Continuing the conversation from this link: https://community.oracle.com/message/14692683#14692683
[In the Solaris 11.4 Beta main hread]
The next thing that I would check are the status of the various naming SMF services:
and their related SMF log files as well as /var/ldap/cachemgr.log
to verify that all the services (including the cache service [nscd]) are enabled and online.
Also verify that there are no log errors that might indicate a problem.
Solaris 11.4 uses OpenLDAP for libldap, so you may want to double check ldap.conf
to make sure it is not negatively affecting lookups.
might also provide some status information that may be of help.
If you can get getent to return a result for
getent automount/auto_home rogerst
then automount should also work, if not, restart autofs one more
If you refresh the name-service/switch
# svcadm refresh name-service/switch
then the effect should ripple through the whole system restarting services as needed, including autofs.
All of those look good.
The getent isn't returning anything.
getent netgroup xxxx
however is working fine.
Other maps are also not working
getent automount/auto_direct /admin/bin (no reply)
ldaplist -l auto_direct /admin/bin (correct reply)
Do you have any working configurations of this in lab or is this all in theory that it should be working?
previously our ldap.conf was just used for sudoers, do we now have to make a specific ldap.conf? The configuration seems be being read correctly from /var/ldap/*. ldapclient reads everything correctly.
here is something else
truss getent netgroup users_unix_admins 2>&1 | grep ldap (returns a lot of hits for ldap information and ldap.conf)
truss getent automount/auto_home rogerst 2>&1 | grep ldap (no ldap related output)
Yes, automount is widely deployed in Oracle and withing the Solaris development organization.
Almost every shared machine is configured for LDAP and also uses automount
for home directories and many other shared file systems. IT literally manages many 10,000's
of automount file systems using LDAP at the moment. To my knowledge, every Solaris engineer
has and uses an automounted home directory on a regular basis.
I suspect the issue has something to do with specific local system configuration.
I am just not sure what that root cause is yet.
I was asking specifically in regard to solaris 11.4 beta. We extensively use autofs with ldap in our environment. Our configurations we use with solaris 11.3 & solaris 10 does not work on the beta. We are testing the beta to know what we need to plan for in the future. I can track this in mos if that is a better place. But i figure this is beta and this might be a good place to flush out some of these issues.
name service lookups are performed through the new name service switch in nscd, not the obsolete version in libc.
All lookups occur in the context of nscd performing the lookups, caching and returning the results.
This is why you do not see LDAP processing in getent.
Just adding a note here that we are seeing the same thing as being discussed above.
For reference our configuration is with Active Directory and setup exactly like this blog:
automount is no longer linked with ldap. Makes me wonder if this was compiled without ldap support?
[root@hosta:/lib/svc/method]$ ldd /usr/sbin/automount|grep ldap
[root@hostb:~]$ ldd /usr/sbin/automount|grep ldap
libsldap.so.1 => /usr/lib/libsldap.so.1
libldap.so.5 => /usr/lib/libldap.so.5
All name service lookups are now processed by nscd, including automount lookups.
The LDAP libraries (now the OpenLDAP libraries, not the EOFd Mozilla libldap.so.5) are loaded by nscd
if LDAP is configured into naming services. This is why automount does not have
a library dependency on LDAP. The nscd process is the name service switch and
I worked with network engineer and we monitored server with netscout and these queries aren't even leaving the server. only type of query that left server was when I did ldaplist -l auto_home <username>. Any other getent or ls /home/folder didn't leave box to query ldap.
Can you run a dapptrace -a on nscd and do another lookup and send me the results?
/usr/dtrace/DTT/Proc/dapptrace -a -p PID > /tmp/out.txt 2>&1
I would like to understand what functions (in the processing of the call are being made).
If you don't ahve it loaded, dapptrace is in pkg:
DougL-Oracle I am trying to email you from work and from gmail and its undeliverable.
#550 5.7.0 Message Size Violation ##
550 5.7.0 Exceeded message acceptance limits.
It's only a 1.4mb zip file. Can you tell me what to do?
any traction on this?
I am still reviewing the dtrace output I have been given. Will follow up off line as needed.