Hi Tim, Try the following change to the nsswitch.conf file
# consult /etc "files" only if ldap is down. hosts: files dns mdns ldap This will set the resolution order to; 1 local hosts file, 2 dns, 3 multicast dns, 4 ldap lookup Regards, Mike -----Original Message----- From: Tim Dunphy [mailto:bluethu...@gmail.com] Sent: Saturday, May 05, 2012 9:43 PM To: Discussion list for OpenIndiana Subject: Re: [OpenIndiana-discuss] openindiana ldap client Thanks! That really did the trick! ldapclient manual -a credentialLevel=proxy -a authenticationMethod=simple -a proxyDN=cn=Manager,dc=example,dc=com -a proxyPassword=secret -a defaultSearchBase=dc=example,dc=com -a domainName=example.com -a defaultServerList=192.168.1.44 Grep ldap for ldap user: root@openindiana:/var/ldap# getent passwd | grep walbs walbs:x:1002:1003:Walkiria Soares-Dunphy:/home/walbs:/bin/bash However I notice that now dns resolution seems mixed up, but only since running ldapclient: root@openindiana:/var/ldap# ping yahoo.com ping: unknown host yahoo.com Here's what nsswitch.conf is looking like: root@openindiana:/var/ldap# cat /etc/nsswitch.conf # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. # # # /etc/nsswitch.ldap: # # An example file that could be copied over to /etc/nsswitch.conf; it # uses LDAP in conjunction with files. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. # LDAP service requires that svc:/network/ldap/client:default be enabled # and online. # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. passwd: files ldap group: files ldap # consult /etc "files" only if ldap is down. hosts: files ldap # Note that IPv4 addresses are searched for in all of the ipnodes databases # before searching the hosts databases. ipnodes: files ldap networks: files ldap protocols: files ldap rpc: files ldap ethers: files ldap netmasks: files ldap bootparams: files ldap publickey: files ldap netgroup: ldap automount: files ldap aliases: files ldap # for efficient getservbyname() avoid ldap services: files ldap printers: user files ldap auth_attr: files ldap prof_attr: files ldap project: files ldap tnrhtp: files ldap tnrhdb: files ldap If I revert the file to pre-ldapclient I can ping yahoo and external hosts again: root@openindiana:/var/ldap# cat /etc/nsswitch.conf.bak > /etc/nsswitch.conf root@openindiana:/var/ldap# ping yahoo.com yahoo.com is alive And of course I can't find ldap users in the directory again. root@openindiana:/var/ldap# getent passwd | grep walbs root@openindiana:/var/ldap# Is there any way to have my cake and eat it too? thanks tim On Sat, May 5, 2012 at 9:57 PM, Joshua M. Clulow <j...@sysmgr.org> wrote: > On 6 May 2012 11:15, Tim Dunphy <bluethu...@gmail.com> wrote: >> I've also tried using ldapclient, but am having no luck there either: > > I would definitely suggest that you'll want to use the native LDAP > bits, not the PADL stuff. > >> root@openindiana:~/nss_ldap-265# ldapclient init -v -a >> profileName=default \ >>> -a domainname=example.com \ >>> -a proxyDN=cn=uid=proxy,ou=People,dc=example,dc=com \ -a >>> proxyPassword=secret \ >>> 192.168.1.44 >> Parsing profileName=default >> Parsing domainname=example.com >> Parsing proxyDN=cn=uid=proxy,ou=People,dc=example,dc=com >> Parsing proxyPassword=secret >> Arguments parsed: >> domainName: example.com >> proxyDN: cn=uid=proxy,ou=People,dc=example,dc=com >> profileName: default >> proxyPassword: secret >> defaultServerList: 192.168.1.44 Handling init option About to >> configure machine by downloading a profile Can not find the >> nisDomainObject for domain example.com > > So you're specifying a profileName here. Have you created a profile > object in your directory with the name "default"? The "init" mode of > ldapclient uses a profile object in the directory for configuration. > > If you don't have or don't want to have a profile object, you could > try using "ldapclient manual" rather than "ldapclient init". I > believe the manual mode of ldapclient is described in the man page for > the tool. There are also documents out on the Internet for > configuring the Solaris 10 (or 11) Native LDAP Naming Service client > which are mostly, if not entirely, applicable to the bits on > OpenIndiana. > > > Cheers. > > -- > Joshua M. Clulow > UNIX Admin/Developer > http://blog.sysmgr.org > > _______________________________________________ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
