This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: How to get LDAP support in NSS/compat?
On Wed, Apr 30, 2003 at 12:41:23AM +0200, Thorsten Kukuk wrote:
> On Tue, Apr 29, Ulrich Drepper wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Petter Reinholdtsen wrote:
> > > How hard would it be to modify the compat NSS/PAM module to support
> > > LDAP? In solaris, this is done using these lines in nsswitch.conf:
> >
> > Not going to happen. Somebody can write an alternative NSS module to do
> > this.
>
> I think it is very easy to rewrite the current compat NSS module
> to support every service, for which a NSS module exists. We don't
> need LDAP support in glibc for this, instead the compat module would
> load the corresponding NSS module. This would also avoid some
> duplicate code.
>
> I will look at this next week and write such a module. After this
> we can discuss again, if we whish to replace the glibc version or
> make an alternative NSS module from it.
FYI, it's already been done:
drow@nevyn:~% apt-cache show libnss-ldap
Package: libnss-ldap
Priority: extra
Section: net
Installed-Size: 152
Maintainer: Sami Haahtinen <ressu@debian.org>
Architecture: i386
Version: 204-3
Depends: libc6 (>= 2.3.1-1), libdb4.1, libldap2 (>= 2.0.23-1), debconf
Recommends: nscd, libpam-ldap
Filename: pool/main/libn/libnss-ldap/libnss-ldap_204-3_i386.deb
Size: 71004
MD5sum: d5da08908ffbaa2266172ac4e7a7b098
Description: NSS module for using LDAP as a naming service
This package provides a Name Service Switch that allows your LDAP server
act as a name service. This means providing user account information,
group id's, host information, aliases, netgroups, and basically anything
else that you would normally get from /etc flat files or NIS.
.
If used with glibc 2.1's nscd (Name Service Cache Daemon) it will help
reduce your network traffic and speed up lookups for entries.
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer