Re: solaris 9 and openldap

[Greg Matthews <gmatt@nerc.ac.uk>]

I've used native Solaris modules for a couple of reasons - 
1. pragmatic, Sun are bound to change something in the next release and
sticking with native stuff is probably safer in this respect
2. problematic, I never managed to get PADL stuff to work properly on
Solaris altho I came close before I discovered that 1 was possible.
3. encryption, sol9 and sol8 (with patch 118993) can use tls encryption

I've finally got it working well with OpenLDAP running on a Sol9 server
and Sol8 Sol9 and Linux clients. TLS isnt mandatory but once you've got
simple auth working its good to encrypt everything.

I'm currently writing up my notes on this and will post to the list when
they are complete. Scan the archives for lots of good advice too.

schema - yes solaris uses some schema that have to be included in the
slapd.conf but its very simple:
include <schema.file>

good luck

GREG

On Mon, 2003-07-07 at 16:22, jehan procaccia wrote:
> hello,
> 
> I am trying to authenticate a solaris 9 client station to an openldap 
> server 2.1.22.
> I've seen lots of howto/threads on the net, but most are related to 
> solaris 8, and I wonder/hope that things get simpler with solaris 9 !
> 
> -1st, which way to go -> use solaris 9 native ldap command and tools 
> (ldapclient manual, ldap_cachemgr ...), or use self compile and install 
> tools from padl (nss and pam ldap) ?
> -2nd, I've read a lot about adding schema definition to openldap in 
> order to accept solaris client authentification, is it still mandatory 
> to do it ?
> http://www.ypass.net/solaris8/openldap/openldap-2.0.8-solaris8.patch.gz
> 
> http://www.ypass.net/solaris8/openldap/nisschema.html
> 
> -3rd, can I first start without TLS/SSL binds, I just want to start with 
> a simple configuration, TLS/SSL are mandatory ?
> 
> Thanks to let me know which way to go.
-- 
Greg Matthews
iTSS Wallingford	01491 692445