Re: OpenLDAP/nss_ldap/pam_ldap
On Wednesday 29 October 2003 00:42, you wrote: I just checked the FreeBSD site and do not see any release 5.2 It is not release yet :) Once i can hurl this obsticle, i think FreeBSD might be a viable solution for me. Well, let be it then... I'm running -CURRENT with dynamic root and it works great. Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
OpenLDAP/nss_ldap/pam_ldap
Question ? I am using FreeBSD 5.1 I have a linux server with openldap running on it authenticating Solaris and Linux box and now FreeBSD 5.1 I have gotten FreeBSD 5.1 to authenticate user remotely ssh ing to the box. They can log in, but when they log in, the system shows their userid instead of the username when you do a ps. this tells me something might be wrong with nss_ldap. but not sure what i am doing wrong. I can do id username which it returns the user information. does anyone have an idea what i didn't do during my setup of OpenLDAP/nss_ldap/pam_ldap ? Thanks. Steve ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP/nss_ldap/pam_ldap
Hi, Steve!
On Tue, Oct 28, 2003 at 02:52:51PM -0800, Steve Lee wrote:
Question ?
I am using FreeBSD 5.1
I have gotten FreeBSD 5.1 to authenticate user remotely
ssh ing to the box. They can log in, but when they log
in, the system shows their userid instead of the username
when you do a ps. this tells me something might be
wrong with nss_ldap. but not sure what i am doing wrong.
I can do id username which it returns the user information.
does anyone have an idea what i didn't do during my setup of
OpenLDAP/nss_ldap/pam_ldap ? Thanks.
I would like to confirm that such weirdness exists... I do use
nss_ldap and also noticed, that some of the programs, like ls,
show numeric id of the user, when other, like top, show normal
username, retrieved from LDAP server.
Short investigation brought me to the conclusion, that the behaviour
differs depending if the program was linked against libc statically
or dynamically...
This short code exposes the problem:
#include stdio.h
#include pwd.h
int main () {
struct passwd *pw = getpwuid(1002);
printf(%s\n, (pw) ? pw-pw_name : none);
}
Instead of 1002 put the uid of the user from LDAP.
If you compile this program as:
gcc test.c -o test
Which normally implies dynamic linking, when you should get username in
the output.
If you compile it as:
gcc -static test.c -o test
When none will be printed instead...
So, the problem lays somewhere in the libc, in the way, how getpwuid and
friends work in the dynamic and static context with NSS... I don't know,
is this a bug or a feature :) If first, then, probably, PR should be created.
With regards,
Timur.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP/nss_ldap/pam_ldap
On Tuesday 28 October 2003 23:52, Steve Lee wrote: I have gotten FreeBSD 5.1 to authenticate user remotely ssh ing to the box. They can log in, but when they log in, the system shows their userid instead of the username when you do a ps. this tells me something might be wrong with nss_ldap. but not sure what i am doing wrong. I can do id username which it returns the user information. You need to build FreeBSD with dynamic libraries... It only works under -CURRENT with the WITH_DYNAMICROOT=true option in your make.conf. I think it is supposed to be the default for 5.2-RELEASE. Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP/nss_ldap/pam_ldap
Sorry for my ignorance, i am new to FreeBSD. i have tried to use it in the past ( 2years ago ) but decided to wait to till the nss_ldap support was added for nsswitch so i can use openldap. Now, when you say rebuild, how would i rebuild FreeBSD dynamically, or are you saying to rebuild the application that were statically linked dynamically ? I just checked the FreeBSD site and do not see any release 5.2 Once i can hurl this obsticle, i think FreeBSD might be a viable solution for me. Thanks again for your time. On Wed, 29 Oct 2003, Antoine Jacoutot wrote: On Tuesday 28 October 2003 23:52, Steve Lee wrote: I have gotten FreeBSD 5.1 to authenticate user remotely ssh ing to the box. They can log in, but when they log in, the system shows their userid instead of the username when you do a ps. this tells me something might be wrong with nss_ldap. but not sure what i am doing wrong. I can do id username which it returns the user information. You need to build FreeBSD with dynamic libraries... It only works under -CURRENT with the WITH_DYNAMICROOT=true option in your make.conf. I think it is supposed to be the default for 5.2-RELEASE. Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenLDAP/nss_ldap/pam_ldap
Steve Lee wrote: Sorry for my ignorance, i am new to FreeBSD. i have tried to use it in the past ( 2years ago ) but decided to wait to till the nss_ldap support was added for nsswitch so i can use openldap. Now, when you say rebuild, how would i rebuild FreeBSD dynamically, or are you saying to rebuild the application that were statically linked dynamically ? I just checked the FreeBSD site and do not see any release 5.2 You might do best to sit back and wait a little while and try again. 5.2 is not available yet. I don't know what the current schedule is, exactly, but I'm guessing 3 months or so in the future. To the get the dynamic root capability that Antoine spoke of, you'll need to update your 5.1 FreeBSD to the latest development sources, which can be rather dicey (especially if you're new to FreeBSD). If you want to try it, the docs are here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html If you decide to try upgrading to -CURRENT to try this feature out, don't hesitate to ask this (or the [EMAIL PROTECTED]) list if you have problems, we'll help. After you do the cvsup, but before doing the make steps, you'll need to create a custom /etc/make.conf to tell FreeBSD to build a dynamic root. Just create the file /etc/make.conf and put the line WITH_DYNAMICROOT=true in it (you can also add other build options to /etc/make.conf per the docs). Then run the make steps in the documentation. Hope this helps. On Wed, 29 Oct 2003, Antoine Jacoutot wrote: On Tuesday 28 October 2003 23:52, Steve Lee wrote: I have gotten FreeBSD 5.1 to authenticate user remotely ssh ing to the box. They can log in, but when they log in, the system shows their userid instead of the username when you do a ps. this tells me something might be wrong with nss_ldap. but not sure what i am doing wrong. I can do id username which it returns the user information. You need to build FreeBSD with dynamic libraries... It only works under -CURRENT with the WITH_DYNAMICROOT=true option in your make.conf. I think it is supposed to be the default for 5.2-RELEASE. Antoine -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: nss_ldap
Thanks everyone who replied, That clears some things for me. Andrey Nepomnyaschih -Original Message- From: Tim Kientzle [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 9:50 PM To: Andrey Nepomnyaschih Cc: [EMAIL PROTECTED] Subject: Re: nss_ldap Andrey Nepomnyaschih wrote: Hello over there, Well playing with it nss_ldap in 5.1R. I have found that ls -la Will not show the names of the owner if the owner resides in LDAP Directory only the corresponding uidNumbers. Is there a way to show the usernames instead of uidNumbers? For this to work, ls must be dynamically linked. However, dynamic linking of /bin and /sbin isn't fully supported right now. Gordon Tetlow is working to get this fully supported for 5.2. If you want this now, try the following: First, partition your disk carefully. In particular, make sure that /usr/lib is part of the root partition. (If you have a separate /usr partition, then the shared libraries can't be accessed during the initial boot stages before /usr is mounted and everything fails.) Second, in /usr/src/bin, edit Makefile.inc to set NOSHARED?= NO Then cd /usr/src/bin make make install to build your dynamic /bin. Cross your fingers and reboot. Do NOT do this on a system with important data. Trashing /bin will render your system completely unbootable. You can do the same with /sbin, though I strongly recommend that you add NOSHARED=YES to the Makefile for /usr/src/sbin/init. (IMO, dynamically linking init is just begging for trouble.) A number of people have done this, primarily for space reasons (a dynamically-linked /bin and /sbin are much smaller) and it does work. But, the need to repartition your disk is a bit of an obstacle. ;-) Gordon's work will make the special partitioning unnecessary, and provide a single switch for selecting dynamic linking. Warning: I haven't been brave enough to try this myself, though I've heard reports from people who have. ;-) Good luck. Tim Kientzle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
nss_ldap
Hello over there, Well playing with it nss_ldap in 5.1R. I have found that ls -la Will not show the names of the owner if the owner resides in LDAP Directory only the corresponding uidNumbers. Is there a way to show the usernames instead of uidNumbers? Have a good time, Andrey Nepomnyaschih ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nss_ldap
In the last episode (Jun 27), Andrey Nepomnyaschih said: Well playing with it nss_ldap in 5.1R. I have found that ls -la Will not show the names of the owner if the owner resides in LDAP Directory only the corresponding uidNumbers. Is there a way to show the usernames instead of uidNumbers? Make sure ls is dynamically-linked. -- Dan Nelson [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nss_ldap
Andrey Nepomnyaschih wrote: Hello over there, Well playing with it nss_ldap in 5.1R. I have found that ls -la Will not show the names of the owner if the owner resides in LDAP Directory only the corresponding uidNumbers. Is there a way to show the usernames instead of uidNumbers? For this to work, ls must be dynamically linked. However, dynamic linking of /bin and /sbin isn't fully supported right now. Gordon Tetlow is working to get this fully supported for 5.2. If you want this now, try the following: First, partition your disk carefully. In particular, make sure that /usr/lib is part of the root partition. (If you have a separate /usr partition, then the shared libraries can't be accessed during the initial boot stages before /usr is mounted and everything fails.) Second, in /usr/src/bin, edit Makefile.inc to set NOSHARED?= NO Then cd /usr/src/bin make make install to build your dynamic /bin. Cross your fingers and reboot. Do NOT do this on a system with important data. Trashing /bin will render your system completely unbootable. You can do the same with /sbin, though I strongly recommend that you add NOSHARED=YES to the Makefile for /usr/src/sbin/init. (IMO, dynamically linking init is just begging for trouble.) A number of people have done this, primarily for space reasons (a dynamically-linked /bin and /sbin are much smaller) and it does work. But, the need to repartition your disk is a bit of an obstacle. ;-) Gordon's work will make the special partitioning unnecessary, and provide a single switch for selecting dynamic linking. Warning: I haven't been brave enough to try this myself, though I've heard reports from people who have. ;-) Good luck. Tim Kientzle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nss_ldap
Wasn't there a patch floating around to build a dynamic world with the placment of libc et'al in /lib ??? I'd actually like to try that patch for building a tiny fbsd image for my net4501. Thanks in advance, -Jon Disnard Dan Nelson wrote: In the last episode (Jun 27), Andrey Nepomnyaschih said: Well playing with it nss_ldap in 5.1R. I have found that ls -la Will not show the names of the owner if the owner resides in LDAP Directory only the corresponding uidNumbers. Is there a way to show the usernames instead of uidNumbers? Make sure ls is dynamically-linked. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nss_ldap and pam_ldap ?
Is there any plan to port pam_ldap ( and nss_ldap ) to FreeBSD-CURRENT ? No plans, but if you submit something, I would be interested. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
nss_ldap
Hello, I'm trying to get nss_ldap work. But it is looking for some includes, which I haven't (nss_common.h, nss_dbdefs.h). And I can not find any installation howto. There is some mention about FreeBSD in README, but nothing particular to this problem. Patches for nss_ldap on nectar.com are for older release. What do I really need to get it work? I have 5.0-20010531-CURRENT, nss_ldap-153, openldap-2.0.11 (20010524). pam_ldap is working correctly... Please help. Ladislav Kostal To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
RE: nss_ldap
Howdy, The FreeBSD support for nss_ldap is only via the BIND IRS interface. See the README.IRS file supplied with nss_ldap on how to get this working on FreeBSD. To actually utilise the nsswitch features, you'll need to get the -current patches on nectar.com and get them compiling and working on -current. Then use the nss_ldap version on nectar.com along with the patches. Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ladislav Kostal Sent: Tuesday, 5 June 2001 20:57 To: [EMAIL PROTECTED] Subject: nss_ldap Hello, I'm trying to get nss_ldap work. But it is looking for some includes, which I haven't (nss_common.h, nss_dbdefs.h). And I can not find any installation howto. There is some mention about FreeBSD in README, but nothing particular to this problem. Patches for nss_ldap on nectar.com are for older release. What do I really need to get it work? I have 5.0-20010531-CURRENT, nss_ldap-153, openldap-2.0.11 (20010524). pam_ldap is working correctly... Please help. Ladislav Kostal To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
