thr3ads.net - Fedora directory users - RE: [Fedora-directory-users] getting solaris 8 to talk to FDS [Aug 2005]

If this information is useful, please help other people find it:
Share via:

Tay, Gary

2005-Aug-25 16:36 UTC

RE: [Fedora-directory-users] getting solaris 8 to talk to FDS

"ldapclient" result indicates that your "domainame" does not
tally with "nisDomain" object in the rootDN entry, it is kind of
messy, here and there.
 
Please re-install with your choice of baseDN, be it dc=composers,dc=foo,dc=com
or dc=foo,dc=com.
 
If you change /etc/defaultdomain, to take immediate effect you may run
# domainname `cat /etc/defaultdomain`
otherwise "ldapclient ..." will do it for you as part of the result.
 
Use the ACLs I mentioned in previous posting and amend it to suit your need,
those ACLs are taken from SUN ONE DS default install (I think they are there
after running the "idsconfig" command tool, I wish FDS developers
should develope an equivalent "fdsconfig" meant for Solaris Native
LDAP Client)
 
Gary
 
-----Original Message----- 
From: fedora-directory-users-bounces@redhat.com on behalf of Igor 
Sent: Thu 8/25/2005 11:34 PM 
To: General discussion list for the Fedora Directory server project. 
Cc: 
Subject: RE: [Fedora-directory-users] getting solaris 8 to talk to FDS



	This is gonna be loooong...  I just want to thank you guys again for wading
thru this
	crap...
	
	--- "Tay, Gary" <Gary_Tay@platts.com> wrote:
	
	> ==	> Do you still think I need to change my defaultSearchDN?  Also,
must those ACLs be added
	> still?  Because it looks like you're doing a manual config, right?
	> ==	> Yes I think you should set baseDN (defaultSearchBase) to
dc=composers,dc=foo,dc=com,
	> NOT dc=foo,dc=com, it should correspond LDAP domain (nisdomain) name, i.e.
	> composers.foo.com, which you set in the rootDN entry nisDomainObject.
	
	well, instead, I got rid of composers altogether.
	
	> Yes set the ACLs to allow proxyAgent to read LDAP DIT.
	
	I have this:
	
	(targetattr = "*") (version 3.0;acl "Allow proxyAgent read
access";allow
	(read,compare)(userdn =
"ldap:///uid=proxyAgent,ou=profile,dc=foo,dc=com");)
	
	> Please re-install FDS7.1 using baseDN=dc=composers,dc=foo,dc=com, and
create ldif file
	
	well, I got rid of composers for now.  If you say I've to reinstall I will
but that'll
	probably be my last resort, though.
	
	> Step by step 
	> # ldapclient -l
	
	bash-2.03# ldapclient -l
	NS_LDAP_FILE_VERSION= 2.0
	NS_LDAP_BINDDN= uid=proxyAgent,ou=profile,dc=foo,dc=com
	NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
	NS_LDAP_SERVERS= 149.85.70.17
	NS_LDAP_SEARCH_BASEDN= dc=foo,dc=com
	NS_LDAP_CREDENTIAL_LEVEL= proxy
	NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=People,dc=foo,dc=com?one
	NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=People,dc=foo,dc=com?one
	NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=foo,dc=com?one
	NS_LDAP_SERVICE_SEARCH_DESC= netgroup: ou=netgroup,dc=foo,dc=com?one
	
	
	
	> # /usr/lib/ldap/ldap_cachemgr -g
	> Does it say LDAP cache manager is UP and running?
	
	bash-2.03# /usr/lib/ldap/ldap_cachemgr -g
	
	cachemgr configuration:
	server debug level          0
	server log file "/var/ldap/cachemgr.log"
	number of calls to ldapcachemgr         15
	
	cachemgr cache data statistics:
	Configuration refresh information:
	  Configured to NO REFRESH.
	Server information:
	  Previous refresh time: 2005/08/25 11:11:57
	  Next refresh time:     2005/08/25 11:21:57
	  server: 149.85.70.17, status: UP
	Cache data information:
	  Maximum cache entries:          256
	  Number of cache entries:          0
	
	
	> # cat /var/ldap/cachemgr.log
	> Any critical error?
	
	bash-2.03# cat /var/ldap/cachemgr.log
	Thu Aug 25 11:11:56.9844        Starting ldap_cachemgr, logfile
/var/ldap/cachemgr.log
	Thu Aug 25 11:11:57.0843        sig_ok_to_exit(): parent exiting...
	bash-2.03# ps -ef | grep ldap
	    root  2553     1  0 11:11:56 ?        0:00 /usr/lib/ldap/ldap_cachemgr
	
	So, doesn't look like any errors...
	
	______________________
	Also: On the FDS server:
	
	[root@cnyitlin02 slapd-cnyitlin02]# ldapsearch -x | grep compose
	defaultServerList: cnyitlin02.composers.foo.com
	[root@cnyitlin02 slapd-cnyitlin02]#
	
	That's it, nothing else.  However, when I rerun ldapclient -i, I get this:
	
	
	  file_backup: stat(/etc/nsswitch.conf)=0
	file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
	file_backup: stat(/etc/defaultdomain)=0
	file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
	file_backup: stat(/var/nis/NIS_COLD_START)=-1
	file_backup: No /var/nis/NIS_COLD_START file.
	file_backup: nis domain is "composers.foo.com"
	                            ^^^^^^^^^^^^^
	file_backup: stat(/var/yp/binding/composers.foo.com)=-1
	file_backup: No /var/yp/binding/composers.foo.com directory.
	file_backup: stat(/var/ldap/ldap_client_file)=0
	file_backup: (/var/ldap/ldap_client_file ->
/var/ldap/restore/ldap_client_file)
	file_backup: (/var/ldap/ldap_client_cred ->
/var/ldap/restore/ldap_client_cred)
	Starting network services
	start: /usr/bin/domainname foo.com... success
	start: /usr/lib/ldap/ldap_cachemgr... success
	start: /etc/init.d/autofs start... success
	start: /etc/init.d/nscd start... success
	start: /etc/init.d/sendmail start... success
	System successfully configured
	
	Where does it get composers from???
	
	It also resets /etc/defaultdomain to composers even though i manually change it
to
	foo.com
	
	> # ldaplist -l passwd testdba", it should display something like:
	
	Nope.
	
	bash-2.03# ldaplist -l passwd testdba
	ldaplist: Object not found
	bash-2.03# ldaplist -l passwd       
	ldaplist: Object not found (LDAP ERROR (50): Insufficient access.)
	bash-2.03#
	
	__________________________________________________
	Do You Yahoo!?
	Tired of spam?  Yahoo! Mail has the best spam protection around
	http://mail.yahoo.com
	
	--
	Fedora-directory-users mailing list
	Fedora-directory-users@redhat.com
	https://www.redhat.com/mailman/listinfo/fedora-directory-users

Igor

2005-Aug-25 21:46 UTC

head link

RE: [Fedora-directory-users] getting solaris 8 to talk to FDS

--- "Tay, Gary" <Gary_Tay@platts.com> wrote:
> Please re-install with your choice of baseDN, be it
dc=composers,dc=foo,dc=com or
> dc=foo,dc=com.
I reinstalled it -- it works a lot better now!

bash-2.03# ldaplist -l
ldaplist: Object not found (LDAP ERROR (50): Insufficient access.)
bash-2.03# id testdba
uid=10001(testdba) gid=7000

bash-2.03# ldaplist -l passwd testdba
dn: uid=testdba,ou=People, dc=composers,dc=foo,dc=com
        givenName: oracle
        sn: user
        loginShell: /bin/bash
        uidNumber: 10001
        gidNumber: 7000
        objectClass: top
        objectClass: person
        objectClass: organizationalPerson
        objectClass: inetorgperson
        objectClass: posixAccount
        uid: testdba
        cn: oracle user
        homeDirectory: /home/testdba

bash-2.03# getent passwd testdba
testdba::10001:7000::/home/testdba:/bin/bash

I don''t know why ldaplist doesn''t work.  Could it be because I
didn''t setup pam.conf yet?
Is it important to have ldaplist working?  I did add the aci, didn''t do
anything.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Fedora directory users - Aug 2005 - RE: getting solaris 8 to talk to FDS

RE: [Fedora-directory-users] getting solaris 8 to talk to FDS

RE: [Fedora-directory-users] getting solaris 8 to talk to FDS