"Fossies" - the Fresh Open Source Software Archive 
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
1
2 LDAP NAMESERVICE SWITCH LIBRARY
3 ===============================
4
5 This is the nss_ldap library, an LDAP module for the Solaris Nameservice
6 Switch (NSS), the GNU libc NSS, and the ISC BIND IRS (used on BSDI
7 and IRS).
8
9 The LDAP schema used is described in RFC 2307
10
11 Insert this:
12
13 passwd: files nis ldap
14 group: files nis ldap
15
16 or something similar in /etc/nsswitch.conf.
17
18 The source code is distributed under the GNU General Library Public Licence
19 (see COPYING.LIB).
20
21 Platforms this has been built under:
22
23 o Linux
24 o Solaris 2.4, 2.6, 7, 8, 9, 10
25 o FreeBSD BIND 8.x (not useful unless you recompile libc)
26 o AIX 4.3.3 with IRS
27
28 If you are willing to use an older, and possibly buggy, version
29 of nss_ldap, you *might* find patches to get it to work with the
30 "real" FreeBSD nsswitch at http://www.nectar.com/freebsd/nsswitch.
31
32 To install:
33
34 % ./configure
35 % make
36 % make install
37
38 NB: you need to use GNU make! (often called gmake or gnumake)
39
40 1. Installation
41 ---------------
42
43 You need to ensure libnss_ldap.so.1 (or nss_ldap.so.1, for Solaris) is in
44 /usr/lib.
45
46 2. Building shared LDAP client libraries
47 ----------------------------------------
48
49 You can build a position independent LDAP client library by compiling
50 -fPIC and linking with -shared, or downloading the Mozilla or Netscape
51 LDAP SDKs. Note that OpenLDAP only appears to build shared libraries
52 on some platforms (apparently not Solaris?). To build these, configure
53 with --enable-shared.
54
55 Q: Using the Netscape LDAP library with pam_ldap on Solaris 8
56 - aka Solaris 2.8 - fails to link properly! David Begley writes:
57
58 There are two releases of the Netscape LDAP library, one marked
59 for Solaris 8 and the other marked for Solaris 2.6 - the additional
60 catch is that the Solaris 8 library is a 64-bit library (this is marked
61 on Netscape's site) whilst the other is a 32-bit library.
62
63 It doesn't matter if you have a 64-bit UltraSPARC processor running
64 the 64-bit Solaris kernel, if your compiler only works with 32-bit
65 objects then it won't successfully link the 64-bit Solaris 8
66 Netscape LDAP library.
67
68 GCC (up to version 2.95.2) does not work properly with 64-bit objects
69 under Solaris, so just use the Solaris 2.6 (32-bit) Netscape LDAP
70 library and everything should be fine.
71
72 Q: Can I use a third-party client LDAP library (such as Netscape's)
73 on Solaris 7? David Begley writes:
74
75 Yes, but if you have the Solaris 7 LDAP library installed (package
76 SUNWlldap or SUNWldapx) configure will find it before the third-party
77 library - in this case, you can't rely on the auto-lib-type detection of
78 configure and must use the "--with-ldap-lib=" parameter.
79
80 Q: Why does linking fail on Solaris 2.6 (complaining about
81 relocations remaining against libcrypt)? David Begley
82 writes:
83
84 In short, the problem is that GCC is looking for a shared libcrypt
85 (in response to the "--shared" parameter) which doesn't exist on
86 Solaris 2.6 (but does on Solaris 7). The fix is quite simple, use
87 "-G" instead of "--shared" (could this be a GCC bug?). This change
88 should already be included in newer versions of pam_ldap.
89
90 It doesn't look like libcrypt is even needed if you're using the
91 Netscape LDAP client library (maybe it's required for OpenLDAP?).
92
93 Scott M. Stone <sstone@foo3.com> writes:
94 Your openldap libs *and* your SSL/RSAREF libs must be DYNAMIC LIBRARIES
95 or neither nss_ldap nor pam_ldap will work.
96
97 3. glibc 2.0 compatibility
98 --------------------------
99
100 Current versions of the nss_ldap library are designed to work with
101 glibc 2.1, not glibc 2.0. They _may_ work with glibc 2.0. YMMV.
102
103 4. RFC2307BIS
104 -------------
105
106 Compiling with -DRFC2307BIS adds rfc2307bis support, which at the
107 moment just gets you support for groups with distinguished name
108 members (instead of login names). A posixGroup can thus have the
109 both memberUid and uniqueMember attributes.
110
111 5. Building under FreeBSD
112 -------------------------
113
114 Here's what I do to build it under FreeBSD. You will need to
115 link it into libbind.a for it actually to be useful.
116
117 CPPFLAGS="-I/usr/local/include -I/usr/local/include/bind -DPIC"
118 export CPPFLAGS
119 CFLAGS=$CPPFLAGS # this is weird
120 export CFLAGS
121 LDFLAGS="-L/usr/local/lib"
122 LIBS="-lbind_r -lgnuregex -lsasl -lkrb"
123 export LDFLAGS LIBS
124 ./configure
125 make
126
127 6. Solaris, shadowAccount
128 -------------------------
129
130 Joerg Paysen notes:
131
132 > I think its extremly important that you have a
133 > /etc/shadow file so that an ObjectClass shadowAccount
134 > will be created in the ldap database. My experience is
135 > that without shadowAccount nss_ldap does not work on
136 > solaris!!
137
138 http://bugzilla.padl.com/show_bug.cgi?id=287
139
140 After some testing of the patch I have found out that programs were crashing
141 on exit. There is another way to fix this problem, which is also much more
142 elegant: just link the nss_ldap library with ld -z nodelete, then the nss_ldap
143 library won't be unmapped when it is dlclosed. Works like a charm and doesn't
144 leak any sockets.
145
146 7. Secret file
147 --------------
148
149 If using /etc/ldap.secret, it must have a newline at the end
150 of the secret.
151
152 8. Mailing lists
153 ----------------
154
155 To discuss nss_ldap and related technologies, you may
156 subscribe to the following mailing lists:
157
158 <URL:mailto:nssldap-request@padl.com>
159 and
160 <URL:mailto:ldap-nis-request@padl.com>
161
162 Send an electronic mail message with "subscribe" in the
163 message body to join the list.
164
165 9. Commercial support
166 ---------------------
167
168 Note that PADL now offer commercial support on a
169 per-incident basis.
170
171 To request a support incident, send email to: nssldap-support@padl.com
172
173 --
174 PADL Software Pty Ltd
175 nssldap-support@padl.com
176 http://www.padl.com/
177