Hi Nick,
If I remember well, you must use a cn or an ou in the
serviceSearchDescriptor (you can have more than one, just separate them
with semicolons).
I also had better success using a single server in defaultServerList
(and then ldapclient mod for multiple servers) or using a single server
in preferedServerList and multiple ones in defaultServerList.
There seems to be a bug in the startup code for ldapclient in some cases
and I already posted about it, but nobody seemed to have encountered it yet.
Arnaud
Le 23/03/10 02:58, Nick a écrit :
I'm having some trouble getting ldapclient to configure manually. Here's the
command I'm using:
# ldapclient manual -a serviceSearchDescriptor="passwd:dc=domain,dc=com?sub" -a
serviceSearchDescriptor="group:dc=domain,dc=com?sub" -a defaultSearchScope=sub -a
objectclassMap="passwd:posixAccount=posixAccount" -a objectclassMap="group:posixGroup=posixGroup" -a credentialLevel=anonymous -a
authenticationMethod="tls:simple" -a followReferrals=TRUE -a bindTimeLimit=10 -a defaultSearchBase="dc=domain,dc=com" -a
defaultServerList="server1.domain.com server2.domain.com" -a searchTimeLimit=30
When I run this command, I get the following error:
Error resetting system.
Recovering old system settings.
Error (1) while starting services during reset
When I look at the /var/svc/log/network-ldap-client:default.log file, I see the
following:
[ Mar 22 19:41:01 Leaving maintenance because disable requested. ]
[ Mar 22 19:41:01 Disabled. ]
[ Mar 22 19:41:01 Enabled. ]
[ Mar 22 19:41:01 Executing start method ("/lib/svc/method/ldap-client start").
]
/usr/lib/ldap/ldap_cachemgr: failed. Please see syslog for details.
[ Mar 22 19:41:01 Method "start" exited with status 1. ]
[ Mar 22 19:41:02 Leaving maintenance because disable requested. ]
[ Mar 22 19:41:02 Disabled. ]
[ Mar 22 19:41:02 Enabled. ]
[ Mar 22 19:41:02 Executing start method ("/lib/svc/method/ldap-client start").
]
WARNING: /var/ldap/ldap_client_file is missing or not readable
[ Mar 22 19:41:02 Method "start" exited with status 96. ]
I'm not sure about the first error, but the second, about ldap_client_file missing or not
readable, baffles me, because, as far as I know, the "ldapclient manual"
command is supposed to create the file, so I'm not sure why this error is causing
ldapclient to fail. Here's the verbose output...I'd very much appreciate any hints on
why this is happening or what I'm doing wrong!
Parsing serviceSearchDescriptor=passwd:dc=domain,dc=com?sub
Parsing serviceSearchDescriptor=group:dc=domain,dc=com?sub
Parsing defaultSearchScope=sub
Parsing objectclassMap=passwd:posixAccount=posixAccount
Parsing objectclassMap=group:posixGroup=posixGroup
Parsing credentialLevel=anonymous
Parsing authenticationMethod=tls:simple
Parsing followReferrals=TRUE
Parsing bindTimeLimit=10
Parsing defaultSearchBase=dc=domain,dc=com
Parsing defaultServerList=server1.domain.com server2.domain.com
Parsing searchTimeLimit=30
Arguments parsed:
authenticationMethod: tls:simple
defaultSearchBase: dc=domain,dc=com
credentialLevel: anonymous
objectclassMap:
arg[0]: passwd:posixAccount=posixAccount
arg[1]: group:posixGroup=posixGroup
searchTimeLimit: 30
followReferrals: TRUE
defaultSearchScope: sub
serviceSearchDescriptor:
arg[0]: passwd:dc=domain,dc=com?sub
arg[1]: group:dc=domain,dc=com?sub
bindTimeLimit: 10
defaultServerList: server1.domain.com server2.domain.com
Handling manual option
Proxy DN: NULL
Proxy password: NULL
Credential level: 0
Authentication method: 3
No proxyDN/proxyPassword required
Shadow Update is not enabled, no adminDN/adminPassword is required.
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: system/filesystem/autofs:default... success
Stopping ldap
stop: network/ldap/client:default... restoring from maintenance state
stop: sleep 100000 microseconds
stop: network/ldap/client:default... success
nis(yp) not running
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: open(/var/ldap/restore/defaultdomain)
recover: read(/var/ldap/restore/defaultdomain)
recover: old domainname ""
recover: stat(/var/ldap/restore/ldap_client_file)=-1
recover: stat(/var/ldap/restore/ldap_client_cred)=-1
recover: stat(/var/ldap/restore/nsswitch.conf)=0
recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0
recover: stat(/var/ldap/restore/defaultdomain)=0
recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0
Starting network services
start: /usr/bin/domainname ... success
start: sleep 100000 microseconds
start: network/ldap/client:default... maintenance
start: sleep 100000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
Error (1) while starting services during reset
_______________________________________________
opensolaris-help mailing list
[email protected]
