Unflushed Buffers

Solaris got me re-interested in LDAP since Sun likes directory services, but I’m not using Sun’s LDAP server. Reading up on the documentation I was told this sets it all up:

ldapclient manual -v -a defaultsearchbase=dc=scriptforge,dc=org -a domainname=scriptforge.org IP_ADDRESS_OF_LDAP_SERVER

This will take a minute or so to run as services are stopped, changes made and services restarted. The output shows what it is doing and what files it is changing. Take a look at some of these config changes. One thing I found is that this process changes hostname lookup from DNS to LDAP which is what I didn’t want. This was changed by editing /etc/nsswitch.conf hosts line as follows:

hosts: dns files

Now we can get Solaris to query the LDAP passwd tree with:

getent passwd USERNAME

getent group GROUPNAME

Even finger works, but login does not (try SSH into the box with an LDAP username, it won’t work). This is because PAM hasn’t been configured to authenticate by LDAP. Edit /etc/pam.conf and there are different services listed (login, rlogin, ppp, other, passwd, and some kerberos ones) We need to change auth required pam_unix_auth.so.1 lines to auth sufficient pam_unix_auth.so.1 and then under the pam_dial_auth.so.1 lines we add this line:

login auth required pam_ldap.so.1

Add these lines for the different services as you see them in the file (ie change the login above to rlogin, rsh, ppp, other, passwd as needed).

STUCK! Damn this didn’t work! Anyone? Oh well may go get the samba integration going…

Setting up automounting

{not yet written}

Automounts and LDAP

{not yet written}