Gary, thank you for the replies. (I do have the patch you mentioned:)
bash-2.03# showrev -p | grep "^Patch: 108993-48"
Patch: 108993-48 Obsoletes: 108827-40, 108991-18, 109322-09, 109461-03, 111641-0
[...]
--- "Tay, Gary" <Gary_Tay(a)platts.com> wrote:
0) As mentioned in previous email, use "ldapclient -i", not
"ldapclient
-P".
I did. It kept failing until I got rid of "-a default"
Handling manual option
Unable to set value: invalid authenticationMethod (default)
Getting rid of -a default:
bash-2.03# /usr/sbin/ldapclient -v -i -b dc=foo,dc=com -c proxy -D uid=proxyA
gent,ou=profile,dc=foo,dc=com -w password -S "passwd: ou=People,dc=foo,dc=
com?one" -S "shadow: ou=People,dc=foo,dc=com?one" -S "group:
ou=group,dc=caxt
on,dc=com?one" -S "netgroup: ou=netgroup,dc=foo,dc=com?one" 149.85.70.17
Arguments parsed:
defaultSearchBase: dc=foo,dc=com
credentialLevel: proxy
proxyDN: uid=proxyAgent,ou=profile,dc=foo,dc=com
serviceSearchDescriptor:
arg[0]: passwd: ou=People,dc=foo,dc=com?one
arg[1]: shadow: ou=People,dc=foo,dc=com?one
arg[2]: group: ou=group,dc=foo,dc=com?one
arg[3]: netgroup: ou=netgroup,dc=foo,dc=com?one
proxyPassword: password
defaultServerList: 149.85.70.17
Handling manual option
Proxy DN: uid=proxyAgent,ou=profile,dc=foo,dc=com
Proxy password: {NS1}ecfa88f3a945c411
Credential level: 1
Authentication method: 0
Authentication method: 0
No proxyDN/proxyPassword required
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
Stopping nscd
Stopping autofs
Stopping ldap
nisd not running
nis_cache not running
nispasswd not running
nis(yp) not running
Removing existing restore directory
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "composers.foo.com"
file_backup: stat(/var/yp/binding/composers.foo.com)=-1
file_backup: No /var/yp/binding/composers.foo.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname composers.foo.com... success
start: /usr/lib/ldap/ldap_cachemgr... success
start: /etc/init.d/autofs start... success
start: /etc/init.d/nscd start... success
System successfully configured
bash-2.03# id testdba
id: invalid user name: "testdba"
bash-2.03#
So, looks like it worked but I can't authenticate any users. id testdba produces
traffic
on the FDS server, so it's definitely trying to query it but can't resolve
anything.
Also, I have two profiles:
# default, profile,
foo.com
dn: cn=default,ou=profile,dc=foo,dc=com
defaultSearchBase: dc=foo,dc=com
authenticationMethod: simple
followReferrals: TRUE
bindTimeLimit: 2
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 149.85.70.17
credentialLevel: proxy
cn: default
defaultSearchScope: one
# tls_profile, profile,
foo.com
dn: cn=tls_profile,ou=profile,dc=foo,dc=com
defaultSearchBase: dc=foo,dc=com
authenticationMethod: tls:simple
followReferrals: FALSE
bindTimeLimit: 10
profileTTL: 43200
searchTimeLimit: 30
objectClass: top
objectClass: DUAConfigProfile
defaultServerList:
cnyitlin02.composers.foo.com
credentialLevel: proxy
cn: tls_profile
serviceSearchDescriptor: passwd: ou=People,dc=foo,dc=com
serviceSearchDescriptor: group: ou=group,dc=foo,dc=com
serviceSearchDescriptor: shadow: ou=People,dc=foo,dc=com
defaultSearchScope: one
My default profile doesn't have those 3 searchDescriptors. Or we are not using
profiles
anymore? Just curious...
Do you still think I need to change my defaultSearchDN? Also, must those ACLs be added
still? Because it looks like you're doing a manual config, right?
Thank you for your help, Gary.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com