[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Getting Solaris to use Openldap





> Date: Fri, 27 Aug 2010 21:33:42 +1200
> From: ian@ianshome.com
> To: stuart_cherrington@hotmail.co.uk
> Subject: Re: Getting Solaris to use Openldap
>
> On 08/27/10 08:48 PM, Stuart Cherrington wrote:
> > Hi,
> >
> > I Have an OpenLDAP 2.4.18 server on RHEL 5.3. I can get Linux clients
> > to use the master by use of the /etc/ldap.conf file. I'm now trying to
> > get a SOlaris 10 client to use the master by initialising with the
> > default profileName. If I run:
> >
> > ldapclient -v init -a proxypassword=xxxxx -a
> > proxydn=cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -a
> > domainname=ldn.sw.com 10.2.250.15
> >
> I also add a -a profileName=default

Shouldn't need to add this as ldapclient takes 'default' as the default profilename if not specified. I did try it with this anyway but got same error.

>
> > So the 2 errors are the *NOTFOUND nisDomainObject *which is there when
> > I check on the master:
> >
> > [root@msldap01 openldap2.4]# ldapsearch2.4 -h 10.2.250.15 -D
> > cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxx-b
> > dc=ldn,dc=sw,dc=com -s base
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <dc=ldn,dc=sw,dc=com> with scope baseObject
> > # filter: (objectclass=*)
> > # requesting: ALL
> > #
> >
> > # ldn.sw.com
> > dn: dc=ldn,dc=sw,dc=com
> > dc: ldn
> > o: ldn
> > associatedDomain: ldn.sw.com
> > nisDomain: ldn.sw.com
> > objectClass: dcObject
> > objectClass: organization
> > objectClass: domainRelatedObject
> > *objectClass: nisDomainObject*
> > objectClass: top
> >
> That looks OK.
> >
> > The other error is 'Failed to find defaultSearchBase for domain
> > ldn.sw.com'
> >
> > [root@msldap01 openldap2.4]# ldapsearch2.4 -h 10.2.250.15 -D
> > cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w 5wap5proxy -b
> > cn=default,ou=profile,dc=ldn,dc=sw,dc=com -s base
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <cn=default,ou=profile,dc=ldn,dc=sw,dc=com> with scope baseObject
> > # filter: (objectclass=*)
> > # requesting: ALL
> > #
>
> Do you have a cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com entry?

Yeh

[root@msldap01 openldap2.4]# ldapsearch2.4 -h 10.2.250.15 -D cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxx -b cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -s base
# extended LDIF
#
# LDAPv3
# base <cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

# proxyagent, profile, ldn.sw.com
dn: cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com
cn: proxyagent
sn: proxyagent
objectClass: top
objectClass: person
userPassword:: e0NSWVBUfXYuTWpqUDJEb3lpMXc=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

>
> > # default, profile, ldn.sw.com
> > dn: cn=default,ou=profile,dc=ldn,dc=sw,dc=com
> > *defaultSearchBase: dc=ldn,dc=sw,dc=com*
> > authenticationMethod: simple
> > followReferrals: TRUE
> > profileTTL: 43200
> > searchTimeLimit: 30
> > objectClass: DUAConfigProfile
> > defaultServerList: 10.2.250.15
> > credentialLevel: proxy
> > cn: default
> > defaultSearchScope: one
>
> You should add
>
> serviceSearchDescriptor: passwd:<people base>
> serviceSearchDescriptor: group:<group base>

I initially had these (and one for shadow) but they didn't make any difference the error, but I expect I'll need them when its in operation.

>
> --
> Ian.
>