Sun One Webserver 6.1 with openLDAP client auth crashes
This is a discussion on Sun One Webserver 6.1 with openLDAP client auth crashes within the Sun Solaris Administration forums, part of the Solaris Operating System category; --> Hi All! We are trying to implement openldap client auth at our network. The host that is running the ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-16-2008, 10:47 AM
| ||||
| ||||
 Sun One Webserver 6.1 with openLDAP client auth crashes Hi All! We are trying to implement openldap client auth at our network. The host that is running the webserver (Sun One Webserver 6.1) has to allow users to log in (ftp, and http, some people even have console access). The users are in AD. This is fine, the users can authenticate, ftp is OK. Our problems start were we have to RESTART the webserver while the host is on ldap authentication. If the nsswitch and pam.config are set for NIS authentication the webserver will restart with no problem. If the host is on openldap auth then the webserver startup will crash. Apparently the Webserver uses the native sun LDAP and the two libs cannot coexist in the same process. An ugly solution would be to create a script that watches the daemon, and if its down, set the box on NIS auth, restart the http daemon and switch back to openldap. It is ugly and I think it has to be a better solution than this. Does anybody running Sun One Webserver with openldap client libs? If yes - How did you do it? Thanks in advance. Lorand Marton      |
|
01-16-2008, 10:48 AM
| ||||
| ||||
| Re: Sun One Webserver 6.1 with openLDAP client auth crashes Well it turns out there were multiple issues. The Sun One webserver will load nss_ldap.so.1 from /usr/lib if it finds that the box is on ldap authentication. Theres no way to change this, it will allways load this library. The problem is that if this library is not from the original sun LDAP stack during startup the server will make a function call that is only available in the SUN package, so if you had to replace that file with something else - in our case the PADL/OpenLDAP package and nss_ldap library it will crash during the startup process. However the rest of the system will need the PADL nss_ldap for proper ssh, ftp authentication. The solution that I implemented was to modify the server startup so before it actualy starts the server the script makes a symlink to the original sun nss_ldap, start the server, sleep 5 to let the services load, and then restore the symlink to the PADL nss_ldap once the iplanet server is running. The webserver wil stay alive and the user authentication will not work for only those 5 seconds. It is not really elegant but I couldnt find another way to circumvent this. Even if the LD_LIBRARY_PATH for the webserver was totally modified it would pull everything else from that LD_LIBRARY_PATH except that single file. Hope this will help somebody out there that might have run into the same problem. Cheers: Lorand Marton www.sinvatech.com |
 |
« Minimum packages required for ZONES
|
does 'format' program handle FCAL drives as well as normal SCSI? »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 05:02 PM.
