[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Configuring Solaris 8 clients

--On Wednesday, March 26, 2003 10:15 AM -0500 Igor Brezac <igor@ipass.net> wrote:

On Wed, 26 Mar 2003, Quanah Gibson-Mount wrote:

--On Wednesday, March 26, 2003 9:28 AM -0500 Igor Brezac <igor@ipass.net>

> On Wed, 26 Mar 2003, Quanah Gibson-Mount wrote:

>> Igor,
>> On my Solaris 9 box, at least, running that command started up nscd
>> and the ldap cache manager.  It has been running on my system for
>> several weeks without problem.  It also created /etc/defaultdomain.
> I stand corrected.  ldapclient will do all of this for you.  You do
> need to cleanup a bit after it runs.  ldapclient restarts some
> services which are not necessarily running (automounter in my case)
> and it installs a default nsswitch.ldap which may need editing.  On
> Solaris 8 you have to do this by hand; however, ldap_cachemgr is not
> required to run in order for the ldap client to operate.  I do
> recommend getting solaris schema from the links I mentioned earlier.
> Unfortunately, automatic setup does not work for both Solaris (8|9).
> You need to patch openldap, or Sun needs to fix the ldapclient and
> specify what attributes it needs from rootDN.


We are not using the Solaris Schema for 8 or 9, and it works just fine.
We have configured our openldap server to use posixAccount, and Solaris
seems happy with that.  The only real issue I've seen is that it

It will work for posix(Account|Shadow), but if you want to use other features such as automounter, RBAC, printer, etc you will need solaris' additions to nis.schema and other schemas.

occasionally about default_client not existing, but it hasn't hurt
anything.  Note too that in my original post I noted that I had made some
changes to nsswitch.ldap.

You probably get this on Solaris 8. ldap_cachemgr is trying to update its configuration from ldap. If you do not want this to happen, add NS_LDAP_CACHETTL= 0 to /var/ldap/ldap_client_file

I'm not clear why OpenLDAP needs patching...

This is only needed for automatic client setup. (ldapclient init ... in case of Solaris 9)

Ah, okie. :) We'll probably never need it for our purposes then. ;) But, one never knows.


Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html