[389-users] ldappasswd

upen upendra.gandhi at gmail.com
Fri Oct 12 20:51:56 UTC 2012 

On Fri, Oct 12, 2012 at 3:48 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> On 10/12/2012 02:42 PM, upen wrote:
>>
>> On Fri, Oct 12, 2012 at 3:29 PM, Rich Megginson<rmeggins at redhat.com>
>> wrote:
>>>
>>> On 10/12/2012 02:11 PM, upen wrote:
>>>>
>>>> Hi,
>>>>
>>>> On my system there are two ldappasswd commands. One is in /usr/bin
>>>> (provided by: openldap-clients-2.3) and another is in
>>>> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) .
>>>> Could someone please help me understand why there are two? If I run
>>>> ldd against them, they are using different shared libraries.
>>>>
>>>>
>>>>
>>>> #ldd `which ldappasswd `
>>>>          linux-vdso.so.1 =>    (0x00007fff8ddc3000)
>>>>          libldap-2.3.so.0 =>   /usr/lib64/libldap-2.3.so.0
>>>> (0x0000003356800000)
>>>>          liblber-2.3.so.0 =>   /usr/lib64/liblber-2.3.so.0
>>>> (0x0000003355800000)
>>>>          libsasl2.so.2 =>   /usr/lib64/libsasl2.so.2
>>>> (0x0000003356400000)
>>>>          libssl.so.6 =>   /lib64/libssl.so.6 (0x000000335b800000)
>>>>          libcrypto.so.6 =>   /lib64/libcrypto.so.6 (0x0000003358800000)
>>>>          libcrypt.so.1 =>   /lib64/libcrypt.so.1 (0x0000003355400000)
>>>>          libresolv.so.2 =>   /lib64/libresolv.so.2 (0x0000003355c00000)
>>>>          libc.so.6 =>   /lib64/libc.so.6 (0x0000003353400000)
>>>>          libdl.so.2 =>   /lib64/libdl.so.2 (0x0000003353800000)
>>>>          libgssapi_krb5.so.2 =>   /usr/lib64/libgssapi_krb5.so.2
>>>> (0x000000335b000000)
>>>>          libkrb5.so.3 =>   /usr/lib64/libkrb5.so.3 (0x0000003359000000)
>>>>          libcom_err.so.2 =>   /lib64/libcom_err.so.2
>>>> (0x0000003358400000)
>>>>          libk5crypto.so.3 =>   /usr/lib64/libk5crypto.so.3
>>>> (0x000000335a000000)
>>>>          libz.so.1 =>   /lib64/libz.so.1 (0x0000003354400000)
>>>>          /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>>>>          libkrb5support.so.0 =>   /usr/lib64/libkrb5support.so.0
>>>> (0x0000003359c00000)
>>>>          libkeyutils.so.1 =>   /lib64/libkeyutils.so.1
>>>> (0x0000003359400000)
>>>>          libselinux.so.1 =>   /lib64/libselinux.so.1
>>>> (0x0000003354c00000)
>>>>          libsepol.so.1 =>   /lib64/libsepol.so.1 (0x0000003355000000)
>>>>
>>>>
>>>> # ldd /usr/lib64/mozldap/ldappasswd
>>>>          linux-vdso.so.1 =>    (0x00007fffc8bfd000)
>>>>          libssldap60.so =>   /usr/lib64/libssldap60.so
>>>> (0x00002ad042453000)
>>>>          libprldap60.so =>   /usr/lib64/libprldap60.so
>>>> (0x0000003358000000)
>>>>          libldap60.so =>   /usr/lib64/libldap60.so (0x000000335a400000)
>>>>          libldif60.so =>   /usr/lib64/libldif60.so (0x000000335b000000)
>>>>          libsvrcore.so.0 =>   /usr/lib64/libsvrcore.so.0
>>>> (0x0000003354800000)
>>>>          libssl3.so =>   /usr/lib64/libssl3.so (0x000000335a800000)
>>>>          libsmime3.so =>   /usr/lib64/libsmime3.so (0x0000003358c00000)
>>>>          libnss3.so =>   /usr/lib64/libnss3.so (0x0000003357c00000)
>>>>          libsoftokn3.so =>   /usr/lib64/libsoftokn3.so
>>>> (0x00002ad042661000)
>>>>          libplds4.so =>   /usr/lib64/libplds4.so (0x0000003357800000)
>>>>          libplc4.so =>   /usr/lib64/libplc4.so (0x0000003357000000)
>>>>          libnspr4.so =>   /usr/lib64/libnspr4.so (0x0000003357400000)
>>>>          libpthread.so.0 =>   /lib64/libpthread.so.0
>>>> (0x0000003353c00000)
>>>>          libdl.so.2 =>   /lib64/libdl.so.2 (0x0000003353800000)
>>>>          libsasl2.so.2 =>   /usr/lib64/libsasl2.so.2
>>>> (0x0000003356400000)
>>>>          libresolv.so.2 =>   /lib64/libresolv.so.2 (0x0000003355c00000)
>>>>          libstdc++.so.6 =>   /usr/lib64/libstdc++.so.6
>>>> (0x0000003356800000)
>>>>          libm.so.6 =>   /lib64/libm.so.6 (0x0000003354000000)
>>>>          libgcc_s.so.1 =>   /lib64/libgcc_s.so.1 (0x0000003355800000)
>>>>          libc.so.6 =>   /lib64/libc.so.6 (0x0000003353400000)
>>>>          libnssutil3.so =>   /usr/lib64/libnssutil3.so
>>>> (0x0000003356c00000)
>>>>          libz.so.1 =>   /lib64/libz.so.1 (0x0000003354400000)
>>>>          /lib64/ld-linux-x86-64.so.2 (0x0000003353000000)
>>>>          libcrypt.so.1 =>   /lib64/libcrypt.so.1 (0x0000003355400000)
>>>>
>>>>
>>>> When should each be used? Do these separate purposes?
>>>>
>>>> The OS is RHEL 5.7. running 389-ds-1.2.1-1.
>>>
>>>
>>> 389 on RHEL5 still uses mozldap for it's C SDK.  389 also has some
>>> scripts
>>> which depend on the mozldap versions of these commands.
>>>
>>> However, you can use either the mozldap or the openldap command line
>>> tools
>>> for your own use, either is fine.
>>
>> Thanks Rich. Just out of curiosity,  do any of those two binaries have
>> any limitations? For example, one only support applications linked to
>> openssl libraries and other supports apps linked to MOZ NSS libraries?
>
>
> On EL5 openldap tools is built with openssl, and mozldap is built with MOZ
> NSS.
>
> This means that if you want to use TLS/SSL with the openldap tools, you have
> to provide PEM files for TLS_CACERT, TLS_CERT, TLS_KEY, etc.
>
> If you want to use TLS/SSL with the mozldap tools, you have to provide a MOZ
> NSS key/cert db.
>
>
>> Or, both can support all applications regardless of the security
>> libraries they use.
>
>
> If you are planning to use the C SDK directly, then you probably want to use
> the openldap libraries with applications that use openssl, and mozldap with
> applications that use MOZ NSS.  Otherwise, it doesn't really matter - on the
> wire, TLS/SSL is (almost) the same regardless of which implementation you're
> using.


Perfect. Thanks Rich, for that explanation. Helps a lot!

UG.



-- 
upen,
emerge -uD life (Upgrade Life with dependencies)

More information about the 389-users mailing list