[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap and Solaris 8

On Sat, 18 Aug 2001, Luke Howard wrote:

> >If you use the ldap_cachemgr software, your ldap requests will not
> >directly map the nss_ldap library.  This can also be accomplished to some
> >extent with nscd.  If nscd or ldap_cachemgr is running, you're probably
> As I understand it, in its present incarnation ldap_cachemgr caches
> the LDAP profile information (configuration file) not actual results
> fromhe LDAP server.

This is true.  However, nscd and ldap_cachemgr have some similarities.
ldap_cachemgr caches the contents of /var/ldap/ldap_client_file and
/var/ldap/ldap_client_cred.  Since ldap_client_cred contains the binddn
for the ldap database, it is only readable by root.  If nscd is running,
it can read this file (since it's running as uid 0), but a regular user
can't, therefore can't perform name service lookups.  I'd like to stress
that ldap_cachemgr has bugs, and before you run it, you may want to read
the page i've written about it at

If you're using the ou=People hierarchy like Sun wants, you probably won't
have problems.

> However, there is always a good reason to use Sun's nss_ldap modules:
> they are supported by Sun. The NSS subsystem on Solaris is completely
> undocumented and using a 3rd-party module apparently makes your
> Solaris system unsupported by Sun (although we do offer support for
> our module).

I had pretty good luck with your nss_ldap module, and it works great for
me on my non-solaris systems.  Not sure if I thanked you before, but i
appreciate all the work you've done for using ldap as a naming service.