LDAP Authentication
Hi @all,
I'm trying to configure Solaris9 to use a LDAP server for user authentication.
I configured my system with
ldapclient -v manual \
-a domainname=mydomain.com \
-a credentialLevel=proxy \
-a defaultSearchBase=dc=mydomain,dc=com?sub \
-a proxyDn=cn=proxyagent,ou=profile,dc=mydomain,dc=com \
-a proxypassword=secret \
-a authenticationMethod=simple \
-a serviceSearchDescriptor=passwd:dc=mydomain,dc=com?sub \
-a serviceSearchDescriptor=shadow:dc=mydomain,dc=com?sub \
-a serviceSearchDescriptor=group:ou=Groups,dc=mydomain,dc=com?s ub \
-a serviceAuthenticationMethod="pam_ldap:simple" \
-a serviceAuthenticationMethod="passwd-cmd:simple" -a \ serviceAuthenticationMethod="keyserv:simple" \
ldap.server.mydomain.com
With this initialisation I can login as normal user and everything seems to be ok. But after rebooting the server hangs with following message:
"LDAP domain name is mydomain.com"
Just a reboot in single-user mode and an uninit will make rebootable my server.
What is wrong? Why does my server hang?
Thanks,
Lars
[1470 byte] By [
TheLars] at [2007-11-25 22:41:32]
# 1
I experienced this before, until the relevant patches are applied.
I assume you are using SUN ONE DS5.2 or SUN Java System DS5.2.
Make sure you have these patches
1) On the LDAP client, apply in Single User Mode pls.
latest kernel patch
latest LDAP patch 112960-30 or later
2) On the LDAP server, apply in Single User Mode pls.
- latest kernel patch
- latest LDAP patch 112960-30 or later
- 117665-03 DS5.2 Patch4
- All the patches required and mentioned in DS5.2 release notes, something like:
# Pls refer to:
# <a href="http://docs.sun.com/source/817-7611/index.html#wp33336" target="_blank">http://docs.sun.com/source/817-7611/index.html#wp33336</a >
#
#114677-08 SunOS 5.9: International Components for Unicode Patch
#117724-10 SunOS 5.8: NSPR 4.5.1 / NSS 3.9.5 / JSS 4.0
#115342-01 SunOS 5.9: Simple Authentication and Security Layer (2.01)
#115610-18 SunOS 5.9_sparc: Administration Server 5.2 patch
#115614-20 SunOS 5.9: Directory Server 5.2 patch
#117015-16 Patch for localized Solaris packages
#116837-02 LDAP CSDK - SUNWldk, SUNWldkx
Then re-do the ldapclient step.
You may find my HOWTOs, useful or not at all.
<a href="http://web.singnet.com.sg/~garyttt/" target="_blank">http://web.singnet.com.sg/~garyttt/</a>
HTH.
Gary
===
$ showrev -p | grep "^Patch: 112960-"
Patch: 112960-30 Obsoletes: 113152-01, 113166-01, 113476-13 Requires: 112874-06 Incompatibles: Packages: SUNWcsl, SUNWcslx, SUNWarc, SUNWarcx, SUNWnisu, SUNWcstl, SUNWcstlx, SUNWhea
Useful script:
#! /bin/sh
#
# chk_patches_sjes_ds52.sh
#
# Gary Tay, 1-Apr-2005 written
#
# Pls customize the patches you are checking, use blank to separate
# multiple patch ids, eg: 5.9:112345 113456
#
# Pls refer to:
# <a href="http://docs.sun.com/source/817-7611/index.html#wp33336" target="_blank">http://docs.sun.com/source/817-7611/index.html#wp33336</a >
#
#114677-08 SunOS 5.9: International Components for Unicode Patch
#117724-10 SunOS 5.8: NSPR 4.5.1 / NSS 3.9.5 / JSS 4.0
#115342-01 SunOS 5.9: Simple Authentication and Security Layer (2.01)
#115610-18 SunOS 5.9_sparc: Administration Server 5.2 patch
#115614-20 SunOS 5.9: Directory Server 5.2 patch
#117015-16 Patch for localized Solaris packages
#116837-02 LDAP CSDK - SUNWldk, SUNWldkx
#
# Solaris 8: (DS 5.2 Patch3 for the package version)
#115610 SunOS 5.9 : Sun Java(TM) System Directory Server 5.2 patch 3 (Adminserv)
#115614 SunOS 5.9 : Sun Java(TM) System Directory Server 5.2 patch 3 (DS)
#117722 SunOS 5.8: NSPR 4.5.1 / NSS 3.9.5 / JSS 4.0...
#118615 LDAP Java Development Kit 4.17 SunOS 5.8 5.9 _x86: genesis patch
#
# Solaris 8: LDAP-Client
#108993 LDAP-Client for Solaris 8 (phase II)
#108808 LDAP-Client for Solaris 8 (man-pages)
#
# And at your option for for JES 114045
cat >/tmp/chk_patches$$.tmp <<EOF
5.8:108993 115610 115614 117722 118615 108808 114045
5.9:114677 117724 115342 115610 115614 117015 116837
EOF
SOLARIS_VER=`uname -r`
PATCH_IDS=`grep "$SOLARIS_VER" /tmp/chk_patches$$.tmp | cut -d: -f2`
for i in `echo $PATCH_IDS`
do
RESULT=`showrev -p | grep "^Patch: $i-"`
[ -n "$RESULT" ] && echo $RESULT
[ -z "$RESULT" ] && echo PATCH $i not found...
done
/bin/rm -f /tmp/chk_patches$$.tmp
Example of running chk_patches_sjes_ds52.sh:
# ./chk_patches_sjes_ds52.sh
Patch: 114677-08 Obsoletes: Requires: Incompatibles: Packages: SUNWicu, SUNWicux
Patch: 117724-10 Obsoletes: 115926-10 Requires: Incompatibles: Packages: SUNWtls, SUNWtlsx, SUNWpr, SUNWjss, SUNWprx
Patch: 115342-01 Obsoletes: Requires: Incompatibles: Packages: SUNWsasl, SUNWsaslx
Patch: 115610-17 Obsoletes: Requires: Incompatibles: Packages: SUNWasvc, SUNWasvu, SUNWasvr, SUNWasvcp
Patch: 115614-19 Obsoletes: 117907-02 Requires: 115610-17 Incompatibles: Packages: SUNWdsvr, SUNWdsvcp, SUNWdsvh, SUNWdsvhx, SUNWdsvu, SUNWdsvx, SUNWdsvpl
PATCH 117015 not found...
Patch: 116837-02 Obsoletes: Requires: Incompatibles: Packages: SUNWldk
#
===
