Hi, First of all, sorry for my english. I'll try to be clear. I have an OpenLdap server running in a Linux debian 2.6.18-3-k7 with this slapd.conf:
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/solaris.schema include /usr/local/etc/openldap/schema/DUAConfigProfile.schema include /usr/local/etc/openldap/schema/nisdomainobject.schema #include /usr/local/etc/openldap/schema/solaris-nis.schema pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args access to attrs=userPassword by self write by anonymous auth by * none access to * by * read allow bind_v2 database bdb suffix "dc=tel,dc=uva,dc=es" rootdn "cn=root,dc=tel,dc=uva,dc=es" rootpw secret directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq The OpenLdap version is 2.3.34. I want to have 3 clients to authenticate in the ldap server, one Linux, one Windows and one Solaris. With linux and windows there are no problems. With solaris client I have a problem. To configurate solaris client I did these steps: First, I added the solaris.schema and DUAConfigProfile.schema. After, I populated my directory. My tree is this: dn:dc=tel,dc=uva,dc=es objectClass: dcObject objectClass: organization objectClass: nisDomainObject nisDomain: tel.uva.es o: tel dc: tel dn:cn=root,dc=tel,dc=uva,dc=es objectClass: organizationalRole objectClass: bootableDevice cn: root dn:ou=users,dc=tel,dc=uva,dc=es ou: users objectClass: top objectClass: organizationalUnit dn:ou=groups,dc=tel,dc=uva,dc=es ou: groups objectClass: top objectClass: organizationalUnit dn:cn=profesores,ou=groups,dc=tel,dc=uva,dc=es cn: profesores gidNumber: 1001 objectClass: top objectClass: posixGroup dn:cn=alumnos,ou=groups,dc=tel,dc=uva,dc=es cn: alumnos gidNumber: 1002 objectClass: top objectClass: posixGroup dn:uid=dpercam,ou=users,dc=tel,dc=uva,dc=es uid: dpercam givenName: Daniel sn: Perez cn: Daniel Perez uidNumber: 2002 gidNumber: 1002 homeDirectory: /home/dpercam objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson mail: [EMAIL PROTECTED] loginShell: /bin/bash userPassword: dpercam dn:uid=edugom,ou=users,dc=tel,dc=uva,dc=es uid: edugom givenName: Eduardo sn: Gomez cn: Eduardo Gomez loginShell: /bin/bash uidNumber: 2005 gidNumber: 1001 homeDirectory: /home/edugom objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson userPassword: edugom dn:ou=profile,dc=tel,dc=uva,dc=es ou: profile objectClass: top objectClass: organizationalUnit dn:cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es cn: proxyagent sn: proxyagent objectClass: top objectClass: person userPassword: password dn:cn=default,ou=profile,dc=tel,dc=uva,dc=es objectClass: top objectClass: DUAConfigProfile defaultServerList: 192.168.70.133 defaultSearchBase: dc=tel,dc=uva,dc=es authenticationMethod: simple followReferrals: TRUE defaultSearchScope: one searchTimeLimit: 30 profileTTL: 43200 bindTimeLimit: 2 cn: default credentialLevel: proxy serviceSearchDescriptor: passwd: ou=users,dc=tel,dc=uva,dc=es?one serviceSearchDescriptor: group: ou=groups,dc=tel,dc=uva,dc=es?one serviceSearchDescriptor: shadow: ou=users,dc=tel,dc=uva,dc=es?one Then, I run the ldapclient: ldapclient -v init -a proxyDN=cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es -a proxyPassword=password -a domainname=tel.uva.es <ip.adress> The file nsswitch.conf is now: passwd: files ldap group: files ldap shadow files ldap hosts: files dns ipnodes: files dns networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files netgroup: ldap automount: files ldap aliases: files ldap services: files ldap printers: user files ldap auth_attr: files ldap prof_attr: files ldap project: files ldap tnrhtp: files ldap tnrhdb: files ldap The ldap_client_cred file is this: NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411 The ldap_client_file is this: NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= 192.168.70.133 NS_LDAP_SEARCH_BASEDN= dc=tel,dc=uva,dc=es NS_LDAP_AUTH= simple NS_LDAP_SEARCH_REF= TRUE NS_LDAP_SEARCH_SCOPE= one NS_LDAP_SEARCH_TIME= 30 NS_LDAP_CACHETTL= 43200 NS_LDAP_PROFILE= default NS_LDAP_CREDENTIAL_LEVEL= proxy NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=users,dc=tel,dc=uva,dc=es?one NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=tel,dc=uva,dc=es?one NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=users,dc=tel,dc=uva,dc=es?one NS_LDAP_BIND_TIME= 2 With this configuration It seems to work well some things. Ldapsearch, id and similar commands work well. But I want to login, and this is the problem. When I try to login with a ldap user, the pc shows me a message that I have to choose an initial password for my account, or because it has expired. ok. I change the password, and when I try to login again the pc shows me the same message, to change the password again. And this happens always. I can't login because when I try to do it, the pc always say me to change my password. The password changes well in the ldap server. I hope you can understand my problem. When I try to login, the ldap server shows this: conn=76 op=91 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=dpercam))" conn=76 op=91 SRCH attr=uid userpassword shadowflag <= bdb_equality_candidates: (uid) index_param failed (18) conn=76 op=91 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=76 op=92 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3 filter="(&(objectClass=posixAccount)(uid=dpercam))" conn=76 op=92 SRCH attr=cn uid uidnumber gidnumber gecos description homedirectory loginshell <= bdb_equality_candidates: (uid) index_param failed (18) conn=76 op=92 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=76 op=93 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=dpercam))" conn=76 op=93 SRCH attr=uid userpassword shadowflag <= bdb_equality_candidates: (uid) index_param failed (18) conn=76 op=93 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=76 op=94 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3 filter="(&(objectClass=posixAccount)(uid=dpercam))" conn=76 op=94 SRCH attr=cn uid uidnumber gidnumber gecos description homedirectory loginshell <= bdb_equality_candidates: (uid) index_param failed (18) conn=76 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=76 op=95 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=dpercam))" conn=76 op=95 SRCH attr=uid userpassword shadowflag <= bdb_equality_candidates: (uid) index_param failed (18) conn=76 op=95 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=76 op=96 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3 filter="(&(objectClass=SolarisUserAttr)(uid=dpercam))" conn=76 op=96 SRCH attr=uid SolarisUserQualifier SolarisAttrReserved1 SolarisAttrReserved2 SolarisAttrKeyValue conn=76 op=96 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=76 op=97 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3 filter="(&(objectClass=posixAccount)(uid=dpercam))" conn=76 op=97 SRCH attr=cn uid uidnumber gidnumber gecos description homedirectory loginshell <= bdb_equality_candidates: (uid) index_param failed (18) conn=76 op=97 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=76 op=98 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3 filter="(&(objectClass=shadowAccount)(uid=dpercam))" conn=76 op=98 SRCH attr=uid userpassword shadowflag <= bdb_equality_candidates: (uid) index_param failed (18) conn=76 op=98 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=76 op=99 SRCH base="ou=users,dc=tel,dc=uva,dc=es" scope=1 deref=3 filter="(&(objectClass=posixAccount)(uid=dpercam))" conn=76 op=99 SRCH attr=cn uid uidnumber gidnumber gecos description homedirectory loginshell <= bdb_equality_candidates: (uid) index_param failed (18) conn=76 op=99 SEARCH RESULT tag=101 err=0 nentries=1 text= Does anybody know what could be the problem??? I'm desesperate! Thank you very much. Daniel Pérez _________________________________________________________________ Charla con tus amigos en línea mediante MSN Messenger: http://messenger.latam.msn.com/ _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org