[Fedora-directory-users] getting solaris 8 to talk to FDS
Tay, Gary
Gary_Tay at platts.com
Thu Aug 25 03:54:40 UTC 2005
I have successfully configured Solaris8 Native LDAP Client to work
against FDS7.1, Below are what what I have experienced and observed.
It appears to me that 108993-48 LDAP patch breaks the "ldapclient -P"
command.
1) The "ldapclient -P ..." command line which downloads LDAP profile
from LDAP Server, USED TO WORK VERY WELL is not working anymore.
The following script failed, it will hang at:
...
Starting network services
start: /usr/bin/domainname example.com... Success
<Halt Here>
===
# cat ./ldapclient_download_defaultprofile_sol8.sh
/usr/sbin/ldapclient -v \
-P default \
-d example.com \
-D "cn=proxyagent,ou=profile,dc=example,dc=com" \
-w "password" \
192.168.1.168
# As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap
# which contains a bug in "hosts:" entry, we need to repair it
sed -e '/^hosts:/s/ldap.*files$/files dns/' \
-e '/^passwd:/a\
shadow: files ldap' \
/etc/nsswitch.ldap >/etc/nsswitch.work
cp /etc/nsswitch.work /etc/nsswitch.conf
# Refresh Name Service Cache Daemon after repairing /etc/nsswitch.conf
/etc/init.d/nscd stop
/etc/init.d/nscd start
===
2) "ldapclient -i ..." works
===
[root at sins001u5 /var/ldap]# cat ldapclient_init_defaultprofile_sol8.sh
/usr/sbin/ldapclient -v -i -a simple -b dc=example,dc=com -c proxy \
-D cn=proxyAgent,ou=profile,dc=example,dc=com -w password \
-S "passwd: ou=People,dc=example,dc=com?one" \
-S "shadow: ou=People,dc=example,dc=com?one" \
-S "group: ou=group,dc=example,dc=com?one" \
-S "netgroup: ou=netgroup,dc=example,dc=com?one" \
192.168.1.168
echo ...
echo As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap
echo which contains a bug in "hosts:" entry, we need to repair it
sed -e '/^hosts:/s/ldap.*files$/files dns/' \
-e '/^passwd:/a\
shadow: files ldap' \
/etc/nsswitch.ldap >/etc/nsswitch.work
cp /etc/nsswitch.work /etc/nsswitch.conf
echo ...
echo Refresh Name Service Cache Daemon after repairing
/etc/nsswitch.conf
/etc/init.d/nscd stop
/etc/init.d/nscd start
===
Gary
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Justin
Albstmeijer
Sent: Wednesday, August 24, 2005 10:25 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] getting solaris 8 to talk to FDS
My 2 cents
- test with: ldapsearch -h ldapserver.domain.nl -s base -b ""
"objectclass=*" , to see if you can queuery the server.
- make sure the posix account has the "shadowAccount" attribute
- SSHA is default used by FDS for password encyption.. this should be
CRYPT.
import:
------------------------------
dn: cn=config
changetype: modify
replace: passwordstoragescheme
passwordstoragescheme: CRYPT
------------------------------
- make sure to use "simple" instead of "tls:simple" for your initial
tests
- use : ldapclient -v -P default -D
"cn=proxyagent,ou=profile,dc=domain,dc=nl" -d domain.nl -w
proxy_password {ipnumber_ldap_server} , to create the ldap_file &
ldap_cred files
- make sure you run te latest recommended patch cluster.
I'm working on documentation.. maybe I'll have time to publish it
sometime soon.
Justin
> Hi, all. I've been battling this for days now, with
> no luck. I've got fds up & running and linux clients authenticating
> w/o problems. Solaris has so far been a royal pain.
>
> This is what I've done so far:
> - imported the 2 schemas that a kind soul sent me (dua
> & nis)
> - added the nisDomain object
> - added a few users to test
> - copied the ldap_file & ldap_cred files from Gary
> Tay's site
> - added a default simple profile
> - ran ldap-genprofile to get the NS1 password, put it
> in the cred file.
> - added ldap to the nsswitch.conf
>
> Yet the solaris box doesn't see the ldap server. In
> the dmesg, I see this:
>
> Aug 24 09:16:34 unknown getent[1506]: [ID 293258
> user.error] libsldap: Status: 7 Mesg: Session error
> no available conn.
> Aug 24 09:18:07 unknown nscd[1498]: [ID 293258
> user.error] libsldap: Status: 7 Mesg: Session error
> no available conn.
> Aug 24 09:18:07 unknown nscd[1498]: [ID 293258
> user.error] libsldap: Status: 7 Mesg: Session error
> no available conn.
>
> Can anybody point me in the right direction? I'm
> about to start kicking the solaris server...
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
> --
> Fedora-directory-users mailing list Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
More information about the Fedora-directory-users
mailing list