[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd 2.0.7 and solaris 8

	There is a patch to OpenLDAP to make native Solaris PAM work. I
believe that patch was posted to this list already. 

	I working from recollection now...

	I think you only need that patch to initialize LDAP support with
the  ldapclient tool. As far as I can tell, all that tool does is create
the files /var/ldap/ldap_client_cred and /var/ldap/ldap_client_file. 

	Sun says not to edit these files under any circumstances, but I
found that the ONLY way to get Solaris to work with OpenLDAP in my setup
was to manually edit these files. Solaris seems to work fine if your
accounts are under "ou=People, $base_dn", but mine were not. ldapclient
has a provision for changing that, but you need to change both the
"passwd:" and the "shadow:" facilities and the ldapclient only seemed to
allow me to change one of them. 

	In addition, I could not figure out how to get TLS support using
the ldapclient tool. You should be able to hand hack those files to plug
that into Solaris as well. The Sun documentation claims this is supported.

	Lastly, I found that if I copied those files from one server to
another, the system worked. I had to restart nscd. So you should not need
to use that busted ldapclient tool at all. You will probably need to use
the ldap_gen_profile tool to generate the password field.

			Landon McDowell

On Thu, 1 Feb 2001, Adam Shand wrote:

> > I appears that the leak is coming from the regcomp() function in libc.
> > So, this is an OS bug.  I have a Solaris 7 installation and I do not
> > see this problem.  Sun has apparently integrated the fix in the
> > s28u4_06 and s81_20 releases.  I am not sure what these releases mean.  
> > It is possible that these are media kit releases.  Does anyone know?
> yes these solaris 8 media releases (solaris 2.8 april 4 and jan 20). 
> i am still in the process of getting native solaris 8 nss/pam stuff to
> work with openldap.  i saw your post (dated 12 sep) but have a couple
> questions if you don't mind.
> - is the patch you list still required?  i see that there have been quite
>   a few releases since sep 12, have these changes been included?
> - i see information in your mail (and another web site which references
>   your mail) about having to mess around with ldap_gen_profile but i still
>   don't understand exactly what is required to actually make the native 
>   solaris 8 libs with with openldap.
> if you would be willing to help me get this working i will be happy to
> document this all from the ground up to minimise future questions on the
> list.
> thanks,
> adam.