Need help configuring cswopenldap client

Thu Mar 5 09:03:10 CET 2015

Do you don't need a ldap server (slapd) for connect Solaris to FreeIPA DS. 
I guess you also don't need a openldap client for sudo. This sould use the normal getpwent system calls, so you can configure the Solaris LDAP client. If the DS provides no DUAconfigprofiles, then you have to configure the LDAP client manually. There are how to's on the 389DS documentation.

Am 04.03.15 schrieb nathan at nathanpeters.com:
> I have a Solaris 10 system on which I have installed the CSWopenldap
> packages because I am trying to get sudo working through ldap (to a
> FreeIPA server).
> 
> The problem I am having is that I can't figure out how to configure the
> thing. I have read everything I can find on
> http://www.opencsw.org/manual/ but the documentation is pretty much
> nonexistent.
> 
> Here is the list of packages I have installed from CSW : CSWbdb4,
> CSWcommon, CSWlibnet, CSWosslutils, CSWsasl, CSWsudoldap, CSWsudo-ldap,
> CSWsudo-common, CSWopenldap-back-bdb, CSWopenldap-client, CSWopenldap
> 
> I can't seem to figure out how to configure the CSW openldap client
> though. With the regular built-in solaris ldap client there is a command
> that I can use to auto-create the configuration files in /var/ldap. I
> just run :
> ldapclient -v init -a domainName=mydomain.net dc1.mydomain.net
> 
> However, the CSW package apparently expects a different format of file,
> ldap.conf to be installed at /etc/opt/csw/ldap.conf.
> 
> So my first question is
> -----------------------
> How do I get that file autoconfigured? Is there a csw command similar to
> ldapclient init that will just connnect to the directory, download the
> default duaprofile and update ldap.conf for me the same way the default
> solaris client does it? The default Solaris client does not seem to be
> aware of the CSW packages so does not change anything other than /var/ldap
> when I run it
> 
> My second question is : why does the CSW openldap client crash when I
> attempt to start it up?
> 
> The manual I linked above gave exactly zero information on whether any
> sort of post-install configuration was necessary so I installed the
> packages, and then tried to do a 'svcadm enable cswopenldap'
> 
> Here is what I've done to troubleshoot :
> # svcs -xv
> svc:/network/cswopenldap:default (?)
>  State: maintenance since March 4, 2015 11:21:17 AM PST
> Reason: Start method failed repeatedly, last exited with status 1.
>  See: http://sun.com/msg/SMF-8000-KS
>  See: /var/svc/log/network-cswopenldap:default.log
> Impact: This service is not running.
> 
> # tail /var/svc/log/network-cswopenldap:default.log
> [ Mar 4 10:51:09 Leaving maintenance because clear requested. ]
> [ Mar 4 10:51:09 Enabled. ]
> [ Mar 4 10:51:09 Executing start method
> ("/var/opt/csw/svc/method/svc-cswopenldap start") ]
> Starting openldap-slapd: [FAILED]
> [ Mar 4 10:51:09 Method "start" exited with status 1 ]
> [ Mar 4 11:21:17 Leaving maintenance because clear requested. ]
> [ Mar 4 11:21:17 Enabled. ]
> [ Mar 4 11:21:17 Executing start method
> ("/var/opt/csw/svc/method/svc-cswopenldap start") ]
> Starting openldap-slapd: [FAILED]
> [ Mar 4 11:21:17 Method "start" exited with status 1 ]
> 
> Note that its the openldap-slapd that is not starting?
> 
> Does anyonw know why slapd would try to start? I intend to use regular
> ldap, and not ldaps so I'm not sure why the slapd is trying to start. 
> Also, why would it fail? that log entry is very non-verbose about what
> the cause of failure was.
> 
> I had previously been getting an error about bdb not recognized but I
> solved that by uncommenting the following lines :
> modulepath /opt/csw/libexec/amd64/openldap
> moduleload back_bdb.la
> 
> However, now the server is just not starting, and as you can see from the
> logs above, not giving a bdb error, but still failing to start or tell me
> why it didn't start.
> 
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20150305/3dfe67b7/attachment.html>