9. Solaris 2.7: Cosmos

9.1. Plans

Adding LDAP authentication to Cosmos, Solaris 7: combination of local files, NIS and LDAP; automounter information and group data still to be held by NIS --- authentication to be moved to LDAP from NIS for eUMIST Single Logon.

9.2. Summary

Oh, and a suitable configured LDAP server.

9.3. Configuration

/etc/nsswitch.conf
/etc/pam.conf
/etc/ldap.conf

9.4. Libraries

9.4.1. openldap and Friends

openldap-2.0.23
 -- follow INSTALL:

     -- ./configure --help

     -- ./configure --disable-slapd
            ...
            ...

     -- make depend
     -- make

where are the .so s?  hiding :

 [mpciish2@cosmos:~/__ldap_solaris/openldap-2.0.23]$ !find
find . -name "*.so" -print
./libraries/liblber/.libs/liblber.so
./libraries/libldap/.libs/libldap.so
./libraries/libldap_r/.libs/libldap_r.so
[mpciish2@cosmos:~/__ldap_solaris/openldap-2.0.23]$ 


 -- next...make install...

 -- su root, add /usr/ccs/bin to PATH (to find both make and ranlib) then
    "make install" --- installed in /usr/local/lib and also a bit
    in /usr/local/etc

     -- cd __ldap_solaris/openldap-2.0.23/libraries
     -- make install

         ...as only want the libs, not slapd, etc...

9.4.2. pma_ldap

 

 -- next up, pam_ldap --- first installed gnu-make (/usr/local/bin)
    as stated in the README;

 -- cd pam_ldap-144 then ./configure...

 -- /usr/local/bin/make (to pick up gnu make, not ccs/make --- sun make);

 -- worked fine...

 -- /usr/local/bin/make install...to /lib/security


ldd /lib/security/pam_ldap.so
        libldap.so.3 =>  /usr/lib/libldap.so.3
        liblber.so.2 =>  /usr/local/lib/liblber.so.2
        libcrypt_i.so.1 =>       /usr/lib/libcrypt_i.so.1
        libresolv.so.2 =>        /usr/lib/libresolv.so.2
        libpam.so.1 =>   /usr/lib/libpam.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libgen.so.1 =>   /usr/lib/libgen.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        /usr/platform/SUNW,Ultra-Enterprise/lib/libc_psr.so.1

 ...so its picked up the solaris libldap.so.3, not using the /usr/local/ldap
    ** NOTE THIS**
    ...might need to change (in the configure stage --- see README);

on mir each picked up the openldap (/usr/local) version....so...

...and, from the README...

Q: Can I use a third-party client LDAP library (such as Netscape's)
on Solaris 7? David Begley writes:

Yes, but if you have the Solaris 7 LDAP library installed (package
SUNWlldap or SUNWldapx) configure will find it before the third-party
library - in this case, you can't rely on the auto-lib-type detection of
configure and must use the "--with-ldap-lib=" parameter.


so used ./configure --with-ldap-dir=/usr/local

and now: 

 ldd ./pam_ldap.so
        libldap.so.2 =>  /usr/local/lib/libldap.so.2
        liblber.so.2 =>  /usr/local/lib/liblber.so.2
        libcrypt_i.so.1 =>       /usr/lib/libcrypt_i.so.1
        libresolv.so.2 =>        /usr/lib/libresolv.so.2
        libpam.so.1 =>   /usr/lib/libpam.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libgen.so.1 =>   /usr/lib/libgen.so.1
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        /usr/platform/SUNW,Ultra-Enterprise/lib/libc_psr.so.1

which is jolly good.  then did 

    /usr/local/bin/make install

again.

9.4.3. nss_ldap

 

 -- cd  nss_ldap-188
 -- needs gnu make again

 -- ./configure...seemed ok

 -- /usr/local/bin/make...seemed to work

 -- /usr/local/bin/make install complained about permissions:  gave +x
    to install-sh and all was well...

    installed to /lib/nss_ldap


 --  ldd /lib/nss_ldap.so

        libldap.so.3 =>  /usr/lib/libldap.so.3
        liblber.so.2 =>  /usr/local/lib/liblber.so.2
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libresolv.so.2 =>        /usr/lib/libresolv.so.2
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        /usr/platform/SUNW,Ultra-Enterprise/lib/libc_psr.so.1

...so picking up the solaris libldap.so.3 rather than openldap (/usr/local)
again

    ** NOTE THIS**

so configured and compiled...

    ./configure --with-ldap-dir=/usr/local

then
    /usr/local/bin/make
    /usr/local/bin/make install

then

 ldd /lib/nss_ldap.so
        libldap.so.2 =>  /usr/local/lib/libldap.so.2
        liblber.so.2 =>  /usr/local/lib/liblber.so.2
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libresolv.so.2 =>        /usr/lib/libresolv.so.2
        libc.so.1 =>     /usr/lib/libc.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        /usr/platform/SUNW,Ultra-Enterprise/lib/libc_psr.so.1

...as required.

9.4.4. Links

 

ln -s :

   cd /lib
   rm libldap.so
   ln -s /usr/local/lib/libldap.so.2.0.15 libldap.so.2

   cd /usr/lib
   ...same...
...previousup (conts)next...


About this document:

Produced from the SGML: /home/isd/public_html/_ldap_authentication/_reml_grp/index.reml
On: 5/7/2004 at 13:33:51
Options: reml2 -i noindex -l long -o html -p multiple