LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Solaris / OpenSolaris (https://www.linuxquestions.org/questions/solaris-opensolaris-20/)
-   -   Solaris and ldapclient, a little help (https://www.linuxquestions.org/questions/solaris-opensolaris-20/solaris-and-ldapclient-a-little-help-4175689038/)

camerabambai 01-21-2021 04:11 PM
Solaris and ldapclient, a little help
 
I have configured Solaris to use ldap users.
The ldap server is Samba4 DC, the client is Solaris 11.4.

I have "join" the server with this command

Code:
ldapclient manual \
 -a credentialLevel=proxy \
 -a authenticationMethod=sasl/gssapi \
 -a proxyDN=cn=proxyldap,cn=Users,dc=mydom,dc=priv \
 -a proxyPassword=******* \
 -a defaultSearchBase=dc=mydom,dc=priv \
 -a debugLevel=6 \
 -a domainName=mydom.priv \
 -a "defaultServerList=10.3.0.4" \
 -a attributeMap=group:userpassword=unixUserPassword\
 -a attributeMap=group:gidnumber=gidNumber \
 -a attributeMap=passwd:cn=cn \
 -a attributeMap=passwd:gidnumber=gidNumber \
 -a attributeMap=passwd:uidnumber=uidNumber \
 -a attributeMap=passwd:homedirectory=homeDirectory \
 -a attributeMap=passwd:loginshell=loginShell \
 -a attributeMap=shadow:userpassword=unixUserPassword \
 -a objectClassMap=group:posixGroup=group \
 -a objectClassMap=passwd:posixAccount=user \
 -a serviceSearchDescriptor=passwd:dc=mydom,dc=priv?sub \
 -a serviceSearchDescriptor=group:dc=mydom,dc=priv?sub
Configure return OK

finger works, searching for user "pino" on Solaris

Code:
finger pino
Login name: pino                        In real life: pino
Directory: /home/pino                  Shell: /bin/bash
Never logged in.
No unread mail
No Plan.
ldaplist return error!
Code:
ldaplist passwd
ldaplist: libsldap.so.1 internal error

ldaplist -a sasl/GSSAPI passwd
ldaplist: (standalone auth error)
Configuration syntax error: Unable to set parameter from a client in __ns_ldap_setParam()
getent passwd works...at 50%

Code:
getent passwd |grep pino
pino:x:3000014:100:pino:/home/pino:/bin/bash

getent passwd pino
id doesn't work

Code:
id pino
id: invalid user name: "pino"
What I miss?

camerabambai 01-25-2021 09:25 PM
Solved

A)On Samba4 server I create the user with Unix attributes, like the good old Microsoft SFU on Windows 2003 and 2008 servers.

Code:
samba-tool user create pino passwordselected --given-name=pino --surname=pino --initials=pp --home-directory=/export/home/pino --login-shell=bin/bash --unix-home=/export/home/pino --gecos="user pino" --use-username-as-cn --description="user pino" --mail-address=pino@mydom.priv
I create also a proxyldap user

Code:
samba-tool user create proxyldap passwordselected --given-name proxyldap --surname=proxyldap --initials=pp --home-directory=/dev/null --login-shell=/bin/false --unix-home=/dev/null --gecos="user for proxy ldap" --use-username-as-cn --description="user for ldap proxy"
B)On Solaris client I use this ldapclient configuration

Code:
ldapclient -v manual \
 -a credentialLevel=proxy \
 -a authenticationMethod=simple \
 -a proxyDN=cn=proxyldap,cn=Users,dc=mydom,dc=priv \
 -a proxyPassword=*********** \
 -a defaultSearchBase=dc=mydom,dc=priv \
 -a debugLevel=6 \
 -a domainName=mydom.priv \
 -a "defaultServerList=10.3.0.4" \
 -a attributeMap=group:userpassword=unixUserPassword\
 -a attributeMap=group:gidnumber=gidNumber \
 -a attributeMap=passwd:cn=cn \
 -a attributeMap=passwd:gidnumber=gidNumber \
 -a attributeMap=passwd:uidnumber=uidNumber \
 -a attributeMap=passwd:homedirectory=HomeDirectory \
 -a attributeMap=passwd:unixhomedirectory=unixHomeDirectory \
 -a attributeMap=passwd:loginshell=loginShell \
 -a attributeMap=passwd:gecos=gecos \
 -a attributeMap=shadow:userpassword=unixUserPassword \
 -a objectClassMap=group:posixGroup=group \
 -a objectClassMap=passwd:posixAccount=user \
 -a objectClassMap=shadow:shadowAccount=user \
 -a serviceSearchDescriptor=passwd:dc=mydom,dc=priv?sub \
 -a serviceSearchDescriptor=group:dc=mydom,dc=priv?sub
c)after restart ldapclient all works fine


All times are GMT -5. The time now is 05:36 AM.