[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Solaris 9 with Openldap and TLS

On Thu, 22 Aug 2002, Scott Moorhouse wrote:

> Adrian Quek wrote:
> > Hi,
> >
> > I've been trying to get Solaris 9 to talk to openldap (2.0.23) on a
> > RedHat 7.3 server with TLS and I've managed to get authentication
> > working with the native pam_ldap provided by Solaris 9.
> "Me too!"   That's my exact situation.  But I'm having a different
> problem.  Not to dilute your thread...
> How did you set up your certificates?  So far I've done the following
> steps, but still can't get it working.
> I've:
> 1. Set up an internal CA to sign certificates using OpenSSL's tools
> 2. Generated a certificate for the LDAP server, also using OpenSSL's tools
> 3. Signed said certificate with my CA, still using OpenSSL's tools
> 4. Loaded up Netscape 4.7x, fed it my CA's certificate and told it to
> trust the certificate to identify sites
> 5. Copied the .netscape/cert7.db and .netscape/key3.db files to
> /var/ldap/ and chmod'd them 444 per the documentation
> 6. Configured the Solaris LDAP client to use TLS with simple authentication
> 7. Verified that I am trying to contact the server by the same name
> that's recorded as the common name in the certificate
> 8. Watched the Solaris LDAP client still refuse to initiate a TLS
> connection with my server.

You proly meant to say that the ldap server refused to establish a TLS
connection with the solaris 9 ldap client.  It seems that the ldap server
log can help you to troubleshoot this problem.  Try loglevel 264 in
slapd.conf.  I have not tried this, but I am curious to know if you will
make this work.