Lookup Too Slow

The LDAP database relies on indexes to improve the performance. A major performance degradation occurs when indexes are not configured properly. As part of the documentation, we have provided a common set of attributes that should be indexed. You can also add your own indexes to improve performance at your site.

`ldapclient` Cannot Bind to Server

ldapclient failed to initialize the client when using the init profile option. There are several possible reasons for this failure.

The incorrect domain name was specified on the command line.
nisDomain attribute is not set in the DIT to represent the entry point for the specified client domain.
Access control information is not set up properly on the server, thus disallowing anonymous search in the LDAP database.
Incorrect server address passed to the ldapclient command. Use ldapsearch(1) to verify the server address
Incorrect profile name passed to the ldapclient command. Use ldapsearch(1) to verify the profile name in the DIT.
Use snoop(1M) on the client's network interface to see what sort of traffic is going out, and determine to which server it is talking.

Using `ldap_cachemgr` for Debugging

Usingldap_cachemgr with the --g option can be a useful way to debug, as you can view the current client configuration and statistics. For example,

#ldap_cachemgr --g

would print current configuration and statistics to standard output, including the status of all LDAP servers, as mentioned previously. Note that you do not need to become superuser to execute this command.

`ldapclient` Hangs During Setup

If the ldapclient command hangs, hitting Ctrl-C will exit after restoring the previous environment. If this happens, check with the server administrator to make sure the server is running.

Also check the server list attributes on either the profile or the command line and make sure the server information is correct.

Frequently Asked Questions

Can I use LDAP naming services with Older Solaris Releases?

Currently, LDAP is only supported in Solaris 8 and Solaris 9. For differences between the two see "New LDAP Naming Service Features for Solaris 9".

What are the DIT Default Locations in Solaris LDAP Naming Services?

See "Default Directory Information Tree (DIT)".


17. Troubleshooting Configuration Problems and Solutions Login Does Not Work


	Lookup Too Slow The LDAP database relies on indexes to improve the performance. A major performance degradation occurs when indexes are not configured properly. As part of the documentation, we have provided a common set of attributes that should be indexed. You can also add your own indexes to improve performance at your site. `ldapclient` Cannot Bind to Server `ldapclient` failed to initialize the client when using the `init` profile option. There are several possible reasons for this failure. The incorrect domain name was specified on the command line. `nisDomain` attribute is not set in the DIT to represent the entry point for the specified client domain. Access control information is not set up properly on the server, thus disallowing anonymous search in the LDAP database. Incorrect server address passed to the `ldapclient` command. Use `ldapsearch`(1) to verify the server address Incorrect profile name passed to the `ldapclient` command. Use `ldapsearch`(1) to verify the profile name in the DIT. Use `snoop`(1M) on the client's network interface to see what sort of traffic is going out, and determine to which server it is talking. Using `ldap_cachemgr` for Debugging Using`ldap_cachemgr` with the `--g` option can be a useful way to debug, as you can view the current client configuration and statistics. For example, #`ldap_cachemgr --g` would print current configuration and statistics to standard output, including the status of all LDAP servers, as mentioned previously. Note that you do not need to become superuser to execute this command. `ldapclient` Hangs During Setup If the `ldapclient` command hangs, hitting Ctrl-C will exit after restoring the previous environment. If this happens, check with the server administrator to make sure the server is running. Also check the server list attributes on either the profile or the command line and make sure the server information is correct. Frequently Asked Questions Can I use LDAP naming services with Older Solaris Releases? Currently, LDAP is only supported in Solaris 8 and Solaris 9. For differences between the two see "New LDAP Naming Service Features for Solaris 9". What are the DIT Default Locations in Solaris LDAP Naming Services? See "Default Directory Information Tree (DIT)".