Re: [OpenIndiana-discuss] Compile nss_ldap
The Ldap server is hosted on linux and couldnt find any ldap client that is compiled already for OI. Any other way to get client working is fine. Pls advice. On Mon, Aug 13, 2012 at 6:57 PM, Jim Klimov jimkli...@cos.ru wrote: 2012-08-13 14:31, Ram Chander пишет: Hi, Am trying to setup ldap client on OI. I get below error when tried to compile nss_ldap-265 ( downloaded from padl.com ). Can I pls have steps to compile it properly ? Am I missing something, or why doesn't an included ldap-client (software and SMF service) suit your needs? You did not find it, or you need something different/newer/better/etc.? It was in OpenSolaris since... forever, and I think it must be in OI as well. Quite documented it was for (Open)Solaris, so there should be no big troubles setting that up. //Jim Klimov ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Compile nss_ldap
2012/8/14 Ram Chander ramqu...@gmail.com: The Ldap server is hosted on linux and couldnt find any ldap client that is compiled already for OI. Any other way to get client working is fine. Pls advice. http://docs.oracle.com/cd/E19963-01/html/821-1455/clientsetup-1.html -f ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Compile nss_ldap
I use LDAP for login and stuff, we use OpenLDAP on our servers (and because I use a laptop I have an OpenLDAP replica running on my local machine) LDAP packages installed: jadams@jadlaptop:~$ pkg list | grep -i ldap library/apr-util-13/apr-ldap 1.3.9-0.151.1.4i-- library/openldap 2.4.21-0.151.1.4 i-- naming/ldap 0.5.11-0.151.1.4 i-- All Possible LDAP packages: jadams@jadlaptop:~$ pkg search ldap INDEX ACTION VALUE PACKAGE basenamedirusr/ruby/1.8/share/ri/1.8/system/URI/LDAP pkg:/runtime/ruby-18@1.8.7.174-0.151.1.4 basenamedirusr/jruby/1.1.3/share/ri/1.8/system/URI/LDAP pkg:/runtime/java/jruby@1.1.3-0.151.1.4 pkg.summary setLDAP Libraries pkg:/naming/ldap@0.5.11-0.151.1.4 pkg.description setLdap libraries in for software development of dynamically linked executables pkg:/naming/ldap@0.5.11-0.151.1.4 basenamedirlib/svc/manifest/network/ldap pkg:/library/openldap@2.4.21-0.151.1.4 basenamedirlib/svc/manifest/network/ldap pkg:/SUNWcs@0.5.11-0.151.1.4 basenamedirvar/svc/manifest/network/ldap pkg:/SUNWcs@0.5.11-0.151.1.4 basenamedirusr/lib/ldap pkg:/system/network/nis@0.5.11-0.151.1.4 basenamedirvar/ldap pkg:/system/network/nis@0.5.11-0.151.1.4 pkg.fmrisetopenindiana.org/naming/ldap pkg:/naming/ldap@0.5.11-0.151.1.4 On 14 August 2012 07:24, Ram Chander ramqu...@gmail.com wrote: The Ldap server is hosted on linux and couldnt find any ldap client that is compiled already for OI. Any other way to get client working is fine. Pls advice. On Mon, Aug 13, 2012 at 6:57 PM, Jim Klimov jimkli...@cos.ru wrote: 2012-08-13 14:31, Ram Chander пишет: Hi, Am trying to setup ldap client on OI. I get below error when tried to compile nss_ldap-265 ( downloaded from padl.com ). Can I pls have steps to compile it properly ? Am I missing something, or why doesn't an included ldap-client (software and SMF service) suit your needs? You did not find it, or you need something different/newer/better/etc.? It was in OpenSolaris since... forever, and I think it must be in OI as well. Quite documented it was for (Open)Solaris, so there should be no big troubles setting that up. //Jim Klimov ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)
I am not sure if all of my comment is true and valid, but *I think* that SAMBA is designed as a more interoperable piece of software - being a userland program, it is more extensible. And likely it can implement what you desire from an OpenSolaris server in a more consistent and comfortable way than kernel CIFS. I am not trying to argue for one or another, each has its benefits and quirks... So here goes: I think you can add programmatic (scripted) hooks to register new users on the fileserver, i.e. by virtue of them accessing their homes, which don't exist at the moment, but the login attempt (to MSAD via KRB/NTLM integration) succeeds - which, if works, would give you static individual unique POSIX UIDs. It is up to you (and your PAM modules) - where that info would be stored, in the local FS (/etc/passwd, /etc/smbpassdw), or in some LDAP service or another database. I've also read that SAMBA has a module and settings to enable support of ZFS/NFSv4 ACLs, so you don't lose much on this front. If I read those pages correctly, these are the same ACLs stored on the ZFS pool, so they migrate along to a failover server - if that's what you implied. Also SAMBA does enable your shared hierarchical datasets to seem like a single share, while it is tricky (not implemented) with many published versions of kernel CIFS server (each FS ID is published separately, and automatic submounts are not offered). I recall there were some works on remedying this. There are several generations of Samba modules for Shadow-Copies support with ZFS snapshots. For various tricks (and bugs) with Samba and ZFS integration see for example http://www.edplese.com/samba-with-zfs.html https://bugzilla.samba.org/show_bug.cgi?id=8467 ...and google around for particular direct questions ;) It is also possible to hook other integratable software to SAMBA shares (like virus-scanners, document format converters and stuff) while it may be more tricky with kernel CIFS (there are provisions for virus-scanning, but I haven't seen much more). For the deployments I've seen, where control over corporate directory is available (or both AD and LDAP are provided and synchronized), the kernel CIFS was sufficient. I am not sure how much it is abused in terms of all available functionality, but it did not strike the limitations so that those people would require to go back to Samba. YMMV ;) HTH, //Jim Klimov 2012-08-13 21:11, Günther Alka пишет: with SAMBA and winbind you may loose: - snaps via Windows previous version - Windows compatible ntfs4 ACL (only Posix ACL ?) - SMB as a ZFS property - interoperability with NFS4 - movable pools that keep ACL intact - performance, kernel based CIFS server is mostly faster - CIFS is managed by Illumos, not a third party product that cares mostly about Linux - napp-it integration From Windows and interoperability view CIFS is much better. A minimal solution may be using at least the UID/GID provided by idmap for already created AD users, optionally add a SID-UID/GID entry in this database. In this case, you do not write proper ACL but use at least the same UID/GID like CIFS I have not tried if CIFS is using the proper SID via idmap when there is only a UID/GID entry in files. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)
2012-08-13 21:11, Günther Alka пишет: with SAMBA and winbind you may loose: - snaps via Windows previous version Also, I forgot to mention that with both kernel CIFS and SAMBA you can access a share's (hidden or exposed) .zfs/snapshots directory (if the share is the root of a ZFS filesystem dataset) and access the snapshotted data - even if that is not integrated into shadow copies GUI. This can be sufficient to drill back in history and find the one file the user deleted, overwrote or otherwise damaged, so the file can be copied from snapshot into the live dataset, and this does not warrant rolling back the rest of the dataset to the old snapshot state. HTH, //Jim Klimov ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Compile nss_ldap
2012-08-14 10:24, Ram Chander пишет:
The Ldap server is hosted on linux and couldnt find any ldap client that is
compiled already for OI. Any other way to get client working is fine. Pls
advice.
You were given one link; back in the days I found this one immensely
useful and detailed (Soup To Nuts Sun DSEE, by Brandon Hutchinson):
http://brandonhutchinson.com/wiki/Soup_To_Nuts_Sun_DSEE#Bind_an_LDAP_client
This is inclined toward setting up a Sun DSEE server (so you can skip
those parts) and Solaris 8/9/10 clients via search profiles and proxy
accounts (which you may need to implement on your LDAP server).
The Solaris 10 parts should be applicable to OpenSolaris and OI as well.
As Brandon reminds, when you ldapclient init, the /etc/nsswitch.conf
file is overwritten with /etc/nsswitch.ldap. This default file
(/etc/nsswitch.ldap), does not use DNS when looking up hostnames
(naming info is assumed to be in LDAP), and only references local
files when LDAP is not available. You may also need customizations
to use LDAP netgroups to define user sets for particular client hosts.
Also note that some programs are pre-built as OpenLDAP clients. For
those you will need a /etc/ldap.conf file with OpenLDAP settings
(the directory server address, {proxy user} login info, base dn and
stuff) - but that is separate from the OS LDAP integration and only
regards those programs and libraries.
I found it useful to set up a single client properly, tarball the
LDAP config files (/etc/nsswitch.conf, /etc/ldap.conf, /etc/pam*,
/var/ldap/) and just unpack these tarballs on new clients (local
or global zones) - this is sufficient to afterwards just issue
svcadm enable -r ldap/client and have this new client integrated.
If you do use LDAP netgroups, you'd also have to add proper include
lines into /etc/passwd and /etc/shadow (groups use another mechanism).
HTH,
//Jim Klimov
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Invitation to connect on LinkedIn
On Aug 14, 2012, at 5:57 PM, Shain Singh via LinkedIn wrote: Shain Singh requested to add you as a connection on LinkedIn That should be a really interesting trick, if you can manage to pull it off. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Invitation to connect on LinkedIn
That should be personal, not to a list --Mensaje original-- De: Magnus Para: Discussion list for OpenIndiana Responder a: Discussion list for OpenIndiana Asunto: Re: [OpenIndiana-discuss] Invitation to connect on LinkedIn Enviado: 14 de ago de 2012 19:00 On Aug 14, 2012, at 5:57 PM, Shain Singh via LinkedIn wrote: Shain Singh requested to add you as a connection on LinkedIn That should be a really interesting trick, if you can manage to pull it off. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss Enviado desde mi BlackBerry de Movistar (http://www.movistar.com.ar) ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Invitation to connect on LinkedIn
I think that the openindiana list *should* have its own linkedin profile :-) I'd give it a recommendation. OpenIndiana List is not only an efficient and concise list, but also an inspiring one. OpenIndiana List did an exceptional job on a recent question I had. OpenIndiana List is a careful, professional list; it is able to assist in any role you might require in any Solaris project. This list is always very proactive and motivated. On 8/14/12 2:55 PM, gseo...@gmail.com gseo...@gmail.com wrote: That should be personal, not to a list --Mensaje original-- De: Magnus Para: Discussion list for OpenIndiana Responder a: Discussion list for OpenIndiana Asunto: Re: [OpenIndiana-discuss] Invitation to connect on LinkedIn Enviado: 14 de ago de 2012 19:00 On Aug 14, 2012, at 5:57 PM, Shain Singh via LinkedIn wrote: Shain Singh requested to add you as a connection on LinkedIn That should be a really interesting trick, if you can manage to pull it off. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss Enviado desde mi BlackBerry de Movistar (http://www.movistar.com.ar) ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Invitation to connect on LinkedIn
Like! Enviado desde mi BlackBerry de Movistar (http://www.movistar.com.ar) -Original Message- From: Rennie Allen rennieal...@gmail.com Date: Tue, 14 Aug 2012 15:35:33 To: Discussion list for OpenIndianaopenindiana-discuss@openindiana.org Reply-To: Discussion list for OpenIndiana openindiana-discuss@openindiana.org Subject: Re: [OpenIndiana-discuss] Invitation to connect on LinkedIn I think that the openindiana list *should* have its own linkedin profile :-) I'd give it a recommendation. OpenIndiana List is not only an efficient and concise list, but also an inspiring one. OpenIndiana List did an exceptional job on a recent question I had. OpenIndiana List is a careful, professional list; it is able to assist in any role you might require in any Solaris project. This list is always very proactive and motivated. On 8/14/12 2:55 PM, gseo...@gmail.com gseo...@gmail.com wrote: That should be personal, not to a list --Mensaje original-- De: Magnus Para: Discussion list for OpenIndiana Responder a: Discussion list for OpenIndiana Asunto: Re: [OpenIndiana-discuss] Invitation to connect on LinkedIn Enviado: 14 de ago de 2012 19:00 On Aug 14, 2012, at 5:57 PM, Shain Singh via LinkedIn wrote: Shain Singh requested to add you as a connection on LinkedIn That should be a really interesting trick, if you can manage to pull it off. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss Enviado desde mi BlackBerry de Movistar (http://www.movistar.com.ar) ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
