Need help configuring cswopenldap client

nathan at nathanpeters.com nathan at nathanpeters.com
Wed Mar 4 20:41:13 CET 2015


I have a Solaris 10 system on which I have installed the CSWopenldap
packages because I am trying to get sudo working through ldap (to a
FreeIPA server).

The problem I am having is that I can't figure out how to configure the
thing.  I have read everything I can find on
http://www.opencsw.org/manual/ but the documentation is pretty much
nonexistent.

Here is the list of packages I have installed from CSW : CSWbdb4,
CSWcommon, CSWlibnet, CSWosslutils, CSWsasl, CSWsudoldap, CSWsudo-ldap,
CSWsudo-common, CSWopenldap-back-bdb, CSWopenldap-client, CSWopenldap

I can't seem to figure out how to configure the CSW openldap client
though.  With the regular built-in solaris ldap client there is a command
that I can use to auto-create the configuration files in /var/ldap.  I
just run :
ldapclient -v init -a domainName=mydomain.net dc1.mydomain.net

However, the CSW package apparently expects a different format of file,
ldap.conf to be installed at /etc/opt/csw/ldap.conf.

So my first question is
-----------------------
How do I get that file autoconfigured?  Is there a csw command similar to
ldapclient init that will just connnect to the directory, download the
default duaprofile and update ldap.conf for me the same way the default
solaris client does it?  The default Solaris client does not seem to be
aware of the CSW packages so does not change anything other than /var/ldap
when I run it

My second question is : why does the CSW openldap client crash when I
attempt to start it up?

The manual I linked above gave exactly zero information on whether any
sort of post-install configuration was necessary so I installed the
packages, and then tried to do a 'svcadm enable cswopenldap'

Here is what I've done to troubleshoot :
# svcs -xv
svc:/network/cswopenldap:default (?)
 State: maintenance since March  4, 2015 11:21:17 AM PST
Reason: Start method failed repeatedly, last exited with status 1.
   See: http://sun.com/msg/SMF-8000-KS
   See: /var/svc/log/network-cswopenldap:default.log
Impact: This service is not running.

# tail /var/svc/log/network-cswopenldap:default.log
[ Mar  4 10:51:09 Leaving maintenance because clear requested. ]
[ Mar  4 10:51:09 Enabled. ]
[ Mar  4 10:51:09 Executing start method
("/var/opt/csw/svc/method/svc-cswopenldap start") ]
Starting openldap-slapd:                                    [FAILED]
[ Mar  4 10:51:09 Method "start" exited with status 1 ]
[ Mar  4 11:21:17 Leaving maintenance because clear requested. ]
[ Mar  4 11:21:17 Enabled. ]
[ Mar  4 11:21:17 Executing start method
("/var/opt/csw/svc/method/svc-cswopenldap start") ]
Starting openldap-slapd:                                    [FAILED]
[ Mar  4 11:21:17 Method "start" exited with status 1 ]

Note that its the openldap-slapd that is not starting?

Does anyonw know why slapd would try to start?  I intend to use regular
ldap, and not ldaps so I'm not sure why the slapd is trying to start. 
Also, why would it fail?  that log entry is very non-verbose about what
the cause of failure was.

I had previously been getting an error about bdb not recognized but I
solved that by uncommenting the following lines :
modulepath      /opt/csw/libexec/amd64/openldap
moduleload      back_bdb.la

However, now the server is just not starting, and as you can see from the
logs above, not giving a bdb error, but still failing to start or tell me
why it didn't start.



More information about the users mailing list