LDAP Client=Solaris 10
LDAP Server=HP-UX 11.23 (Red Hat DS 7.1)
Solaris 10
bash-3.00# more ldap_client_cred
#
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
#
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
NS_LDAP_BINDPASSWD= {NS1}f8670fc15443505d
bash-3.00# more ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS=
10.10.96.114
NS_LDAP_SEARCH_BASEDN= dc=test,dc=com,dc=bd
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF=
10.10.96.114
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=profile,dc=test,dc=com,dc=bd?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=profile,dc=test,dc=com,dc=bd?sub
NS_LDAP_BIND_TIME= 10
bash-3.00#
################
bash-3.00# ldaplist -l passwd
dn: uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
gidNumber: 65534
givenName: ldap
sn: Only
displayName: LDAP Test
uid: ldaptst
homeDirectory: /export/home
loginShell: /bin/ksh
cn: LDAP Test
uidNumber: 16954
bash-3.00#
################################
#
# /etc/nsswitch.ldap:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# LDAP service requires that svc:/network/ldap/client:default be enabled
# and online.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
# consult /etc "files" only if ldap is down.
hosts: files dns
# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: files
automount: files
aliases: files
# for efficient getservbyname() avoid ldap
services: files
printers: user files
auth_attr: files
prof_attr: files
project: files
####################/etc/pam.conf#########
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
#login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1
#
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
#rlogin auth required pam_unix_auth.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth binding pam_krb5.so.1
krlogin auth required pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
rsh auth binding pam_unix_auth.so.1 server_policy
rsh auth required pam_ldap.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth binding pam_krb5.so.1
krsh auth required pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet auth required pam_unix_cred.so.1
ktelnet auth binding pam_krb5.so.1
ktelnet auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
#ppp auth required pam_unix_cred.so.1
ppp auth required pam_dial_auth.so.1
#ppp auth required pam_unix_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
#other auth required pam_unix_auth.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
#passwd auth required pam_passwd_auth.so.1
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
#other account required pam_unix_account.so.1
other account binding pam_unix_account.so.1 server_policy
other account required pam_ldap.so.1
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
#other password required pam_authtok_store.so.1
other password required pam_authtok_store.so.1 server_policy
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
######################################### Access LOG from Server###########
[21/Nov/2007:10:32:07 +0600] conn=1576076 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid userPassword shadowFlag"
[21/Nov/2007:10:32:10 +0600] conn=1576077 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[21/Nov/2007:10:32:10 +0600] conn=1576078 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid userPassword shadowFlag"
[21/Nov/2007:10:32:10 +0600] conn=1576079 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[21/Nov/2007:10:32:10 +0600] conn=1576080 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid userPassword shadowFlag"
[21/Nov/2007:10:32:10 +0600] conn=1576081 op=1 SRCH base="ou=profile,dc=test,dc=com,dc=bd" scope=2 filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs=ALL
[21/Nov/2007:10:32:10 +0600] conn=1576082 op=0 BIND dn="uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd" method=128 version=3
######################################
bash-3.00# ldapclient -v init -a profileName=default -a proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd -a proxyPassword=Dm123456 10.10.96.114:389
Parsing profileName=default
Parsing proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
Parsing proxyPassword=Dm123456
Arguments parsed:
proxyDN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
profileName: default
proxyPassword: Dm123456
defaultServerList: 10.10.96.114:389
Handling init option
About to configure machine by downloading a profile
findBaseDN: begins
findBaseDN: ldap not running
findBaseDN: calling __ns_ldap_default_config()
found 2 namingcontexts
findBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain=
test.com.bd))"
rootDN[0] dc=test,dc=com,dc=bd
found baseDN dc=test,dc=com,dc=bd for domain test.com.bd
Proxy DN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
Proxy password: {NS1}f8670fc15443505d
Credential level: 1
Authentication method: 1
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: system/filesystem/autofs:default... success
ldap not running
nisd not running
nis(yp) not running
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "test.com.bd"
file_backup: stat(/var/yp/binding/test.com.bd)=-1
file_backup: No /var/yp/binding/test.com.bd directory.
file_backup: stat(/var/ldap/ldap_client_file)=-1
file_backup: No /var/ldap/ldap_client_file file.
Starting network services
start: /usr/bin/domainname
test.com.bd... success
start: sleep 100000 microseconds
start: network/ldap/client:default... success
start: sleep 100000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
System successfully configured
bash-3.00#
######################333
regards
Imtiaz
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
