[OpenIndiana-discuss] Amnesiac LDAP Configuration

Tom Kranz tom at siliconbunny.com
Thu Nov 18 10:27:05 UTC 2010

Hash: SHA1

On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote:

> I've gotten a config working where I have Kerberos auth to AD and
> passwd lookups via LDAP to AD. I enable it, and it works fine, but on
> a reboot, it stops working. Please let me know if you have any
> thoughts as to why this happens. (This behavior is common to both
> oi147 and Solaris 11 Express.)

At this stage (after you've run ldapclient) /var/ldap/ldap_client_file  
should be populated with the correct values - is that the case?

There were a couple of long standing bugs in Solaris 10 - one of them  
was where the LDAP client couldn't contact an LDAP server when it came  
to update it's configuration, it would write down a zero byte  
ldap_client_file - with predictable results.

The other one was when /var filled up, even for a moment,  
ldap_client_file would be zeroed out when doing a profile refresh.  
Both partly stem from LDAP client profile updates moving  
ldap_client_file before getting an update, and then not being able/ 
willing to move it back again if something goes wrong.

However, I think the problem here is - are you storing this LDAP  
profile in AD? The LDAP client will do a refresh of the config from  
the profile on the LDAP server - I suspect on boot it's trying to do a  
refresh, not finding a profile, and the zeroing out ldap_client_file.

You need to keep an LDAP client profile in the right container in the  
tree because clients will poll and refresh from that profile.


- --
Tom Kranz
Email: tom at gaeltd.com	Skype: siliconbunny
Mobile: 07779 149281	Phone/fax: 01344 773240
http://www.gaeltd.com		http://www.linkedin.com/in/tomkranz



More information about the OpenIndiana-discuss mailing list