Am 07.10.2011 23:58, schrieb NetNinja:
Ok that's good to know. I was reading in the book "Solaris 10 System Administration Essential" and it says on pg 365 that the openldap server needs to be patched so that the ldapclient init utility will configure properly.
Do you happen to remeber how you setup the Solaris Native client? This my current issue, I installed openldap on a RHEL 5.5 server and have all the Linux servers working with the ldap server but the Solaris servers won't let me login as a ldap user. I can do a ldapsearch, id, getent and get info on ldap users. I am in the process of troubleshooting the issue and I'm not sure what I'm doing wrong? My setup is very basic, no TLS, uatomount or replication. I will add these later when I know what i'm doing.
Anyway thanks for your help. If you have any advice on ldapclient setup let me know.
On Fri, Oct 7, 2011 at 3:41 PM, Christian Manal <moenoel@informatik.uni-bremen.de mailto:moenoel@informatik.uni-bremen.de> wrote:
Am 07.10.2011 20:25, schrieb NetNinja: > Hello, > I have been reading up on OpenLDAP. I have installed it on RHEL 5.5 but > I have seen documention saying that openldap needs to be patched to work > with Solaris. Can someone tell me if this still the case and if so where > to get the patch. If not any info you can provide wold be great. > > Thanks > > Hi, I've been running OpenLDAP on Solaris 10 for years now. It works out of the tarball, no patches needed. Regards, Christian Manal
Here's an example of an ldapclient invocation that works for me:
ldapclient manual \ -a authenticationMethod="tls:simple" \ -a credentialLevel="proxy" \ -a defaultSearchBase="dc=example,dc=org" \ -a defaultSearchScope="sub" \ -a defaultServerList="ldap1.example.org,ldap2.example.org" \ -a domainName="example.org" \ -a preferredServerList="ldap1.example.org,ldap2.example.org" \ -a serviceSearchDescriptor="passwd:ou=People,dc=example,dc=org" \ -a serviceSearchDescriptor="group:ou=Group,dc=example,dc=org" \ -a serviceSearchDescriptor="netgroup:ou=Netgroup,dc=example,dc=org" \ -a serviceSearchDescriptor="auto_home:ou=auto_home,ou=Mounts,dc=example,dc=org" \ -a attributeMap="auto_home:automountMapName=ou" \ -a attributeMap="auto_home:automountKey=cn" \ -a proxyDN="uid=proxyauth,ou=people,dc=example,dc=org" \ -a proxyPassword="foobar"
Before you invoke that, you need to modify /etc/nsswitch.ldap to your needs (ldapclient will copy that to /etc/nsswitch.conf). You also need to put your TLS certs into /var/ldap in NSS format (you can generate/convert them with certutil[1]) and edit /etc/pam.conf for LDAP authentication.
Regards, Christian Manal
[1] http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html