Hi guys, For the default profile setup, here is the result of that query:
ldapsearch -x -b "cn=default,ou=profile,dc=live,dc=tipp24,dc=net" # extended LDIF # # LDAPv3 # base <cn=default,ou=profile,dc=live,dc=tipp24,dc=net> with scope subtree # filter: (objectclass=*) # requesting: ALL # # default, profile, live.tipp24.net dn: cn=default,ou=profile,dc=live,dc=tipp24,dc=net cn: default authenticationMethod: none bindTimeLimit: 5 objectclassMap: shadow:shadowAccount=posixAccount followReferrals: TRUE searchTimeLimit: 15 serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=live,dc=tipp24,dc=net serviceSearchDescriptor: group:cn=groups,cn=compat,dc=live,dc=tipp24,dc=net objectClass: top objectClass: DUAConfigProfile defaultSearchBase: dc=live,dc=tipp24,dc=net defaultServerList: [IPA master hostname] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 As for the actual queries, here is the access log from when I execute the ldapclient command on the Solaris box: [08/Feb/2010:11:12:18 +0100] conn=686769 fd=122 slot=122 connection from [client IP] to [server IP] [08/Feb/2010:11:12:18 +0100] conn=686769 op=0 SRCH base="" scope=0 filter="(objectClass=*)" attrs="namingContexts" [08/Feb/2010:11:12:18 +0100] conn=686769 op=0 RESULT err=0 tag=101 nentries=1 etime=0 [08/Feb/2010:11:12:18 +0100] conn=686769 op=1 SRCH base="dc=live,dc=tipp24,dc=net" scope=2 filter="(&(objectClass=nisDomainObject)(nisDomain=live.tipp24.net))" attrs=ALL [08/Feb/2010:11:12:18 +0100] conn=686769 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [08/Feb/2010:11:12:18 +0100] conn=686769 op=2 UNBIND [08/Feb/2010:11:12:18 +0100] conn=686769 op=2 fd=122 closed - U1 I hope that's of some help. Andy -----Original Message----- From: Nalin Dahyabhai [mailto:[email protected]] Sent: 05 February 2010 17:05 To: Andy Singleton Cc: Rob Crittenden; [email protected] Subject: Re: [Freeipa-users] Installing IPA on Solaris 10 On Fri, Feb 05, 2010 at 04:03:05PM -0000, Andy Singleton wrote: > Hi Rob, > > Ok ive switched on the compat plugin. > Incidentally, does this need to be done separately for all replicas? I believe so. The set of plugins which are configured is configured on each server. > However, when I run ldapclient init <ipa_server>, I get this message: > "Failed to find defaultSearchBase for domain" Does the client have its domain set to match the name of the IPA domain before you run 'ldapclient init'? The ldapclient command will look for the profile information using the client's domain name as a starting point. I believe this is done with the 'domainname' command, though I'm not sure of the name the configuration file which you'd need to edit to make that setting permanent. HTH, Nalin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
