[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Barebone Solaris NS using OpenLdap
Always remove /usr/ucb from your path before trying to build *any* software
on a Solaris system. /usr/ucb/cc is essentially useless. Make sure
/usr/ccs/bin is on your path instead. All of the stuff that /usr/ucb pulls in
is incompatible with the rest of the Solaris libraries.
Read the ld(1) man page. There are better ways to solve your library search
problems. Using crle and copying locally generated libraries into /usr/lib is
very unclean; it will cause problems for you when you need to pkgadd/pkgrm
other Sun-supplied packages.
You will probably discover that you're unable to use /bin/passwd. Check the
pamldap mailing list archives for the issues and fixes.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Caylan Van
> Larson
> Sent: Monday, October 21, 2002 4:11 PM
> To: openLDAP-software@OpenLDAP.org
> Cc: root; Andrew Altepeter
> Subject: Barebone Solaris NS using OpenLdap
>
>
> Hello,
>
> Sorry if this is not the correct place to post a solution but this is
> where I have turned for help in the past. If someone finds
> themself in a
> position where they, "need to get a Solaris machine using an OpenLdap
> directory to get name service information," this document
> will cover the
> exact problems I faced as well as my (very special newb) way
> of fixing
> them.
>
> As always, I am here to learn, so all of your criticism (positive and
> negative) is greatly invited and appreciated.
>
> Before you invest any more time reading this email please be
> aware that
> the ideas expressed below could very well be the most obvious
> thing in the
> world to you.
>
> If you are bored, "page down" with you, text follows.
>
> Thank you,
>
> Caylan Van Larson
> Unix Administrator - Systems Team Member
> University of North Dakota (Aerospace College)
> caylan@cs.und.edu
> 701-777-6151 (work)
>
>
>
>
>
> Barebone Solaris NS using OpenLDAP
> ==================================
>
> Author: Caylan Van Larson
> Date: 10/21/02
>
> ==================================
>
> I have started working on getting ldap nss working on Solaris 8. The
> machine is a Sun Enterprise 450. I am writing this as I work
> so let's
> hope I get it working.
>
> I do not need to get authentication working on this machine
> as it is a NFS
> file server and I only need to use edquota, etc.
>
> I spent about 10 minutes trying to get the native ldap client
> to work and
> gave up after reading some horrible Sun documentation that
> just blew smoke.
>
> I downloaded the latest (stable) release of openldap to
> slurpy using wget.
> I then scp'ed the tarball over, unpacked it and ran the following.
>
> ./configure --with-tls --without-cyrus-sasl
>
> No luck, bad compiler issues. I uninstalled gcc 3.0 using pkgrm and
> installed gcc 3.2. I got the same error but noticed that
> configure was
> looking in /usr/ucb/ for a compiler and found one called
> "cc." I moved
> the file cc to cc.old temporarily to get configure to work
> and use the
> new gcc. We will move cc.old back to cc when finished.
>
> ./configure --with-tls --without-cyrus-sasl
>
> Went through fine but could not find tls libraries. Thats
> easy, just pass
> them along via env vars.
>
> CPPFLAGS="-I/usr/local/ssl/include" LDFLAGS="-L/usr/local/ssl/lib" \
> ./configure --with-tls --without-cyrus-sasl
>
> Note: That is one whole command.
>
> That did the trick for ssl but now I was getting
>
> --SNIP
> checking for db... no
> checking for GDBM library... checking for gdbm_open... no
> checking for gdbm_open in -lgdbm... no
> checking for gdbm.h... no
> checking for db... no
> configure: warning: could not find suitable LDBM backend
> configure: error: select appropriate LDBM options or disable
> --SNAP
>
> The LDBM is for the slapd server not the client. We do not
> need or want
> the server on sirius. So lets try to disable LDBM.
>
> CPPFLAGS="-I/usr/local/ssl/include" LDFLAGS="-L/usr/local/ssl/lib" \
> ./configure --with-tls --without-cyrus-sasl --disable-ldbm
>
> But then I got the error:
> checking configure arguments... configure: error: slapd
> requires a backend
>
> Hmm, nice. Let's try to disable slapd.
>
> CPPFLAGS="-I/usr/local/ssl/include" LDFLAGS="-L/usr/local/ssl/lib" \
> ./configure --with-tls --without-cyrus-sasl
> --disable-slapd --disable-ldbm
>
> Ran it...
>
> --SNIP
> [...]
> creating contrib/Makefile
> creating contrib/saucer/Makefile
> creating include/portable.h
> creating include/ldap_features.h
> creating include/lber_types.h
> Please "make depend" to build dependencies
> --SNAP
>
> Good! I ran "make depend."
> Still looking good. I ran "make."
>
> ... Still going...
>
> Caylan Thinks, "Why does something so simple have to be so
> terribly complex?"
>
> ... Still compiling...
>
> Caylan Thinks, "I sure hope this works and it does not give an error!"
>
> ... 20 Years later, still compiling...
>
> Ok, done. No errors yet.
>
> I run "make install."
>
> Ok, everything is good to go, however when you run
> "ldapsearch" you are
> actually running the one within /usr/bin. You have to remove
> the Solaris
> ldap client utilities using pkgrm. After that you can try running
> ldapsearch from /usr/local/bin/ldapsearch but it errors out
> saying it can
> not find the libraries. You can use the command ldd to check the
> connections to the specific libraries.
>
> --SNIP
> bash-2.03# pwd
> /usr/local/bin
> bash-2.03# ldd ldapsearch
> libssl.so.0.9.6 => (file not found)
> libcrypto.so.0.9.6 => (file not found)
> libresolv.so.2 => /usr/lib/libresolv.so.2
> libgen.so.1 => /usr/lib/libgen.so.1
> libnsl.so.1 => /usr/lib/libnsl.so.1
> libsocket.so.1 => /usr/lib/libsocket.so.1
> libdl.so.1 => /usr/lib/libdl.so.1
> libc.so.1 => /usr/lib/libc.so.1
> libmp.so.2 => /usr/lib/libmp.so.2
> /usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1
> --SNAP
>
> Notice the libssl and libcrypto are not found. This is
> because Solaris is
> only looking in /usr/lib (I am just guessing). A good, clean
> (and fun)
> search on google using the search terms "ldconfig solairs"
> gave me this
> document.
>
> http://216.239.51.100/search?q=cache:WOC51vQ_gT0C:www.sunmanag
ers.org/pipermail/sunmanagers/2002-April/012729.html+ldconfig+solaris&hl=en&i
e=UTF-8
> or
> http://www.sunmanagers.org/pipermail/sunmanagers/2002-April/01
> 2729.html
>
> So I am now going to try to get Solaris to look in
> /usr/local/ssl/lib for
> its libraries.
>
> After much troubleshooting I got this to work!
>
> --SNIP
> bash-2.03# crle -l /usr/lib:/usr/local/lib:/usr/local/ssl/lib
> bash-2.03# ldd ldapsearch
> libssl.so.0.9.6 => /usr/local/ssl/lib/libssl.so.0.9.6
> libcrypto.so.0.9.6 => /usr/local/ssl/lib/libcrypto.so.0.9.6
> libresolv.so.2 => /usr/lib//libresolv.so.2
> libgen.so.1 => /usr/lib//libgen.so.1
> libnsl.so.1 => /usr/lib//libnsl.so.1
> libsocket.so.1 => /usr/lib//libsocket.so.1
> libdl.so.1 => /usr/lib//libdl.so.1
> libc.so.1 => /usr/lib//libc.so.1
> libmp.so.2 => /usr/lib//libmp.so.2
> /usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1
> --SNIP
>
> Pretty snazzy.
>
> Ok, I then did this:
>
> --SNIP
> cd /etc
> scp caylan@betamax:/etc/ldap.conf .
> ENTERED PW
> --SNAP
>
> But I kept getting errors:
>
> --SNIP
> bash-2.03# ./ldapsearch -h ldap.aero.und.edu uid=caylan
> version: 2
>
> #
> # filter: uid=caylan
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> # numResponses: 1
> --SNAP
>
> I noticed that this command would work:
>
> --SNIP
> bash-2.03# ./ldapsearch -LLL -b dc=aero,dc=und,dc=edu -h
> ldap.aero.und.edu uid=caylan dn
> dn: cn=caylan,ou=CompSci,ou=Students,ou=People,dc=aero,dc=und,dc=edu
> --SNAP
>
> So it was not getting the right config. EUREKA!
>
> --SNIP
> bash-2.03# ls -l /usr/local/etc/openldap/ldap.conf
> -rw-r--r-- 1 root other 337 Oct 16 16:57
> /usr/local/etc/openldap/ldap.conf
> bash-2.03# ls -l /etc/ldap.conf
> -rw-r--r-- 1 root root 4072 Oct 16 17:01 /etc/ldap.conf
> --SNAP
>
> When you run ldapsearch it looks at
> /usr/local/etc/openldap/ldap.conf for
> its configuration. Note how we put our config in /etc.
>
> Duh... :)
>
> Heres what I did to fix it:
>
> --SNIP
> bash-2.03# cd /etc/
> bash-2.03# cp /etc/ldap.conf /usr/local/etc/openldap/ldap.conf
> bash-2.03# rm /etc/ldap.conf
> bash-2.03# ln -s /usr/local/etc/openldap/ .
> bash-2.03# ln -s /usr/local/etc/openldap/ldap.conf .
> bash-2.03# ls -l ldap.conf
> lrwxrwxrwx 1 root other 33 Oct 16 17:31
> ldap.conf -> /usr/local/etc/openldap/ldap.conf
> bash-2.03# ls -l openldap
> lrwxrwxrwx 1 root other 23 Oct 16 17:31
> openldap -> /usr/local/etc/openldap
> --SNAP
>
> Now our ldapsearch command should be provided with some nice configs.
>
> --SNIP
> bash-2.03# /usr/local/bin/ldapsearch -LLL uid=caylan dn
> dn: cn=caylan,ou=CompSci,ou=Students,ou=People,dc=aero,dc=und,dc=edu
> --SNAP
>
> Good. So lets get the nss stuff working.
>
> "id"s were still not working so I decided to recompile nss-ldap.
>
> Now that I removed the Solaris ldap client libraries nss-ldap
> complained:
>
> --SNIP
> configure: error: could not locate a valid LDAP library
> --SNAP
>
> ***NOTE***
> I have stopped working at 6:00pm (10/16/02).
> I have started working on this again at 11:30pm (10/16/02).
> This is so you know why I have not emailed you earlier.
> ***END NOTE***
>
> I checked the config.log file to see what was failing when it
> was trying
> to get the above valid "LDAP library."
>
> Here is a sample from that file as well as some commands that
> I did to
> test what was happening.
>
> --SNIP
> configure:8402: checking for main in -lldap
> configure:8429: gcc -o conftest -g -O2 -Wall -fPIC -D_REENTRANT
> -I/usr/local/include -L/usr/local/lib -R/usr/local/lib
> conftest.c -lldap -llbe
> r -ldl -lnsl -lresolv -llber -ldl -lnsl -lresolv >&5
> cc1: warning: changing search order for system directory
> "/usr/local/include"
> cc1: warning: as it has already been specified as a
> non-system directory
> ld: warning: file libssl.so.0.9.6: required by
> /usr/local/lib/libldap.so, not found
> ld: warning: file libcrypto.so.0.9.6: required by
> /usr/local/lib/libldap.so, not found
> --SNAP
>
> Thats weird that ld does not find the libraries but ldd does.
> I emailed
> Andy for any advice eariler this evening and I am awaiting a response.
>
> Since the error is only with 2 libraries I am just going to
> make a link
> from the libraries in /usr/local/ssl/lib to /usr/lib. That
> way everything
> should be good to go.
>
> Doing this allowed the ./configure to go through but it got
> hung up on the
> actual make.
>
> --SNIP
> [00:23am][root@sirius:/usr/local/src/nss_ldap-202]$
> /usr/ccs/bin/ld -o \
> nss_ldap.so -Bdynamic -M ./exports.solaris -G
> ldap-nss.o ldap-pwd.o \
> ldap-grp.o ldap-rpc.o ldap-hosts.o ldap-network.o
> ldap-proto.o ldap-spwd.o \
> ldap-alias.o ldap-service.o ldap-schema.o ldap-ethers.o
> ldap-bp.o util.o \
> globals.o ltf.o snprintf.o resolve.o dnsconfig.o
> irs-nss.o sasl.o \
> pagectrl.o -lldap -llber -ldl -lnsl -lresolv
> ld: fatal: library -llber: not found
> ld: fatal: File processing errors. No output written to nss_ldap.so
> --SNAP
>
> ***NOTE***
> I have stopped working at 12:30am (10/17/02).
> I have started working on this again at 9:00am (10/21/02)
> This is so you know why I have not emailed you earlier.
> ***END NOTE***
>
> So. nss-ldap can not find liblber. I checked out agassiz
> and confirmed
> that lib/(ldap/lber) exist in /usr/lib and /usr/local/lib
> identically. I
> finally decided to break down and copy the following files.
>
> cp /usr/local/lib/libldap* /usr/lib/
> cp /usr/local/lib/liblber* /usr/lib/
>
> and run make. All went well and a `make install` leads me to:
>
> --SNIP
> [10:05am][root@sirius:/usr/local/src/nss_ldap-202]$ id lundeby
> uid=3947(lundeby) gid=1003(scc)
> [10:05am][root@sirius:/usr/local/src/nss_ldap-202]$ id copp
> uid=1246(copp) gid=1003(scc)
> --SNAP
>
> Looks like name services are working on solaris. Having this
> guide to
> show you the pitfalls of compiling ldap related modules
> should come in handy.
>
> Let's not forget to move /usr/ucb/cc.old to /usr/ucb.cc.
> Also, copy the
> neccessary certificates to the proper location as well as the cert7.db
>
> Thanks,
>
>
> Caylan Van Larson
> Unix Administrator - Systems Team Member
> University of North Dakota (Aerospace College)
> caylan@cs.und.edu
> 701-777-6151 (work)
>
>
>
>
>
>
>
>