Greetings experts!!

I have configured fanout driver for Linux-Unix platforms. I have added
one SLES SP1 platform to platform set in Core Driver. Now, I am using
*Virtual Provisioning* option for provisioning users in Linux\Unix
environment. As required, we have started "Platform service Cache Daemon
(Event Journal Services memory cache)" on platform and using
*nsswitch.conf* but as expected, we should be able to login with user
available in eDir & associated with this platform set.

Now after going thru different log, I can see that users created in
eDir has been provisioned on Platform Cache. Let me share the events &
logs in Core Driver and Platform when we create any user and associate
with platform set.

Step1: User created in eDir which is under the scope of "Linux-Unix
Platform Set". Attributes as follows:

CN=tuser04
First Name=Test
Last Name=User04
gidNumber=100 (to match with default gid in Linux)
homeDirectory=/home/test001 (Not sure how to use same home directory
for multiple user. Since user is virtual, home directory is not created
by provisioning event in platform service)
loginShell=/bin/bash
uidNumber=1006
uniqueID=tuser04

After this, I can see log in Core Driver which adds tuser04 to Census
as follows:
(AUDIT LOG) 10:29:13 OBJ027I User cn=tuser04,ou=users,o=data added to
Census. aoss9891
(Operational Log)
10:20:07 EJS0041I Searching for objects with pending events for
Platform linux-fzid. aejs3985
10:29:13 OBJ120I Object Services received an event for
.tuser04.users.data. aos3432
10:29:13 OBJ105I Dispatching new event notification to Platform
linux-fzid. aoss7003
10:29:18 EJS0033I Platform linux-fzid returned prrcSuccess for
event Populate for object tuser04. aejs1616
10:29:18 EJS0035I Platform linux-fzid added association tuser04 for
object cn=tuser04,ou=Census,ou=Event Driven Objects,ou=ASAM
System,o=system. aejs3829
10:29:18 EJS0056I Updated event timestamps for platform linux-fzid.
aejs2277

The above log shows the user added in census & provisioning event has
been sent to platform "linux-fzid".

Step 2: To verify that provisioning event has been received by platform
& user added to "Platform Cache". To view the log, I have configured
platform config for debug log.
>
> [3217@485136720]: (dom) <?xml version='1.0' encoding='UTF-8'
> standalone='yes' ?>
> [3217@485136720]: (dom) <Envelope>
> [3217@485136720]: (dom) <Body>
> [3217@485136720]: (dom) <getNextPlatformEventResponse>
> [3217@485136720]: (dom) <eventType>Populate
> [3217@485136720]: (dom) </eventType>
> [3217@485136720]: (dom) <objectClass>ASAM-platformUser
> [3217@485136720]: (dom) </objectClass>
> [3217@485136720]: (dom) <dn>cn=tuser04,ou=users,o=data
> [3217@485136720]: (dom) </dn>
> [3217@485136720]: (dom) <enterpriseUserName>tuser04
> [3217@485136720]: (dom) </enterpriseUserName>
> [3217@485136720]: (dom) <associatedUIDnumber>1006
> [3217@485136720]: (dom) </associatedUIDnumber>
> [3217@485136720]: (dom) <eGroupMembership>
> [3217@485136720]: (dom) </eGroupMembership>
> [3217@485136720]: (dom) <cn>tuser04
> [3217@485136720]: (dom) </cn>
> [3217@485136720]: (dom) <gecos>
> [3217@485136720]: (dom) </gecos>
> [3217@485136720]: (dom) <gidNumber>100
> [3217@485136720]: (dom) </gidNumber>
> [3217@485136720]: (dom) <GroupMembership>
> [3217@485136720]: (dom) </GroupMembership>
> [3217@485136720]: (dom) <GUID
> xsi:type="enc:base64">ygEM1n9oRk4MhcoBDNZ/aA==
> [3217@485136720]: (dom) </GUID>
> [3217@485136720]: (dom) <homeDirectory>/home/test001
> [3217@485136720]: (dom) </homeDirectory>
> [3217@485136720]: (dom) <LoginDisabled>FALSE
> [3217@485136720]: (dom) </LoginDisabled>
> [3217@485136720]: (dom) <loginShell>/bin/bash
> [3217@485136720]: (dom) </loginShell>
> [3217@485136720]: (dom) <SecurityEquals>
> [3217@485136720]: (dom) </SecurityEquals>
> [3217@485136720]: (dom) <shadowExpire>
> [3217@485136720]: (dom) </shadowExpire>
> [3217@485136720]: (dom) <shadowFlag>
> [3217@485136720]: (dom) </shadowFlag>
> [3217@485136720]: (dom) <shadowInactive>
> [3217@485136720]: (dom) </shadowInactive>
> [3217@485136720]: (dom) <shadowLastChange>
> [3217@485136720]: (dom) </shadowLastChange>
> [3217@485136720]: (dom) <shadowMax>
> [3217@485136720]: (dom) </shadowMax>
> [3217@485136720]: (dom) <shadowMin>
> [3217@485136720]: (dom) </shadowMin>
> [3217@485136720]: (dom) <shadowWarning>
> [3217@485136720]: (dom) </shadowWarning>
> [3217@485136720]: (dom) <sn>User04
> [3217@485136720]: (dom) </sn>
> [3217@485136720]: (dom) <surname>User04
> [3217@485136720]: (dom) </surname>
> [3217@485136720]: (dom) <uidNumber>1006
> [3217@485136720]: (dom) </uidNumber>
> [3217@485136720]: (dom) <eventNumber>1
> [3217@485136720]: (dom) </eventNumber>
> [3217@485136720]: (dom) <eventTotal>1
> [3217@485136720]: (dom) </eventTotal>
> [3217@485136720]: (dom) <objectTotal>1
> [3217@485136720]: (dom) </objectTotal>
> [3217@485136720]: (dom) <objectNumber>1
> [3217@485136720]: (dom) </objectNumber>
> [3217@485136720]: (dom) </getNextPlatformEventResponse>
> [3217@485136720]: (dom) </Body>
> [3217@485136720]: (dom) </Envelope>
> [3217@485136720]: (asam_platrcvr) PlatformReceiver_getPlatformEvent:
> user=<tuser04>, hex=<74757365723034>
> [3217@485136720]: (asam_platrcvr) PlatformReceiver_markEventProcessed:
> returning success
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: Got Event
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: EVENTTYPE
> = Populate
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> OBJECTCLASS = ASAM-platformUser
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: DN =
> cn=tuser04,ou=users,o=data
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> ENTERPRISEUSERNAME = tuser04
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> ASSOCIATEDUIDNUMBER = 1006
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> EGROUPMEMBERSHIP =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: CN =
> tuser04
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: GECOS =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: GIDNUMBER
> = 100
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> GROUPMEMBERSHIP =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: GUID =
>  hFN  h
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> HOMEDIRECTORY = /home/test001
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> LOGINDISABLED = FALSE
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: LOGINSHELL
> = /bin/bash
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> SECURITYEQUALS =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> SHADOWEXPIRE =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: SHADOWFLAG
> =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> SHADOWINACTIVE =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> SHADOWLASTCHANGE =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: SHADOWMAX
> =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: SHADOWMIN
> =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> SHADOWWARNING =
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: SN =
> User04
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: SURNAME =
> User04
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: UIDNUMBER
> = 1006
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> EVENTNUMBER = 1
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: EVENTTOTAL
> = 1
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> OBJECTTOTAL = 1
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent:
> OBJECTNUMBER = 1
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: User
> Event
> [3217@485136720]: (asam_platserv) processCacheReceiverEvent: Populate
>


Above log in /usr/local/ASAM/debug.txt suggests me that provisioning
event has been received from Core driver & user has been added
successfully to Platform Cache (Event Journal Services memory cache).
But still, when I try to login on platform with user tuser04, it says no
user found.
> su: user tuser04 does not exist


I guess, authentication request is not redirected properly to
authenticate from cache daemon. To verify this fact, I created local
user in linux test001 and allowed me to login successfully with this
user. As per nsswitch & asamplat configuration, platform should not
allow to login except default special account until we specify
IGNORESTANDARDEXCLUDES configuration statement in asamplat.conf.

Default nsswitch.conf has only following difference (compared with
backup nsswitch.conf):
>
> # passwd: files nis
> # shadow: files nis
> # group: files nis
>
> passwd: compat ascauth
> group: compat ascauth
>


My platform receiver service (asamps) is running. I am sure, either
missing some configuration on nsswitch.conf or on asamplat.conf.
Also, how could I see platform cache to see available users?
What are the steps to configure virtual provisioning using platform
cache daemon?
What are the mandatory attributes required when created user from
eDir?
I am not able to see any event in platform logs for any authentication
request for tuser04?

I hope this analysis would help to zeroing the issue in platform for
fan-out.


--
rajeshemailto
------------------------------------------------------------------------
rajeshemailto's Profile: https://forums.netiq.com/member.php?userid=196
View this thread: https://forums.netiq.com/showthread.php?t=2910