LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.

Notices


Reply
  Search this Thread
Old 01-21-2021, 05:11 PM   #1
camerabambai
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 197

Rep: Reputation: 26
Solaris and ldapclient, a little help


I have configured Solaris to use ldap users.
The ldap server is Samba4 DC, the client is Solaris 11.4.

I have "join" the server with this command

Code:
ldapclient manual \
 -a credentialLevel=proxy \
 -a authenticationMethod=sasl/gssapi \
 -a proxyDN=cn=proxyldap,cn=Users,dc=mydom,dc=priv \
 -a proxyPassword=******* \
 -a defaultSearchBase=dc=mydom,dc=priv \
 -a debugLevel=6 \
 -a domainName=mydom.priv \
 -a "defaultServerList=10.3.0.4" \
 -a attributeMap=group:userpassword=unixUserPassword\
 -a attributeMap=group:gidnumber=gidNumber \
 -a attributeMap=passwd:cn=cn \
 -a attributeMap=passwd:gidnumber=gidNumber \
 -a attributeMap=passwd:uidnumber=uidNumber \
 -a attributeMap=passwd:homedirectory=homeDirectory \
 -a attributeMap=passwd:loginshell=loginShell \
 -a attributeMap=shadow:userpassword=unixUserPassword \
 -a objectClassMap=group:posixGroup=group \
 -a objectClassMap=passwd:posixAccount=user \
 -a serviceSearchDescriptor=passwd:dc=mydom,dc=priv?sub \
 -a serviceSearchDescriptor=group:dc=mydom,dc=priv?sub
Configure return OK

finger works, searching for user "pino" on Solaris

Code:
finger pino
Login name: pino                        In real life: pino
Directory: /home/pino                   Shell: /bin/bash
Never logged in.
No unread mail
No Plan.
ldaplist return error!
Code:
ldaplist passwd
ldaplist: libsldap.so.1 internal error

ldaplist -a sasl/GSSAPI passwd
ldaplist: (standalone auth error)
Configuration syntax error: Unable to set parameter from a client in __ns_ldap_setParam()
getent passwd works...at 50%

Code:
getent passwd |grep pino
pino:x:3000014:100:pino:/home/pino:/bin/bash

getent passwd pino
id doesn't work

Code:
id pino
id: invalid user name: "pino"
What I miss?
 
Old 01-25-2021, 10:25 PM   #2
camerabambai
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 197

Original Poster
Rep: Reputation: 26
Solved

A)On Samba4 server I create the user with Unix attributes, like the good old Microsoft SFU on Windows 2003 and 2008 servers.

Code:
samba-tool user create pino passwordselected --given-name=pino --surname=pino --initials=pp --home-directory=/export/home/pino --login-shell=bin/bash --unix-home=/export/home/pino --gecos="user pino" --use-username-as-cn --description="user pino" --mail-address=pino@mydom.priv
I create also a proxyldap user

Code:
samba-tool user create proxyldap passwordselected --given-name proxyldap --surname=proxyldap --initials=pp --home-directory=/dev/null --login-shell=/bin/false --unix-home=/dev/null --gecos="user for proxy ldap" --use-username-as-cn --description="user for ldap proxy"
B)On Solaris client I use this ldapclient configuration

Code:
ldapclient -v manual \
 -a credentialLevel=proxy \
 -a authenticationMethod=simple \
 -a proxyDN=cn=proxyldap,cn=Users,dc=mydom,dc=priv \
 -a proxyPassword=*********** \
 -a defaultSearchBase=dc=mydom,dc=priv \
 -a debugLevel=6 \
 -a domainName=mydom.priv \
 -a "defaultServerList=10.3.0.4" \
 -a attributeMap=group:userpassword=unixUserPassword\
 -a attributeMap=group:gidnumber=gidNumber \
 -a attributeMap=passwd:cn=cn \
 -a attributeMap=passwd:gidnumber=gidNumber \
 -a attributeMap=passwd:uidnumber=uidNumber \
 -a attributeMap=passwd:homedirectory=HomeDirectory \
 -a attributeMap=passwd:unixhomedirectory=unixHomeDirectory \
 -a attributeMap=passwd:loginshell=loginShell \
 -a attributeMap=passwd:gecos=gecos \
 -a attributeMap=shadow:userpassword=unixUserPassword \
 -a objectClassMap=group:posixGroup=group \
 -a objectClassMap=passwd:posixAccount=user \
 -a objectClassMap=shadow:shadowAccount=user \
 -a serviceSearchDescriptor=passwd:dc=mydom,dc=priv?sub \
 -a serviceSearchDescriptor=group:dc=mydom,dc=priv?sub
c)after restart ldapclient all works fine

Last edited by camerabambai; 01-25-2021 at 10:29 PM.
 
1 members found this post helpful.
  


Reply

Tags
ldap, solved


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
little hey little ho qazo LinuxQuestions.org Member Intro 0 01-01-2013 12:57 PM
ldapclient certificate path? wilslm Solaris / OpenSolaris 7 05-03-2011 04:51 AM
LXer: A Little VCS NFS Gotcha On Solaris 10 LXer Syndicated Linux News 0 02-05-2009 03:10 PM
Windows and FC3 and Solaris---and only Solaris boot error message zillah Linux - Laptop and Netbook 1 07-07-2005 11:17 PM
Big, big hard drive in a little, little tablet... pengyou Linux - Laptop and Netbook 6 10-18-2004 04:44 AM

LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris

All times are GMT -5. The time now is 08:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration