Solaris 10 as openldap client
in [Solaris]
|
Prev: VxVM : Can't open /dev/vx/rdsk/bootdg/rootvol
Next: Sun-sshd+ldap with solaris 10 native client library?
From: Artabros on 21 May 2005 12:23 Hi!! Could someone explain me how to configure Solaris 10 as a remote openldap client? I need to configure a sun server as client of a remote openLDAP directory server. I've tried with ldapclient command, but I cannot make it work. Is it necessary to create a profile with ldapclient init?. Isn't it enought to pass it the LDAP directory parameters to make it generate valid ar/ldap/ldap_client_file and /var/ldap/ldap_client_cred? I've also tried to compile nss_ldap and pam_ldap with the following result: ========== === make ========== bash-3.00# make /usr/sfw/bin/gcc -DHAVE_CONFIG_H -I/usr/local/ssl/include -I/usr/local/inc lude -DLDAP_REFERRALS -DLDAP_DEPRECATED -D_REENTRANT -g -O2 -Wall -fPIC -c ldap-ethers.c ldap-ethers.c:86: error: conflicting types for 'ether_aton' /usr/include/sys/ethernet.h:102: error: previous declaration of 'ether_aton' was here ldap-ethers.c:86: error: conflicting types for 'ether_aton' /usr/include/sys/ethernet.h:102: error: previous declaration of 'ether_aton' was here ldap-ethers.c:91: error: conflicting types for 'ether_ntoa' /usr/include/sys/ethernet.h:101: error: previous declaration of 'ether_ntoa' was here ldap-ethers.c:91: error: conflicting types for 'ether_ntoa' /usr/include/sys/ethernet.h:101: error: previous declaration of 'ether_ntoa' was here ldap-ethers.c:24: warning: 'rcsId' defined but not used ldap-ethers.c:226: warning: '_nss_ldap_setetherent_r' defined but not used ldap-ethers.c:238: warning: '_nss_ldap_endetherent_r' defined but not used ldap-ethers.c:246: warning: '_nss_ldap_getetherent_r' defined but not used make: *** [ldap-ethers.o] Error 1 =============== === ./configure =============== loading cache ./config.cache checking host system type... i386-pc-solaris2.10 checking target system type... i386-pc-solaris2.10 checking build system type... i386-pc-solaris2.10 checking for a BSD compatible install... ./install-sh -c checking whether build environment is sane... yes checking whether make sets ${MAKE}... (cached) no checking for working aclocal... found checking for working autoconf... found checking for working automake... found checking for working autoheader... found checking for working makeinfo... missing checking for gcc... (cached) /usr/sfw/bin/gcc checking whether the C compiler (/usr/sfw/bin/gcc -L/usr/local/ssl/lib -L/usr/local/lib -R/usr/local/ssl/li b:/usr/local/lib) works... yes checking whether the C compiler (/usr/sfw/bin/gcc -L/usr/local/ssl/lib -L/usr/local/lib -R/usr/local/ssl/li b:/usr/local/lib) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether /usr/sfw/bin/gcc accepts -g... (cached) yes checking how to run the C preprocessor... (cached) /usr/sfw/bin/gcc -E checking for a BSD compatible install... ./install-sh -c checking for lber.h... (cached) yes checking for ldap.h... (cached) yes checking for ldap_ssl.h... (cached) no checking for nss.h... (cached) no checking for nsswitch.h... (cached) yes checking for irs.h... (cached) no checking for thread.h... (cached) yes checking for pthread.h... (cached) yes checking for synch.h... (cached) yes checking for malloc.h... (cached) yes checking for shadow.h... (cached) yes checking for prot.h... (cached) no checking for port_before.h... (cached) no checking for port_after.h... (cached) no checking for aliases.h... (cached) no checking for net/route.h... (cached) yes checking for netinet/if_ether.h... (cached) yes checking for netinet/ether.h... (cached) no checking for ctype.h... (cached) yes checking for alignof.h... (cached) no checking for rpc/rpcent.h... (cached) yes checking for sys/byteorder.h... (cached) yes checking for sys/un.h... (cached) yes checking for libc-lock.h... (cached) no checking for bits/libc-lock.h... (cached) no checking for sasl.h... (cached) no checking for sasl/sasl.h... (cached) yes checking for strings.h... (cached) yes checking for gssldap.h... (cached) no checking for gsssasl.h... (cached) no checking for gssapi/gssapi_krb5.h... (cached) no checking for gssapi.h... (cached) no checking for main in -lresolv... (cached) yes checking for main in -lnsl... (cached) yes checking for strtok_r... (cached) yes checking for sigaction... (cached) yes checking for sigset... (cached) yes checking for res_search... (cached) yes checking for dn_expand... (cached) yes checking for snprintf... (cached) yes checking for gethostbyname... (cached) yes checking for nsdispatch... (cached) no checking for pthread_atfork... (cached) yes checking for ether_aton... (cached) no checking for ether_ntoa... (cached) no checking for struct ether_addr... yes checking for socklen_t... yes checking for pw_change in struct passwd... no checking for pw_expire in struct passwd... no checking for dlopen in -ldl... (cached) yes checking for gss_krb5_ccache_name in -lgssapi... (cached) no checking for gss_krb5_ccache_name in -lgssapi_krb5... (cached) no checking for main in -llber... (cached) no checking for main in -lldap... (cached) yes checking for ldap_gss_bind in -lgssldap... (cached) no checking for ldap_init... (cached) yes checking for ldap_get_lderrno... (cached) yes checking for ldap_parse_result... (cached) yes checking for ldap_memfree... (cached) yes checking for ldap_controls_free... (cached) yes checking for ldap_ld_free... (cached) no checking for ldap_explode_rdn... (cached) yes checking for ldap_set_option... (cached) yes checking for ldap_get_option... (cached) yes checking for ldap_sasl_interactive_bind_s... (cached) yes checking for ldap_initialize... (cached) no checking for ldap_create_control... (cached) no checking for ldap_create_page_control... (cached) yes checking for ldap_parse_page_control... (cached) yes checking for ldapssl_client_init... (cached) yes checking for ldap_start_tls_s... (cached) no checking for ldap_pvt_tls_set_option... (cached) no checking for gethostbyname_r... (cached) yes checking whether gethostbyname_r takes 6 arguments... (cached) 5 checking for ldap_set_rebind_proc... (cached) yes checking whether ldap_set_rebind_proc takes 3 arguments... (cached) 3 creating ./config.status creating Makefile creating config.h ================================= Thanks in advance!!!
From: Gary Tay Teng Teck on 21 May 2005 23:13
Artabros wrote: > Hi!! > > Could someone explain me how to configure Solaris 10 as a remote openldap > client? I need to configure a sun server as client of a remote openLDAP > directory server. I've tried with ldapclient command, but I cannot make it > work. Is it necessary to create a profile with ldapclient init?. Isn't it > enought to pass it the LDAP directory parameters to make it generate valid > ar/ldap/ldap_client_file and /var/ldap/ldap_client_cred? > > I've also tried to compile nss_ldap and pam_ldap with the following > result: > > ========== > === make > ========== > bash-3.00# make > /usr/sfw/bin/gcc -DHAVE_CONFIG_H -I/usr/local/ssl/include -I/usr/local/inc > lude -DLDAP_REFERRALS -DLDAP_DEPRECATED -D_REENTRANT -g -O2 -Wall -fPIC -c > ldap-ethers.c > ldap-ethers.c:86: error: conflicting types for 'ether_aton' > /usr/include/sys/ethernet.h:102: error: previous declaration of 'ether_aton' > was here > ldap-ethers.c:86: error: conflicting types for 'ether_aton' > /usr/include/sys/ethernet.h:102: error: previous declaration of 'ether_aton' > was here > ldap-ethers.c:91: error: conflicting types for 'ether_ntoa' > /usr/include/sys/ethernet.h:101: error: previous declaration of 'ether_ntoa' > was here > ldap-ethers.c:91: error: conflicting types for 'ether_ntoa' > /usr/include/sys/ethernet.h:101: error: previous declaration of 'ether_ntoa' > was here > ldap-ethers.c:24: warning: 'rcsId' defined but not used > ldap-ethers.c:226: warning: '_nss_ldap_setetherent_r' defined but not used > ldap-ethers.c:238: warning: '_nss_ldap_endetherent_r' defined but not used > ldap-ethers.c:246: warning: '_nss_ldap_getetherent_r' defined but not used > make: *** [ldap-ethers.o] Error 1 > > =============== > === ./configure > =============== > loading cache ./config.cache > checking host system type... i386-pc-solaris2.10 > checking target system type... i386-pc-solaris2.10 > checking build system type... i386-pc-solaris2.10 > checking for a BSD compatible install... ./install-sh -c > checking whether build environment is sane... yes > checking whether make sets ${MAKE}... (cached) no > checking for working aclocal... found > checking for working autoconf... found > checking for working automake... found > checking for working autoheader... found > checking for working makeinfo... missing > checking for gcc... (cached) /usr/sfw/bin/gcc > checking whether the C compiler > (/usr/sfw/bin/gcc -L/usr/local/ssl/lib -L/usr/local/lib -R/usr/local/ssl/li > b:/usr/local/lib) works... yes > checking whether the C compiler > (/usr/sfw/bin/gcc -L/usr/local/ssl/lib -L/usr/local/lib -R/usr/local/ssl/li > b:/usr/local/lib) is a cross-compiler... no > checking whether we are using GNU C... (cached) yes > checking whether /usr/sfw/bin/gcc accepts -g... (cached) yes > checking how to run the C preprocessor... (cached) /usr/sfw/bin/gcc -E > checking for a BSD compatible install... ./install-sh -c > checking for lber.h... (cached) yes > checking for ldap.h... (cached) yes > checking for ldap_ssl.h... (cached) no > checking for nss.h... (cached) no > checking for nsswitch.h... (cached) yes > checking for irs.h... (cached) no > checking for thread.h... (cached) yes > checking for pthread.h... (cached) yes > checking for synch.h... (cached) yes > checking for malloc.h... (cached) yes > checking for shadow.h... (cached) yes > checking for prot.h... (cached) no > checking for port_before.h... (cached) no > checking for port_after.h... (cached) no > checking for aliases.h... (cached) no > checking for net/route.h... (cached) yes > checking for netinet/if_ether.h... (cached) yes > checking for netinet/ether.h... (cached) no > checking for ctype.h... (cached) yes > checking for alignof.h... (cached) no > checking for rpc/rpcent.h... (cached) yes > checking for sys/byteorder.h... (cached) yes > checking for sys/un.h... (cached) yes > checking for libc-lock.h... (cached) no > checking for bits/libc-lock.h... (cached) no > checking for sasl.h... (cached) no > checking for sasl/sasl.h... (cached) yes > checking for strings.h... (cached) yes > checking for gssldap.h... (cached) no > checking for gsssasl.h... (cached) no > checking for gssapi/gssapi_krb5.h... (cached) no > checking for gssapi.h... (cached) no > checking for main in -lresolv... (cached) yes > checking for main in -lnsl... (cached) yes > checking for strtok_r... (cached) yes > checking for sigaction... (cached) yes > checking for sigset... (cached) yes > checking for res_search... (cached) yes > checking for dn_expand... (cached) yes > checking for snprintf... (cached) yes > checking for gethostbyname... (cached) yes > checking for nsdispatch... (cached) no > checking for pthread_atfork... (cached) yes > checking for ether_aton... (cached) no > checking for ether_ntoa... (cached) no > checking for struct ether_addr... yes > checking for socklen_t... yes > checking for pw_change in struct passwd... no > checking for pw_expire in struct passwd... no > checking for dlopen in -ldl... (cached) yes > checking for gss_krb5_ccache_name in -lgssapi... (cached) no > checking for gss_krb5_ccache_name in -lgssapi_krb5... (cached) no > checking for main in -llber... (cached) no > checking for main in -lldap... (cached) yes > checking for ldap_gss_bind in -lgssldap... (cached) no > checking for ldap_init... (cached) yes > checking for ldap_get_lderrno... (cached) yes > checking for ldap_parse_result... (cached) yes > checking for ldap_memfree... (cached) yes > checking for ldap_controls_free... (cached) yes > checking for ldap_ld_free... (cached) no > checking for ldap_explode_rdn... (cached) yes > checking for ldap_set_option... (cached) yes > checking for ldap_get_option... (cached) yes > checking for ldap_sasl_interactive_bind_s... (cached) yes > checking for ldap_initialize... (cached) no > checking for ldap_create_control... (cached) no > checking for ldap_create_page_control... (cached) yes > checking for ldap_parse_page_control... (cached) yes > checking for ldapssl_client_init... (cached) yes > checking for ldap_start_tls_s... (cached) no > checking for ldap_pvt_tls_set_option... (cached) no > checking for gethostbyname_r... (cached) yes > checking whether gethostbyname_r takes 6 arguments... (cached) 5 > checking for ldap_set_rebind_proc... (cached) yes > checking whether ldap_set_rebind_proc takes 3 arguments... (cached) 3 > creating ./config.status > creating Makefile > creating config.h > ================================= > > Thanks in advance!!! > > > Try to use the already built-in Solaris Native LDAP Client libraries instead of OpenLDAP_PADL LDAP Client, i.e. spending additional efforts to compile and build so many other components (OpenLDAP client lib + PADL's nss_ldap + pam_ldap). If you have built nss_ldap.so.1 and pam_ldap.so.1 and they overwrite the original Solaris /usr/lib/nss_ldap.so.1 and /use/lib/security/pam_ldap.so.1 pls restore back the original from another Solaris10 machine. It is not very straight forward, your OpenLDAP Server must have additional two schemas loaded, solaris.schema and DUAConfigProfile.schema, and you need to apply a result.c patch to fix a "RootDSE not found" issue arising from running "ldapclient init" command. If you do not want to apply the result.c patch which is optional, then DO NOT run "ldapclient init", simply use "ldif" to create the ldap client profile you so desire and use "vi" to create the two needed files /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred, and add the required lines in /etc/nsswitch.conf, then finally restart ldap_cachemgr and nscd. See my HOW-TOs, they are based in Solaris8 and Solaris9, do let us know if they work for Solaris10. http://web.singnet.com.sg/~garyttt/ http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20OpenLDAP%20for%20Solaris9.htm (See Step 5: Configure Solaris Native LDAP Client) http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20OpenSSH%20with%20pam_ldap%20for%20Solaris9.htm Gary |