[OpenIndiana-discuss] Could not setup LDAP for SAMBA
IVO GELOV (CRM)
ivo at crm.walltopia.com
Tue Mar 6 19:00:27 UTC 2012
On Tue, 06 Mar 2012 19:16:43 +0200, Jonathan Adams <t12nslookup at gmail.com> wrote:
> you can have it set up to have all files owned by a single user if
> that is what you want, you can do that in the samba configuration ...
>
Yes, but as you already said - in this case I will need a 1:1 existense of Solaris
account for every SAMBA user (which I am trying to actively avoid - that is why
I am doing all the gymnasticks)
> as I said, the hardest issue is to make your solaris machine an LDAP
> client ... I take it that the LDAP server is running on the local
> machine?
>
Yes, it is a local LDAP server (using BDB - because SQL will be way too much for
my particular case)
> I'm wondering if it is to do with your LDAP_SEARCH_SCOPE ... I think
> you'll need "subtree".
>
I have changed this to "subtree", issued "svcadm restart network/ldap/client",
but "getent passwd administration" still shows nothing.
> I also have a NS_LDAP_CREDENTIAL_LEVEL=proxy ... I'm not sure if you
> need that ...
>
Probably not, because I am binding with the master LDAP credentials:
/var/ldap/ldap_client_cred
--------------------------
NS_LDAP_BINDDN= cn=admin,dc=domain,dc=com
NS_LDAP_BINDPASSWD= robocop
> can you run:
>
> ldapsearch -b dc=domain,dc=com uid=Administrator
>
This does not work - it says:
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
This means that I do not have a working SASL setup - but I do not know how
to do it, because there is no "saslauthd" or "/etc/sasldb" as in Linux (where
I have a little bit of experience)
However, I can run
ldapsearch -D "cn=admin,dc=domain,dc=com" -w my-secret
and I am able to see all entries inside the LDAP.
> do you have access to JXplorer, can you access the LDAP server from within that?
>
Yes, I can access the LDAP server through JXplorer, phpLDAPadmin and Softerra LDAP Administrator
(using simple authentication only)
IVO GELOV
More information about the OpenIndiana-discuss
mailing list