[Freeipa-users] openindiana ldap client
Sigbjorn Lie
sigbjorn at nixtra.com
Sun Sep 2 16:58:01 UTC 2012
On 09/02/2012 04:37 PM, Natxo Asenjo wrote:
> hi,
>
> Recently I have been playing with the zfs for its native nfs4 acl
> capabilities. I have used openindiana for this. For those wondering
> about openindiana, it is a distribution of the former opensolaris code.
>
> I got the ldap client to work for retrieveing user/group info from ipa
> using the ldapclient command:
>
> # ldapclient manual \
> -a authenticationMethod=none \
> -a defaultSearchBase=*dc=ipa,dc=asenjo,dc=nx* \
> -a domainName=*ipa.asenjo.nx* \
> -a defaultServerList=kdc.ipa.asenjo.nx \
> -a serviceSearchDescriptor='passwd:dc=ipa,dc=asenjo,dc=nx?sub' \
> -a serviceSearchDescriptor='group:dc=ipa,dc=asenjo,dc=nx?sub' [enter]
>
> you need to enable the ldap/client service:
>
> # svcadm enable ldap/client:default [enter]
>
> After which, modify /etc/nsswitch.conf to add the ldap provider for
> passwd and group:
>
> passwd: files ldap
> group: files ldap
>
> That's it, test it:
>
> # id admin
> uid=642800000(admin) gid=642800000(admins) groups=642800000(admins)
>
> # getent passwd admin
> admin:x:642800000:642800000:Administrator:/home/admin:/bin/bash
>
> So it works. The kerberos stuff will be next ...
>
> One thing I have not yet gotten to work is that these changes are not
> persistent accross reboots. The ldapclient config stays, but the
> service ldap/client does not start (stays disabled) and nsswitch.conf
> missess the ldap entries. So far I am fixing this from cfengine (gotta
> love it).
>
> So apparently, for solaris 10 and newer versions, the procedure
> outlined in http://freeipa.com/page/ConfiguringSolarisClients is no
> longer necessary as far as the ldap client is concerned.
>
>
> --
> Groeten,
> natxo
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
I'm using Nexenta as an IPA client, another derivative of OpenSolaris. I
use a DUAProfile with ldapclient. This stays configured and the
ldap/client service is enabled across reboots.
There is a DUAProfile included by default with IPA, but it requires some
tweaking to support more than just the basic features. See this bugzilla
for a more comprehensive example:
https://bugzilla.redhat.com/show_bug.cgi?id=815515
There is also some more info about configuring Solaris clients in this
bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=815533
The ldap/client service is enabled when you run the ldapclient script.
There should be no need for doing this manually. When you run
ldapclient, run it with the -v flag and look for errors.
After a reboot, what does "svcs -xv ldap/client" output?
Is the services is depend on in online state? "svcs -d ldap/client"
What does /var/svc/log/network-ldap-client:default.log display after a
reboot?
What files do you have in /var/ldap?
What is the content of the /var/ldap/ldap_client_file?
Regards,
Siggi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120902/fe76c448/attachment.htm>
More information about the Freeipa-users
mailing list