Re: [nssldap] nss_ldap under Solaris 10
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] nss_ldap under Solaris 10
- From: Matthew Hardin <mhardin [at] symas.com>
- To: "Paul B. Henson" <henson [at] acm.org>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] nss_ldap under Solaris 10
- Date: Sat, 19 Jan 2008 12:47:09 -0700
Hi Paul,
Paul B. Henson wrote:
We are trying to integrate Solaris 10 into an existing openLDAP based
system currently used by our Linux servers. We use nss_ldap for Linux
(obviously) which has worked very well for us.
I thought I'd try to get the native client working under Solaris just for
support purposes (even though I didn't like it upon first sight), but have
run into two showstopper problems.
First, there is no way to use TLS encryption for the client unless you are
also authenticating to the LDAP server.
[snip]
We at Symas have successfully built and packaged pam_ldap and nss_ldap
for Solaris 10. There have been no reported issues with our current
releases, and the packages appear to be working well at a number of
large and small sites.
One thing to watch for in the standard build for nss_ldap that uses SSL,
particularly on Solaris, is the namespace pollution that takes place if
nss_ldap is loaded directly into a process's namespace. This can cause
segfaults and other anomalous behavior in programs like sshd. Using
Sun's (broken) LDAP libraries may mitigate this somewhat. We worked
around this through a different approach.
I apologize if this has been recently discussed, I tried to search the
archives at http://www.netsys.com/nssldap/, but that server seems
unresponsive.
Hasn't been discussed in recent memory...
Thanks...
--
Matthew Hardin
Symas Corporation - The LDAP Guys
http://www.symas.com