Hi Nick, If I remember well, you must use a cn or an ou in the serviceSearchDescriptor (you can have more than one, just separate them with semicolons).
I also had better success using a single server in defaultServerList (and then ldapclient mod for multiple servers) or using a single server in preferedServerList and multiple ones in defaultServerList. There seems to be a bug in the startup code for ldapclient in some cases and I already posted about it, but nobody seemed to have encountered it yet. Arnaud Le 23/03/10 02:58, Nick a ?crit : > I'm having some trouble getting ldapclient to configure manually. Here's the > command I'm using: > > # ldapclient manual -a serviceSearchDescriptor="passwd:dc=domain,dc=com?sub" > -a serviceSearchDescriptor="group:dc=domain,dc=com?sub" -a > defaultSearchScope=sub -a objectclassMap="passwd:posixAccount=posixAccount" > -a objectclassMap="group:posixGroup=posixGroup" -a credentialLevel=anonymous > -a authenticationMethod="tls:simple" -a followReferrals=TRUE -a > bindTimeLimit=10 -a defaultSearchBase="dc=domain,dc=com" -a > defaultServerList="server1.domain.com server2.domain.com" -a > searchTimeLimit=30 > > When I run this command, I get the following error: > Error resetting system. > Recovering old system settings. > Error (1) while starting services during reset > > When I look at the /var/svc/log/network-ldap-client:default.log file, I see > the following: > [ Mar 22 19:41:01 Leaving maintenance because disable requested. ] > [ Mar 22 19:41:01 Disabled. ] > [ Mar 22 19:41:01 Enabled. ] > [ Mar 22 19:41:01 Executing start method ("/lib/svc/method/ldap-client > start"). ] > /usr/lib/ldap/ldap_cachemgr: failed. Please see syslog for details. > [ Mar 22 19:41:01 Method "start" exited with status 1. ] > [ Mar 22 19:41:02 Leaving maintenance because disable requested. ] > [ Mar 22 19:41:02 Disabled. ] > [ Mar 22 19:41:02 Enabled. ] > [ Mar 22 19:41:02 Executing start method ("/lib/svc/method/ldap-client > start"). ] > WARNING: /var/ldap/ldap_client_file is missing or not readable > [ Mar 22 19:41:02 Method "start" exited with status 96. ] > > I'm not sure about the first error, but the second, about ldap_client_file > missing or not readable, baffles me, because, as far as I know, the > "ldapclient manual" command is supposed to create the file, so I'm not sure > why this error is causing ldapclient to fail. Here's the verbose > output...I'd very much appreciate any hints on why this is happening or what > I'm doing wrong! > > Parsing serviceSearchDescriptor=passwd:dc=domain,dc=com?sub > Parsing serviceSearchDescriptor=group:dc=domain,dc=com?sub > Parsing defaultSearchScope=sub > Parsing objectclassMap=passwd:posixAccount=posixAccount > Parsing objectclassMap=group:posixGroup=posixGroup > Parsing credentialLevel=anonymous > Parsing authenticationMethod=tls:simple > Parsing followReferrals=TRUE > Parsing bindTimeLimit=10 > Parsing defaultSearchBase=dc=domain,dc=com > Parsing defaultServerList=server1.domain.com server2.domain.com > Parsing searchTimeLimit=30 > Arguments parsed: > authenticationMethod: tls:simple > defaultSearchBase: dc=domain,dc=com > credentialLevel: anonymous > objectclassMap: > arg[0]: passwd:posixAccount=posixAccount > arg[1]: group:posixGroup=posixGroup > searchTimeLimit: 30 > followReferrals: TRUE > defaultSearchScope: sub > serviceSearchDescriptor: > arg[0]: passwd:dc=domain,dc=com?sub > arg[1]: group:dc=domain,dc=com?sub > bindTimeLimit: 10 > defaultServerList: server1.domain.com server2.domain.com > Handling manual option > Proxy DN: NULL > Proxy password: NULL > Credential level: 0 > Authentication method: 3 > No proxyDN/proxyPassword required > Shadow Update is not enabled, no adminDN/adminPassword is required. > About to modify this machines configuration by writing the files > Stopping network services > Stopping sendmail > stop: sleep 100000 microseconds > stop: network/smtp:sendmail... success > Stopping nscd > stop: sleep 100000 microseconds > stop: system/name-service-cache:default... success > Stopping autofs > stop: sleep 100000 microseconds > stop: sleep 200000 microseconds > stop: system/filesystem/autofs:default... success > Stopping ldap > stop: network/ldap/client:default... restoring from maintenance state > stop: sleep 100000 microseconds > stop: network/ldap/client:default... success > nis(yp) not running > recover: stat(/var/ldap/restore/defaultdomain)=0 > recover: open(/var/ldap/restore/defaultdomain) > recover: read(/var/ldap/restore/defaultdomain) > recover: old domainname "" > recover: stat(/var/ldap/restore/ldap_client_file)=-1 > recover: stat(/var/ldap/restore/ldap_client_cred)=-1 > recover: stat(/var/ldap/restore/nsswitch.conf)=0 > recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0 > recover: stat(/var/ldap/restore/defaultdomain)=0 > recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0 > Starting network services > start: /usr/bin/domainname ... success > start: sleep 100000 microseconds > start: network/ldap/client:default... maintenance > start: sleep 100000 microseconds > start: system/filesystem/autofs:default... success > start: sleep 100000 microseconds > start: system/name-service-cache:default... success > start: sleep 100000 microseconds > start: network/smtp:sendmail... success > restart: sleep 100000 microseconds > restart: milestone/name-services:default... success > Error (1) while starting services during reset >