[OpenIndiana-discuss] Amnesiac LDAP Configuration

Patrick O'Sullivan irish at insaneirish.com
Thu Nov 18 14:47:58 UTC 2010 

ldap_client_file definitely isn't getting zeroed. Does your suspicion
still apply in that case?

On Nov 18, 2010, at 5:27, Tom Kranz <tom at siliconbunny.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote:
>
>> I've gotten a config working where I have Kerberos auth to AD and
>> passwd lookups via LDAP to AD. I enable it, and it works fine, but on
>> a reboot, it stops working. Please let me know if you have any
>> thoughts as to why this happens. (This behavior is common to both
>> oi147 and Solaris 11 Express.)
>>
>
> At this stage (after you've run ldapclient) /var/ldap/ldap_client_file should be populated with the correct values - is that the case?
>
> There were a couple of long standing bugs in Solaris 10 - one of them was where the LDAP client couldn't contact an LDAP server when it came to update it's configuration, it would write down a zero byte ldap_client_file - with predictable results.
>
> The other one was when /var filled up, even for a moment, ldap_client_file would be zeroed out when doing a profile refresh. Both partly stem from LDAP client profile updates moving ldap_client_file before getting an update, and then not being able/willing to move it back again if something goes wrong.
>
> However, I think the problem here is - are you storing this LDAP profile in AD? The LDAP client will do a refresh of the config from the profile on the LDAP server - I suspect on boot it's trying to do a refresh, not finding a profile, and the zeroing out ldap_client_file.
>
> You need to keep an LDAP client profile in the right container in the tree because clients will poll and refresh from that profile.
>
> Cheers,
> TOM
>
>
> - --
> Tom Kranz
> Email: tom at gaeltd.com    Skype: siliconbunny
> Mobile: 07779 149281    Phone/fax: 01344 773240
> http://www.gaeltd.com        http://www.linkedin.com/in/tomkranz
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iEYEARECAAYFAkzk/4QACgkQCaTe3ZK74hmAZQCeO+wSoLy8jiQG2hKJ1vRj3zju
> ekwAn26JK8oTCGWE3KEYTcOD2hafUtJB
> =L2es
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list