Thanks for the reply....I had set up Solaris 10 back in the day....but this is a new environment. I agree with you, about this being challenging. I will enable verbose logging in a sandbox environment and try to see if I can figure out what Solaris wants. I wonder if it has to do something with my Canonical names using "uid" instead of "cn".... ________________________________________ From: Chris Ridd [[email protected]] Sent: Sunday, February 02, 2014 6:03 AM To: Discussion list for OpenIndiana Subject: Re: [OpenIndiana-discuss] New to OpenIndian
On 29 Jan 2014, at 04:52, Randall Svancara <[email protected]> wrote: > I will take a stab at this list...who knows I may get lucky. > > I am attempting to configure LDAP authentication for OpenIndiana...some > recent version. > > I am using manual configuration for the ldap client tool: > > #!/bin/bash > ldapclient manual \ [...] > -a serviceSearchDescriptor=passwd:ou=users,dc=tldhost,dc=wsu,dc=edu \ > -a serviceSearchDescriptor=group:ou=groups,dc=tldhost,dc=wsu,dc=edu \ > -a serviceSearchDescriptor=shadow:ou=users,dc=tldhost,dc=wsu,dc=edu > > When I try to run > > ldaplist -vvv password > +++ database=password > +++ filter=objectclass=posixaccount > +++ template for merging SSD filter=%s > ldaplist: Object not found (LDAP ERROR (32): No such object.) According to the man page here http://www.unix.com/man-page/opensolaris/1/ldaplist/ the name of the database in the ldaplist command is "passwd". I would guess that using the wrong name is causing some different DN to get used and sent to the server, which is telling you the different DN doesn't exist. You may need to get intimate with your LDAP server's logs if you want an easier time diagnosing the name services tools. If you can't get to the logs, then snooping the network traffic on your machine to the LDAP server should help. The Solaris LDAP name services code *does* work, but getting it working can be a bit of a bitch. Chris _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
