> I went ahead and got the ldapsearch. It worked.
> ldaplist is just busted, I guess.
No ldaplist just depends on a successfull creation of the /var/ldap/* files.
>
>> - make sure the posix account has the
>> "shadowAccount" attribute
>
> Added it. I went to user, properties, posixAccount,
> advanced, add value -> shadowAccount. Not sure if
> that's the right way of doing it or not...
That's ok
>> - use : ldapclient -v -P default -D
>> "cn=proxyagent,ou=profile,dc=domain,dc=nl" -d
>> domain.nl -w proxy_password
>> {ipnumber_ldap_server} , to create the ldap_file &
>> ldap_cred files
>
> Yea -- that's where I hit another problem:
Nope this is the main problem.
>
> Handling init option
> About to configure machine by downloading a profile
> findBaseDN: begins
> findBaseDN: Stopping ldap
> findBaseDN: calling __ns_ldap_default_config()
> found 2 namingcontexts
> findBaseDN: __ns_ldap_list(NULL,
> "(&(objectclass=nisDomainObject)(nisdomain=composers.foo.com))"
> rootDN[0] dc=foo,dc=com
> found baseDN nisdomain=composers.foo.com,dc=foo,dc=com
> for domain composers.foo.com
> The download of the profile failed.
> Could not read the profile 'default'.
> Perhaps it does not exist or you don't have sufficient
> rights to read it.
>
> However, from the FDS server itself, ldapsearch -x
> shows this: (snipped)
>
> # default, profile, foo.com
> dn: cn=default,ou=profile,dc=foo,dc=com
> defaultSearchBase: dc=foo,dc=com
> authenticationMethod: simple
> followReferrals: TRUE
> bindTimeLimit: 2
> profileTTL: 43200
> searchTimeLimit: 30
> objectClass: top
> objectClass: DUAConfigProfile
> defaultServerList: cnyitlin02.composers.foo.com
> credentialLevel: proxy
> cn: default
> defaultSearchScope: one
Could you do a "ldapclient -u", stop ldapcachemgr/nscd, remove everything
from /var/ldap.
Then try the first ldapsearch test queuery but this time authenticating as
proxyagent.
What value has "nisdomain" in the FDS tree?
Try the ldapclient -v -P... line again.
