LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
Reload this Page [SOLVED] Solaris and ldapclient, a little help
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.

Notices


Reply
  Search this Thread
Old 01-21-2021, 04:11 PM   #1
camerabambai
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 408

Rep: Reputation: 54
Solaris and ldapclient, a little help

I have configured Solaris to use ldap users.
The ldap server is Samba4 DC, the client is Solaris 11.4.

I have "join" the server with this command

Code:
ldapclient manual \
 -a credentialLevel=proxy \
 -a authenticationMethod=sasl/gssapi \
 -a proxyDN=cn=proxyldap,cn=Users,dc=mydom,dc=priv \
 -a proxyPassword=******* \
 -a defaultSearchBase=dc=mydom,dc=priv \
 -a debugLevel=6 \
 -a domainName=mydom.priv \
 -a "defaultServerList=10.3.0.4" \
 -a attributeMap=group:userpassword=unixUserPassword\
 -a attributeMap=group:gidnumber=gidNumber \
 -a attributeMap=passwd:cn=cn \
 -a attributeMap=passwd:gidnumber=gidNumber \
 -a attributeMap=passwd:uidnumber=uidNumber \
 -a attributeMap=passwd:homedirectory=homeDirectory \
 -a attributeMap=passwd:loginshell=loginShell \
 -a attributeMap=shadow:userpassword=unixUserPassword \
 -a objectClassMap=group:posixGroup=group \
 -a objectClassMap=passwd:posixAccount=user \
 -a serviceSearchDescriptor=passwd:dc=mydom,dc=priv?sub \
 -a serviceSearchDescriptor=group:dc=mydom,dc=priv?sub
Configure return OK

finger works, searching for user "pino" on Solaris

Code:
finger pino
Login name: pino                        In real life: pino
Directory: /home/pino                   Shell: /bin/bash
Never logged in.
No unread mail
No Plan.
ldaplist return error!
Code:
ldaplist passwd
ldaplist: libsldap.so.1 internal error

ldaplist -a sasl/GSSAPI passwd
ldaplist: (standalone auth error)
Configuration syntax error: Unable to set parameter from a client in __ns_ldap_setParam()
getent passwd works...at 50%

Code:
getent passwd |grep pino
pino:x:3000014:100:pino:/home/pino:/bin/bash

getent passwd pino
id doesn't work

Code:
id pino
id: invalid user name: "pino"
What I miss?
 
Old 01-25-2021, 09:25 PM   #2
camerabambai
Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 408

Original Poster
Rep: Reputation: 54
Solved

A)On Samba4 server I create the user with Unix attributes, like the good old Microsoft SFU on Windows 2003 and 2008 servers.

Code:
samba-tool user create pino passwordselected --given-name=pino --surname=pino --initials=pp --home-directory=/export/home/pino --login-shell=bin/bash --unix-home=/export/home/pino --gecos="user pino" --use-username-as-cn --description="user pino" --mail-address=pino@mydom.priv
I create also a proxyldap user

Code:
samba-tool user create proxyldap passwordselected --given-name proxyldap --surname=proxyldap --initials=pp --home-directory=/dev/null --login-shell=/bin/false --unix-home=/dev/null --gecos="user for proxy ldap" --use-username-as-cn --description="user for ldap proxy"
B)On Solaris client I use this ldapclient configuration

Code:
ldapclient -v manual \
 -a credentialLevel=proxy \
 -a authenticationMethod=simple \
 -a proxyDN=cn=proxyldap,cn=Users,dc=mydom,dc=priv \
 -a proxyPassword=*********** \
 -a defaultSearchBase=dc=mydom,dc=priv \
 -a debugLevel=6 \
 -a domainName=mydom.priv \
 -a "defaultServerList=10.3.0.4" \
 -a attributeMap=group:userpassword=unixUserPassword\
 -a attributeMap=group:gidnumber=gidNumber \
 -a attributeMap=passwd:cn=cn \
 -a attributeMap=passwd:gidnumber=gidNumber \
 -a attributeMap=passwd:uidnumber=uidNumber \
 -a attributeMap=passwd:homedirectory=HomeDirectory \
 -a attributeMap=passwd:unixhomedirectory=unixHomeDirectory \
 -a attributeMap=passwd:loginshell=loginShell \
 -a attributeMap=passwd:gecos=gecos \
 -a attributeMap=shadow:userpassword=unixUserPassword \
 -a objectClassMap=group:posixGroup=group \
 -a objectClassMap=passwd:posixAccount=user \
 -a objectClassMap=shadow:shadowAccount=user \
 -a serviceSearchDescriptor=passwd:dc=mydom,dc=priv?sub \
 -a serviceSearchDescriptor=group:dc=mydom,dc=priv?sub
c)after restart ldapclient all works fine
Last edited by camerabambai; 01-25-2021 at 09:29 PM.
 
1 members found this post helpful.
  


Reply

Tags
ldap, solved



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
little hey little ho qazo LinuxQuestions.org Member Intro 0 01-01-2013 11:57 AM
ldapclient certificate path? wilslm Solaris / OpenSolaris 7 05-03-2011 03:51 AM
LXer: A Little VCS NFS Gotcha On Solaris 10 LXer Syndicated Linux News 0 02-05-2009 02:10 PM
Windows and FC3 and Solaris---and only Solaris boot error message zillah Linux - Laptop and Netbook 1 07-07-2005 10:17 PM
Big, big hard drive in a little, little tablet... pengyou Linux - Laptop and Netbook 6 10-18-2004 03:44 AM

LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris

All times are GMT -5. The time now is 12:35 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration