AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only
Back to discussions
Expand all | Collapse all

AIX ldap client configuration and ldapsearch

  • 1.  AIX ldap client configuration and ldapsearch

    Posted Fri January 18, 2008 02:05 AM

    Originally posted by: SystemAdmin


    Dear All,

    I am currently setting up a AIX client LDAP to a Sun Directory ONE LDAP 5.2 LDAP server(with referrals) using the 2307 schema.

    But somehow could not get any ldap information using lsuser (lsuser -R LDAP username) command.

    The following is the ldap.cfg file:
    *************************
    ldapservers:192.168.1.1
    binddn:uid=tester,ou=People,o=org,dc=com
    bindpwd:password
    authtype:ldap_auth
    useSSL: no
    userattrmappath:/etc/security/ldap/2307user.map
    groupattrmappath:/etc/security/ldap/2307group.map
    userbasedn:o=org,dc=com
    groupbasedn:o=org,dc=com
    ldapversion:3
    ldapport:389
    searchmode:ALL
    ldaptimeout:0
    ******************************

    I tried using the ldapsearch command with specific host information and could successfully retrieve a host of ldap user details.

    eg:
    ldapsearch -h 192.168.1.1 -p 389 -D "uid=tester,ou=People,o=org,dc=com" -w password -b "o=org,dc=com" objectclass=*

    Questions:
    1: By default, should a ldapsearch command without host details use the ldap server specified in the "ldap.cfg"?
    2: Anyone used an AIX LDAP client to connect to Sun Directory server 5.2 successfully? Is so, is the configuration file similiar to the one you are using?

    Much appreciated if anyone could help.

    Thanks in advance.

    Regards,
    Ray


  • 2.  Re: AIX ldap client configuration and ldapsearch

    Posted Fri January 18, 2008 04:06 PM

    Originally posted by: SystemAdmin


    The difference is that ldapsearch is a part of the LDAP client software and the LDAP authentication is a part of AIX security. When you use ldapsearch to look at the LDAP server this does NOT read the ldap.cfg file, but uses only the command line arguments in AIX. This is different from openLDAP where ldapsearch does read the config file.

    The /etc/security/ldap/ldap.cfg file is created when you run mksecldap -c with the proper commands. This also starts the secldapclientd daemon, which must be running for lsuser -R LDAP to work at all. Starting with AIX 5.3 base ML3, IBM added a debug command 'lsldap' that can be used to list the information from the LDAP server through the secldapclientd daemon.

    So what you are seeing is not suprising, more details on this and related developments are in the Redbook on AIX LDAP Authentication in Heterogeneous Environments.

    Quite a number of customers have got this to work, but details very between setups, so I'd recommend you use support line to help.

    John Tesch


Related Content