Glenn, I did as you suggested, thanks for the tip I never noticed it before. But, I'm afraid it did not help. As an experiment I removed "All Actions" from the exec_attr and tried to load exec_attr using ldapaddent but it failed on the "All" action entry this time. So I removed the "All" action entry and it added the "All" command entry and the "Application Server Management" command entry then failed on the first "Audit Control" action entry. The problem seems to revolve around the actions entries. So as a further test I edited the "All Action" entry in exec_attr so the id is "*" not "*;*;*;*;*". This entry was loaded by ldapaddent. Figuring I must have done something wrong in the DS installation I started over and jumped the box and paid special attention to the install and configuration of DS still I had the same problem. Next I tried to load exec_attr without the action entries. This time it loaded but when I ran smc and opened Users/Rights I had multiple rights of the same name, one for every entry in the exec_attr. So I rebuilt the system again and this time I only loaded the prof_attr. Of course this time smc had the rights but no commands or actions, but they do have authorizations, auth_attr loaded without a problem. So I tried to add all actions to the "All" right and it failed with the following message, "An unexpected error occurred in the management provider. The error was internal error in DirectoryTable operation." If I tried to add all commands to the "All" right there is no failure but a second right named "All" is created and I can no longer open either "All" rights from smc. I have to delete one from directly in LDAP. Any clue what I'm doing wrong? Thanks for the help.
> David, > > In LDAP the exec_attr entries are linked to the > corresponding prof_attr > entries. So the error means that the rights profile, > All Actions, is > missing from your prof_attr. This profile is not > included in standard > Solaris, and I think we may have failed to include it > in the postinstall > for Trusted Extensions. Please add it (by hand) to > your prof_attr file > and repopulate the directory. > > --Glenn > > David Gaines wrote: > > > > There is also a minor error in the instructions > involving prof_attr. While the instructions have you > remove ?:::::? from auth_attr there is no mention > about removing :::: from prof_attr. This is > necessary to load prof_attr into LDAP. A minor > inconvenience but easily remedied. > > > > Has anyone else run into these problems? Am I > missing a patch? Looking at the documentation that > was on the CD for the older Solaris Express 44b > exec_attr is not listed as a file that needs to be > loaded into LDAP. Was this an oversight in the older > documentation? Any help would be appreciated. Thank > you. > > > > > > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org > This message posted from opensolaris.org
