FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 10-12-2012, 08:42 PM
upen
 
Default ldappasswd

On Fri, Oct 12, 2012 at 3:29 PM, Rich Megginson <rmeggins@redhat.com> wrote:
> On 10/12/2012 02:11 PM, upen wrote:
>>
>> Hi,
>>
>> On my system there are two ldappasswd commands. One is in /usr/bin
>> (provided by: openldap-clients-2.3) and another is in
>> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
>> Could someone please help me understand why there are two? If I run
>> ldd against them, they are using different shared libraries.
>>
>>
>>
>> #ldd `which ldappasswd `
>> linux-vdso.so.1 => (0x00007fff8ddc3000)
>> libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0
>> (0x0000003356800000)
>> liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0
>> (0x0000003355800000)
>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003356400000)
>> libssl.so.6 => /lib64/libssl.so.6 (0x000000335b800000)
>> libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003358800000)
>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>> libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
>> (0x000000335b000000)
>> libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003359000000)
>> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003358400000)
>> libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
>> (0x000000335a000000)
>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>> libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
>> (0x0000003359c00000)
>> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003359400000)
>> libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003354c00000)
>> libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003355000000)
>>
>>
>> # ldd /usr/lib64/mozldap/ldappasswd
>> linux-vdso.so.1 => (0x00007fffc8bfd000)
>> libssldap60.so => /usr/lib64/libssldap60.so (0x00002ad042453000)
>> libprldap60.so => /usr/lib64/libprldap60.so (0x0000003358000000)
>> libldap60.so => /usr/lib64/libldap60.so (0x000000335a400000)
>> libldif60.so => /usr/lib64/libldif60.so (0x000000335b000000)
>> libsvrcore.so.0 => /usr/lib64/libsvrcore.so.0
>> (0x0000003354800000)
>> libssl3.so => /usr/lib64/libssl3.so (0x000000335a800000)
>> libsmime3.so => /usr/lib64/libsmime3.so (0x0000003358c00000)
>> libnss3.so => /usr/lib64/libnss3.so (0x0000003357c00000)
>> libsoftokn3.so => /usr/lib64/libsoftokn3.so (0x00002ad042661000)
>> libplds4.so => /usr/lib64/libplds4.so (0x0000003357800000)
>> libplc4.so => /usr/lib64/libplc4.so (0x0000003357000000)
>> libnspr4.so => /usr/lib64/libnspr4.so (0x0000003357400000)
>> libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003353c00000)
>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003356400000)
>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>> libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x0000003356800000)
>> libm.so.6 => /lib64/libm.so.6 (0x0000003354000000)
>> libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003355800000)
>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>> libnssutil3.so => /usr/lib64/libnssutil3.so (0x0000003356c00000)
>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>>
>>
>> When should each be used? Do these separate purposes?
>>
>> The OS is RHEL 5.7. running 389-ds-1.2.1-1.
>
>
> 389 on RHEL5 still uses mozldap for it's C SDK. 389 also has some scripts
> which depend on the mozldap versions of these commands.
>
> However, you can use either the mozldap or the openldap command line tools
> for your own use, either is fine.

Thanks Rich. Just out of curiosity, do any of those two binaries have
any limitations? For example, one only support applications linked to
openssl libraries and other supports apps linked to MOZ NSS libraries?
Or, both can support all applications regardless of the security
libraries they use.

Thanks,
UG.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-12-2012, 08:48 PM
Rich Megginson
 
Default ldappasswd

On 10/12/2012 02:42 PM, upen wrote:

On Fri, Oct 12, 2012 at 3:29 PM, Rich Megginson<rmeggins@redhat.com> wrote:

On 10/12/2012 02:11 PM, upen wrote:

Hi,

On my system there are two ldappasswd commands. One is in /usr/bin
(provided by: openldap-clients-2.3) and another is in
/usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
Could someone please help me understand why there are two? If I run
ldd against them, they are using different shared libraries.



#ldd `which ldappasswd `
linux-vdso.so.1 => (0x00007fff8ddc3000)
libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0
(0x0000003356800000)
liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0
(0x0000003355800000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003356400000)
libssl.so.6 => /lib64/libssl.so.6 (0x000000335b800000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003358800000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
(0x000000335b000000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003359000000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003358400000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
(0x000000335a000000)
libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
/lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
(0x0000003359c00000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003359400000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003354c00000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003355000000)


# ldd /usr/lib64/mozldap/ldappasswd
linux-vdso.so.1 => (0x00007fffc8bfd000)
libssldap60.so => /usr/lib64/libssldap60.so (0x00002ad042453000)
libprldap60.so => /usr/lib64/libprldap60.so (0x0000003358000000)
libldap60.so => /usr/lib64/libldap60.so (0x000000335a400000)
libldif60.so => /usr/lib64/libldif60.so (0x000000335b000000)
libsvrcore.so.0 => /usr/lib64/libsvrcore.so.0
(0x0000003354800000)
libssl3.so => /usr/lib64/libssl3.so (0x000000335a800000)
libsmime3.so => /usr/lib64/libsmime3.so (0x0000003358c00000)
libnss3.so => /usr/lib64/libnss3.so (0x0000003357c00000)
libsoftokn3.so => /usr/lib64/libsoftokn3.so (0x00002ad042661000)
libplds4.so => /usr/lib64/libplds4.so (0x0000003357800000)
libplc4.so => /usr/lib64/libplc4.so (0x0000003357000000)
libnspr4.so => /usr/lib64/libnspr4.so (0x0000003357400000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003353c00000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003356400000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x0000003356800000)
libm.so.6 => /lib64/libm.so.6 (0x0000003354000000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003355800000)
libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
libnssutil3.so => /usr/lib64/libnssutil3.so (0x0000003356c00000)
libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
/lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)


When should each be used? Do these separate purposes?

The OS is RHEL 5.7. running 389-ds-1.2.1-1.


389 on RHEL5 still uses mozldap for it's C SDK. 389 also has some scripts
which depend on the mozldap versions of these commands.

However, you can use either the mozldap or the openldap command line tools
for your own use, either is fine.

Thanks Rich. Just out of curiosity, do any of those two binaries have
any limitations? For example, one only support applications linked to
openssl libraries and other supports apps linked to MOZ NSS libraries?


On EL5 openldap tools is built with openssl, and mozldap is built with
MOZ NSS.


This means that if you want to use TLS/SSL with the openldap tools, you
have to provide PEM files for TLS_CACERT, TLS_CERT, TLS_KEY, etc.


If you want to use TLS/SSL with the mozldap tools, you have to provide a
MOZ NSS key/cert db.



Or, both can support all applications regardless of the security
libraries they use.


If you are planning to use the C SDK directly, then you probably want to
use the openldap libraries with applications that use openssl, and
mozldap with applications that use MOZ NSS. Otherwise, it doesn't
really matter - on the wire, TLS/SSL is (almost) the same regardless of
which implementation you're using.





Thanks,
UG.


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-12-2012, 08:51 PM
upen
 
Default ldappasswd

On Fri, Oct 12, 2012 at 3:48 PM, Rich Megginson <rmeggins@redhat.com> wrote:
> On 10/12/2012 02:42 PM, upen wrote:
>>
>> On Fri, Oct 12, 2012 at 3:29 PM, Rich Megginson<rmeggins@redhat.com>
>> wrote:
>>>
>>> On 10/12/2012 02:11 PM, upen wrote:
>>>>
>>>> Hi,
>>>>
>>>> On my system there are two ldappasswd commands. One is in /usr/bin
>>>> (provided by: openldap-clients-2.3) and another is in
>>>> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
>>>> Could someone please help me understand why there are two? If I run
>>>> ldd against them, they are using different shared libraries.
>>>>
>>>>
>>>>
>>>> #ldd `which ldappasswd `
>>>> linux-vdso.so.1 => (0x00007fff8ddc3000)
>>>> libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0
>>>> (0x0000003356800000)
>>>> liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0
>>>> (0x0000003355800000)
>>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2
>>>> (0x0000003356400000)
>>>> libssl.so.6 => /lib64/libssl.so.6 (0x000000335b800000)
>>>> libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003358800000)
>>>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>>>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>>>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>>>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>>>> libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
>>>> (0x000000335b000000)
>>>> libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003359000000)
>>>> libcom_err.so.2 => /lib64/libcom_err.so.2
>>>> (0x0000003358400000)
>>>> libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3
>>>> (0x000000335a000000)
>>>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>>>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>>>> libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
>>>> (0x0000003359c00000)
>>>> libkeyutils.so.1 => /lib64/libkeyutils.so.1
>>>> (0x0000003359400000)
>>>> libselinux.so.1 => /lib64/libselinux.so.1
>>>> (0x0000003354c00000)
>>>> libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003355000000)
>>>>
>>>>
>>>> # ldd /usr/lib64/mozldap/ldappasswd
>>>> linux-vdso.so.1 => (0x00007fffc8bfd000)
>>>> libssldap60.so => /usr/lib64/libssldap60.so
>>>> (0x00002ad042453000)
>>>> libprldap60.so => /usr/lib64/libprldap60.so
>>>> (0x0000003358000000)
>>>> libldap60.so => /usr/lib64/libldap60.so (0x000000335a400000)
>>>> libldif60.so => /usr/lib64/libldif60.so (0x000000335b000000)
>>>> libsvrcore.so.0 => /usr/lib64/libsvrcore.so.0
>>>> (0x0000003354800000)
>>>> libssl3.so => /usr/lib64/libssl3.so (0x000000335a800000)
>>>> libsmime3.so => /usr/lib64/libsmime3.so (0x0000003358c00000)
>>>> libnss3.so => /usr/lib64/libnss3.so (0x0000003357c00000)
>>>> libsoftokn3.so => /usr/lib64/libsoftokn3.so
>>>> (0x00002ad042661000)
>>>> libplds4.so => /usr/lib64/libplds4.so (0x0000003357800000)
>>>> libplc4.so => /usr/lib64/libplc4.so (0x0000003357000000)
>>>> libnspr4.so => /usr/lib64/libnspr4.so (0x0000003357400000)
>>>> libpthread.so.0 => /lib64/libpthread.so.0
>>>> (0x0000003353c00000)
>>>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000)
>>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2
>>>> (0x0000003356400000)
>>>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000)
>>>> libstdc++.so.6 => /usr/lib64/libstdc++.so.6
>>>> (0x0000003356800000)
>>>> libm.so.6 => /lib64/libm.so.6 (0x0000003354000000)
>>>> libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003355800000)
>>>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000)
>>>> libnssutil3.so => /usr/lib64/libnssutil3.so
>>>> (0x0000003356c00000)
>>>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000)
>>>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>>>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000)
>>>>
>>>>
>>>> When should each be used? Do these separate purposes?
>>>>
>>>> The OS is RHEL 5.7. running 389-ds-1.2.1-1.
>>>
>>>
>>> 389 on RHEL5 still uses mozldap for it's C SDK. 389 also has some
>>> scripts
>>> which depend on the mozldap versions of these commands.
>>>
>>> However, you can use either the mozldap or the openldap command line
>>> tools
>>> for your own use, either is fine.
>>
>> Thanks Rich. Just out of curiosity, do any of those two binaries have
>> any limitations? For example, one only support applications linked to
>> openssl libraries and other supports apps linked to MOZ NSS libraries?
>
>
> On EL5 openldap tools is built with openssl, and mozldap is built with MOZ
> NSS.
>
> This means that if you want to use TLS/SSL with the openldap tools, you have
> to provide PEM files for TLS_CACERT, TLS_CERT, TLS_KEY, etc.
>
> If you want to use TLS/SSL with the mozldap tools, you have to provide a MOZ
> NSS key/cert db.
>
>
>> Or, both can support all applications regardless of the security
>> libraries they use.
>
>
> If you are planning to use the C SDK directly, then you probably want to use
> the openldap libraries with applications that use openssl, and mozldap with
> applications that use MOZ NSS. Otherwise, it doesn't really matter - on the
> wire, TLS/SSL is (almost) the same regardless of which implementation you're
> using.


Perfect. Thanks Rich, for that explanation. Helps a lot!

UG.



--
upen,
emerge -uD life (Upgrade Life with dependencies)
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-12-2012, 08:57 PM
"Morris, Patrick"
 
Default ldappasswd

> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-
> bounces@lists.fedoraproject.org] On Behalf Of upen
> Sent: Friday, October 12, 2012 1:12 PM
> To: 389-users@lists.fedoraproject.org
> Subject: [389-users] ldappasswd
>
> Hi,
>
> On my system there are two ldappasswd commands. One is in /usr/bin
> (provided by: openldap-clients-2.3) and another is in
> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
> Could someone please help me understand why there are two? If I run ldd
> against them, they are using different shared libraries.

I'm not sure what you're asking for here, but there are two because... well,
because two different packages which contain ldappasswd have been installed on
that system.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-12-2012, 09:45 PM
upen
 
Default ldappasswd

On Fri, Oct 12, 2012 at 3:57 PM, Morris, Patrick <patrick.morris@hp.com> wrote:
>
>> -----Original Message-----
>> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-
>> bounces@lists.fedoraproject.org] On Behalf Of upen
>> Sent: Friday, October 12, 2012 1:12 PM
>> To: 389-users@lists.fedoraproject.org
>> Subject: [389-users] ldappasswd
>>
>> Hi,
>>
>> On my system there are two ldappasswd commands. One is in /usr/bin
>> (provided by: openldap-clients-2.3) and another is in
>> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
>> Could someone please help me understand why there are two? If I run ldd
>> against them, they are using different shared libraries.
>
> I'm not sure what you're asking for here, but there are two because... well,
> because two different packages which contain ldappasswd have been installed on
> that system.

I was wondering why they needed to have different ldappasswd when one
has capability of serving the purpose. Of course, I see mozldap's
ldappasswd has more available switches. When I had tested these
commands to change password, both worked fine, so I started wondering
why would they have two different ldappasswd but again I don't want to
know history and more details at this time..Rich's answer helped.

Thanks,
UG.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 12:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org