[Date Prev][Date Next]
Re: Solaris 9 with Openldap and TLS
On Thu, 22 Aug 2002, Scott Moorhouse wrote:
> Adrian Quek wrote:
> > Hi,
> > I've been trying to get Solaris 9 to talk to openldap (2.0.23) on a
> > RedHat 7.3 server with TLS and I've managed to get authentication
> > working with the native pam_ldap provided by Solaris 9.
> "Me too!" That's my exact situation. But I'm having a different
> problem. Not to dilute your thread...
> How did you set up your certificates? So far I've done the following
> steps, but still can't get it working.
> 1. Set up an internal CA to sign certificates using OpenSSL's tools
> 2. Generated a certificate for the LDAP server, also using OpenSSL's tools
> 3. Signed said certificate with my CA, still using OpenSSL's tools
> 4. Loaded up Netscape 4.7x, fed it my CA's certificate and told it to
> trust the certificate to identify sites
> 5. Copied the .netscape/cert7.db and .netscape/key3.db files to
> /var/ldap/ and chmod'd them 444 per the documentation
> 6. Configured the Solaris LDAP client to use TLS with simple authentication
> 7. Verified that I am trying to contact the server by the same name
> that's recorded as the common name in the certificate
> 8. Watched the Solaris LDAP client still refuse to initiate a TLS
> connection with my server.
You proly meant to say that the ldap server refused to establish a TLS
connection with the solaris 9 ldap client. It seems that the ldap server
log can help you to troubleshoot this problem. Try loglevel 264 in
slapd.conf. I have not tried this, but I am curious to know if you will
make this work.