Adrian Quek wrote:
Hi,
I've been trying to get Solaris 9 to talk to openldap (2.0.23) on a
RedHat 7.3 server with TLS and I've managed to get authentication
working with the native pam_ldap provided by Solaris 9.
"Me too!" That's my exact situation. But I'm having a different
problem. Not to dilute your thread...
How did you set up your certificates? So far I've done the following
steps, but still can't get it working.
I've:
1. Set up an internal CA to sign certificates using OpenSSL's tools
2. Generated a certificate for the LDAP server, also using OpenSSL's tools
3. Signed said certificate with my CA, still using OpenSSL's tools
4. Loaded up Netscape 4.7x, fed it my CA's certificate and told it to
trust the certificate to identify sites
5. Copied the .netscape/cert7.db and .netscape/key3.db files to
/var/ldap/ and chmod'd them 444 per the documentation
6. Configured the Solaris LDAP client to use TLS with simple authentication
7. Verified that I am trying to contact the server by the same name
that's recorded as the common name in the certificate
8. Watched the Solaris LDAP client still refuse to initiate a TLS
connection with my server.