[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SOLARIS 8/9 Client Only.



Yep, read http://www.bolthole.com/solaris/LDAP.html for Solaris 8, Solaris 9 has builtin LDAP-Support but I do not have Solaris 9 running on my boxes. Maybe there will be problems with LDAP over TLS/SSL.

Here are my build configurations for Solaris 8. Since the machines have not been configured well by my predecessors, you may need some changes. You will need the necessary GNU tools anyway:

root@sun2 ldap]# cd /usr/src/ldap/openssl-0.9.7b
[root@sun2 openssl-0.9.7b]# ./Configure --prefix=/opt/openldap-jamba solaris-sparcv9-gcc shared
[root@sun2 openssl-0.9.7b]# gmake
[root@sun2 openssl-0.9.7b]# gmake install



[root@sun2 ldap]# cd /usr/src/ldap/db-4.1.25/build_unix/ [root@sun2 build_unix]# ../dist/configure --prefix=/opt/openldap-jamba \ --enable-compat185 --enable-fast-install=no [root@sun2 build_unix]# gmake [root@sun2 build_unix]# gmake install


[root@sun2 ldap]# cd /usr/src/ldap/openldap-2.1.19
[root@sun2 openldap-2.1.19]# export CC=gcc
[root@sun2 openldap-2.1.19]# export LDFLAGS="-L/opt/openldap-jamba/lib"
[root@sun2 openldap-2.1.19]# export CPPFLAGS="-I/opt/openldap-jamba/include"
[root@sun2 openldap-2.1.19]# export CFLAGS=$CPPFLAGS
[root@sun2 openldap-2.1.19]# ./configure --prefix=/opt/openldap-jamba --with-tls
[root@sun2 openldap-2.1.19]# gmake depend
[root@sun2 openldap-2.1.19]# gmake



[root@sun2 ldap]# cd /usr/src/ldap/nss_ldap-207 [root@sun2 nss_ldap-207]# ./configure --with-ldap-lib=openldap \ --with-ldap-dir=/opt/openldap-jamba [root@sun2 nss_ldap-207]# aclocal [root@sun2 nss_ldap-207]# autoconf [root@sun2 nss_ldap-207]# automake [root@sun2 nss_ldap-207]# gmake # gmake install may not work, so perhaps do it manually


[root@sun2 ldap]# cd /usr/src/ldap/pam_ldap-161 [root@sun2 pam_ldap-161]# ./configure --with-ldap-lib=openldap \ --with-ldap-dir=/opt/openldap-jamba [root@sun2 pam_ldap-161]# gmake [root@sun2 pam_ldap-161]# gmake install


/etc/nsswitch.conf needs (if you put nis before ldap you fill fail): passwd: files ldap nis group: files ldap nis


/etc/ldap.conf: HOST <ldap-server> BASE ou=People,dc=<...> PORT 389 SASL_SECPROPS none

ldap_version    3
scope           sub
uri             ldaps://<ldap-server>/
ssl             true


PAM (Solaris 8 only, Solaris 7 uses the same order of entries):
#
#ident "@(#)pam.conf 1.16 01/01/24 SMI"
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login auth sufficient /usr/lib/security/$ISA/pam_ldap.so.1
login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
#
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Account management
#
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account sufficient /usr/lib/security/$ISA/pam_ldap.so.1
login account required /usr/lib/security/$ISA/pam_projects.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_projects.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
#
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_projects.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/$ISA/pam_unix.so.1
#
# Password management
#
other password required /usr/lib/security/$ISA/pam_unix.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#
# Support for Solaris PPP (sppp)
ppp auth required /usr/lib/security/$ISA/pam_unix.so.1
ppp auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
ppp account requisite /usr/lib/security/$ISA/pam_roles.so.1
ppp account required /usr/lib/security/$ISA/pam_projects.so.1
ppp account required /usr/lib/security/$ISA/pam_unix.so.1
ppp session required /usr/lib/security/$ISA/pam_unix.so.1


Check using:
[root@sun2 pam_ldap-161]# getent passwd experimental
experimental:x:9000:1100:Experimental User:/home/experimental:/bin/bash

[root@sun2 pam_ldap-161]# su - experimental
[experimental@sun2 experimental]$


Have fun,

Andreas

Jason C. Leach wrote:
hi,

Does anyone have some docs on how to setup Solaris 8/9 as an
OpenLDAP client only; the server is on a Linux box.

Thanks,
j.