RE: mapping one search to another

[Greg Matthews <gmatt@nerc.ac.uk>]

Hi Steve...

this looks very useful. Does this mean you *are* using the padl modules
(pam and nss) or the native solaris ones? 

> Had problems with the openldap/padl stack on Solaris when trying to
> get the sasl/gssapi part working.  Works OK for simple/auth.

I only want to get tls:simple working for regular authentication which
seems to be what you have setup - maybe I'll try sasl once I'm over this
hurdle!

> I run tls encryption from sol8 and sol9 native clients to openldap
> server.  By installing the ldap2 back-port (patch 108993-nn) on sol8
> you get the sol9 ldap client functionality, which is easier to use
> than the sol8.

this is good to know. Do you verify the server certificate against a CA
cert?

> I'm using simple auth (as you are probably already doing on the sol8
> client?).  Here's an example below of a usable ldap2 (sol9)
> ldap_client_file,
> in which the mappings may not match the objectclasses and attributes
> you are using at your sol9 openldap server, but I'm sure you'll get the
> gist.
> 
> btw, I never use the solaris profiles, which seem to get in the way of
> configuring clients rather than helping, but maybe I've not worked out
> how to use them properly.

so this file was generated with 'ldapclient manual' ? there don't seem
to be entries for proxydn and proxypassword... have these just been
snipped?

> Let me know if you need details on getting the tls part working.

its the main thing holding me up at the moment!

GREG

> Steve

<---stuff snipped--->

-- 
Greg Matthews
iTSS Wallingford	01491 692445