Review your favorite Linux distribution.
Go Back > Blogs > kbscores
User Name


Rate this Entry

OpenLDAP +Solaris = /facepalm

Posted 07-09-2012 at 02:06 PM by kbscores

Setting up ldap even with TLS on a Linux (specifically RedHat) is a fairly simple process. You simply download the file, install, and configure. Easy. Even the biggest problems are solved within minutes. This does not seem to be the case with Solaris. We are now fighting round three with the Solaris servers. We started by trying to configure the Native. It seems as if there are many more successful Native guides out there. We got the schemas. We created the ldif entry. We used ldapclient to initialize the client. Seems simple enough right? Wrong. We were able to search the database; however authentication was a big fat no. We tried without TLS, we tried with TLS and still no authentication. So then we got the bright idea to try openldap. I mean the other one was not to terrible to set up how bad could open be? Boy was I wrong. Compiling NSS and PAM on a Solaris box is something I wouldn't wish upon my worst enemy. The really deceptive thing is the guides all seem so simple. So we start by downloading the binaries for openldap. No problem -- then we move on to NSS_LDAP -- which I highly recommend doing pam first because it is clearly a bigger pain. No guide out there says you need SUNWhea. Not one. Plenty of help forums say you are probably missing libraries, but for me not having much experience at all with Solaris how the heck am I suppose to know that I need SUNWhea. Three days later after beating my head against the desk trying to get it to work I finally stumble across the package on google. So I load the package and it still does not want to compile. Turns out it was trying to get the packages from /usr/sfw/include instead of /usr/include. I attempted to make modifications using LDFLAGs, etc... Nope....still....not working....Finally I just copied /usr/include to /usr/sfw/include and it worked. Who knows what I broke though...

Then I attempted to work on PAM - which may I add is still not functioning. I've tried compiling the source several different ways. It compiles just fine, but whines when I try to make it. It is referencing the correct libraries; however, it is not grabbing all of the functions required. For example the correct ldap.h is being found.(I double checked to make sure the function exists within the header file) but for some reason the compile does not find ldap_start_tls_s. When I look at the log file it tries to find it in a temporary linked file, which does not exist after the compile is completed. How can it find the correct header file but not a function that is within it???

I know that we are close to completing it...which is why I press on. When I complete it I will post a beautiful guide for configuring openldap on solaris 10 with an openldap server. This guide will have a disclaimer at the top saying "This Guide will probably not work; but hopefully will provide enough information to help make the pain go away."
Posted in Uncategorized
Views 888 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 05:15 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration