nss_ldap

The resolution of the entities defined in RFC 2307 is generally performed by a set of UNIX C library calls (such as getpwnam() to return the attributes of a user). The nss_ldap module provides the means for Solaris and Linux workstations to this information (such as users, hosts, and groups) from LDAP directories. The module is the reference implementation of RFC 2307, and has been studied by vendors such as Sun (who developed the original Name Service Switch interface).

Key Benefits

• Support for the RFC 2307/RFC 2307bis (including netgroups and automounts) as well as user-defined schema
• Common implementation across platforms
• Support for Kerberos and SSL authentication, integrity and privacy
• Configuration file compatibility with pam_ldap
• Bootstraps from the DNS using SRV records
• Support for AIX, glibc, IRS and ONC+ name service switches
• Support for RFC 2307bis groups (including nested groups)
• Specific Active Directory support including incremental retrieval of multi-valued attributes
• Directory-based authentication for platforms that lack PAM (AIX 4.3.3)

Requirements

The nss_ldap module supports the following platforms:

• AIX 4.3.3 and above
• FreeBSD 5.1
• HP-UX 11i
• Linux
• Solaris 2.6 and above (automount support requires Solaris 8 or above)

In addition, nss_ldap requires an LDAP client library, and (optionally) a SASL library compatible with the Cyrus SASL API.

Availability

The software is distributed under the terms of the GNU Lesser General Public License. Please familiarize yourself with the license before downloading the software. Alternative licenses are available through our relicensing program.

The current version is available by FTP, or HTTP.