1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
LDAP NAMESERVICE SWITCH LIBRARY
===============================
This is the nss_ldap library, an LDAP module for the Solaris Nameservice
Switch (NSS). This should be compatible with the GNU glibc if GNU_NSS is
defined, and the ISC BIND IRS if IRS_NSS is defined.
The LDAP schema used is described in RFC 2307
Insert this:
passwd: files nis ldap
group: files nis ldap
or something similar in /etc/nsswitch.conf.
The source code is distributed under the GNU General Library Public Licence
(see COPYING.LIB).
Platforms this has been built under:
o Linux 2.0 (tested by Greg and Luke)
o Solaris 2.4 and 2.6 (tested by Luke) It should work under
Solaris 7 as the NSS ABI hasn't changed according to Sun.
Platforms this ought to be tested under:
o Solaris 2.5.x
o BSD/OS (requires BIND IRS source)
o FreeBSD (requires BIND IRS source)
To install, pick a makefile and type make. You'll need to fiddle around
a bit...
NOTES
=====
1. Installation
---------------
You need to ensure libnss_ldap.so.1 (or nss_ldap.so.1, for Solaris) is in
/usr/lib.
2. IRIX
-------
Under IRIX, you'll need to set _RLD_LIST to
libnss_ldap.so:libldap.so:DEFAULT
IRIX 6.5 has native LDAP support in nsd so you don't need this.
3. Building shared LDAP client libraries
----------------------------------------
You can build a position independent LDAP client library by compiling
-fPIC and linking with -shared, or downloading the Mozilla or Netscape
LDAP SDKs. Note that OpenLDAP only appears to build shared libraries
on some platforms (apparently not Solaris?). To build these, configure
with --enable-shared.
NOTE: There seem to be problems linking against the libraries included
with Netscape's Directory Server 4.1. You may wish to try Netscape's
LDAP SDK 3.0 instead.
If ldap-nss.c doesn't link because ldap_ld_free() isn't defined (or
the module fails at runtime with a "relocation error: symbol
ldap_ld_free: referenced symbol not found", then undefine
HAVE_LDAP_LD_FREE at the top of ldap-nss.c. This is exported on
Linux but _NOT_ Solaris with Netscape's C SDK.
4. glibc 2.0 compatibility
--------------------------
Current versions of the nss_ldap library are designed to work with
glibc 2.1, not glibc 2.0. They _may_ work with glibc 2.0. YMMV.
5. RFC2307BIS
-------------
Compiling with -DRFC2307BIS adds rfc2307bis support, which at the
moment just gets you support for groups with distinguished name
members (instead of login names). A posixGroup can thus have the
both memberUid and uniqueMember attributes. This support makes
uses of the Berkeley DB library to cache DN to login name mappings;
if you don't want to use this or don't have libdb, then you need
to undefine DN2UID_CACHE in util.c.
6. Mailing lists
----------------
To discuss nss_ldap and related technologies, you may
subscribe to the following mailing lists:
<URL:mailto:nssldap-request@padl.com>
and
<URL:mailto:ldap-nis-request@padl.com>
Send an electronic mail message with "subscribe" in the
message body to join the list.
7. Commercial support
---------------------
Note that PADL now offer commercial support on a
per-incident basis.
To request a support incident, send email to: nssldap-support@padl.com
--
PADL Software Pty Ltd
nssldap-support@padl.com
http://www.padl.com/
|
