[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Openldap and Solaris 8
On Sat, 18 Aug 2001, Luke Howard wrote:
>
> >If you use the ldap_cachemgr software, your ldap requests will not
> >directly map the nss_ldap library. This can also be accomplished to some
> >extent with nscd. If nscd or ldap_cachemgr is running, you're probably
>
> As I understand it, in its present incarnation ldap_cachemgr caches
> the LDAP profile information (configuration file) not actual results
> fromhe LDAP server.
This is true. However, nscd and ldap_cachemgr have some similarities.
ldap_cachemgr caches the contents of /var/ldap/ldap_client_file and
/var/ldap/ldap_client_cred. Since ldap_client_cred contains the binddn
for the ldap database, it is only readable by root. If nscd is running,
it can read this file (since it's running as uid 0), but a regular user
can't, therefore can't perform name service lookups. I'd like to stress
that ldap_cachemgr has bugs, and before you run it, you may want to read
the page i've written about it at
http://www.ypass.net/solaris8/openldap/ldapcachemgr.html
If you're using the ou=People hierarchy like Sun wants, you probably won't
have problems.
> However, there is always a good reason to use Sun's nss_ldap modules:
> they are supported by Sun. The NSS subsystem on Solaris is completely
> undocumented and using a 3rd-party module apparently makes your
> Solaris system unsupported by Sun (although we do offer support for
> our module).
I had pretty good luck with your nss_ldap module, and it works great for
me on my non-solaris systems. Not sure if I thanked you before, but i
appreciate all the work you've done for using ldap as a naming service.
eric