> Date: Fri, 27 Aug 2010 22:33:15 +1200 > From: ian@ianshome.com > To: stuart_cherrington@hotmail.co.uk > Subject: Re: Getting Solaris to use Openldap > CC: openldap-technical@openldap.org > > On 08/27/10 09:56 PM, Stuart Cherrington wrote: > > > Date: Fri, 27 Aug 2010 21:33:42 +1200 > > > > > > > # default, profile, ldn.sw.com > > > > dn: cn=default,ou=profile,dc=ldn,dc=sw,dc=com > > > > *defaultSearchBase: dc=ldn,dc=sw,dc=com* > > > > authenticationMethod: simple > > > > followReferrals: TRUE > > > > profileTTL: 43200 > > > > searchTimeLimit: 30 > > > > objectClass: DUAConfigProfile > > > > defaultServerList: 10.2.250.15 > > > > credentialLevel: proxy > > > > cn: default > > > > defaultSearchScope: one > > > > > > You should add > > > > > > serviceSearchDescriptor: passwd:<people base> > > > serviceSearchDescriptor: group:<group base> > > > > I initially had these (and one for shadow) but they didn't make any > > difference the error, but I expect I'll need them when its in operation. > > > > What are the searches being run (from your slapd.log)? > The ldap.log contains Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21) Aug 27 12:36:24 msldap01 slapd2.4[22363]: SRCH "" 0 3 Aug 27 12:36:24 msldap01 slapd2.4[22363]: 0 30 0 Aug 27 12:36:24 msldap01 slapd2.4[22363]: filter: (objectClass=*) Aug 27 12:36:24 msldap01 slapd2.4[22363]: attrs: Aug 27 12:36:24 msldap01 slapd2.4[22363]: namingcontexts Aug 27 12:36:24 msldap01 slapd2.4[22363]: Aug 27 12:36:24 msldap01 slapd2.4[22363]: send_ldap_result: err=0 matched="" text="" Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21) Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21) Aug 27 12:36:24 msldap01 slapd2.4[22363]: SRCH "dc=ldn,dc=sw,dc=com" 2 3 Aug 27 12:36:24 msldap01 slapd2.4[22363]: 0 30 0 Aug 27 12:36:24 msldap01 slapd2.4[22363]: filter: (&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com)) Aug 27 12:36:24 msldap01 slapd2.4[22363]: attrs: Aug 27 12:36:24 msldap01 slapd2.4[22363]: Aug 27 12:36:24 msldap01 slapd2.4[22363]: send_ldap_result: err=32 matched="" text="" Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21) Which balances out your next statement :-) > Do the work? > > The first search '(&(objectClass=nisDomainObject)(nisDomain=your > domain')) should return your nisDomain, the next the profile. I think I got the query syntax correct on the query [root@msldap01 ~]# ldapsearch2.4 -h 10.2.250.15 -D cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxx-b dc=ldn,dc=sw,dc=com "(&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com))" # extended LDIF # # LDAPv3 # base <dc=ldn,dc=sw,dc=com> with scope subtree # filter: (&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com)) # requesting: ALL # # ldn.sw.com dn: dc=ldn,dc=sw,dc=com dc: ldn o: ldn associatedDomain: ldn.sw.com nisDomain: ldn.sw.com objectClass: dcObject objectClass: organization objectClass: domainRelatedObject objectClass: nisDomainObject objectClass: top # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 > > -- > Ian. > |