OpenSolaris

Printable Version Enter a New Search
Bug ID 4510686
Synopsis idsconfig does not handle LDAP servers with multiple suffixes well
State 10-Fix Delivered:Verified (Fix available in build)
Category:Subcategory ldap:tools
Keywords rtiq_reviewed
Responsible Engineer Serge Dussud
Reported Against 5.1 , s28_00 , s81_46 , s9u1_01 , s9u1_06
Duplicate Of
Introduced In solaris_9
Commit to Fix s10_46
Fixed In s10_46
Release Fixed solaris_10(s10_46)
Related Bugs 4640949
Submit Date 4-October-2001
Last Update Date 24-April-2007
Description 
When idsconfig is run against an LDAP server with multiple suffixes, after all the information is entered, the following error is reported:
ERROR: Can not determine the top of tree

The error is cryptic and gives the user no idea what to do
Work Around 
 xxxxx@xxxxx.com 2003-11-04

The following workaround implies modifying the file
/usr/lib/ldap/idsconfig. Please note that:
* There will be NO SUPPORT for the modified /usr/lib/ldap/idsconfig script
* Customers who plan to use this workaround, have to do this on their own risk. 
* Ensure the PATH environment variable contains the directory
  "/usr/bin" as the first directory in it's list.
  example:
  # echo $PATH
  /usr/bin:... etc. ...
  ...

The workaround itself is made of 2 steps:

1. finding out the existing naming contexts managed by the LDAP server. 
This might be done using the ldapsearch(1) command, e.g.:
/usr/bin/ldapsearch -h <hostname> -p <port> \  
    -D "cn=directory manager" -w <password> \ 
    -b "" -s base objectclass=* | /usr/bin/grep namingContexts

The output will look like:
namingContexts=o=NetscapeRoot
namingContexts=o=<any_string_for_this_organization>
namingContexts=dc=<any_string_for_this_domain>


2. select the appropriate naming context and edit the file
/usr/lib/ldap/idsconfig to add the command 
`grep -i <selected_naming_context>` as pipe behind the 
command `grep -i -v NetscapeRoot` in the section of code 
you'll see below.

The example here assumes there do already exist the 
namingcontext dc=sample_domain1 in then LDAP server's 
database.

discover_serv_info()
{
    [ $DEBUG -eq 1 ] && echo "In discover_serv_info()"

    # Search the server for the TOP of the TREE.
    ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" >
${TMPDIR}/checkTOP 2>&1
    grep -i namingcontexts ${TMPDIR}/checkTOP | \ 
        grep -i -v NetscapeRoot |         grep -i dc=sample_domain1 > ${TMPDIR}/treeTOP
    NUM_TOP=`wc -l ${TMPDIR}/treeTOP | awk '{print $1}'`
    if [ $NUM_TOP -ne 1 ]; then
        echo "ERROR: Can not determine the top of tree"
        exit 1
    fi
    LDAP_TREETOP=`cat ${TMPDIR}/treeTOP | cut -f2- -d='`

    [ $DEBUG -eq 1 ] && echo "  LDAP_TREETOP = $LDAP_TREETOP"
}
Comments 
N/A