Unix/Linux Go Back    


Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle.

LDAP broke after patching

Solaris


Tags
solved

Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 05-19-2017   -   Original Discussion by ron323232
ron323232 ron323232 is offline
Registered User
 
Join Date: May 2017
Last Activity: 20 May 2017, 10:36 PM EDT
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
LDAP broke after patching

Greetings...My first post here...
I am facing issue on a x86 Solaris server, running on VMWare. We have to install latest patch cluster. I took a snapshot (on VMWare side), so we have backup copy. Downloaded and installed latest patch cluster. Post patching, I am not able to login on server with any non-root user (LDAP user). Since, this server is not in support, I an not expect Oracle's help on this. I am not sure, which patch broke authentication mechanism.
In second attempt, I restored snapshot and this time I commented "possible culprit" patches in patch_order as below

Code:
cat 10_x86_Recommended.README | egrep -i "tls|pam|ssl|java|ldap"
120100-08
148072-19
151913-09
121212-02
122471-03
138767-01
141105-04
144910-03
147674-11
148050-04
148694-01
150120-04
150546-02
151915-07
152078-51
152079-51
152098-41
152099-41
152101-31

I applied patch cluster and it again came in same state.

Code:
From /var/adm/messages :-
May 19 14:02:46 ngtdr-zonemgr2-data ldap_cachemgr[221]: [ID 293258 daemon.warning] libsldap: Status: 91  Mesg: openConnection: simple bind failed - Can't connect to the LDAP server
May 19 14:02:46 ngtdr-zonemgr2-data ldap_cachemgr[221]: [ID 293258 daemon.warning] libsldap: Status: 91  Mesg: openConnection: simple bind failed - Can't connect to the LDAP server
May 19 14:02:46 ngtdr-zonemgr2-data ldap_cachemgr[221]: [ID 545954 daemon.error] libsldap: makeConnection: failed to open connection to npsec-est-wks1.acme.com
May 19 14:02:46 ngtdr-zonemgr2-data ldap_cachemgr[221]: [ID 545954 daemon.error] libsldap: makeConnection: failed to open connection to npsec-wst-wks1.acme.com

-bash-3.2# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=ngtdr-zonemgr2,ou=Hosts,dc=pre,dc=acme,dc=com
NS_LDAP_BINDPASSWD= {NS1}a1a2a3a4a5a6a7a8a9a10a11a11
NS_LDAP_SEARCH_BASEDN= dc=pre,dc=acme,dc=com
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= npsec-wst-wks1.acme.com, npsec-est-wks1.acme.com
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= ngtdr-zonemgr2
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Group,?one?
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,?one?
NS_LDAP_SERVICE_SEARCH_DESC= netgroup:ou=netgroup,?one?
NS_LDAP_SERVICE_SEARCH_DESC= sudoers:ou=sudoers,?one?
NS_LDAP_SERVICE_SEARCH_DESC= user_attr:ou=People,?one?
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,?one?isMemberOf=cn=ngtdr-zonemgr2,ou=hosts,dc=pre,dc=acme,dc=com
NS_LDAP_BIND_TIME= 10
-bash-3.2# ldaplist
ldaplist: Object not found (Session error no available conn.
)
-bash-3.2#

I am not able to figure out, which patch is creating this problem so I can exclude that. Can somebody help me with this troubleshooting

Thanks in advance

Last edited by Scrutinizer; 05-20-2017 at 02:32 AM.. Reason: Anonymized data
Sponsored Links
    #2  
Old Unix and Linux 05-20-2017   -   Original Discussion by ron323232
Scrutinizer's Unix or Linux Image
Scrutinizer Scrutinizer is offline Forum Staff  
Moderator
 
Join Date: Nov 2008
Last Activity: 23 November 2017, 3:53 PM EST
Location: Amsterdam
Posts: 11,626
Thanks: 518
Thanked 3,382 Times in 2,981 Posts
Not a direct answer to your question,

Perhaps after the client upgrade, a ssl/tls protocol version that was previously being used to communicate with the server, became obsolete, so it is forced to use a newer protocol.
  • Perhaps the server does not speak the newer protocol, or
  • The server certificate is not installed for the newer protocol.
  • The client needs to update to a newer root certificate..

Just a few loose thought..
Sponsored Links
    #3  
Old Unix and Linux 05-20-2017   -   Original Discussion by ron323232
hicksd8 hicksd8 is offline Forum Staff  
Moderator
 
Join Date: Feb 2012
Last Activity: 23 November 2017, 2:11 PM EST
Location: Devon, UK
Posts: 1,607
Thanks: 232
Thanked 399 Times in 337 Posts
Which Solaris version is it?

This documentation from Oracle for Solaris 5.10 says (further down the page) that the X86 patch number is 150378.

https://getupdates.oracle.com/readme/README.150377-05

https://getupdates.oracle.com/readme/150378-04

Last edited by hicksd8; 05-20-2017 at 01:33 PM..
    #4  
Old Unix and Linux 05-20-2017   -   Original Discussion by ron323232
ron323232 ron323232 is offline
Registered User
 
Join Date: May 2017
Last Activity: 20 May 2017, 10:36 PM EDT
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
It is Solaris 10 x86 version. To avoid installing those packages, I commented below patches.

Code:
cat 10_x86_Recommended.README | egrep -i "tls|pam|ssl|java|ldap"

But it seems they are not culprit. It is some other patch(es), which is making these changes. Tried checking ssh too. 148105-23 is part of patch cluster, but was never installed. It was already there on server since long time, so it was skipped.

Code:
-bash-3.2# cat /var/tmp/10_x86_Recommended/10_x86_Recommended.README | grep ssh
148105-23  Obsoleted by: 148105-24 SunOS 5.10_x86: last, ssh/sshd patch
-bash-3.2# ls -l /var/sadm/patch/ | grep 148105
drwxr-xr-x   2 root     root           6 Aug 20  2014 148105-11
-bash-3.2#

150378 is not part of patch cluster.
I am trying to find from README, which more patches can be culprit. I am also assuming that it is not direct patch, but may be some patch is modifying any library (such as pam), which is breaking it.
-----------------------------------------------------------------------------
Its solved. It was 119214-33 patch, which created this issue. If somebody can guide me, what could have the issue, it would be good learning.

Code:
-bash-3.2# cat /var/tmp/10_x86_Recommended/10_x86_Recommended.README | grep 119214-33
119214-33  NSS_NSPR_JSS 3.21_x86: NSPR 4.11 / NSS 3.21 / JSS 4.3.2
-bash-3.2#


Last edited by ron323232; 05-20-2017 at 10:17 PM..
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
LDAP Client not connecting to LDAP server solaris_1977 Solaris 9 01-20-2017 09:45 AM
Ssh connection broke after patching solaris_1977 Solaris 1 07-27-2014 07:45 PM
disks broke? kvanelshocht AIX 8 12-14-2006 08:41 PM
I think I broke it.... xyyz UNIX for Dummies Questions & Answers 3 10-01-2001 08:17 AM



All times are GMT -4. The time now is 11:35 PM.