Re: [nssldap] Solaris 10, nscd, Bug 369 issues

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Thomas Glanzmann <thomas [at] glanzmann.de>
To: Paul Tipper <p.tipper [at] lancaster.ac.uk>
Cc: nssldap [at] padl.com
Subject: Re: [nssldap] Solaris 10, nscd, Bug 369 issues
Date: Tue, 11 Aug 2009 19:20:29 +0200

Hello Paul,

> I'm trying to integrate a Solaris 10 machine with Active Directory
> (using SFU 3.5) and since our schema is based on RFC2307bis groups (as
> I understand it) Solaris's ldap client can't seem to deal with this.

when using Solaris 10 U7 you can use the native LDAP client that comes
with Solaris. But you have to map the attributes. I also recommend
building indices for the attributes if you have more than 1000 users in
your AD. When you use the schema extensions that come with Window 2003
R2 you can even use the std. attributes.

something like that with the attributes you use:

ldapclient -v  manual \
        -a credentialLevel=proxy \
        -a authenticationMethod=simple \
        -a 
proxyDN=CN=ADLDAPF,OU=ErlF,OU=User,OU=_CentralServices,DC=ww004,DC=glanzmann,DC=net
 \
        -a proxyPassword=z61pAEQMsz61pAEQMs \
        -a 
defaultSearchBase=OU=ErlF,OU=User,OU=_CentralServices,DC=ww004,DC=glanzmann,DC=net
 \
        -a domainName=erlf.glanzmann.de \
        -a defaultServerList=157.163.248.31 \
        -a attributeMap=group:userpassword=userPassword \
        -a attributeMap=group:memberuid=memberUid \
        -a attributeMap=group:gidnumber=gidNumber \
        -a attributeMap=passwd:gecos=cn \
        -a attributeMap=passwd:gidnumber=gidNumber \
        -a attributeMap=passwd:uidnumber=uidNumber \
        -a attributeMap=passwd:homedirectory=unixHomeDirectory \
        -a attributeMap=passwd:loginshell=loginShell \
        -a attributeMap=shadow:shadowflag=shadowFlag \
        -a attributeMap=shadow:userpassword=userPassword \
        -a objectClassMap=group:posixGroup=group \
        -a objectClassMap=passwd:posixAccount=user \
        -a objectClassMap=shadow:shadowAccount=user \
        -a 
serviceSearchDescriptor=passwd:OU=ErlF,OU=User,OU=_CentralServices,DC=ww004,DC=glanzmann,DC=net?sub
 \
        -a 
serviceSearchDescriptor=group:OU=ErlF,OU=User,OU=_CentralServices,DC=ww004,DC=glanzmann,DC=net?sub
 \
        -a 
serviceSearchDescriptor=netgroup:OU=Netgroups,OU=ErlF,OU=UNIX,OU=_CentralServices,DC=ww004,DC=glanzmann,DC=net?sub

Make sure that you use U7 because U6 has a bug that doesn't allow you to use
netgroups in it. U5 is fine again IIRC.

> Can anyone offer any other suggestions for what I'm doing wrong?  Do I
> just need to wait for the next release of nss_ldap?  Should I be
> replying on the bugzilla?

At the moment there is no working nss_ldap solution. Someone is working
on it, I asked several times but the only thing I got till now is a
binary version for x86 but no source code.

        Thomas

[nssldap] Solaris 10, nscd, Bug 369 issues, Paul Tipper
- Re: [nssldap] Solaris 10, nscd, Bug 369 issues, Thomas Glanzmann
- Re: [nssldap] Solaris 10, nscd, Bug 369 issues, Howard Wilkinson

Prev by Date: [nssldap] Solaris 10, nscd, Bug 369 issues
Next by Date: Re: [nssldap] Solaris 10, nscd, Bug 369 issues
Previous by thread: [nssldap] Solaris 10, nscd, Bug 369 issues
Next by thread: Re: [nssldap] Solaris 10, nscd, Bug 369 issues