Solaris 10 as a LDAP client of OpenLDAP (slapd)

It took me almost three hours to learn basics of LDAP and understand why native Solaris LDAP client doesn’t work with OpenLDAP slapd service…

Good links to start with:
Solaris LDAP client with OpenLDAP server

Solaris 8 OpenLDAP: Configuring

Some screenshots:
GQ LDAP schema dc=lab1

GQ schema view on “Kowalski” username

GQ schema view of “Solaris” profile used by ldapclient(1M) to configure LDAP on solaris OS

Output of ldapclient on solaris box after configuration

2 Responses to “Solaris 10 as a LDAP client of OpenLDAP (slapd)”

  1. I was stuck with this problem and the following did the trick for me:

    ldapclient manual -v \
    -a credentialLevel=proxy \
    -a authenticationMethod=simple \
    -a proxyDN=cn=nss,dc=example,dc=org \
    -a proxyPassword=XXXXXXXX \
    -a defaultServerList=10.21.10.10:389 \
    -a defaultSearchBase=dc=example,dc=org \
    -a domainName=example.org \
    -a followReferrals=false \
    -a attributeMap=group:userpassword=userPassword \
    -a attributeMap=group:memberuid=memberUid \
    -a attributeMap=group:gidnumber=gidNumber \
    -a attributeMap=passwd:gecos=cn \
    -a attributeMap=passwd:gidnumber=gidNumber \
    -a attributeMap=passwd:uidnumber=uidNumber \
    -a attributeMap=passwd:homedirectory=homeDirectory \
    -a attributeMap=passwd:loginshell=loginShell \
    -a attributeMap=shadow:shadowflag=shadowFlag \
    -a attributeMap=shadow:userpassword=userPassword \
    -a objectClassMap=group:posixGroup=posixGroup \
    -a objectClassMap=passwd:posixAccount=posixAccount \
    -a objectClassMap=shadow:shadowAccount=shadowAccount \
    -a serviceSearchDescriptor=passwd:dc=example,dc=org?sub \
    -a serviceSearchDescriptor=group:dc=example,dc=org?sub

  2. rich says:

    What is the purpose of these lines? I don’t have them on my setup and it seams to work. What function does this give me?

    -a followReferrals=false \
    -a attributeMap=group:userpassword=userPassword \
    -a attributeMap=group:memberuid=memberUid \
    -a attributeMap=group:gidnumber=gidNumber \
    -a attributeMap=passwd:gecos=cn \
    -a attributeMap=passwd:gidnumber=gidNumber \
    -a attributeMap=passwd:uidnumber=uidNumber \
    -a attributeMap=passwd:homedirectory=homeDirectory \
    -a attributeMap=passwd:loginshell=loginShell \
    -a attributeMap=shadow:shadowflag=shadowFlag \
    -a attributeMap=shadow:userpassword=userPassword \
    -a objectClassMap=group:posixGroup=posixGroup \
    -a objectClassMap=passwd:posixAccount=posixAccount \
    -a objectClassMap=shadow:shadowAccount=shadowAccount \

    I have the last 2 lines.