[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: mapping one search to another
Hi Steve...
this looks very useful. Does this mean you *are* using the padl modules
(pam and nss) or the native solaris ones?
> Had problems with the openldap/padl stack on Solaris when trying to
> get the sasl/gssapi part working. Works OK for simple/auth.
I only want to get tls:simple working for regular authentication which
seems to be what you have setup - maybe I'll try sasl once I'm over this
hurdle!
> I run tls encryption from sol8 and sol9 native clients to openldap
> server. By installing the ldap2 back-port (patch 108993-nn) on sol8
> you get the sol9 ldap client functionality, which is easier to use
> than the sol8.
this is good to know. Do you verify the server certificate against a CA
cert?
> I'm using simple auth (as you are probably already doing on the sol8
> client?). Here's an example below of a usable ldap2 (sol9)
> ldap_client_file,
> in which the mappings may not match the objectclasses and attributes
> you are using at your sol9 openldap server, but I'm sure you'll get the
> gist.
>
> btw, I never use the solaris profiles, which seem to get in the way of
> configuring clients rather than helping, but maybe I've not worked out
> how to use them properly.
so this file was generated with 'ldapclient manual' ? there don't seem
to be entries for proxydn and proxypassword... have these just been
snipped?
> Let me know if you need details on getting the tls part working.
its the main thing holding me up at the moment!
GREG
> Steve
<---stuff snipped--->
--
Greg Matthews
iTSS Wallingford 01491 692445