Solaris ldapclient (use of -B switch)

From: Robert Brockway (robert@timetraveller.org)
Date: Thu Mar 04 2004 - 19:30:29 EST

• Next message: sridhara pk: "SUMMARY:Login to locked accounts"
• Previous message: Balki Chamkura: "cluster monitoring"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all. We're migrating Debian GNU/Linux, Solaris 8 and AIX 4.3.3 (to be
upgrade to AIX 5 shortly) boxes to centralised LDAP user authentication.
I've been involved in projects like this before and it is proceeding ok.

We have a requirement for users to be members of different groups on
different servers. In order to achieve this we are going to use a per
host search dn for information pertaining to groups. Each host entry in
the ldap directory will contain information on group memberships on that
host.

The man page for ldapclient (to setup a Solaris box as an ldap client)
indicates the -B switch would be allow us to define an alternative search
DN for groups.

Using ldapclient without -B works fine:

ldapclient -i -a simple -b "o=bar.ca" -D "uid=foo, ou=Directory
administrators, o=bar.ca" -w XXXXXXXX 10.100.100.10:14400

When I try to use -B I get an error:

ldapclient -i -a simple -b "o=bar.ca" -B
"group:(ou=groups,ou=coolhost,ou=hosts,o=bar.ca)" -D "uid=foo,
ou=Directory administrators, o=bar.ca" -w XXXXXXXX 10.100.100.10:14400

The error is:

Unrecognized parameter "group:(ou=groups,ou=coolhost,ou=hosts,o=bar.ca)"
Usage: ldapclient [-v | -q] -P profile_name [ -d domainName ] [ -D
proxyBindDN ] [ -w proxyPassword ] [ -f certificatePath ] LDAP_server_addr

I've tried a few variations (such as groups: instead of group: ,etc) but
it really looks like this ldapclient does not support the -B switch
despite the claims of the man page.

The box is up to date with recommended patches.

So has anyone used ldapclient with -B successfully (or at all)? Or, is
there a better way for us to achieve our aim of per host group management
under ldap? I've RTFMed and can't find evidence anywhere of anyone ever
having used this switch (and our versions seems not to support it anyway).

TIA everyone.

Rob

-- 
Robert Brockway B.Sc. email: robert@timetraveller.org, zzbrock@uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: sridhara pk: "SUMMARY:Login to locked accounts"
• Previous message: Balki Chamkura: "cluster monitoring"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:28:11 EDT