[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: solaris 9 ldap client with tls?

Hi again. 

Would it be possible to post just the part about how you got tls:simple
authentication to work for a solaris 9 client (native tools!?!) to an
openldap server? If I can get there, that would be a miracle. I've
banged my head on this for MANY days now, and all it's gotten me is

I dislike Solaris more every day, and I used to love it. 


On Wed, 2003-06-25 at 12:04, Greg Matthews wrote:
> Hi Brian...
> yes this *is* possible, I am just in the process of doing this myself
> and ironing out a few wrinkles. So far I have demonstrated that Sol9
> will authenticate to openldap using tls:simple and a proxy and with its
> own client software. You can also store the solaris profiles on
> openldap. (thanks to list members who've helped me with this).
> I intend to write a brief summary of what I did just as soon as I've got
> objectclass and attribute matching sorted out.
> On Wed, 2003-06-25 at 16:53, Brian K. Jones wrote:
> > Is there ANY authoritative documentation out that concretely describes
> > the process of getting solaris 9 to:
> > 
> > a) be an openldap client for user/passwd/group information and
> > 
> > b) use tls and 
> > 
> > c) make changes to the /var/ldap/ldap_client_file using ldapclient, and 
> > 
> > d) have those changes actually take affect?
> > 
> > My entire department is ready to move to LDAP, the Linux boxes all work
> > flawlessly, and the Sun boxes seem inadequately documented for getting
> > them set up as OpenLDAP clients using TLS. 
> > 
> > I've seen the 'bolthole' document, which is really for Solaris 8, and
> > I've seen plenty of other frustrated posts with no real answers that
> > help me. The impression I'm getting now is that:
> > 
> > a) you can't do an anonymous bind from Solaris 9 to OpenLDAP and use
> > TLS, which means:
> > 
> > b) you MUST create a proxy user especially for Solaris 9 clients, and
> > 
> > c) you would then use ldapclient in 'manual' mode and pass the password
> > to the program in clear text on the command line. 
> > 
> > I'm completely confused by this. This is not a complex process. I must
> > be missing something. Please help.