisable.

Why would anyone want to change the log locations or location of the

pid file? Unless there's some compelling reason otherwise, I'd prefer

to keep complexity down by not making this configurable.

Allowing writing the configuration with configuration records would be

preferred (with an 'extra-content'-style escape hatch, because it would

probably be infeasible to support every single configuration option of

openldap, but some basic options like ‘which network port to bind to’

should be configurable in Scheme).

This service probably requires a network interface, so loopback might

be required. Also, why is user-processes included? I know many services

include it, but it doesn't appear to be documented anywhere when user-

processes must be added to 'requirement'.

These parentheses are lonely, consider moving the parenthese to right

after openldap-service-type, to keep the style consistent in Guix.

Greetings,

Maxime.

Hi,

guix

What do you mean with ‘does not work inside guix’?

A failing test, a missing test dependency, ...?

If it doesn't work, then it should be fixed if feasible

-- test suites exist for a reason!

And if it is a failing test, that would mean the test suite caught a

bug, so in that case, the test suite is succeeding in its purpose, not

failing.

Greetings,

Maxime

Hi Jean-François,

Nice to see you here. :-)

Various comments for improving the submission.

On Fri, 17 Dec 2021 at 14:52, Jean-Francois GUILLAUME <Jean-Francois.Guillaume@univ-nantes.fr> wrote:

I would split: one commit for adding a big openldap and another for

adding the service. WDYT?

(I have not looked yet to the service.)

Why the mirror list had been removed?

This is new, right?

As it is currently and already done in gnu/packages/openldap.scm, to

ease the reading, this long string could be slip as,

(See below for details if many variants are required.)

Currently, openldap@2.4.57 is built using (reformatted by me to ease the

comparison):

Aside the new style vs the old style which is a detail, are these lists

expanded because the version bump or because more OpenLDAP is built

using more features?

It was already off, but I do not understand the new comment. Well,

maybe this commentary is not necessary.

This is a lot more. :-) Therefore, the question is: is it better

- to have only one BIG openldap package?

- or to have one minimal openldap and a bigger variant?

Well, “guix refresh -l openldap” answers for us. ;-)

I propose to keep openldap@2.4.57 minimal, as it currently is, and use

’inherit’ to build BIG ’openldap@2.6.0.’ and variants.

This is not necessary because it is the default.

A minor comment, usually, we do:

instead of all these closing parens, each on one line.

Using ’inherit’, this is even probably not required. :-)

Do you need all these variants? If yes, it could be nice to have,

instead of copy/paste all, something like:

(Untested though. :-)))

Cheers,

simon

Hi Maxime,

The package ’openldap’ already exists and some of your comments ask

about the existing recipe. :-)

I think Jean-François just copy/pasted the current recipe and expand it

for their own requirements: having the service they need, IIUC.

On Fri, 17 Dec 2021 at 22:39, Maxime Devos <maximedevos@telenet.be> wrote:

This bits had been added by Mathieu 1c8b1870a60de12f6c19d809522f5d8362215131.

This one too.

Again this one.

This description is from 2013, 2a75d4e664e802d3a3e2ed6455c63f32541559c8. ;-)

Your comments about the package itself make sense but I am not convinced

that they are related to the first Jean-François submission. :-)

Cheers,

simon

Hi,

Indeed, copy-paste from our local repository went wrong.

These were necessary with the old autoconf in <= 2.5 realeases. It's

mostly a leftover from the older definition already in guix.

Stripping was sometime leading to crash of the build on my side.

True, leftover from when i needed the build to be monothread to see

where it failed.

Ok, i will look into it.

I'll be honest, it's a copy-paste from the already defined package. I'll

update it to be more meaningfull.

This is mostly another case of copy-paste from our local repository went

wrong.

Ok, i will look into it.

Well, we use this in our local guix infrastructure and it doesn't

complain, nor does our building of ldap server vms with guix system

build.

True, forgot about this, my bad. Could you please point me to an example

?

True, i'll try to get it work with it's own user and group.

This allow us to run multiple instance of this service on the same

machine (granted you also change the storage directory slapd.conf).

Well this is beyond my current abilities.

True. From my understanding, when you reach user-processes you're in the

late stage of booting your system and everything network-wise should be

available.

Leftovers from our local repo, we rely a bit to much on indentation to

help us have a better view of where blocks start and stop.

For some strange reasons, when the tests are run by guix build they do

not properly clean after each steps and ends up failing. If you do the

same inside a guix environment test work properly. And i think some

tests need some kinds of network connection but that could be on another

package.

Sorry for the messy patch.

Best,

--

Cordialement,

Jean-François GUILLAUME

Plateforme Bioinformatique BiRD

Tél. : +33 (0)2 28 08 00 57

www.pf-bird.univ-nantes.fr

Inserm UMR 1087/CNRS UMR 6291

IRS-UN - 8 quai Moncousu - BP 70721

44007 Nantes Cedex 1

Hi Maxime,

Indeed, copy-paste from our local repository went wrong.

These were necessary with the old autoconf in <= 2.5 realeases. It's

mostly a leftover from the older definition already in guix.

Stripping was sometime leading to crash of the build on my side.

True, leftover from when i needed the build to be monothread to see

where it failed.

Ok, i will look into it.

I'll be honest, it's a copy-paste from the already defined package. I'll

update it to be more meaningfull.

This is mostly another case of copy-paste from our local repository went

wrong.

Ok, i will look into it.

Well, we use this in our local guix infrastructure and it doesn't

complain, nor does our building of ldap server vms with guix system

build.

True, forgot about this, my bad. Could you please point me to an example

?

True, i'll try to get it work with it's own user and group.

This allow us to run multiple instance of this service on the same

machine (granted you also change the storage directory slapd.conf).

Well this is beyond my current abilities.

True. From my understanding, when you reach user-processes you're in the

late stage of booting your system and everything network-wise should be

available.

Leftovers from our local repo, we rely a bit to much on indentation to

help us have a better view of where blocks start and stop.

For some strange reasons, when the tests are run by guix build they do

not properly clean after each steps and ends up failing. If you do the

same inside a guix environment test work properly. And i think some

tests need some kinds of network connection but that could be on another

package.

Sorry for the messy patch.

Best,

---

Cordialement,

Jean-François GUILLAUME

Plateforme Bioinformatique BiRD

Tél. : +33 (0)2 28 08 00 57

www.pf-bird.univ-nantes.fr

Inserm UMR 1087/CNRS UMR 6291

IRS-UN - 8 quai Moncousu - BP 70721

44007 Nantes Cedex 1

Hi Simon,

Thanks :)

Angain, thank you. I'll glady take on these as i've other packages to

contribute.

As you wish, i must admit i was kind of lazy and wanted to provide

everything in one go.

It's still using a mirror list, i've tried to select a few on each

region of th e world on openldap's download page.

Well, i found it more easy to read on one line but it's true that i use

a wide terminal. I can change it, no problems.

With his definition you can now run a fully featured openldap server. We

were missing quite a few features when using the 2.4.57 version (which

is nearly only the client tools).

My bad, leftovers from our local repo. For some strange reasons, when

the tests are run by guix build they do not properly clean after each

steps and ends up failing. If you do the same inside a guix environment

they work properly. And i think some tests need some kinds of network

connection but that could be on another package.

Indeed, need quite a lot to get a fully featured server.

As you wish either work for me. I can also do a "-minimal" version with

only what is needed to get a client version and a "-full" version to get

a fully featured server.

OK.

Leftovers from our local repo, we rely a bit to much on indentation to

help us have a better view of where blocks start and stop.

This is mostly another case of copy-paste from our local repository went

wrong.

Initially i intended to provide only the latests versions for 2.6.x and

2.5.x and keeping 2.4.57 from compatibility reasons.

While doing the definitions, i was wondering how i could provide only

the hash and the version, guess i'll try your solution :)

Best,

---

Cordialement,

Jean-François GUILLAUME

Plateforme Bioinformatique BiRD

Tél. : +33 (0)2 28 08 00 57

www.pf-bird.univ-nantes.fr

Inserm UMR 1087/CNRS UMR 6291

IRS-UN - 8 quai Moncousu - BP 70721

44007 Nantes Cedex 1

Hi,

Sorry for the delay.

Well, I am not convinced that the package 'openldap-for-services' is really

required and perhaps the tweak of openldap-2.6 is enough.

Moreover, do you need openssl instead of gnutls? I would be in favor to keep

gnutls as the base package and if you absolutely need openssl, write a

variant; along the proposed modify-inputs.

About the old versions of openldap, I am going to send you a recipe for your

own channel. I am not convinced that maintain such old variants makes sense

at the Guix level.

About the service, it still misses some documentation for the manual. And

'tests' would also be very welcome. :-)

Note that gnu/tests/ldap.scm already some tests. Maybe this file could be

updated with the new service.

WDYT?

Cheers,

simon

Jean-François Guillaume (1):

DRAFT services: Add openldap service.

zimoun (1):

DRAFT gnu: Add openldap-for-services.

gnu/packages/openldap.scm | 47 ++++++++++++++++++++++

gnu/services/openldap.scm | 84 +++++++++++++++++++++++++++++++++++++++

2 files changed, 131 insertions(+)

create mode 100644 gnu/services/openldap.scm

base-commit: f76898be6ded531e459f106549886afbdc426a78

--

2.34.0

Co-Authored-By: Jean-François Guillaume <jean-francois.guillaume@univ-nantes.fr>.

---

gnu/packages/openldap.scm | 47 +++++++++++++++++++++++++++++++++++++++

1 file changed, 47 insertions(+)

(openldap-shepherd-service): New procedure.

(%openldap-activation, openldap-service-type): New variable.

---

gnu/services/openldap.scm | 84 +++++++++++++++++++++++++++++++++++++++

1 file changed, 84 insertions(+)

create mode 100644 gnu/services/openldap.scm

Hello,

No worries, I must admit that I didn't have much time on hand to correct

things on my side.

It's only required if you have the need for a fully featured server like

we do (we use this definition in our openldap cluster infrastructure).

Given enough time, we will provides a stable repository and artifacts

for our definitions.

Nope, I just took the définition of the RHEL package and moved it into

a guix format.

I think we still have this old version because it's the version provided

in .deb anb .rpm distributions.

Yep, I still need to take the time to check how to do it.

From what I see, what is already present gnu/tests/ldap.scm should be

sufficient.

---

Cordialement,

Jean-François GUILLAUME

Plateforme Bioinformatique BiRD

Tél. : +33 (0)2 28 08 00 57

www.pf-bird.univ-nantes.fr

Inserm UMR 1087/CNRS UMR 6291

IRS-UN - 8 quai Moncousu - BP 70721

44007 Nantes Cedex 1