Hi,
I have configured Solaris client to AD integration (from http://blog.scottlowe.org), the client is running Solaris 10 to Windows 2003 (R1) with SFU 3.5 installed.
Everything works find with the ldapclient file below (some values changed for obvious reasons):-
ldapclient manual
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a proxyDN=cn=proxyuser,ou=Solaris,dc=example,dc=com \
-a proxyPassword=<Password of proxyuser> \
-a defaultSearchBase=dc=example,dc=com \
-a domainName=EXAMPLE.COM \
-a defaultServerList=xx.xx.127.253 \
-a attributeMap=group:userpassword=userPassword \
-a attributeMap=group:memberuid=memberUid \
-a attributeMap=group:gidnumber=gidNumber \
-a attributeMap=passwd:gecos=cn \
-a attributeMap=passwd:gidnumber=gidNumber \
-a attributeMap=passwd:uidnumber=uidNumber \
-a attributeMap=passwd:homedirectory=unixHomeDirectory \
-a attributeMap=passwd:loginshell=loginShell \
-a attributeMap=shadow:shadowflag=shadowFlag \
-a attributeMap=shadow:userpassword=userPassword \
-a objectClassMap=group:posixGroup=group \
-a objectClassMap=passwd:posixAccount=user \
-a objectClassMap=shadow:shadowAccount=user \
-a serviceSearchDescriptor=passwd:dc=example,dc=com?sub \
-a serviceSearchDescriptor=group:dc=example,dc=com?sub
When I add users to the Solaris OU then create another OU in Solaris called groups everything still works ok specifing the full domain example.com.
However, so I can limit the users who have access to the ldap clients I changed the serviceSearchDescriptor lines as below:-
-a serviceSearchDescriptor=passwd:ou=Solaris,dc=example,dc=com?sub \
-a serviceSearchDescriptor=group:ou=Solaris,dc=example,dc=com?sub
After restarting ldap client etc I am now unable to getent, ldaplist the AD users or groups etc.. when I remove the ou=Solaris everything works perfectly but I need to control which users have access to the specific clients...
Ive tried numerous different ways to resolve and scoured google to no avail... also tried filters and am now thinking of going to netgroups although this is a last resort...
I also tried placing specific users in
-a "serviceSearchDescriptor=passwd:ou=Solaris,dc=example,dc=com?sub?(l(uid=testsh))"
....I can getent the userid testsh but cant ssh in...
Any assistance would be appreciated...
Thanks...
I have configured Solaris client to AD integration (from http://blog.scottlowe.org), the client is running Solaris 10 to Windows 2003 (R1) with SFU 3.5 installed.
Everything works find with the ldapclient file below (some values changed for obvious reasons):-
ldapclient manual
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a proxyDN=cn=proxyuser,ou=Solaris,dc=example,dc=com \
-a proxyPassword=<Password of proxyuser> \
-a defaultSearchBase=dc=example,dc=com \
-a domainName=EXAMPLE.COM \
-a defaultServerList=xx.xx.127.253 \
-a attributeMap=group:userpassword=userPassword \
-a attributeMap=group:memberuid=memberUid \
-a attributeMap=group:gidnumber=gidNumber \
-a attributeMap=passwd:gecos=cn \
-a attributeMap=passwd:gidnumber=gidNumber \
-a attributeMap=passwd:uidnumber=uidNumber \
-a attributeMap=passwd:homedirectory=unixHomeDirectory \
-a attributeMap=passwd:loginshell=loginShell \
-a attributeMap=shadow:shadowflag=shadowFlag \
-a attributeMap=shadow:userpassword=userPassword \
-a objectClassMap=group:posixGroup=group \
-a objectClassMap=passwd:posixAccount=user \
-a objectClassMap=shadow:shadowAccount=user \
-a serviceSearchDescriptor=passwd:dc=example,dc=com?sub \
-a serviceSearchDescriptor=group:dc=example,dc=com?sub
When I add users to the Solaris OU then create another OU in Solaris called groups everything still works ok specifing the full domain example.com.
However, so I can limit the users who have access to the ldap clients I changed the serviceSearchDescriptor lines as below:-
-a serviceSearchDescriptor=passwd:ou=Solaris,dc=example,dc=com?sub \
-a serviceSearchDescriptor=group:ou=Solaris,dc=example,dc=com?sub
After restarting ldap client etc I am now unable to getent, ldaplist the AD users or groups etc.. when I remove the ou=Solaris everything works perfectly but I need to control which users have access to the specific clients...
Ive tried numerous different ways to resolve and scoured google to no avail... also tried filters and am now thinking of going to netgroups although this is a last resort...
I also tried placing specific users in
-a "serviceSearchDescriptor=passwd:ou=Solaris,dc=example,dc=com?sub?(l(uid=testsh))"
....I can getent the userid testsh but cant ssh in...
Any assistance would be appreciated...
Thanks...
_______________________________________________ sysadmin-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
