[Freeipa-users] openindiana ldap client
Sigbjorn Lie
sigbjorn at nixtra.com
Sun Sep 9 20:25:59 UTC 2012
On 09/07/2012 08:38 PM, Dmitri Pal wrote:
> On 09/02/2012 12:58 PM, Sigbjorn Lie wrote:
>> On 09/02/2012 04:37 PM, Natxo Asenjo wrote:
>>> hi,
>>>
>>> Recently I have been playing with the zfs for its native nfs4 acl
>>> capabilities. I have used openindiana for this. For those wondering
>>> about openindiana, it is a distribution of the former opensolaris code.
>>>
>>> I got the ldap client to work for retrieveing user/group info from
>>> ipa using the ldapclient command:
>>>
>>> # ldapclient manual \
>>> -a authenticationMethod=none \
>>> -a defaultSearchBase=*dc=ipa,dc=asenjo,dc=nx* \
>>> -a domainName=*ipa.asenjo.nx* \
>>> -a defaultServerList=kdc.ipa.asenjo.nx \
>>> -a serviceSearchDescriptor='passwd:dc=ipa,dc=asenjo,dc=nx?sub' \
>>> -a serviceSearchDescriptor='group:dc=ipa,dc=asenjo,dc=nx?sub' [enter]
>>>
>>> you need to enable the ldap/client service:
>>>
>>> # svcadm enable ldap/client:default [enter]
>>>
>>> After which, modify /etc/nsswitch.conf to add the ldap provider for
>>> passwd and group:
>>>
>>> passwd: files ldap
>>> group: files ldap
>>>
>>> That's it, test it:
>>>
>>> # id admin
>>> uid=642800000(admin) gid=642800000(admins) groups=642800000(admins)
>>>
>>> # getent passwd admin
>>> admin:x:642800000:642800000:Administrator:/home/admin:/bin/bash
>>>
>>> So it works. The kerberos stuff will be next ...
>>>
>>> One thing I have not yet gotten to work is that these changes are
>>> not persistent accross reboots. The ldapclient config stays, but the
>>> service ldap/client does not start (stays disabled) and
>>> nsswitch.conf missess the ldap entries. So far I am fixing this from
>>> cfengine (gotta love it).
>>>
>>> So apparently, for solaris 10 and newer versions, the procedure
>>> outlined in http://freeipa.com/page/ConfiguringSolarisClients is no
>>> longer necessary as far as the ldap client is concerned.
>>>
>>>
>>> --
>>> Groeten,
>>> natxo
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Hi,
>>
>> I'm using Nexenta as an IPA client, another derivative of
>> OpenSolaris. I use a DUAProfile with ldapclient. This stays
>> configured and the ldap/client service is enabled across reboots.
>>
>>
>> There is a DUAProfile included by default with IPA, but it requires
>> some tweaking to support more than just the basic features. See this
>> bugzilla for a more comprehensive example:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=815515
>>
>>
>> There is also some more info about configuring Solaris clients in
>> this bugzilla:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=815533
>
> Siggi, can you please review
> http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html
> and confirm that this is correct and has the latest?
>
> If you find some inconsistency would mind filing a fedora doc bug?
There are some issues in that document.
I have been working with Rob with regards to the previous 2 bugzilla doc
bug's I opened:
https://bugzilla.redhat.com/show_bug.cgi?id=815533
https://bugzilla.redhat.com/show_bug.cgi?id=815515
These BZ covers configuring a DUA profile and configuring Solaris 10 as
an IPA client.
I presume Rob's work will become the new Solaris 10 IPA Client
documentation for both Fedora and RHEL?
Rgds,
Siggi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120909/afa0010d/attachment.htm>
More information about the Freeipa-users
mailing list