[OpenIndiana-discuss] New to OpenIndian

Svancara, Randall rsvancara at wsu.edu
Mon Feb 3 01:14:27 UTC 2014 

Thanks for the reply....I had set up Solaris 10 back in the day....but this is a new environment.  I agree with you, about this being challenging.  I will enable verbose logging in a sandbox environment and try to see if I can figure out what Solaris wants.  I wonder if it has to do something with my Canonical names using "uid" instead of "cn"....
________________________________________
From: Chris Ridd [chrisridd at mac.com]
Sent: Sunday, February 02, 2014 6:03 AM
To: Discussion list for OpenIndiana
Subject: Re: [OpenIndiana-discuss] New to OpenIndian

On 29 Jan 2014, at 04:52, Randall Svancara <rsvancara at wsu.edu> wrote:

> I will take a stab at this list...who knows I may get lucky.
>
> I am attempting to configure LDAP authentication for OpenIndiana...some recent version.
>
> I am using manual configuration for the ldap client tool:
>
> #!/bin/bash
> ldapclient manual \
[...]
> -a serviceSearchDescriptor=passwd:ou=users,dc=tldhost,dc=wsu,dc=edu \
> -a serviceSearchDescriptor=group:ou=groups,dc=tldhost,dc=wsu,dc=edu \
> -a serviceSearchDescriptor=shadow:ou=users,dc=tldhost,dc=wsu,dc=edu
>
> When I try to run
>
> ldaplist -vvv password
> +++ database=password
> +++ filter=objectclass=posixaccount
> +++ template for merging SSD filter=%s
> ldaplist: Object not found (LDAP ERROR (32): No such object.)

According to the man page here http://www.unix.com/man-page/opensolaris/1/ldaplist/ the name of the database in the ldaplist command is "passwd". I would guess that using the wrong name is causing some different DN to get used and sent to the server, which is telling you the different DN doesn't exist.

You may need to get intimate with your LDAP server's logs if you want an easier time diagnosing the name services tools.

If you can't get to the logs, then snooping the network traffic on your machine to the LDAP server should help.

The Solaris LDAP name services code *does* work, but getting it working can be a bit of a bitch.

Chris
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list