Tay, Gary
2005-Aug-25 03:54 UTC
RE: [Fedora-directory-users] getting solaris 8 to talk to FDS
I have successfully configured Solaris8 Native LDAP Client to work
against FDS7.1, Below are what what I have experienced and observed.
It appears to me that 108993-48 LDAP patch breaks the "ldapclient -P"
command.
1) The "ldapclient -P ..." command line which downloads LDAP profile
from LDAP Server, USED TO WORK VERY WELL is not working anymore.
The following script failed, it will hang at:
...
Starting network services
start: /usr/bin/domainname example.com... Success
<Halt Here>
==# cat ./ldapclient_download_defaultprofile_sol8.sh
/usr/sbin/ldapclient -v \
-P default \
-d example.com \
-D "cn=proxyagent,ou=profile,dc=example,dc=com" \
-w "password" \
192.168.1.168
# As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap
# which contains a bug in "hosts:" entry, we need to repair it
sed -e ''/^hosts:/s/ldap.*files$/files dns/'' \
-e ''/^passwd:/a\
shadow: files ldap'' \
/etc/nsswitch.ldap >/etc/nsswitch.work
cp /etc/nsswitch.work /etc/nsswitch.conf
# Refresh Name Service Cache Daemon after repairing /etc/nsswitch.conf
/etc/init.d/nscd stop
/etc/init.d/nscd start
==
2) "ldapclient -i ..." works
==[root@sins001u5 /var/ldap]# cat ldapclient_init_defaultprofile_sol8.sh
/usr/sbin/ldapclient -v -i -a simple -b dc=example,dc=com -c proxy \
-D cn=proxyAgent,ou=profile,dc=example,dc=com -w password \
-S "passwd: ou=People,dc=example,dc=com?one" \
-S "shadow: ou=People,dc=example,dc=com?one" \
-S "group: ou=group,dc=example,dc=com?one" \
-S "netgroup: ou=netgroup,dc=example,dc=com?one" \
192.168.1.168
echo ...
echo As ldapclient overwrites /etc/nsswitch.conf with /etc/nsswitch.ldap
echo which contains a bug in "hosts:" entry, we need to repair it
sed -e ''/^hosts:/s/ldap.*files$/files dns/'' \
-e ''/^passwd:/a\
shadow: files ldap'' \
/etc/nsswitch.ldap >/etc/nsswitch.work
cp /etc/nsswitch.work /etc/nsswitch.conf
echo ...
echo Refresh Name Service Cache Daemon after repairing
/etc/nsswitch.conf
/etc/init.d/nscd stop
/etc/init.d/nscd start
==
Gary
-----Original Message-----
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Justin
Albstmeijer
Sent: Wednesday, August 24, 2005 10:25 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] getting solaris 8 to talk to FDS
My 2 cents
- test with: ldapsearch -h ldapserver.domain.nl -s base -b ""
"objectclass=*" , to see if you can queuery the server.
- make sure the posix account has the "shadowAccount" attribute
- SSHA is default used by FDS for password encyption.. this should be
CRYPT.
import:
------------------------------
dn: cn=config
changetype: modify
replace: passwordstoragescheme
passwordstoragescheme: CRYPT
------------------------------
- make sure to use "simple" instead of "tls:simple" for your
initial
tests
- use : ldapclient -v -P default -D
"cn=proxyagent,ou=profile,dc=domain,dc=nl" -d domain.nl -w
proxy_password {ipnumber_ldap_server} , to create the ldap_file &
ldap_cred files
- make sure you run te latest recommended patch cluster.
I''m working on documentation.. maybe I''ll have time to publish
it
sometime soon.
Justin
> Hi, all. I''ve been battling this for days now, with
> no luck. I''ve got fds up & running and linux clients
authenticating
> w/o problems. Solaris has so far been a royal pain.
>
> This is what I''ve done so far:
> - imported the 2 schemas that a kind soul sent me (dua
> & nis)
> - added the nisDomain object
> - added a few users to test
> - copied the ldap_file & ldap_cred files from Gary
> Tay''s site
> - added a default simple profile
> - ran ldap-genprofile to get the NS1 password, put it
> in the cred file.
> - added ldap to the nsswitch.conf
>
> Yet the solaris box doesn''t see the ldap server. In
> the dmesg, I see this:
>
> Aug 24 09:16:34 unknown getent[1506]: [ID 293258
> user.error] libsldap: Status: 7 Mesg: Session error
> no available conn.
> Aug 24 09:18:07 unknown nscd[1498]: [ID 293258
> user.error] libsldap: Status: 7 Mesg: Session error
> no available conn.
> Aug 24 09:18:07 unknown nscd[1498]: [ID 293258
> user.error] libsldap: Status: 7 Mesg: Session error
> no available conn.
>
> Can anybody point me in the right direction? I''m
> about to start kicking the solaris server...
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
> --
> Fedora-directory-users mailing list Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
Justin Albstmeijer
2005-Aug-25 06:32 UTC
RE: [Fedora-directory-users] getting solaris 8 to talk to FDS
> 1) The "ldapclient -P ..." command line which downloads LDAP profile > from LDAP Server, USED TO WORK VERY WELL is not working anymore.Strange Gary, "ldapclient -P ..." still works fine for me on Solaris 8 (108993-48), with FDS 7.1.