> Date: Fri, 27 Aug 2010 22:33:15 +1200
> From: ian@ianshome.com
> To: stuart_cherrington@hotmail.co.uk
> Subject: Re: Getting Solaris to use Openldap
> CC: openldap-technical@openldap.org
>
> On 08/27/10 09:56 PM, Stuart Cherrington wrote:
> > > Date: Fri, 27 Aug 2010 21:33:42 +1200
> > >
> > > > # default, profile, ldn.sw.com
> > > > dn: cn=default,ou=profile,dc=ldn,dc=sw,dc=com
> > > > *defaultSearchBase: dc=ldn,dc=sw,dc=com*
> > > > authenticationMethod: simple
> > > > followReferrals: TRUE
> > > > profileTTL: 43200
> > > > searchTimeLimit: 30
> > > > objectClass: DUAConfigProfile
> > > > defaultServerList: 10.2.250.15
> > > > credentialLevel: proxy
> > > > cn: default
> > > > defaultSearchScope: one
> > >
> > > You should add
> > >
> > > serviceSearchDescriptor: passwd:<people base>
> > > serviceSearchDescriptor: group:<group base>
> >
> > I initially had these (and one for shadow) but they didn't make any
> > difference the error, but I expect I'll need them when its in operation.
> >
>
> What are the searches being run (from your slapd.log)?
>

The ldap.log contains

Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21)
Aug 27 12:36:24 msldap01 slapd2.4[22363]: SRCH "" 0 3
Aug 27 12:36:24 msldap01 slapd2.4[22363]:     0 30 0
Aug 27 12:36:24 msldap01 slapd2.4[22363]:     filter: (objectClass=*)
Aug 27 12:36:24 msldap01 slapd2.4[22363]:     attrs:
Aug 27 12:36:24 msldap01 slapd2.4[22363]:  namingcontexts
Aug 27 12:36:24 msldap01 slapd2.4[22363]:
Aug 27 12:36:24 msldap01 slapd2.4[22363]: send_ldap_result: err=0 matched="" text=""
Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21)
Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21)
Aug 27 12:36:24 msldap01 slapd2.4[22363]: SRCH "dc=ldn,dc=sw,dc=com" 2 3
Aug 27 12:36:24 msldap01 slapd2.4[22363]:     0 30 0
Aug 27 12:36:24 msldap01 slapd2.4[22363]:     filter: (&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com))
Aug 27 12:36:24 msldap01 slapd2.4[22363]:     attrs:
Aug 27 12:36:24 msldap01 slapd2.4[22363]:
Aug 27 12:36:24 msldap01 slapd2.4[22363]: send_ldap_result: err=32 matched="" text=""
Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21)

Which balances out your next statement :-)

> Do the work?
>
> The first search '(&(objectClass=nisDomainObject)(nisDomain=your
> domain')) should return your nisDomain, the next the profile.

I think I got the query syntax correct on the query

[root@msldap01 ~]# ldapsearch2.4 -h 10.2.250.15 -D cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxx-b dc=ldn,dc=sw,dc=com "(&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com))"
# extended LDIF
#
# LDAPv3
# base <dc=ldn,dc=sw,dc=com> with scope subtree
# filter: (&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com))
# requesting: ALL
#

# ldn.sw.com
dn: dc=ldn,dc=sw,dc=com
dc: ldn
o: ldn
associatedDomain: ldn.sw.com
nisDomain: ldn.sw.com
objectClass: dcObject
objectClass: organization
objectClass: domainRelatedObject
objectClass: nisDomainObject
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


>
> --
> Ian.
>