"Fossies" - the Fresh Open Source Software Archive

Member "nss_ldap-265/doc/README.IRS" (6 Nov 2009, 9973 Bytes) of package /linux/privat/old/nss_ldap-265.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 
    2 Using nss-ldap with BIND/IRS under FreeBSD / Quick'n'Dirty guide
    3 ================================================================
    4 
    5 [ Notes by Luke Howard <lukeh@padl.com> Sep 2001 ]
    6 
    7 Emile's patch was a little unclean, and I'm not able to generate
    8 a clean diff, so here is a list of the modifications you need to
    9 make to the IRS to get things to compile "right". You will 
   10 need to apply these diffs by hand, sorry.
   11 
   12 - Add a prototype to irs/gen.c:
   13 
   14   struct irs_acc *irs_ldap_acc(const char *);
   15 
   16 - Edit gen.c and add "ldap" to the two stanzas, I suggest between
   17   irs_nis and irs_irp.
   18 
   19 diff -u --recursive --new-file bind/src/lib/irs/gen.c bind-nss/src/lib/irs/gen.c
   20 --- bind/src/lib/irs/gen.c      Wed Oct 13 18:39:29 1999
   21 +++ bind-nss/src/lib/irs/gen.c  Fri Sep  1 15:31:09 2000
   22 @@ -66,6 +66,7 @@
   23         { "local", irs_lcl },
   24         { "dns", irs_dns },
   25         { "nis", irs_nis },
   26 +       { "ldap", irs_ldap },
   27         { "irp", irs_irp },
   28         { NULL, irs_nacc }
   29  };
   30 
   31 and also:
   32 
   33 @@ -80,6 +81,7 @@
   34  #else
   35         NULL,
   36  #endif
   37 +       irs_ldap_acc,
   38         irs_irp_acc,
   39         NULL
   40  };
   41 
   42 - Edit gen_p.h and add irs_ldap between irs_nis and irs_irp:
   43 
   44 diff -u --recursive --new-file bind/src/lib/irs/gen_p.h bind-nss/src/lib/irs/gen_p.h
   45 --- bind/src/lib/irs/gen_p.h    Mon Jan 18 08:46:50 1999
   46 +++ bind-nss/src/lib/irs/gen_p.h        Fri Sep  1 15:31:23 2000
   47 @@ -43,6 +43,7 @@
   48         irs_lcl,        /* Local. */
   49         irs_dns,        /* DNS or Hesiod. */
   50         irs_nis,        /* Sun NIS ("YP"). */
   51 +       irs_ldap,       /* LDAP */
   52 
   53 - Edit the Makefile and add the full path to each object file
   54   in nss_ldap, eg:
   55 
   56 diff -u --recursive --new-file bind/src/lib/irs/Makefile bind-nss/src/lib/irs/Makefile
   57 --- bind/src/lib/irs/Makefile   Mon Feb 22 03:47:58 1999
   58 +++ bind-nss/src/lib/irs/Makefile       Thu Aug 31 18:18:52 2000
   59 @@ -42,6 +42,8 @@
   60  INSTALL_LIB=-o bin -g bin
   61  THREADED= threaded
   62 
   63 +LDAP=/usr/local/src/nss_ldap
   64 +
   65  SRCS=  dns.c dns_gr.c dns_ho.c dns_nw.c dns_pr.c dns_pw.c \
   66         dns_sv.c gai_strerror.c gen.c gen_gr.c gen_ho.c \
   67         gen_ng.c gen_nw.c gen_pr.c gen_pw.c gen_sv.c \
   68 @@ -70,7 +72,12 @@
   69         lcl.${O} lcl_gr.${O} \
   70         lcl_ho.${O} lcl_ng.${O} lcl_nw.${O} lcl_pr.${O} lcl_pw.${O} \
   71         lcl_sv.${O} nis.${O} nis_gr.${O} nis_ho.${O} nis_ng.${O} nis_nw.${O} \
   72 -       nis_pr.${O} nis_pw.${O} nis_sv.${O} nul_ng.${O} util.${O}
   73 +       nis_pr.${O} nis_pw.${O} nis_sv.${O} nul_ng.${O} util.${O} \
   74 +       ${LDAP}/ldap-nss.o ${LDAP}/ldap-pwd.o ${LDAP}/ldap-grp.o \
   75 +       ${LDAP}/ldap-hosts.o ${LDAP}/ldap-network.o ${LDAP}/ldap-proto.o \
   76 +       ${LDAP}/ldap-service.o ${LDAP}/util.o ${LDAP}/globals.o \
   77 +       ${LDAP}/ltf.o ${LDAP}/resolve.o ${LDAP}/dnsconfig.o ${LDAP}/irs-nss.o \
   78 +       ${LDAP}/snprintf.o
   79 
   80 [ Instructions from Emile Heitor <eheitor@isdnet.net> ]
   81 
   82 Tested under FreeBSD 4.1, but should work under 3.x & 4.x.
   83 
   84 o Get nss_ldap (http://www.padl.com/nss_ldap.html)
   85 o Get bind-8.2.2p5 (http://www.isc.org)
   86 
   87 nss_ldap includes a patch to IRS in irs-nss.diff.
   88 
   89 then:
   90 
   91 tar zxvf nss_ldap-115.tar.gz
   92 mkdir bind-nss
   93 cd bind-nss
   94 tar zxvf ../bind-src.tar.gz
   95 patch -p1 < ../irs-nss.diff
   96 cd src
   97 make depend
   98 cd ../../nss_ldap
   99 
  100 At this point, you may modify Makefile's TOP variable to suit to your
  101 needs. Quit/Save.
  102 
  103 make clean && make
  104 cd ../bind-nss/src
  105 make all
  106 
  107 Ok, I know about nslookup's warnings and errors here, this is because of
  108 newly linked nss-ldap stuff, just ignore it if you plan to use only
  109 libbind for its IRS feature ( hey, I said "Quick'n'Dirty ;) ).
  110 This will be cleaner very soon, i.e. when I'll make it a dynamic library
  111 & will work around bind Makefiles.
  112 
  113 See if it works !
  114 =================
  115 
  116 Launch an LDAP server with your favourite data inside, then compile the
  117 following :
  118 
  119 [cut here]
  120 /* NSS-LDAP use exemple code */
  121 
  122 #include <sys/types.h>
  123 #include <pwd.h>
  124 
  125 int main(int argc, char **argv) {
  126 
  127   struct passwd *pw;
  128   
  129   if (argc < 2 ) {
  130     printf("bad arg number\n");
  131     return(1);
  132   }
  133   
  134   pw=getpwnam(argv[1]);
  135 
  136   if (!pw)
  137     printf("Failure\n", argv[1]);
  138   else
  139     printf("getpwnam return value:\n%s\ns%s\n",
  140            pw->pw_name, pw->pw_passwd);
  141 
  142   return(0);
  143 }
  144 [cut here]
  145 
  146 With the following Makefile :
  147 ( change LIBBIND and LIBDIR to suit to your needs )
  148 
  149 [cut here]
  150 LIBBIND=/home/imil/pub/net/bind-nss/src/lib/libbind.a
  151 LIBDIR=-L/usr/local/openldap2/lib
  152 LIBS=-lldap_r -llber -lc_r
  153 
  154 all:    tpass
  155 
  156 tpass:  tpass.o $(LIBBIND)
  157         cc -g -o tpass tpass.o $(LIBBIND) $(LIBDIR) $(LIBS)
  158 
  159 clean:
  160         rm -f *.o tpass
  161 [cut here]
  162 
  163 launch it:
  164 
  165 ./tpass user
  166 
  167 Watch your LDAP server logs, they should be nice ;)
  168 
  169 ---
  170 
  171 All the best,
  172 
  173 --------------------------
  174 Emile Heitor
  175 Ingenieur Systeme Unix
  176 Cable & Wireless isdnet
  177 http://www.isdnet.net
  178 Email : eheitor@isdnet.net
  179 Tel   : 06.03.29.65.70
  180 --------------------------
  181 
  182 
  183 Subject:      Re: Documentation for IRS in BIND 8.x
  184 From:         Paul Vixie <paul@vix.com>
  185 Date:         1997/06/26
  186 Message-ID:   <g3radp5avm.fsf@wisdom.home.vix.com>
  187 Newsgroups:   comp.protocols.dns.bind
  188 _[More Headers]_
  189 
  190 
  191 Ooops.  I forgot to check in the man page for irs.conf(5).  Here's one:
  192 
  193 IRS.CONF(5)                 BSD Programmer's Manual                IRS.CONF(5)
  194 
  195 NAME
  196      irs.conf - Information Retrieval System configuration file
  197 
  198 SYNOPSIS
  199      irs.conf
  200 
  201 DESCRIPTION
  202      The irs(3) functions are a set of routines in the C library which provide
  203      access to various system maps.  The maps that irs currently controls are
  204      the following: passwd, group, services, protocols, hosts, networks and
  205      netgroup.  When a program first calls a function that accesses one of
  206      these maps, the irs configuration file is read, and the source of each
  207      map is determined for the life of the process.
  208 
  209      If this file does not exist, the irs routines default to using local
  210      sources for all information, with the exception of the host and networks
  211      maps, which use the Domain Name System (DNS).
  212 
  213      Each record in the file consists of one line.  A record consists of a
  214      map-name, an access-method and possibly a (comma delimited) set of op-
  215      tions, separated by tabs or spaces.  Blank lines, and text between a #
  216      and a newline are ignored.
  217 
  218      Available maps:
  219 
  220            Map name        Information in map
  221            =========       ==================================
  222            passwd          User authentication information
  223            group           User group membership information
  224            services        Network services directory
  225            protocols       Network protocols directory
  226            hosts           Network hosts directory
  227            networks        Network "network names" directory
  228            netgroup        Network "host groups" directory
  229 
  230      Available access methods:
  231 
  232            Access method   Description
  233            =============   =================================================
  234            local           Use a local file, usually in /etc
  235            dns             Use the domain name service (includes hesiod)
  236            nis             Use the Sun-compatible Network Information Service
  237 >>         ldap            Use the Lightweight Directory Access Protocol
  238 
  239      Available options:
  240 
  241            Option          Description
  242            ========        ================================================
  243            continue        don't stop searching if you can't find something
  244            merge           don't stop searching if you CAN find something
  245 
  246      The continue option creates ``union namespaces'' whereby subsequent ac-
  247      cess methods of the same map type can be tried if a name cannot be found
  248      using earlier access methods.  This can be quite confusing in the case of
  249      host names, since the name to address and address to name mappings can be
  250      visibly asymmetric even though the data used by any given access method
  251      is entirely consistent.  This behavior is, therefore, not the default.
  252 
  253      The merge option only affects lookups in the groups map.  If set, subse-
  254      quent access methods will be tried in order to cause local users to ap-
  255      pear in NIS (or other remote) groups in addition to the local groups.
  256 
  257 EXAMPLE
  258            # Get password entries from local file, or failing that, NIS
  259            passwd          local   continue
  260            passwd          nis
  261 
  262            # Build group membership from both local file, and NIS.
  263            group           local   continue,merge
  264            group           nis
  265 
  266            # Services comes from just the local file.
  267            services        local
  268 
  269            protocols       local
  270 
  271            # Hosts comes first from DNS, failing that, the local file
  272            hosts           dns     continue
  273            hosts           local
  274 
  275            networks        local
  276 
  277            netgroup        local
  278 
  279 NOTES
  280      If a local user needs to be in the local host's ``wheel'' group but not
  281      in every host's ``wheel'' group, put them in the local host's /etc/group
  282      ``wheel'' entry and set up the ``groups'' portion of your /etc/irs.conf
  283      file as:
  284 
  285            group   local   continue,merge
  286            group   nis
  287 
  288      The dns access method is only supported for the ``hosts'' and
  289      ``networks'' maps.  The other maps fall under the control of Hesiod, and
  290      have not been well tested.
  291 
  292      NIS takes a long time to time out.  Especially for hosts if you use the
  293      -d option to your server's ``ypserv'' daemon.
  294 
  295      It is important that the irs.conf file contain an entry for each map.  If
  296      a map is not mentioned in the irs.conf file, all queries to that map will
  297      fail.
  298 
  299 FILES
  300      /etc/irs.conf      The file irs.conf resides in /etc.
  301 
  302 SEE ALSO
  303      groups(5),  hosts(5),  netgroup(5),  networks(5),  passwd(5),
  304      protocols(5),  services(5)
  305 
  306  BSDI                           August 8, 1996                               2
  307 
  308 -- 
  309 Paul Vixie
  310 La Honda, CA
  311 <_paul@vix.com_>			"Many NANOG members have been around
  312 pacbell!vixie!paul		 longer than most." --Jim Fleming
  313 
  314