SEO

Hi,

I'm begining to go mad on this one, so any help, hint, clue we'll be
welcome for my own mental health ! ;-)


What I'm trying to do is to get an AIX 5.3-ML3 (with IY77904 fix) to
retrieve the automounter maps from a LDAP server (OpenLDAP 2.3.24 to be
accurate) through SSL transport. With native AIX LDAP client API
(ldap.client.* and ldap.max_crypto_client.* packages)

The very first things I did and successfully achieved are:
- set up the LDAP server for SSL, StartTLS and clear text,
- set up the AIX box to retrieve user accounts, groups and netgroups
information from clear text LDAP server,
- secure the AIX box LDAP client with SSL using the IBM GSKit stuff

Extract of my /etc/security/ldap/ldap.cfg follows:
ldapservers:A.B.C.D

binddn:cn=Unix LDAP admin,ou=Unix-rfc2307,o=Corp
bindpwd:XXXXXXXXXXXXXXXXXXXXXXXXXXXX

authtype:ldap_auth

useSSL:yes

ldapsslkeyf:/etc/security/ldap/Corp/key.kdb
ldapsslkeypwd:YYYYYYYYYYYYYYYYYYYYYYY

userattrmappath:/etc/security/ldap/2307aixuser.map
groupattrmappath:/etc/security/ldap/2307aixgroup.map

userbasednu=people,ou=Unix-rfc2307,o=Corp
groupbasednu=groups,ou=UNIX-rfc2307,o=Corp
netgroupbasednu=netgroups,ou=UNIX-rfc2307,o=Corp
automountbasednu=automount,ou=UNIX-rfc2307,o=Corp
aliasbasednu=mail-aliases,ou=UNIX-rfc2307,o=Corp


userclasses:account,posixaccount,shadowaccount,aix auxaccount,ibm-securityIdentities
groupclassesosixgroup,aixauxgroup

ldapversion:3

ldapport:389
ldapsslport:636

followaliase:SEARCHING

searchmode:ALL

defaultentrylocation:LDAP


I added the following line to my /etc/irs.conf file
automount nis_ldap files

When I start the automounter what I get as debug text is:

Aug 4 15:39:45 ssiegcegibck01 user:debug syslog: ldap is loaded
Aug 4 15:39:45 ssiegcegibck01 user:debug syslog: ldap is configured
Aug 4 15:39:45 ssiegcegibck01 user:debug syslog: automountd: using
irs.conf
Aug 4 15:39:45 ssiegcegibck01 user:debug syslog: automountd: loading
module nis_ldap
Aug 4 15:39:45 ssiegcegibck01 user:debug syslog: automountd: loading
module files
Aug 4 15:39:45 ssiegcegibck01 daemon:debug automount[237734]:
automount: using irs.conf
Aug 4 15:39:45 ssiegcegibck01 daemon:debug automount[237734]:
automount: loading map (auto_master) from nis_ldap
Aug 4 15:39:45 ssiegcegibck01 daemon:debug automount[237734]:
ldap_ssl_client_init() failed, reason = 778465792
Aug 4 15:39:45 ssiegcegibck01 daemon:debug automount[237734]:
automount: continue (auto_master,nis_ldap)
Aug 4 15:39:45 ssiegcegibck01 daemon:debug automount[237734]:
automount: loading map (auto_master) from files
Aug 4 15:39:45 ssiegcegibck01 daemon:debug automount[237734]:
automount: continue (auto_master,files)

I surely have no idea of what reason code 778465792 might be !

I tried to ldapsearch (the AIX /usr/bin one) by hand the LDAP server
over SSL using the same keyring, keyring password, bind DN and bind
password than those in ldap.cfg for the automount maps in the
automountbasedn (as in ldap/cfg), and, guess what ? It works just
fine...

So my problem seems to be on the automount side...

I tried with and without a /etc/auto_master file the problem remains,
except that with a /etc/auto_master file it starts working with locally
defined maps but stops on +auto_master line...

Any idea ? any clue ?

Thanks


Hubert Quarantel-Colombani