Asset ID:	1-75-1020259.1
Update Date:	2010-08-13
Keywords:

---

Solution Type  Troubleshooting Sure

Solution  1020259.1 :   Sun[TM] SPARC Enterprise Mx000: Troubleshooting LDAP client service on the XSCFU  


PreviouslyPublishedAs
255028

Applies to:

Sun SPARC Enterprise M3000 Server
Sun SPARC Enterprise M4000 Server
Sun SPARC Enterprise M5000 Server
Sun SPARC Enterprise M8000 Server
Sun SPARC Enterprise M9000-32 Server - Version: Not Applicable and later    [Release: NA and later]
All Platforms

Purpose

This document deals with some of the problems that may be encountered during the setup and configuration of a Mx000 Service Processor as LDAP client.

Last Review Date

August 13, 2010

Instructions for the Reader

Troubleshooting Details

Troubleshooting steps for the setup of a LDAP client on the Mx000 Service Processor.

The SPARC Enterprise Mx000 Servers Administration Guide, section To Configure the XSCF as an LDAP Client describes the steps for configuring a XSCF as a LDAP client. This document lists some of the symptoms that might be seen during the configuration of XSCF as a LDAP client and describes the steps in resolving them.

1.  The showlookup command fails:

Solution: According to showlookup man page the user should have useradm or fieldeng privileges to execute this command.


2. The showlookup command shows only local lookup.

Solution: Use setlookup command to add authentication and privilege for ldap lookup.


3. The showldap command does not display server bound information:

Solution: The ldap server configuration is not established.
Use setldap command. See documentation in SPARC Enterprise Mx000 Servers Administration Guide, section To Configure the XSCF as an LDAP Client.

Please note that the shown above is setup when creating the proxyagent account on the server. It might be set while using the idsconfig command to setup the iPlanet  Directory Server (iDS) or while adding a LDIF account after loading the Directory  server application.


XSCF> setldap -B ou=people,dc=netadm,dc=com
XSCF> setldap -T 60


Once configured, the output of showldap will display something similar to the  following output.

XSCF> showldap
Bind Name:               cn=proxyagent,ou=profile,dc=netadm,dc=com
Base Distinguished Name: ou=people,dc=netadm,dc=com
LDAP Search Timeout:     60
Bind Password:           Set
LDAP Servers:            ldap://10.8.118.223:389
CERTS:                   None
XSCF>


4. The setldap command fails.

XSCF> setldap -t xy1234
10.8.118.223:389        FAILED
User or user's password entry does not exist
XSCF>


This is a generic message which could be caused by a variety of reasons.

Solution: This may be caused by a variety of reasons.

A.  Make sure the XSCF has network connectivity so that it can access the ldap server.  Use shownetwork -a" command, ssh command and ping or ssh from the ldap server to make sure that the XSCF is configured properly to access the network.

B.  Make sure the password provided during the setldap command is the correct password as indicated by the ldap server admin. Check with the ldap server administrator to make sure the password is correct.

C.  Check the ldap server logs for error messages. Verify that the ldap client's IP address is seen in the log.

Once the problems are resolved, the setldap should display the following output:

XSCF>  setldap -t xy1234
10.8.118.223:389        PASSED
XSCF>


Now, the user can login into the XSCF.

login: xy1234
Password:
XSCF> showuser
User Name:         xy1234 (nonlocal)
UID:               2000
Privileges:        None
XSCF>


Please note the (nonlocal) user setting for the user, xy1234.

Attachments

This solution has no attachment