Hi,

have this Solaris 9 Box's worked with the old iPlanet DS?. For the password you have to configure the /etc/pam.conf like described in the man pages:

$ man pam_ldap it is different to Solaris10

I guess that Solaris needs also the VLV's for getentpwent, which can created by run /usr/lib/ldap/idsconfig. You can use this script also for the 389DS if you fake the version check to the 5.2 version (you can google for this).

BTW: If you use ldaps you must provide the CA' cert in an old cert7.db on the Solarsi9 Client.

HTH Carsten

Am 15.04.13 schrieb Elizabeth Jones bajones@panix.com:

We are trying to move our servers off a very old version of iplanet (circa 2002) to 389 DS. The data in both ldaps is almost identical, except that there was some stuff in the iplanet that couldn't convert over to 389. I'm not sure exactly what wouldn't convert, except that I couldn't do an export of the iplanet database and import into 389, instead did an ldif.

Everything we have converted so far (RHEL 4,5,6 and Solaris 10) has gone over successfully, but I'm running into problems with some old Solaris 9 servers. They seem to be connecting successfully to the ldap, but not pulling back a password. getent passwd shows the list of users in the ldap, and I can su from root to my user account. When I have su'ed to my account, groups shows all the groups that I have in my ldap account on the new DS.

I noticed this in the ldap logs, but I don't know what SolarisAuditUser means --

[13/Apr/2013:23:42:07 -0500] conn=2042387 op=1 SRCH base="ou=people,dc=mycompany,dc=com" scope=2 filter="(&(object Class=SolarisAuditUser)(uid=ejones))" attrs="uid SolarisAuditAlways SolarisAuditNever"

Is anyone familiar with this?

thanks -

EJ

-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users