I was mucking about with things, I had getent showing all of the LDAP users just fine - I'm not sure what I did exactly, but it stopped working.
My Config file looked something like this:
/var/ldap/ldap_client_file
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.0.14:389
NS_LDAP_SEARCH_BASEDN= dc=***,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=people,dc=***,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=***,dc=com
NS_LDAP_BIND_TIME= 10
and then I added two lines (one of which wasn't correct!)
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.0.14:389
NS_LDAP_SEARCH_BASEDN= dc=***,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_PROFILE= default
NSLDAP_SEARCH_REF= true
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=people,dc=***,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=***,dc=com
NS_LDAP_BIND_TIME= 10
Magically, ldapclient went to the ldap server and loaded a default profile from some testing I was doing a while ago, then the file looked like this:
#
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.0.14
NS_LDAP_SEARCH_BASEDN= dc=***,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_PROFILE= default
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=kms,dc=com
and then getent was showing LDAP users again.
There isn't *that* much difference between the files. Could it be that merely having a profile in the ldap server makes a difference on Solaris?
