RE: [nssldap] Solaris 10 update 5 - nss_ldap makes nscd dump core

["Howard Wilkinson" <howard [at] cohtech.com>]

Thomas,
 
yes I have a working nss_ldap without third party libraries. So far it has only 
been tested on Solaris 10u8 with anonymous authentication to the LDAP server. 
When called without NSCD running it works. With NSCD running it now does not 
segfault but although it returns the search result in the format I think NSCD 
wants it, the getent returns nothing. So I am missing something in the NSS 
interface from NSCD.
 
NSCD passes a NULL result pointer while the library does not. The code I can 
see in OpenSolaries suggests that if I return a string of the 'file format' 
result then this will work. This is what I think I am doing but it does not 
produce the right output.
 
If I can crack this I will release the patches into the bugzilla and then try 
to make the code work with GCC as well. I will also need to backport this onto 
Solaris 8.
 
Any help that you, or anybody else can give to fix this problem will be 
gratefully received. This has been a problem for over a week now.
 
Howard.
 
Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL, 
United Kingdom
Telephone: +44 20 3355 6467 Mobile: +44 7980 639379
Company Email: coherent@cohtech.com Website: http://www.cohtech.com 
<http://www.cohtech.com/>  

________________________________

From: Thomas Glanzmann [thomas [at] glanzmann.de]
Sent: Wed 2009-12-30 14:21
To: Howard Wilkinson
Cc: Matthew Hardin; Luke Howard; nssldap@padl.com; Bernhard.Thalmayr@Sun.COM
Subject: Re: [nssldap] Solaris 10 update 5 - nss_ldap makes nscd dump core



Howard,

> making progress. We can now get the library to run under Solaris 10u8.
> We had to add a 'trick' to the exports.solaris to get the code to
> dynamic load. The interface gss_krb5_ccache_name is implemented inside
> the mech_krb5 library on Solaris 10 (and is marked as private to the
> library despite being a global symbol) so we added the line

> gss_krb5_ccache_name = FUNCTION FILTER /usr/lib/gss/mech_krb5.so.1;

that means you manged to build a working nss_ldap without any third
party libaries? Could you please share your patches and the build
script, I would love reproduce that result.

> The code now runs and it producing results. 'Getent passwd' works so
> long as nscd is not running. If nscd is started then 'getent passwd
> username' works but 'getent passwd' does not. Anybody seen anything
> like this and can point me at what the Solaris NSCD is doing. Note we
> have set the ldap cache to be a fake service so that may be throwing
> nscd.

I assume that a function from nss_ldap is missing or implemented in a
way that is incomptaible with nscd. It might be possible to configure
the native Solaris 10 interface and use valgrind, single stepping or
carefully created breakpoints to get a call graph including fucntion
arguments and return values. After that someone could compare that with
what nss_ldap is doing differently. Another way would be stub library
loaded between nscd and the native ldap library (I think the last one
would be the easies to accomplish).

        Thomas