Hey all, I am trying to get a Solaris 10 client to authenticate to our OpenLDAP (2.3.43) server, which was built on Red Hat 5.7. Linux clients (RHEL 4,5 and 6, and Oracle 5.7) authenticate without issue. I think it may be a simple misconfiguration but I am really not a Solaris person at all. Would someone be willing to send an ldapclient list to me? I would really appreciate it. Steps I have taken:
1. Imported the SSL cert according to Oracle's instructions
2. Made the 3 files cert8, keys3, and secmod readable to everyone with chmod 444 My current ldapclient list looks like this: LDAP_CLIENT_FILE_VERSION= 2.0 NS_LDAP_BINDDN= cn=admin,dc=prod,dc=ourdomain,dc=com NS_LDAP_BINDPASSWD={NS1}ourpassword NS_LDAP_SERVERS=oly-infra-ldap1 (this is how the name appears on the cert, it is in the hosts file) NS_LDAP_SEARCH_BASEDN=dc=prod,dc=ourdomain,dc=com NS_LDAP_AUTH=tls:simple NS_LDAP_CACHETTL=0 NS_LDAP_CREDENTIAL_LEVEL=proxy NS_LDAP_SERVICE_AUTH_METHOD=pam_ldap:tls:simple NS_LDAP_HOST_CERTPATH=/var/ldap
Any help would be greatly appreciated.
Sara Kline System Administrator Transaction Network Services, Inc 4501 Intelco Loop, Lacey WA 98503 Wk: (360) 493-6736 Cell: (360) 280-2495
________________________________ This e-mail message is for the sole use of the intended recipient(s)and may contain confidential and privileged information of Transaction Network Services. Any unauthorised review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
This my setup. I don't have SSL, auto mount, and repliction setup yet.
bash-3.00# ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_BINDDN= uid=proxyagent,ou=People,dc=test,dc=net NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411 NS_LDAP_SERVERS= 10.0.0.2:389 NS_LDAP_SEARCH_BASEDN= dc=test,dc=net NS_LDAP_SERVER_PREF= 10.0.0.2 NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= proxy NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=test,dc=net NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Group,dc=test,dc=net NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=test,dc=net NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple
It took me longer to setup the Solaris LDAP client then installing and configuring OpenLDAP on the RHEL 5. I hope this helps.
On Thu, Mar 29, 2012 at 1:55 PM, Kline, Sara SKline@tnsi.com wrote:
Hey all,
I am trying to get a Solaris 10 client to authenticate to our OpenLDAP (2.3.43) server, which was built on Red Hat 5.7. Linux clients (RHEL 4,5 and 6, and Oracle 5.7) authenticate without issue. I think it may be a simple misconfiguration but I am really not a Solaris person at all. Would someone be willing to send an ldapclient list to me? I would really appreciate it. Steps I have taken:
1. Imported the SSL cert according to Oracle’s instructions
2. Made the 3 files cert8, keys3, and secmod readable to everyone with chmod 444
My current ldapclient list looks like this:
LDAP_CLIENT_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=admin,dc=prod,dc=ourdomain,dc=com
NS_LDAP_BINDPASSWD={NS1}ourpassword
NS_LDAP_SERVERS=oly-infra-ldap1 (this is how the name appears on the cert, it is in the hosts file)
NS_LDAP_SEARCH_BASEDN=dc=prod,dc=ourdomain,dc=com
NS_LDAP_AUTH=tls:simple
NS_LDAP_CACHETTL=0
NS_LDAP_CREDENTIAL_LEVEL=proxy
NS_LDAP_SERVICE_AUTH_METHOD=pam_ldap:tls:simple
NS_LDAP_HOST_CERTPATH=/var/ldap
Any help would be greatly appreciated.
Sara Kline
System Administrator
Transaction Network Services, Inc
4501 Intelco Loop, Lacey WA 98503
Wk: (360) 493-6736
Cell: (360) 280-2495
This e-mail message is for the sole use of the intended recipient(s)and may contain confidential and privileged information of Transaction Network Services. Any unauthorised review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
openldap-technical@openldap.org