[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: solaris 9 ldap client with tls?



Hi Brian...

yes this *is* possible, I am just in the process of doing this myself
and ironing out a few wrinkles. So far I have demonstrated that Sol9
will authenticate to openldap using tls:simple and a proxy and with its
own client software. You can also store the solaris profiles on
openldap. (thanks to list members who've helped me with this).

I intend to write a brief summary of what I did just as soon as I've got
objectclass and attribute matching sorted out.

GREG

On Wed, 2003-06-25 at 16:53, Brian K. Jones wrote:
> Is there ANY authoritative documentation out that concretely describes
> the process of getting solaris 9 to:
> 
> a) be an openldap client for user/passwd/group information and
> 
> b) use tls and 
> 
> c) make changes to the /var/ldap/ldap_client_file using ldapclient, and 
> 
> d) have those changes actually take affect?
> 
> My entire department is ready to move to LDAP, the Linux boxes all work
> flawlessly, and the Sun boxes seem inadequately documented for getting
> them set up as OpenLDAP clients using TLS. 
> 
> I've seen the 'bolthole' document, which is really for Solaris 8, and
> I've seen plenty of other frustrated posts with no real answers that
> help me. The impression I'm getting now is that:
> 
> a) you can't do an anonymous bind from Solaris 9 to OpenLDAP and use
> TLS, which means:
> 
> b) you MUST create a proxy user especially for Solaris 9 clients, and
> 
> c) you would then use ldapclient in 'manual' mode and pass the password
> to the program in clear text on the command line. 
> 
> I'm completely confused by this. This is not a complex process. I must
> be missing something. Please help. 
-- 
Greg Matthews
iTSS Wallingford	01491 692445