"Fossies" - the Fresh Open Source Software Archive

Member "nss_ldap-265/README" (6 Nov 2009, 5584 Bytes) of package /linux/privat/old/nss_ldap-265.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 
    2 LDAP NAMESERVICE SWITCH LIBRARY
    3 ===============================
    4 
    5 This is the nss_ldap library, an LDAP module for the Solaris Nameservice
    6 Switch (NSS), the GNU libc NSS, and the ISC BIND IRS (used on BSDI
    7 and IRS).
    8 
    9 The LDAP schema used is described in RFC 2307
   10 
   11 Insert this:
   12 
   13 passwd:     files nis ldap
   14 group:      files nis ldap
   15 
   16 or something similar in /etc/nsswitch.conf.
   17 
   18 The source code is distributed under the GNU General Library Public Licence
   19 (see COPYING.LIB). 
   20 
   21 Platforms this has been built under:
   22 
   23 	o Linux
   24 	o Solaris 2.4, 2.6, 7, 8, 9, 10
   25 	o FreeBSD BIND 8.x (not useful unless you recompile libc)
   26 	o AIX 4.3.3 with IRS
   27 
   28 If you are willing to use an older, and possibly buggy, version
   29 of nss_ldap, you *might* find patches to get it to work with the
   30 "real" FreeBSD nsswitch at http://www.nectar.com/freebsd/nsswitch.
   31 
   32 To install:
   33 
   34 % ./configure
   35 % make
   36 % make install
   37 
   38 NB: you need to use GNU make! (often called gmake or gnumake)
   39 
   40 1. Installation
   41 ---------------
   42 
   43 You need to ensure libnss_ldap.so.1 (or nss_ldap.so.1, for Solaris) is in
   44 /usr/lib.
   45 
   46 2. Building shared LDAP client libraries
   47 ----------------------------------------
   48 
   49 You can build a position independent LDAP client library by compiling
   50 -fPIC and linking with -shared, or downloading the Mozilla or Netscape
   51 LDAP SDKs. Note that OpenLDAP only appears to build shared libraries
   52 on some platforms (apparently not Solaris?). To build these, configure
   53 with --enable-shared.
   54 
   55 Q: Using the Netscape LDAP library with pam_ldap on Solaris 8
   56 - aka Solaris 2.8 - fails to link properly! David Begley writes:
   57 
   58 There are two releases of the Netscape LDAP library, one marked
   59 for Solaris 8 and the other marked for Solaris 2.6 - the additional
   60 catch is that the Solaris 8 library is a 64-bit library (this is marked
   61 on Netscape's site) whilst the other is a 32-bit library.
   62 
   63 It doesn't matter if you have a 64-bit UltraSPARC processor running
   64 the 64-bit Solaris kernel, if your compiler only works with 32-bit
   65 objects then it won't successfully link the 64-bit Solaris 8
   66 Netscape LDAP library.
   67 
   68 GCC (up to version 2.95.2) does not work properly with 64-bit objects
   69 under Solaris, so just use the Solaris 2.6 (32-bit) Netscape LDAP
   70 library and everything should be fine.
   71 
   72 Q: Can I use a third-party client LDAP library (such as Netscape's)
   73 on Solaris 7? David Begley writes:
   74 
   75 Yes, but if you have the Solaris 7 LDAP library installed (package
   76 SUNWlldap or SUNWldapx) configure will find it before the third-party
   77 library - in this case, you can't rely on the auto-lib-type detection of
   78 configure and must use the "--with-ldap-lib=" parameter.
   79 
   80 Q: Why does linking fail on Solaris 2.6 (complaining about
   81 relocations remaining against libcrypt)? David Begley
   82 writes:
   83 
   84 In short, the problem is that GCC is looking for a shared libcrypt
   85 (in response to the "--shared" parameter) which doesn't exist on
   86 Solaris 2.6 (but does on Solaris 7).  The fix is quite simple, use
   87 "-G" instead of "--shared" (could this be a GCC bug?).  This change
   88 should already be included in newer versions of pam_ldap.
   89 
   90 It doesn't look like libcrypt is even needed if you're using the
   91 Netscape LDAP client library (maybe it's required for OpenLDAP?).
   92 
   93 Scott M. Stone <sstone@foo3.com> writes:
   94 Your openldap libs *and* your SSL/RSAREF libs must be DYNAMIC LIBRARIES
   95 or neither nss_ldap nor pam_ldap will work.  
   96 
   97 3. glibc 2.0 compatibility
   98 --------------------------
   99 
  100 Current versions of the nss_ldap library are designed to work with
  101 glibc 2.1, not glibc 2.0. They _may_ work with glibc 2.0. YMMV.
  102 
  103 4. RFC2307BIS
  104 -------------
  105 
  106 Compiling with -DRFC2307BIS adds rfc2307bis support, which at the
  107 moment just gets you support for groups with distinguished name
  108 members (instead of login names). A posixGroup can thus have the
  109 both memberUid and uniqueMember attributes.
  110 
  111 5. Building under FreeBSD
  112 -------------------------
  113 
  114 Here's what I do to build it under FreeBSD. You will need to
  115 link it into libbind.a for it actually to be useful.
  116 
  117 CPPFLAGS="-I/usr/local/include -I/usr/local/include/bind -DPIC"
  118 export CPPFLAGS
  119 CFLAGS=$CPPFLAGS # this is weird
  120 export CFLAGS
  121 LDFLAGS="-L/usr/local/lib"
  122 LIBS="-lbind_r -lgnuregex -lsasl -lkrb"
  123 export LDFLAGS LIBS
  124 ./configure
  125 make
  126 
  127 6. Solaris, shadowAccount
  128 -------------------------
  129 
  130 Joerg Paysen notes:
  131 
  132 > I think its extremly important that you have a
  133 > /etc/shadow file so that an ObjectClass shadowAccount
  134 > will be created in the ldap database. My experience is
  135 > that without shadowAccount nss_ldap does not work on
  136 > solaris!!
  137 
  138 http://bugzilla.padl.com/show_bug.cgi?id=287
  139 
  140 After some testing of the patch I have found out that programs were crashing 
  141 on exit. There is another way to fix this problem, which is also much more 
  142 elegant: just link the nss_ldap library with ld -z nodelete, then the nss_ldap 
  143 library won't be unmapped when it is dlclosed. Works like a charm and doesn't 
  144 leak any sockets.
  145 
  146 7. Secret file
  147 --------------
  148 
  149 If using /etc/ldap.secret, it must have a newline at the end
  150 of the secret.
  151 
  152 8. Mailing lists
  153 ----------------
  154 
  155 To discuss nss_ldap and related technologies, you may
  156 subscribe to the following mailing lists:    
  157 
  158         <URL:mailto:nssldap-request@padl.com>
  159 and
  160         <URL:mailto:ldap-nis-request@padl.com>
  161 
  162 Send an electronic mail message with "subscribe" in the
  163 message body to join the list.
  164 
  165 9. Commercial support
  166 ---------------------
  167 
  168 Note that PADL now offer commercial support on a
  169 per-incident basis.      
  170 
  171 To request a support incident, send email to: nssldap-support@padl.com
  172 
  173 --
  174 PADL Software Pty Ltd
  175 nssldap-support@padl.com
  176 http://www.padl.com/
  177