> Likewise, if pam_ldap is deployed login > authentication is done in the directory server > not on the client, so no amount of caching of the > directory data will enable a login > in a disconnected environment, unless the mobile > environment is, for instance, running > the directory server in a zone on the box. >
With TX, DSEE needs to be installed in the global zone. I even tried creating a separate zone (and label) for LDAP, such that all other labels would dominate it, but that didn't help. The installer complains about not having access to the TX files in /etc/security/tsol to create the collections. Otherwise, this would be the ideal solution. [...] > I defer the to TX team about how/if such a > configuration could be enabled when > TX is enabled, because I know zones in TX are > behaviorally different than zones > out of TX, but I suspect with some thought and > potentially a whole lot less work, > this solution might deliver what is needed today, > versus at some point in the future > when we might be able to complete an on-disk DB cache > solution in naming. > Since an ldap server cannot be its own client, and it would have to be installed in the global zone, is this something that should be resolved with rsync, svn, cvs, etc. instead of LDAP? Thanks, Fernando This message posted from opensolaris.org
