| Skip Navigation Links | |
| Exit Print View | |
|
Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. Name Service Switch (Overview)
4. Setting Up Oracle Solaris Active Directory Clients (Tasks)
Part II NIS Setup and Administration
5. Network Information Service (Overview)
6. Setting Up and Configuring NIS (Tasks)
9. Introduction to LDAP Naming Services (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
11. Setting Up Oracle Directory Server Enterprise Edition With LDAP Clients (Tasks)
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
Verifying That the ldap_cachemgr Daemon Is Running
Checking the Current Profile Information
LDAP Configuration Problems and Solutions
Unable to Reach Systems in the LDAP Domain Remotely
ldapclient Command Cannot Bind to a Server
Using the ldap_cachemgr Daemon for Debugging
ldapclient Command Hangs During Setup
14. LDAP Naming Service (Reference)
The following sections show various commands to help determine the state of the LDAP client environment. Also see the man pages for additional information about the options that can be used.
For an overview of the Service Management Facility (SMF), refer to Chapter 2, Managing Services (Overview), in Managing Services and Faults in Oracle Solaris 11.1. Also refer to the svcadm(1M) and svcs(1) man pages for more details.
The ldap_cachemgr daemon must be running and functioning correctly at all times. Otherwise, the system doesn't work. When you set up and start the LDAP client service, svc:/network/ldap/client, the client SMF method automatically starts the ldap_cachemgr daemon. The following methods determine if the LDAP client service is online:
Use the svcs command to see if the service is enabled.
# svcs \*ldap\* STATE STIME FMRI disabled Aug_24 svc:/network/ldap/client:default
Use this command to see all information about the service.
# svcs -l network/ldap/client:default fmri svc:/network/ldap/client:default name LDAP Name Service Client enabled false state disabled next_state none state_time Thu Oct 20 23:04:11 2011 logfile /var/svc/log/network-ldap-client:default.log restarter svc:/system/svc/restarter:default contract_id manifest /lib/svc/manifest/network/ldap/client.xml manifest /lib/svc/manifest/milestone/config.xml manifest /lib/svc/manifest/network/network-location.xml manifest /lib/svc/manifest/system/name-service/upgrade.xml dependency optional_all/none svc:/milestone/config (online) dependency optional_all/none svc:/network/location:default (online) dependency require_all/none svc:/system/filesystem/minimal (online) dependency require_all/none svc:/network/initial (online) dependency require_all/restart svc:/network/nis/domain (online) dependency optional_all/none svc:/system/manifest-import (online) dependency require_all/none svc:/milestone/unconfig (online) dependency optional_all/none svc:/system/name-service/upgrade (online)
Pass the -g option to ldap_cachemgr.
This option provides more extensive status information, which is useful when you diagnose a problem.
# /usr/lib/ldap/ldap_cachemgr -g
cachemgr configuration:
server debug level 0
server log file "/var/ldap/cachemgr.log"
number of calls to ldapcachemgr 19
cachemgr cache data statistics:
Configuration refresh information:
Previous refresh time: 2010/11/16 18:33:28
Next refresh time: 2010/11/16 18:43:28
Server information:
Previous refresh time: 2010/11/16 18:33:28
Next refresh time: 2010/11/16 18:36:08
server: 192.168.0.0, status: UP
server: 192.168.0.1, status: ERROR
error message: Can't connect to the LDAP server
Cache data information:
Maximum cache entries: 256
Number of cache entries: 2For more information about the ldap_cachemgr daemon, see the ldap_cachemgr(1M) man page.
Become superuser or assume an equivalent role, and run ldapclient with the list option.
# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=west,dc=example,dc=com
NS_LDAP_BINDPASSWD= {NS1}4a3788e8c053424f
NS_LDAP_SERVERS= 192.168.0.1, 192.168.0.10
NS_LDAP_SEARCH_BASEDN= dc=west,dc=example,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= 192.168.0.1
NS_LDAP_PROFILE= pit1
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=people,?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=group,dc=west,dc=example,dc=com?one
NS_LDAP_BIND_TIME= 5
The current profile information can be viewed using the svccfgor svcprop command, or the ldapclient command with the list option. See the ldapclient(1M) man page for specific information about every available property setting.
The best way to show that your client is talking to the LDAP server is with the ldaplist command. Using ldaplist with no arguments dumps all the containers on the server. This works as long as the containers exist, and do not have to be populated. See the ldaplist(1) man page for more information.
If the first step works, you can try ldaplist passwd username or ldaplist hosts hostname but if they contain lots of data you might want to pick a less populated service, or pipe them to head or more.
Most of the commands in the preceding sections assume that you have already created an LDAP client. If you have not created a client and want to check the data on the server, use the ldapsearch command. The following example lists all of the containers.
# ldapsearch -h server1 -b "dc=west,dc=example,dc=com" -s one "objectclass=*"
The default output for the ldapsearch command is the industry standardized LDIF format that is defined by RFC-2849. All versions of ldapsearch can output LDIF format using the -L option.
|