Linux: /etc/pam.d/system-auth config w/ Sun Directory Server 6.2

I have a RHEL 4.3 WS system authenticating againd a Sun Directory Server 6.2 ldap server. I've configured my linux as an ldap client according to Redhat and Sun docs:
http://kbase.redhat.com/faq/FAQ_79_6031.shtm
http://www.sun.com/bigadmin/features/articles/nis_ldap_part3.jsp#P3
My problem is with the /etc/pam.d/system-auth file. I've configured it according to the above sun doc but receive an error in /var/logs/ messages with this one line:
account    [default=bad   success=ok user_unknown=ignore err=ignore
authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.soThe error returned is:
Mar 5 22:54:29 hostname sshd: PAM pam_parse: expecting return value;
[...err=ignore authinfo_unavail=ignore]Login works fine if I comment that line, but I'd like to correct the error in that statement. Any help would be appreciated.
Here is my entire /etc/pam.d/system-auth file:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth
nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so
use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so
account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid <
100 quiet
account    [default=bad   success=ok user_unknown=ignore err=ignore
authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so
account    [default=bad   success=ok user_unknown=ignore err=ignore
authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow nis remember=12
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.soThanks.
keywords:
linux ldap sun directory server pam.d system-auth

You do realize there is a decdicated Directory Server forum?
It can be readily found on the Enterprise System forum page.
http://forum.java.sun.com/index.jspa?tab=es

Similar Messages

Installation/Config Problem with Sun Directory Server Control Center (6.0)

Hi All,
I have recently attempted an installation of Sun Directory Server EE 6.0 on a x86 Solaris 10 machine.
I have selected to install Core Directory Server and Sun Directory Server Control Center with my installation.
After installation, if I check the status of the SUNDSCC, I receive the following message:
bash-3.00# ./dsccsetup status
DSCC Application is not installed
DSCC Agent is registered in Cacao
DSCC Registry has been created
Path of DSCC registry is /var/opt/SUNWdsee/dscc6/dcc/ads
Port of DSCC registry is 3998
I have also tried to re-start the Sun Java Web Console using the /usr/sbin/smcwebserver start command but that does not do anything.
If i try to initialize the SUNDSCC usin the ./dsccsetup initialize command, the registry got created, but it still displays as "application not installed".
I do not understand. I have already installed this application using the JES installer.
please help!
Regards,
Saahil Goel

I had a similar issue. Here is how I fixed it.
Run dsccsetup status with the -v option. it will show you where it is trying to find the DSCC Application. Then do a find on your system to see where it is actually installed. Then simply copy it over to where dsccsetup is looking for it. Then do dsccsetup initialize. Below is what it looked like on my system when I did it:
# ./dsccsetup status -v
## /usr/sbin/smreg is present
## /usr/sbin/smcwebserver is present
## /opt/server/sun/dscc6/dccapp is MISSING
DSCC Application is not installed
## /opt/sun/cacao/bin/cacaoadm is present
## /opt/server/sun/dscc6/lib/jar/nquickmodule.jar is present
## Running /opt/sun/cacao/bin/cacaoadm list-modules -r
DSCC Agent is registered in Cacao
## Running /opt/sun/cacao/bin/cacaoadm status
## Running /opt/sun/cacao/bin/cacaoadm list-modules
## Running /opt/sun/cacao/bin/cacaoadm get-param network-bind-address
## Running /opt/sun/cacao/bin/cacaoadm get-param jmxmp-connector-port
## /opt/server/sun/ds6/bin/dsadm is present
DSCC Registry has been created
Path of DSCC registry is /var/opt/sun/dscc6/dcc/ads
Port of DSCC registry is 3998
# find / -name dccapp
/opt/server/dscc6/dccapp
# cp -R /opt/server/dscc6 /opt/server/sun
# ./dsccsetup dismantle
DSCC Application is not registered in Sun Java(TM) Web Console
Unregistering DSCC Agent from Cacao...
Deleting DSCC Registry...
All server registrations will be definitively erased.
Existing server instances will not be modified.
Do you really want to delete the DSCC Registry ? [y/n]y
Server stopped
DSCC Registry has been deleted successfully
# ./dsccsetup initialize
Registering DSCC Application in Sun Java(TM) Web Console
This operation is going to stop Sun Java(TM) Web Console.
Do you want to continue ? [y,n] y
Stopping Sun Java(TM) Web Console...
Registration is on-going. Please wait...
DSCC is registered in Sun Java(TM) Web Console
Restarting Sun Java(TM) Web Console
Please wait : this may take several seconds...
Sun Java(TM) Web Console restarted successfully
Registering DSCC Agent in Cacao...
Checking Cacao status...
Deploying DSCC agent in Cacao...
DSCC agent has been successfully registered in Cacao.
Choose password for Directory Service Manager:
Confirm password for Directory Service Manager:
Creating DSCC registry...
DSCC Registry has been created successfully
Hope this helps.

[solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

... results in
2,21c2,7
< auth required pam_securetty.so
< auth requisite pam_nologin.so
< auth required pam_unix.so nullok
< auth required pam_tally.so onerr=succeed file=/var/log/faillog
< # use this to lockout accounts for 10 minutes after 3 failed attempts
< #auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
< account required pam_access.so
< account required pam_time.so
< account required pam_unix.so
< #password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
< #password required pam_unix.so sha512 shadow use_authtok
< session required pam_unix.so
< session required pam_env.so
< session required pam_motd.so
< session required pam_limits.so
< session optional pam_mail.so dir=/var/spool/mail standard
< session optional pam_lastlog.so
< session optional pam_loginuid.so
< -session optional pam_ck_connector.so nox11
< -session optional pam_systemd.so
>
> auth required pam_securetty.so
> auth requisite pam_nologin.so
> auth include system-local-login
> account include system-local-login
> session include system-local-login
Is it safe to use new /etc/pam.d/login?
Last edited by student975 (2012-07-05 11:54:37)

I assume that tomegun meant using the new one rather than booting with the old one. (The latter might also be fine - I've no idea.)
I'm a bit confused about the role which /etc/pam.d/passwd is playing now. Should options I've added here be duplicated for the password lines in e.g. system-auth? Currently, I have this in passwd:
password required pam_unix.so sha512 shadow nullok rounds=65536
but since system-auth etc. seems to have its own password lines, I'm wondering if having this in passwd is now either pointless or at least insufficient.
The default set up, if I understand it correctly, is not actually that different from the old one. The diff above is missing the additions:
> auth include system-local-login
> account include system-local-login
> session include system-local-login
I think this is invoking the stuff in /etc/pam.d/system-local-login which in turn calls system-login and system-auth, for example. If you compare the cumulative effect, I believe there are only minor differences which don't impact security e.g. to do with announcing the last login time or displaying message of the day.
EDIT: So adding that stuff all back into login just duplicates stuff with maybe some very minor differences such as requiring message of the day etc.
Last edited by cfr (2012-07-04 23:25:35)

Setup Java system directory server 6 client for user authentication

I am trying to set up a native LDAP client for sun directory server 6 for network based user authentication. I checked the sun doc for naming service (LDAP) and the documentation are for setting up LDAP client for directory server 5. Is there any documentation for setting up LDAP client for directory server 6? Or the documents for setting LDAP client for directory server 5 is still good for 6? Particularly, I want to use SSL communication between server and client.

Hi,
could be one of the other 'bad jokes' of DS/ldapclient because the documentation describes a lot of stuff about profiles etc. but: you need some special schema files to use the whole stuff and they are not installed with Solaris or DS (and they include the NisDomainObject). I had to search for them in the internet. They are also printed in the documentation. Save them in your server's config/schema directory as i.e. 61DUAConfigProfile.ldif and 62nisDomain.ldif and try idsconf again (maybe you have to cleanup something).
I test and prepare DS6 here, and we will use it in production too. I hadn't any problem with it and it has some important advantages over DS5.2. But we won't have a huge directory so I can't tell you anything more about it.
Regards
Jochem Ippers
Here are the ldifs:
61DUAConfigProfile.ldif:
dn: cn=schema
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Default LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'Default LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC 'Preferred LDAP server host addresses to be used by a DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maximum time in seconds a DUA should allow for a search to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximum time in seconds a DUA should allow for the bind operation to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tells DUA if it should follow referrals returned by a DSA search result' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to live, in seconds, before a client DUA should re-read this configuration profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' DESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribute mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Objectclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC 'Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server for a specific service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' )
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod' DESC 'Authentication method used by a service of the DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
objectClasses: ( 1.3.6.1.4.1.11.1.3.1.2.4 NAME 'DUAConfigProfile' SUP top STRUCTURAL DESC 'Abstraction of a base configuration for a DUA' MUST ( cn ) MAY ( defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod $ followReferrals $ serviceSearchDescriptor $ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL ) X-ORIGIN 'user defined' )
62nisDomain.ldif:
dn: cn=schema
attributeTypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
objectClasses: ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top STRUCTURAL MUST nisDomain X-ORIGIN 'user defined' )

Changing the Name of an Open Directory Server while preserving users, etc.

Hi Everyone,
Not an emergency - but I have been wrestling with this dilemma for almost a year now.
The good news is nothing has to be done right away. But I will ultimately need a solution.
We have inherited a server system at a traditional elementary school from a previous IT person who was immature to say the least.
When he set up the server system, he named the open directory server something that, while innocuous is inappropriate for a school setting. I am sure he thought it was clever and cheeky at the time. But a few years later it is simply unprofessional. And we are being expected to ultimately be able to change it so something like "XXXdirectory.domainname.edu" The more it hangs around - the longer it looks like we did this and it makes us look unprofessional.
So here is my dilemma.
This is an OD Master with iCal and network homes attached to it. It also runs DNS.
I would like to set up a new server and name it "xxxdirectory.schooldomainname.edu"
Setting up the new server is easy and getting all the client machines to bind to it - no problem.
The problem is how to migrate all the users to the new server. It seems a restore wont work because if the new server is named differently, the restore will fail. I also can't do a server migration because the stupid name migrates to the new server.
My old server is 10.5.8 Server. The new one is 10.7.1 Server . But could be 10.6.8 Server if need be.
The main problem is how do I get all the accounts onto a new server with a new OD master name?
I don't mind command line stuff. So throw whatever you got at me.
Thanks in advance for your help everyone. Don't worry - I won't be a pain in the butt or argue. I just need some good solid guidance, even if it is a "Not possible" answer - at least I have something to tell the administration when they want to know why we can't change the OD Master name from mcnugget.schoolname.edu.
Please let me know if you need more details. I am happy to provide.
Thanks again.
Tony

If you don't mind resetting everybodies password then you can export the users and groups and wipe the server for a clean install or turn it into a standalone server then back into od master then import the users and groups.

Etc/pam.d/login is different - okay to replace with original?

I found an error in my journal:
May 25 07:33:49 shawntatious login[3006]: PAM unable to dlopen(/usr/lib/security/pam_ck_connector.so): /usr/lib/security/pam_ck_connector.so: cannot open shared object file: No such file or directory
That led me to look through my pam configuration. I found that for some reason, pam_ck_connector.so was still in the /etc/pam.d/login config. I removed the line, but I wanted to see what else might be leftovers. I thought I'd try reinstalling util-linux since it owns that file, then I'd be able to look at the .pacnew; it doesn't create a .pacnew file, and it doesn't change the file at all.
So, I have a large number of differences between the files, and I'm wondering if it's safe just to clobber it with the version that's currently in util-linux.

I can reproduce this by adding a bogus line; re-installing util-linux doesn't create a .pacnew file. I assume this is caused by the file being in the backup array, and no actual upgrade is being done. The only solution seems to be to remove the file and re-install util-linux; this will reset the file to what's in the package
Last edited by Spider.007 (2013-05-25 12:20:28)

/etc/.java/.systemPrefs/.system.lock not found java package error

Dear all experts, i am trying hard to solve this problem on solaris 10.
i downloaded java package i.e jdk-6u18-solaris-i586.tar.Z and extract it using zcat jdk-6u18-solaris-i586.tar.Z | tar -xf - . it extracted successfully following folders.
SUNWj6cfg
SUNWj6dev
SUNWj6dmo
SUNWj6jmp
SUNWj6man
SUNWj6rt
plus few others
i tried to install all of the above using command pkgadd -d . SUNWj6rt SUNWj6dev SUNWj6cfg SUNWj6man SUNWj6dmo.
all of the package succesfully installed except one i.e SUNWj6cfg
i got following error message
[Do you want to continue with the installation of <SUNWj6cfg> [y,n,?] y
Installing JDK 6.0 Host Config. (1.6.0_18) as <SUNWj6cfg>
## Installing part 1 of 1.
[ verifying class <none> ]
cp: /etc/.java/.systemPrefs/.system.lock not found
cp: /etc/.java/.systemPrefs/.systemRootModFile not found
[ verifying class <preserve> ]
ERROR: attribute verification of </etc/.java/.systemPrefs/.system.lock> failed
pathname does not exist
ERROR: attribute verification of </etc/.java/.systemPrefs/.systemRootModFile> fa
iled
pathname does not exist
## Executing postinstall script.
Installation of <SUNWj6cfg> partially failed.]
i am trying hard to find out what is the problem.
thanks in advance
Mr parkar
UAE

make sure your package is in WEB-INF\classes\ directory
or if it is in a jar file, make sure it is in WEB-INF\lib\ directory

ERROR: attribute verification of /etc/.java/.systemPrefs/.system.lock fai

Dear all experts, i am trying hard to solve this problem on solaris 10.
i downloaded java package i.e jdk-6u18-solaris-i586.tar.Z and extract it using zcat jdk-6u18-solaris-i586.tar.Z | tar -xf - . it extracted successfully following folders.
SUNWj6cfg
SUNWj6dev
SUNWj6dmo
SUNWj6jmp
SUNWj6man
SUNWj6rt
plus few others
i tried to install all of the above using command pkgadd -d . SUNWj6rt SUNWj6dev SUNWj6cfg SUNWj6man SUNWj6dmo.
all of the package succesfully installed except one i.e SUNWj6cfg
i got following error message
[Do you want to continue with the installation of <SUNWj6cfg> [y,n,?] y
Installing JDK 6.0 Host Config. (1.6.0_18) as <SUNWj6cfg>
## Installing part 1 of 1.
[ verifying class <none> ]
cp: /etc/.java/.systemPrefs/.system.lock not found
cp: /etc/.java/.systemPrefs/.systemRootModFile not found
[ verifying class <preserve> ]
ERROR: attribute verification of </etc/.java/.systemPrefs/.system.lock> failed
pathname does not exist
ERROR: attribute verification of </etc/.java/.systemPrefs/.systemRootModFile> fa
iled
pathname does not exist
## Executing postinstall script.
Installation of <SUNWj6cfg> partially failed.]
i am trying hard to find out what is the problem.
thanks in advance
Mr parkar
UAE

These are innocuous errors that you may safely ignore. However the disk error is a problem. Do the following:
Repairing the Hard Drive
Boot from your OS X Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Installer menu (Utilities menu for Tiger and Leopard.) After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list. In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive. If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors, then quit DU and return to the installer. Now restart normally.
If DU reports errors it cannot fix, then you will need Disk Warrior and/or Tech Tool Pro to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.

Installing Sun Java System Directory Server on Linux Ent.

Hi,
I tried to install Sun Java System Directory Server on Linux on Redhat Enterprise Linux AS, but I faced some problems.
I just want to know if there is any pre-requisites for installing this product on Linux.
Thanks
Sadiq

Hello
Which problem did you have encountered installing the DS on Linux AS.
Currently I want to install SunOne DS V5.2 on Redhat Linux AS 2.1 and encounter several configuration issues
Thanks in advance,
Andrew

Does sccm 2012 supports ibcm for linux and unix operating systems

folks,
does SCCM 2012 supports linux and unix operating system for IBCM ..........as per my knowledge it dont what i have learn t through bing........

I thought it's not supported for Linux and Unix, see also:
http://blogs.msdn.com/b/teju_shyamsundar/archive/2014/05/23/installing-the-system-center-2012-r2-configuration-manager-client-on-linux-part-2.aspx
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude

Beta Testing Begins for New "Oracle Linux 5 and 6 System Administrator" (OCA) Certification Exam (1Z1-100)

Oracle Certification begins beta testing this week for the new upcoming certification - Oracle Certified Associate, Oracle Linux 5 and 6 System Administrator. READ MORE

We do have things in the works but cannot be announced prematurely. We'll put the word out on the [Oracle Certification Blog|http://blogs.oracle.com/certification/] as soon as possible.
Cheers,
- Harold

Dbus upgrade clobbering /etc/dbus-1/system.d/hal.conf

When you upgraded to dbus-1.2.20-1 did your /etc/dbus-1/system.d/hal.conf get clobbered?

Are you sure the first line in your .conf is required?

Sun Java Directory Server Linux RHEL 5 Installation

Hello,
As Linux RHEL ES/AS 5 is not officially listed in the operating system requirements.
Has somebody been succesful in the installation ?
- With which Linux RHEL 5 update.
- Are the package depencies the same (compat-C/C++ libraries)
- Which Edition of Sun Java Directory Server (5.2Q6, 6.0, 6.3) and which packages (Native/ZIP)
Tips would be useful as I have been successful in Linux RHEL 4 update 4 with Sun Java Directory Server 5.x
in the past but customer requirements have changed and I did not find any Information and do not have testing Time.
Thanks,
Fab

I just installed a consumer replica on CentOS (same thing as RHEL) 5.2 . It's working fine. Here's my kickstart file so that you can see what packages I installed:
# Kickstart file automatically generated by anaconda.
install
cdrom
lang en_US.UTF-8
keyboard us
xconfig --startxonboot
network --device eth0 --bootproto dhcp
rootpw --iscrypted <removed>
firewall --disabled
authconfig --enableshadow --enablemd5
selinux --disabled
timezone --utc America/Chicago
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --linux
part /boot --fstype ext3 --size=128 --asprimary
part swap --size=1024 --asprimary
part pv.100000 --size=100 --grow
volgroup vgmain --pesize=32768 pv.100000
logvol /var --fstype ext3 --name=varlv --vgname=vgmain --size=512
logvol /var/log --fstype ext3 --name=varloglv --vgname=vgmain --size=512
logvol /usr --fstype ext3 --name=usrlv --vgname=vgmain --size=3072
logvol /usr/local --fstype ext3 --name=usrlocallv --vgname=vgmain --size=4096
logvol / --fstype ext3 --name=rootlv --vgname=vgmain --size=512
logvol /home --fstype ext3 --name=homelv --vgname=vgmain --size=1024
logvol /tmp --fstype ext3 --name=tmplv --vgname=vgmain --size=512
%packages
@development-libs
@editors
@system-tools
@text-internet
@legacy-network-server
@gnome-desktop
@core
@base
@legacy-software-development
@base-x
@web-server
@smb-server
@server-cfg
@admin-tools
@development-tools
@graphical-internet
audit
net-snmp-utils
lynx
kexec-tools
device-mapper-multipath
xorg-x11-server-Xnest
xorg-x11-server-Xvfb
system-config-boot
imake
-bluez-hcidump
-bluez-gnome
-slrn
-gnome-user-docs
-gnome-themes
-gedit
-gnome-power-manager
-gnome-backgrounds
-gok
-gnome-audio
-esc
-gnome-user-share
-gimp-print-utils
-desktop-printing
-file-roller
-gnome-screensaver
-gnome-pilot
-krb5-workstation
-ipsec-tools
-sysreport
-irda-utils
-bluez-utils
-synaptics
-krb5-auth-dialog
-linuxwacom
-system-config-nfs
-evolution
-nspluginwrapper
-gnome-themes
-evolution-webcal
-ekiga
-evolution-connectorI installed DSEE 6.3 from the ZIP distribution.

Ldap client with directory server 6.0 on solaris 9 systems

I have a directory server 6.0 running on a solaris 9 system. I have set up idsconfig, vlvindex and certificate database on the server side. The client ldap I am trying to set up is also solaris 9 system. I have set the certificate database on this ldap client using the Resource Kit certutil and import the server certificate to client certificate database. It seems the TLS secure connection did work between LDAP server and client. (I use the Resource Kit ldapsearch command to test it) I use 'ldapclient -v init ...' command using 'profileName=tlsprofile' to initialize the LDAP client and the information returned from that command said LDAP client configed sucsessfully. But when I run ldapaddent command to import /etc/passwd. I got error:
Passwd container does not exist.
The ldapaddent command I ran like this:
ldapaddent -v -f <passwd file> -D "cn=Directory Manager" passwd
Then I tried to use 'ldapclient -v manual ....' command to set up LDAP client. That command finishes succefully. But I still can not import /etc/passwd using ldapaddent with same error.
What is wrong with my set-up?
Thanks,
--xinhuan

I looked into the /var/adm/messages, and I have the following error:
ldap_cachemgr[1640]: [ID 605618 daemon.error] libldap: CERT_VerifyCertName: cert server name 'directory server' does not match 'hostname.mycompany.com': SSL connection denied
It seems I have problem with SSL certificate set-up. I did generate the server side 'hostname.mycompany.com' certificate then use the Resource Kit certutil import that certificate to the client side. Is that right way to do?
Thanks,
--xinhuan

Good Java System Directory Server book?

Does anyone know of a good book (or books) for getting up to speed on the Sun Java System stack? I am migrating from Linux and Windows-based apps to the Sun stack and need to hit the books hard to get up to speed, but can't find much of anything newer than 2002 on Amazon.
Specifically looking for:
- Directory Server
- Web Application server
- Messaging Server
- JMS
Anyone have any ideas?

Well, the first place I go is http://docs.sun.com where I can either search or browse the html versions or download the PDFs of the product manuals. Beyond that I do like Michael Haines and Tom Bialaski's LDAP in the Solaris Operating Environment: Deploying Secure Directory Services book. It came out in 2004 and covers Directory Server 5.2 (I think it was patch 2 then, now we run patch 4 here...)

Linux: /etc/pam.d/system-auth config w/ Sun Directory Server 6.2

Similar Messages

Maybe you are looking for