On 2008, Nov 17, at 13:44, James G. Light wrote: > I have tried to get Solaris 10 to be an LDAP client of our OpenLDAP > server, but I keep meeting failure. > > I followed the steps from this page: > http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server > [...]
This is a pretty old message, but I did not see any responses to this query and I similarly didn't see you post to the LDAP-related lists I'm on, so I figured I'd get rid of the "this is new" dot on this message since I had recently integrated an Opensolaris box with an OpenLDAP server for accounts. > When I issue an 'id <ldapuser>' from the Solaris box, it > successfully binds to the LDAP server and > the response sent is "No Such Object" from the OpenLDAP server after > a successful bind. > [Linux host:] > --------------------------8< <snip>-------------------------- > [...] > conn=147 op=5 SRCH > base="dc=<ldapbase1>,dc=,<ldapbase2>dc=<ldapbase3>" scope=2 deref=0 > filter="(&(objectClass=posixAccount)(uid=<ldapuser>))" > <= bdb_equality_candidates: (uid) index_param failed (18) > conn=147 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= > [...] > -----------------------8< </ > snip>-------------------------------------------------- Note carefully that the base of that search is only "dc" elements, whereas the Solaris search has: > While the same 'id <ldapuser>' command from the Solaris machine > shows up like this: > -----------------------8< > <snip>-------------------------------------------------- > conn=277 fd=14 ACCEPT from IP=155.246.89.4:33083 (IP=0.0.0.0:389) > conn=277 op=0 SRCH > base="ou=people,dc=<ldapbase1>,dc=<ldapbase2>,dc=<ldapbase3>" > scope=2 deref=3 filter="(&(objectClass=posixAccount)(uid=<ldapuser>))" > conn=277 op=0 SRCH attr=cn uid uidnumber gidnumber gecos description > homedirectory loginshell > conn=277 op=0 SEARCH RESULT tag=101 err=32 nentries=0 text= > -----------------------8< </ > snip>-------------------------------------------------- > Obviously the Solaris is performing one search and getting one > result while the OpenLDAP client is performing > what looks to me to be eight searches. (by counting the SEARCH > RESULT instances). Besides the difference in the number of queries, that one query that looks similar in at least the filter is still different in that the base of the search specified by the Solaris box also has an organizationalUnit. Does your tree really have that OU in it that houses your accounts? If not, that would explain the big difference, and it would make sense for the Solaris box to not need further queries once it's already determined that there is no entry by that username in the directory. -philip _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
