[Date Prev][Date Next]
How to make simple:tls work
I have been workingon Iplanet Directory server (IPDS)
on Soalris for almost a week now. I got the simple
authentication method to work. However, I wanted to
use TLS so that individual proxy authentication and
related transaction can be encrypted. I simply wanted
to use proxy based username:password authetication but
It seems that IPDS needs certificates in Netscapes DB
format. I found that the certutil from
http://www.leerssen.com/certutil.html will let me
create db files from the PEM files. I used openSSL to
create certificates. Essentially I created teh
1. CA certficate
2. LDAP server Certificate
3. LDAP Server key
I installed 1,2, and 3 on the LDAP server. I
installed only 1 on the client. Now this is where it
gets interesting. I ran teh ldapsearch command as
ldapsearch -h ldap.cp.home -p 636 -Z -P
/var/ldap/cert7.db -D "cn=Directory manager" -w
password -b "dc=cp,dc=home"
I was able to view the results of the search. Next I
went on to run the ldapclient. I used teh following:
ldapclient -v manual \
-a credentialLevel=proxy \
-a authenticationMethod=tls:simple \
-a proxypassword=password \
-a certificatePath=/var/ldap \
-a defaultSearchBase=dc=cp,dc=home \
-a domainname=cp.home \
-a followReferrals=true \
Notice that I am specifying tls:simple as my auth
method. Now things just fail even though the command
returns success! Looking at /var/adm/messages, I see:
Mar 3 15:52:37 unknown ldap_cachemgr: [ID
293258 daemon.warning] libsldap: Status: 7 Mesg:
Session error no available conn.
When I run the ldapclient with "simple" in place of
"tls:simple" all seems to work (like ldaplist). When
using tls:simple nothing works!
So thats where everything has come to a grinding halt.
Pls can one of you advise as to what I could be doing
to get this going?
Do you Yahoo!?
Yahoo! Search - Find what you?re looking for faster