getting solaris 8 to talk to FDS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is gonna be loooong...  I just want to thank you guys again for wading thru this
crap...

--- "Tay, Gary" <Gary_Tay at platts.com> wrote:

> ===
> Do you still think I need to change my defaultSearchDN?  Also, must those ACLs be added
> still?  Because it looks like you're doing a manual config, right?
> ===
> Yes I think you should set baseDN (defaultSearchBase) to dc=composers,dc=foo,dc=com,
> NOT dc=foo,dc=com, it should correspond LDAP domain (nisdomain) name, i.e.
> composers.foo.com, which you set in the rootDN entry nisDomainObject.

well, instead, I got rid of composers altogether.

> Yes set the ACLs to allow proxyAgent to read LDAP DIT.

I have this:

(targetattr = "*") (version 3.0;acl "Allow proxyAgent read access";allow
(read,compare)(userdn = "ldap:///uid=proxyAgent,ou=profile,dc=foo,dc=com";);)

> Please re-install FDS7.1 using baseDN=dc=composers,dc=foo,dc=com, and create ldif file

well, I got rid of composers for now.  If you say I've to reinstall I will but that'll
probably be my last resort, though.

> Step by step  
> # ldapclient -l

bash-2.03# ldapclient -l
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= uid=proxyAgent,ou=profile,dc=foo,dc=com
NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
NS_LDAP_SERVERS= 149.85.70.17
NS_LDAP_SEARCH_BASEDN= dc=foo,dc=com
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=People,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=People,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= netgroup: ou=netgroup,dc=foo,dc=com?one



> # /usr/lib/ldap/ldap_cachemgr -g
> Does it say LDAP cache manager is UP and running?

bash-2.03# /usr/lib/ldap/ldap_cachemgr -g

cachemgr configuration:
server debug level          0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr         15

cachemgr cache data statistics:
Configuration refresh information: 
  Configured to NO REFRESH.
Server information: 
  Previous refresh time: 2005/08/25 11:11:57
  Next refresh time:     2005/08/25 11:21:57
  server: 149.85.70.17, status: UP
Cache data information: 
  Maximum cache entries:          256
  Number of cache entries:          0


> # cat /var/ldap/cachemgr.log
> Any critical error?

bash-2.03# cat /var/ldap/cachemgr.log 
Thu Aug 25 11:11:56.9844        Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log
Thu Aug 25 11:11:57.0843        sig_ok_to_exit(): parent exiting...
bash-2.03# ps -ef | grep ldap
    root  2553     1  0 11:11:56 ?        0:00 /usr/lib/ldap/ldap_cachemgr

So, doesn't look like any errors...

______________________
Also: On the FDS server:

[root at cnyitlin02 slapd-cnyitlin02]# ldapsearch -x | grep compose
defaultServerList: cnyitlin02.composers.foo.com
[root at cnyitlin02 slapd-cnyitlin02]# 

That's it, nothing else.  However, when I rerun ldapclient -i, I get this:


  file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "composers.foo.com"
                            ^^^^^^^^^^^^^
file_backup: stat(/var/yp/binding/composers.foo.com)=-1
file_backup: No /var/yp/binding/composers.foo.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname foo.com... success
start: /usr/lib/ldap/ldap_cachemgr... success
start: /etc/init.d/autofs start... success
start: /etc/init.d/nscd start... success
start: /etc/init.d/sendmail start... success
System successfully configured

Where does it get composers from???

It also resets /etc/defaultdomain to composers even though i manually change it to
foo.com

> # ldaplist -l passwd testdba", it should display something like:

Nope.

bash-2.03# ldaplist -l passwd testdba
ldaplist: Object not found
bash-2.03# ldaplist -l passwd        
ldaplist: Object not found (LDAP ERROR (50): Insufficient access.)
bash-2.03# 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux