SUMMARY: PADL nss_ldap under Solaris 10

From: Paul B. Henson <>
Date: Tue Jan 22 2008 - 20:36:11 EST
Well, unfortunately there wasn't much feedback on this.

One person pointed out that the native Sun LDAP client allows you to remap
objectclasses/attributes. However, remapping memberUid to member doesn't
work, as the latter is stored in DN format and the client doesn't know what
to make of it.

Another individual created a generic proxy account in his directory used by
all systems to allow TLS. I don't particularly care for that approach, as
access control generally distinguishes between "anonymous" and
"authenticated" access, and such a generic account would blur the two.

A third person is actually using PADL nss_ldap under Solaris 9 and is
interested in switching to the native client due to support issues with

On asking a similar question on the nss_ldap mailing list, a representative
of Symas pointed out that they have successfully built and packaged
pam_ldap and nss_ldap for Solaris 10. That's a commercial product though
requiring licensing fees.

I did some initial testing myself, and was able to get nss_ldap working
compiled against the Sun LDAP libraries in plaintext, but not with TLS.

At this point I guess I will fight a dual front of working on nss_ldap and
also arguing with Sun technical support to try and get them to fix their
product :)...


Paul B. Henson  |  (909) 979-6361  |
Operating Systems and Network Analyst  |
California State Polytechnic University  |  Pomona CA 91768
sunmanagers mailing list
Received on Tue Jan 22 20:36:42 2008

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:08 EST