[Date Prev][Date Next]
Re: solaris 9 ldap client with tls?
- To: Greg Matthews <email@example.com>
- Subject: Re: solaris 9 ldap client with tls?
- From: "Brian K. Jones" <jonesy@CS.Princeton.EDU>
- Date: 08 Jul 2003 16:41:10 -0400
- Cc: jonesy@CS.Princeton.EDU, LDAP Mailing List <openldap-software@OpenLDAP.org>
- In-reply-to: <firstname.lastname@example.org>
- Organization: Princeton University, Dept. of Computer Science
- References: <1056556410.13916.102.camel@newhotness> <email@example.com>
Would it be possible to post just the part about how you got tls:simple
authentication to work for a solaris 9 client (native tools!?!) to an
openldap server? If I can get there, that would be a miracle. I've
banged my head on this for MANY days now, and all it's gotten me is
I dislike Solaris more every day, and I used to love it.
On Wed, 2003-06-25 at 12:04, Greg Matthews wrote:
> Hi Brian...
> yes this *is* possible, I am just in the process of doing this myself
> and ironing out a few wrinkles. So far I have demonstrated that Sol9
> will authenticate to openldap using tls:simple and a proxy and with its
> own client software. You can also store the solaris profiles on
> openldap. (thanks to list members who've helped me with this).
> I intend to write a brief summary of what I did just as soon as I've got
> objectclass and attribute matching sorted out.
> On Wed, 2003-06-25 at 16:53, Brian K. Jones wrote:
> > Is there ANY authoritative documentation out that concretely describes
> > the process of getting solaris 9 to:
> > a) be an openldap client for user/passwd/group information and
> > b) use tls and
> > c) make changes to the /var/ldap/ldap_client_file using ldapclient, and
> > d) have those changes actually take affect?
> > My entire department is ready to move to LDAP, the Linux boxes all work
> > flawlessly, and the Sun boxes seem inadequately documented for getting
> > them set up as OpenLDAP clients using TLS.
> > I've seen the 'bolthole' document, which is really for Solaris 8, and
> > I've seen plenty of other frustrated posts with no real answers that
> > help me. The impression I'm getting now is that:
> > a) you can't do an anonymous bind from Solaris 9 to OpenLDAP and use
> > TLS, which means:
> > b) you MUST create a proxy user especially for Solaris 9 clients, and
> > c) you would then use ldapclient in 'manual' mode and pass the password
> > to the program in clear text on the command line.
> > I'm completely confused by this. This is not a complex process. I must
> > be missing something. Please help.