Sudo with LDAP NetGroups Solaris 10

Hi All,
Can some  one describe me the steps to configure sudoers to work with LDAP NetGroups Solaris 10 ?
I am using  "sudo  1.7.2p6 " right now.
I am able to authenticate using  the Netgroups , but not able to using sudo.
Thanks,
DD

I have recently tested sudo 1.6.8p8 to be working with flat files /etc/sudoers or LDAP sudo maps, together with netgroup and automount, on a Solaris Native LDAP Client against DS5.2 server.
I assume you use Solaris8/9 Native LDAP Client, and assume netgroup LDAP maps have been working without sudo.
I read your other post about sudo and ldap, I think you did not configure and build "sudo" with "--with-pam", right?
Can you provide the following details?
1) First 10 lines of "sudo -V", i.e. "sudo -V | head".
2) How do you configure "sudo" on the LDAP Client? i.e. ./configure options.
3) Did you use an old gcc version eg: Solaris9 built-in gcc 3.1, to compile sudo?
4) Content of /var/ldap/ldap_client_file.
5) Content of /etc/ldap.conf, you should have this file.
6) Sample ldif showing some sudoRole entries in LDAP
7) Can you perform these commands?
ldaplist -l sudoers
ldaplist -l sudoers root
ldaplist -l sudoers some_sudoRole
8) Content of /etc/pam.conf
9) Any other relevant details, like err in /var/adm/messages.
Gary

Similar Messages

  • Issues with LDAP Server | Solaris 8

    Hi All,
    In my project we are using Solaris 8 as LDAP server for authentication. Some folders owner and group is assigned to LDAP user by default. I think it should be root and others.
    Please find the below example:
    *8 drwxr-xr-x 42 gip_admin set_investors_author 3584 Jan 24 00:01 .
    *8 drwxr-xr-x 42 gip_admin set_investors_author 3584 Jan 24 00:01 ..
    6 -rw-rw-r-- 1 gip_admin ampm_retail_english_author 2062 Jan 22 14:03 archive
    2 drwxr-xr-x 2 root nobody 512 Aug 6 2003 cdrom
    2 drwx--l--- 3 gip_admin set_investors_author 512 Dec 9 07:33 data
    2 drwxr-x--- 2 root other 512 Nov 12 16:20 data1
    Can you please help me to solve this issue.....
    Thanks in Advance
    Manju

    Hi,
    Its is not mounted on NFS. It is local disk only.
    Its is Solaris 8 server.
    # ls -lan
    drwxr-xr-x 18 0 0 1536 Dec 11 05:00 .
    drwxr-xr-x 46 91550 94293 2560 Jan 11 10:37 ..
    -rw-rw-rw- 1 0 1 524204 Aug 2 2006 110951-06.jar
    drwxr-xr-x 2 0 1 512 Dec 11 05:01 Backup_files
    -rw------- 1 0 1 17 Apr 22 2005 DBVERSION
    drwxrwxr-x 2 101 2000 512 Oct 18 2004 DD
    drwxr-xr-x 2 0 1 512 Sep 19 2006 J2SEPatch-13092006
    #cat /etc/passwd
    root:x:0:1:Super-User:/:/usr/bin/bash
    daemon:x:1:1::/:
    bin:x:2:2::/usr/bin:
    sys:x:3:3::/:
    adm:x:4:4:Admin:/var/adm:
    lp:x:71:8:Line Printer Admin:/usr/spool/lp:
    uucp:x:5:5:uucp Admin:/usr/lib/uucp:
    nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
    listen:x:37:4:Network Admin:/usr/net/nls:
    nobody:x:60001:60001:Nobody:/:
    noaccess:x:60002:60002:No Access User:/:
    nobody4:x:65534:65534:SunOS 4.x Nobody:/:
    basant:x:1001:10::/apps/basant:/bin/sh
    tis:x:1003:1::/apps/tis/:/usr/bin/bash
    ldap:x:1004:100::/home/ldap:/bin/sh
    iwui:x:100001:60001:Interwoven TeamSite UI Daemons User:/apps/iw-home:/bin/sh
    oracle:x:1002:101: Oracle user:/apps/oracle:/bin/sh
    vadmin:x:100002:1::/apps/vadmin/:/bin/sh
    sshd:x:100003:2003:sshd privsep:/var/empty:/bin/false
    temp:x:111112:1::/home/temp:/bin/sh
    verity:x:111113:1::/apps/verity/:/usr/bin/bash
    test1:x:12312311:1::/home/test1:/bin/sh
    hai:x:12312312:1::/home/hai:/bin/sh
    #cat /etc/group
    [root@sun5-/opt]# cat /etc/group
    root::0:root,tomcat
    other::1:bpeditor,lpg_admin,lpg_author,lpg_publisher
    bin::2:root,bin,daemon
    sys::3:root,bin,sys,adm
    adm::4:root,adm,daemon
    uucp::5:root,uucp
    mail::6:root
    tty::7:root,tty,adm
    lp::8:root,lp,adm
    nuucp::9:root,nuucp
    staff::10:
    daemon::12:root,daemon
    sysadmin::14:
    nobody::60001:
    noaccess::60002:
    nogroup::65534:
    iplanet::100:
    dba::101:
    sshd::2003:
    apps::94356:
    testa::12312323:
    oat_users_test::12312325:
    Thanks

  • LDAP netgroup with SSH

    I am planning to intergrate LDAP netgroup to SSH in Solaris 10 (SUN native SSH SUNWsshxx) in order to restrict unauthorized users to ssh in. Any advice?

    i've only done this with java directory server - dscc (or whatever it's called) and opends. only real troubles i've had are when i've done something wrong in pam.conf or the compat line in nsswitch.conf.
    works pretty well here

  • Solaris 8/9 with LDAP

    I setup iplanet directory server in the Solaris 9. Solaris 9 client can get user account, automount data from LDAP, but , Solaris 8 can't get automount data,
    If cd /test4 , error message : permittion denied.
    How to fix it , or to get more information about it.
    as following is solaris 8 setting :
    Solaris 8 profile:
    dn: cn=sun8,ou=profile,dc=test,dc=com,dc=tw
    cn: sun8
    ObjectClass: top
    ObjectClass: SolarisNamingProfile
    SolarisBindDN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=tw
    SolarisBindPassword: {NS1}c58916dc7d61179f7f
    SolarisLDAPServers: 172.20.100.103
    SolarisSearchBaseDN: dc=test,dc=com,dc=tw
    SolarisAuthMethod: NS_LDAP_AUTH_SIMPLE
    SolarisTransportSecurity: NS_LDAP_SEC_NONE
    SolarisSearchReferral: NS_LDAP_FOLLOWREF
    SolarisSearchScope: NS_LDAP_SCOPE_ONELEVEL
    SolarisSearchTimeLimit: 30
    SolarisCacheTTL: 43200
    Solaris 9 profile :
    dn: cn=sun9v1,ou=profile,dc=test,dc=com,dc=tw
    ObjectClass: top
    ObjectClass: DUAConfigProfile
    defaultServerList: 172.20.100.103
    defaultSearchBase: dc=test,dc=com,dc=tw
    authenticationMethod: simple
    defaultSearchScope: one
    searchTimeLimit: 30
    cn: sun9v1
    credentialLevel: proxy
    attributeMap: automount:automountInformation=nisMapEntry
    attributeMap: automount:automountKey=cn
    attributeMap: automount:automountMapName=nisMapName
    objectClassMap: automount:automount=nisObject
    objectClassMap: automount:automountMap=nisMap
    AutoMount Entry:
    cn=/net,nisMapName=auto_master,dc=test,dc=com,dc=tw
    objectClass=nisObject
    objectClass=top
    cn=/net
    nisMapEntry=-hosts -nosuid,nobrowse
    nisMapName=auto_master
    cn=/home,nisMapName=auto_master,dc=test,dc=com,dc=tw
    objectClass=nisObject
    objectClass=top
    cn=/home
    nisMapEntry=auto_home -nobrowse
    nisMapName=auto_master
    cn=/xfn,nisMapName=auto_master,dc=test,dc=com,dc=tw
    objectClass=nisObject
    objectClass=top
    cn=/xfn
    nisMapEntry=-xfn
    nisMapName=auto_master
    cn=/-,nisMapName=auto_master,dc=test,dc=com,dc=tw
    objectClass=nisObject
    objectClass=top
    cn=/-
    nisMapEntry=auto_direct
    nisMapName=auto_master
    cn=/test4,nismapname=auto_direct,dc=test,dc=com,dc=tw
    objectClass=nisObject
    objectClass=top
    cn=/test4
    nismapentry=sun1:/export/test
    nismapname=auto_direct

    I just checked my schema and I've also converted 'NisMapEntry' to lower case.
    So when you do an 'ldaplist -l auto_home name' you get:
    dn: cn=name,nismapname=auto_home,o=org
    objectClass: top
    objectClass: nisobject
    nismapname: auto_home
    nismapentry: server:/export/home/&
    cn: name
    You can see where it's failing by running automountd in debug mode:
    /usr/lib/autofs/automountd -v -TT &
    # cd /home/name
    t1 LOOKUP REQUEST: Wed Sep 4 14:37:53 2002
    t1 name=name[] map=auto_home opts= path=/home direct=0
    t1 PUSH /etc/auto_home
    t1 getmapent_ldap called
    t1 getmapent_ldap: key=[ name ]
    t1 ldap_match called
    t1 ldap_match: key =[ name ]
    t1 ldap_match: ldapkey =[ name ]
    t1 ldap_match: searchfilter =[ (&(objectClass=nisObject)(nisMapName=auto_home)(cn=name)) ]
    t1 ldap_match: Requesting list for (&(objectClass=nisObject)(nisMapName=auto_home)(cn=name))
    t1 ldap_match: __ns_ldap_list OK
    t1 getmapent_ldap: exiting ...
    t1 POP /etc/auto_home
    t1 mapline: server:/export/home/&
    t1 do_lookup1: action=2 wildcard=FALSE error=0
    t1 LOOKUP REPLY : status=0
    t6 MOUNT REQUEST: Wed Sep 4 14:37:53 2002
    t6 name=name[] map=auto_home opts= path=/home direct=0
    t6 PUSH /etc/auto_home
    t6 getmapent_ldap called
    t6 getmapent_ldap: key=[ name ]
    t6 ldap_match called
    t6 ldap_match: key =[ name ]
    t6 ldap_match: ldapkey =[ name ]
    t6 ldap_match: searchfilter =[ (&(objectClass=nisObject)(nisMapName=auto_home)(cn=name)) ]
    t6 ldap_match: Requesting list for (&(objectClass=nisObject)(nisMapName=auto_home)(cn=name))
    t6 ldap_match: __ns_ldap_list OK
    t6 getmapent_ldap: exiting ...
    t6 POP /etc/auto_home
    t6 mapline: server:/export/home/&
    t6 do_mount1:
    t6 (nfs,nfs) /home/name
    server:/export/home/name penalty=0
    t6 nfsmount: standard mount on /home/name :
    t6 server:/export/home/name
    t6 ping: server timeout=15 request vers=3 min=2
    t6 pingnfs OK: nfs version=3
    t6 nfsmount: Get mount version: request vers=3 min=3
    t6 nfsmount: mount version=3
    t6 mount server:/export/home/name /home/name ()
    t6 mount server:/export/home/name dev=44c0006 rdev=0 OK
    t6 MOUNT REPLY : status=0, AUTOFS_DONE

  • LDAP and Solaris Authorization.

    Hi,
    Need some help. Can we do authorization of users with LDAP using PAM on Solaris. I am aware that we can use netgroups with LDAP for restricting access but is there any generic facility that can be used directly with PAM itself to restrict the users?
    All ideas are appreciated.
    Regards,
    Abrar

    I wonder anyone had successfully compiled pam_listfile.so (part of LinuxPAM) on Solaris8/9 and use it successfully in /etc/pam.conf as a mean of Authorization Control?
    ===
    # cat /usr/share/doc/pam-0.77/txts/README.pam_listfile
    SUMMARY:
    pam_listfile:
    Checks a specified item against a list in a file.
    Options:
    * item=tty
    * sense=allow (action to take if found in file,
    if the item is NOT found in the file, then
    the opposite action is requested)
    * file=/the/file/to/get/the/list/from
    * onerr=succeed (if something weird happens
    such as unable to open the file, what to do?)
    * apply=user
    restrict the user class for which the restriction
    apply. Note that with item=user this
    does not make sense, but for item=tty
    it have a meaning. (Cristian Gafton)
    Also checks to make sure that the list file is a plain
    file and not world writable.
    - Elliot Lee <[email protected]>, Red Hat Software.
    v0.9 August 16, 1996.
    ===
    Gary

  • Configuring LDAP netgroups

    I've nearly got my LDAP deployment complete, but one thing I'm missing right now is netgroup-like restrictions for logins. I spoke with a Sun PS guy recently and he recommended this as the preferred method of restricting access to hosts, so I'm game.
    The problem I have right now is that I can't seem to find any documentation on how to set this up. Most references using the word "netgroup" are for NIS, naturally. If anyone has solid docs on how to set this up for LDAP I'd appreciate it.
    One thing to note is that I'm not transitioning from NIS. I have only DNS in my environment as a naming service, and so I couldn't just run the PADL tools to migrate.
    My setup thus far is a 3 master configuration, with 3 hubs, and approximately 100 users, total. Please ask if my setup requires any clarification.
    Thanks!
    Patrick

    Just want to add more information:
    1) The sample Solaris10 /etc/pam.conf could be found
    at
    http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=
    view
    (For this sample to work on Solaris8/9, commented out
    all the pam_unix_cred.so.1 lines)
    2) Making sure "getent passwd userid" shows something
    is NOT enough to make it worked, objectClass
    "shadowAccount" must be defined in the People entry,
    below is an example:
    bash-2.05# ldaplist -l passwd tuser2
    dn: uid=tuser2, ou=People, dc=example,dc=com
    givenName: Test
    sn: User2
    loginShell: /bin/sh
    uidNumber: 9998
    gidNumber: 102
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: shadowAccount
    uid: tuser2
    cn: Test User2
    homeDirectory: /var/tmp
    userPassword:
    assword: {SHA}MWxHz/4F3kXGXlfK4EvIJUo2C2U=
    3) Edit /etc/nsswitch.conf and restart nscd.
    Change this:
    passwd: files ldap
    netgroup: files
    To that:
    passwd: compat
    passwd_compat: ldap
    netgroup: ldap
    Note that there is no need to change "shadow:" and
    "group:", anyone pls correct me if I am wrong.
    I have these two lines for both Solaris and Linux
    clients:
    shadow: files ldap
    group: files ldap
    4) Add these lines to the end of /etc/passwd and run
    "pwconv".
    +@netgroup1:x:::::
    +@netgroup2:x:::::
    -:x:::::
    The corresponding DIT:
    # ldaplist -l netgroup
    dn: cn=netgroup1,ou=netgroup,dc=example,dc=com
    objectClass: top
    objectClass: nisNetgroup
    cn: netgroup1
    nisNetgroupTriple: (,gtay,)
    nisNetgroupTriple: (,tuser,)
    dn: cn=netgroup2,ou=netgroup,dc=example,dc=com
    objectClass: top
    objectClass: nisNetgroup
    cn: netgroup2
    nisNetgroupTriple: (,test,)
    nisNetgroupTriple: (,tuser2)
    I noticed that Solaris will add corresponding lines
    to /etc/shadow after "pwconv" is run, whereas RHEL
    will not.
    5) The same works for BOTH SUN ONE DS5.2 and
    OpenLDAP server netgroup LDAP maps, as well as BOTH
    H SUN Solaris Native LDAP Clients and RHEL
    OpenLDAP+PADL Linux LDAP Clients.
    6) For Non-Netgroup accounts, "id userid" and "su -
    userid" will show these error messages:
    Solaris:
    id: invalid user name: "userid"
    su: unknown id: userid
    Linux:
    id: userid: No such user
    su: user userid does not exist
    7) Some examples of netGroupTriple:
    # nisNetgroupTriple Examples: (host,user,domain)
    # jdoe is in the appuser netgroup for all servers,
    all domains.
    # scarter is in the appuser netgroup only on the
    server mars.
    # all users are in the appuser netgroup on the server
    pluto.
    dn: cn=appuser,ou=netgroup,dc=example,dc=com
    objectClass: top
    objectClass: nisNetgroup
    nisNetgroupTriple: (,jdoe,)
    nisNetgroupTriple: (mars,scarter,)
    nisNetgroupTriple: (pluto,,)
    cn: appuser
    HTH.
    GaryGary,
    Excellent summary...just what I would have looked for about 2 months ago :)
    I would like to add that you can indeed nest netgroups. The following is how you would nest Gary's "appuser" netgroup into another, named prod_appservers (theoretically a superset which would be comprised of several netgroups):
    dn: cn=prod_appservers,ou=netgroup,dc=example,dc=com
    objectClass: nisNetgroup
    objectClass: top
    cn: dev_svr
    memberNisNetgroup: appusers
    memberNisNetgroup: unixadmin
    memberNisNetgroup: security
    memberNisNetgroup: architecture
    Patrick

  • Issue with LDAP login authentication in CMC console

    We have a existing issues with Business Objects BOE XIR2 SP2 and LDAP authentication with the BOE CMC Console.
    We use websphere as the application server and it is installed on the same machine (Solaris) as BOE.
    We have this issue on both our production and our recently rebuilt development environment to duplicate the issue.
    Both environment have configured LDAP over SSL and we can login to BOE Infoview Reports with LDAP and we can map groups and users if we login to CMC but we can not login to CMC with secLDAP.
    The specific error still being shown is "Security plugin error: Failed to set parameters on plugin".
    Both environments (DEV and PROD) are fresh installs of BOE XIR2 SP2.
    Any ideas are much appreciated
    Thankyou

    The CMC in XIR2 used com components for the SSL (rather than java like infoview) and I'm betting the WAS deployment is not finding them. Is WAS on a seperate server or is BOE installed there as well?
    I'm not familiar with any regular fixes for an issue like this. If no other replies I'd recommend opening a case with either deployment(WAS on "nix") or authentication(WAS on windows) to see if they can trace down the problem.
    Regards,
    Tim

  • Ldap in solaris 11-11-11

    Does ldap works in solaris 11 ?
    I am configuring a solaris 11 system to connect with ldap. But i am finding out that the configuration files "nsswitch.conf" cant be edit. edits will be lost.
    Can you help me seting up the ldap client on this system "solaris11 x86 11-11-11"
    Our ldap server is a solaris 10 sparc.
    Thank-you

    I didn't have the problem in solaris 11.11.11
    However i have this problem is solaris 11.11.11.1
    In solaris 5.11 11.1
    the ldap client is in maintanance mode
    i disable the ldap client,
    enable it..
    still goes in maintenance mode
    I dont understand what is going on.
    # svcs
    STATE STIME FMRI
    legacy_run 13:29:11 lrc:/etc/rc2_d/S40llc2
    legacy_run 13:29:11 lrc:/etc/rc2_d/S47pppd
    legacy_run 13:29:11 lrc:/etc/rc2_d/S81dodatadm_udaplt
    legacy_run 13:29:11 lrc:/etc/rc2_d/S89PRESERVE
    disabled 13:29:00 svc:/system/tsol-zones:default
    online 13:28:51 svc:/system/early-manifest-import:default
    online 13:28:51 svc:/system/svc/restarter:default
    online 13:28:53 svc:/network/sctp/congestion-control:cubic
    online 13:28:53 svc:/network/sctp/congestion-control:vegas
    online 13:28:53 svc:/network/tcp/congestion-control:newreno
    online 13:28:53 svc:/network/tcp/congestion-control:vegas
    online 13:28:53 svc:/network/tcp/congestion-control:highspeed
    online 13:28:53 svc:/network/tcp/congestion-control:cubic
    online 13:28:53 svc:/network/sctp/congestion-control:newreno
    online 13:28:53 svc:/network/sctp/congestion-control:highspeed
    online 13:28:54 svc:/network/netcfg:default
    online 13:28:54 svc:/network/tnctl:default
    online 13:28:54 svc:/network/socket-config:default
    online 13:28:54 svc:/network/smb:default
    online 13:28:54 svc:/system/metainit:default
    online 13:28:55 svc:/network/datalink-management:default
    online 13:28:55 svc:/system/filesystem/root:default
    online 13:28:55 svc:/system/resource-controls:default
    online 13:28:55 svc:/system/scheduler:default
    online 13:28:56 svc:/system/cryptosvc:default
    online 13:28:56 svc:/network/ipsec/ipsecalgs:default
    online 13:28:56 svc:/system/boot-archive:default
    online 13:28:56 svc:/system/name-service/upgrade:default
    online 13:28:58 svc:/network/ip-interface-management:default
    online 13:28:58 svc:/network/loopback:default
    online 13:28:58 svc:/network/ipmp:default
    online 13:28:59 svc:/system/filesystem/usr:default
    online 13:28:59 svc:/system/pfexec:default
    online 13:28:59 svc:/system/device/local:default
    online 13:28:59 svc:/system/devchassis:cleanstart
    online 13:29:00 svc:/system/filesystem/minimal:default
    online 13:29:00 svc:/system/vbiosd:default
    online 13:29:00 svc:/system/metasync:default
    online 13:29:00 svc:/system/logadm-upgrade:default
    online 13:29:00 svc:/system/rmtmpfiles:default
    online 13:29:00 svc:/system/pkgserv:default
    online 13:29:00 svc:/network/uucp-lock-cleanup:default
    online 13:29:00 svc:/system/security/security-extensions:default
    online 13:29:00 svc:/system/rbac:default
    online 13:29:00 svc:/system/hostid:default
    online 13:29:00 svc:/system/environment:init
    online 13:29:00 svc:/system/ca-certificates:default
    online 13:29:00 svc:/system/utmp:default
    online 13:29:00 svc:/system/resource-mgmt:default
    online 13:29:00 svc:/system/filesystem/uvfs-instclean:default
    online 13:29:00 svc:/system/zones-monitoring:default
    online 13:29:00 svc:/application/opengl/ogl-select:default
    online 13:29:00 svc:/application/desktop-cache/docbook-style-xsl-update:default
    online 13:29:00 svc:/system/postrun:default
    online 13:29:00 svc:/milestone/unconfig:default
    online 13:29:00 svc:/milestone/config:default
    online 13:29:00 svc:/application/desktop-cache/mime-types-cache:default
    online 13:29:01 svc:/application/desktop-cache/pixbuf-loaders-installer:default
    online 13:29:01 svc:/application/desktop-cache/input-method-cache:default
    online 13:29:01 svc:/system/dbus:default
    online 13:29:01 svc:/system/sysevent:default
    online 13:29:01 svc:/application/desktop-cache/desktop-mime-cache:default
    online 13:29:01 svc:/system/devfsadm:default
    online 13:29:01 svc:/application/desktop-cache/gconf-cache:default
    online 13:29:01 svc:/network/npiv_config:default
    online 13:29:01 svc:/system/manifest-import:default
    online 13:29:01 svc:/system/device/fc-fabric:default
    online 13:29:01 svc:/system/rad:local
    online 13:29:01 svc:/milestone/devices:default
    online 13:29:01 svc:/system/coreadm:default
    online 13:29:01 svc:/system/config-user:default
    online 13:29:01 svc:/system/timezone:default
    online 13:29:01 svc:/network/physical:upgrade
    online 13:29:01 svc:/system/device/audio:default
    online 13:29:01 svc:/network/location:upgrade
    online 13:29:02 svc:/application/desktop-cache/docbook-dtds-update:default
    online 13:29:03 svc:/application/desktop-cache/docbook-style-dsssl-update:default
    online 13:29:03 svc:/system/keymap:default
    online 13:29:04 svc:/network/physical:default
    online 13:29:04 svc:/system/identity:node
    online 13:29:05 svc:/system/picl:default
    online 13:29:05 svc:/network/ipsec/policy:default
    online 13:29:05 svc:/network/location:default
    online 13:29:05 svc:/milestone/network:default
    online 13:29:05 svc:/network/iptun:default
    online 13:29:05 svc:/network/nis/domain:default
    online 13:29:05 svc:/system/fcoe_initiator:default
    online 13:29:05 svc:/network/dns/client:default
    online 13:29:05 svc:/system/identity:domain
    online 13:29:05 svc:/milestone/single-user:default
    online 13:29:05 svc:/network/initial:default
    online 13:29:05 svc:/network/nfs/fedfs-client:default
    online 13:29:05 svc:/network/service:default
    online 13:29:05 svc:/network/netmask:default
    online 13:29:05 svc:/network/iscsi/initiator:default
    online 13:29:06 svc:/system/auditset:default
    online 13:29:06 svc:/system/filesystem/local:default
    online 13:29:06 svc:/system/cron:default
    online 13:29:06 svc:/system/boot-loader-update:default
    online 13:29:06 svc:/system/filesystem/ufs/quota:default
    online 13:29:07 svc:/network/shares:default
    online 13:29:07 svc:/system/power:default
    online 13:29:07 svc:/system/consolekit:default
    online 13:29:08 svc:/system/boot-archive-update:default
    online 13:29:09 svc:/application/desktop-cache/icon-cache:default
    online 13:29:09 svc:/system/hal:default
    online 13:29:09 svc:/network/rpc/bind:default
    online 13:29:09 svc:/network/routing/ndp:default
    online 13:29:09 svc:/system/filesystem/rmvolmgr:default
    online 13:29:09 svc:/network/nfs/status:default
    online 13:29:09 svc:/network/routing-setup:default
    online 13:29:09 svc:/network/inetd:default
    online 13:29:09 svc:/network/nfs/nlockmgr:default
    online 13:29:10 svc:/application/font/fc-cache:default
    online 13:29:10 svc:/network/rpc/gss:default
    online 13:29:10 svc:/network/rpc/smserver:default
    online 13:29:10 svc:/application/x11/xvnc-inetd:default
    online 13:29:10 svc:/network/security/ktkt_warn:default
    online 13:29:10 svc:/network/rpc/cde-ttdbserver:tcp
    online 13:29:10 svc:/network/rpc/cde-calendar-manager:default
    online 13:29:10 svc:/system/filesystem/autofs:default
    online 13:29:10 svc:/application/cups/scheduler:default
    online 13:29:10 svc:/system/dumpadm:default
    online 13:29:10 svc:/network/ssh:default
    online 13:29:10 svc:/milestone/self-assembly-complete:default
    online 13:29:11 svc:/system/system-log:default
    online 13:29:11 svc:/application/pkg/update:default
    online 13:29:11 svc:/system/auditd:default
    online 13:29:11 svc:/system/console-login:default
    online 13:29:11 svc:/system/vtdaemon:default
    online 13:29:11 svc:/system/console-login:vt4
    online 13:29:11 svc:/system/console-login:vt3
    online 13:29:11 svc:/system/console-login:vt2
    online 13:29:11 svc:/system/console-login:vt6
    online 13:29:11 svc:/system/console-login:vt5
    online 13:29:11 svc:/milestone/multi-user:default
    online 13:29:11 svc:/application/man-index:default
    online 13:29:11 svc:/application/graphical-login/gdm:default
    online 13:29:11 svc:/milestone/multi-user-server:default
    online 13:29:11 svc:/system/intrd:default
    online 13:29:11 svc:/system/zones:default
    online 13:29:11 svc:/system/zones-install:default
    online 13:29:12 svc:/application/stosreg:default
    online 13:29:12 svc:/system/boot-config:default
    online 13:29:15 svc:/system/fmd:default
    online 13:29:15 svc:/system/fm/smtp-notify:default
    online 13:29:16 svc:/system/fm/asr-notify:default
    online 13:29:25 svc:/system/devchassis:daemon
    online 13:29:32 svc:/network/ilomconfig-interconnect:default
    online 13:29:32 svc:/system/ocm:default
    online 13:29:41 svc:/system/console-reset:default
    online 13:29:53 svc:/application/texinfo-update:default
    online 13:58:19 svc:/system/name-service/switch:default
    online 13:58:19 svc:/milestone/name-services:default
    online 13:58:19 svc:/network/sendmail-client:default
    online 13:58:19 svc:/network/smtp:sendmail
    online 13:58:19 svc:/network/nfs/client:default
    online 13:58:35 svc:/system/name-service/cache:default
    maintenance 13:38:48 svc:/network/ldap/client:default
    Edited by: 1502 on Dec 5, 2012 2:45 PM

  • Heimdal with LDAP backend?

    Has anyone gotten the LDAP backend for Heimdal to work? I've recompiled Heimdal with ldap backend support, and I have LDAP all set up, but no matter what I do, when I run kadmin to init the realm, I get this:
    [arew264@Reno src]$ sudo kadmin -l
    kadmin> init LINUXLAB.FHS
    kadmin: hdb_open: ldap_sasl_bind_s: Can't contact LDAP server
    From what I've read, Heimdal connects to LDAP through the unix socket that LDAP creates when you start it with the option "-h ldapi://", but if I start it with this option, it crashes with a file not found error. I think it's trying to create a socket in the directory where it was built because it outputs this:
    [arew264@Reno slapd]$ sudo /usr/sbin/slapd -h ldapi:// -f /etc/openldap/slapd.conf -d 1023
    @(#) $OpenLDAP: slapd 2.3.40 (Jan 17 2008 23:58:45) $
    nobody@tygra:/build/src/openldap-2.3.40/servers/slapd
    daemon_init: ldapi://
    daemon_init: listen on ldapi://
    daemon_init: 1 listeners to open...
    ldap_url_parse_ext(ldapi://)
    daemon: bind(7) failed errno=2 (No such file or directory)
    slap_open_listener: failed on ldapi://
    slapd stopped.
    connections_destroy: nothing to destroy.
    [arew264@Reno slapd]$
    That nobody@tygra line... that must be from the package maintainer's computer because, as you can see, my box is named Reno.

    I answered my own question. Appending LDAPI:// to the server list tells OpenLDAP to create a unix socket at... /var/lib/openldap/run/ldapi. Apparantly it's a strange side effect of the configure options that TomK used.

  • Problems setting up ldap on solaris 10.

    when trying to set up LDAP on Solaris 10 I am asked for an LDAP profile and the address of the ldap server. I know the address of the LDAP server but what is the profile, and how do I set it up with active directory?

    Hi,
    The profile defines how the client will interact with the server. On a Solaris server, you set this file up with the /usr/lib/ldap/idsconfig command. On the client, you use ldapclient init -a profileName=xyz -a domainName=your.domain <server.ip.adderss.here:portno> portno not necessary if you are using port 389 on server. I'm not sure how you duplicate the functionality of that file from a Windows server. Maybe if you look at man page on idsconfig, it may help identify what needs to be done on Windows server to create a profile the Solaris client can use. I went to MS TechNet and searched for "ldap server for solaris client" A lot of hits. Hope this helps.
    John

  • Untrusted server cert chain - while connecting with ldap

    Hi All,
    I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
    javax.naming.CommunicationException: hostname:636 [Root exception is ja
    vax.net.ssl.SSLException: untrusted server cert chain]
    javax.naming.CommunicationException: hostname:636. Root exception is j
    avax.net.ssl.SSLException: untrusted server cert chain
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
    275)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
    at java.io.OutputStream.write(Unknown Source)
    at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.<init>(Unknown Source)
    at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
    at Test2.getProxyDirContext(Test2.java:66)
    at Test2.main(Test2.java:40)
    Any help would be appreciated
    Thanks in Advance
    Somu

    This got resolved when in the code the following
    System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
    where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
    in X509 format

  • Problem with LDAP in BEA Portal

    Problem with LDAP in BEA Portal
    I have a list of 50 user which should be cerated in portal staging(devlopment) machine and should be transfered to
    production machine using LDAP
    Steps which i followed to create Users
    1.Create User Profile with 2 parameters branch and Role
    2.I have list user in the Xls file with Username,password ,branch and Role
    3.Write a java File which will read the Xls File
    4.The users are created in the staging machine for the portal
    Steps which i followed in LDAP to tranfer the created User form Devlopment to Production
    1.Export the created user from Devlopment (which was moved as .DAT in my local directory)
    2.import the user from local direcory to production machine
    The Users are imported in the production machine with username and password but the role and branch values are empty
    We need a solution for importing the user with role and branch corresponding to each user.
    Thanks in Adv
    Suresh

    In Portal 8.1, user name and password in stored in LDAP where as user profile values are stored in database. That is the reason you are not able to see the user profile values.
    Check once again whether you can see these values through admin tool. In case,it is not(after confirmation again),you might have to use APIs to do this for you incase you dont want to manage through Admin Tool.
    Thanks,
    Prashanth Bhat.

  • Problem with IPSec on  solaris 9

    Hi all
    I'm facing a problem with IPSec on solaris 9 that I didn't have with Solaris 8 (With the Security package installed).
    I've an application that creates SA's by using the pf-key interface.
    What it does is first doing a GETSPI to a specific SPI and a specific Destination IP Address.
    This will create an SA and put it in a LARVAL state. After about a minute my application will do an UPDATE to this SPI and that command should change the state of the SA from LARVAL to MATURE but instead I get an error saying that this SPI & IP address already exist (errno = 17).
    Well of course it's already exist that's the all point it should just change the state of an existing SA.
    This exact scenarion was is working fine on Solaris 8.
    Am I doing somthing wrong (maybe there is a package on the solaris 9 that I need to install ?)
    or is this a bug in solaris 9.
    If anyone has any idea on how to do that (without using a one step ADD for a new SA) I will be very thankfull.

    Sorry for using reply for querying.
    I got a problem in creating a Security Association using the PF_KEY Socket (first used SADB_GETSPI and got SPI,with SPI tried to update SADB_UPDATE).
    Getting this problem on Sun Solaris 8.
    It returns errno 122 . operation not supported.
    Here is my mailId [email protected]
    I got few more queries regarding PF_KEY socket.
    Not much directions are available also for pf_key socket in internet.
    Monitor produces the following error.
    # ipseckey monitor
    "Base message (version 2) type UPDATE, SA type AH.
    Error Operation not supported on transport endpoint from PF_KEY.
    Message length 16 bytes, seq=4294967294, pid=450."
    Here is my mailId [email protected]
    Thanks in Advance.
    ssundar.

  • Error in authentication with ldap server with certificate

    Hi,
    i have a problem in authentication with ldap server with certificate.
    here i am using java API to authenticate.
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
    I issued the new certificate which is having the up to 5 years valid time.
    is java will authenticate up to one year only?
    Can any body help on this issue...
    Regards
    Ranga

    sorry i am gettting ythe same error
    javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
    here when i am using the old certificate and changing the system date means i can get the authentication.
    can you tell where we can concentrate and solve the issue..
    where is the issue
    1. need to check with the ldap server only
    2. problem in java code only.
    thanks in advance

  • Problem with users in portal - login conflict with LDAP.

    Hi.
    Let me describe our problem:
    We've a EP5 portal with LDAP conected to a central LDAP server, users access with the same user and password to all the different systems.
    The problem happens to users who have theyr passwords expired. We already set to 0 the password expiration days to avoid future problems but that didn't applied to the already expired ones.
    This affected users cannot change the password due to problems with the connection rights to LDAP server.
    We're trying to find the place there it's set that the user is in some kind of "password expired" status, directly in a database table if neccesary, to change the status manually, as system does not allow os to set it by user administration in portal.
    Any suggestions would be appreciated.

    Restoring expired Portal passwords
    Solved

Maybe you are looking for

  • Class or function module to create a resubmission

    Hallo, can anyone give me an example for generate a resubmission via ABAP-Code? I'll develop a WebDynpro application for contracting and when I save I'll generate automatical the resubmission. thank you! Greetings Martin

  • SOAP Receiver: Problem with SOAP Multipart Request (wsdl:part)

    Dear PI experts, our partner provided a WSDL with the following definition (I modified it to keep it simple and showing the principles)    <wsdl:message name="nameOfMessage">       <wsdl:part element="part1" name="header" />       <wsdl:part element=

  • Audigy Player: Strange problem w/ internal inp

    Hello everybody! Since I'm running WinXP Pro I've encountered a really strange problem with my internal inputs. I have a DVB-s card connected and cannot hear any sound. Currently I have to use the external output of the DVB-card and the external Line

  • Report Issue: User History & Application Usage

    Hello, I am trying to run reports on some machines in my office. In the past I was able to run them. Now when I try to run them it, it sits scanning and says Waiting for report data and it never retrieves the info. What is wrong?

  • EWA Reports

    Hi All, I use SAP 4.7 enterprise x200 i have configured the EWA reports through my solution manger (kernel 700) in the EWA report we encounter certain issues. in System Config -> S/W Config -> SAP Kernel release (3.2.2) i have kept all my systems in