0

The problem is that the Solaris native LDAP client can't play nicely with an OpenLDAP server: http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server

I could follow the steps to try to get the Solaris server working as a client to OpenLDAP, but I am not sure if making the changes will disrupt the current setup in which the OpenLDAP server serves numerous Linux clients. Will it continue to work ok for other clients, even after patching the OpenLDAP server, etc?

I would like to also hear about other people's experiences in similar situations.

Are there any alternatives? For example, is it possible to install and configure a OpenLDAP client on Solaris 10? Or an easier way to configure the native Solaris client itself?

Reply to Cian: I think you have also patched your ldap server: see https:// docs.redbrick.dcu.ie/ldapsetup.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
donatello
  • 746
  • 1
  • 9
  • 16

2 Answers2

1

You don't need to patch OpenLDAP, just install the schema in that document, then the trick is to manually create the DUAConfigProfile for ldapclient. The other thing is you have to use a proxy user that's used to search for the accounts, otherwise authentication just won't work. Have a read of Sun's LDAP client docs too, and this guide.

My DUAConfigProfile is this:

dn: cn=default,ou=profile,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au
objectClass: top
objectClass: DUAConfigProfile
defaultSearchBase: dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au
followReferrals: FALSE
defaultSearchScope: one
searchTimeLimit: 30
profileTTL: 43200
cn: default
bindTimeLimit: 10
credentialLevel: proxy
defaultServerList: mussel.ucc.gu.uwa.edu.au martello.ucc.gu.uwa.edu.au
preferredServerList: mussel.ucc.gu.uwa.edu.au

You'll also need to add objectClass: nisDomainObject and the appropriate nisDomain attribute to the base of your DIT. You should then be able to run ldapclient -v init -a proxyDN=cn=proxyagent,ou=etc ldap.server.ip.

The other option is to use PADL's nss_ldap instead of the Solaris native LDAP client.

alanc
  • 1,500
  • 9
  • 12
TRS-80
  • 2,584
  • 17
  • 16
  • Sorry, but I switched to FreeBSD because it was taking too long to get working. FreeBSD supports ZFS and OpenLDAP and on first looks, seems likely to integrate nicely into my system. – donatello Oct 24 '09 at 17:34
0

We were able to get this working without patching OpenLDAP, with an awful lot of attribute aliases. The actual command that we used to do it is here, but our ldap schema's somewhat funky, so it's unlikely to work without some effort on your part.

Cian
  • 5,838
  • 1
  • 28
  • 40