To enable secure sockets layer (SSL) connections between the PACD daemon and the LDAP server, you should install the GSKit package that is required by the LDAP client package. GSKit 7 is required and provided by default on the Caching Proxy machine, but it may not be the version that is required by the LDAP client on the machine. It is possible to use different GSKit versions on the same machine for different processes.
Place the GSKit key file to $pacd_creds_dir/pac_keyring.kdb and the password to $pacd_creds_dir/pac_keyring.pwd.
On Linux systems, the LD_PRELOAD environment variable must be configured as follows in order to enable SSL connections between the PACD daemon and the LDAP server. Set the variable to the following value:
LD_PRELOAD=/usr/lib/libstdc++-libc6.1-1.so.2
The GSKit requirement referenced previously in this section also applies to Linux systems.
On Red Hat Enterprise Linux 4.0 systems, the PACD process does not start when Caching Proxy is configured to use the ITDS 6.0 LDAP plug-in for authentication. The following error message results:
"error while loading shared libraries: /usr/lib/libldapiconv.so: R_PPC_REL24 relocation at 0x0fb58ad0 for symbol 'strpbrk' out of range"
There is a current restriction that ITDS 6.0 does not support RHEL 4.0 systems.
The PACD process does not start on AIX systems due to unresolved links when using the ITDS LDAP client. When starting the PACD process, the following error might occur:
exec(): 0509-036 Cannot load program /usr/sbin/pacd because of the following errors: 0509-022 Cannot load module /usr/lib/libpacman.a. 0509-150 Dependent module libldap.a could not be loaded. 0509-022 Cannot load module libldap.a.
To work around this problem for ITDS version 5 of the LDAP client, create the following symbolic:
ln -s /usr/lib/libibmldap.a /usr/lib/libldap.a
To work around this problem for ITDS version 6 of the LDAP client, create the following symbolic:
ln -s /opt/IBM/ldap/V6.0/lib/libibmldap.a /usr/lib/libldap.a