This discussion is archived
11 Replies Latest reply: Dec 6, 2012 9:03 AM by qwe25256 RSS

Ldap in solaris 11-11-11

1502 Newbie
Currently Being Moderated
Does ldap works in solaris 11 ?

I am configuring a solaris 11 system to connect with ldap. But i am finding out that the configuration files "nsswitch.conf" cant be edit. edits will be lost.
Can you help me seting up the ldap client on this system "solaris11 x86 11-11-11"

Our ldap server is a solaris 10 sparc.

Thank-you
  • 1. Re: Ldap in solaris 11-11-11
    mgerdts - oracle Explorer
    Currently Being Moderated
    The thing that you are missing is nscfg(1M). You can make manual edits to the file, but afterward you need to run:

    # nscfg import -f svc:/system/name-service/switch:default
  • 2. Re: Ldap in solaris 11-11-11
    1502 Newbie
    Currently Being Moderated
    okay,

    this is the nfssec.conf file


    # Copyright 2001 Sun Microsystems, Inc. All rights reserved.
    # Use is subject to license terms.
    #
    #ident "%Z%%M% %I% %E% SMI"
    #
    # The NFS Security Service Configuration File.
    #
    # Each entry is of the form:
    #
    # <NFS_security_mode_name> <NFS_security_mode_number> \
    # <GSS_mechanism_name> <GSS_quality_of_protection> <GSS_services>
    #
    #
    # The "-" in <GSS_mechanism_name> signifies that this is not a GSS mechanism.
    # A string entry in <GSS_mechanism_name> is required for using RPCSEC_GSS
    # services. <GSS_quality_of_protection> and <GSS_services> are optional.
    # White space is not an acceptable value.
    #
    # default security mode is defined at the end. It should be one of
    # the flavor numbers defined above it.
    #
    none 0 - - - # AUTH_NONE
    sys 1 - - - # AUTH_SYS
    dh 3 - - - # AUTH_DH
    #
    # Uncomment the following lines to use Kerberos V5 with NFS
    #
    #krb5 390003 kerberos_v5 default - # RPCSEC_GSS
    #krb5i 390004 kerberos_v5 default integrity # RPCSEC_GSS
    #krb5p 390005 kerberos_v5 default privacy # RPCSEC_GSS
    default 1 - - - # default is AUTH_SYS
    ~
    ~


    Do i have to edit the file and add the ldap.. I dont see any ldap entries in this file ?

    Thank-You
  • 3. Re: Ldap in solaris 11-11-11
    handat Expert
    Currently Being Moderated
    I think you have missed the point in the previous post.

    Look at the command again:

    # nscfg import -f svc:/system/name-service/switch:default

    It imports the default name service file (nsswitch.conf) so your changes will be stored and not overriden
  • 4. Re: Ldap in solaris 11-11-11
    abrante Pro
    Currently Being Moderated
    Yes you can use LDAP server/client in Solaris 11.

    If you setup your LDAP client using "ldapclient init", it will automatically update your nsswitch.conf.

    Rather than updating nsswitch.conf you can also edit the SMF service, for example, to set "hosts" search to "files dns ldap":

    svccfg -s name-service/switch setprop config/host = astring: \"files dns ldap\"
    svccfg -s name-service/switch:default refresh
    svcadm restart name-service/cache

    .7/M.
  • 5. Re: Ldap in solaris 11-11-11
    1502 Newbie
    Currently Being Moderated
    It worked. Thank You
  • 6. Re: Ldap in solaris 11-11-11
    1502 Newbie
    Currently Being Moderated
    Sorry por re-opening this thread but i have an issue, cant fix.

    I am setting up another system but i got the following error message:

    /usr/lib/ldap/ldap_cachemgr doesn't appear to be running.

    I dont know how to fix this. any ideas?..
  • 7. Re: Ldap in solaris 11-11-11
    1502 Newbie
    Currently Being Moderated
    I am getting the following results:
    # ./client_status
    ****************** Client Service ***************
    fmri svc:/network/ldap/client:default
    name LDAP Name Service Client
    enabled true
    state maintenance
    next_state none
    state_time December 5, 2012 10:03:38 AM PST
    logfile /var/svc/log/network-ldap-client:default.log
    restarter svc:/system/svc/restarter:default
    contract_id
    manifest /lib/svc/manifest/network/ldap/client.xml
    manifest /lib/svc/manifest/milestone/config.xml
    manifest /lib/svc/manifest/network/network-location.xml
    manifest /lib/svc/manifest/system/name-service/upgrade.xml
    dependency optional_all/none svc:/milestone/config (online)
    dependency optional_all/none svc:/network/location:default (online)
    dependency require_all/none svc:/system/filesystem/minimal (online)
    dependency require_all/none svc:/network/initial (online)
    dependency require_all/restart svc:/network/nis/domain (online)
    dependency optional_all/none svc:/system/manifest-import (online)
    dependency require_all/none svc:/milestone/unconfig (online)
    dependency optional_all/none svc:/system/name-service/upgrade (online)
    ****************** ldap_cachemgr -g *************
    /usr/lib/ldap/ldap_cachemgr doesn't appear to be running.
    *************************************************
  • 8. Re: Ldap in solaris 11-11-11
    qwe25256 Newbie
    Currently Being Moderated
    I think we need more information before we can give help:

    # cat /var/svc/log/network-ldap-client:default.log
    # ldapclient list
    # domainname

    Andrew
  • 9. Re: Ldap in solaris 11-11-11
    1502 Newbie
    Currently Being Moderated
    # cat /var/svc/log/network-ldap-client:default.log
    [ Dec  4 16:39:55 Enabled. ]
    [ Dec  4 16:39:55 Executing start method ("/lib/svc/method/ldap-client start"). ]
    WARNING: svc:/network/ldap/client:default no configuration.
    Unable to export FMRI: svc:/network/ldap/client:default
    WARNING: /var/ldap/ldap_client_file is missing or not readable
    [ Dec  4 16:39:55 Method "start" exited with status 96. ]
    [ Dec  5 10:03:38 Executing start method ("/lib/svc/method/ldap-client start"). ]
    WARNING: svc:/network/ldap/client:default no configuration.
    Unable to export FMRI: svc:/network/ldap/client:default
    WARNING: /var/ldap/ldap_client_file is missing or not readable
    [ Dec  5 10:03:38 Method "start" exited with status 96. ]
    [ Dec  5 10:17:27 Leaving maintenance because disable requested. ]
    [ Dec  5 10:17:27 Disabled. ]
    [ Dec  5 10:17:49 Enabled. ]
    [ Dec  5 10:17:49 Executing start method ("/lib/svc/method/ldap-client start"). ]
    WARNING: svc:/network/ldap/client:default no configuration.
    Unable to export FMRI: svc:/network/ldap/client:default
    WARNING: /var/ldap/ldap_client_file is missing or not readable
    [ Dec  5 10:17:50 Method "start" exited with status 96. ]
    #


    # /usr/sbin/ldapclient list
    Cannot get print configuration
    Unable to open filename '/var/ldap/ldap_client_file' for reading (errno=2).
  • 10. Re: Ldap in solaris 11-11-11
    1502 Newbie
    Currently Being Moderated
    I didn't have the problem in solaris 11.11.11

    However i have this problem is solaris 11.11.11.1

    In solaris 5.11 11.1

    the ldap client is in maintanance mode
    i disable the ldap client,
    enable it..
    still goes in maintenance mode

    I dont understand what is going on.

    # svcs
    STATE STIME FMRI
    legacy_run 13:29:11 lrc:/etc/rc2_d/S40llc2
    legacy_run 13:29:11 lrc:/etc/rc2_d/S47pppd
    legacy_run 13:29:11 lrc:/etc/rc2_d/S81dodatadm_udaplt
    legacy_run 13:29:11 lrc:/etc/rc2_d/S89PRESERVE
    disabled 13:29:00 svc:/system/tsol-zones:default
    online 13:28:51 svc:/system/early-manifest-import:default
    online 13:28:51 svc:/system/svc/restarter:default
    online 13:28:53 svc:/network/sctp/congestion-control:cubic
    online 13:28:53 svc:/network/sctp/congestion-control:vegas
    online 13:28:53 svc:/network/tcp/congestion-control:newreno
    online 13:28:53 svc:/network/tcp/congestion-control:vegas
    online 13:28:53 svc:/network/tcp/congestion-control:highspeed
    online 13:28:53 svc:/network/tcp/congestion-control:cubic
    online 13:28:53 svc:/network/sctp/congestion-control:newreno
    online 13:28:53 svc:/network/sctp/congestion-control:highspeed
    online 13:28:54 svc:/network/netcfg:default
    online 13:28:54 svc:/network/tnctl:default
    online 13:28:54 svc:/network/socket-config:default
    online 13:28:54 svc:/network/smb:default
    online 13:28:54 svc:/system/metainit:default
    online 13:28:55 svc:/network/datalink-management:default
    online 13:28:55 svc:/system/filesystem/root:default
    online 13:28:55 svc:/system/resource-controls:default
    online 13:28:55 svc:/system/scheduler:default
    online 13:28:56 svc:/system/cryptosvc:default
    online 13:28:56 svc:/network/ipsec/ipsecalgs:default
    online 13:28:56 svc:/system/boot-archive:default
    online 13:28:56 svc:/system/name-service/upgrade:default
    online 13:28:58 svc:/network/ip-interface-management:default
    online 13:28:58 svc:/network/loopback:default
    online 13:28:58 svc:/network/ipmp:default
    online 13:28:59 svc:/system/filesystem/usr:default
    online 13:28:59 svc:/system/pfexec:default
    online 13:28:59 svc:/system/device/local:default
    online 13:28:59 svc:/system/devchassis:cleanstart
    online 13:29:00 svc:/system/filesystem/minimal:default
    online 13:29:00 svc:/system/vbiosd:default
    online 13:29:00 svc:/system/metasync:default
    online 13:29:00 svc:/system/logadm-upgrade:default
    online 13:29:00 svc:/system/rmtmpfiles:default
    online 13:29:00 svc:/system/pkgserv:default
    online 13:29:00 svc:/network/uucp-lock-cleanup:default
    online 13:29:00 svc:/system/security/security-extensions:default
    online 13:29:00 svc:/system/rbac:default
    online 13:29:00 svc:/system/hostid:default
    online 13:29:00 svc:/system/environment:init
    online 13:29:00 svc:/system/ca-certificates:default
    online 13:29:00 svc:/system/utmp:default
    online 13:29:00 svc:/system/resource-mgmt:default
    online 13:29:00 svc:/system/filesystem/uvfs-instclean:default
    online 13:29:00 svc:/system/zones-monitoring:default
    online 13:29:00 svc:/application/opengl/ogl-select:default
    online 13:29:00 svc:/application/desktop-cache/docbook-style-xsl-update:default
    online 13:29:00 svc:/system/postrun:default
    online 13:29:00 svc:/milestone/unconfig:default
    online 13:29:00 svc:/milestone/config:default
    online 13:29:00 svc:/application/desktop-cache/mime-types-cache:default
    online 13:29:01 svc:/application/desktop-cache/pixbuf-loaders-installer:default
    online 13:29:01 svc:/application/desktop-cache/input-method-cache:default
    online 13:29:01 svc:/system/dbus:default
    online 13:29:01 svc:/system/sysevent:default
    online 13:29:01 svc:/application/desktop-cache/desktop-mime-cache:default
    online 13:29:01 svc:/system/devfsadm:default
    online 13:29:01 svc:/application/desktop-cache/gconf-cache:default
    online 13:29:01 svc:/network/npiv_config:default
    online 13:29:01 svc:/system/manifest-import:default
    online 13:29:01 svc:/system/device/fc-fabric:default
    online 13:29:01 svc:/system/rad:local
    online 13:29:01 svc:/milestone/devices:default
    online 13:29:01 svc:/system/coreadm:default
    online 13:29:01 svc:/system/config-user:default
    online 13:29:01 svc:/system/timezone:default
    online 13:29:01 svc:/network/physical:upgrade
    online 13:29:01 svc:/system/device/audio:default
    online 13:29:01 svc:/network/location:upgrade
    online 13:29:02 svc:/application/desktop-cache/docbook-dtds-update:default
    online 13:29:03 svc:/application/desktop-cache/docbook-style-dsssl-update:default
    online 13:29:03 svc:/system/keymap:default
    online 13:29:04 svc:/network/physical:default
    online 13:29:04 svc:/system/identity:node
    online 13:29:05 svc:/system/picl:default
    online 13:29:05 svc:/network/ipsec/policy:default
    online 13:29:05 svc:/network/location:default
    online 13:29:05 svc:/milestone/network:default
    online 13:29:05 svc:/network/iptun:default
    online 13:29:05 svc:/network/nis/domain:default
    online 13:29:05 svc:/system/fcoe_initiator:default
    online 13:29:05 svc:/network/dns/client:default
    online 13:29:05 svc:/system/identity:domain
    online 13:29:05 svc:/milestone/single-user:default
    online 13:29:05 svc:/network/initial:default
    online 13:29:05 svc:/network/nfs/fedfs-client:default
    online 13:29:05 svc:/network/service:default
    online 13:29:05 svc:/network/netmask:default
    online 13:29:05 svc:/network/iscsi/initiator:default
    online 13:29:06 svc:/system/auditset:default
    online 13:29:06 svc:/system/filesystem/local:default
    online 13:29:06 svc:/system/cron:default
    online 13:29:06 svc:/system/boot-loader-update:default
    online 13:29:06 svc:/system/filesystem/ufs/quota:default
    online 13:29:07 svc:/network/shares:default
    online 13:29:07 svc:/system/power:default
    online 13:29:07 svc:/system/consolekit:default
    online 13:29:08 svc:/system/boot-archive-update:default
    online 13:29:09 svc:/application/desktop-cache/icon-cache:default
    online 13:29:09 svc:/system/hal:default
    online 13:29:09 svc:/network/rpc/bind:default
    online 13:29:09 svc:/network/routing/ndp:default
    online 13:29:09 svc:/system/filesystem/rmvolmgr:default
    online 13:29:09 svc:/network/nfs/status:default
    online 13:29:09 svc:/network/routing-setup:default
    online 13:29:09 svc:/network/inetd:default
    online 13:29:09 svc:/network/nfs/nlockmgr:default
    online 13:29:10 svc:/application/font/fc-cache:default
    online 13:29:10 svc:/network/rpc/gss:default
    online 13:29:10 svc:/network/rpc/smserver:default
    online 13:29:10 svc:/application/x11/xvnc-inetd:default
    online 13:29:10 svc:/network/security/ktkt_warn:default
    online 13:29:10 svc:/network/rpc/cde-ttdbserver:tcp
    online 13:29:10 svc:/network/rpc/cde-calendar-manager:default
    online 13:29:10 svc:/system/filesystem/autofs:default
    online 13:29:10 svc:/application/cups/scheduler:default
    online 13:29:10 svc:/system/dumpadm:default
    online 13:29:10 svc:/network/ssh:default
    online 13:29:10 svc:/milestone/self-assembly-complete:default
    online 13:29:11 svc:/system/system-log:default
    online 13:29:11 svc:/application/pkg/update:default
    online 13:29:11 svc:/system/auditd:default
    online 13:29:11 svc:/system/console-login:default
    online 13:29:11 svc:/system/vtdaemon:default
    online 13:29:11 svc:/system/console-login:vt4
    online 13:29:11 svc:/system/console-login:vt3
    online 13:29:11 svc:/system/console-login:vt2
    online 13:29:11 svc:/system/console-login:vt6
    online 13:29:11 svc:/system/console-login:vt5
    online 13:29:11 svc:/milestone/multi-user:default
    online 13:29:11 svc:/application/man-index:default
    online 13:29:11 svc:/application/graphical-login/gdm:default
    online 13:29:11 svc:/milestone/multi-user-server:default
    online 13:29:11 svc:/system/intrd:default
    online 13:29:11 svc:/system/zones:default
    online 13:29:11 svc:/system/zones-install:default
    online 13:29:12 svc:/application/stosreg:default
    online 13:29:12 svc:/system/boot-config:default
    online 13:29:15 svc:/system/fmd:default
    online 13:29:15 svc:/system/fm/smtp-notify:default
    online 13:29:16 svc:/system/fm/asr-notify:default
    online 13:29:25 svc:/system/devchassis:daemon
    online 13:29:32 svc:/network/ilomconfig-interconnect:default
    online 13:29:32 svc:/system/ocm:default
    online 13:29:41 svc:/system/console-reset:default
    online 13:29:53 svc:/application/texinfo-update:default
    online 13:58:19 svc:/system/name-service/switch:default
    online 13:58:19 svc:/milestone/name-services:default
    online 13:58:19 svc:/network/sendmail-client:default
    online 13:58:19 svc:/network/smtp:sendmail
    online 13:58:19 svc:/network/nfs/client:default
    online 13:58:35 svc:/system/name-service/cache:default
    maintenance 13:38:48 svc:/network/ldap/client:default

    Edited by: 1502 on Dec 5, 2012 2:45 PM
  • 11. Re: Ldap in solaris 11-11-11
    qwe25256 Newbie
    Currently Being Moderated
    The key information is:
    WARNING: /var/ldap/ldap_client_file is missing or not readable

    I would check the way you created your LDAP client again. check the initialize command you used for ldapclient, since it looks like you have not done it or files have been deleted.

    you should have files like:

    *# ls /var/ldap*
    cachemgr.log       ldap_client_cred   ldap_client_file   restore/

    Andrew

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points