Hi guys,

For the default profile setup, here is the result of that query:

ldapsearch -x -b "cn=default,ou=profile,dc=live,dc=tipp24,dc=net"
# extended LDIF
#
# LDAPv3
# base <cn=default,ou=profile,dc=live,dc=tipp24,dc=net> with scope
subtree
# filter: (objectclass=*)
# requesting: ALL
#

# default, profile, live.tipp24.net
dn: cn=default,ou=profile,dc=live,dc=tipp24,dc=net
cn: default
authenticationMethod: none
bindTimeLimit: 5
objectclassMap: shadow:shadowAccount=posixAccount
followReferrals: TRUE
searchTimeLimit: 15
serviceSearchDescriptor:
passwd:cn=users,cn=accounts,dc=live,dc=tipp24,dc=net
serviceSearchDescriptor:
group:cn=groups,cn=compat,dc=live,dc=tipp24,dc=net
objectClass: top
objectClass: DUAConfigProfile
defaultSearchBase: dc=live,dc=tipp24,dc=net
defaultServerList: [IPA master hostname]

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


As for the actual queries, here is the access log from when I execute
the ldapclient command on the Solaris box:
[08/Feb/2010:11:12:18 +0100] conn=686769 fd=122 slot=122 connection from
[client IP] to [server IP]
[08/Feb/2010:11:12:18 +0100] conn=686769 op=0 SRCH base="" scope=0
filter="(objectClass=*)" attrs="namingContexts"
[08/Feb/2010:11:12:18 +0100] conn=686769 op=0 RESULT err=0 tag=101
nentries=1 etime=0
[08/Feb/2010:11:12:18 +0100] conn=686769 op=1 SRCH
base="dc=live,dc=tipp24,dc=net" scope=2
filter="(&(objectClass=nisDomainObject)(nisDomain=live.tipp24.net))"
attrs=ALL
[08/Feb/2010:11:12:18 +0100] conn=686769 op=1 RESULT err=0 tag=101
nentries=0 etime=0
[08/Feb/2010:11:12:18 +0100] conn=686769 op=2 UNBIND
[08/Feb/2010:11:12:18 +0100] conn=686769 op=2 fd=122 closed - U1


I hope that's of some help.

Andy

-----Original Message-----
From: Nalin Dahyabhai [mailto:na...@redhat.com] 
Sent: 05 February 2010 17:05
To: Andy Singleton
Cc: Rob Crittenden; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Installing IPA on Solaris 10

On Fri, Feb 05, 2010 at 04:03:05PM -0000, Andy Singleton wrote:
> Hi Rob,
> 
> Ok ive switched on the compat plugin.
> Incidentally, does this need to be done separately for all replicas?

I believe so.  The set of plugins which are configured is configured on
each server.

> However, when I run ldapclient init <ipa_server>, I get this message:
> "Failed to find defaultSearchBase for domain"

Does the client have its domain set to match the name of the IPA domain
before you run 'ldapclient init'?  The ldapclient command will look for
the profile information using the client's domain name as a starting
point.

I believe this is done with the 'domainname' command, though I'm not
sure of the name the configuration file which you'd need to edit to make
that setting permanent.

HTH,

Nalin

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to