[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP server, Solaris 9 client

To: luiz@pucrs.br
Subject: Re: OpenLDAP server, Solaris 9 client
From: Greg Matthews <gmatt@nerc.ac.uk>
Date: 23 Jul 2003 16:27:47 +0100
Cc: Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>, openldap-software@OpenLDAP.org
In-reply-to: <OFC2B4EF3E.5782FFDD-ON03256D6C.00456AC5-03256D6C.00475C84@pucrs.br>
Organization: iTSS
References: <OFC2B4EF3E.5782FFDD-ON03256D6C.00456AC5-03256D6C.00475C84@pucrs.br>

either use -a attributemap=foo:bar -a servicesearchdescriptor=foo:var
when generating your profile (using ldapclient genprofile) to add in the
needed mappings or add these directly to the profile using the
ldapmodify or use a gui client (much easier) like gq. I use this to map
the automount stuff the way you are doing but you should be able to map
user stuff too. however people is a fairly standard location for users,
it might save you a lot of trouble to just go with it.

On Wed, 2003-07-23 at 13:57, luiz@pucrs.br wrote:

> 
> # ldapclient init -a profileName=profile-my -a domainName=my.domain -a
> proxyDn=cn=proxyagent,ou=contasIT,dc=my,dc=domain credentialLevel requires
> proxyPassword server
> Error parsing command line
> Usage: ldapclient [-v | -q] init | manual | mod | list | uninit [<args>]
> 
> Set up a server or workstation as a client of an LDAP namespace.
> <args> take the form of '-a attrName=attrVal' as described in the
> man page: ldapclient(1M)
> 
> I was tried with some variations and this, apparently, works fine:
> 
> # ldapclient init -a profileName=profile-my -a domainName=my.domain -a
> proxyDn=cn=proxyagent,ou=contasIT,dc=my,dc=domain -a proxyPassword=secret
> server
> System successfully configured
> 
> Ok. But when I try to login, the following appers in my server log:
> 
> Jul 23 09:47:25 server slapd[4178]: conn=93 fd=13 ACCEPT from
> IP=200.188.161.4:33676 (IP=0.0.0.0:389)
> Jul 23 09:47:25 server slapd[4239]: conn=93 op=0 BIND
> dn="cn=proxyagent,ou=contasIT,dc=my,dc=domain" method=128
> Jul 23 09:47:25 server slapd[4239]: conn=93 op=0 BIND
> dn="cn=proxyagent,ou=contasIT,dc=my,dc=domain" mech=simple ssf=0
> Jul 23 09:47:25 server slapd[4239]: conn=93 op=0 RESULT tag=97 err=0 text=
> Jul 23 09:47:25 server slapd[4217]: conn=93 op=1 SRCH
> base="ou=people,dc=my,dc=domain" scope=1
> filter="(&(objectClass=posixAccount)(uid=user1))"
> Jul 23 09:47:25 server slapd[4217]: conn=93 op=1 SRCH attr=cn uid uidnumber
> gidnumber gecos description homedirectory loginshell
> Jul 23 09:47:25 server slapd[4217]: conn=93 op=1 RESULT tag=101 err=32
> text=
> Jul 23 09:47:25 server slapd[4181]: conn=93 op=2 UNBIND
> Jul 23 09:47:25 server slapd[4181]: conn=93 fd=13 closed
> 
> In other words: WHAT THE HELL THIS DAMNED SOLARIS INSISTS IN USE THIS
> 'PEOPLE' OU?!?!?! I can´t use this OU here. I need to use another
> structure.
> In my LDAP base, I have the following:
> 
> # contasIT, my.domain
> dn: ou=contasIT,dc=my,dc=domain
> objectClass: top
> objectClass: organizationalUnit
> ou: contasIT
> #
> # proxyagent, contasIT, my.domain
> dn: cn=proxyagent,ou=contasIT,dc=my,dc=domain
> cn: proxyagent
> sn: proxyagent
> objectClass: top
> objectClass: person
> #
> # profile, my.domain
> dn: ou=profile,dc=my,dc=domain
> objectClass: top
> objectClass: organizationalUnit
> ou: profile
> #
> # profile-my, profile, my.domain
> dn: cn=profile-my,ou=profile,dc=my,dc=domain
> objectClass: top
> objectClass: DUAConfigProfile
> defaultServerList: server
> defaultSearchBase: dc=my,dc=domain
> authenticationMethod: simple
> cn: profile-my
> credentialLevel: proxy
> followReferrals: true
> serviceSearchDescriptor: auto_master:nismapname=auto_master,dc=my,dc=domain
> objectclassMap: automount:automountMap=nisMap
> objectclassMap: automount:automount=nisObject
> attributeMap: automount:automountMapName=nisMapName
> attributeMap: automount:automountInformation=nismapentry
> attributeMap: automount:automountKey=cn
> 
> Nothing about 'people'!
> I tried:
> 
> 1) Edit directly my 'ldap_client_file', but this generate tons of error
> logs in 'cachemgr.log' file

dont do this you are using ldapclient init which means the config isnt
static but keeps checking with the server to see the profile has
changed, therefore even if you do manage to alter it, it wont be
permanent also, sun have warned that they are likely to make this file
binary encoded in the future, best to play safe and do things the
'solaris way' and use profiles.

> 2) Pass the parameters
>    -a "serviceSearchDescriptor=passwd:ou=funcs,dc=my,dc=domain" -a
> "serviceSearchDescriptor=shadow:ou=funcs,dc=my,dc=domain" -a
> "serviceSearchDescriptor=passwd:ou=profs,dc=my,dc=domain" -a
> "serviceSearchDescriptor=shadow:ou=profs,dc=my,dc=domain"
>    in 'ldapclient' command, but it only works with the option "manual".
> With "init", occurs "Error parsing command line" error. :-(
> 

put them directly into the profile stored on the server before you do
the ldapclient init command.

GREG

> Has anyone some tip to help me?
> 
> Thank you very much
> 
> 
> 
> 
> 
> 
> 
> 
-- 
Greg Matthews
iTSS Wallingford	01491 692445

References:
- Re: OpenLDAP server, Solaris 9 client
  - From: luiz@pucrs.br

Prev by Date: Re: OpenLDAP server, Solaris 9 client
Next by Date: Re: OpenLDAP server, Solaris 9 client
Index(es):
- Chronological
- Thread