"Fossies" - the Fresh Open Source Software Archive

Member "nss_ldap-265/doc/SolarisInstallNotes.txt" (6 Nov 2009, 9005 Bytes) of package /linux/privat/old/nss_ldap-265.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.


    1 Date: Sat, Jun 16 2001 03:33:50
    2 Request created by sstone@foo3.com
    3 
    4 OK, this might just be a result of the specific combination I was using:
    5 
    6 OpenLDAP 2.0.11 with OpenSSL 0.9.6a, OpenLDAP compiled for SSL/TLS,
    7 OpenSSL compiled to use RSAREF.  slapd running on a freeBSD 4.3-STABLE
    8 machine, client in question that these docs refer to is a Sun
    9 SPARCStation4 (sun4m) running Solaris 7.  A lot of my frustration here is
   10 due to the fact that it compiles things really SLOW (only a 70mhz cpu...)
   11 
   12 This information is primarily for you to review and integrate into your
   13 docs, to hopefully make your product more usable.  I should preface this
   14 by saying that after I did all this stuff, it eventually DOES work
   15 correctly, so it has a happy ending.  I'm authenticating users on the
   16 solaris machine using SSL now, or so says my packet sniffer, snort. :)
   17 
   18 1) your docs should say, "Your openldap libs *and* your SSL/RSAREF libs
   19 must be DYNAMIC LIBRARIES or neither nss_ldap nor pam_ldap will work".
   20 You also should say that you need to have all these shared libraries in
   21 /usr/lib, since LD_LIBRARY_PATH doesn't get sourced when these modules are
   22 called, and if it's in /usr/local/ssl/lib or /usr/local/lib it's not going
   23 to find them and the dynamic link calls will fail, and so will your LDAP
   24 auth. [NB: compiling with -Wl,-R or -Wl,-rpath *will* include the 
   25 qualified library path in the resulting library or executable. LH]
   26 
   27 1a) compiling rsaref dynamically is a pain.  You have to do it yourself
   28 cuz its makefile will NOT.  commandline:
   29 
   30 cd rsaref/install
   31 make
   32 rm -f rdemo.o
   33 gcc -o librsaref.so.2 -shared -Wl,-soname,librsaref.so.2 *.o
   34 
   35 this will create you both the .a and the .so.2 file.  you must have gnu
   36 binutils for that to work.  Then, install with:
   37 
   38 cp librsaref.so.2 /usr/lib
   39 ln -sf /usr/lib/librsaref.so.2 /usr/lib/librsaref.so
   40 
   41 2)  On Solaris, you need GNU Make and GNU binutils to compile openssl
   42 dynamically.  Using these tools on Solaris makes your configure/makefile
   43 scripts act funny.  I had to take out the "-Wl,./mapfile" from the LDFLAGS
   44 in both nss_ldap and pam_ldap to make it link properly (but it works once
   45 you do that).  I was getting an error: "./mapfile: invalid file format"
   46 
   47 2a) to compile OpenSSL with RSAREF and dynamic lib support, you must:
   48 
   49 cd openssl-0.9.6a
   50 ./config rsaref dynamic
   51 make
   52 make install
   53 
   54 3)  In your makefiles, you check for main in -lldap.  BUT you don't check
   55 for the SSL libraries, so this check will ALWAYS FAIL if libldap.so.2 was
   56 compiled with TLS support.  Go into the configure script and change:
   57 
   58 -lldap $LIBS
   59 
   60 to
   61 
   62 -lldap -lcrypto -lssl -lRSAglue -lrsaref -lsocket $LIBS
   63 
   64 and it works.  yeah, you need -lsocket too.  I dont have autoconf on my
   65 solaris box or I'd have fixed the configure.in directly, but I'll leave
   66 that up to you :)  You need to make that change both in the place where it
   67 specifies the libs to compile conftest.c and in in the place where it adds
   68 the values to the $LIBS variable for eventual linking.
   69 
   70 4) you need a random number generator.  Solaris doesn't come with one, and
   71 Sun's SUNWski package seems to irritate OpenSSL to the point of coredump.
   72 I used ANDI-rand, available as a solaris pkg for 2.5.1, 2.6, 2.7, and 2.8.
   73 it works.
   74 
   75 
   76 Anyway I hope this helps.  I figured all of this out on my own, since the
   77 end-to-end process isn't really well-documented ANYWHERE.  If you use my
   78 information here in your docs, I'd appreciate a small byline, ie,
   79 "portions contributed by Scott Stone <sstone@foo3.com>" or something like
   80 that :)  thanks!
   81 
   82 --------------------------
   83 Scott M. Stone <sstone@foo3.com>
   84 Cisco Certified Network Associate, Sun Solaris Certified Systems Administrator
   85 Senior Technical Consultant - UNIX and Networking
   86 Taos - The SysAdmin Company 
   87 
   88 [http://www.css-solutions.ca/ad4unix/solaris8.html]
   89 
   90 To enable support of nss_ldap and pam_ldap modules from PADL for 64bit application on SUN SPARC platform using Sun C/C++ compiler version 5.0+ is required!!! (Note: with latest gcc 3.0.2 there is some support for 64bit platforms, but we didn't find what options are required for that kind of compilation... GNU as produced some errors, but GNU ld explicitly supported 64bit linking.) Our succesfull implementation was based on "Sun WorkShop 6 update 1 C 5.2 Patch 109513-07 2001/08/27" compiler and nss_ldap v.173 and pam_ldap v.133 modules from PADL Software. There was some issues with compailing and compatibility:
   91 
   92 1.	For nss_ldap with --enable-schema-mapping configure option Berkeley db library is required. There is no precompiled 64bit Berkeley db library available. You can download db library sources from www.sleepycat.com and compile it with the follow batch file:
   93 
   94              #!/bin/sh             
   95              
   96              CC64=" -xtarget=native64 -KPIC " 
   97              #CC64="" 
   98              export CC64 
   99              
  100              
  101              CC=cc 
  102              export CC 
  103              CFLAGS=" $CC64 " 
  104              export CFLAGS 
  105              LDFLAGS=" $CC64 -R/usr/local/lib/sparcv9" 
  106              export LDFLAGS 
  107              
  108              cd db-3.3.11/dist 
  109              ./configure \ 
  110              --prefix=/usr/local \ 
  111              --bindir=/usr/local/bin/sparcv9 \ 
  112              --libdir=/usr/local/lib/sparcv9 \ 
  113              --enable-compat185 
  114              make
  115              make install
  116 I guess if you compile it for 64bit you also would like to compile for 32bit, for that just comment CC64 option and uncomment follow CC64 empty option, remove /sparcv9 suffix from LDFLAGS and remove --bindir and --libdir prefixes from configure command line.
  117 
  118 
  119 2.	The nss_ldap v.173 requires some patching for compatibility with Sun C (not only with Sun, but AIX C has same symptoms): 
  120 *	Sun C compiler (latest from Sun and same issues as AIX C compiler) does not support construction like:
  121 in ldap-nss.h near line 600:
  122 #define debug(fmt, args...) fprintf(stderr, fmt, ## args)
  123 workaround was - coping AIX workaround for SUN C:-)
  124 
  125 *	Also Sun C compiler does not support initialization of arrays by not constant values (by functions for example - macro AT with class mapping will replaced by function call)...
  126 in util.c (line 204) from:
  127 const char *attrs[] = { AT (uid), attrs[1] = NULL };
  128 LDAPMessage *res;
  129 to:
  130 LDAPMessage *res;
  131 const char *attrs[2];
  132 attrs[0] = AT (uid) ;
  133 attrs[1] = NULL ;
  134 
  135 
  136 
  137 
  138 Luke Howard from PADL Software said that in the next releases these problems will be patched.
  139 
  140 3.	There is our batch file for compiling nss_ldap.so 64 bit with Sun C/C++ compiler (for compiling 32bit module comment CC64 statment and uncomment follow CC64 empty statment also remove /sparcv9 suffix from LDFLAGS):
  141 
  142 
  143              #!/bin/sh 
  144 
  145 
  146              CC64=" -xtarget=native64 -KPIC " 
  147              #CC64="" 
  148              export CC64 
  149              
  150              CC=cc 
  151              export CC 
  152              CFLAGS=" $CC64 " 
  153              export CFLAGS 
  154              CPPFLAGS=" -I/usr/local/include " 
  155              export CPPFLAGS 
  156              LDFLAGS=" $CC64 -L/usr/local/lib/sparcv9 -R/usr/local/lib/sparcv9 " 
  157              export LDFLAGS 
  158              
  159              cd nss_ldap-173 
  160              ./configure --enable-schema-mapping \ 
  161              --enable-rfc2307bis
  162              # --enable-debugging 
  163 
  164 4.	Batch file for compiling pam_ldap module is same, just change directory to pam_ldap-xxx and run ./configure without any parametrs.
  165 
  166 
  167 32bit version
  168 We found some incompatibility BUG in the gcc produced code (3.0.1 and 3.0.2) and dynamic linking with dlopen function calls. That BUG we found in 32bit compiled libraries with Sun C/C++ and applications that was compiled by GNU gcc 3.0.1 and 3.0.2 (we could not test it with GNU gcc 64 bit and we did not test it with other versions of GNU gcc). If Application was compiled with Sun C/C++ there is no problem. Workaround for that was erasing linked modules and relinking modules by explicitly call ld: 
  169 
  170 1.	Erase modules:
  171 for PAM
  172 rm pam_ldap.so 
  173 or for NSS
  174 rm nss_ldap.so 
  175 2.	run ld linker explicitly:
  176 for PAM: 
  177 *	for native Sun linker
  178 /usr/ccs/bin/ld -M mapfile -R/usr/local/lib -o pam_ldap.so -G pam_ldap.o md5.o -lldap -lnsl -lcrypt -lresolv -lpam -ldl
  179 *	for GNU lg
  180 /usr/local/bin/ld -R/usr/local/lib -o pam_ldap.so -G pam_ldap.o md5.o -lldap -lnsl -lcrypt -lresolv -lpam -ldl 
  181 
  182 or for for NSS:
  183 *	for native Sun linker
  184 /usr/ccs/bin/ld -R/usr/local/lib -o nss_ldap.so -M ./mapfile -G \ 
  185 ldap-nss.o ldap-pwd.o ldap-grp.o ldap-rpc.o ldap-hosts.o ldap-network.o \ 
  186 ldap-proto.o ldap-spwd.o ldap-alias.o ldap-service.o ldap-schema.o ldap-ethers.o \ 
  187 ldap-bp.o util.o globals.o ltf.o snprintf.o resolve.o dnsconfig.o irs-nss.o \ 
  188 -lldap -Bdynamic -ldb -ldl -lnsl -lresolv
  189 *	for GNU lg
  190 /usr/local/bin/ld -R/usr/local/lib -o nss_ldap.so -G \ 
  191 ldap-nss.o ldap-pwd.o ldap-grp.o ldap-rpc.o ldap-hosts.o ldap-network.o \ 
  192 ldap-proto.o ldap-spwd.o ldap-alias.o ldap-service.o ldap-schema.o ldap-ethers.o \ 
  193 ldap-bp.o util.o globals.o ltf.o snprintf.o resolve.o dnsconfig.o irs-nss.o \ 
  194 -lldap -Bdynamic -ldb -ldl -lnsl -lresolv 
  195 
  196 
  197 3.	make install :-)
  198