Very Computer

Hi,

is it true that a Solaris 9 server running DS 5.2 server cannot
be its own native LDAP client?
I.e. am I supposed to run a dedicated, user- and applicationless
server for this, or actually at least two for redundancy?

We were thinking of migrating to LDAP/DS for all naming services,
but if the above is true, it currently seems a bit blown out of
proportion for just a small group of servers.

    TIA
        Torsten

:  Hi,
:  
:  is it true that a Solaris 9 server running DS 5.2 server cannot
:  be its own native LDAP client?
:  I.e. am I supposed to run a dedicated, user- and applicationless
:  server for this, or actually at least two for redundancy?

In theory, yes.  

:  We were thinking of migrating to LDAP/DS for all naming services,
:  but if the above is true, it currently seems a bit blown out of
:  proportion for just a small group of servers.

IIRC, the major problem with the LDAP server being its own client is
that the Solaris ldap_cachemgr daemon gets rather bent out of shape
if it can't talk to the LDAP server immediately upon starting - and
the default configuration has the cache manager starting well before
Directory Server at boot time.  (NIS on the other hand started both
client and server in the same script.)

You might be able to achive a tolerable setup by inserting an init script
into the boot order immediately after Directory Server starts to restart
ldap_cachemgr, and setting nsswitch.conf on your LDAP server(s) to use
files before ldap on all services.  You'd have to investigate that, and
determine for your self if you can live with any of the potential failure
modes you might find in such a setup.

However, bear in mind that you've probably already got one or more services
in your network that could stand to run on a system that wasn't an LDAP
(or NIS) client (and probably could benifit from not having users able to
login to the machine).  DNS, DHCP, and NTP spring readily to mind.

Thanks. That explains something. I am still somewhat disappointed, though.
It appeared to me that DS is the next NIS, but it doesn't really say
anywhere in big, red flashing letters that a dedicated server is required.

Quote:> You might be able to achive a tolerable setup by inserting an init script
> into the boot order immediately after Directory Server starts to restart
> ldap_cachemgr, and setting nsswitch.conf on your LDAP server(s) to use
> files before ldap on all services.  You'd have to investigate that, and
> determine for your self if you can live with any of the potential failure
> modes you might find in such a setup.

We are paying a Sun partner PS by the hour to set up our systems. I somewhat
object to the idea of spending several thousand dollars and risking days of
downtime to figure this out. Frankly, I expect Sun to document and certify
some workable setup.

Once I get at least two Solaris machines at home, I will toy around along
the lines you indicate. It might just work.

Having seen DS 5.2, it seems nice once its working. Obviously, we're not
doing anything fancy, but we'd like to apply DS whereever possible.

Quote:> However, bear in mind that you've probably already got one or more services
> in your network that could stand to run on a system that wasn't an LDAP
> (or NIS) client (and probably could benifit from not having users able to
> login to the machine).  DNS, DHCP, and NTP spring readily to mind.

DNS, DHCP, NTP, yeah, those would be nice. We don't have those. Seriously.
I am amazed our open systems platform is working at all. OK, the PC people
have DHCP, but other than that: nothing. No NIS, no NFS, nothing.

Well, thanks ayway.