[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: nisDomainObject documentation? openldap 2.1.2+

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Yelich, Scott D.

Hello everyone --
There does not appear to be a single consolidated document that will take a
freshly installed solaris 2.6/7/8/9 system and end up with a working openldap
configuration for use as a replacement for NIS, etc.
Perhaps this is because there is no single set of steps that will work in all
situations. A "freshly installed solaris" system behaves much differently
from a fully patched system. Also, since you make a point of this being year
2003, why should anyone bother with a freshly installed solaris 2.6 system?
Certainly getting solaris 2.6 working smoothly with PADL's pam_ldap and
nss_ldap is more trouble than it's worth.

In my experience, a freshly installed, unpatched Solaris 2.7 system works
great with the PADL modules. However, after you've applied a number of
recommended security patches, it all goes to hell, with library version
conflicts, threading incompatibilities, and other such issues. It takes a lot
of careful rebuilding, with much debugging and compiler flag tweaking, to
recover from this disruption. And this appears to be needed with many
subsequent patch updates. I.e., when you apply a newer set of recommended
patches, the environment changes drastically again, and you need to rebuild
the modules again. So again, in my experience, 2.7 is also more trouble than
it's worth.

I'm looking for some information to get openldap to *really* work with
I'm looking for information that works, not references to articles that
don't provide bits and pieces of things that don't really work or work
I've searched the net, the web mailing lists, sites, READMEs, HOWTOs and
but all documentation appears to be broken.  I'm pretty sure more people
adopt openldap if there was a single working documentation item for it.
At a guess, most people who install Solaris and need LDAP will just use
whatever bits Sun bundled. It is more voluminously documented, and doesn't
require you to set up a comprehensive build environment before you can use
it. This to me may be a significant reason why you haven't seen more/better
documentation in this area. And of course, Sun has just plain made it next to
impossible to come up with a single cookbook procedure that will work in all

Go ahead and keep looking if you want, but complaining here won't help you.
As I've said here many times before:
   The only way anything improves is when someone motivated enough makes it
improve. And of course, said motivated person needs to actually know
something about the subject matter, otherwise they just make a bad situation
worse. (Much of the documentation on the web does the latter.) So if you
haven't found any documentation that meets your needs, this is a strong
signal that you need to write such a document yourself. And if you don't know
how to yet, then you need to exert the energy to learn sufficiently to make
it happen. The fact that no one else has done so yet implies that no one else
has been sufficiently motivated or knowledgeable yet.

In the meantime, the simplest solution may just be to purchase ypldapd from
PADL and avoid the abovementioned problems entirely.

This communication is confidential and is intended only for the person to
whom it is addressed. If you are not that person you are not permitted to
make use of the information and you are requested to notify Commerzbank
Aktiengesellschaft, New York Branch immediately that you have received it and
then to destroy the copy in your possession. Views expressed in this e-mail
do not necessarily reflect the views of Commerzbank AG.
Oops. This email was not personally addressed to me, please forget I read it
and destroy any copies of my reply.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support