[Fedora-directory-users] getting solaris 8 to talk to FDS

Igor logastellus at yahoo.com
Thu Aug 25 15:34:42 UTC 2005 

This is gonna be loooong...  I just want to thank you guys again for wading thru this
crap...

--- "Tay, Gary" <Gary_Tay at platts.com> wrote:

> ===
> Do you still think I need to change my defaultSearchDN?  Also, must those ACLs be added
> still?  Because it looks like you're doing a manual config, right?
> ===
> Yes I think you should set baseDN (defaultSearchBase) to dc=composers,dc=foo,dc=com,
> NOT dc=foo,dc=com, it should correspond LDAP domain (nisdomain) name, i.e.
> composers.foo.com, which you set in the rootDN entry nisDomainObject.

well, instead, I got rid of composers altogether.

> Yes set the ACLs to allow proxyAgent to read LDAP DIT.

I have this:

(targetattr = "*") (version 3.0;acl "Allow proxyAgent read access";allow
(read,compare)(userdn = "ldap:///uid=proxyAgent,ou=profile,dc=foo,dc=com");)

> Please re-install FDS7.1 using baseDN=dc=composers,dc=foo,dc=com, and create ldif file

well, I got rid of composers for now.  If you say I've to reinstall I will but that'll
probably be my last resort, though.

> Step by step  
> # ldapclient -l

bash-2.03# ldapclient -l
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= uid=proxyAgent,ou=profile,dc=foo,dc=com
NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
NS_LDAP_SERVERS= 149.85.70.17
NS_LDAP_SEARCH_BASEDN= dc=foo,dc=com
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=People,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=People,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= netgroup: ou=netgroup,dc=foo,dc=com?one



> # /usr/lib/ldap/ldap_cachemgr -g
> Does it say LDAP cache manager is UP and running?

bash-2.03# /usr/lib/ldap/ldap_cachemgr -g

cachemgr configuration:
server debug level          0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr         15

cachemgr cache data statistics:
Configuration refresh information: 
  Configured to NO REFRESH.
Server information: 
  Previous refresh time: 2005/08/25 11:11:57
  Next refresh time:     2005/08/25 11:21:57
  server: 149.85.70.17, status: UP
Cache data information: 
  Maximum cache entries:          256
  Number of cache entries:          0


> # cat /var/ldap/cachemgr.log
> Any critical error?

bash-2.03# cat /var/ldap/cachemgr.log 
Thu Aug 25 11:11:56.9844        Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log
Thu Aug 25 11:11:57.0843        sig_ok_to_exit(): parent exiting...
bash-2.03# ps -ef | grep ldap
    root  2553     1  0 11:11:56 ?        0:00 /usr/lib/ldap/ldap_cachemgr

So, doesn't look like any errors...

______________________
Also: On the FDS server:

[root at cnyitlin02 slapd-cnyitlin02]# ldapsearch -x | grep compose
defaultServerList: cnyitlin02.composers.foo.com
[root at cnyitlin02 slapd-cnyitlin02]# 

That's it, nothing else.  However, when I rerun ldapclient -i, I get this:


  file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "composers.foo.com"
                            ^^^^^^^^^^^^^
file_backup: stat(/var/yp/binding/composers.foo.com)=-1
file_backup: No /var/yp/binding/composers.foo.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname foo.com... success
start: /usr/lib/ldap/ldap_cachemgr... success
start: /etc/init.d/autofs start... success
start: /etc/init.d/nscd start... success
start: /etc/init.d/sendmail start... success
System successfully configured

Where does it get composers from???

It also resets /etc/defaultdomain to composers even though i manually change it to
foo.com

> # ldaplist -l passwd testdba", it should display something like:

Nope.

bash-2.03# ldaplist -l passwd testdba
ldaplist: Object not found
bash-2.03# ldaplist -l passwd        
ldaplist: Object not found (LDAP ERROR (50): Insufficient access.)
bash-2.03# 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Fedora-directory-users mailing list