Re: [nssldap] nss_ldap under Solaris 10

[Matthew Hardin <mhardin [at] symas.com>]

Hi Paul,

Paul B. Henson wrote:
> We are trying to integrate Solaris 10 into an existing openLDAP based
> system currently used by our Linux servers. We use nss_ldap for Linux
> (obviously) which has worked very well for us.
>
> I thought I'd try to get the native client working under Solaris just for
> support purposes (even though I didn't like it upon first sight), but have
> run into two showstopper problems.
>
> First, there is no way to use TLS encryption for the client unless you are
> also authenticating to the LDAP server.
>
> [snip]  
We at Symas have successfully built and packaged pam_ldap and nss_ldap 
for Solaris 10. There have been no reported issues with our current 
releases, and the packages appear to be working well at a number of 
large and small sites.

One thing to watch for in the standard build for nss_ldap that uses SSL, 
particularly on Solaris, is the namespace pollution that takes place if 
nss_ldap is loaded directly into a process's namespace. This can cause 
segfaults and other anomalous behavior in programs like sshd. Using 
Sun's (broken) LDAP libraries may mitigate this somewhat. We worked 
around this through a different approach.
> I apologize if this has been recently discussed, I tried to search the
> archives at http://www.netsys.com/nssldap/, but that server seems
> unresponsive.
>
>   
Hasn't been discussed in recent memory...
> Thanks...
>
>   
--

Matthew Hardin
Symas Corporation - The LDAP Guys
http://www.symas.com