OpenLDAP and libnss conflict

Bernhard Reiter bernhard at intevation.de
Thu May 22 12:00:38 CEST 2008


Neil,

On Wednesday 21 May 2008 19:54, Neil Joseph Schelly wrote:
> A function like ldap_bind() in libldap_r.  It is part of the
> system /usr/lib/libldap_r.so (and loaded when a process is started, if LDAP
> NSS is used).   It is also part of the openpkg version of libldap_r that is
> compiled into the binaries under /kolab.

did you try compiling the Kolab Server/OpenPKG from sources completely
while NSS ldap being enabled? With my limited understanding of the problem
this has a chance of the symbol issues to be resolved because they might 
always come from the "host" system in this case.

Thinking further, I am not sure if this works, but it would be something
I would try when running out of options.

> slapd, all the cyrus binaries, php, etc. Any package that has ldap compiled
> into it rather than loading from dynamic libraries.

Another idea would be to give OpenPKG's openldap another 
copy of glibc without nss enabled. Might be archievable at least with chroot,
but maybe with other options. Sounds like a hardcore solution , though.

> Nobody has tried to run Kolab on a
> server with LDAP logins though?  I find that hard to believe.  I figured
> someone would have run into this before.

Recommendation is to not have local users on the Kolab Server machine
for security reason.
Once it serves a significant number of users, 
having a single machine for this is advisable.

Bernhard


-- 
Managing Director - Owner: www.intevation.net       (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20080522/fc8e538d/attachment.sig>


More information about the users mailing list