AIX 5.3 bind to OPENLDAP

AIX openldap oil and water ... not quite

 Adding aix client to openldap 

 on cd 4 you will find the ldap.client install them i the usual way

lslpp  -L |grep -i ldap  

ldap.client.adt            5.2.0.0    C     F    Directory Client SDK
ldap.client.rte            5.2.0.0    C     F    Directory Client Runtime (N


now attempt a bind :

mksecldap -c -h ldap.sus.local -a "cn=Manager,dc=sus,dc=local" -p password -X "cn=proxyagent,ou=profile,dc=sus,dc=local" -X proxypassword -A ldap_auth -d "dc=sus,dc=local" -n 389
 

Cannot find the group base DN from the ldap server.

basically the openldap schema needs to be extended to allow aix clients to bind

threre was a download from ibm for Netscape ldap .. but that was in the wrong format .. after a long search i found a post from Pat Vaughan

add the rfc2307aix.schema from Pat Vaughan's site  (mirror here ) to your slapd.conf , restart and add the following ldif :

dn: cn=aixu,ou=groups,dc=sus,dc=local
objectClass: aixAuxGroup
objectClass: top
objectClass: posixGroup
cn: aixu
gidNumber:<someguid>

isAdministrator: false
memberUid: <someuser>


or add the aixAuxGroup objectclass to an existing group

now the bind should work :

mksecldap -c -h ldap.sus.local -a "cn=Manager,dc=sus,dc=local" -p password -X "cn=proxyagent,ou=profile,dc=sus,dc=local" -X proxypassword -A ldap_auth -d "dc=sus,dc=local" -n 389

lsldap

lsldap

dn: ou=profile,dc=sus,dc=local

dn: ou=People,dc=sus,dc=local

dn: ou=policies,dc=sus,dc=local

dn: nisMapName=auto_master,dc=sus,dc=local

dn: nisMapName=auto_home,dc=sus,dc=local

dn: nisMapName=auto_data,dc=sus,dc=local

dn: ou=groups,dc=sus,dc=local

lsldap passwd

lsldap passwd
dn: uid=sirbob,ou=People,dc=sus,dc=local

dn: uid=poshpaws,ou=People,dc=sus,dc=local

dn: uid=caroline,ou=People,dc=sus,dc=local

dn: uid=anya,ou=People,dc=sus,dc=local

dn: uid=tove,ou=People,dc=sus,dc=local

dn: uid=nathaniel,ou=People,dc=sus,dc=local


IBM supplied Non-IBM ldap files


schema and map files to allow non ibm ldap server to serve aix clients

non-IBM_LDAP.zip