|
I don't know how solaris clients works but if your openldap server runs
with redhat linux maybe i can help you with throwing the ou people... Are you using pam_ldap module? If it's a yes maybe you could look in /etc/ldap.conf what's written on the nss_base_passwd line... It's a bit dirty but it works here... I put dc=my,dc=domain,dc=com?sub So pam_ldap searches user attributes in the whole directory and not only in ou=people,dc=my,... Anyway using an ou=people which contain ou=teachers, ou=students is useful to restrict the search scope... Hope it'll help, Bruno luiz@pucrs.br wrote: Indeed ! I don't know where I finally got the solaris schema, but certainly not from: http://sapiens.wustl.edu/~sysmain/info/openldap/schemas/solaris.schema , so now you should get that one : http://www.int-evry.fr/mci/user/procacci/ldap/solaris.schema I change my doc online .Thanks a lot Jehan With your invaluable help, now almost everything is working... :-) The only problem with your procedures now is when I try to run the 'ldapclient' command. Please, see it: # ldapclient init -a profileName=profile-my -a domainName=my.domain -a proxyDn=cn=proxyagent,ou=contasIT,dc=my,dc=domain credentialLevel requires proxyPassword server Error parsing command line Usage: ldapclient [-v | -q] init | manual | mod | list | uninit [<args>] Set up a server or workstation as a client of an LDAP namespace. <args> take the form of '-a attrName=attrVal' as described in the man page: ldapclient(1M) I was tried with some variations and this, apparently, works fine: # ldapclient init -a profileName=profile-my -a domainName=my.domain -a proxyDn=cn=proxyagent,ou=contasIT,dc=my,dc=domain -a proxyPassword=secret server System successfully configured Ok. But when I try to login, the following appers in my server log: Jul 23 09:47:25 server slapd[4178]: conn=93 fd=13 ACCEPT from IP=200.188.161.4:33676 (IP=0.0.0.0:389) Jul 23 09:47:25 server slapd[4239]: conn=93 op=0 BIND dn="cn=proxyagent,ou=contasIT,dc=my,dc=domain" method=128 Jul 23 09:47:25 server slapd[4239]: conn=93 op=0 BIND dn="cn=proxyagent,ou=contasIT,dc=my,dc=domain" mech=simple ssf=0 Jul 23 09:47:25 server slapd[4239]: conn=93 op=0 RESULT tag=97 err=0 text= Jul 23 09:47:25 server slapd[4217]: conn=93 op=1 SRCH base="ou=people,dc=my,dc=domain" scope=1 filter="(&(objectClass=posixAccount)(uid=user1))" Jul 23 09:47:25 server slapd[4217]: conn=93 op=1 SRCH attr=cn uid uidnumber gidnumber gecos description homedirectory loginshell Jul 23 09:47:25 server slapd[4217]: conn=93 op=1 RESULT tag=101 err=32 text= Jul 23 09:47:25 server slapd[4181]: conn=93 op=2 UNBIND Jul 23 09:47:25 server slapd[4181]: conn=93 fd=13 closed In other words: WHAT THE HELL THIS DAMNED SOLARIS INSISTS IN USE THIS 'PEOPLE' OU?!?!?! I can´t use this OU here. I need to use another structure. In my LDAP base, I have the following: # contasIT, my.domain dn: ou=contasIT,dc=my,dc=domain objectClass: top objectClass: organizationalUnit ou: contasIT # # proxyagent, contasIT, my.domain dn: cn=proxyagent,ou=contasIT,dc=my,dc=domain cn: proxyagent sn: proxyagent objectClass: top objectClass: person # # profile, my.domain dn: ou=profile,dc=my,dc=domain objectClass: top objectClass: organizationalUnit ou: profile # # profile-my, profile, my.domain dn: cn=profile-my,ou=profile,dc=my,dc=domain objectClass: top objectClass: DUAConfigProfile defaultServerList: server defaultSearchBase: dc=my,dc=domain authenticationMethod: simple cn: profile-my credentialLevel: proxy followReferrals: true serviceSearchDescriptor: auto_master:nismapname=auto_master,dc=my,dc=domain objectclassMap: automount:automountMap=nisMap objectclassMap: automount:automount=nisObject attributeMap: automount:automountMapName=nisMapName attributeMap: automount:automountInformation=nismapentry attributeMap: automount:automountKey=cn Nothing about 'people'! I tried: 1) Edit directly my 'ldap_client_file', but this generate tons of error logs in 'cachemgr.log' file 2) Pass the parameters -a "serviceSearchDescriptor=passwd:ou=funcs,dc=my,dc=domain" -a "serviceSearchDescriptor=shadow:ou=funcs,dc=my,dc=domain" -a "serviceSearchDescriptor=passwd:ou=profs,dc=my,dc=domain" -a "serviceSearchDescriptor=shadow:ou=profs,dc=my,dc=domain" in 'ldapclient' command, but it only works with the option "manual". With "init", occurs "Error parsing command line" error. :-( Has anyone some tip to help me? Thank you very much |