Date: Fri, 27 Aug 2010 21:33:42 +1200 From: ian@ianshome.com To: stuart_cherrington@hotmail.co.uk Subject: Re: Getting Solaris to use Openldap
On 08/27/10 08:48 PM, Stuart Cherrington wrote:
Hi,
I Have an OpenLDAP 2.4.18 server on RHEL 5.3. I can get Linux clients to use the master by use of the /etc/ldap.conf file. I'm now trying to get a SOlaris 10 client to use the master by initialising with the default profileName. If I run:
ldapclient -v init -a proxypassword=xxxxx -a proxydn=cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -a domainname=ldn.sw.com 10.2.250.15
I also add a -a profileName=default
Shouldn't need to add this as ldapclient takes 'default' as the default profilename if not specified. I did try it with this anyway but got same error.
So the 2 errors are the *NOTFOUND nisDomainObject *which is there when I check on the master:
[root@msldap01 openldap2.4]# ldapsearch2.4 -h 10.2.250.15 -D cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxx-b dc=ldn,dc=sw,dc=com -s base # extended LDIF # # LDAPv3 # base <dc=ldn,dc=sw,dc=com> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# ldn.sw.com dn: dc=ldn,dc=sw,dc=com dc: ldn o: ldn associatedDomain: ldn.sw.com nisDomain: ldn.sw.com objectClass: dcObject objectClass: organization objectClass: domainRelatedObject *objectClass: nisDomainObject* objectClass: top
That looks OK.
The other error is 'Failed to find defaultSearchBase for domain ldn.sw.com'
[root@msldap01 openldap2.4]# ldapsearch2.4 -h 10.2.250.15 -D cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w 5wap5proxy -b cn=default,ou=profile,dc=ldn,dc=sw,dc=com -s base # extended LDIF # # LDAPv3 # base <cn=default,ou=profile,dc=ldn,dc=sw,dc=com> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
Do you have a cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com entry?
Yeh
[root@msldap01 openldap2.4]# ldapsearch2.4 -h 10.2.250.15 -D cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxx -b cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -s base # extended LDIF # # LDAPv3 # base <cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# proxyagent, profile, ldn.sw.com dn: cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com cn: proxyagent sn: proxyagent objectClass: top objectClass: person userPassword:: e0NSWVBUfXYuTWpqUDJEb3lpMXc=
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
# default, profile, ldn.sw.com dn: cn=default,ou=profile,dc=ldn,dc=sw,dc=com *defaultSearchBase: dc=ldn,dc=sw,dc=com* authenticationMethod: simple followReferrals: TRUE profileTTL: 43200 searchTimeLimit: 30 objectClass: DUAConfigProfile defaultServerList: 10.2.250.15 credentialLevel: proxy cn: default defaultSearchScope: one
You should add
serviceSearchDescriptor: passwd:<people base> serviceSearchDescriptor: group:<group base>
I initially had these (and one for shadow) but they didn't make any difference the error, but I expect I'll need them when its in operation.
-- Ian.