[Date Prev][Date Next]
Re: Patching openldap?
Am 07.10.2011 23:58, schrieb NetNinja:
> Ok that's good to know.
> I was reading in the book "Solaris 10 System Administration Essential"
> and it says on pg 365 that the openldap server needs to be patched so
> that the ldapclient init utility will configure properly.
> Do you happen to remeber how you setup the Solaris Native client? This
> my current issue, I installed openldap on a RHEL 5.5 server and have all
> the Linux servers working with the ldap server but the Solaris servers
> won't let me login as a ldap user. I can do a ldapsearch, id, getent and
> get info on ldap users. I am in the process of troubleshooting the issue
> and I'm not sure what I'm doing wrong? My setup is very basic, no TLS,
> uatomount or replication. I will add these later when I know what i'm doing.
> Anyway thanks for your help. If you have any advice on ldapclient setup
> let me know.
> On Fri, Oct 7, 2011 at 3:41 PM, Christian Manal
> <mailto:firstname.lastname@example.org>> wrote:
> Am 07.10.2011 20:25, schrieb NetNinja:
> > Hello,
> > I have been reading up on OpenLDAP. I have installed it on RHEL
> 5.5 but
> > I have seen documention saying that openldap needs to be patched
> to work
> > with Solaris. Can someone tell me if this still the case and if so
> > to get the patch. If not any info you can provide wold be great.
> > Thanks
> I've been running OpenLDAP on Solaris 10 for years now. It works out of
> the tarball, no patches needed.
> Christian Manal
Here's an example of an ldapclient invocation that works for me:
ldapclient manual \
-a authenticationMethod="tls:simple" \
-a credentialLevel="proxy" \
-a defaultSearchBase="dc=example,dc=org" \
-a defaultSearchScope="sub" \
-a defaultServerList="ldap1.example.org,ldap2.example.org" \
-a domainName="example.org" \
-a preferredServerList="ldap1.example.org,ldap2.example.org" \
-a serviceSearchDescriptor="passwd:ou=People,dc=example,dc=org" \
-a serviceSearchDescriptor="group:ou=Group,dc=example,dc=org" \
-a serviceSearchDescriptor="netgroup:ou=Netgroup,dc=example,dc=org" \
-a attributeMap="auto_home:automountMapName=ou" \
-a attributeMap="auto_home:automountKey=cn" \
-a proxyDN="uid=proxyauth,ou=people,dc=example,dc=org" \
Before you invoke that, you need to modify /etc/nsswitch.ldap to your
needs (ldapclient will copy that to /etc/nsswitch.conf). You also need
to put your TLS certs into /var/ldap in NSS format (you can
generate/convert them with certutil) and edit /etc/pam.conf for LDAP