I went ahead and got the ldapsearch. It worked.
ldaplist is just busted, I guess.
No ldaplist just depends on a successfull creation of the /var/ldap/* files.
> - make sure the posix account has the
> "shadowAccount" attribute
Added it. I went to user, properties, posixAccount,
advanced, add value -> shadowAccount. Not sure if
that's the right way of doing it or not...
That's ok
> - use : ldapclient -v -P default -D
> "cn=proxyagent,ou=profile,dc=domain,dc=nl" -d
> domain.nl -w proxy_password
> {ipnumber_ldap_server} , to create the ldap_file &
> ldap_cred files
Yea -- that's where I hit another problem:
Nope this is the main problem.
Handling init option
About to configure machine by downloading a profile
findBaseDN: begins
findBaseDN: Stopping ldap
findBaseDN: calling __ns_ldap_default_config()
found 2 namingcontexts
findBaseDN: __ns_ldap_list(NULL,
"(&(objectclass=nisDomainObject)(nisdomain=composers.foo.com))"
rootDN[0] dc=foo,dc=com
found baseDN nisdomain=composers.foo.com,dc=foo,dc=com
for domain
composers.foo.com
The download of the profile failed.
Could not read the profile 'default'.
Perhaps it does not exist or you don't have sufficient
rights to read it.
However, from the FDS server itself, ldapsearch -x
shows this: (snipped)
# default, profile,
foo.com
dn: cn=default,ou=profile,dc=foo,dc=com
defaultSearchBase: dc=foo,dc=com
authenticationMethod: simple
followReferrals: TRUE
bindTimeLimit: 2
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList:
cnyitlin02.composers.foo.com
credentialLevel: proxy
cn: default
defaultSearchScope: one
Could you do a "ldapclient -u", stop ldapcachemgr/nscd, remove everything
from /var/ldap.
Then try the first ldapsearch test queuery but this time authenticating as
proxyagent.
What value has "nisdomain" in the FDS tree?
Try the ldapclient -v -P... line again.