Hello everyone --
There does not appear to be a single consolidated document that will take a
freshly installed solaris 2.6/7/8/9 system and end up with a working openldap
configuration for use as a replacement for NIS, etc.
I'm looking for some information to get openldap to *really* work with solaris.
I'm looking for information that works, not references to articles that
don't provide bits and pieces of things that don't really work or work anymore.
I've searched the net, the web mailing lists, sites, READMEs, HOWTOs and whatnot
but all documentation appears to be broken. I'm pretty sure more people would
adopt openldap if there was a single working documentation item for it.
Here is what I am looking for:
(1) Definitive solaris / nis schema. There seem to be at least 3 versions out there
-- which is meant to work for 2003 on w/ openldap 2.1.2+ etc.? ie: if you're
going to hose schema with "is operational" stuff, at least state how to FIX this for
those who are not ldap (schema) developers can figure it out.
(2) What is needed to get solaris to use openldap (pam_ldap? nss_ldap?)? instead of
saying do 50,000 things and you'll have all the bells and whistles, why not say:
(a) here's how to boot strap
(.) here's how to UNDO the boot strap
(b) here's how to add function X to the boot strap
(.) here's how to UNDO function X to the boot strap
etc.
(3) free/opensource (graphical) method of browsing the LDAP system...
with editor. The Editor would preferably show SCHEMA TEMPLATES so you don't
have to guess what's allowed, what the structure is, etc. lbe seems to be
neat -- but how to you see the schema? you have to add an entry and then
view values -- great, but how do you know what values to add? I have searched
every item and every value and I can't find "nisDomainObject" -- yet I can
simple "type" it in, and attempt to add it, but it tells me that nDO *must*
nD -- but I can't figure out how to add nD to the declaration! The ldapadds
with nDO and nD simply give the cryptic "ldap_add_s: Object class violation"
error message (which seems to have 1 or 2 hits on the web, with NO stated
fix or method on what to look for to fix).
Please send me emails direct and I'll summarize (maybe even do #2 ... etc).
Thank you.
Scott
------------
extra info:
system info: solaris 2.8, openldap 2.1.2, openssl.0.9.7, pam_ldap-157 (didn't compile
without hacking it), nss_ldap-203, db4.1.25 (breaks apache 2.0.43 at one spot?),
krb5-1.2.7, etc.
WHAT is the definitive schema?
If you use old ones, you get:
/usr/local/etc/openldap/schema/core.schema: line 35: attribute type "2.5.18.1" is operational
if you attempt to fix that, you get:
/usr/local/etc/openldap/schema/cosine.schema: line 399: Syntax not found: "1.3.6.1.4.1.1466.115.121.1.53"
If you use new schema, you can't add nisDomainObjects!!!!
...
Why trying to add this .ldif file:
dn: dc=a,dc=company,dc=com
objectClass: top
objectClass: dcObject
objectClass: nisDomainObject
dc: company
nisDomain: nisname
All ldapadd will say is: ldap_add_s: Object class violation
Every single time. change "dcObject" to "organization" .. same error.
remove the "dc" line.. same error. Add an "o: company" .. same error.
every combination that was found on a web page gave the same error.
This appeared to work with openldap 20010926 and 20020215, but not with
20030107! (The earlier versions were nearly impossible to get tls to
compile!!! the recent gets tls to compile, but now can't add nisDomainObject!)
I get the picture there's an object class violation -- but how does ones
find out how to correct this error? What exactly is the violation?
...
At 11:03 AM 2002-09-19, Robert Liesenfeld wrote:
>dn: dc=mycompany,dc=com
>objectClass: top
>objectClass: dcObject
>objectClass: nisDomainObject
>dc: mycompany
>nisDomain: mycompany.com
>
>And slapadd stubbornly gives me the following error message:
>
>slapadd: dn="dc=mycompany,dc=com" (line=7): no structural object classes provided
Add a structural object class.... like, maybe 'organization'.
See the Quick Start Guide for an example.
Kurt
The quick start gives command line options that don't work.
The quick start gives example .ldif files that don't work.
Sometimes the options given in the quickstart cause ldapadd to core.
...
Each one of these is either outdated or doesn't lead to a working system:
http://www.ucf.ics.uci.edu/~jerenk/solaris8_ldap.html -- depends on a working ldap server.
http://www.ypass.net/solaris8/openldap/introtoldap.html -- fails at trying to create
nisDomainObject, etc. dangerous unnecessary crle, etc.
http://www.bolthole.com/solaris/LDAP.html -- fails at the ldap population part -- schema
not complete.
**********************************************************************
This communication is confidential and is intended only for the person to whom it is addressed. If you are not that person you are not permitted to make use of the information and you are requested to notify Commerzbank Aktiengesellschaft, New York Branch immediately that you have received it and then to destroy the copy in your possession. Views expressed in this e-mail do not necessarily reflect the views of Commerzbank AG.
**********************************************************************