[nssldap] Re: Solaris 10: As soon as nscd is running getpwnam on a ldap account fails

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Thomas Glanzmann <thomas [at] glanzmann.de>
To: nssldap [at] padl.com
Subject: [nssldap] Re: Solaris 10: As soon as nscd is running getpwnam on a ldap account fails
Date: Sun, 8 Jun 2008 17:00:13 +0200

Hello,
I managed today to build an omnipotent nss_ldap and pam_krb5_310 that works with
Solaris 10 U5 (still without nscd). I wonder why noone published howto to do
that before. (Deps: libnet, openssl, krb5, sasl2, openldap).

http://git.informatik.uni-erlangen.de/?p=blastwave;a=blob;f=specs/nss-ldap;h=35348abd4e3c2d1cc858326b1d229ac066c7b6a6;hb=a314b8093d40a66eec8d3af4afc03176ad2897a0

However, I'm still stuck with nscd. So I called nm on the original
nss_ldap.so.1 which Solaris provied on Update 5 with the latest
patchset.

-bash-3.00$ /usr/ccs/bin/nm nss_ldap.so.1.off | grep GLOB | grep -v UNDEF
[330]   |         0|       0|OBJT |GLOB |0    |ABS    |SUNWprivate_1.1
[324]   |    114904|       0|OBJT |GLOB |0    |16     |_DYNAMIC
[350]   |    114688|       0|OBJT |GLOB |0    |15     |_GLOBAL_OFFSET_TABLE_
[361]   |      6252|       0|OBJT |GLOB |0    |9      |_PROCEDURE_LINKAGE_TABLE_
[368]   |    118033|       0|OBJT |GLOB |0    |19     |_edata
[333]   |    118033|       0|OBJT |GLOB |0    |20     |_end
[363]   |     45422|       0|OBJT |GLOB |0    |14     |_etext
[385]   |      8615|      59|FUNC |GLOB |0    |10     
|_nss_ldap_audit_user_constr
[369]   |      7918|      59|FUNC |GLOB |0    |10     
|_nss_ldap_auth_attr_constr
[380]   |      9324|      59|FUNC |GLOB |0    |10     
|_nss_ldap_bootparams_constr
[373]   |     10090|      59|FUNC |GLOB |0    |10     |_nss_ldap_ethers_constr
[359]   |     13171|      59|FUNC |GLOB |0    |10     
|_nss_ldap_exec_attr_constr
[384]   |     14820|      59|FUNC |GLOB |0    |10     |_nss_ldap_group_constr
[331]   |     17097|      59|FUNC |GLOB |0    |10     |_nss_ldap_hosts_constr
[326]   |     18177|      59|FUNC |GLOB |0    |10     |_nss_ldap_ipnodes_constr
[376]   |     24569|      54|FUNC |GLOB |0    |10     |_nss_ldap_netgroup_constr
[362]   |     25031|      59|FUNC |GLOB |0    |10     |_nss_ldap_netmasks_constr
[374]   |     20303|      59|FUNC |GLOB |0    |10     |_nss_ldap_networks_constr
[398]   |     29054|      59|FUNC |GLOB |0    |10     |_nss_ldap_passwd_constr
[390]   |     30181|      58|FUNC |GLOB |0    |10     |_nss_ldap_printers_constr
[321]   |     25878|      59|FUNC |GLOB |0    |10     
|_nss_ldap_prof_attr_constr
[358]   |     26822|      59|FUNC |GLOB |0    |10     |_nss_ldap_project_constr
[356]   |     27998|      59|FUNC |GLOB |0    |10     
|_nss_ldap_protocols_constr
[395]   |     19021|      59|FUNC |GLOB |0    |10     
|_nss_ldap_publickey_constr
[341]   |     31104|      59|FUNC |GLOB |0    |10     |_nss_ldap_rpc_constr
[367]   |     33019|      59|FUNC |GLOB |0    |10     |_nss_ldap_services_constr
[387]   |     33807|      59|FUNC |GLOB |0    |10     |_nss_ldap_shadow_constr
[349]   |     35389|      59|FUNC |GLOB |0    |10     |_nss_ldap_tnrhdb_constr
[377]   |     35924|      59|FUNC |GLOB |0    |10     |_nss_ldap_tnrhtp_constr
[364]   |     34654|      59|FUNC |GLOB |0    |10     
|_nss_ldap_user_attr_constr

After that I look at the exported symbols of nss_ldap (see also export.solaris
in the nss_ldap distribution):

-bash-3.00$ /usr/ccs/bin/nm nss_ldap.so.1 | grep GLOB | grep -v UNDEF
[16346] |   3863200|       0|OBJT |GLOB |0    |22     |_DYNAMIC
[16403] |   3862036|       0|OBJT |GLOB |0    |21     |_GLOBAL_OFFSET_TABLE_
[16364] |    430276|       0|OBJT |GLOB |0    |15     |_PROCEDURE_LINKAGE_TABLE_
[16428] |    519264|     121|FUNC |GLOB |0    |16     |__ns_ldap_endEntry
[16314] |    519776|     205|FUNC |GLOB |0    |16     |__ns_ldap_err2str
[16373] |    518864|     237|FUNC |GLOB |0    |16     |__ns_ldap_firstEntry
[16309] |    512432|     153|FUNC |GLOB |0    |16     |__ns_ldap_freeEntry
[16318] |    511872|     129|FUNC |GLOB |0    |16     |__ns_ldap_freeError
[16445] |    512592|     157|FUNC |GLOB |0    |16     |__ns_ldap_freeResult
[16282] |    511408|      85|FUNC |GLOB |0    |16     
|__ns_ldap_getMappedAttributes
[16278] |    511504|      85|FUNC |GLOB |0    |16     
|__ns_ldap_getMappedObjectClass
[16394] |    512160|     109|FUNC |GLOB |0    |16     |__ns_ldap_getParam
[16411] |    519392|     369|FUNC |GLOB |0    |16     |__ns_ldap_list
[16261] |    519104|     153|FUNC |GLOB |0    |16     |__ns_ldap_nextEntry
[16473] |   3978888|       0|OBJT |GLOB |0    |26     |_edata
[16315] |   4034680|       0|OBJT |GLOB |0    |27     |_end
[16376] |   3796500|       0|OBJT |GLOB |0    |20     |_etext
[16323] |    491712|      25|FUNC |GLOB |0    |16     
|_nss_ldap_bootparams_constr
[16281] |    491168|     109|FUNC |GLOB |0    |16     |_nss_ldap_ethers_constr
[16361] |    470240|     109|FUNC |GLOB |0    |16     |_nss_ldap_group_constr
[16272] |    478544|     109|FUNC |GLOB |0    |16     |_nss_ldap_hosts_constr
[16420] |    475520|     141|FUNC |GLOB |0    |16     |_nss_ldap_netgroup_constr
[16412] |    480208|     109|FUNC |GLOB |0    |16     |_nss_ldap_networks_constr
[16363] |    463440|     109|FUNC |GLOB |0    |16     |_nss_ldap_passwd_constr
[16434] |    481328|     109|FUNC |GLOB |0    |16     
|_nss_ldap_protocols_constr
[16444] |    476672|     109|FUNC |GLOB |0    |16     |_nss_ldap_rpc_constr
[16273] |    484624|     109|FUNC |GLOB |0    |16     |_nss_ldap_services_constr
[16407] |    482832|     109|FUNC |GLOB |0    |16     |_nss_ldap_shadow_constr
[16418] |         0|       0|OBJT |GLOB |0    |ABS    |nss_ldap.so.1

What you can see here is, that a few symbols are gone and a few new are in. Has
someone already had a look at this?

(u5) [/var/tmp/sithglan-pkg/nss_ldap-260] gdiff -ruN padl sun
--- padl        2008-06-08 16:51:53.390905000 +0200
+++ sun 2008-06-08 16:47:01.055021000 +0200
@@ -1,22 +1,23 @@
-__ns_ldap_endEntry
-__ns_ldap_err2str
-__ns_ldap_firstEntry
-__ns_ldap_freeEntry
-__ns_ldap_freeError
-__ns_ldap_freeResult
-__ns_ldap_getMappedAttributes
-__ns_ldap_getMappedObjectClass
-__ns_ldap_getParam
-__ns_ldap_list
-__ns_ldap_nextEntry
+_nss_ldap_audit_user_constr
+_nss_ldap_auth_attr_constr
 _nss_ldap_bootparams_constr
 _nss_ldap_ethers_constr
+_nss_ldap_exec_attr_constr
 _nss_ldap_group_constr
 _nss_ldap_hosts_constr
+_nss_ldap_ipnodes_constr
 _nss_ldap_netgroup_constr
+_nss_ldap_netmasks_constr
 _nss_ldap_networks_constr
 _nss_ldap_passwd_constr
+_nss_ldap_printers_constr
+_nss_ldap_prof_attr_constr
+_nss_ldap_project_constr
 _nss_ldap_protocols_constr
+_nss_ldap_publickey_constr
 _nss_ldap_rpc_constr
 _nss_ldap_services_constr
 _nss_ldap_shadow_constr
+_nss_ldap_tnrhdb_constr
+_nss_ldap_tnrhtp_constr
+_nss_ldap_user_attr_constr

So, I guess the following symbols are missing and this is why my nscd keeps
failing on me:

_nss_ldap_exec_attr_constr
_nss_ldap_ipnodes_constr
_nss_ldap_netmasks_constr
_nss_ldap_printers_constr
_nss_ldap_prof_attr_constr
_nss_ldap_project_constr
_nss_ldap_publickey_constr
_nss_ldap_tnrhdb_constr
_nss_ldap_tnrhtp_constr
_nss_ldap_user_attr_constr

I'm also wondering if I am the only one who is needs this patch to get
nss_ldap working _without_ debugging enabled under Solaris 10 using gcc,
forte11 and forte12:

http://git.informatik.uni-erlangen.de/?p=blastwave;a=blob;f=sources/nss_ldap.patch;h=c1371d22b1c691d3106c105a95bb8264f9368b55;hb=a314b8093d40a66eec8d3af4afc03176ad2897a0

        Thomas

[nssldap] Solaris 10: As soon as nscd is running getpwnam on a ldap account fails, Thomas Glanzmann
- [nssldap] Re: Solaris 10: As soon as nscd is running getpwnam on a ldap account fails, Thomas Glanzmann

Prev by Date: [nssldap] Solaris 10: As soon as nscd is running getpwnam on a ldap account fails
Next by Date: [nssldap] Re: Solaris 10: As soon as nscd is running getpwnam on a ldap account fails
Previous by thread: [nssldap] Solaris 10: As soon as nscd is running getpwnam on a ldap account fails
Next by thread: [nssldap] Re: Solaris 10: As soon as nscd is running getpwnam on a ldap account fails