[OpenIndiana-discuss] Amnesiac LDAP Configuration
Patrick O'Sullivan
irish at insaneirish.com
Thu Nov 18 02:41:45 UTC 2010
I've gotten a config working where I have Kerberos auth to AD and
passwd lookups via LDAP to AD. I enable it, and it works fine, but on
a reboot, it stops working. Please let me know if you have any
thoughts as to why this happens. (This behavior is common to both
oi147 and Solaris 11 Express.)
Configuring ldapclient:
$ sudo ldapclient -v manual -a credentialLevel=self -a
authenticationMethod=sasl/gssapi -a defaultSearchBase=dc=osulvn,dc=net
-a domainName=osulvn.net -a defaultServerList=ad1.osulvn.net -a
attributeMap=passwd:gecos=cn -a
attributeMap=passwd:homedirectory=unixHomeDirectory -a
objectClassMap=group:posixGroup=group -a
objectClassMap=passwd:posixAccount=user -a
objectClassMap=shadow:shadowAccount=user -a
serviceSearchDescriptor=passwd:cn=users,dc=osulvn,dc=net?one -a
serviceSearchDescriptor=group:cn=users,dc=osulvn,dc=net?one
...
System successfully configured
$ getent passwd userfoo
userfoo:x:20002:30000:User Foo:/home/userfoo:/bin/bash
At this point I can login as userfoo with GSSAPI auth over ssh or with
a password on the console.
After I reboot, I can no longer login as userfoo and 'getent' returns nothing.
I have the following log:
Nov 17 21:29:29 oitest1 svc.startd[51]: [ID 293258 daemon.warning]
libsldap: Status: 2 Mesg: Unable to load configuration
'/var/ldap/ldap_client_file' ('').
Nov 17 21:29:47 oitest1 svc.startd[9]: [ID 293258 daemon.warning]
libsldap: Status: 2 Mesg: Unable to load configuration
'/var/ldap/ldap_client_file' ('').
ldapclient isn't running:
$ svcs -xv ldap/client:default
svc:/network/ldap/client:default (LDAP client)
State: disabled since November 17, 2010 09:29:49 PM EST
Reason: Temporarily disabled by an administrator.
See: http://sun.com/msg/SMF-8000-1S
See: man -M /usr/share/man -s 1M ldap_cachemgr
Impact: This service is not running.
Manually enabling it doesn't help matters:
$ sudo svcadm enable ldap/client:default
$ svcs -xv ldap/client:default
svc:/network/ldap/client:default (LDAP client)
State: online since November 17, 2010 09:35:40 PM EST
See: man -M /usr/share/man -s 1M ldap_cachemgr
See: /var/svc/log/network-ldap-client:default.log
Impact: None.
$ getent passwd userfoo
$
Why does it work before reboot but then loses its mojo when I reboot?
More information about the OpenIndiana-discuss
mailing list