[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Solaris 9 with Openldap and TLS

Adrian Quek wrote:


I've been trying to get Solaris 9 to talk to openldap (2.0.23) on a RedHat 7.3 server with TLS and I've managed to get authentication working with the native pam_ldap provided by Solaris 9.

"Me too!" That's my exact situation. But I'm having a different problem. Not to dilute your thread...
How did you set up your certificates? So far I've done the following steps, but still can't get it working.

1. Set up an internal CA to sign certificates using OpenSSL's tools
2. Generated a certificate for the LDAP server, also using OpenSSL's tools
3. Signed said certificate with my CA, still using OpenSSL's tools
4. Loaded up Netscape 4.7x, fed it my CA's certificate and told it to trust the certificate to identify sites
5. Copied the .netscape/cert7.db and .netscape/key3.db files to /var/ldap/ and chmod'd them 444 per the documentation
6. Configured the Solaris LDAP client to use TLS with simple authentication
7. Verified that I am trying to contact the server by the same name that's recorded as the common name in the certificate
8. Watched the Solaris LDAP client still refuse to initiate a TLS connection with my server.

How were you able to get it working?