ldap_client_file definitely isn't getting zeroed. Does your suspicion still apply in that case?
On Nov 18, 2010, at 5:27, Tom Kranz <t...@siliconbunny.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote: > >> I've gotten a config working where I have Kerberos auth to AD and >> passwd lookups via LDAP to AD. I enable it, and it works fine, but on >> a reboot, it stops working. Please let me know if you have any >> thoughts as to why this happens. (This behavior is common to both >> oi147 and Solaris 11 Express.) >> > > At this stage (after you've run ldapclient) /var/ldap/ldap_client_file should > be populated with the correct values - is that the case? > > There were a couple of long standing bugs in Solaris 10 - one of them was > where the LDAP client couldn't contact an LDAP server when it came to update > it's configuration, it would write down a zero byte ldap_client_file - with > predictable results. > > The other one was when /var filled up, even for a moment, ldap_client_file > would be zeroed out when doing a profile refresh. Both partly stem from LDAP > client profile updates moving ldap_client_file before getting an update, and > then not being able/willing to move it back again if something goes wrong. > > However, I think the problem here is - are you storing this LDAP profile in > AD? The LDAP client will do a refresh of the config from the profile on the > LDAP server - I suspect on boot it's trying to do a refresh, not finding a > profile, and the zeroing out ldap_client_file. > > You need to keep an LDAP client profile in the right container in the tree > because clients will poll and refresh from that profile. > > Cheers, > TOM > > > - -- > Tom Kranz > Email: t...@gaeltd.com Skype: siliconbunny > Mobile: 07779 149281 Phone/fax: 01344 773240 > http://www.gaeltd.com http://www.linkedin.com/in/tomkranz > > > > > -----BEGIN PGP SIGNATURE----- > > iEYEARECAAYFAkzk/4QACgkQCaTe3ZK74hmAZQCeO+wSoLy8jiQG2hKJ1vRj3zju > ekwAn26JK8oTCGWE3KEYTcOD2hafUtJB > =L2es > -----END PGP SIGNATURE----- > > _______________________________________________ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
