On Fri, Oct 12, 2012 at 3:48 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote: > On 10/12/2012 02:42 PM, upen wrote: >> >> On Fri, Oct 12, 2012 at 3:29 PM, Rich Megginson<rmeggins@xxxxxxxxxx> >> wrote: >>> >>> On 10/12/2012 02:11 PM, upen wrote: >>>> >>>> Hi, >>>> >>>> On my system there are two ldappasswd commands. One is in /usr/bin >>>> (provided by: openldap-clients-2.3) and another is in >>>> /usr/lib64/mozldap/ldappasswd (provided by mozldap-tools-6.0.5) . >>>> Could someone please help me understand why there are two? If I run >>>> ldd against them, they are using different shared libraries. >>>> >>>> >>>> >>>> #ldd `which ldappasswd ` >>>> linux-vdso.so.1 => (0x00007fff8ddc3000) >>>> libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 >>>> (0x0000003356800000) >>>> liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 >>>> (0x0000003355800000) >>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 >>>> (0x0000003356400000) >>>> libssl.so.6 => /lib64/libssl.so.6 (0x000000335b800000) >>>> libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003358800000) >>>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000) >>>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000) >>>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000) >>>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000) >>>> libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 >>>> (0x000000335b000000) >>>> libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003359000000) >>>> libcom_err.so.2 => /lib64/libcom_err.so.2 >>>> (0x0000003358400000) >>>> libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 >>>> (0x000000335a000000) >>>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000) >>>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000) >>>> libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 >>>> (0x0000003359c00000) >>>> libkeyutils.so.1 => /lib64/libkeyutils.so.1 >>>> (0x0000003359400000) >>>> libselinux.so.1 => /lib64/libselinux.so.1 >>>> (0x0000003354c00000) >>>> libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003355000000) >>>> >>>> >>>> # ldd /usr/lib64/mozldap/ldappasswd >>>> linux-vdso.so.1 => (0x00007fffc8bfd000) >>>> libssldap60.so => /usr/lib64/libssldap60.so >>>> (0x00002ad042453000) >>>> libprldap60.so => /usr/lib64/libprldap60.so >>>> (0x0000003358000000) >>>> libldap60.so => /usr/lib64/libldap60.so (0x000000335a400000) >>>> libldif60.so => /usr/lib64/libldif60.so (0x000000335b000000) >>>> libsvrcore.so.0 => /usr/lib64/libsvrcore.so.0 >>>> (0x0000003354800000) >>>> libssl3.so => /usr/lib64/libssl3.so (0x000000335a800000) >>>> libsmime3.so => /usr/lib64/libsmime3.so (0x0000003358c00000) >>>> libnss3.so => /usr/lib64/libnss3.so (0x0000003357c00000) >>>> libsoftokn3.so => /usr/lib64/libsoftokn3.so >>>> (0x00002ad042661000) >>>> libplds4.so => /usr/lib64/libplds4.so (0x0000003357800000) >>>> libplc4.so => /usr/lib64/libplc4.so (0x0000003357000000) >>>> libnspr4.so => /usr/lib64/libnspr4.so (0x0000003357400000) >>>> libpthread.so.0 => /lib64/libpthread.so.0 >>>> (0x0000003353c00000) >>>> libdl.so.2 => /lib64/libdl.so.2 (0x0000003353800000) >>>> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 >>>> (0x0000003356400000) >>>> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003355c00000) >>>> libstdc++.so.6 => /usr/lib64/libstdc++.so.6 >>>> (0x0000003356800000) >>>> libm.so.6 => /lib64/libm.so.6 (0x0000003354000000) >>>> libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003355800000) >>>> libc.so.6 => /lib64/libc.so.6 (0x0000003353400000) >>>> libnssutil3.so => /usr/lib64/libnssutil3.so >>>> (0x0000003356c00000) >>>> libz.so.1 => /lib64/libz.so.1 (0x0000003354400000) >>>> /lib64/ld-linux-x86-64.so.2 (0x0000003353000000) >>>> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003355400000) >>>> >>>> >>>> When should each be used? Do these separate purposes? >>>> >>>> The OS is RHEL 5.7. running 389-ds-1.2.1-1. >>> >>> >>> 389 on RHEL5 still uses mozldap for it's C SDK. 389 also has some >>> scripts >>> which depend on the mozldap versions of these commands. >>> >>> However, you can use either the mozldap or the openldap command line >>> tools >>> for your own use, either is fine. >> >> Thanks Rich. Just out of curiosity, do any of those two binaries have >> any limitations? For example, one only support applications linked to >> openssl libraries and other supports apps linked to MOZ NSS libraries? > > > On EL5 openldap tools is built with openssl, and mozldap is built with MOZ > NSS. > > This means that if you want to use TLS/SSL with the openldap tools, you have > to provide PEM files for TLS_CACERT, TLS_CERT, TLS_KEY, etc. > > If you want to use TLS/SSL with the mozldap tools, you have to provide a MOZ > NSS key/cert db. > > >> Or, both can support all applications regardless of the security >> libraries they use. > > > If you are planning to use the C SDK directly, then you probably want to use > the openldap libraries with applications that use openssl, and mozldap with > applications that use MOZ NSS. Otherwise, it doesn't really matter - on the > wire, TLS/SSL is (almost) the same regardless of which implementation you're > using. Perfect. Thanks Rich, for that explanation. Helps a lot! UG. -- upen, emerge -uD life (Upgrade Life with dependencies) -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
