Date: Fri, 27 Aug 2010 21:33:42 +1200
From: ian(a)ianshome.com
To: stuart_cherrington(a)hotmail.co.uk
Subject: Re: Getting Solaris to use Openldap
On 08/27/10 08:48 PM, Stuart Cherrington wrote:
> Hi,
>
> I Have an OpenLDAP 2.4.18 server on RHEL 5.3. I can get Linux clients
> to use the master by use of the /etc/ldap.conf file. I'm now trying to
> get a SOlaris 10 client to use the master by initialising with the
> default profileName. If I run:
>
> ldapclient -v init -a proxypassword=xxxxx -a
> proxydn=cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -a
>
domainname=ldn.sw.com 10.2.250.15
>
I also add a -a profileName=default
Shouldn't need to add this as ldapclient takes 'default' as the default
profilename if not specified. I did try it with this anyway but got same error.
> So the 2 errors are the *NOTFOUND nisDomainObject *which is there when
> I check on the master:
>
> [root@msldap01 openldap2.4]# ldapsearch2.4 -h 10.2.250.15 -D
> cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxx-b
> dc=ldn,dc=sw,dc=com -s base
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ldn,dc=sw,dc=com> with scope baseObject
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> #
ldn.sw.com
> dn: dc=ldn,dc=sw,dc=com
> dc: ldn
> o: ldn
> associatedDomain:
ldn.sw.com
> nisDomain:
ldn.sw.com
> objectClass: dcObject
> objectClass: organization
> objectClass: domainRelatedObject
> *objectClass: nisDomainObject*
> objectClass: top
>
That looks OK.
>
> The other error is 'Failed to find defaultSearchBase for domain
> ldn.sw.com'
>
> [root@msldap01 openldap2.4]# ldapsearch2.4 -h 10.2.250.15 -D
> cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w 5wap5proxy -b
> cn=default,ou=profile,dc=ldn,dc=sw,dc=com -s base
> # extended LDIF
> #
> # LDAPv3
> # base <cn=default,ou=profile,dc=ldn,dc=sw,dc=com> with scope baseObject
> # filter: (objectclass=*)
> # requesting: ALL
> #
Do you have a cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com entry?
Yeh
[root@msldap01 openldap2.4]# ldapsearch2.4 -h 10.2.250.15 -D
cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxx -b
cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -s base
# extended LDIF
#
# LDAPv3
# base <cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#
# proxyagent, profile,
ldn.sw.com
dn: cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com
cn: proxyagent
sn: proxyagent
objectClass: top
objectClass: person
userPassword:: e0NSWVBUfXYuTWpqUDJEb3lpMXc=
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
> # default, profile,
ldn.sw.com
> dn: cn=default,ou=profile,dc=ldn,dc=sw,dc=com
> *defaultSearchBase: dc=ldn,dc=sw,dc=com*
> authenticationMethod: simple
> followReferrals: TRUE
> profileTTL: 43200
> searchTimeLimit: 30
> objectClass: DUAConfigProfile
> defaultServerList: 10.2.250.15
> credentialLevel: proxy
> cn: default
> defaultSearchScope: one
You should add
serviceSearchDescriptor: passwd:<people base>
serviceSearchDescriptor: group:<group base>
I initially had these (and one for shadow) but they didn't make any difference the
error, but I expect I'll need them when its in operation.
--
Ian.