[OpenIndiana-discuss] Compile nss_ldap

[Jim Klimov]

2012-08-14 10:24, Ram Chander пишет:
> The Ldap server is hosted on linux and couldnt find any ldap client that is
> compiled already for OI.  Any other way to get client working is fine. Pls
> advice.

You were given one link; back in the days I found this one immensely
useful and detailed (Soup To Nuts Sun DSEE, by Brandon Hutchinson):

http://brandonhutchinson.com/wiki/Soup_To_Nuts_Sun_DSEE#Bind_an_LDAP_client

This is inclined toward setting up a Sun DSEE server (so you can skip
those parts) and Solaris 8/9/10 clients via search profiles and proxy
accounts (which you may need to implement on your LDAP server).

The Solaris 10 parts should be applicable to OpenSolaris and OI as well.

As Brandon reminds, when you "ldapclient init", the /etc/nsswitch.conf
file is overwritten with /etc/nsswitch.ldap. This default file
(/etc/nsswitch.ldap), does not use DNS when looking up hostnames
(naming info is assumed to be in LDAP), and only references local
files when LDAP is not available. You may also need customizations
to use LDAP netgroups to define user sets for particular client hosts.

Also note that some programs are pre-built as OpenLDAP clients. For
those you will need a /etc/ldap.conf file with OpenLDAP settings
(the directory server address, {proxy user} login info, base dn and
stuff) - but that is separate from the OS LDAP integration and only
regards those programs and libraries.

I found it useful to set up a single client properly, tarball the
LDAP config files (/etc/nsswitch.conf, /etc/ldap.conf, /etc/pam*,
/var/ldap/) and just unpack these tarballs on new clients (local
or global zones) - this is sufficient to afterwards just issue
"svcadm enable -r ldap/client" and have this new client integrated.
If you do use LDAP netgroups, you'd also have to add proper include
lines into /etc/passwd and /etc/shadow (groups use another mechanism).

HTH,
//Jim Klimov