Re: Solaris 10 gorups and OpenLDAP 2.3.39
- From: kangcool <kangcool2002@xxxxxxxxxxx>
- Date: Fri, 25 Jan 2008 14:14:36 -0800 (PST)
I think its a config issues
I have a range of solaris 10 and solaris express all running of the
blastwave openldap with no real problem
How did you setup the ldap client?
ldapclient -v manual -a "defaultServerList=192.168.0.120:1389" -a
defaultSearchBase=dc=purple,dc=net -a
serviceSearchDescriptor=password:ou=People,dc=purple,dc=net -a
serviceSearchDescriptor=group:ou=group,dc=purple,dc=net -a
serviceSearchDescriptor=shadow:ou=People,dc=purple,dc=net -a
authenticationMethod=simple -a
proxyDN=cn=proxyagent,ou=profile,dc=purple,dc=net -a
proxyPassword=****
Theres some pam changes too
id -a works fine of me - solaris 10 u4 Generic_127111-06
See these guys for help http://www.opensolaris.org/jive/forum.jspa?forumID=119
they helped me alot
On 25 Jan, 18:36, CK <cl...@xxxxxxxxxxxxxxxxxx> wrote:
Hello everyone,
we are using a LDAP server to manage the users for a CMS.
Until now, we had Solaris 8, the old Netscape Directory Server (4.16)
and the CMS and it all worked fine: authentication, CMS user roles and
OS groups (used by the CMS to manage branch access).
This setup has been running since ... mid 2003 without any problem at
all whatsoever (did I mention that I like using Solaris?).
However, with the upgrade of the CMS comes the upgrade of Solaris
comes (to 10) the not working LDAP server. No problem, we thought and
are now trying to switch to OpenLDAP.
Most of the problems (sunfreeware package is not compiled with common
crypt support that meant ssh not working any longer and so on) are
solved by now (The blastwave packages made it all possible).
As mentioned above, branch access in the CMS is done via OS groups.
However, this does not work. So we tried to verify whether it is a CMS
problem or something else. It is something else:
An ldap user belonging to a certain group cannot access a directory
belonging to that group.
That would normally mean that the groups are simply not read and we
have made some error with the ldap migration, BUT there is something
else:
You can chown a directory to a group coming from ldap, that means that
Solaris can see the groups.
SSh works for all user, whether they are /etc/passwd (we have a couple
of those as admin accounts) or coming from ldap.
getent passwd returns both user types, files and ldap users
getent group returns both group tyes, files and ldap groups.
id -a of an ldap user does not return all the groups he is member of,
only one.
The ldap server does not report any errors, nor does the client.
The system is fully patched (as far as our ISP tells us).
I have done the following:
- using our old Netscape Server on the Solaris 8 box as LDAP server
for the Solaris 10 machine: same problem.
This makes me suspect it is a Solaris bug.
- compiling OpenLDAP from source, 2.3.35, 2.3.39: could not compile
(whoever built the Blastwave package - congrats on this achievement!)
My questions are:
Has anyone here encountered the same problem?
Has anyone found a solution for this?
Is this a LDAP server bug or a Solaris bug?
I would be very grateful for some help on this, for it drives me nuts.
--
Claus Dragon <clausk...@xxxxxxxxxxxxxxx>
=(UDIC)=
d++ e++ T--
K1!2!3!456!7!S a29
"Coffee is a mocker. So, I am going to mock."
- Me, lately.
.
- Follow-Ups:
- References:
- Prev by Date: Re: Solaris10space ipmon.pid gone missing
- Next by Date: Re: Solaris 10 gorups and OpenLDAP 2.3.39
- Previous by thread: Re: Solaris 10 gorups and OpenLDAP 2.3.39
- Next by thread: Re: Solaris 10 gorups and OpenLDAP 2.3.39
- Index(es):
Relevant Pages
|
Loading
