JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Working With Naming and Directory Services in Oracle Solaris 11.1     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I About Naming and Directory Services

1.  Naming and Directory Services (Overview)

2.  Name Service Switch (Overview)

3.  Managing DNS (Tasks)

4.  Setting Up Oracle Solaris Active Directory Clients (Tasks)

Part II NIS Setup and Administration

5.  Network Information Service (Overview)

6.  Setting Up and Configuring NIS (Tasks)

7.  Administering NIS (Tasks)

8.  NIS Troubleshooting

Part III LDAP Naming Services

9.  Introduction to LDAP Naming Services (Overview)

10.  Planning Requirements for LDAP Naming Services (Tasks)

11.  Setting Up Oracle Directory Server Enterprise Edition With LDAP Clients (Tasks)

12.  Setting Up LDAP Clients (Tasks)

13.  LDAP Troubleshooting (Reference)

Monitoring LDAP Client Status

Verifying That the ldap_cachemgr Daemon Is Running

Checking the Current Profile Information

Verifying Basic Client-Server Communication

Checking Server Data From a Non-Client Machine

LDAP Configuration Problems and Solutions

Unresolved Host Name

Unable to Reach Systems in the LDAP Domain Remotely

Login Does Not Work

Lookup Too Slow

ldapclient Command Cannot Bind to a Server

Using the ldap_cachemgr Daemon for Debugging

ldapclient Command Hangs During Setup

14.  LDAP Naming Service (Reference)

15.  Transitioning From NIS to LDAP (Tasks)

Glossary

Index

Monitoring LDAP Client Status

The following sections show various commands to help determine the state of the LDAP client environment. Also see the man pages for additional information about the options that can be used.

For an overview of the Service Management Facility (SMF), refer to Chapter 2, Managing Services (Overview), in Managing Services and Faults in Oracle Solaris 11.1. Also refer to the svcadm(1M) and svcs(1) man pages for more details.

Verifying That the ldap_cachemgr Daemon Is Running

The ldap_cachemgr daemon must be running and functioning correctly at all times. Otherwise, the system doesn't work. When you set up and start the LDAP client service, svc:/network/ldap/client, the client SMF method automatically starts the ldap_cachemgr daemon. The following methods determine if the LDAP client service is online:

For more information about the ldap_cachemgr daemon, see the ldap_cachemgr(1M) man page.

Checking the Current Profile Information

Become superuser or assume an equivalent role, and run ldapclient with the list option.

# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=west,dc=example,dc=com
NS_LDAP_BINDPASSWD= {NS1}4a3788e8c053424f
NS_LDAP_SERVERS= 192.168.0.1, 192.168.0.10
NS_LDAP_SEARCH_BASEDN= dc=west,dc=example,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= 192.168.0.1
NS_LDAP_PROFILE= pit1
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=people,?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=group,dc=west,dc=example,dc=com?one
NS_LDAP_BIND_TIME= 5

The current profile information can be viewed using the svccfgor svcprop command, or the ldapclient command with the list option. See the ldapclient(1M) man page for specific information about every available property setting.

Verifying Basic Client-Server Communication

The best way to show that your client is talking to the LDAP server is with the ldaplist command. Using ldaplist with no arguments dumps all the containers on the server. This works as long as the containers exist, and do not have to be populated. See the ldaplist(1) man page for more information.

If the first step works, you can try ldaplist passwd username or ldaplist hosts hostname but if they contain lots of data you might want to pick a less populated service, or pipe them to head or more.

Checking Server Data From a Non-Client Machine

Most of the commands in the preceding sections assume that you have already created an LDAP client. If you have not created a client and want to check the data on the server, use the ldapsearch command. The following example lists all of the containers.

# ldapsearch -h server1 -b "dc=west,dc=example,dc=com" -s one "objectclass=*" 

The default output for the ldapsearch command is the industry standardized LDIF format that is defined by RFC-2849. All versions of ldapsearch can output LDIF format using the -L option.