Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   ldappasswd (http://www.linux-archive.org/fedora-user/711872-ldappasswd.html)

upen 10-12-2012 08:42 PM

ldappasswd
 
On Fri, Oct 12, 2012 at 3:29 PM, Rich Megginson <rmeggins@redhat.com> wrote:
> On 10/12/2012 02:11 PM, upen wrote:
>>
>> Hi,
>>
>> On my system there are two ldappasswd commands. One is in /usr/bin
>> (provided by: openldap-clients-2.3) and another is in
>> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
>> Could someone please help me understand why there are two? If I run
>> ldd against them, they are using different shared libraries.
>>
>>
>>
>> #ldd `which ldappasswd `
>> linux-vdso.so.1 => (0x00007fff8ddc3000)
>> libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0
>> (0x0000003356800000)
>> liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0
>> (0x0000003355800000)
>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003356400000)
>> libssl.so.6 => /lib64/libssl.so.6 (0x000000335b800000)
>> libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003358800000)
>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>> libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
>> (0x000000335b000000)
>> libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003359000000)
>> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003358400000)
>> libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
>> (0x000000335a000000)
>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>> libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
>> (0x0000003359c00000)
>> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003359400000)
>> libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003354c00000)
>> libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003355000000)
>>
>>
>> # ldd /usr/lib64/mozldap/ldappasswd
>> linux-vdso.so.1 => (0x00007fffc8bfd000)
>> libssldap60.so => /usr/lib64/libssldap60.so (0x00002ad042453000)
>> libprldap60.so => /usr/lib64/libprldap60.so (0x0000003358000000)
>> libldap60.so => /usr/lib64/libldap60.so (0x000000335a400000)
>> libldif60.so => /usr/lib64/libldif60.so (0x000000335b000000)
>> libsvrcore.so.0 => /usr/lib64/libsvrcore.so.0
>> (0x0000003354800000)
>> libssl3.so => /usr/lib64/libssl3.so (0x000000335a800000)
>> libsmime3.so => /usr/lib64/libsmime3.so (0x0000003358c00000)
>> libnss3.so => /usr/lib64/libnss3.so (0x0000003357c00000)
>> libsoftokn3.so => /usr/lib64/libsoftokn3.so (0x00002ad042661000)
>> libplds4.so => /usr/lib64/libplds4.so (0x0000003357800000)
>> libplc4.so => /usr/lib64/libplc4.so (0x0000003357000000)
>> libnspr4.so => /usr/lib64/libnspr4.so (0x0000003357400000)
>> libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003353c00000)
>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003356400000)
>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>> libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x0000003356800000)
>> libm.so.6 => /lib64/libm.so.6 (0x0000003354000000)
>> libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003355800000)
>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>> libnssutil3.so => /usr/lib64/libnssutil3.so (0x0000003356c00000)
>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>>
>>
>> When should each be used? Do these separate purposes?
>>
>> The OS is RHEL 5.7. running 389-ds-1.2.1-1.
>
>
> 389 on RHEL5 still uses mozldap for it's C SDK. 389 also has some scripts
> which depend on the mozldap versions of these commands.
>
> However, you can use either the mozldap or the openldap command line tools
> for your own use, either is fine.

Thanks Rich. Just out of curiosity, do any of those two binaries have
any limitations? For example, one only support applications linked to
openssl libraries and other supports apps linked to MOZ NSS libraries?
Or, both can support all applications regardless of the security
libraries they use.

Thanks,
UG.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 10-12-2012 08:48 PM

ldappasswd
 
On 10/12/2012 02:42 PM, upen wrote:

On Fri, Oct 12, 2012 at 3:29 PM, Rich Megginson<rmeggins@redhat.com> wrote:

On 10/12/2012 02:11 PM, upen wrote:

Hi,

On my system there are two ldappasswd commands. One is in /usr/bin
(provided by: openldap-clients-2.3) and another is in
/usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
Could someone please help me understand why there are two? If I run
ldd against them, they are using different shared libraries.



#ldd `which ldappasswd `
linux-vdso.so.1 => (0x00007fff8ddc3000)
libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0
(0x0000003356800000)
liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0
(0x0000003355800000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003356400000)
libssl.so.6 => /lib64/libssl.so.6 (0x000000335b800000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003358800000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
(0x000000335b000000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003359000000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003358400000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
(0x000000335a000000)
libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
/lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
(0x0000003359c00000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003359400000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003354c00000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003355000000)


# ldd /usr/lib64/mozldap/ldappasswd
linux-vdso.so.1 => (0x00007fffc8bfd000)
libssldap60.so => /usr/lib64/libssldap60.so (0x00002ad042453000)
libprldap60.so => /usr/lib64/libprldap60.so (0x0000003358000000)
libldap60.so => /usr/lib64/libldap60.so (0x000000335a400000)
libldif60.so => /usr/lib64/libldif60.so (0x000000335b000000)
libsvrcore.so.0 => /usr/lib64/libsvrcore.so.0
(0x0000003354800000)
libssl3.so => /usr/lib64/libssl3.so (0x000000335a800000)
libsmime3.so => /usr/lib64/libsmime3.so (0x0000003358c00000)
libnss3.so => /usr/lib64/libnss3.so (0x0000003357c00000)
libsoftokn3.so => /usr/lib64/libsoftokn3.so (0x00002ad042661000)
libplds4.so => /usr/lib64/libplds4.so (0x0000003357800000)
libplc4.so => /usr/lib64/libplc4.so (0x0000003357000000)
libnspr4.so => /usr/lib64/libnspr4.so (0x0000003357400000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003353c00000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003356400000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x0000003356800000)
libm.so.6 => /lib64/libm.so.6 (0x0000003354000000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003355800000)
libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
libnssutil3.so => /usr/lib64/libnssutil3.so (0x0000003356c00000)
libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
/lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)


When should each be used? Do these separate purposes?

The OS is RHEL 5.7. running 389-ds-1.2.1-1.


389 on RHEL5 still uses mozldap for it's C SDK. 389 also has some scripts
which depend on the mozldap versions of these commands.

However, you can use either the mozldap or the openldap command line tools
for your own use, either is fine.

Thanks Rich. Just out of curiosity, do any of those two binaries have
any limitations? For example, one only support applications linked to
openssl libraries and other supports apps linked to MOZ NSS libraries?


On EL5 openldap tools is built with openssl, and mozldap is built with
MOZ NSS.


This means that if you want to use TLS/SSL with the openldap tools, you
have to provide PEM files for TLS_CACERT, TLS_CERT, TLS_KEY, etc.


If you want to use TLS/SSL with the mozldap tools, you have to provide a
MOZ NSS key/cert db.



Or, both can support all applications regardless of the security
libraries they use.


If you are planning to use the C SDK directly, then you probably want to
use the openldap libraries with applications that use openssl, and
mozldap with applications that use MOZ NSS. Otherwise, it doesn't
really matter - on the wire, TLS/SSL is (almost) the same regardless of
which implementation you're using.





Thanks,
UG.


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

upen 10-12-2012 08:51 PM

ldappasswd
 
On Fri, Oct 12, 2012 at 3:48 PM, Rich Megginson <rmeggins@redhat.com> wrote:
> On 10/12/2012 02:42 PM, upen wrote:
>>
>> On Fri, Oct 12, 2012 at 3:29 PM, Rich Megginson<rmeggins@redhat.com>
>> wrote:
>>>
>>> On 10/12/2012 02:11 PM, upen wrote:
>>>>
>>>> Hi,
>>>>
>>>> On my system there are two ldappasswd commands. One is in /usr/bin
>>>> (provided by: openldap-clients-2.3) and another is in
>>>> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
>>>> Could someone please help me understand why there are two? If I run
>>>> ldd against them, they are using different shared libraries.
>>>>
>>>>
>>>>
>>>> #ldd `which ldappasswd `
>>>> linux-vdso.so.1 => (0x00007fff8ddc3000)
>>>> libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0
>>>> (0x0000003356800000)
>>>> liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0
>>>> (0x0000003355800000)
>>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2
>>>> (0x0000003356400000)
>>>> libssl.so.6 => /lib64/libssl.so.6 (0x000000335b800000)
>>>> libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003358800000)
>>>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>>>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>>>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>>>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>>>> libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
>>>> (0x000000335b000000)
>>>> libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003359000000)
>>>> libcom_err.so.2 => /lib64/libcom_err.so.2
>>>> (0x0000003358400000)
>>>> libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
>>>> (0x000000335a000000)
>>>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>>>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>>>> libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
>>>> (0x0000003359c00000)
>>>> libkeyutils.so.1 => /lib64/libkeyutils.so.1
>>>> (0x0000003359400000)
>>>> libselinux.so.1 => /lib64/libselinux.so.1
>>>> (0x0000003354c00000)
>>>> libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003355000000)
>>>>
>>>>
>>>> # ldd /usr/lib64/mozldap/ldappasswd
>>>> linux-vdso.so.1 => (0x00007fffc8bfd000)
>>>> libssldap60.so => /usr/lib64/libssldap60.so
>>>> (0x00002ad042453000)
>>>> libprldap60.so => /usr/lib64/libprldap60.so
>>>> (0x0000003358000000)
>>>> libldap60.so => /usr/lib64/libldap60.so (0x000000335a400000)
>>>> libldif60.so => /usr/lib64/libldif60.so (0x000000335b000000)
>>>> libsvrcore.so.0 => /usr/lib64/libsvrcore.so.0
>>>> (0x0000003354800000)
>>>> libssl3.so => /usr/lib64/libssl3.so (0x000000335a800000)
>>>> libsmime3.so => /usr/lib64/libsmime3.so (0x0000003358c00000)
>>>> libnss3.so => /usr/lib64/libnss3.so (0x0000003357c00000)
>>>> libsoftokn3.so => /usr/lib64/libsoftokn3.so
>>>> (0x00002ad042661000)
>>>> libplds4.so => /usr/lib64/libplds4.so (0x0000003357800000)
>>>> libplc4.so => /usr/lib64/libplc4.so (0x0000003357000000)
>>>> libnspr4.so => /usr/lib64/libnspr4.so (0x0000003357400000)
>>>> libpthread.so.0 => /lib64/libpthread.so.0
>>>> (0x0000003353c00000)
>>>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2
>>>> (0x0000003356400000)
>>>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>>>> libstdc++.so.6 => /usr/lib64/libstdc++.so.6
>>>> (0x0000003356800000)
>>>> libm.so.6 => /lib64/libm.so.6 (0x0000003354000000)
>>>> libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003355800000)
>>>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>>>> libnssutil3.so => /usr/lib64/libnssutil3.so
>>>> (0x0000003356c00000)
>>>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>>>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>>>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>>>>
>>>>
>>>> When should each be used? Do these separate purposes?
>>>>
>>>> The OS is RHEL 5.7. running 389-ds-1.2.1-1.
>>>
>>>
>>> 389 on RHEL5 still uses mozldap for it's C SDK. 389 also has some
>>> scripts
>>> which depend on the mozldap versions of these commands.
>>>
>>> However, you can use either the mozldap or the openldap command line
>>> tools
>>> for your own use, either is fine.
>>
>> Thanks Rich. Just out of curiosity, do any of those two binaries have
>> any limitations? For example, one only support applications linked to
>> openssl libraries and other supports apps linked to MOZ NSS libraries?
>
>
> On EL5 openldap tools is built with openssl, and mozldap is built with MOZ
> NSS.
>
> This means that if you want to use TLS/SSL with the openldap tools, you have
> to provide PEM files for TLS_CACERT, TLS_CERT, TLS_KEY, etc.
>
> If you want to use TLS/SSL with the mozldap tools, you have to provide a MOZ
> NSS key/cert db.
>
>
>> Or, both can support all applications regardless of the security
>> libraries they use.
>
>
> If you are planning to use the C SDK directly, then you probably want to use
> the openldap libraries with applications that use openssl, and mozldap with
> applications that use MOZ NSS. Otherwise, it doesn't really matter - on the
> wire, TLS/SSL is (almost) the same regardless of which implementation you're
> using.


Perfect. Thanks Rich, for that explanation. Helps a lot!

UG.



--
upen,
emerge -uD life (Upgrade Life with dependencies)
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

"Morris, Patrick" 10-12-2012 08:57 PM

ldappasswd
 
> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-
> bounces@lists.fedoraproject.org] On Behalf Of upen
> Sent: Friday, October 12, 2012 1:12 PM
> To: 389-users@lists.fedoraproject.org
> Subject: [389-users] ldappasswd
>
> Hi,
>
> On my system there are two ldappasswd commands. One is in /usr/bin
> (provided by: openldap-clients-2.3) and another is in
> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
> Could someone please help me understand why there are two? If I run ldd
> against them, they are using different shared libraries.

I'm not sure what you're asking for here, but there are two because... well,
because two different packages which contain ldappasswd have been installed on
that system.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

upen 10-12-2012 09:45 PM

ldappasswd
 
On Fri, Oct 12, 2012 at 3:57 PM, Morris, Patrick <patrick.morris@hp.com> wrote:
>
>> -----Original Message-----
>> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-
>> bounces@lists.fedoraproject.org] On Behalf Of upen
>> Sent: Friday, October 12, 2012 1:12 PM
>> To: 389-users@lists.fedoraproject.org
>> Subject: [389-users] ldappasswd
>>
>> Hi,
>>
>> On my system there are two ldappasswd commands. One is in /usr/bin
>> (provided by: openldap-clients-2.3) and another is in
>> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
>> Could someone please help me understand why there are two? If I run ldd
>> against them, they are using different shared libraries.
>
> I'm not sure what you're asking for here, but there are two because... well,
> because two different packages which contain ldappasswd have been installed on
> that system.

I was wondering why they needed to have different ldappasswd when one
has capability of serving the purpose. Of course, I see mozldap's
ldappasswd has more available switches. When I had tested these
commands to change password, both worked fine, so I started wondering
why would they have two different ldappasswd but again I don't want to
know history and more details at this time..Rich's answer helped.

Thanks,
UG.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 04:01 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.