This is the mail archive of the
mailing list for the glibc project.
Re: How to get LDAP support in NSS/compat?
On Wed, Apr 30, 2003 at 12:41:23AM +0200, Thorsten Kukuk wrote:
> On Tue, Apr 29, Ulrich Drepper wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Petter Reinholdtsen wrote:
> > > How hard would it be to modify the compat NSS/PAM module to support
> > > LDAP? In solaris, this is done using these lines in nsswitch.conf:
> > Not going to happen. Somebody can write an alternative NSS module to do
> > this.
> I think it is very easy to rewrite the current compat NSS module
> to support every service, for which a NSS module exists. We don't
> need LDAP support in glibc for this, instead the compat module would
> load the corresponding NSS module. This would also avoid some
> duplicate code.
> I will look at this next week and write such a module. After this
> we can discuss again, if we whish to replace the glibc version or
> make an alternative NSS module from it.
FYI, it's already been done:
drow@nevyn:~% apt-cache show libnss-ldap
Maintainer: Sami Haahtinen <firstname.lastname@example.org>
Depends: libc6 (>= 2.3.1-1), libdb4.1, libldap2 (>= 2.0.23-1), debconf
Recommends: nscd, libpam-ldap
Description: NSS module for using LDAP as a naming service
This package provides a Name Service Switch that allows your LDAP server
act as a name service. This means providing user account information,
group id's, host information, aliases, netgroups, and basically anything
else that you would normally get from /etc flat files or NIS.
If used with glibc 2.1's nscd (Name Service Cache Daemon) it will help
reduce your network traffic and speed up lookups for entries.
MontaVista Software Debian GNU/Linux Developer