Re: opensolaris and openldap

On 3 Nov, 20:59, Georg Klein <g...@xxxxxxxxxxxxx> wrote:
hi all

I a running a openldap environment where all our *nix boxes (Linux,
AIX) are authenticating against. Now I a trying to integrate some
Solaris and opensolaris boxes into that environment.

I did start with a opensolaris box using 'ldapclient -v manual ...' to
configure the box. It generates the /var/ldap/ldap_client_file and the
/var/ldap/ldap_client_cred files, including all the needed settings
(using the proxy mode and having defined ProxyDB and proxyPassword).
When restarting the ldap_cachemgr und nscd everything looks quite
well. I can conntect to ldap, I can query accounts and groups (with getent,
ldaplist, id) and all that stuff. I even can su to a user only in ldap
(getting the error, that the home directory does not exist). If I
craete the hoe directory manually, I can do a successfull su to that
local not available user and have correct uid, gid and group
memberships that are stored in ldap.

However, I am not able to login to that box via ssh. When debugging
that session on one of the openldap servers, I can see thet the box is
not binding to openldap with the configured proxyDN, but as anonymous.

So - for testing - I configured my openldap acls that way, that it
allows anonymous read of the userPassword-attribute: everthing was OK.
I could login to the machine via ssh and my password was accepted.
Changing back the acl settings - it did not work again. So in general
everything looks OK.

Further on I tested to bind as the configured ProxyDN: works too.

So the problem seems to be, that opensolaris is not going to bind as
the defined proxyuser but as anonymous. Am I missing something there?
Is there anything else that has to be configured?

A first try with Solaris 8 showed the same result.

I will check that stuff in the next days against a Solaris 10 and a
Solaris 8 box to make sure, that I am not running into a specific
problem of the opensolaris build. Any hint is welcome.

Thx in advance,  Georg

Which opensolaris are you using?

ldap could be broke again
.

Relevant Pages

  • opensolaris and openldap
    ... I a running a openldap environment where all our *nix boxes (Linux, ... Solaris and opensolaris boxes into that environment. ... Further on I tested to bind as the configured ProxyDN: ...
    (comp.unix.solaris)
  • Re: opensolaris and openldap
    ... I a running a openldap environment where all our *nix boxes (Linux, ... Solaris and opensolaris boxes into that environment. ... I can conntect to ldap, I can query accounts and groups (with getent, ...
    (comp.unix.solaris)
  • Re: The sorry state of SUNW
    ... One could wonder if Sun hasn't learned a valuable lesson when MS ... Would OpenSolaris be considered Unix or a Unix-like OS? ... shift from Debian to Solaris 10 on my server, ... will maintain the several software packages and actually make the call ...
    (comp.unix.solaris)
  • Sydney Open Solaris User Group meeting on May 31 [was Re: Top]
    ... speaking at the first Sydney Open Solaris User Group meeting ... A welcome to the Sydney OpenSolaris User Group by Ché Kristo. ... Alan Hargreaves will talk about SDT probes. ...
    (comp.unix.solaris)
  • Re: OpenSolaris Release is NEXT WEEK!
    ... I am drooling, waiting for OpenSolaris, and also a Sunfire ... a Solaris box is a bit like throwing a non-swimmer into ... the user can ignore networking configuration, ... Will have many books writing about it, ...
    (comp.unix.solaris)