Still writing, here hoping one of the people that have been reading this can help.
Anyway I have found out what was causing the problem, but I havent solved it for how to get it to do what i want. The problem was: -a serviceSearchDescriptor=passwd:dc=development01,dc=tag,dc=no?sub \ -a serviceSearchDescriptor=group:dc=development01,dc=tag,dc=no?sub It doesnt work in the root, it needs an ou to be specified. but I would like it search the whole directory, not a specific one, so thats one problem I have to find a solution to. An ldapsearch of the whole directory eg: ldapsearch -h cd1.development01.tag.no -b "dc=development01,dc=tag,dc=no" -o mech=gssapi -o authzid='' "cn=David Bond" works and returns the info, but I get a Segmentation Fault (core dumped) at the end. Now the other problem, by setting the service search descriptor to search from an ou i have been able to start testing with the logins, everything was going ok, until i went home and came back this moring. Now the logons dont work again. It appears that the kerberos tickets havent been renewed. ldap lookups dont work, they return : ldaplist -l passwd [username] ldaplist: Object not found (Session error no available conn. ) getent passwd [username] just hangs doing a kinit and entering the password getting a new ticket gets everything working again. But, logins no longer work, no one can login anymore, so i think that if I rejoin the computer to the domain to get a new ticket, it will allow me again to logon again for a few hours. So the -a authenticationMethod=sasl/gssapi \ needs something else adding to it. How can i fix this? -- This message posted from opensolaris.org
