> Perhaps this is because there is no single set of steps that will work in all
> situations. A "freshly installed solaris" system behaves much differently
> from a fully patched system. Also, since you make a point of this being year
> 2003, why should anyone bother with a freshly installed solaris 2.6 system?
> Certainly getting solaris 2.6 working smoothly with PADL's pam_ldap and
> nss_ldap is more trouble than it's worth.
My point is only that HOWTOs are quickly approaching
"here, just install this RPM and it will work and if it doesn't, oh well"
Sometimes saying "if you want this, you need to do this"
or
"if you get this error, you should investigate this"
Yes, I would like to write a document like this. In fact, I wrote one for
my attempt at openldap a year ago exactly. Now I'm working on one for
this year. *IF* I ever get it all working, I'd be glad to share. But, yes,
I don't want to make the situation worse by putting out bad info.
The reason people use 2.6 is because perhaps things are only certified
against that... etc, whatever. The microsoft answer of just "upgrade"
is not sufficient. Anyway, I only use solaris 8 and soon 9, but what
about other people?
> the modules again. So again, in my experience, 2.7 is also more trouble than
> it's worth.
most solaris people tend to say even releases... 6, 8, 10... etc. I've seen
production 2.6 and 8... but never 7, 9 or 10...
> At a guess, most people who install Solaris and need LDAP will just use
> whatever bits Sun bundled. It is more voluminously documented, and doesn't
> require you to set up a comprehensive build environment before you can use
> it. This to me may be a significant reason why you haven't seen more/better
> documentation in this area. And of course, Sun has just plain made it next to
> impossible to come up with a single cookbook procedure that will work in all
> cases.
I agree in all cases. So, I guess my question is -- am I the only one
using solaris 8 and openldap? (and the other versions that I posted in
my original message?) and... as I said... perhaps more sun people WOULD
adopt opendldap -- IF there was a single... working... documentation and
not a web of [bad] links to outdated info.
> The only way anything improves is when someone motivated enough makes it
> improve. And of course, said motivated person needs to actually know
> something about the subject matter, otherwise they just make a bad situation
> worse. (Much of the documentation on the web does the latter.) So if you
> haven't found any documentation that meets your needs, this is a strong
> signal that you need to write such a document yourself. And if you don't know
> how to yet, then you need to exert the energy to learn sufficiently to make
> it happen. The fact that no one else has done so yet implies that no one else
> has been sufficiently motivated or knowledgeable yet.
> In the meantime, the simplest solution may just be to purchase ypldapd from
> PADL and avoid the abovementioned problems entirely.
I am not interestd in simple or cheap -- I am interested in solving problems
and gettings things to work. I resisted sending a message to the net for
over a year, but now I have and only because there still isn't any decent
documentation.
Perhaps this is a complaint, but again, I'm more than willing to share the
information that I put together -- provided it ever works. Systems like
twiki would be wonderful to allow people to add to a document -- but I do not
have a web system on the net any loger to provide this... perhaps I'll look
around for a free twiki server.
So, on to my questions -- do you know of any visual tools? is lbe the best?
it's not easy to find! are there others? what do you use? attacking me
may be fun, but I'm more interested in any information you want to share.
---
What I have found is that it appears that I need to add:
objectClass: organization
and later:
o: myorg
to each and every entry into ldap. This doesn't seem to be documented,
but it's strongly hinted at with statements like "perhaps add an
organization" ... etc. This is what I'm talking about. How can one
easily tell what parts of the schemas as a MUST vs optional, etc...
looking at 300 vertical lines or 3 terms side by side is mind numbing.
the quickstart says "-x" .. but ldapadd doesn't have a "-x" and gives
a usage. "-v" causes it to core many times.
If you search the net for "openldap nisDomainObject" -- you'll see there's
no end to the headache, but there's not a single page that doesn't say
much more than "you need to add an nisDomain" before solaris ldap will
work.
>>>
**********************************************************************
This communication is confidential and is intended only for the person to
whom it is addressed. If you are not that person you are not permitted to
make use of the information and you are requested to notify Commerzbank
Aktiengesellschaft, New York Branch immediately that you have received it and
then to destroy the copy in your possession. Views expressed in this e-mail
do not necessarily reflect the views of Commerzbank AG.
**********************************************************************
<<<
Oops. This email was not personally addressed to me, please forget I read it
and destroy any copies of my reply.
hey... don't shoot me. I think the message above is crazy too, but I
can't do a damn thing about it. Somebody somewhere felt and still
feels it is worth something.
I'll keep receiving emails and if I can ever get openldap to work, I'll
be happy to share my notes.
Scott
**********************************************************************
This communication is confidential and is intended only for the person to whom it is addressed. If you are not that person you are not permitted to make use of the information and you are requested to notify Commerzbank Aktiengesellschaft, New York Branch immediately that you have received it and then to destroy the copy in your possession. Views expressed in this e-mail do not necessarily reflect the views of Commerzbank AG.
**********************************************************************