[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Patching openldap?

On Sat, Oct 8, 2011 at 4:54 AM, Christian Manal
<moenoel@informatik.uni-bremen.de> wrote:
> Am 07.10.2011 23:58, schrieb NetNinja:
>> Ok that's good to know.
>> I was reading in the book "Solaris 10 System Administration Essential"
>> and it says on pg 365 that the openldap server needs to be patched so
>> that the ldapclient init utility will configure properly.
>> Do you happen to remeber how you setup the Solaris Native client? This
>> my current issue, I installed openldap on a RHEL 5.5 server and have all
>> the Linux servers working with the ldap server but the Solaris servers
>> won't let me login as a ldap user. I can do a ldapsearch, id, getent and
>> get info on ldap users. I am in the process of troubleshooting the issue
>> and I'm not sure what I'm doing wrong? My setup is very basic, no TLS,
>> uatomount or replication. I will add these later when I know what i'm doing.
>> Anyway thanks for your help. If you have any advice on ldapclient setup
>> let me know.
>> On Fri, Oct 7, 2011 at 3:41 PM, Christian Manal
>> <moenoel@informatik.uni-bremen.de
>> <mailto:moenoel@informatik.uni-bremen.de>> wrote:
>> Â Â Am 07.10.2011 20:25, schrieb NetNinja:
>> Â Â > Hello,
>> Â Â > I have been reading up on OpenLDAP. I have installed it on RHEL
>> Â Â 5.5 but
>> Â Â > I have seen documention saying that openldap needs to be patched
>> Â Â to work
>> Â Â > with Solaris. Can someone tell me if this still the case and if so
>> Â Â where
>> Â Â > to get the patch. If not any info you can provide wold be great.
>> Â Â >
>> Â Â > Thanks
>> Â Â >
>> Â Â >
>> Â Â Hi,
>> Â Â I've been running OpenLDAP on Solaris 10 for years now. It works out of
>> Â Â the tarball, no patches needed.
>> Â Â Regards,
>> Â Â Christian Manal
> Here's an example of an ldapclient invocation that works for me:
> ldapclient manual \
> Â-a authenticationMethod="tls:simple" \
> Â-a credentialLevel="proxy" \
> Â-a defaultSearchBase="dc=example,dc=org" \
> Â-a defaultSearchScope="sub" \
> Â-a defaultServerList="ldap1.example.org,ldap2.example.org" \
> Â-a domainName="example.org" \
> Â-a preferredServerList="ldap1.example.org,ldap2.example.org" \
> Â-a serviceSearchDescriptor="passwd:ou=People,dc=example,dc=org" \
> Â-a serviceSearchDescriptor="group:ou=Group,dc=example,dc=org" \
> Â-a serviceSearchDescriptor="netgroup:ou=Netgroup,dc=example,dc=org" \
> Â-a
> serviceSearchDescriptor="auto_home:ou=auto_home,ou=Mounts,dc=example,dc=org"
> \
> Â-a attributeMap="auto_home:automountMapName=ou" \
> Â-a attributeMap="auto_home:automountKey=cn" \
> Â-a proxyDN="uid=proxyauth,ou=people,dc=example,dc=org" \
> Â-a proxyPassword="foobar"
> Before you invoke that, you need to modify /etc/nsswitch.ldap to your
> needs (ldapclient will copy that to /etc/nsswitch.conf). You also need
> to put your TLS certs into /var/ldap in NSS format (you can
> generate/convert them with certutil[1]) and edit /etc/pam.conf for LDAP
> authentication.
> Regards,
> Christian Manal
> [1] http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html


I will try your command. Since you used ldapclient manual and not
ldapclient init I don't need to add a profile of proxy ldif file to
the ldap server, right? I have been using examples like the one you
just gave me and I can only get the info from the server. The password
seems to not work. I get the same erros on the prompt that I would get
if the password or username where wrong. Though I have not tried the
command with the serviceSearchDescriptor before maybe this is what I'm

 I'm also not using TLS or automount can I leave these out, for now?
Sotls:simple would be simple, right. Also could Solaris 10 not want to
work because I'm not using TLS?

Anyway thanks for your time. I will let you know if it works.