[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: solaris 9 ldap client with tls?
Hi Brian...
yes this *is* possible, I am just in the process of doing this myself
and ironing out a few wrinkles. So far I have demonstrated that Sol9
will authenticate to openldap using tls:simple and a proxy and with its
own client software. You can also store the solaris profiles on
openldap. (thanks to list members who've helped me with this).
I intend to write a brief summary of what I did just as soon as I've got
objectclass and attribute matching sorted out.
GREG
On Wed, 2003-06-25 at 16:53, Brian K. Jones wrote:
> Is there ANY authoritative documentation out that concretely describes
> the process of getting solaris 9 to:
>
> a) be an openldap client for user/passwd/group information and
>
> b) use tls and
>
> c) make changes to the /var/ldap/ldap_client_file using ldapclient, and
>
> d) have those changes actually take affect?
>
> My entire department is ready to move to LDAP, the Linux boxes all work
> flawlessly, and the Sun boxes seem inadequately documented for getting
> them set up as OpenLDAP clients using TLS.
>
> I've seen the 'bolthole' document, which is really for Solaris 8, and
> I've seen plenty of other frustrated posts with no real answers that
> help me. The impression I'm getting now is that:
>
> a) you can't do an anonymous bind from Solaris 9 to OpenLDAP and use
> TLS, which means:
>
> b) you MUST create a proxy user especially for Solaris 9 clients, and
>
> c) you would then use ldapclient in 'manual' mode and pass the password
> to the program in clear text on the command line.
>
> I'm completely confused by this. This is not a complex process. I must
> be missing something. Please help.
--
Greg Matthews
iTSS Wallingford 01491 692445