Igor Brezac wrote:
Yes, I finally found this section of the documentation and was able to update my NIS schema according to what Sun has implemented of RFC 2307.I'm currently experiencing some issues which just may be bugs/problems with integrating these two pieces of software.
Before you go any further make sure to update your schema:
http://docs.sun.com/?p=/doc/806-4077/6jd6blbf3&a=view
This is still definitely not working. OpenLDAP considers the LDAP client to be binding as an anonymous user. Whether that means it botched the authentication or never tried it in the first place is something I'm not familiar enough with the debug output of slapd to determine yet. I can't even get it to bind as my RootDN.
1. Solaris 9 LDAP client doesn't bind properly to the OpenLDAP server even when you configure it with proxyDn and proxyPassword.
I set up a user cn=NamingClient,dc=mydomain,dc=com in order to be able to give special privileges to Solaris naming clients, but since it seems to refuse to bind as anything other than an anonymous user, this doesn't seem to help me much. Here's my ldapclient config string:
# ldapclient manual -a defaultServerList=myldapserverip -a defaultSearchBase="dc=mydomain,dc=com" -a defaultSearchScope=sub -a credentialLevel=proxy -a proxyDn="cn=NamingClient,dc=mydomain,dc=com" -a proxyPassword=mypass -a serviceSearchDescriptor="automount:ou=AutomountMaps,dc=mydomain,dc=com"
(I wish to keep my automount maps in a different container)
I've used a similar configuration, but I have not tried automount.
Start ldap_cachemgr (/etc/init.d/ldap.client start) and restart nscd
(/etc/init.d/nscd stop;/etc/init.d/nscd start). This was not required in
Solaris 8. Or reboot.
dn: cn=NamingClient,dc=mydomain,dc=com objectClass: organizationalRole objectClass: simpleSecurityObject cn: NamingClient userPassword: {crypt}[DEScryptstring]
2. PAM TLS functionality is broken.
When I add -a authenticationMethod="tls:simple" to the above
Try to make it work with simple bind before you try tls.
Sound advice.