LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices

Reply
 
Search this Thread
Old 07-27-2006, 05:51 AM   #1
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Rep: Reputation: 15
how to configure ldap client on solaris 9


i have configured ldap (Directory Server 5) on sunblade 1500 having solaris 9 and now i want to configure ldap client (on solaris 9).
 
Old 07-27-2006, 08:56 AM   #2
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,481

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Have a look at this page:
http://web.singnet.com.sg/~garyttt/I...20Solaris9.htm
 
Old 07-27-2006, 01:33 PM   #3
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Original Poster
Rep: Reputation: 15
its really difficult . is there any short cut like we use authconfig command in Linux and just select the LDAP option appear in blue console.
 
Old 07-28-2006, 10:34 AM   #4
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,481

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
/usr/sbin/ldapclient is the Solaris equivalent.
 
Old 07-28-2006, 02:50 PM   #5
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Original Poster
Rep: Reputation: 15
yea i just got this command today. i tried it n did the manual setting but it didnt work. then i used command sys-unconfig and try to configure ldap from that but still facing problem when i configure it gave me error in last.
 
Old 07-28-2006, 03:28 PM   #6
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,481

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
"sys-unconfig" is overkill just to set the naming switch service. You simply have to add ldap to the list of naming services in /etc/nsswitch.conf.

"ldapclient" works, there must be something wrong with your settings. Have a look at your /var/ldap/ldap_client_file
 
Old 07-29-2006, 02:37 PM   #7
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Original Poster
Rep: Reputation: 15
when i configure ldapclient it was succesfull and even i checked file it was all ok. i will check it on monday.
 
Old 08-01-2006, 01:20 AM   #8
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Original Poster
Rep: Reputation: 15
i configured ldap client on solaris 9 and this is my /var/ldap/ldap_client_file settings
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 172.16.4.81
NS_LDAP_SEARCH_BASEDN= dc=sun,dc=ciit,dc=net
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 60
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= sun NS_LDAP_CREDENTIAL_LEVEL= anonymous
NS_LDAP_BIND_TIME= 20

i also use ldapclient list on this system which works fine.
now i m assuming that my authentication will be done from my ldap server. and when i try to login with user i created using directory server it give me error.
plz help me wat should i do to that my authentication will be done from server.
 
Old 08-01-2006, 01:58 PM   #9
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Original Poster
Rep: Reputation: 15
plz reply soon
 
Old 08-01-2006, 02:39 PM   #10
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,481

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Have a look at the directory server logs to figure out what is going wrong, or as an alternative, use ethereal to view the dialog between the client and the ldap server.

Is ldaplist working ?

Does "su - some_ldap_user" from root work ?
 
Old 08-02-2006, 01:44 PM   #11
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Original Poster
Rep: Reputation: 15
ldaplist is working fine .. but didnt try su - some_ldap_user coz dont know how to use it.
as i told u all things going fine from client except authentication problem.
Listen when i was creating profile using
/usr/lib/ldap/idsconfig
it ask me many options. also it asks about some authentication things. i select simple authentication. Need to know about that.
Plz help me in that as i got only authentication problem now . coz my server is ready n i m stuck with it.
 
Old 08-02-2006, 03:43 PM   #12
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,481

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Quote:
Originally Posted by capricorn80
ldaplist is working fine ..
I would like you to show a ldap user entry returned by ldaplist to be sure.
Quote:
but didnt try su - some_ldap_user coz dont know how to use it.
If you do not understand that, I'm afraid you won't be able to diagnose the problem. LDAP authentication is all but an easy thing.
Quote:
as i told u all things going fine from client except authentication problem.
Listen when i was creating profile using
/usr/lib/ldap/idsconfig
it ask me many options.
And did you understand all of them ?
Can you post your answers ?
Quote:
also it asks about some authentication things. i select simple authentication. Need to know about that.
Well, simple authentication is supported.
 
Old 08-03-2006, 02:20 AM   #13
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Original Poster
Rep: Reputation: 15
su - some_ldap_user" from root work..
i can understand that. but i was thinking it with ldap. su means switch user. i know this term.
when i su from root on ldap client system it dont work.

Last edited by capricorn80; 08-03-2006 at 02:22 AM.
 
Old 08-03-2006, 02:35 AM   #14
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Original Poster
Rep: Reputation: 15
i was trying to email u but ur email option is blocked.
Actually i want to paste u my setting.
Well let me try some here ..
I configured profile on server
Domain to serve : .................. (i have remove some lines)
2 Base DN to setup :
3 Profile name to create : default
4 Default Server List :
5 Preferred Server List :
6 Default Search Scope : one
7 Credential Level : proxy
8 Authentication Method : simple
9 Enable Follow Referrals : FALSE
10 iDS Time Limit : -1
11 iDS Size Limit : -1
12 Enable crypt password storage : TRUE
13 Service Auth Method pam_ldap :
14 Service Auth Method keyserv :
15 Service Auth Method passwd-cmd:
16 Search Time Limit : 30
17 Profile Time to Live : 43200
18 Bind Limit : 10
19 Service Search Descriptors Menu

Enter config value to change: (1-19 0=commit changes) [0] 0
Enter DN for proxy agent: [cn=proxyagent,ou=profile,dc=.......,dc=......,dc=......]
Enter passwd for proxyagent:
Re-enter passwd:

And then used command on client

ldapclient init \
-a proxyDn=cn=proxyagent,ou=profile,dc= ............

it gave me message with successful configuration.
n when i use ldaplist it search and show me list naming info of ldap Directory server using configured profile .

Now when i start my ldap client if ldap server is stop then it wait until ldap server comes up. It means all this configuration is working fine.
Now the problem is that i have created a user on Directory server with name James and assigned its home directory is
/home/james.
When i try to login in with this user from ldap client it gave me error. All i want to know is that how this user can login to ldapclient successfully with authentication from ldap server.

Last edited by capricorn80; 08-03-2006 at 02:37 AM.
 
Old 08-04-2006, 12:16 AM   #15
capricorn80
Member
 
Registered: Jun 2006
Distribution: Solaris , Fedora k-12
Posts: 151

Original Poster
Rep: Reputation: 15
i dont want to use pam.
Give me some solution so that i can make it work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure LDAP yongsp Linux - Software 3 04-15-2006 02:54 AM
pam + ldap client paul_mat Linux - Networking 0 10-25-2005 10:55 PM
LDAP client configuration help omart Linux - Software 1 11-22-2004 02:06 AM
suse 9.1 as ldap client egyptian Linux - Networking 0 07-19-2004 02:41 AM
Configure LDAP rockwell_001 Linux - Software 0 07-07-2004 10:47 AM


All times are GMT -5. The time now is 09:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration