11 Replies Latest reply: Dec 6, 2012 11:03 AM by Andrew Watkins RSS

    Ldap in solaris 11-11-11

    1502
      Does ldap works in solaris 11 ?

      I am configuring a solaris 11 system to connect with ldap. But i am finding out that the configuration files "nsswitch.conf" cant be edit. edits will be lost.
      Can you help me seting up the ldap client on this system "solaris11 x86 11-11-11"

      Our ldap server is a solaris 10 sparc.

      Thank-you
        • 1. Re: Ldap in solaris 11-11-11
          Mgerdts-Oracle
          The thing that you are missing is nscfg(1M). You can make manual edits to the file, but afterward you need to run:

          # nscfg import -f svc:/system/name-service/switch:default
          • 2. Re: Ldap in solaris 11-11-11
            1502
            okay,

            this is the nfssec.conf file


            # Copyright 2001 Sun Microsystems, Inc. All rights reserved.
            # Use is subject to license terms.
            #
            #ident "%Z%%M% %I% %E% SMI"
            #
            # The NFS Security Service Configuration File.
            #
            # Each entry is of the form:
            #
            # <NFS_security_mode_name> <NFS_security_mode_number> \
            # <GSS_mechanism_name> <GSS_quality_of_protection> <GSS_services>
            #
            #
            # The "-" in <GSS_mechanism_name> signifies that this is not a GSS mechanism.
            # A string entry in <GSS_mechanism_name> is required for using RPCSEC_GSS
            # services. <GSS_quality_of_protection> and <GSS_services> are optional.
            # White space is not an acceptable value.
            #
            # default security mode is defined at the end. It should be one of
            # the flavor numbers defined above it.
            #
            none 0 - - - # AUTH_NONE
            sys 1 - - - # AUTH_SYS
            dh 3 - - - # AUTH_DH
            #
            # Uncomment the following lines to use Kerberos V5 with NFS
            #
            #krb5 390003 kerberos_v5 default - # RPCSEC_GSS
            #krb5i 390004 kerberos_v5 default integrity # RPCSEC_GSS
            #krb5p 390005 kerberos_v5 default privacy # RPCSEC_GSS
            default 1 - - - # default is AUTH_SYS
            ~
            ~


            Do i have to edit the file and add the ldap.. I dont see any ldap entries in this file ?

            Thank-You
            • 3. Re: Ldap in solaris 11-11-11
              handat
              I think you have missed the point in the previous post.

              Look at the command again:

              # nscfg import -f svc:/system/name-service/switch:default

              It imports the default name service file (nsswitch.conf) so your changes will be stored and not overriden
              • 4. Re: Ldap in solaris 11-11-11
                abrante
                Yes you can use LDAP server/client in Solaris 11.

                If you setup your LDAP client using "ldapclient init", it will automatically update your nsswitch.conf.

                Rather than updating nsswitch.conf you can also edit the SMF service, for example, to set "hosts" search to "files dns ldap":

                svccfg -s name-service/switch setprop config/host = astring: \"files dns ldap\"
                svccfg -s name-service/switch:default refresh
                svcadm restart name-service/cache

                .7/M.
                • 5. Re: Ldap in solaris 11-11-11
                  1502
                  It worked. Thank You
                  • 6. Re: Ldap in solaris 11-11-11
                    1502
                    Sorry por re-opening this thread but i have an issue, cant fix.

                    I am setting up another system but i got the following error message:

                    /usr/lib/ldap/ldap_cachemgr doesn't appear to be running.

                    I dont know how to fix this. any ideas?..
                    • 7. Re: Ldap in solaris 11-11-11
                      1502
                      I am getting the following results:
                      # ./client_status
                      ****************** Client Service ***************
                      fmri svc:/network/ldap/client:default
                      name LDAP Name Service Client
                      enabled true
                      state maintenance
                      next_state none
                      state_time December 5, 2012 10:03:38 AM PST
                      logfile /var/svc/log/network-ldap-client:default.log
                      restarter svc:/system/svc/restarter:default
                      contract_id
                      manifest /lib/svc/manifest/network/ldap/client.xml
                      manifest /lib/svc/manifest/milestone/config.xml
                      manifest /lib/svc/manifest/network/network-location.xml
                      manifest /lib/svc/manifest/system/name-service/upgrade.xml
                      dependency optional_all/none svc:/milestone/config (online)
                      dependency optional_all/none svc:/network/location:default (online)
                      dependency require_all/none svc:/system/filesystem/minimal (online)
                      dependency require_all/none svc:/network/initial (online)
                      dependency require_all/restart svc:/network/nis/domain (online)
                      dependency optional_all/none svc:/system/manifest-import (online)
                      dependency require_all/none svc:/milestone/unconfig (online)
                      dependency optional_all/none svc:/system/name-service/upgrade (online)
                      ****************** ldap_cachemgr -g *************
                      /usr/lib/ldap/ldap_cachemgr doesn't appear to be running.
                      *************************************************
                      • 8. Re: Ldap in solaris 11-11-11
                        Andrew Watkins
                        I think we need more information before we can give help:

                        # cat /var/svc/log/network-ldap-client:default.log
                        # ldapclient list
                        # domainname

                        Andrew
                        • 9. Re: Ldap in solaris 11-11-11
                          1502
                          # cat /var/svc/log/network-ldap-client:default.log
                          [ Dec  4 16:39:55 Enabled. ]
                          [ Dec  4 16:39:55 Executing start method ("/lib/svc/method/ldap-client start"). ]
                          WARNING: svc:/network/ldap/client:default no configuration.
                          Unable to export FMRI: svc:/network/ldap/client:default
                          WARNING: /var/ldap/ldap_client_file is missing or not readable
                          [ Dec  4 16:39:55 Method "start" exited with status 96. ]
                          [ Dec  5 10:03:38 Executing start method ("/lib/svc/method/ldap-client start"). ]
                          WARNING: svc:/network/ldap/client:default no configuration.
                          Unable to export FMRI: svc:/network/ldap/client:default
                          WARNING: /var/ldap/ldap_client_file is missing or not readable
                          [ Dec  5 10:03:38 Method "start" exited with status 96. ]
                          [ Dec  5 10:17:27 Leaving maintenance because disable requested. ]
                          [ Dec  5 10:17:27 Disabled. ]
                          [ Dec  5 10:17:49 Enabled. ]
                          [ Dec  5 10:17:49 Executing start method ("/lib/svc/method/ldap-client start"). ]
                          WARNING: svc:/network/ldap/client:default no configuration.
                          Unable to export FMRI: svc:/network/ldap/client:default
                          WARNING: /var/ldap/ldap_client_file is missing or not readable
                          [ Dec  5 10:17:50 Method "start" exited with status 96. ]
                          #


                          # /usr/sbin/ldapclient list
                          Cannot get print configuration
                          Unable to open filename '/var/ldap/ldap_client_file' for reading (errno=2).
                          • 10. Re: Ldap in solaris 11-11-11
                            1502
                            I didn't have the problem in solaris 11.11.11

                            However i have this problem is solaris 11.11.11.1

                            In solaris 5.11 11.1

                            the ldap client is in maintanance mode
                            i disable the ldap client,
                            enable it..
                            still goes in maintenance mode

                            I dont understand what is going on.

                            # svcs
                            STATE STIME FMRI
                            legacy_run 13:29:11 lrc:/etc/rc2_d/S40llc2
                            legacy_run 13:29:11 lrc:/etc/rc2_d/S47pppd
                            legacy_run 13:29:11 lrc:/etc/rc2_d/S81dodatadm_udaplt
                            legacy_run 13:29:11 lrc:/etc/rc2_d/S89PRESERVE
                            disabled 13:29:00 svc:/system/tsol-zones:default
                            online 13:28:51 svc:/system/early-manifest-import:default
                            online 13:28:51 svc:/system/svc/restarter:default
                            online 13:28:53 svc:/network/sctp/congestion-control:cubic
                            online 13:28:53 svc:/network/sctp/congestion-control:vegas
                            online 13:28:53 svc:/network/tcp/congestion-control:newreno
                            online 13:28:53 svc:/network/tcp/congestion-control:vegas
                            online 13:28:53 svc:/network/tcp/congestion-control:highspeed
                            online 13:28:53 svc:/network/tcp/congestion-control:cubic
                            online 13:28:53 svc:/network/sctp/congestion-control:newreno
                            online 13:28:53 svc:/network/sctp/congestion-control:highspeed
                            online 13:28:54 svc:/network/netcfg:default
                            online 13:28:54 svc:/network/tnctl:default
                            online 13:28:54 svc:/network/socket-config:default
                            online 13:28:54 svc:/network/smb:default
                            online 13:28:54 svc:/system/metainit:default
                            online 13:28:55 svc:/network/datalink-management:default
                            online 13:28:55 svc:/system/filesystem/root:default
                            online 13:28:55 svc:/system/resource-controls:default
                            online 13:28:55 svc:/system/scheduler:default
                            online 13:28:56 svc:/system/cryptosvc:default
                            online 13:28:56 svc:/network/ipsec/ipsecalgs:default
                            online 13:28:56 svc:/system/boot-archive:default
                            online 13:28:56 svc:/system/name-service/upgrade:default
                            online 13:28:58 svc:/network/ip-interface-management:default
                            online 13:28:58 svc:/network/loopback:default
                            online 13:28:58 svc:/network/ipmp:default
                            online 13:28:59 svc:/system/filesystem/usr:default
                            online 13:28:59 svc:/system/pfexec:default
                            online 13:28:59 svc:/system/device/local:default
                            online 13:28:59 svc:/system/devchassis:cleanstart
                            online 13:29:00 svc:/system/filesystem/minimal:default
                            online 13:29:00 svc:/system/vbiosd:default
                            online 13:29:00 svc:/system/metasync:default
                            online 13:29:00 svc:/system/logadm-upgrade:default
                            online 13:29:00 svc:/system/rmtmpfiles:default
                            online 13:29:00 svc:/system/pkgserv:default
                            online 13:29:00 svc:/network/uucp-lock-cleanup:default
                            online 13:29:00 svc:/system/security/security-extensions:default
                            online 13:29:00 svc:/system/rbac:default
                            online 13:29:00 svc:/system/hostid:default
                            online 13:29:00 svc:/system/environment:init
                            online 13:29:00 svc:/system/ca-certificates:default
                            online 13:29:00 svc:/system/utmp:default
                            online 13:29:00 svc:/system/resource-mgmt:default
                            online 13:29:00 svc:/system/filesystem/uvfs-instclean:default
                            online 13:29:00 svc:/system/zones-monitoring:default
                            online 13:29:00 svc:/application/opengl/ogl-select:default
                            online 13:29:00 svc:/application/desktop-cache/docbook-style-xsl-update:default
                            online 13:29:00 svc:/system/postrun:default
                            online 13:29:00 svc:/milestone/unconfig:default
                            online 13:29:00 svc:/milestone/config:default
                            online 13:29:00 svc:/application/desktop-cache/mime-types-cache:default
                            online 13:29:01 svc:/application/desktop-cache/pixbuf-loaders-installer:default
                            online 13:29:01 svc:/application/desktop-cache/input-method-cache:default
                            online 13:29:01 svc:/system/dbus:default
                            online 13:29:01 svc:/system/sysevent:default
                            online 13:29:01 svc:/application/desktop-cache/desktop-mime-cache:default
                            online 13:29:01 svc:/system/devfsadm:default
                            online 13:29:01 svc:/application/desktop-cache/gconf-cache:default
                            online 13:29:01 svc:/network/npiv_config:default
                            online 13:29:01 svc:/system/manifest-import:default
                            online 13:29:01 svc:/system/device/fc-fabric:default
                            online 13:29:01 svc:/system/rad:local
                            online 13:29:01 svc:/milestone/devices:default
                            online 13:29:01 svc:/system/coreadm:default
                            online 13:29:01 svc:/system/config-user:default
                            online 13:29:01 svc:/system/timezone:default
                            online 13:29:01 svc:/network/physical:upgrade
                            online 13:29:01 svc:/system/device/audio:default
                            online 13:29:01 svc:/network/location:upgrade
                            online 13:29:02 svc:/application/desktop-cache/docbook-dtds-update:default
                            online 13:29:03 svc:/application/desktop-cache/docbook-style-dsssl-update:default
                            online 13:29:03 svc:/system/keymap:default
                            online 13:29:04 svc:/network/physical:default
                            online 13:29:04 svc:/system/identity:node
                            online 13:29:05 svc:/system/picl:default
                            online 13:29:05 svc:/network/ipsec/policy:default
                            online 13:29:05 svc:/network/location:default
                            online 13:29:05 svc:/milestone/network:default
                            online 13:29:05 svc:/network/iptun:default
                            online 13:29:05 svc:/network/nis/domain:default
                            online 13:29:05 svc:/system/fcoe_initiator:default
                            online 13:29:05 svc:/network/dns/client:default
                            online 13:29:05 svc:/system/identity:domain
                            online 13:29:05 svc:/milestone/single-user:default
                            online 13:29:05 svc:/network/initial:default
                            online 13:29:05 svc:/network/nfs/fedfs-client:default
                            online 13:29:05 svc:/network/service:default
                            online 13:29:05 svc:/network/netmask:default
                            online 13:29:05 svc:/network/iscsi/initiator:default
                            online 13:29:06 svc:/system/auditset:default
                            online 13:29:06 svc:/system/filesystem/local:default
                            online 13:29:06 svc:/system/cron:default
                            online 13:29:06 svc:/system/boot-loader-update:default
                            online 13:29:06 svc:/system/filesystem/ufs/quota:default
                            online 13:29:07 svc:/network/shares:default
                            online 13:29:07 svc:/system/power:default
                            online 13:29:07 svc:/system/consolekit:default
                            online 13:29:08 svc:/system/boot-archive-update:default
                            online 13:29:09 svc:/application/desktop-cache/icon-cache:default
                            online 13:29:09 svc:/system/hal:default
                            online 13:29:09 svc:/network/rpc/bind:default
                            online 13:29:09 svc:/network/routing/ndp:default
                            online 13:29:09 svc:/system/filesystem/rmvolmgr:default
                            online 13:29:09 svc:/network/nfs/status:default
                            online 13:29:09 svc:/network/routing-setup:default
                            online 13:29:09 svc:/network/inetd:default
                            online 13:29:09 svc:/network/nfs/nlockmgr:default
                            online 13:29:10 svc:/application/font/fc-cache:default
                            online 13:29:10 svc:/network/rpc/gss:default
                            online 13:29:10 svc:/network/rpc/smserver:default
                            online 13:29:10 svc:/application/x11/xvnc-inetd:default
                            online 13:29:10 svc:/network/security/ktkt_warn:default
                            online 13:29:10 svc:/network/rpc/cde-ttdbserver:tcp
                            online 13:29:10 svc:/network/rpc/cde-calendar-manager:default
                            online 13:29:10 svc:/system/filesystem/autofs:default
                            online 13:29:10 svc:/application/cups/scheduler:default
                            online 13:29:10 svc:/system/dumpadm:default
                            online 13:29:10 svc:/network/ssh:default
                            online 13:29:10 svc:/milestone/self-assembly-complete:default
                            online 13:29:11 svc:/system/system-log:default
                            online 13:29:11 svc:/application/pkg/update:default
                            online 13:29:11 svc:/system/auditd:default
                            online 13:29:11 svc:/system/console-login:default
                            online 13:29:11 svc:/system/vtdaemon:default
                            online 13:29:11 svc:/system/console-login:vt4
                            online 13:29:11 svc:/system/console-login:vt3
                            online 13:29:11 svc:/system/console-login:vt2
                            online 13:29:11 svc:/system/console-login:vt6
                            online 13:29:11 svc:/system/console-login:vt5
                            online 13:29:11 svc:/milestone/multi-user:default
                            online 13:29:11 svc:/application/man-index:default
                            online 13:29:11 svc:/application/graphical-login/gdm:default
                            online 13:29:11 svc:/milestone/multi-user-server:default
                            online 13:29:11 svc:/system/intrd:default
                            online 13:29:11 svc:/system/zones:default
                            online 13:29:11 svc:/system/zones-install:default
                            online 13:29:12 svc:/application/stosreg:default
                            online 13:29:12 svc:/system/boot-config:default
                            online 13:29:15 svc:/system/fmd:default
                            online 13:29:15 svc:/system/fm/smtp-notify:default
                            online 13:29:16 svc:/system/fm/asr-notify:default
                            online 13:29:25 svc:/system/devchassis:daemon
                            online 13:29:32 svc:/network/ilomconfig-interconnect:default
                            online 13:29:32 svc:/system/ocm:default
                            online 13:29:41 svc:/system/console-reset:default
                            online 13:29:53 svc:/application/texinfo-update:default
                            online 13:58:19 svc:/system/name-service/switch:default
                            online 13:58:19 svc:/milestone/name-services:default
                            online 13:58:19 svc:/network/sendmail-client:default
                            online 13:58:19 svc:/network/smtp:sendmail
                            online 13:58:19 svc:/network/nfs/client:default
                            online 13:58:35 svc:/system/name-service/cache:default
                            maintenance 13:38:48 svc:/network/ldap/client:default

                            Edited by: 1502 on Dec 5, 2012 2:45 PM
                            • 11. Re: Ldap in solaris 11-11-11
                              Andrew Watkins
                              The key information is:
                              WARNING: /var/ldap/ldap_client_file is missing or not readable

                              I would check the way you created your LDAP client again. check the initialize command you used for ldapclient, since it looks like you have not done it or files have been deleted.

                              you should have files like:

                              *# ls /var/ldap*
                              cachemgr.log       ldap_client_cred   ldap_client_file   restore/

                              Andrew