Hi Ulrich, > >>Dear all, >>I have problems connecting an open solaris 10 box to a novell linux ldap >>server (or better say: I am a newbie on this stuff and am confused about >>the right configuration).
That is not unusual! This configuration is also not that simple. >> >>(Do I need these two files since I have /opt/csw/etc/ldap.conf ?) Yes. The LDAP client must first bind to the directory before information can be accessed and the stored information has to be returned in a format that the Solaris OS utilities can use. When an LDAP client boots, two configuration files are read. One file, /var/ldap/ldap_client_cred, contains the client's credentials and describes how authentication is to take place. The other file, /var/ldap/ldap_client_file, locates LDAP servers and sets various configuration parameters. > > >>'svcs -a | grep ldap' gives this: >>offline 11:23:08 svc:/network/cswopenldap:default >>maintenance 11:23:11 svc:/network/ldap/client:default > > > That second one is your problem. What does svcs -x report (I am referring to the log file here)? > > How did you create the files in /var/ldap ? You do not need to create these files, they are created automatically for you. > > Does a simple ldapsearch against the directory server work from > Solaris - this doesn't use the config in /var/ldap but at least > ensures that the LDAP protocol can work between your Solaris machine and > the directory server. > Now, along with eDirectory (which is what I presume you are using )installation, Novell Modular Authentication System (NMAS), also needs to be installed and configured. NMAS is required for supporting alternate password storage mechanisms like UNIX™ crypt, SHA-1, MD5 etc. in eDirectory. After the eDirectory installation and configuration, install the NMAS objects and configure the SimplePassword method. This method enables eDirectory to handle the encrypted user passwords generated by UNIX systems. Extend the eDirectory schema installed on the machine to provide the LDAP directory services. This is to enable eDirectory to provide the required services. eDirectory schema should be extended with the following schema: 1. NIS schema: The NIS schema defined by rfc2307.txt enables eDirectory for storing the NIS related information. 2.Solaris schema: The Solaris schema defined by Sun enables eDirectory to store information relevant to the Solaris operating environment and the services provided by Solaris. 3.DUAConfSchema: The DUAConfSchema defined by Sun, enables eDirectory to store information relevant to the profiles of the workstations. This information will enable the new workstations to download already existing profiles from the LDAP directory. Configuring Solaris workstation using ldapclient: The steps involved in setting up ldapclient on Solaris are as follows: In order for a Solaris client to use LDAP directory as a naming service the following needs to be in place: - The clients domain name must be hosted by the LDAP directory - The nsswitch.conf file needs to point to LDAP for the required services. - The client needs to be configured with all the given parameters that define its behavior. - ldap_cache_mgr needs to be running on the client. - At least one server for which a client is configured must be up and running. I can give you additional information if required and can send you in a seperate email. Hope this helps. -- Best regards -Michael Sun Microsystems, Inc. _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
