IRIX 6.5.5 and LDAP? - SGI

This is a discussion on IRIX 6.5.5 and LDAP? - SGI ; I have an old IRIX 6.5.5 that I may not upgrade. I have modified /var/ns/ldap.conf to see my ldap server and bounced the box. How do I test the box is talking to the ldap server? I have tried 'nsadmin ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: IRIX 6.5.5 and LDAP?

  1. IRIX 6.5.5 and LDAP?

    I have an old IRIX 6.5.5 that I may not upgrade. I have modified /var/ns/ldap.conf
    to see my ldap server and bounced the box. How do I test the box is talking to
    the ldap server? I have tried 'nsadmin get passwd', but only get the local passwd
    file.

    Mike

  2. Re: IRIX 6.5.5 and LDAP?

    Mike wrote:

    > I have an old IRIX 6.5.5 that I may not upgrade. I have modified
    > /var/ns/ldap.conf to see my ldap server and bounced the box. How do I test
    > the box is talking to the ldap server? I have tried 'nsadmin get passwd',
    > but only get the local passwd file.


    Assuming that you have set your /etc/nsswitch.conf correctly, try to id an
    ldap only user. If your ldap stuff is configured properly you should get
    their details.



  3. Re: IRIX 6.5.5 and LDAP?

    Mike wrote:
    > I have an old IRIX 6.5.5 that I may not upgrade. I have modified /var/ns/ldap.conf
    > to see my ldap server and bounced the box. How do I test the box is talking to
    > the ldap server? I have tried 'nsadmin get passwd', but only get the local passwd
    > file.
    >
    > Mike


    Or try a search:

    ldapsearch -LL -H ldap://localhost -b "dc=my,dc=domain,dc=com" -x
    "(uid=username)"

    A few options might be somewhat different on IRIX, please consult the
    manpage.

    HTH,

    Wimmy

    --
    Being owned by someone used to be called slavery.
    Now it's called commitment.

  4. Re: IRIX 6.5.5 and LDAP?

    Wim Cossement writes:

    > Or try a search:
    >
    > ldapsearch -LL -H ldap://localhost -b "dc=my,dc=domain,dc=com" -x
    > "(uid=username)"


    If openldap tools are installed. It's not a part of the system's
    own LDAP kit.

    --
    Atro Tossavainen (Mr.) / The Institute of Biotechnology at
    Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
    +358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
    < URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS

  5. Re: IRIX 6.5.5 and LDAP?

    On 2006-10-03, btc wrote:
    > Mike wrote:
    >
    >> I have an old IRIX 6.5.5 that I may not upgrade. I have modified
    >> /var/ns/ldap.conf to see my ldap server and bounced the box. How do I test
    >> the box is talking to the ldap server? I have tried 'nsadmin get passwd',
    >> but only get the local passwd file.

    >
    > Assuming that you have set your /etc/nsswitch.conf correctly, try to id an
    > ldap only user. If your ldap stuff is configured properly you should get
    > their details.


    I didn't know id(8) could search for other users, thanks. Here is my
    /etc/nsswitch.conf. It looks right to me, though I cannot find a user by id.

    # id root
    uid=0(root) gid=0(sys)
    # id mikee
    id user: mikee does not exist
    # cat /etc/nsswitch.conf
    #
    # This is the SGI default nsswitch.conf file. This file determines
    # the maps that will be maintained by nsd, which methods will be
    # used to lookup information for a map, and what order the methods
    # are called in.
    #
    # For details on this file see the nsswitch.conf(4) manual page.
    #
    # After editing this file the nsd daemon must be sent a SIGHUP signal for
    # it to notice. Do a "killall -HUP nsd".
    #
    automount(dynamic): files(nis_enumerate_key)
    #bootparams: files
    capability: files
    clearance: files
    ethers: files
    group: files
    hosts: files dns
    mac: files
    mail(null_extend_key): ndbm(file=/etc/aliases)
    netgroup: files
    #netid.byname: nis
    networks: files
    #passwd: files(compat) [notfound=return] ldap
    passwd: files(compat) ldap
    protocols: nis [success=return] files
    rpc: files
    services: files
    shadow(mode=0700): files
    #ypservers: nis


    I'm not familiar with 'files(compat)'. I added 'ldap' to the end.

    Mike

  6. Re: IRIX 6.5.5 and LDAP?

    On 2006-10-03, Mike wrote:
    > On 2006-10-03, btc wrote:
    >> Mike wrote:
    >>
    >>> I have an old IRIX 6.5.5 that I may not upgrade. I have modified
    >>> /var/ns/ldap.conf to see my ldap server and bounced the box. How do I test
    >>> the box is talking to the ldap server? I have tried 'nsadmin get passwd',
    >>> but only get the local passwd file.

    >>
    >> Assuming that you have set your /etc/nsswitch.conf correctly, try to id an
    >> ldap only user. If your ldap stuff is configured properly you should get
    >> their details.

    >
    > I didn't know id(8) could search for other users, thanks. Here is my
    > /etc/nsswitch.conf. It looks right to me, though I cannot find a user by id.
    >
    > # id root
    > uid=0(root) gid=0(sys)
    > # id mikee
    > id user: mikee does not exist
    > # cat /etc/nsswitch.conf
    > #
    > # This is the SGI default nsswitch.conf file. This file determines
    > # the maps that will be maintained by nsd, which methods will be
    > # used to lookup information for a map, and what order the methods
    > # are called in.
    > #
    > # For details on this file see the nsswitch.conf(4) manual page.
    > #
    > # After editing this file the nsd daemon must be sent a SIGHUP signal for
    > # it to notice. Do a "killall -HUP nsd".
    > #
    > automount(dynamic): files(nis_enumerate_key)
    > #bootparams: files
    > capability: files
    > clearance: files
    > ethers: files
    > group: files
    > hosts: files dns
    > mac: files
    > mail(null_extend_key): ndbm(file=/etc/aliases)
    > netgroup: files
    > #netid.byname: nis
    > networks: files
    > #passwd: files(compat) [notfound=return] ldap
    > passwd: files(compat) ldap
    > protocols: nis [success=return] files
    > rpc: files
    > services: files
    > shadow(mode=0700): files
    > #ypservers: nis
    >
    >
    > I'm not familiar with 'files(compat)'. I added 'ldap' to the end.
    >
    > Mike


    I can make a few changes to an irix 6.5.27m box. I have modified the
    /var/ns/ldap.conf and /etc/nsswitch.conf files. I can successfully use
    ldapsearch to query my ldap server. Using the id command I still am able
    to execute 'id root' since that acount is local. I cannot use the 'id mikee'
    command to successfully query ldap for my account. When I kill nsd and
    restart it using 'nsd -l6 -v' The daemon complains that it is not able
    to find my ldap server 'ldaphost.DOMAIN.com'. Using nslookup I get a proper
    resolution to 'nslookup ldaphost.DOMAIN.com'. I do have to use the -h on
    ldapsearch giving my ldap server for ldapsearch to work.

    Where is someplace to look why ldapsearch and nsd are not finding my
    ldap server?

    Mike

  7. Re: IRIX 6.5.5 and LDAP?

    On 2006-10-03, Mike wrote:
    > On 2006-10-03, Mike wrote:
    >> On 2006-10-03, btc wrote:
    >>> Mike wrote:
    >>>
    >>>> I have an old IRIX 6.5.5 that I may not upgrade. I have modified
    >>>> /var/ns/ldap.conf to see my ldap server and bounced the box. How do I test
    >>>> the box is talking to the ldap server? I have tried 'nsadmin get passwd',
    >>>> but only get the local passwd file.
    >>>
    >>> Assuming that you have set your /etc/nsswitch.conf correctly, try to id an
    >>> ldap only user. If your ldap stuff is configured properly you should get
    >>> their details.

    >>
    >> I didn't know id(8) could search for other users, thanks. Here is my
    >> /etc/nsswitch.conf. It looks right to me, though I cannot find a user by id.
    >>
    >> # id root
    >> uid=0(root) gid=0(sys)
    >> # id mikee
    >> id user: mikee does not exist
    >> # cat /etc/nsswitch.conf
    >> #
    >> # This is the SGI default nsswitch.conf file. This file determines
    >> # the maps that will be maintained by nsd, which methods will be
    >> # used to lookup information for a map, and what order the methods
    >> # are called in.
    >> #
    >> # For details on this file see the nsswitch.conf(4) manual page.
    >> #
    >> # After editing this file the nsd daemon must be sent a SIGHUP signal for
    >> # it to notice. Do a "killall -HUP nsd".
    >> #
    >> automount(dynamic): files(nis_enumerate_key)
    >> #bootparams: files
    >> capability: files
    >> clearance: files
    >> ethers: files
    >> group: files
    >> hosts: files dns
    >> mac: files
    >> mail(null_extend_key): ndbm(file=/etc/aliases)
    >> netgroup: files
    >> #netid.byname: nis
    >> networks: files
    >> #passwd: files(compat) [notfound=return] ldap
    >> passwd: files(compat) ldap
    >> protocols: nis [success=return] files
    >> rpc: files
    >> services: files
    >> shadow(mode=0700): files
    >> #ypservers: nis
    >>
    >>
    >> I'm not familiar with 'files(compat)'. I added 'ldap' to the end.
    >>
    >> Mike

    >
    > I can make a few changes to an irix 6.5.27m box. I have modified the
    > /var/ns/ldap.conf and /etc/nsswitch.conf files. I can successfully use
    > ldapsearch to query my ldap server. Using the id command I still am able
    > to execute 'id root' since that acount is local. I cannot use the 'id mikee'
    > command to successfully query ldap for my account. When I kill nsd and
    > restart it using 'nsd -l6 -v' The daemon complains that it is not able
    > to find my ldap server 'ldaphost.DOMAIN.com'. Using nslookup I get a proper
    > resolution to 'nslookup ldaphost.DOMAIN.com'. I do have to use the -h on
    > ldapsearch giving my ldap server for ldapsearch to work.
    >
    > Where is someplace to look why ldapsearch and nsd are not finding my
    > ldap server?
    >
    > Mike


    I found /etc/openldap/ldap.conf. Edited that file and now ldapsearch without
    requiring the -h HOST switch. I stopped, started, and flushed nsd with no
    positive results.

    Mike

  8. Re: IRIX 6.5.5 and LDAP?

    Mike wrote:
    > On 2006-10-03, Mike wrote:
    >> On 2006-10-03, Mike wrote:
    >>> On 2006-10-03, btc wrote:
    >>>> Mike wrote:
    >>>>
    >>>>> I have an old IRIX 6.5.5 that I may not upgrade. I have modified
    >>>>> /var/ns/ldap.conf to see my ldap server and bounced the box. How do I test
    >>>>> the box is talking to the ldap server? I have tried 'nsadmin get passwd',
    >>>>> but only get the local passwd file.
    >>>> Assuming that you have set your /etc/nsswitch.conf correctly, try to id an
    >>>> ldap only user. If your ldap stuff is configured properly you should get
    >>>> their details.
    >>> I didn't know id(8) could search for other users, thanks. Here is my
    >>> /etc/nsswitch.conf. It looks right to me, though I cannot find a user by id.
    >>>
    >>> # id root
    >>> uid=0(root) gid=0(sys)
    >>> # id mikee
    >>> id user: mikee does not exist
    >>> # cat /etc/nsswitch.conf
    >>> #
    >>> # This is the SGI default nsswitch.conf file. This file determines
    >>> # the maps that will be maintained by nsd, which methods will be
    >>> # used to lookup information for a map, and what order the methods
    >>> # are called in.
    >>> #
    >>> # For details on this file see the nsswitch.conf(4) manual page.
    >>> #
    >>> # After editing this file the nsd daemon must be sent a SIGHUP signal for
    >>> # it to notice. Do a "killall -HUP nsd".
    >>> #
    >>> automount(dynamic): files(nis_enumerate_key)
    >>> #bootparams: files
    >>> capability: files
    >>> clearance: files
    >>> ethers: files
    >>> group: files
    >>> hosts: files dns
    >>> mac: files
    >>> mail(null_extend_key): ndbm(file=/etc/aliases)
    >>> netgroup: files
    >>> #netid.byname: nis
    >>> networks: files
    >>> #passwd: files(compat) [notfound=return] ldap
    >>> passwd: files(compat) ldap
    >>> protocols: nis [success=return] files
    >>> rpc: files
    >>> services: files
    >>> shadow(mode=0700): files
    >>> #ypservers: nis
    >>>
    >>>
    >>> I'm not familiar with 'files(compat)'. I added 'ldap' to the end.
    >>>
    >>> Mike

    >> I can make a few changes to an irix 6.5.27m box. I have modified the
    >> /var/ns/ldap.conf and /etc/nsswitch.conf files. I can successfully use
    >> ldapsearch to query my ldap server. Using the id command I still am able
    >> to execute 'id root' since that acount is local. I cannot use the 'id mikee'
    >> command to successfully query ldap for my account. When I kill nsd and
    >> restart it using 'nsd -l6 -v' The daemon complains that it is not able
    >> to find my ldap server 'ldaphost.DOMAIN.com'. Using nslookup I get a proper
    >> resolution to 'nslookup ldaphost.DOMAIN.com'. I do have to use the -h on
    >> ldapsearch giving my ldap server for ldapsearch to work.
    >>
    >> Where is someplace to look why ldapsearch and nsd are not finding my
    >> ldap server?
    >>
    >> Mike

    >
    > I found /etc/openldap/ldap.conf. Edited that file and now ldapsearch without
    > requiring the -h HOST switch. I stopped, started, and flushed nsd with no
    > positive results.
    >
    > Mike


    Mike, do you use LDAP over an encrypted connection?

    Wim
    --
    Being owned by someone used to be called slavery.
    Now it's called commitment.

  9. Re: IRIX 6.5.5 and LDAP?

    On 2006-10-03, Wim Cossement wrote:
    > Mike wrote:
    >> On 2006-10-03, Mike wrote:
    >>> On 2006-10-03, Mike wrote:
    >>>> On 2006-10-03, btc wrote:
    >>>>> Mike wrote:
    >>>>>
    >>>>>> I have an old IRIX 6.5.5 that I may not upgrade. I have modified
    >>>>>> /var/ns/ldap.conf to see my ldap server and bounced the box. How do I test
    >>>>>> the box is talking to the ldap server? I have tried 'nsadmin get passwd',
    >>>>>> but only get the local passwd file.
    >>>>> Assuming that you have set your /etc/nsswitch.conf correctly, try to id an
    >>>>> ldap only user. If your ldap stuff is configured properly you should get
    >>>>> their details.
    >>>> I didn't know id(8) could search for other users, thanks. Here is my
    >>>> /etc/nsswitch.conf. It looks right to me, though I cannot find a user by id.
    >>>>
    >>>> # id root
    >>>> uid=0(root) gid=0(sys)
    >>>> # id mikee
    >>>> id user: mikee does not exist
    >>>> # cat /etc/nsswitch.conf
    >>>> #
    >>>> # This is the SGI default nsswitch.conf file. This file determines
    >>>> # the maps that will be maintained by nsd, which methods will be
    >>>> # used to lookup information for a map, and what order the methods
    >>>> # are called in.
    >>>> #
    >>>> # For details on this file see the nsswitch.conf(4) manual page.
    >>>> #
    >>>> # After editing this file the nsd daemon must be sent a SIGHUP signal for
    >>>> # it to notice. Do a "killall -HUP nsd".
    >>>> #
    >>>> automount(dynamic): files(nis_enumerate_key)
    >>>> #bootparams: files
    >>>> capability: files
    >>>> clearance: files
    >>>> ethers: files
    >>>> group: files
    >>>> hosts: files dns
    >>>> mac: files
    >>>> mail(null_extend_key): ndbm(file=/etc/aliases)
    >>>> netgroup: files
    >>>> #netid.byname: nis
    >>>> networks: files
    >>>> #passwd: files(compat) [notfound=return] ldap
    >>>> passwd: files(compat) ldap
    >>>> protocols: nis [success=return] files
    >>>> rpc: files
    >>>> services: files
    >>>> shadow(mode=0700): files
    >>>> #ypservers: nis
    >>>>
    >>>>
    >>>> I'm not familiar with 'files(compat)'. I added 'ldap' to the end.
    >>>>
    >>>> Mike
    >>> I can make a few changes to an irix 6.5.27m box. I have modified the
    >>> /var/ns/ldap.conf and /etc/nsswitch.conf files. I can successfully use
    >>> ldapsearch to query my ldap server. Using the id command I still am able
    >>> to execute 'id root' since that acount is local. I cannot use the 'id mikee'
    >>> command to successfully query ldap for my account. When I kill nsd and
    >>> restart it using 'nsd -l6 -v' The daemon complains that it is not able
    >>> to find my ldap server 'ldaphost.DOMAIN.com'. Using nslookup I get a proper
    >>> resolution to 'nslookup ldaphost.DOMAIN.com'. I do have to use the -h on
    >>> ldapsearch giving my ldap server for ldapsearch to work.
    >>>
    >>> Where is someplace to look why ldapsearch and nsd are not finding my
    >>> ldap server?
    >>>
    >>> Mike

    >>
    >> I found /etc/openldap/ldap.conf. Edited that file and now ldapsearch without
    >> requiring the -h HOST switch. I stopped, started, and flushed nsd with no
    >> positive results.
    >>
    >> Mike

    >
    > Mike, do you use LDAP over an encrypted connection?
    >
    > Wim


    I have the ssl lines in /var/ns/ldap.conf commented out and the ldap server
    does not accept/listen to ssl connections.

    Mike

  10. Re: IRIX 6.5.5 and LDAP?

    Mike wrote:

    > On 2006-10-03, btc wrote:
    >> Mike wrote:
    >>
    >>> I have an old IRIX 6.5.5 that I may not upgrade. I have modified
    >>> /var/ns/ldap.conf to see my ldap server and bounced the box. How do I
    >>> test the box is talking to the ldap server? I have tried 'nsadmin get
    >>> passwd', but only get the local passwd file.

    >>
    >> Assuming that you have set your /etc/nsswitch.conf correctly, try to id
    >> an
    >> ldap only user. If your ldap stuff is configured properly you should get
    >> their details.

    >
    > I didn't know id(8) could search for other users, thanks. Here is my
    > /etc/nsswitch.conf. It looks right to me, though I cannot find a user by
    > id.
    >
    > # id root
    > uid=0(root) gid=0(sys)
    > # id mikee
    > id user: mikee does not exist
    > # cat /etc/nsswitch.conf
    > #
    > # This is the SGI default nsswitch.conf file. This file determines
    > # the maps that will be maintained by nsd, which methods will be
    > # used to lookup information for a map, and what order the methods
    > # are called in.
    > #
    > # For details on this file see the nsswitch.conf(4) manual page.
    > #
    > # After editing this file the nsd daemon must be sent a SIGHUP signal for
    > # it to notice. Do a "killall -HUP nsd".
    > #
    > automount(dynamic): files(nis_enumerate_key)
    > #bootparams: files
    > capability: files
    > clearance: files
    > ethers: files
    > group: files
    > hosts: files dns
    > mac: files
    > mail(null_extend_key): ndbm(file=/etc/aliases)
    > netgroup: files
    > #netid.byname: nis
    > networks: files
    > #passwd: files(compat) [notfound=return] ldap
    > passwd: files(compat) ldap
    > protocols: nis [success=return] files
    > rpc: files
    > services: files
    > shadow(mode=0700): files
    > #ypservers: nis
    >
    >
    > I'm not familiar with 'files(compat)'. I added 'ldap' to the end.


    In my experience, using the "compat" option will prevent LDAP users
    appearing when you do a "nsadmin cat passwd", however "id" still returns
    LDAP user details.

    To quote the nsswitch.conf man page:

    "the "compat" flag which will cause it to expand +/- escapes for password
    lookups using the following libraries. Thus, every user must exist in
    the local passwd file, but if a +/- escape exists for them in the file
    the nis protocol is used to expand it."

    So unless you are using NIS, change the "files(compat)" bit to just "files".



  11. Re: IRIX 6.5.5 and LDAP?

    Mike wrote:
    > I can make a few changes to an irix 6.5.27m box. I have modified the
    > /var/ns/ldap.conf and /etc/nsswitch.conf files. I can successfully use
    > ldapsearch to query my ldap server. Using the id command I still am able
    > to execute 'id root' since that acount is local. I cannot use the 'id
    > mikee' command to successfully query ldap for my account. When I kill nsd
    > and restart it using 'nsd -l6 -v' The daemon complains that it is not able
    > to find my ldap server 'ldaphost.DOMAIN.com'. Using nslookup I get a
    > proper resolution to 'nslookup ldaphost.DOMAIN.com'. I do have to use the
    > -h on ldapsearch giving my ldap server for ldapsearch to work.
    >
    > Where is someplace to look why ldapsearch and nsd are not finding my
    > ldap server?


    Try using the IP address of the LDAP server instead of its hostname in
    the /var/ns/ldap.conf file. Despite what it says in the man page, I have
    found that LDAP users won't be returned unless I use the IP address of the
    LDAP server (on my 6.5.24 systems), despite the fact that the hostname
    resolves properly to the correct IP.

  12. Re: IRIX 6.5.5 and LDAP?

    Mike wrote:

    >> Mike, do you use LDAP over an encrypted connection?
    >>
    >> Wim

    >
    > I have the ssl lines in /var/ns/ldap.conf commented out and the ldap server
    > does not accept/listen to ssl connections.
    >
    > Mike


    You need at least Irix 6.5.28 for it but I never succeeded in that stuff :-(

    Anyway, I think I'll give it a go again, and only use encryption for the
    non IRIX machines.

    Wimmy

+ Reply to Thread