have this Solaris 9 Box's worked with the old iPlanet DS?.
For the password you have to configure the /etc/pam.conf like described in the man pages:
$ man pam_ldap
it is different to Solaris10
I guess that Solaris needs also the VLV's for getentpwent, which can created by run /usr/lib/ldap/idsconfig.
You can use this script also for the 389DS if you fake the version check to the 5.2 version (you can google for this).
BTW: If you use ldaps you must provide the CA' cert in an old cert7.db on the Solarsi9 Client.
HTH
Carsten
Am 15.04.13 schrieb Elizabeth Jones <bajones@xxxxxxxxx>:
We are trying to move our servers off a very old version of iplanet (circa
2002) to 389 DS. The data in both ldaps is almost identical, except that
there was some stuff in the iplanet that couldn't convert over to 389. I'm
not sure exactly what wouldn't convert, except that I couldn't do an
export of the iplanet database and import into 389, instead did an ldif.
Everything we have converted so far (RHEL 4,5,6 and Solaris 10) has gone
over successfully, but I'm running into problems with some old Solaris 9
servers. They seem to be connecting successfully to the ldap, but not
pulling back a password. getent passwd shows the list of users in the
ldap, and I can su from root to my user account. When I have su'ed to my
account, groups shows all the groups that I have in my ldap account on the
new DS.
I noticed this in the ldap logs, but I don't know what SolarisAuditUser
means --
[13/Apr/2013:23:42:07 -0500] conn=2042387 op=1 SRCH
base="ou=people,dc=mycompany,dc=com" scope=2 filter="(&(object
Class=SolarisAuditUser)(uid=ejones))" attrs="uid SolarisAuditAlways
SolarisAuditNever"
Is anyone familiar with this?
thanks -
EJ
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
