OpenLDAP Faq-O-Matic : OpenLDAP Software FAQ : Installation : Platform Hints : Sun Microsystems Solaris :
"result.c" patch IS NOT REALLY required if "ldapclient manul" is usedThis patch works only for OpenLDAP 2.1.X, not 2.2.X, is it really required?
------------------------------------------------ Here it goes.
First apply the patch below to OpenLDAP. This patch allows OpenLDAP to return all root DSE attributes without explicitely specifying attribute list in a query. Kurt, please let me know if I am missing something.
--- servers/slapd/result.c.orig Fri Sep 8 12:59:11 2000 +++ servers/slapd/result.c Fri Sep 8 18:38:50 2000 @@ -628,8 +628,10 @@
/* all addrs request, skip operational attributes */
if( is_at_operational( desc->ad_type ) )
{
- continue;
- }
+ if (strcasecmp( e->e_dn, LDAP_ROOT_DSE )) {
+ continue;
+ }
+ }
@@ -700,7 +702,9 @@
} else { /* specific addrs requested */
if ( attrs == NULL ) {
/* all addrs request, skip operational attributes */
if( is_at_operational( desc->ad_type ) ) {
- continue;
+ if (strcasecmp( e->e_dn, LDAP_ROOT_DSE )) {
+ continue;
+ }
}------------------------------------------------
} else {
NO, it isn't, in my opinion.
This "old" result.c patch only works for the old OpenLDAP 2.1.X. It is used as "ldapclient init" command which is used to initialise Solaris9/8 Native LDAP Client against OpenLDAP Server fails due to error message something like "Can't find ROOT_DSE".
For the new OpenLDAP 2.2.X, this patch IS NOT REALLY needed if you use "ldapclient manual" command to initialise the Solarir9/8 Native LDAP Client against OpenLDAP 2.2.X Server. Below are two examples, one for Solaris9, the other Solaris8 (you need LDAPv2 patch 108993 for Solaris8).
Solaris9:
/usr/sbin/ldapclient -v manual -a profileName=default -a domainName=example.com \ -a defaultSearchBase=dc=example,dc=com \ -a proxyDn=cn=proxyagent,ou=profile,dc=example,dc=com \ -a proxyPassword=password 192.168.1.168 # As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap # which contains a bug in "hosts:" entry, we need to repair it sed -e '/^hosts:/s/ldap.*files$/files dns/' \
-e '/^passwd:/a\shadow: files ldap' \
/etc/nsswitch.ldap >/etc/nsswitch.workcp /etc/nsswitch.work /etc/nsswitch.conf # Refresh Name Service Cache Daemon after repairing /etc/nsswitch.conf /etc/init.d/nscd stop /etc/init.d/nscd start
Solaris8:
/usr/sbin/ldapclient -v \
-P default \ -d example.com \ -D "cn=proxyagent,ou=profile,dc=example,dc=com" \ -w "password" \ 192.168.1.168# As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap # which contains a bug in "hosts:" entry, we need to repair it sed -e '/^hosts:/s/ldap.*files$/files dns/' \
-e '/^passwd:/a\shadow: files ldap' \
/etc/nsswitch.ldap >/etc/nsswitch.workcp /etc/nsswitch.work /etc/nsswitch.conf # Refresh Name Service Cache Daemon after repairing /etc/nsswitch.conf /etc/init.d/nscd stop /etc/init.d/nscd start
Of couse, prior to running the above script(s), you should have already created the "default" profile in OpenLDAP Server using DUAConfigProfile.schema and "ldapadd ... -f default.ldif" where default.ldif looks something like:
dn: cn=default,ou=profile,dc=example,dc=com ObjectClass: top ObjectClass: DUAConfigProfile defaultServerList: ldap1.example.com ldap2.example.com defaultSearchBase: dc=example,dc=com authenticationMethod: simple followReferrals: FALSE defaultSearchScope: one searchTimeLimit: 30 profileTTL: 43200 bindTimeLimit: 10 cn: default credentialLevel: proxy serviceSearchDescriptor: passwd: ou=People,dc=example,dc=com?one serviceSearchDescriptor: group: ou=group,dc=example,dc=com?one serviceSearchDescriptor: shadow: ou=People,dc=example,dc=com?one serviceSearchDescriptor: netgroup: ou=Netgroup,dc=example,dc=com?one
Gary
gary_tay@platts.com
http://www.openldap.org/lists/openldap-software/200503/msg00089.html
Gary
gary_tay@platts.com