[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring Solaris 8 clients

Interesting... I've had no problems configuring my Solaris 9 machine via the command line tool to use our OpenLDAP-2.1.16 servers, and it was trivial to apply that configuration to our Solaris 8 machines, which also have no problem accessing it. We even have OS X accessing them at this point. The only thing I can't get to work so far is our Kerberos 5 login with LDAP uid lookups with Redhat 8. :P

--Quanah

--On Tuesday, March 25, 2003 22:03:29 -0500 Igor Brezac <igor@ipass.net> wrote:


On Tue, 25 Mar 2003, Matthew Mauzy wrote:


I've been banging my head against the wall for the last couple of weeks
trying to get Solaris 8 clients to play nice with my openLDAP v2.1.12
server.  I have the openldap server up and running and am able to
configure redhat 8 systems to use the directory's account info to login.
I am using krb5 for password info (if that has any bearing on the
problem).  I'm trying to use 'ldapclient -v -P default <ip address>' but
kept getting the error "Cannont find the rootDN".  I've tried editing the
/var/ldap/ldap_client_file and ldap_client_cred files and am seeing
traffic going to the ldap server but no luck.  In reading through Sun's
LDAP Setup and Configuration Guide, Sun has you verify that the
Directory Server supports simple page mode control with the command
'ldapsearch -b "" -s base objectclass=\*'.  My server doesn't return the
same info that the


You need to specify attribute lists you want retrieved.  Try
ldapsearch -b "" -s base 'objectclass=*' +

Unfortunately, ldapclient does not do this and Sun is not going to fix
the problem.  Solaris 9 ldapclient is broken as well.  I wrote a patch
for openldap 2.0.x awhile back.  I can port the patch to the latest
version of openldap.  Or, you can manually configure the solaris 8 ldap
client.  It looks like you tried to do this, but it did not work.  What
are the contents of /var/ldap/ldap_client_file?

This is an OT post for this list, news:comp.unix.solaris is probably more
appropriate place for such questions.  You can also email me if you have
any questions.

guide example does, in fact it doesn't return much:

#
dn:
objectClass: top
objectClass: OpenLDAProotDSE


When I check the NIS Domain object I get:

# amath.unc.edu
dn: dc=amath,dc=unc,dc=edu
dc: amath
objectClass: top
objectClass: domain
objectClass: dcObject
objectClass: nisDomainObject
nisDomain: amath.unc.edu


I've seen some posts that have pointed out possible problems with the
objectClass: dcObject.  Is this the source of the problem???

Here's the output of my default profile that is in the Dir:

# default, profile, amath.unc.edu
dn: cn=default,ou=profile,dc=amath,dc=unc,dc=edu
SolarisBindDN: cn=solaris,ou=ldapusers,dc=amath,dc=unc,dc=edu
SolarisSearchBaseDN: dc=amath,dc=unc,dc=edu
SolarisAuthMethod: NS_LDAP_AUTH_SIMPLE
SolarisTransportSecurity: NS_LDAP_SEC_NONE
SolarisSearchReferral: NS_LDAP_FOLLOWREF
SolarisSearchScope: NS_LDAP_SCOPE_ONELEVEL
SolarisSearchTimeLimit: 30
SolarisCacheTTL: 3600
cn: default
objectClass: top
objectClass: SolarisNamingProfile
SolarisLDAPServers: kerberos-1.fully.qualified.domain.name
SolarisBindPassword: {NS1}xxxxxxxxxxxx

It's much to pretty a day to be stuck battling Sun and LDAP...
Any and all insight GREATLY appreciated.

--Matthew
__________________________________________________________________
                        Matthew W. Mauzy
                      Systems Administrator
                      Applied Math @ UNC-CH
email : mauzy@amath.unc.edu           pager : mpager@amath.unc.edu
 (W) 919.962.9819   www.amath.unc.edu/~mauzy/   (P) 919.347.0390
__________________________________________________________________


--
Igor




--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University