On Sat, Oct 8, 2011 at 4:54 AM, Christian Manal <[email protected]> wrote: > Am 07.10.2011 23:58, schrieb NetNinja: >> Ok that's good to know. >> I was reading in the book "Solaris 10 System Administration Essential" >> and it says on pg 365 that the openldap server needs to be patched so >> that the ldapclient init utility will configure properly. >> >> Do you happen to remeber how you setup the Solaris Native client? This >> my current issue, I installed openldap on a RHEL 5.5 server and have all >> the Linux servers working with the ldap server but the Solaris servers >> won't let me login as a ldap user. I can do a ldapsearch, id, getent and >> get info on ldap users. I am in the process of troubleshooting the issue >> and I'm not sure what I'm doing wrong? My setup is very basic, no TLS, >> uatomount or replication. I will add these later when I know what i'm doing. >> >> Anyway thanks for your help. If you have any advice on ldapclient setup >> let me know. >> >> On Fri, Oct 7, 2011 at 3:41 PM, Christian Manal >> <[email protected] >> <mailto:[email protected]>> wrote: >> >> Am 07.10.2011 20:25, schrieb NetNinja: >> > Hello, >> > I have been reading up on OpenLDAP. I have installed it on RHEL >> 5.5 but >> > I have seen documention saying that openldap needs to be patched >> to work >> > with Solaris. Can someone tell me if this still the case and if so >> where >> > to get the patch. If not any info you can provide wold be great. >> > >> > Thanks >> > >> > >> >> Hi, >> >> I've been running OpenLDAP on Solaris 10 for years now. It works out of >> the tarball, no patches needed. >> >> >> Regards, >> Christian Manal >> >> >> >> >> > > > Here's an example of an ldapclient invocation that works for me: > > ldapclient manual \ > -a authenticationMethod="tls:simple" \ > -a credentialLevel="proxy" \ > -a defaultSearchBase="dc=example,dc=org" \ > -a defaultSearchScope="sub" \ > -a defaultServerList="ldap1.example.org,ldap2.example.org" \ > -a domainName="example.org" \ > -a preferredServerList="ldap1.example.org,ldap2.example.org" \ > -a serviceSearchDescriptor="passwd:ou=People,dc=example,dc=org" \ > -a serviceSearchDescriptor="group:ou=Group,dc=example,dc=org" \ > -a serviceSearchDescriptor="netgroup:ou=Netgroup,dc=example,dc=org" \ > -a > serviceSearchDescriptor="auto_home:ou=auto_home,ou=Mounts,dc=example,dc=org" > \ > -a attributeMap="auto_home:automountMapName=ou" \ > -a attributeMap="auto_home:automountKey=cn" \ > -a proxyDN="uid=proxyauth,ou=people,dc=example,dc=org" \ > -a proxyPassword="foobar" > > > Before you invoke that, you need to modify /etc/nsswitch.ldap to your > needs (ldapclient will copy that to /etc/nsswitch.conf). You also need > to put your TLS certs into /var/ldap in NSS format (you can > generate/convert them with certutil[1]) and edit /etc/pam.conf for LDAP > authentication. > > > Regards, > Christian Manal > > > [1] http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html >
Thanks, I will try your command. Since you used ldapclient manual and not ldapclient init I don't need to add a profile of proxy ldif file to the ldap server, right? I have been using examples like the one you just gave me and I can only get the info from the server. The password seems to not work. I get the same erros on the prompt that I would get if the password or username where wrong. Though I have not tried the command with the serviceSearchDescriptor before maybe this is what I'm missing. I'm also not using TLS or automount can I leave these out, for now? Sotls:simple would be simple, right. Also could Solaris 10 not want to work because I'm not using TLS? Anyway thanks for your time. I will let you know if it works.
