0 Replies Latest reply on Jun 25, 2018 11:10 AM by 3732139

    How to create open ldap profile on ldap server with multiple solaris client machines.

    3732139

      Hi Team,

      I am struggle to correct syntax error while configuring open ldap server while creating solaris client machines profile. I am using /etc/openldap/ldap.conf to create solaris client machines profile as below. I receive below errors. Appreciate your valuable feedback for correcting profile issue for solaris client machines.

       

      profile lines -

       

      # cat /etc/openldap/ldap.conf

      URI ldaps://<FQDN>:636

      BASE o=<domain>.com

      TLS_CACERT /etc/openldap/cacerts/xxx.pem

      #TLS_CIPHER_SUITE TLSv1+HIGH:!NULL

      #TLS_CACERTDIR /etc/pki/tls/certs

      TLS_CACERTDIR /etc/openldap/cacerts

       

       

      dn: cn=proxyagent,ou=profile,o=<domain>.com

      userPassword: <password>

      objectClass: top

      objectClass: person

      sn: proxyagent

      cn: proxyagent

       

       

      dn: cn=default,ou=profile,o=<domain>.com

      defaultSearchBase: o=<domain>.com

      authenticationMethod: simple

      followReferrals: FALSE

      profileTTL: 432000

      searchTimeLimit: 30

      objectClass: DUAconfigProfile

      defaultServerList: <FQDN>

      credentialLevel: proxy

      cn: default

      defaultSearchScope: one

       

       

      dn: cn=sunprofile,ou=profile,o=<domain>.com

      SolarisBindDN: cn=proxyagent,ou=profile,o=<domain>.com

      SolarisBindPassword: <password>

      SolarisLDAPServers: <IP>

      SolarisSearchBaseDN: o=<domain>.com

      SolarisAuthMethod: NS_LDAP_AUTH_SIMPLE

      SolarisTransportSecurity: NS_LDAP_SEC_NONE

      SolarisSearchReferral: NS_LDAP_FOLLOWREF

      SolarisSearchScope: NS_LDAP_SCOPE_ONELEVEL

      SolarisSearchTimeLimit: 30

      SolarisCacheTTL: 43200

      cn: sunprofile

      ObjectClass: top

      ObjectClass: SolarisNamingProfile

       

       

       

      Client side

       

      bash-3.2# ldapclient init -D -v -a profileName=sunprofile -a domainName=<host>.<domain>.com <IP>

      Bind Password:

      openConnection: simple bind failed - Invalid DN syntax

       

      bash-3.2# ldapsearch -D "cn=Manager,dc=<domain>,dc=com" -b "dc=<domain>,dc=com" objectclass=*

      Enter bind password:

      ldap_simple_bind: Can't connect to the LDAP server - Connection refused

       

      bash-3.2# ldapsearch -D "cn=Manager,dc=<domain>,dc=com" -w <password> -b "dc=<domain>,dc=com" objectclass=*

      ldap_simple_bind: Can't connect to the LDAP server - Connection refused

       

      bash-3.2# ldapsearch -D "cn=Manager,dc=<domain>,dc=com" -w <password> -b "dc=<domain>,dc=com" objectclass=*

      ldap_simple_bind: Can't connect to the LDAP server - Connection refused

       

      bash-3.2# ldapclient -v init -a proxydn=cn=proxyagent,ou=profile,dc=<domain>,dc=com -a proxypassword=<password> -a domainname=<domainame>.com -a profilename=sunprofile <FQDN>

      Parsing proxydn=cn=proxyagent,ou=profile,dc=<domain>,dc=com

      Parsing proxypassword=<password>

      Parsing domainname=<domainname>.com

      Parsing profilename=sunprofile

      Arguments parsed:

      domainName: <domain>.com

      proxyDN: cn=proxyagent,ou=profile,dc=<domain>,dc=com

      profileName: sunprofile

      proxyPassword: <password>

      defaultServerList: <FQDN>

      Handling init option

      About to configure machine by downloading a profile

      openConnection: simple bind failed - Inappropriate authentication

       

       

       

      Server side

       

      # ldapsearch -D "cn=Manager,dc=<domain>,dc=com" -b "dc=<domain>,dc=com" objectclass=*

      ldap_bind: Server is unwilling to perform (53)

      additional info: unauthenticated bind (DN with no password) disallowed

       

      # ldapsearch -D "cn=Manager,dc=<domain>,dc=com" -b "dc=<domain>,dc=com" -w <password> objectclass=*

      ldap_bind: Invalid credentials (49)

       

      # ldapsearch -D "cn=Manager,dc=<domain>,dc=com" -b "dc=<domain>,dc=com" -w <password> objectclass=*

      ldap_bind: Invalid credentials (49)

       

      # ldapadd -h <server> -D "cn=Directory Manager" -w <password> -f sunprofile.ldif

      1. sunprofile.ldif: No such file or directory