The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Запуск nss_ldap под AIX 4.3.3 [eng] (aix ldap)

<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>
Ключевые слова: aix, ldap,  (найти похожие документы)
Date: Fri, 01 Nov 2002 15:27:46 +0500 From: linux <> Newsgroups: Subject: Запуск nss_ldap под AIX 4.3.3 [eng] WM> У кого бинарники и NSS_LDAP под AIX 4.3.3 есть ? ( WM> Говорят, эти модули возможно сбилдить под AIXом, Building nss_ldap on AIX 4.3.3 The latest release of nss_ldap, nss_ldap-198, has out-of-the-box support for user authentication, and user and group lookups on AIX. In this document, we detail a sample install and configuration of nss_ldap on AIX 4.3.3. By using nss_ldap on AIX, you gain support for the industry-standard RFC 2307 schema, rather than being forced to use IBM's somewhat non-standard SecureWay schema. Requirements: PADL's nss_ldap module AIX 4.3.3 an LDAP client library: we'll use the Netscape client library here AIX development headers (package bos.adt.include) AIX libsys and libcsys (package bos.adt.syscalls) the IBM AIX Toolbox for Linux applications, which contains the GNU C compiler an LDAP server: we used an OpenLDAP server We cannot offer any advice as to whether this will work on AIX 5L, Itanium, with xlC, other LDAP client libraries, etc. Unpack and build nss_ldap Use the following command to unpack nss_ldap: $ tar xzvf nss_ldap.tar.gz ... $ cd nss_ldap-198 Now, configure with the following flags (we assume that you have installed the LDAP client library in /usr/local/ldapsdk): $ ./configure --with-ldap-dir=/usr/local/ldapsdk \ --with-ldap-lib=auto \ --with-ldap-conf-file=/etc/nss_ldap.conf Then, type make: $ make All going well, you will have two resulting shared objects: and NSS_LDAP. The first,, provides support for hosts, networks, protocols and services lookups; they will be installed into /usr/lib/netsvc/dynload. The second, NSS_LDAP, provides support for user authentication, as well as user and group lookups. It is installed into /usr/lib/security. This document deals with the NSS_LDAP component; see irs.conf(5) for more information about configuring non-user and group related lookups. (Specify the "nss_ldap" mechanism in irs.conf to enable nss_ldap.) Use the following command to install the modules: $ su Password: # make install Configuration First, you must configure /etc/nss_ldap.conf. The configuration of this file is identical to the ldap.conf file in the Solaris and Linux versions of nss_ldap, and is not further documented here. We renamed it to nss_ldap.conf in the above configure script to avoid overwriting the /etc/ldap.conf used by IBM SecureWay. Secondly, edit /usr/lib/security/methods.cfg. Comment out any existing references to LDAP, and add the following two lines. (You can also configure a new stanza, such as NSSLDAP, for nss_ldap; in order to make the installation experience as similar as possible to using SecureWay, we chose to use LDAP. This does not overwrite any SecureWay LDAP files.) LDAP: program = /usr/lib/security/NSS_LDAP Once this file has been edited, nss_ldap will be used for nameservice lookups. It will not, however, be configured for user authentication. (If you are running AIX version which is less than 4.3.3 you will also have to add this stanza to /etc/security/login.cfg.) To enable nss_ldap for user authentication, you will need edit /etc/security/user. You should use the chuser(8) command to do this. For example, to enable nss_ldap for authenticating all users: # chuser SYSTEM="compat or LDAP" default Alternatively, you can enable it on a per-user basis: # chuser SYSTEM="compat or LDAP" username Comments Supporting LDAP authentication in nss_ldap is a subobtimal solution, which offers only a small subset of the account and credential management functionality available with the pam_ldap module. As with pam_ldap, you should ensure that transport security (SSL or TLS) is enabled to avoid passwords traversing the network in cleartext. We did not enable transport security for our tests. If and when we have access to AIX 5L, we may look into porting our pam_ldap module, as this latest version of AIX apparently supports PAM. Finally, using nss_ldap on AIX may make your system unsupported by IBM. Acknowledgements The initial port of nss_ldap to AIX was done by Gabor Gombas at Eцtvцs Lorбnd University. PADL also wishes to thank Kyle Chapman of Group 1 Software and Dejan Muhamedagic of IBM Austria.

<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>

 Добавить комментарий

Inferno Solutions
Hosting by

Закладки на сайте
Проследить за страницей
Created 1996-2020 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру