[OpenIndiana-discuss] openindiana ldap client
Tim Dunphy
bluethundr at gmail.com
Sun May 6 02:42:36 UTC 2012
Thanks!
That really did the trick!
ldapclient manual -a credentialLevel=proxy -a
authenticationMethod=simple -a proxyDN=cn=Manager,dc=example,dc=com -a
proxyPassword=secret -a defaultSearchBase=dc=example,dc=com -a
domainName=example.com -a defaultServerList=192.168.1.44
Grep ldap for ldap user:
root at openindiana:/var/ldap# getent passwd | grep walbs
walbs:x:1002:1003:Walkiria Soares-Dunphy:/home/walbs:/bin/bash
However I notice that now dns resolution seems mixed up, but only
since running ldapclient:
root at openindiana:/var/ldap# ping yahoo.com
ping: unknown host yahoo.com
Here's what nsswitch.conf is looking like:
root at openindiana:/var/ldap# cat /etc/nsswitch.conf
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
#
#
# /etc/nsswitch.ldap:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# LDAP service requires that svc:/network/ldap/client:default be enabled
# and online.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
# consult /etc "files" only if ldap is down.
hosts: files ldap
# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files ldap
networks: files ldap
protocols: files ldap
rpc: files ldap
ethers: files ldap
netmasks: files ldap
bootparams: files ldap
publickey: files ldap
netgroup: ldap
automount: files ldap
aliases: files ldap
# for efficient getservbyname() avoid ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
tnrhtp: files ldap
tnrhdb: files ldap
If I revert the file to pre-ldapclient I can ping yahoo and external
hosts again:
root at openindiana:/var/ldap# cat /etc/nsswitch.conf.bak > /etc/nsswitch.conf
root at openindiana:/var/ldap# ping yahoo.com
yahoo.com is alive
And of course I can't find ldap users in the directory again.
root at openindiana:/var/ldap# getent passwd | grep walbs
root at openindiana:/var/ldap#
Is there any way to have my cake and eat it too?
thanks
tim
On Sat, May 5, 2012 at 9:57 PM, Joshua M. Clulow <josh at sysmgr.org> wrote:
> On 6 May 2012 11:15, Tim Dunphy <bluethundr at gmail.com> wrote:
>> I've also tried using ldapclient, but am having no luck there either:
>
> I would definitely suggest that you'll want to use the native LDAP
> bits, not the PADL stuff.
>
>> root at openindiana:~/nss_ldap-265# ldapclient init -v -a profileName=default \
>>> -a domainname=example.com \
>>> -a proxyDN=cn=uid=proxy,ou=People,dc=example,dc=com \
>>> -a proxyPassword=secret \
>>> 192.168.1.44
>> Parsing profileName=default
>> Parsing domainname=example.com
>> Parsing proxyDN=cn=uid=proxy,ou=People,dc=example,dc=com
>> Parsing proxyPassword=secret
>> Arguments parsed:
>> domainName: example.com
>> proxyDN: cn=uid=proxy,ou=People,dc=example,dc=com
>> profileName: default
>> proxyPassword: secret
>> defaultServerList: 192.168.1.44
>> Handling init option
>> About to configure machine by downloading a profile
>> Can not find the nisDomainObject for domain example.com
>
> So you're specifying a profileName here. Have you created a profile
> object in your directory with the name "default"? The "init" mode of
> ldapclient uses a profile object in the directory for configuration.
>
> If you don't have or don't want to have a profile object, you could
> try using "ldapclient manual" rather than "ldapclient init". I
> believe the manual mode of ldapclient is described in the man page for
> the tool. There are also documents out on the Internet for
> configuring the Solaris 10 (or 11) Native LDAP Naming Service client
> which are mostly, if not entirely, applicable to the bits on
> OpenIndiana.
>
>
> Cheers.
>
> --
> Joshua M. Clulow
> UNIX Admin/Developer
> http://blog.sysmgr.org
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
More information about the OpenIndiana-discuss
mailing list