Hi again,
Answering to my own post since I've made some progress.
It turns out "ldapclient manual" doesn't automatically "kinit -k" when
it's started with multiple servers in the defaultServerList.
It kinits when called with a single server or when called through
"ldapclient mod" though.
Quick and dirty fix : edit /lib/svc/method/ldap-client to add "kinit -k"
before actually launching ldap_cachemgr.
I was asking myself if there was some "clean" solution, because I don't
like the idea to start fiddling with smf startup scripts...
Perhaps some service I should have started to kinit automatically ?
If anybody has any clue, I would love to hear about it.
Thanks
--Arnaud
Le 19/02/2010 14:41, Arnaud Brand a ?crit :
> Hi list,
>
> Sorry if I'm posting to the wrong list. Please point me to the right
> one if I'm wrong. Thanks.
>
> If I configure ldapclient with only one server in the
> defaultServerList it works if I reboot.
> If I put multiple servers afterwards (eg: ldapclient mod -a
> "defaultServerList=172.23.4.2 172.23.4.3 172.23.5.2 172.23.14.12" )
> ldapclient is transitioned to maintenance on reboot and I can't clear it.
>
> Here is the message I get in
> /var/svc/log/network-ldap-client:default.log :
> [ f?vr. 19 14:13:24 Executing start method
> ("/lib/svc/method/ldap-client start"). ]
> /usr/lib/ldap/ldap_cachemgr: terminated by signal 6.
> [ f?vr. 19 14:13:27 Method "start" exited with status 1. ]
>
> Sometimes it says terminated by signal 11.
>
> To make it work, I have to reconfigure it with only one server (
> ldapclient manual etc...) and then use the ldapclient mod command to
> readd my servers.
> It doesn't matter which server I use for the "manual" command (as long
> as it's a valid server).
>
> As a side note, the "ldapclient manual" command fails if I use
> multiple servers from the beginning, but not once ldapclient has been
> succesfully configured with single server and the ldapclient mod-ed.
>
> I'm struggling with this problem since about 5 dev builds, read sun
> docs and double checked that the NS_LDAP_SERVERS in my
> /var/ldap/ldap_client_file has the same format as sun docs's examples.
>
> I'm using kerberos/gss authentication to the ldap server and suspected
> a problem there, but the problem doesn't show with any of the ldap
> server as long as I only use one at a time.
>
> I can post full command lines (I always use the same copy-pasted one
> to avoid typos), full ldap_client_file, klist output,... if needed.
>
> If anyone has even the slightest clue about this issue, please share.
>
> Thanks in advance,
> Arnaud
>
>
>
>
> _______________________________________________
> opensolaris-help mailing list
> opensolaris-help at opensolaris.org
