Re: [nssldap] nss_ldap under Solaris 10
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: [nssldap] nss_ldap under Solaris 10
- From: Jacob Pszonowsky <jdp16 [at] mac.com>
- To: "Paul B. Henson" <henson [at] acm.org>
- Cc: Matthew Hardin <mhardin [at] symas.com>, nssldap [at] padl.com
- Subject: Re: [nssldap] nss_ldap under Solaris 10
- Date: Tue, 22 Jan 2008 20:12:21 -0800
You might take a look at nss_ldapd. I haven't used it yet, but it splits the nss calls from the ldap library.
http://ch.tudelft.nl/~arthur/nss-ldapd/ -jake Jacob Pszonowsky jdp16@mac.com (c) 415.225.2647 (f) 415.358.5918 On Jan 22, 2008, at 5:14 PM, Paul B. Henson wrote:
On Sat, 19 Jan 2008, Matthew Hardin wrote:We at Symas have successfully built and packaged pam_ldap and nss_ldapfor Solaris 10. There have been no reported issues with our currentreleases, and the packages appear to be working well at a number of largeand small sites.Thanks for the feedback. I did some initial testing compiled against the native Sun LDAP libraries, I got it working in plain text okay but not withSSL. I knew I had the certificates configured correctly for the Sunlibraries because the native ldapsearch command worked fine, but nss_ldap would only complain it could not contact the server. I saw traffic to the SSL port, I'm assuming some incompatibility between nss_ldap and the SunSSL stuff. Unfortunately my budget precludes purchasing your packages :)...One thing to watch for in the standard build for nss_ldap that uses SSL, particularly on Solaris, is the namespace pollution that takes place if nss_ldap is loaded directly into a process's namespace. This can causeI've actually had similar issues under Linux. One time I ended up withnss_ldap linked against an older version of openSSL than sshd, with rather annoying failures. That is the one thing I think Sun got right, splitting up the process actually contacting the LDAP server away from the client calling it. It would be nice if nss_ldap could evolve such a mechanism witha dedicated daemon for LDAP communications and a small nss stub communicating via basic sockets to prevent namespace pollution... Thanks... --Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/ ~henson/Operating Systems and Network Analyst | henson@csupomona.edu California State Polytechnic University | Pomona CA 91768
- [nssldap] nss_ldap under Solaris 10,
Paul B. Henson
- Re: [nssldap] nss_ldap under Solaris 10,
Matthew Hardin
- Re: [nssldap] nss_ldap under Solaris 10, Dan Am
- Re: [nssldap] nss_ldap under Solaris 10,
Paul B. Henson
- Re: [nssldap] nss_ldap under Solaris 10, Jacob Pszonowsky
- Re: [nssldap] nss_ldap under Solaris 10,
Tony Earnshaw
- Re: [nssldap] nss_ldap under Solaris 10, Paul B. Henson
- Re: [nssldap] nss_ldap under Solaris 10, Paul B. Henson
- Re: [nssldap] nss_ldap under Solaris 10,
Matthew Hardin
- Prev by Date: Re: [nssldap] nss_ldap under Solaris 10
- Next by Date: Re: [nssldap] nss_ldap under Solaris 10
- Previous by thread: Re: [nssldap] nss_ldap under Solaris 10
- Next by thread: Re: [nssldap] nss_ldap under Solaris 10