[Fedora-directory-users] getting solaris 8 to talk to FDS

Tay, Gary Gary_Tay at platts.com
Thu Aug 25 03:54:40 UTC 2005 

I have successfully configured Solaris8 Native LDAP Client to work
against FDS7.1,  Below are what what I have experienced and observed.

It appears to me that 108993-48 LDAP patch breaks the "ldapclient -P"
command.

1) The "ldapclient -P ..." command line which downloads LDAP profile
from LDAP Server, USED TO WORK VERY WELL is not working anymore.

The following script failed, it will hang at:

...
Starting network services
start: /usr/bin/domainname example.com... Success
<Halt Here>

===
# cat ./ldapclient_download_defaultprofile_sol8.sh
/usr/sbin/ldapclient -v \
   -P default \
   -d example.com \
   -D "cn=proxyagent,ou=profile,dc=example,dc=com" \
   -w "password" \
   192.168.1.168
# As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap
# which contains a bug in "hosts:" entry, we need to repair it
sed -e '/^hosts:/s/ldap.*files$/files dns/' \
    -e '/^passwd:/a\
shadow:     files ldap' \
    /etc/nsswitch.ldap >/etc/nsswitch.work
cp /etc/nsswitch.work /etc/nsswitch.conf
# Refresh Name Service Cache Daemon after repairing /etc/nsswitch.conf
/etc/init.d/nscd stop
/etc/init.d/nscd start
===

2) "ldapclient -i ..." works

===
[root at sins001u5 /var/ldap]# cat ldapclient_init_defaultprofile_sol8.sh
/usr/sbin/ldapclient -v -i -a simple -b dc=example,dc=com -c proxy \
   -D cn=proxyAgent,ou=profile,dc=example,dc=com -w password \
   -S "passwd: ou=People,dc=example,dc=com?one" \
   -S "shadow: ou=People,dc=example,dc=com?one" \
   -S "group: ou=group,dc=example,dc=com?one" \
   -S "netgroup: ou=netgroup,dc=example,dc=com?one" \
   192.168.1.168
echo ...
echo As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap
echo which contains a bug in "hosts:" entry, we need to repair it
sed -e '/^hosts:/s/ldap.*files$/files dns/' \
    -e '/^passwd:/a\
shadow:     files ldap' \
    /etc/nsswitch.ldap >/etc/nsswitch.work
cp /etc/nsswitch.work /etc/nsswitch.conf
echo ...
echo Refresh Name Service Cache Daemon after repairing
/etc/nsswitch.conf
/etc/init.d/nscd stop
/etc/init.d/nscd start
===

Gary

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Justin
Albstmeijer
Sent: Wednesday, August 24, 2005 10:25 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] getting solaris 8 to talk to FDS



My 2 cents

- test with: ldapsearch -h ldapserver.domain.nl -s base -b ""
"objectclass=*" , to see if you can queuery the server.
- make sure the posix account has the "shadowAccount" attribute
- SSHA is default used by FDS for password encyption.. this should be
CRYPT.

import:
------------------------------
dn: cn=config
changetype: modify
replace: passwordstoragescheme
passwordstoragescheme: CRYPT
------------------------------

- make sure to use "simple" instead of "tls:simple" for your initial
tests
- use : ldapclient -v -P default -D
"cn=proxyagent,ou=profile,dc=domain,dc=nl" -d domain.nl -w
proxy_password {ipnumber_ldap_server} , to create the ldap_file &
ldap_cred files
- make sure you run te latest recommended patch cluster.


I'm working on documentation.. maybe I'll have time to publish it
sometime soon.

Justin

> Hi, all.  I've been battling this for days now, with
> no luck.  I've got fds up & running and linux clients authenticating 
> w/o problems.  Solaris has so far been a royal pain.
>
> This is what I've done so far:
> - imported the 2 schemas that a kind soul sent me (dua
> & nis)
> - added the nisDomain object
> - added a few users to test
> - copied the ldap_file & ldap_cred files from Gary
> Tay's site
> - added a default simple profile
> - ran ldap-genprofile to get the NS1 password, put it
> in the cred file.
> - added ldap to the nsswitch.conf
>
> Yet the solaris box doesn't see the ldap server.  In
> the dmesg, I see this:
>
> Aug 24 09:16:34 unknown getent[1506]: [ID 293258
> user.error] libsldap: Status: 7  Mesg: Session error
> no available conn.
> Aug 24 09:18:07 unknown nscd[1498]: [ID 293258
> user.error] libsldap: Status: 7  Mesg: Session error
> no available conn.
> Aug 24 09:18:07 unknown nscd[1498]: [ID 293258
> user.error] libsldap: Status: 7  Mesg: Session error
> no available conn.
>
> Can anybody point me in the right direction?  I'm
> about to start kicking the solaris server...
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page 
> http://www.yahoo.com/r/hs
>
>
> --
> Fedora-directory-users mailing list Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>


--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

More information about the Fedora-directory-users mailing list