[OpenIndiana-discuss] Amnesiac LDAP Configuration

Thu Nov 18 02:41:45 UTC 2010

I've gotten a config working where I have Kerberos auth to AD and
passwd lookups via LDAP to AD. I enable it, and it works fine, but on
a reboot, it stops working. Please let me know if you have any
thoughts as to why this happens. (This behavior is common to both
oi147 and Solaris 11 Express.)

Configuring ldapclient:

$ sudo ldapclient -v manual -a credentialLevel=self -a
authenticationMethod=sasl/gssapi -a defaultSearchBase=dc=osulvn,dc=net
-a domainName=osulvn.net -a defaultServerList=ad1.osulvn.net -a
attributeMap=passwd:gecos=cn -a
attributeMap=passwd:homedirectory=unixHomeDirectory -a
objectClassMap=group:posixGroup=group -a
objectClassMap=passwd:posixAccount=user -a
objectClassMap=shadow:shadowAccount=user -a
serviceSearchDescriptor=passwd:cn=users,dc=osulvn,dc=net?one -a
serviceSearchDescriptor=group:cn=users,dc=osulvn,dc=net?one
...
System successfully configured
$ getent passwd userfoo
userfoo:x:20002:30000:User Foo:/home/userfoo:/bin/bash

At this point I can login as userfoo with GSSAPI auth over ssh or with
a password on the console.

After I reboot, I can no longer login as userfoo and 'getent' returns nothing.

I have the following log:

Nov 17 21:29:29 oitest1 svc.startd[51]: [ID 293258 daemon.warning]
libsldap: Status: 2  Mesg: Unable to load configuration
'/var/ldap/ldap_client_file' ('').
Nov 17 21:29:47 oitest1 svc.startd[9]: [ID 293258 daemon.warning]
libsldap: Status: 2  Mesg: Unable to load configuration
'/var/ldap/ldap_client_file' ('').

ldapclient isn't running:

$ svcs -xv ldap/client:default
svc:/network/ldap/client:default (LDAP client)
 State: disabled since November 17, 2010 09:29:49 PM EST
Reason: Temporarily disabled by an administrator.
   See: http://sun.com/msg/SMF-8000-1S
   See: man -M /usr/share/man -s 1M ldap_cachemgr
Impact: This service is not running.

Manually enabling it doesn't help matters:

$ sudo svcadm enable ldap/client:default
$ svcs -xv ldap/client:default
svc:/network/ldap/client:default (LDAP client)
 State: online since November 17, 2010 09:35:40 PM EST
   See: man -M /usr/share/man -s 1M ldap_cachemgr
   See: /var/svc/log/network-ldap-client:default.log
Impact: None.
$ getent passwd userfoo
$

Why does it work before reboot but then loses its mojo when I reboot?