[Fedora-directory-users] getting solaris 8 to talk to FDS
Igor
logastellus at yahoo.com
Thu Aug 25 15:34:42 UTC 2005
This is gonna be loooong... I just want to thank you guys again for wading thru this
crap...
--- "Tay, Gary" <Gary_Tay at platts.com> wrote:
> ===
> Do you still think I need to change my defaultSearchDN? Also, must those ACLs be added
> still? Because it looks like you're doing a manual config, right?
> ===
> Yes I think you should set baseDN (defaultSearchBase) to dc=composers,dc=foo,dc=com,
> NOT dc=foo,dc=com, it should correspond LDAP domain (nisdomain) name, i.e.
> composers.foo.com, which you set in the rootDN entry nisDomainObject.
well, instead, I got rid of composers altogether.
> Yes set the ACLs to allow proxyAgent to read LDAP DIT.
I have this:
(targetattr = "*") (version 3.0;acl "Allow proxyAgent read access";allow
(read,compare)(userdn = "ldap:///uid=proxyAgent,ou=profile,dc=foo,dc=com");)
> Please re-install FDS7.1 using baseDN=dc=composers,dc=foo,dc=com, and create ldif file
well, I got rid of composers for now. If you say I've to reinstall I will but that'll
probably be my last resort, though.
> Step by step
> # ldapclient -l
bash-2.03# ldapclient -l
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= uid=proxyAgent,ou=profile,dc=foo,dc=com
NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
NS_LDAP_SERVERS= 149.85.70.17
NS_LDAP_SEARCH_BASEDN= dc=foo,dc=com
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=People,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=People,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=foo,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= netgroup: ou=netgroup,dc=foo,dc=com?one
> # /usr/lib/ldap/ldap_cachemgr -g
> Does it say LDAP cache manager is UP and running?
bash-2.03# /usr/lib/ldap/ldap_cachemgr -g
cachemgr configuration:
server debug level 0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr 15
cachemgr cache data statistics:
Configuration refresh information:
Configured to NO REFRESH.
Server information:
Previous refresh time: 2005/08/25 11:11:57
Next refresh time: 2005/08/25 11:21:57
server: 149.85.70.17, status: UP
Cache data information:
Maximum cache entries: 256
Number of cache entries: 0
> # cat /var/ldap/cachemgr.log
> Any critical error?
bash-2.03# cat /var/ldap/cachemgr.log
Thu Aug 25 11:11:56.9844 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log
Thu Aug 25 11:11:57.0843 sig_ok_to_exit(): parent exiting...
bash-2.03# ps -ef | grep ldap
root 2553 1 0 11:11:56 ? 0:00 /usr/lib/ldap/ldap_cachemgr
So, doesn't look like any errors...
______________________
Also: On the FDS server:
[root at cnyitlin02 slapd-cnyitlin02]# ldapsearch -x | grep compose
defaultServerList: cnyitlin02.composers.foo.com
[root at cnyitlin02 slapd-cnyitlin02]#
That's it, nothing else. However, when I rerun ldapclient -i, I get this:
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "composers.foo.com"
^^^^^^^^^^^^^
file_backup: stat(/var/yp/binding/composers.foo.com)=-1
file_backup: No /var/yp/binding/composers.foo.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname foo.com... success
start: /usr/lib/ldap/ldap_cachemgr... success
start: /etc/init.d/autofs start... success
start: /etc/init.d/nscd start... success
start: /etc/init.d/sendmail start... success
System successfully configured
Where does it get composers from???
It also resets /etc/defaultdomain to composers even though i manually change it to
foo.com
> # ldaplist -l passwd testdba", it should display something like:
Nope.
bash-2.03# ldaplist -l passwd testdba
ldaplist: Object not found
bash-2.03# ldaplist -l passwd
ldaplist: Object not found (LDAP ERROR (50): Insufficient access.)
bash-2.03#
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Fedora-directory-users
mailing list