[Date Prev][Date Next] [Chronological] [Thread] [Top]

Secure LDAP with Solaris9?

To: openldap-software@OpenLDAP.org
Subject: Secure LDAP with Solaris9?
From: Markus Schatzl <scm34435@rss1.rz.uni-regensburg.de>
Date: Mon, 17 Nov 2003 10:51:18 +0100
Content-disposition: inline
User-agent: KMail/1.5.4

Hi all,

this is not a thing very closely related to this list, but I don't see 
any other possibility than to ask here.
I set up a OpenLDAP-Server two months ago which was able to 
authenticate and automount for Linux-boxes as well as for Solaris 9 
(with the native client).
I didn't go for much security that time and used neither transmission 
encryption nor ACL's. I've built it all again now and recognized that 
Solaris is only able to retrieve the passwords if I allow it to read 
even the userPassword in anonymous mode. There is of course no way to 
deploy it this way.
Has anybody some suggestions or experience concerning this issue? My 
impression is that quite some people did the integration of native 
Solaris9 clients meanwhile, but for what cost regarding data 
security?
A sensible goal would be to make the Solaris-machines bind simple and 
use TLS for transmission. This will be the most advanced modality 
with native SUN and OpenLDAP if possible at all.

I only use Debian packages from testing, i.e. OpenLDAP 2.1.22; 
encryption of communication is provided by StartTLS, which I removed 
again to get the Suns running. Passwords are {crypt}-stored within 
the DIT. Solaris uses the proxymanager for server-interaction.

Thanks in advance

Markus

Prev by Date: RE: OpenLDAP, bdb and Linux filesystems
Next by Date: Re: OpenLDAP, bdb and Linux filesystems
Index(es):
- Chronological
- Thread