Hi Piotr, > I'm not sure it's a right alias, however it's related to the GSSAPI. > > I have a snv_129 kerberos+ldap client machine. Kerberos is already > configured. KDC is running on Linux. > > Original nss_ldap library is replaced with nss-ldap from > http://freeipa.org/downloads/solaris/nss_ldap/10/RHATnss-ldap-253-12.i386.pkg
This is the root of your problem. The nss-ldap that you replaced the OpenSolaris nss-ldap with is not compatible with OpenSolaris components. Linux nss-ldap is a different source base with different characteristics and behaviors and is not compatible with OpenSolaris's current naming system. If you choose to install Linux nss-ldap you need to understand that none of the advanced facilities like nscd caching, per-user LDAP/Kerberos support or using any of the Solaris nss_ldap tools including ldapclient, ldap_cachemgr or ldaplist will function when you do this. All of these components including Solaris pam_ldap require the use of Solaris nss_ldap and other internal interfaces associated with each of these pieces. By replacing Solaris nss_ldap with Linux nss_ldap you have broken the LDAP naming services stack which is why you are getting all those error messages. The correct solution is to not replace nss_ldap with the incompatible components. Linux nss_ldap is not a substitute library for the current OpenSolaris nss_ldap naming libraries. I hope that answers your question. Doug.
