[OpenIndiana-discuss] Amnesiac LDAP Configuration
Tom Kranz
tom at siliconbunny.com
Thu Nov 18 10:27:05 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote:
> I've gotten a config working where I have Kerberos auth to AD and
> passwd lookups via LDAP to AD. I enable it, and it works fine, but on
> a reboot, it stops working. Please let me know if you have any
> thoughts as to why this happens. (This behavior is common to both
> oi147 and Solaris 11 Express.)
>
At this stage (after you've run ldapclient) /var/ldap/ldap_client_file
should be populated with the correct values - is that the case?
There were a couple of long standing bugs in Solaris 10 - one of them
was where the LDAP client couldn't contact an LDAP server when it came
to update it's configuration, it would write down a zero byte
ldap_client_file - with predictable results.
The other one was when /var filled up, even for a moment,
ldap_client_file would be zeroed out when doing a profile refresh.
Both partly stem from LDAP client profile updates moving
ldap_client_file before getting an update, and then not being able/
willing to move it back again if something goes wrong.
However, I think the problem here is - are you storing this LDAP
profile in AD? The LDAP client will do a refresh of the config from
the profile on the LDAP server - I suspect on boot it's trying to do a
refresh, not finding a profile, and the zeroing out ldap_client_file.
You need to keep an LDAP client profile in the right container in the
tree because clients will poll and refresh from that profile.
Cheers,
TOM
- --
Tom Kranz
Email: tom at gaeltd.com Skype: siliconbunny
Mobile: 07779 149281 Phone/fax: 01344 773240
http://www.gaeltd.com http://www.linkedin.com/in/tomkranz
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkzk/4QACgkQCaTe3ZK74hmAZQCeO+wSoLy8jiQG2hKJ1vRj3zju
ekwAn26JK8oTCGWE3KEYTcOD2hafUtJB
=L2es
-----END PGP SIGNATURE-----
More information about the OpenIndiana-discuss
mailing list