On Fri, Oct 12, 2012 at 3:48 PM, Rich Megginson <rmeggins(a)redhat.com> wrote:
On 10/12/2012 02:42 PM, upen wrote:
>
> On Fri, Oct 12, 2012 at 3:29 PM, Rich Megginson<rmeggins(a)redhat.com>
> wrote:
>>
>> On 10/12/2012 02:11 PM, upen wrote:
>>>
>>> Hi,
>>>
>>> On my system there are two ldappasswd commands. One is in /usr/bin
>>> (provided by: openldap-clients-2.3) and another is in
>>> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
>>> Could someone please help me understand why there are two? If I run
>>> ldd against them, they are using different shared libraries.
>>>
>>>
>>>
>>> #ldd `which ldappasswd `
>>> linux-vdso.so.1 => (0x00007fff8ddc3000)
>>> libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0
>>> (0x0000003356800000)
>>> liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0
>>> (0x0000003355800000)
>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2
>>> (0x0000003356400000)
>>> libssl.so.6 => /lib64/libssl.so.6 (0x000000335b800000)
>>> libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003358800000)
>>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>>> libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
>>> (0x000000335b000000)
>>> libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003359000000)
>>> libcom_err.so.2 => /lib64/libcom_err.so.2
>>> (0x0000003358400000)
>>> libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
>>> (0x000000335a000000)
>>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>>> libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
>>> (0x0000003359c00000)
>>> libkeyutils.so.1 => /lib64/libkeyutils.so.1
>>> (0x0000003359400000)
>>> libselinux.so.1 => /lib64/libselinux.so.1
>>> (0x0000003354c00000)
>>> libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003355000000)
>>>
>>>
>>> # ldd /usr/lib64/mozldap/ldappasswd
>>> linux-vdso.so.1 => (0x00007fffc8bfd000)
>>> libssldap60.so => /usr/lib64/libssldap60.so
>>> (0x00002ad042453000)
>>> libprldap60.so => /usr/lib64/libprldap60.so
>>> (0x0000003358000000)
>>> libldap60.so => /usr/lib64/libldap60.so (0x000000335a400000)
>>> libldif60.so => /usr/lib64/libldif60.so (0x000000335b000000)
>>> libsvrcore.so.0 => /usr/lib64/libsvrcore.so.0
>>> (0x0000003354800000)
>>> libssl3.so => /usr/lib64/libssl3.so (0x000000335a800000)
>>> libsmime3.so => /usr/lib64/libsmime3.so (0x0000003358c00000)
>>> libnss3.so => /usr/lib64/libnss3.so (0x0000003357c00000)
>>> libsoftokn3.so => /usr/lib64/libsoftokn3.so
>>> (0x00002ad042661000)
>>> libplds4.so => /usr/lib64/libplds4.so (0x0000003357800000)
>>> libplc4.so => /usr/lib64/libplc4.so (0x0000003357000000)
>>> libnspr4.so => /usr/lib64/libnspr4.so (0x0000003357400000)
>>> libpthread.so.0 => /lib64/libpthread.so.0
>>> (0x0000003353c00000)
>>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2
>>> (0x0000003356400000)
>>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>>> libstdc++.so.6 => /usr/lib64/libstdc++.so.6
>>> (0x0000003356800000)
>>> libm.so.6 => /lib64/libm.so.6 (0x0000003354000000)
>>> libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003355800000)
>>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>>> libnssutil3.so => /usr/lib64/libnssutil3.so
>>> (0x0000003356c00000)
>>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>>>
>>>
>>> When should each be used? Do these separate purposes?
>>>
>>> The OS is RHEL 5.7. running 389-ds-1.2.1-1.
>>
>>
>> 389 on RHEL5 still uses mozldap for it's C SDK. 389 also has some
>> scripts
>> which depend on the mozldap versions of these commands.
>>
>> However, you can use either the mozldap or the openldap command line
>> tools
>> for your own use, either is fine.
>
> Thanks Rich. Just out of curiosity, do any of those two binaries have
> any limitations? For example, one only support applications linked to
> openssl libraries and other supports apps linked to MOZ NSS libraries?
On EL5 openldap tools is built with openssl, and mozldap is built with MOZ
NSS.
This means that if you want to use TLS/SSL with the openldap tools, you have
to provide PEM files for TLS_CACERT, TLS_CERT, TLS_KEY, etc.
If you want to use TLS/SSL with the mozldap tools, you have to provide a MOZ
NSS key/cert db.
> Or, both can support all applications regardless of the security
> libraries they use.
If you are planning to use the C SDK directly, then you probably want to use
the openldap libraries with applications that use openssl, and mozldap with
applications that use MOZ NSS. Otherwise, it doesn't really matter - on the
wire, TLS/SSL is (almost) the same regardless of which implementation you're
using.
Perfect. Thanks Rich, for that explanation. Helps a lot!
UG.
--
upen,
emerge -uD life (Upgrade Life with dependencies)