[Freeipa-users] Solaris client configuration for FreeIPA 1.2
Rob Crittenden
rcritten at redhat.com
Mon Feb 2 15:32:00 UTC 2009
Marc Richards wrote:
> I read on this list that as of v1.2 the native Solaris 10 nss_ldap
> library can be used. What are the modifications requiered for that to
> work?
>
> I tried installing the freeipa nss_ldap by following the instructions at
> http://www.freeipa.org/page/ConfiguringSolarisClients, but it looks like
> the native library is already installed and I am no Solaris expert so I
> would rather leave the native library in place. I've seen mention of
> /var/ldap/ldap_client_file in this document
> (http://freeipa.org/page/ConfiguringUnixClients), but seeing as how it
> doesn't include any kerberos information, I am assuming it is no longer
> relevant.
With freeIPA v1.2+ you don't need our nss_ldap any more. The native one
will work fine. The issue was the way the native nss_ldap expected
groups to work. The compatibility plugin solves this for us.
Configuring a native Solaris server should be as simple as:
[ on the IPA server ]
# ipa-compat-manage enable
# service restart dirsrv
[ on the Solaris client ]
# ldapclient init ipa.example.com
When you installed IPA we created a default profile that should
configure your client. Note that Solaris is a bit silly when it comes to
LDAP. It assumes that if you want to use LDAP for anything you want to
use it for EVERYTHING. So you'll need to edit /etc/nsswitch.conf after
running ldapclient and fix the hosts and ipnodes. They got set to ldap
and should probably be "files dns", depending on your network.
rob
More information about the Freeipa-users
mailing list