Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

Pain-free way of adding SSD?

Good day,

I run SJS DS 5.2 patch 4 on a Solaris x86 system. When this directory was first set up using idsconfig, no service search descriptors were added for the passwd service and rightfully enough, searches logged in the access log only refer to ou=people,o=mydomain.com,dc=mydomain,dc=com.

I've read of re-running idsconfig to add SSD's but that looks woefully mis-scoped; I'd like something more specific to be able to force searches for the passwd service to search another ou in the same o container.

I read about the serviceSearchDescriptor of the "default" profile and decided to set up the following on my test system:

Attribute: serviceSearchDescriptor

Value: passwd:ou=people,o=mydomain.com,dc=mydomain,dc=com;ou=otherPeople,o=mydomain.co m,dc=mydomain,dc=com

Not only was I unable to log in using accounts from the otherPeople container, I also then lost the ability to log in using accounts from the people container.

I've scrapped this test system and am now rebuilding it but I'd like to know whether a pain-free way of adding SSDs exists. That excludes re-configuring using idsconfig.

Cheers

[1168 byte] By [edepasa] at [2007-11-27 4:05:48]
«« Addressing an Array which doesn't exist until a loop runs?
»» Statistics & Java
# 1

SSDs can be added as an attribute to any profile without idsconfig. I think idsconfig just sets up the default profile, but you can certainly change it afterwards.

Your SSD syntax looks right.

I suggest looking carefully at your access logs, and compare lookups from working clients (without the new SSD) with those from clients configured to use the SSD.

If nothing is obvious in this comparison, you can post snippets of it here and maybe I'll be able to tell what's happening.

gtholberta at 2007-7-12 9:10:49 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2
Thanks for checking my syntax.I'm in the process of re-installing from Solaris 10 upward on my test machine. i'll post back with the outcome once I've set up SJS DS 5.2 p4.Cheers
edepasa at 2007-7-12 9:10:49 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3

Ah well, no luck yet.

I'm running telnet 127.0.0.1 on the test machine using a test account edepa2 created under the additional container morepeople.

The DS access log on the test machine (pasted at the end of this post) shows that the morepeople container is beng searched and the entry edepa2 is being found but the telnet returns "login incorrect".

The serviceSearchDescriptor attribute is now set to:

passwd:ou=people,o=mydomain.com,dc=mydomain,dc=com;ou=morepeople,o=mydomain.com ,dc=mydomain,dc=com

Any ideas?

Cheers,

Etienne

[29/Jun/2007:14:28:55 +0200] conn=60 op=-1 msgId=-1 - closed.

[29/Jun/2007:14:29:12 +0200] conn=61 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 193.188.36.249 to 193.188.36.249

[29/Jun/2007:14:29:12 +0200] conn=61 op=0 msgId=1 - BIND dn="cn=proxyagent,ou=profile,o=mydomain.com,dc=mydomain,dc=com" method=128 version=3

[29/Jun/2007:14:29:12 +0200] conn=61 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=proxyagent,ou=profile,o=mydomain.com,dc=mydomain,dc=com"

[29/Jun/2007:14:29:12 +0200] conn=61 op=1 msgId=2 - SRCH base="ou=people,o=mydomain.com,dc=mydomain,dc=com" scope=2 filter="(&(objectClass=shadowAccount)(uid=edepa2))" attrs="uid userPassword shadowFlag"

[29/Jun/2007:14:29:12 +0200] conn=61 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0

[29/Jun/2007:14:29:12 +0200] conn=61 op=2 msgId=3 - SRCH base="ou=morepeople,o=mydomain.com,dc=mydomain,dc=com" scope=2 filter="(&(objectClass=shadowAccount)(uid=edepa2))" attrs="uid userPassword shadowFlag"

[29/Jun/2007:14:29:12 +0200] conn=61 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0

[29/Jun/2007:14:29:12 +0200] conn=61 op=3 msgId=4 - UNBIND

[29/Jun/2007:14:29:12 +0200] conn=61 op=3 msgId=-1 - closing - U1

[29/Jun/2007:14:29:13 +0200] conn=61 op=-1 msgId=-1 - closed.

[29/Jun/2007:14:29:15 +0200] conn=26 op=12 msgId=13 - SRCH base="ou=people,o=mydomain.com,dc=mydomain,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=edepa2))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"

[29/Jun/2007:14:29:15 +0200] conn=26 op=12 msgId=13 - RESULT err=0 tag=101 nentries=0 etime=0

[29/Jun/2007:14:29:15 +0200] conn=62 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 193.188.36.249 to 193.188.36.249

[29/Jun/2007:14:29:15 +0200] conn=62 op=0 msgId=1 - BIND dn="cn=proxyagent,ou=profile,o=mydomain.com,dc=mydomain,dc=com" method=128 version=3

[29/Jun/2007:14:29:15 +0200] conn=62 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=proxyagent,ou=profile,o=mydomain.com,dc=mydomain,dc=com"

[29/Jun/2007:14:29:15 +0200] conn=62 op=1 msgId=2 - SRCH base="ou=people,o=mydomain.com,dc=mydomain,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=edepa2))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"

[29/Jun/2007:14:29:15 +0200] conn=62 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0

[29/Jun/2007:14:29:15 +0200] conn=62 op=2 msgId=3 - SRCH base="ou=morepeople,o=mydomain.com,dc=mydomain,dc=com" scope=2 filter="(&(objectClass=posixAccount)(uid=edepa2))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"

[29/Jun/2007:14:29:15 +0200] conn=62 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0

[29/Jun/2007:14:29:15 +0200] conn=63 op=-1 msgId=-1 - fd=44 slot=44 LDAP connection from 193.188.36.249 to 193.188.36.249

[29/Jun/2007:14:29:15 +0200] conn=63 op=0 msgId=1 - BIND dn="cn=proxyagent,ou=profile,o=mydomain.com,dc=mydomain,dc=com" method=128 version=3

[29/Jun/2007:14:29:15 +0200] conn=63 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=proxyagent,ou=profile,o=mydomain.com,dc=mydomain,dc=com"

[29/Jun/2007:14:29:15 +0200] conn=62 op=3 msgId=4 - UNBIND

[29/Jun/2007:14:29:15 +0200] conn=62 op=3 msgId=-1 - closing - U1

[29/Jun/2007:14:29:15 +0200] conn=62 op=-1 msgId=-1 - closed.

[29/Jun/2007:14:29:15 +0200] conn=63 op=1 msgId=2 - SRCH base="ou=people,o=mydomain.com,dc=mydomain,dc=com" scope=2 filter="(&(objectClass=shadowAccount)(uid=edepa2))" attrs="uid userPassword shadowFlag"

[29/Jun/2007:14:29:15 +0200] conn=63 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0

[29/Jun/2007:14:29:15 +0200] conn=63 op=2 msgId=3 - SRCH base="ou=morepeople,o=mydomain.com,dc=mydomain,dc=com" scope=2 filter="(&(objectClass=shadowAccount)(uid=edepa2))" attrs="uid userPassword shadowFlag"

[29/Jun/2007:14:29:15 +0200] conn=63 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0

[29/Jun/2007:14:29:15 +0200] conn=63 op=3 msgId=4 - UNBIND

[29/Jun/2007:14:29:15 +0200] conn=63 op=3 msgId=-1 - closing - U1

[29/Jun/2007:14:29:16 +0200] conn=63 op=-1 msgId=-1 - closed.

[29/Jun/2007:14:29:31 +0200] conn=64 op=-1 msgId=-1 - fd=40 slot=40 LDAP connection from 193.188.36.249 to 193.188.36.249

[29/Jun/2007:14:29:31 +0200] conn=64 op=0 msgId=1 - SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedSASLMechanisms"

[29/Jun/2007:14:29:31 +0200] conn=64 op=0 msgId=1 - RESULT err=0 tag=101 nentries=1 etime=0

[29/Jun/2007:14:29:31 +0200] conn=64 op=1 msgId=2 - UNBIND

[29/Jun/2007:14:29:31 +0200] conn=64 op=1 msgId=-1 - closing - U1

[29/Jun/2007:14:29:32 +0200] conn=64 op=-1 msgId=-1 - closed.

edepasa at 2007-7-12 9:10:49 > top of Java-index,Web & Directory Servers,Directory Servers...
# 4

I'm relieved to say that I've solved the problem.

I got suspicious that I should be adding more that just the passwd SSD; I added the shadow SSD, re-booted the test machine (probably directoryserver stop would have done just as well) and I was able to telnet into the test machine using test account edepa2.

Cheers!

edepasa at 2007-7-12 9:10:49 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified