Solaris 10′s native LDAP client and an OpenLDAP server

July 29, 2009 in Blog

After plenty of hours of trying to figure out why it was that Sun’s native LDAP client wouldn’t talk to my OpenLDAP server I decided to call support. I had been through just about every Google result I could read and still got nowhere.

It turns out that when you use the native client you’re required to make some security concessions. The LDAP client’s config files exist only to tell it what server to initially try to connect to. The server it initially connects to MUST allow non-TLS queries to get some session information from the directory. The session information has to be in a specific form, and contain specific information.

I don’t have time for a proper tutorial right now, but I will post the document Sun sent to me.

Using Sun’s native LDAP client or OpenLDAP’s client to query an OpenLDAP server on Solaris 10

The Scoop on FreeBSD & iSCSI (Currently)

July 17, 2009 in Blog

Please see the update to this post

As A Target (Server)

The only available iSCSI target software in FreeBSD is the /net/iscsi-target port. This is the iSCSI target from OpenBSD and is absolutely not suitable for production use (or even most non-production uses).

Problems I’ve come across:

  • Does not support CHAP.
  • Will not allow multiple connections to the same target (LUN). This is useful in the case of VMWare ESX/ESXi.
  • Cannot rehash configuration file. If you add/remove a target you must restart the daemon completely, ending all current connections.

As An Initiator (Client)

The iSCSI initiator in FreeBSD 7.2 (currently) suffers from many issues. These issues prevent it from being suitable for production use. There is, however, a newer version of the iscsi_initiator kernel module shipping in 8.0-BETA1 and the -current branch (HEAD). By nature these versions of the FreeBSD operating system are not suitable for production use.

Problems I’ve come across in FreeBSD 7.2:

  • No official documentation. While it is a simple configuration, you have to find procedures strewn about the web.
  • Poor performance without tags tweak. I achieved no better than 2MB/s transfer rate without setting tags = 256 in iscsi.conf.
  • No rc scripts. Devices must be attached after boot by admin or cron.
  • System lockups under loads. Copying files to the iSCSI array via gigabit has repeatedly locked the system up. To test I copied the files from a local disk to the array and had the same result.

Problems I’ve come across in FreeBSD 8.0-BETA2:

  • It includes an updated version, but it just flat out doesn’t work. When attaching the target with iscontrol -n targetname the iscontrol process hangs forever and cannot be killed with a -9.
  • Still no rc scripts of any kind.

Comments are welcome.

Copyright © 2009 Christopher J. Umina - Powered by WordPress - Portfolio WordPress Theme by ThemeShift.com.