[Fedora-directory-users] getting solaris 8 to talk to FDS
Tay, Gary
Gary_Tay at platts.com
Thu Aug 25 16:36:32 UTC 2005
"ldapclient" result indicates that your "domainame" does not tally with "nisDomain" object in the rootDN entry, it is kind of messy, here and there.
Please re-install with your choice of baseDN, be it dc=composers,dc=foo,dc=com or dc=foo,dc=com.
If you change /etc/defaultdomain, to take immediate effect you may run
# domainname `cat /etc/defaultdomain`
otherwise "ldapclient ..." will do it for you as part of the result.
Use the ACLs I mentioned in previous posting and amend it to suit your need, those ACLs are taken from SUN ONE DS default install (I think they are there after running the "idsconfig" command tool, I wish FDS developers should develope an equivalent "fdsconfig" meant for Solaris Native LDAP Client)
Gary
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com on behalf of Igor
Sent: Thu 8/25/2005 11:34 PM
To: General discussion list for the Fedora Directory server project.
Cc:
Subject: RE: [Fedora-directory-users] getting solaris 8 to talk to FDS
This is gonna be loooong... I just want to thank you guys again for wading thru this
crap...
--- "Tay, Gary" <Gary_Tay at platts.com> wrote:
> ===
> Do you still think I need to change my defaultSearchDN? Also, must those ACLs be added
> still? Because it looks like you're doing a manual config, right?
> ===
> Yes I think you should set baseDN (defaultSearchBase) to dc=composers,dc=foo,dc=com,
> NOT dc=foo,dc=com, it should correspond LDAP domain (nisdomain) name, i.e.
> composers.foo.com, which you set in the rootDN entry nisDomainObject.
well, instead, I got rid of composers altogether.
> Yes set the ACLs to allow proxyAgent to read LDAP DIT.
I have this:
(targetattr = "*") (version 3.0;acl "Allow proxyAgent read access";allow
(read,compare)(userdn = "ldap:///uid=proxyAgent,ou=profile,dc=foo,dc=com");)
> Please re-install FDS7.1 using baseDN=dc=composers,dc=foo,dc=com, and create ldif file
well, I got rid of composers for now. If you say I've to reinstall I will but that'll
probably be my last resort, though.
> Step by step
> # ldapclient -l
bash-2.03# ldapclient -l
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= uid=proxyAgent,ou=profile,dc=foo,dc=com
NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
NS_LDAP_SERVERS= 149.85.70.17
NS_LDAP_SEARCH_BASEDN= dc=foo,dc=com
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=People,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=People,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= netgroup: ou=netgroup,dc=foo,dc=com?one
> # /usr/lib/ldap/ldap_cachemgr -g
> Does it say LDAP cache manager is UP and running?
bash-2.03# /usr/lib/ldap/ldap_cachemgr -g
cachemgr configuration:
server debug level 0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr 15
cachemgr cache data statistics:
Configuration refresh information:
Configured to NO REFRESH.
Server information:
Previous refresh time: 2005/08/25 11:11:57
Next refresh time: 2005/08/25 11:21:57
server: 149.85.70.17, status: UP
Cache data information:
Maximum cache entries: 256
Number of cache entries: 0
> # cat /var/ldap/cachemgr.log
> Any critical error?
bash-2.03# cat /var/ldap/cachemgr.log
Thu Aug 25 11:11:56.9844 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log
Thu Aug 25 11:11:57.0843 sig_ok_to_exit(): parent exiting...
bash-2.03# ps -ef | grep ldap
root 2553 1 0 11:11:56 ? 0:00 /usr/lib/ldap/ldap_cachemgr
So, doesn't look like any errors...
______________________
Also: On the FDS server:
[root at cnyitlin02 slapd-cnyitlin02]# ldapsearch -x | grep compose
defaultServerList: cnyitlin02.composers.foo.com
[root at cnyitlin02 slapd-cnyitlin02]#
That's it, nothing else. However, when I rerun ldapclient -i, I get this:
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "composers.foo.com"
^^^^^^^^^^^^^
file_backup: stat(/var/yp/binding/composers.foo.com)=-1
file_backup: No /var/yp/binding/composers.foo.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname foo.com... success
start: /usr/lib/ldap/ldap_cachemgr... success
start: /etc/init.d/autofs start... success
start: /etc/init.d/nscd start... success
start: /etc/init.d/sendmail start... success
System successfully configured
Where does it get composers from???
It also resets /etc/defaultdomain to composers even though i manually change it to
foo.com
> # ldaplist -l passwd testdba", it should display something like:
Nope.
bash-2.03# ldaplist -l passwd testdba
ldaplist: Object not found
bash-2.03# ldaplist -l passwd
ldaplist: Object not found (LDAP ERROR (50): Insufficient access.)
bash-2.03#
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 9518 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20050826/46bea7a5/attachment.bin>
More information about the Fedora-directory-users
mailing list