From owner-freebsd-questions Fri Jan 4 12:16:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from www.riboflavin.net (dsl.75.79.networkiowa.com [209.234.75.79]) by hub.freebsd.org (Postfix) with ESMTP id 0D9BA37B41B for ; Fri, 4 Jan 2002 12:16:41 -0800 (PST) Received: from localhost (dsl.75.91.networkiowa.com [209.234.75.91]) by www.riboflavin.net (8.11.1/8.11.1) with ESMTP id g04KItt51457 for ; Fri, 4 Jan 2002 14:18:55 -0600 (CST) (envelope-from marcus@riboflavin.net) Received: from 209.234.75.79 ( [209.234.75.79]) as user marcus@imap.riboflavin.net by horde.riboflavin.net with HTTP; Fri, 4 Jan 2002 14:15:36 -0600 Message-ID: <1010175336.3c360d6842981@horde.riboflavin.net> Date: Fri, 4 Jan 2002 14:15:36 -0600 From: "Marcus I. Ryan" To: freebsd-questions@freebsd.org Subject: nss_ldap via IRS for FreeBSD MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 4.0-cvs X-Originating-IP: 209.234.75.79 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG If this would be better on another list, recommendations would be appreciated... I've found ~800 unfinished answers and half-completed documents on getting nss_ldap to work for FreeBSD through the BIND IRS interface. Every indication of other ways it once worked have disappeared (most notably nectar.com). Has anyone gotten this working that can share a fairly-detailed howto, or even a rough sketch? I'm not even sure I'm on the right track. According to the nss_ldap documentation it has been confirmed to work on FreeBSD with BIND 8 using the IRS interface. Part of the problem is that the documentation for doing so is for nss_ldap-115 - it's now up to nss_ldap-176. They refer to a patch for IRS that is no longer in the tar archive as well. Perhaps it's not necessary with newer versions of BIND. What I have actually done so far is: # Is installing bind8 from ports necessary?? # nss_ldap also seems to want sasl installed cd /usr/ports/net/bind8; make install cd /usr/ports/security/cyrus-sasl; make install cd /usr/local/src rm -rf /usr/local/src/nss_ldap tar xvzf ~/nss_ldap*gz mv nss_ldap* nss_ldap cd nss_ldap #set each of the following variables (I use tcsh setenv...) CPPFLAGS "-pthread -I/usr/local/include -I/usr/local/include/bind" CPPFLAGS "$CPPFLAGS -I/usr/local/include/sasl -DPIC -D_THREAD_SAFE" CFLAGS "$CPPFLAGS" LDFLAGS "-L/usr/local/lib" LIBS "-lbind_r -lgnuregex -pthread" ./configure --with-ldap-lib=openldap --with-ldap-dir=/usr/local automake -a gmake /usr/bin/install -c -o root -g wheel nss_ldap.so /usr/lib/nss_ldap.so.1 rm -f /usr/lib/nss_ldap.so ln -s /usr/lib/nss_ldap.so.1 /usr/lib/nss_ldap.so /usr/bin/install -c -m 644 -o root -g wheel ./nsswitch.ldap \ /etc/nsswitch.ldap; unsetenv CPPFLAGS CFLAGS LDFLAGS LIBS I then went to /usr/src/contrib/bind/lib/irs and applied the patches listed in nss_ldap/docs/README.IRS to gen.c, gen_p.h, and Makefile I then did: cd /usr/src; make clean; make clean; make buildworld When it gets to bind it exits with errors: gen.c:84: `irs_ldap_acc' undeclared here (not in a function) gen.c:84: initializer element is not constant gen.c:84: (near initialization for `accs[3]') My guess is somehow I need to get the proper include statements, etc., into the bind code and that's what the patch did. Since the new version of nss_ldap doesn't come with the patch, I don't know what it was for. Can ANYONE give me any help at all? I've found all kinds of posts on various newsgroups and mailing list archives, but none of them gives a solid example or even a good rough outline. ANY help would be appreciated! Thanks! -- Marcus I. Ryan, marcus@riboflavin.net ----------------------------------------------------------------------- "Love is a snowmobile racing across the tundra and then suddenly it flips over, pinning you underneath. At night, the ice weasels come." -- Matt Groening ----------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message