[OpenIndiana-discuss] New to OpenIndian

Chris Ridd chrisridd at mac.com
Sun Feb 2 14:03:14 UTC 2014


On 29 Jan 2014, at 04:52, Randall Svancara <rsvancara at wsu.edu> wrote:

> I will take a stab at this list...who knows I may get lucky.
> 
> I am attempting to configure LDAP authentication for OpenIndiana...some recent version.
> 
> I am using manual configuration for the ldap client tool:
> 
> #!/bin/bash
> ldapclient manual \
[...]
> -a serviceSearchDescriptor=passwd:ou=users,dc=tldhost,dc=wsu,dc=edu \
> -a serviceSearchDescriptor=group:ou=groups,dc=tldhost,dc=wsu,dc=edu \
> -a serviceSearchDescriptor=shadow:ou=users,dc=tldhost,dc=wsu,dc=edu
> 
> When I try to run
> 
> ldaplist -vvv password
> +++ database=password
> +++ filter=objectclass=posixaccount
> +++ template for merging SSD filter=%s
> ldaplist: Object not found (LDAP ERROR (32): No such object.)

According to the man page here http://www.unix.com/man-page/opensolaris/1/ldaplist/ the name of the database in the ldaplist command is "passwd". I would guess that using the wrong name is causing some different DN to get used and sent to the server, which is telling you the different DN doesn't exist.

You may need to get intimate with your LDAP server's logs if you want an easier time diagnosing the name services tools.

If you can't get to the logs, then snooping the network traffic on your machine to the LDAP server should help.

The Solaris LDAP name services code *does* work, but getting it working can be a bit of a bitch.

Chris


More information about the OpenIndiana-discuss mailing list