[ Yeah Yet Another Ldap Library :-) The more the merrier! ]
Is it possible to put the schema in /usr/share somewhere eg:
/usr/share/openldap/schema/. Not a big issue just seems that they
shouldn't need to be edited.
While I see that the prefix of "o" means Open it reads as
old-apadd, old-apcompare old-adppasswd. Also given the ancient precent
of awk, owak, nawk. Maybe just make the prefix "open" (for the
commands and the man page sections) since that is already used in
/usr/share/doc/openldap/ giving:
openldapadd, openldapcompare, openldappasswd etc.
It may also be useful, but I wouldn't inst on it to have
/usr/lib/openldap/bin/{ldapadd,ldapcompare,ldappasswd,...} this would
allow scripts written to assume OpenLDAP clis to be more easily adapted
to OpenSolaris/Solaris by changing $PATH rather than having to change
every instance of ldapadd etc to the prefixed name.
What is the rationale for starting slapd with root and all privs rather
than having SMF start it as openldap:openldap with basic,net_privaddr ?
The library naming looks strange but as the case says this is what is
used elsewhere, what is recorded as the SONAME in the ELF files ?
Can this OpenLDAP server be used as the LDAP *server* for nss_ldap and
pam_ldap ? If so can instructions for configuring it be provided
somewhere (ideally in /usr/share/doc/openldap but I'd accept
wikis.sun.com, opensolaris.org or blogs.sun.com initially). If it
doesn't work I'd like to see a short outline of what is needed to make
it so.
I don't want it to stop the integration of this case but having the
existing /usr/lib/ldap.so.5 from Mozilla and the OpenLDAP library in the
same process is *highly* toxic and leads to very strange and hard to
debug problems - particularly when using LDAP over SSL/TLS. So I'd
encourage the projects teams management to fund the switch to OpenLDAP
for libsldap and nss_ldap ASAP.
--
Darren J Moffat
