Date: Sun, 10 Jun 2001 18:24:58 +0200 (CEST) From: Gyori Sandor <gyori@szit.bme.hu> To: <scanner@jurai.net> Cc: <freebsd-hackers@FreeBSD.ORG> Subject: Re: nsswitch dynamically loadable modules Message-ID: <20010610175233.J83779-100000@fourier.szit.bme.hu> In-Reply-To: <Pine.BSF.4.21.0106092126030.46154-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 9 Jun 2001 scanner@jurai.net wrote: > > There are patches to solve this problem at > > http://www.nectar.com/freebsd/nsswitch > > but only a part of them was built in to -CURRENT (the statical part). > > If it's such a deficiency where are you're patches to fix the missing > bits? I fail to see them attached to this mail. Maybe my mailer dropped > them on the floor. Please resend them! thanks! You can see the patches on http://www.nectar.com/freebsd/nsswitch site (they're huge, more than 200K, so I don't want to attach them). I have no own ones, I only applied these. > > Is there anybody who use _properly working_ nsswitch and nss_ldap on > > FreeBSD? > > Many of us are waiting on nectars code. He is very busy working on other > things. And last time I checked he hoped to be picking it back up in June. > He is doing the best he can. You can help by finishing his work and > submitting the changes back so we get complete support sooner. I await > you're contribution. I've done the following to get authentication via LDAP (but there is no success): 1. I don't understand exactly why, but even into -CURRENT there was implemented only the statical part of nsswitch. By following the link above everybody could reach the code of the dynamically loadable modules part of nsswitch too (the patch contains it too). Statical part of nsswitch understands only some predefined strings such files, nis, nisplus and dns. The dynamical part understands any string and tries to load the appropriate library ("nss_"+string+".so"). I would like to use LDAP, so I need the dynamical part of nsswitch, therefore I patched a 4.3-STABLE system. It seems to be working properly. 2. I need nss_ldap too, because I would like the system to ask LDAP server about the question: "Is this user exists?". The current version of nss_ldap (at padl.com) is 153, but I couldn't compile it, because it needs some header files which are only on Solaris. I've been working to correct this problem hardly, but I couldn't do that. So, I downloaded the FreeBSD patch to 122 from nectar.com, compiled and installed it. I think it doesn't work properly, because system doesn't want to know users who are exist on LDAP server. 3. I installed pam_ldap from Ports. It works properly, because if I write manually a user's name who exists on LDAP into /etc/passwd, I can log in with this user, get uid from LDAP, and so on. The new nsswitch part of my system seems to be correct, because if I put the following line into nsswitch.conf: passwd: files ldap nsdispatch is looking for nss_ldap.so (if I remove nss_ldap.so, I get error message). I've tested the statical part of nsswitch too. I've deleted the line "+:::..." from passwd file, and put the following line into nsswitch.conf: passwd: files nis and NIS/YP authentication worked properly, so nsswitch can process its config file. I've read somewhere that FreeBSD support nsswitch only via BIND IRS interface. Is it true?? I don't see any connection between BIND and nsswitch... README.IRS from nss_ldap tarball says that I should patch my bind by irs-nss.diff file, but I've found nowhere this patch file. Is this a really existing thing or just a myth? So what do you think, what should I do? I readily test any piece of code which may solve my problem, but now I have nothing other than the above referred ones. Best wishes, Sandor Gyori To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010610175233.J83779-100000>