Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1614531.1
Update Date:2016-11-02
Keywords:
Solution Type  Problem Resolution Sure

Solution  1614531.1 :   Sun Storage 7000 Unified Storage System: How to Configure Anonymous LDAP Authentication  

Related Items 
    

  • Sun ZFS Storage 7320
    •  
  • Sun Storage 7210 Unified Storage System
    •  
  • Oracle ZFS Storage ZS3-2
    •  
  • Sun Storage 7410 Unified Storage System
    •  
  • Oracle ZFS Storage ZS3-4
    •  
  • Sun ZFS Storage 7420
    •  
  • Sun Storage 7310 Unified Storage System
    •  
  • Sun Storage 7110 Unified Storage System
    •  
  • Sun ZFS Storage 7120
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: 7xxx NAS
    •  






In this Document


Symptoms


Changes


Cause


Solution


References

Created from <SR 3-8235991171>


Applies to:  

Sun Storage 7410 Unified Storage System - Version All Versions to All Versions [Release All Releases]
Sun Storage 7110 Unified Storage System - Version All Versions to All Versions [Release All Releases]
Sun Storage 7210 Unified Storage System - Version All Versions to All Versions [Release All Releases]
Sun Storage 7310 Unified Storage System - Version All Versions to All Versions [Release All Releases]
Sun ZFS Storage 7120 - Version All Versions to All Versions [Release All Releases]
7000 Appliance OS (Fishworks)



Symptoms


After upgrading from  2011.04.24.7.0,1-1.38  to  2013.06.05.1.0,1-1.5,  LDAP service fails to start


 




In  /var/ldap/cachemgr.log, there are messages such as:


Fri Dec 13 14:25:35.1581        detachfromtty(): child failed (rc = 255).
Fri Dec 13 14:26:56.6581        Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log
Fri Dec 13 14:26:56.6968        Error: Unable to read '/var/ldap/ldap_client_file': Configuration Error: No entry for 'NS_LDAP_BINDDN' found


when using anonymous connection to LDAP.




 


Changes


 Upgrade from 2011.04.24.7.0,1-1.38 to 2013.06.05.1.0,1-1.5


 


Cause


There appears to be two forms of anonymous authentication:

 LDAP 'anonymous' connections either mean:


    1) Create an LDAP connection [skip all bind operations] perform first request


or


    2) Create an LDAP connection [perform a a simple or sasl/simple bind  operation with no DN (DN=NULL) and no password credentials (passwd=NULL)]
           assuming  the bind operation succeeds, then perform the first search request.


 


The appliance can follow either method, and how this is configured depends to some extent on how the LDAP server is configured.


It would seem that the BUI is not as clear as it might be in this respect.


 


Solution


1.  Select a bind credential level of 'Proxy'


2.  Enter 'dummy' data into DN 'o=none' and a 'dummy' password


3.  Reselect a bind credential level of 'Anonymous'


 


NOTE: For Appliance Release version AK 8.5.0 / 2013.1.5.0 or later, selecting anonymous LDAP authentication now works correctly without the above proxy setting workaround.


 


References
 <BUG:16416898> - LDAP SERVER FAULTED WHEN ANONYMOUS IS SELECTED AND NO SETTING IN PROXY::DN



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback