![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Today's travail: trying to set up an ldap client using profiles.
Instead of just killing smelly (the Solaris client test box), this time I tried setting up profiles to make it easier to kill him next time. Now, technically, using profiles isn't "required" but a quick read through ldapclient's manpage and through Sun's docs shows it to be preferred over manual configuration. Naturally, since it isn't technically required, Sun doesn't include the appropriate schemas to use it.
This page has some pretty good documentation on setting up a client on Solaris, and it also includes the schema for nisDomainObject in the LDIF format that SunONE understands. With that schema and the one for DUAConfigProfile mentioned last time (and in need of conversion from OpenLDAP to SunONE) you're armed to begin setting profiles up.
When you run
ldapclient init -a profileName=
profile-name, it looks for a
nisDomainObject with a
nisDomain attribute matching the current
NIS domain
[1]. Then it assumes an
ou called
profile as a child of that object and
searches under there for a
DUAConfigProfile with a
cn attribute matching the profile you're
trying to load
[2]. Which means that you need to
have that
ou=profile underneath any
nisDomainObject s you may have.
So now that you know how ldapclient works, this is when we run into another problem. We're using profiles so that we don't need to manually configure every client, but instead can use ldapclient to retrieve the client file from the ldap server for us. When running the command on Solaris 10, however, we run into another glitch: Solaris 10's Service Management Facility. When smf attempts to turn on and off the different services to initialize ldap it fails to start network/ldap/client:default. After looking through many a log file we eventually identified that the problem is:
ldap_cachemgr[5459]: [ID 293258 daemon.error] libsldap: Status: 0 Mesg: Configuration Error: No entry for 'NS_LDAP_BINDDN' found.
ldap_cachemgr[5458]: [ID 703877 daemon.error] ldap_cachemgr: failed (rc = 255).
I.e. there's no client file. Now, the whole point of running
ldapclient init
... is to generate such a file! At this point I'm
inclined to believe that this is a bug in Sun's code. Absolutely no
diagnostics are presented for why the file might not be created, nor
does any log file mention anything other than that the file fails to
exist. I would be elated if someone
could point out a solution to this problem. For further reference,
trying
ldapclient manual
... also fails with the exact same unreported error.
[1] Or
(&(objectClass=nisDomainObject)(nisDomain=
current-nis-domain)) if you prefer.
[2] According to the logs
it actually looks under
ou=profile,... for
(&(|(objectClass=SolarisNamingProfile)
(objectClass=DUAConfigProfile)) (cn=
profile-name)) which seems to imply that a
SolarisNamingProfile could be used as
well. Since
ldapclient genprofile
... creates a
DUAConfigProfile however, I'm disinclined
to tempt fate.
