I have successfully configured Solaris8 Native LDAP Client to work against FDS7.1, Below are what what I have experienced and observed.
It appears to me that 108993-48 LDAP patch breaks the "ldapclient -P" command.
1) The "ldapclient -P ..." command line which downloads LDAP profile from LDAP Server, USED TO WORK VERY WELL is not working anymore.
The following script failed, it will hang at:
... Starting network services start: /usr/bin/domainname example.com... Success <Halt Here>
=== # cat ./ldapclient_download_defaultprofile_sol8.sh /usr/sbin/ldapclient -v \ -P default \ -d example.com \ -D "cn=proxyagent,ou=profile,dc=example,dc=com" \ -w "password" \ 192.168.1.168 # As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap # which contains a bug in "hosts:" entry, we need to repair it sed -e '/^hosts:/s/ldap.*files$/files dns/' \ -e '/^passwd:/a\ shadow: files ldap' \ /etc/nsswitch.ldap >/etc/nsswitch.work cp /etc/nsswitch.work /etc/nsswitch.conf # Refresh Name Service Cache Daemon after repairing /etc/nsswitch.conf /etc/init.d/nscd stop /etc/init.d/nscd start ===
2) "ldapclient -i ..." works
=== [root@sins001u5 /var/ldap]# cat ldapclient_init_defaultprofile_sol8.sh /usr/sbin/ldapclient -v -i -a simple -b dc=example,dc=com -c proxy \ -D cn=proxyAgent,ou=profile,dc=example,dc=com -w password \ -S "passwd: ou=People,dc=example,dc=com?one" \ -S "shadow: ou=People,dc=example,dc=com?one" \ -S "group: ou=group,dc=example,dc=com?one" \ -S "netgroup: ou=netgroup,dc=example,dc=com?one" \ 192.168.1.168 echo ... echo As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap echo which contains a bug in "hosts:" entry, we need to repair it sed -e '/^hosts:/s/ldap.*files$/files dns/' \ -e '/^passwd:/a\ shadow: files ldap' \ /etc/nsswitch.ldap >/etc/nsswitch.work cp /etc/nsswitch.work /etc/nsswitch.conf echo ... echo Refresh Name Service Cache Daemon after repairing /etc/nsswitch.conf /etc/init.d/nscd stop /etc/init.d/nscd start ===
Gary
-----Original Message----- From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Justin Albstmeijer Sent: Wednesday, August 24, 2005 10:25 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] getting solaris 8 to talk to FDS
My 2 cents
- test with: ldapsearch -h ldapserver.domain.nl -s base -b "" "objectclass=*" , to see if you can queuery the server. - make sure the posix account has the "shadowAccount" attribute - SSHA is default used by FDS for password encyption.. this should be CRYPT.
import: ------------------------------ dn: cn=config changetype: modify replace: passwordstoragescheme passwordstoragescheme: CRYPT ------------------------------
- make sure to use "simple" instead of "tls:simple" for your initial tests - use : ldapclient -v -P default -D "cn=proxyagent,ou=profile,dc=domain,dc=nl" -d domain.nl -w proxy_password {ipnumber_ldap_server} , to create the ldap_file & ldap_cred files - make sure you run te latest recommended patch cluster.
I'm working on documentation.. maybe I'll have time to publish it sometime soon.
Justin
Hi, all. I've been battling this for days now, with no luck. I've got fds up & running and linux clients authenticating w/o problems. Solaris has so far been a royal pain.
This is what I've done so far:
- imported the 2 schemas that a kind soul sent me (dua
& nis)
- added the nisDomain object
- added a few users to test
- copied the ldap_file & ldap_cred files from Gary
Tay's site
- added a default simple profile
- ran ldap-genprofile to get the NS1 password, put it
in the cred file.
- added ldap to the nsswitch.conf
Yet the solaris box doesn't see the ldap server. In the dmesg, I see this:
Aug 24 09:16:34 unknown getent[1506]: [ID 293258 user.error] libsldap: Status: 7 Mesg: Session error no available conn. Aug 24 09:18:07 unknown nscd[1498]: [ID 293258 user.error] libsldap: Status: 7 Mesg: Session error no available conn. Aug 24 09:18:07 unknown nscd[1498]: [ID 293258 user.error] libsldap: Status: 7 Mesg: Session error no available conn.
Can anybody point me in the right direction? I'm about to start kicking the solaris server...
Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
- The "ldapclient -P ..." command line which downloads LDAP profile
from LDAP Server, USED TO WORK VERY WELL is not working anymore.
Strange Gary, "ldapclient -P ..." still works fine for me on Solaris 8 (108993-48), with FDS 7.1.
389-users@lists.fedoraproject.org