Can a Solaris 9 server running DS 5.2 server be its own native LDAP client?

Can a Solaris 9 server running DS 5.2 server be its own native LDAP client?

Post by Torsten Ki » Sat, 13 Sep 2003 06:49:06


Hi,

is it true that a Solaris 9 server running DS 5.2 server cannot
be its own native LDAP client?
I.e. am I supposed to run a dedicated, user- and applicationless
server for this, or actually at least two for redundancy?

We were thinking of migrating to LDAP/DS for all naming services,
but if the above is true, it currently seems a bit blown out of
proportion for just a small group of servers.

TIA
Torsten
 
 
 

Can a Solaris 9 server running DS 5.2 server be its own native LDAP client?

Post by Mike Delan » Sat, 13 Sep 2003 09:14:41

On Thu, 11 Sep 2003 23:49:06 +0200 in <3f60ef59$ XXXX@XXXXX.COM >,
XXXX@XXXXX.COM said something similar to:
: Hi,
:
: is it true that a Solaris 9 server running DS 5.2 server cannot
: be its own native LDAP client?
: I.e. am I supposed to run a dedicated, user- and applicationless
: server for this, or actually at least two for redundancy?

In theory, yes.

: We were thinking of migrating to LDAP/DS for all naming services,
: but if the above is true, it currently seems a bit blown out of
: proportion for just a small group of servers.

IIRC, the major problem with the LDAP server being its own client is
that the Solaris ldap_cachemgr daemon gets rather bent out of shape
if it can't talk to the LDAP server immediately upon starting - and
the default configuration has the cache manager starting well before
Directory Server at boot time. (NIS on the other hand started both
client and server in the same script.)

You might be able to achive a tolerable setup by inserting an init script
into the boot order immediately after Directory Server starts to restart
ldap_cachemgr, and setting nsswitch.conf on your LDAP server(s) to use
files before ldap on all services. You'd have to investigate that, and
determine for your self if you can live with any of the potential failure
modes you might find in such a setup.

However, bear in mind that you've probably already got one or more services
in your network that could stand to run on a system that wasn't an LDAP
(or NIS) client (and probably could benifit from not having users able to
login to the machine). DNS, DHCP, and NTP spring readily to mind.

 
 
 

Can a Solaris 9 server running DS 5.2 server be its own native LDAP client?

Post by Torsten Ki » Thu, 18 Sep 2003 05:15:28

"Mike Delaney" < XXXX@XXXXX.COM > skrev i melding



Thanks. That explains something. I am still somewhat disappointed, though.
It appeared to me that DS is the next NIS, but it doesn't really say
anywhere in big, red flashing letters that a dedicated server is required.


We are paying a Sun partner PS by the hour to set up our systems. I somewhat
object to the idea of spending several thousand dollars and risking days of
downtime to figure this out. Frankly, I expect Sun to document and certify
some workable setup.

Once I get at least two Solaris machines at home, I will toy around along
the lines you indicate. It might just work.

Having seen DS 5.2, it seems nice once its working. Obviously, we're not
doing anything fancy, but we'd like to apply DS whereever possible.


DNS, DHCP, NTP, yeah, those would be nice. We don't have those. Seriously.
I am amazed our open systems platform is working at all. OK, the PC people
have DHCP, but other than that: nothing. No NIS, no NFS, nothing.

Well, thanks ayway.