changing ldapclient

From: olafo@xxxxxx
Date: Tue, 19 Dec 2006 10:07:45 +0100

Hi all,

i have a Solaris 8 machine

SunOS abcde 5.8 Generic_117350-43 sun4u sparc SUNW,Sun-Fire-15000

which uses a SunDirectory 5.1 SP2 for Naming Service.

passwd: files ldap [TRYAGAIN=continue]
group: files ldap [TRYAGAIN=continue]

ldapclient -l
NS_LDAP_FILE_VERSION= 1.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=xxxdc=de
NS_LDAP_BINDPASSWD= {NS1}ecc423aad085ce11
NS_LDAP_SERVERS= a.b.c.d, e.f.g.h
NS_LDAP_SEARCH_BASEDN= dc=pwc,dc=de
NS_LDAP_AUTH= NS_LDAP_AUTH_SIMPLE
NS_LDAP_SEARCH_REF= NS_LDAP_FOLLOWREF
NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_ONELEVEL
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= a.b.c.d, e.f.g.h
NS_LDAP_PROFILE= nice-profile
NS_LDAP_BIND_TIME= 30

Now i'm try to switch the Directory to a new 5.2 version which Solaris9 Server
already using for naming services.
ldapclient -l

NS_LDAP_FILE_VERSION= 1.0
NS_LDAP_BINDDN= cn=ldapproxy,ou=profile,dc=xxx,dc=de
NS_LDAP_BINDPASSWD= {NS1}c5f5eadc7d61
NS_LDAP_SERVERS= k.l.m.n, p.r.s.t
NS_LDAP_SEARCH_BASEDN= dc=xxx,dc=de
NS_LDAP_AUTH= NS_LDAP_AUTH_SIMPLE
NS_LDAP_SEARCH_REF= NS_LDAP_FOLLOWREF
NS_LDAP_DOMAIN=
NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_ONELEVEL
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= k.l.m.n, p.r.s.t
NS_LDAP_BIND_TIME= 30

I've changed nothing but the ldapclient configuration.
I've noticed that Solaris 8 requires the objectclass
shadowaccount for a user (else the server don't get the user in getent passwd uid).
When i'm try to login to the server with ssh im getting
Permission denied (publickey,password,keyboard-interactive)

I don't see any error messages in /var/adm/messages.
Where do i look for messages?
Where else must change something?

tia

Olaf Oehme

------------------------------
olaf oehme
tel. +491733824503
email olaf.oehme@xxxxxx
_______________________________________________
sunmanagers mailing list
sunmanagers@xxxxxxxxxxxxxxx
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

Prev by Date: Unable to online service group in Veritas Cluster
Next by Date: Automated tasks command.
Previous by thread: Unable to online service group in Veritas Cluster
Next by thread: Automated tasks command.
Index(es):
- Date
- Thread

Relevant Pages

Re: Solaris 8 nss_ldap frustration
... Solaris ... except ldapclient doesn't really work. ... The main difference between pam_unix_auth and pam_ldap is that with pam_unix_auth the local client makes the decision of whether or not the user has succeeded with authentication, while with pam_ldap the ldap server decides if authentication is successful. ...
(comp.unix.solaris)
Re: Solaris 8 nss_ldap frustration
... I've got RFC 2307 conformant entries in our directory that work with Solaris ... The obvious problem I see (via snoop) is that regardless of the "alternate ... If your Directory Server is not SUN DS5.2, ldapclient may not work without 1) a nisDomainObject in root entry, 2) access permission to read RootDSE. ...
(comp.unix.solaris)
SUMMARY: Solaris 8 ldapclient with TLS
... Solaris 8 ldapclient with TLS ... Solaris 8 default ldapsearch doesn't have it but the ldapclient does ...
(SunManagers)
Re: Solaris 8 nss_ldap frustration
... Solaris ... search base" settings I make via ldapclient, ... except ldapclient doesn't really work. ... without 1) a nisDomainObject in root entry, ...
(comp.unix.solaris)
Re: open source tools for browsing CORBA Naming Service space?
... again I find the Naming Service tools such as lsns really primitive. ... not have the Windoze installation of Orbix available, only the Solaris ...
(comp.object.corba)