Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:22483
Return-Path: <ckevinj@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 36529 invoked by uid 1010); 16 Mar 2006 13:29:50 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 36514 invoked from network); 16 Mar 2006 13:29:50 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Mar 2006 13:29:50 -0000
X-Host-Fingerprint: 64.233.166.183 pproxy.gmail.com Linux 2.4/2.6
Received: from ([64.233.166.183:57017] helo=pproxy.gmail.com)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id C2/29-55982-E4869144 for <internals@lists.php.net>; Thu, 16 Mar 2006 08:29:50 -0500
Received: by pproxy.gmail.com with SMTP id b36so554553pyb
	for <internals@lists.php.net>; Thu, 16 Mar 2006 05:29:48 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
	b=Nx6Cfi6qfsQxnF5JyxIY7BuE3YT6oCwFZW7Piu7MqWqgFXIYdqfz6x/gy5cW5tw/jVSSwXk9T5fpXL3u4rjOOQDAJ/IKmF9OQsLQ2hKvWhGCuGKmDPwguc2O2tVcJcapHOox+mBinit49oOcU1eZmW3oHAiPh1W7gFXsGswgr3Y=
Received: by 10.35.99.5 with SMTP id b5mr1454692pym;
	Thu, 16 Mar 2006 05:29:47 -0800 (PST)
Received: by 10.35.134.4 with HTTP; Thu, 16 Mar 2006 05:29:47 -0800 (PST)
Message-ID: <8b6fdd1d0603160529q66aeba18hfb0af46bf02d048b@mail.gmail.com>
Date: Thu, 16 Mar 2006 07:29:47 -0600
To: internals@lists.php.net
In-Reply-To: <8b6fdd1d0602240925l47c3a4c0wb6cc7140746ad467@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_3525_28456244.1142515787346"
References: <8b6fdd1d0602240925l47c3a4c0wb6cc7140746ad467@mail.gmail.com>
Subject: Re: php5 posix gid, solaris 10, apache2, ldapclient
From: ckevinj@gmail.com (kjc)

------=_Part_3525_28456244.1142515787346
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

solved!
A co-worker and I have been working this for a long time, and he won't post
his findings for posterity.

While using dtrace we began to suspect that it might be libraries and
linking issues, so he start reading up on other linking issues with Solaris=
.

Here's his findings and the solution:
###############################################################
# THE MOST AWESOME AND GRAND THING... or .... #
# "How to get php to compile with LDAP (proper nsswitch) support on Solaris
10" #
#-------------------------------------------------------------#
###############################################################

1. grep through the entire codebase of php (and any dependency
application you've been trying to build, for inclusion as a
dependency within php), and look for the following string:

-assert pure-text

You'll find this as an LD (linker) argument, which works
on pre-SunOS4.x, but not SunOS5.x (including Solaris 10).

Replace each instance with "-G" instead.

Use gmake instead of make.

Add the library paths, as you'd need them to be using an
LDFLAG like so:

LDFLAG -R/lib-path1:/lib-64-bit-path

This builds the executable with the absolute path of the
libraries it needs, instead of relying on the correct
paths being in the session's LD_LIBRARY_PATH.

2. Pray

On 2/24/06, kjc <ckevinj@gmail.com> wrote:
>
> I posted this yesterday to the install group, but I think maybe it should
> be internals group.
> I am wondering if there is a problem with the getgid, getegid or set
> versions. How can I test this to find the problem?
>
> ----
> I've got a funny issue, and it has been narrowed down to something with
> PHP5 on my Solaris10 boxes.
>
> the S10 boxes are running as LDAP clients (using LDAP instead of NIS) in
> the proxy configuration, pam_unix.
> With the PHP5 module loaded the Apache daemon user does not know of his
> secondary groups from the LDAP, only his primary group (as defined in the
> httpd.conf, not necessarily as handed by the LDAP) plus any local groups
> in /etc/group if there are any. Which I don't want there to be, because
> that's the purpose of using the LDAP.
>
> I took the Apache supplied printenv perl script in cgi-bin and added this
> info to demonstrate the problem:
> print "Data about the running process:<BR>
>   <pre>
>   Real user id       : $<
>   Effective user id  : $>
>   Real group id      : $(
>   Effective group id : $)
>   </pre><br>\n";
>
> The output with PHP5 module loaded, where 99 is a local group and 42 is
> the default group (and in ldap):
>
>   Real user id       : 10
>   Effective user id  : 10
>    Real group id      : 42 99 42
>    Effective group id : 42 99 42
>
> The output without PHP5 loaded:
>
>   Real user id       : 10
>   Effective user id  : 10
>    Real group id      : 42 7000 775 124 60010 602 60009 125 216 60008 42
>    Effective group id : 42 7000 775 124 60010 602 60009 125 216 60008 42
>
>
> I've tried recompiling PHP with and without LDAP libraries, --enable-yp..=
.
> I played with the safe_mod and safe_mode_gid settings, setting them 0,1,
> 1,1, 0,0 and had no change.
>
> I am running both Apache and PHP with full 64bit binaries. That was no
> small feat.
>
> Any ideas or help?
>
> --
> -Kevin
>
>


--
-Kevin

------=_Part_3525_28456244.1142515787346--