Saturday, July 7, 2012

getent with LDAP on Solaris / openindiana

For the life of me, I don't know what the difference is here, but it seems as if having a profile makes a big difference to how LDAP works in Solaris /OpenIndiana

I was mucking about with things,  I had getent showing all of the LDAP users just fine - I'm not sure what I did exactly, but it stopped working.

My Config file looked something like this:

/var/ldap/ldap_client_file

NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.0.14:389
NS_LDAP_SEARCH_BASEDN= dc=***,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=people,dc=***,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=***,dc=com
NS_LDAP_BIND_TIME= 10

and then I added two lines (one of which wasn't correct!) 
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.0.14:389
NS_LDAP_SEARCH_BASEDN= dc=***,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_PROFILE= default
NSLDAP_SEARCH_REF= true
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=people,dc=***,dc=com
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=***,dc=com
NS_LDAP_BIND_TIME= 10

Magically, ldapclient went to the ldap server and loaded a default profile from some testing I was doing a while ago, then the file looked like this: 
#
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 192.168.0.14
NS_LDAP_SEARCH_BASEDN= dc=***,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_PROFILE= default
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=kms,dc=com

and then getent was showing LDAP users again.
There isn't *that* much difference between the files. Could it be that merely having a profile in the ldap server makes a difference on Solaris?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)