Hi Nick,

If I remember well, you must use a cn or an ou in the 
serviceSearchDescriptor (you can have more than one, just separate them 
with semicolons).

I also had better success using a single server in defaultServerList 
(and then ldapclient mod for multiple servers) or using a single server 
in preferedServerList and multiple ones in defaultServerList.
There seems to be a bug in the startup code for ldapclient in some cases 
and I already posted about it, but nobody seemed to have encountered it yet.

Arnaud

Le 23/03/10 02:58, Nick a ?crit :
> I'm having some trouble getting ldapclient to configure manually.  Here's the 
> command I'm using:
>
> # ldapclient manual -a serviceSearchDescriptor="passwd:dc=domain,dc=com?sub" 
> -a serviceSearchDescriptor="group:dc=domain,dc=com?sub" -a 
> defaultSearchScope=sub -a objectclassMap="passwd:posixAccount=posixAccount" 
> -a objectclassMap="group:posixGroup=posixGroup" -a credentialLevel=anonymous 
> -a authenticationMethod="tls:simple" -a followReferrals=TRUE -a 
> bindTimeLimit=10 -a defaultSearchBase="dc=domain,dc=com" -a 
> defaultServerList="server1.domain.com server2.domain.com" -a 
> searchTimeLimit=30
>
> When I run this command, I get the following error:
> Error resetting system.
> Recovering old system settings.
> Error (1) while starting services during reset
>
> When I look at the /var/svc/log/network-ldap-client:default.log file, I see 
> the following:
> [ Mar 22 19:41:01 Leaving maintenance because disable requested. ]
> [ Mar 22 19:41:01 Disabled. ]
> [ Mar 22 19:41:01 Enabled. ]
> [ Mar 22 19:41:01 Executing start method ("/lib/svc/method/ldap-client 
> start"). ]
> /usr/lib/ldap/ldap_cachemgr: failed. Please see syslog for details.
> [ Mar 22 19:41:01 Method "start" exited with status 1. ]
> [ Mar 22 19:41:02 Leaving maintenance because disable requested. ]
> [ Mar 22 19:41:02 Disabled. ]
> [ Mar 22 19:41:02 Enabled. ]
> [ Mar 22 19:41:02 Executing start method ("/lib/svc/method/ldap-client 
> start"). ]
> WARNING: /var/ldap/ldap_client_file is missing or not readable
> [ Mar 22 19:41:02 Method "start" exited with status 96. ]
>
> I'm not sure about the first error, but the second, about ldap_client_file 
> missing or not readable, baffles me, because, as far as I know, the 
> "ldapclient manual" command is supposed to create the file, so I'm not sure 
> why this error is causing ldapclient to fail.  Here's the verbose 
> output...I'd very much appreciate any hints on why this is happening or what 
> I'm doing wrong!
>
> Parsing serviceSearchDescriptor=passwd:dc=domain,dc=com?sub
> Parsing serviceSearchDescriptor=group:dc=domain,dc=com?sub
> Parsing defaultSearchScope=sub
> Parsing objectclassMap=passwd:posixAccount=posixAccount
> Parsing objectclassMap=group:posixGroup=posixGroup
> Parsing credentialLevel=anonymous
> Parsing authenticationMethod=tls:simple
> Parsing followReferrals=TRUE
> Parsing bindTimeLimit=10
> Parsing defaultSearchBase=dc=domain,dc=com
> Parsing defaultServerList=server1.domain.com server2.domain.com
> Parsing searchTimeLimit=30
> Arguments parsed:
>          authenticationMethod: tls:simple
>          defaultSearchBase: dc=domain,dc=com
>          credentialLevel: anonymous
>          objectclassMap:
>                  arg[0]: passwd:posixAccount=posixAccount
>                  arg[1]: group:posixGroup=posixGroup
>          searchTimeLimit: 30
>          followReferrals: TRUE
>          defaultSearchScope: sub
>          serviceSearchDescriptor:
>                  arg[0]: passwd:dc=domain,dc=com?sub
>                  arg[1]: group:dc=domain,dc=com?sub
>          bindTimeLimit: 10
>          defaultServerList: server1.domain.com server2.domain.com
> Handling manual option
> Proxy DN: NULL
> Proxy password: NULL
> Credential level: 0
> Authentication method: 3
> No proxyDN/proxyPassword required
> Shadow Update is not enabled, no adminDN/adminPassword is required.
> About to modify this machines configuration by writing the files
> Stopping network services
> Stopping sendmail
> stop: sleep 100000 microseconds
> stop: network/smtp:sendmail... success
> Stopping nscd
> stop: sleep 100000 microseconds
> stop: system/name-service-cache:default... success
> Stopping autofs
> stop: sleep 100000 microseconds
> stop: sleep 200000 microseconds
> stop: system/filesystem/autofs:default... success
> Stopping ldap
> stop: network/ldap/client:default... restoring from maintenance state
> stop: sleep 100000 microseconds
> stop: network/ldap/client:default... success
> nis(yp) not running
> recover: stat(/var/ldap/restore/defaultdomain)=0
> recover: open(/var/ldap/restore/defaultdomain)
> recover: read(/var/ldap/restore/defaultdomain)
> recover: old domainname ""
> recover: stat(/var/ldap/restore/ldap_client_file)=-1
> recover: stat(/var/ldap/restore/ldap_client_cred)=-1
> recover: stat(/var/ldap/restore/nsswitch.conf)=0
> recover: file_move(/var/ldap/restore/nsswitch.conf, /etc/nsswitch.conf)=0
> recover: stat(/var/ldap/restore/defaultdomain)=0
> recover: file_move(/var/ldap/restore/defaultdomain, /etc/defaultdomain)=0
> Starting network services
> start: /usr/bin/domainname ... success
> start: sleep 100000 microseconds
> start: network/ldap/client:default... maintenance
> start: sleep 100000 microseconds
> start: system/filesystem/autofs:default... success
> start: sleep 100000 microseconds
> start: system/name-service-cache:default... success
> start: sleep 100000 microseconds
> start: network/smtp:sendmail... success
> restart: sleep 100000 microseconds
> restart: milestone/name-services:default... success
> Error (1) while starting services during reset
>    

Reply via email to