Hi, have this Solaris 9 Box's worked with the old iPlanet DS?. For the password you have to configure the /etc/pam.conf like described in the man pages:
$ man pam_ldap it is different to Solaris10 I guess that Solaris needs also the VLV's for getentpwent, which can created by run /usr/lib/ldap/idsconfig. You can use this script also for the 389DS if you fake the version check to the 5.2 version (you can google for this). BTW: If you use ldaps you must provide the CA' cert in an old cert7.db on the Solarsi9 Client. HTH Carsten Am 15.04.13 schrieb Elizabeth Jones <bajo...@panix.com>: > We are trying to move our servers off a very old version of iplanet (circa > 2002) to 389 DS. The data in both ldaps is almost identical, except that > there was some stuff in the iplanet that couldn't convert over to 389. I'm > not sure exactly what wouldn't convert, except that I couldn't do an > export of the iplanet database and import into 389, instead did an ldif. > > Everything we have converted so far (RHEL 4,5,6 and Solaris 10) has gone > over successfully, but I'm running into problems with some old Solaris 9 > servers. They seem to be connecting successfully to the ldap, but not > pulling back a password. getent passwd shows the list of users in the > ldap, and I can su from root to my user account. When I have su'ed to my > account, groups shows all the groups that I have in my ldap account on the > new DS. > > I noticed this in the ldap logs, but I don't know what SolarisAuditUser > means -- > > [13/Apr/2013:23:42:07 -0500] conn=2042387 op=1 SRCH > base="ou=people,dc=mycompany,dc=com" scope=2 filter="(&(object > Class=SolarisAuditUser)(uid=ejones))" attrs="uid SolarisAuditAlways > SolarisAuditNever" > > Is anyone familiar with this? > > thanks - > > EJ > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users