Setting up Solaris 10 as an LDAP client

From: Rob McMahon (Rob.McMahon@warwick.ac.uk)
Date: Wed Mar 23 2005 - 07:06:14 EST

• Next message: Steve Baker: "SCSI card - multiple lun support"
• Previous message: Elaine .: "Adding a timestamp to history logfile"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm stuck, and I thought this was going to be easy.

I'm trying to set up a Solaris 10 (SPARC) box as an LDAP client to an
existing Novell eDirectory, and I think I must be missing something.
`ldapclient list' says (names hidden to protect the innocent ...)

> ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=xxxxxx,ou=xxx,o=xxxxxxx
NS_LDAP_BINDPASSWD= {NS1}xxxxxxxxxxxx
NS_LDAP_SERVERS= xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy, zzz.zzz.zzz.zzz
NS_LDAP_SEARCH_BASEDN= o=xxxxxxx
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:o=xxxxxxx?sub
NS_LDAP_ATTRIBUTEMAP= passwd:uid=cn
>

(Don't worry about the AUTH=simple, this is just to get things going.)
But when I do a `ldaplist -v passwd xxxxx', `tethereal' shows that the
Dereference option is set to Always:

Lightweight Directory Access Protocol
    Message Id: 2
    Message Type: Search Request (0x03)
    Message Length: 76
    Base DN: o=xxxxxxx
    Scope: Subtree (0x02)
    Dereference: Always (0x03)
    Size Limit: 0
    Time Limit: 30
    Attributes Only: False
    Filter: (&(objectclass=posixaccount)(cn=xxxxx))
    Attribute: dn

The query times out. I thought the followReferrals=false
(NS_LDAP_SEARCH_REF= FALSE) would set `Dereference' to `Never'. I know
this is the problem because I can do an equivalent `ldapsearch' setting
the `-a' flag to `always' or `never', and the `always' version times out
in the same way, where the `never' version' succeeds instantly.
Studying the output from `ethereal' this is the only difference from the
`ldaplist' case. I've fiddled with

svcadm refresh|restart /network/ldap/client:default

just in case, but to no avail.

Any ideas ? How do I get a Dereference: Never in the search request to
the directory ?

Cheers,

Rob

-- 
E-Mail:	Rob.McMahon@warwick.ac.uk		PHONE:  +44 24 7652 3037
Rob McMahon, IT Services, Warwick University, Coventry, CV4 7AL, England
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Steve Baker: "SCSI card - multiple lun support"
• Previous message: Elaine .: "Adding a timestamp to history logfile"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:25 EDT