Additional requirements and restrictions for secure PACD-LDAP server connections

GSKit is required by LDAP client package

To enable secure sockets layer (SSL) connections between the PACD daemon and the LDAP server, you should install the GSKit package that is required by the LDAP client package. GSKit 7 is required and provided by default on the Caching Proxy machine, but it may not be the version that is required by the LDAP client on the machine. It is possible to use different GSKit versions on the same machine for different processes.

Place the GSKit key file to $pacd_creds_dir/pac_keyring.kdb and the password to $pacd_creds_dir/pac_keyring.pwd.

Note:
For GSKit requirement information on the LDAP server refer to the IBM Tivoli Directory Server (ITDS) documentation at the following Web site: http://www.ibm.com/software/tivoli/products/directory-server/

LD_PRELOAD environment variable must be set for Linux systems

On Linux systems, the LD_PRELOAD environment variable must be configured as follows in order to enable SSL connections between the PACD daemon and the LDAP server. Set the variable to the following value:

LD_PRELOAD=/usr/lib/libstdc++-libc6.1-1.so.2

The GSKit requirement referenced previously in this section also applies to Linux systems.

On Linux systems, the PACD process fails to start when using IBM Tivoli Directory Server (ITDS) 6.0 LDAP client

On Red Hat Enterprise Linux 4.0 systems, the PACD process does not start when Caching Proxy is configured to use the ITDS 6.0 LDAP plug-in for authentication. The following error message results:

"error while loading shared libraries: 
/usr/lib/libldapiconv.so: R_PPC_REL24 relocation at 0x0fb58ad0 
for symbol 'strpbrk' out of range"

There is a current restriction that ITDS 6.0 does not support RHEL 4.0 systems.

On AIX systems, the PAC-LDAP module is unable to load when using IBM Tivoli Directory Server (ITDS) LDAP client

The PACD process does not start on AIX systems due to unresolved links when using the ITDS LDAP client. When starting the PACD process, the following error might occur:

exec(): 0509-036 Cannot load program /usr/sbin/pacd 
because of the following errors: 
0509-022 Cannot load module /usr/lib/libpacman.a.
0509-150 Dependent module libldap.a could not be loaded.
0509-022 Cannot load module libldap.a.    

To work around this problem for ITDS version 5 of the LDAP client, create the following symbolic:

ln -s /usr/lib/libibmldap.a /usr/lib/libldap.a 

To work around this problem for ITDS version 6 of the LDAP client, create the following symbolic:

ln -s /opt/IBM/ldap/V6.0/lib/libibmldap.a /usr/lib/libldap.a