[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: NSS_LDAP Solaris and Active directory



We have Solaris clients working with AD but not with OpenLDAP or OpenSSL. The combination is:
 
nss_ldap-184 + pam_ldap-140 from www.padl.com, iPlanet CSDK 5[1].08 for LDAP/SSL, Berkeley DB 3.1.17, Windows 2000 + SP2 + Q320711 hotfix + SFU
 
nss configured as follows:
 
./configure --with-ldap-lib=netscape5 --with-ldapdir=/export/home/dav/Netscape/ldapcsdk5[1].08-SunOS5.8 --enable-schema-mapping --enable-ssl --enable-debugging
 
pam configured as follows:

./configure --with-ldap-lib=netscape5 --with-ldapdir=/export/home/dav/Netscape/ldapcsdk5[1].08-SunOS5.8 --enable-ssl

You don't say what the symptoms are but we found ssldump and ethereal invaluable for tracing encrypted and non encrypted traffic respectively. Microsoft Q Q260729, Q314980 are useful for logging.
 
Stuart
-----Original Message-----
From: henk.coenen@philips.com [mailto:henk.coenen@philips.com]
Sent: Wednesday, June 19, 2002 8:20 PM
To: openldap-software@OpenLDAP.org
Subject: NSS_LDAP Solaris and Active directory


Hello all,


We are currently working on replacing NIS by a LDAP directory (iPlanet or Active
Directory). Initially we will focus on moving the UNIX account information into a LDAP
directory in order to enable a single point of account administration. We already
have deployed kerberos to implement a Single Sign-On infrastructure between UNIX
and Windows 2000, so we would like to use the Active Director

We have encountered a number of problems with respect to compatibility of the LDAP
client on Solaris in combination with Active Directory. We are looking for a solution that
works with the schema changes implemented by Microsoft Services for UNIX (MSFU).

Currently we have two demo environments:

Situation 1: Directory implemented by iPlanet
o HP-UX making use of native LDAP client -- OK
o Linux making use of NSS_LDAP software  -- OK
o Solaris making use of native LDAP client  -- OK

Situation 2: Directory implemented by Active Directory + MSFU
o HPUX making use of native LDAP client -- OK
o Linux making use of NSS_LDAP software -- OK
o Solaris making use of both native LDAP client and NSS_LDAP software -- NOT OK

Situation 1 is working fine!


In situation 2 we have compatibility problems with the Solaris LDAP clients and Active
Directory. This is true for both the native LDAP implementation on Solaris and also for
the NSS_LDAP implementation.

With regard to these problems we have some questions:

1. Who has the Solaris native LDAP client running in combination with the Active Directory
     as primary naming service to replace NIS?

2. We compiled the  NSS_LDAP v191 for Solaris 2.8 making use of BerkeleyDB4.0.14 and
     openldap, but unfortunately things do not work as would like. Who has the NSS_LDAP
     software running in combination with the Active Directory ?

      If yes.  what did you use in combination with NSS_LDAP, how did you compile
      and configure things, or in other words where can we find a recep

   Thanks in advance
               Henk

Ir H.G.P. (Henk) Coenen                          phone: +31-40-2744161

Philips Research Laboratories  
Prof Holstlaan 4,
5656 AA Eindhoven, The Netherlands
Mailto:henk.coenen@philips.com