--- Justin Albstmeijer <justin at VLAMea.nl> wrote: > uid=proxyagent, does not match cn=proxyagent. yeah, that's from before. Now I have uid everywhere. dn: uid=proxyAgent,ou=profile,dc=foo,dc=com uid: proxyAgent > no password field? well, in the UI, I put a password in. When I do ldapsearch -x it doesn't show. ACI? > > dn: nisdomain=composers.foo.com,dc=foo,dc=com > > nisDomain: composers.foo.com > > objectClass: top > > objectClass: nisdomainobject > > I would expect: > > dn: dc=foo,dc=com > nisDomain: composers.foo.com > objectClass: top > objectClass: nisDomainObject well.. It got in there from this: objectClass: nisDomainObject nisDomain: composers.foo.com which I got from Gary's site. If you think I should change it, I'll change it. > > >defaultServerList: cnyitlin02.composers.foo.com > > replace the hostname with the ipnumber of the server. Did. Didn't help. Also, I have two profiles total: dn: cn=default,ou=profile,dc=foo,dc=com defaultSearchBase: dc=foo,dc=com authenticationMethod: simple followReferrals: TRUE bindTimeLimit: 2 profileTTL: 43200 searchTimeLimit: 30 objectClass: top objectClass: DUAConfigProfile defaultServerList: 149.85.70.17 credentialLevel: proxy cn: default defaultSearchScope: one dn: cn=tls_profile,ou=profile,dc=foo,dc=com defaultSearchBase: dc=foo,dc=com authenticationMethod: tls:simple followReferrals: FALSE bindTimeLimit: 10 profileTTL: 43200 searchTimeLimit: 30 objectClass: top objectClass: DUAConfigProfile defaultServerList: cnyitlin02.composers.foo.com credentialLevel: proxy cn: tls_profile serviceSearchDescriptor: passwd: ou=People,dc=foo,dc=com serviceSearchDescriptor: group: ou=group,dc=foo,dc=com serviceSearchDescriptor: shadow: ou=People,dc=foo,dc=com defaultSearchScope: one (the tls_profile still has the fqdn.) However, my primary default profile does not have the searchDescriptors. Is that a problem? ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
