Am 07.10.2011 23:58, schrieb NetNinja: > Ok that's good to know. > I was reading in the book "Solaris 10 System Administration Essential" > and it says on pg 365 that the openldap server needs to be patched so > that the ldapclient init utility will configure properly. > > Do you happen to remeber how you setup the Solaris Native client? This > my current issue, I installed openldap on a RHEL 5.5 server and have all > the Linux servers working with the ldap server but the Solaris servers > won't let me login as a ldap user. I can do a ldapsearch, id, getent and > get info on ldap users. I am in the process of troubleshooting the issue > and I'm not sure what I'm doing wrong? My setup is very basic, no TLS, > uatomount or replication. I will add these later when I know what i'm doing. > > Anyway thanks for your help. If you have any advice on ldapclient setup > let me know. > > On Fri, Oct 7, 2011 at 3:41 PM, Christian Manal > <[email protected] > <mailto:[email protected]>> wrote: > > Am 07.10.2011 20:25, schrieb NetNinja: > > Hello, > > I have been reading up on OpenLDAP. I have installed it on RHEL > 5.5 but > > I have seen documention saying that openldap needs to be patched > to work > > with Solaris. Can someone tell me if this still the case and if so > where > > to get the patch. If not any info you can provide wold be great. > > > > Thanks > > > > > > Hi, > > I've been running OpenLDAP on Solaris 10 for years now. It works out of > the tarball, no patches needed. > > > Regards, > Christian Manal > > > > >
Here's an example of an ldapclient invocation that works for me: ldapclient manual \ -a authenticationMethod="tls:simple" \ -a credentialLevel="proxy" \ -a defaultSearchBase="dc=example,dc=org" \ -a defaultSearchScope="sub" \ -a defaultServerList="ldap1.example.org,ldap2.example.org" \ -a domainName="example.org" \ -a preferredServerList="ldap1.example.org,ldap2.example.org" \ -a serviceSearchDescriptor="passwd:ou=People,dc=example,dc=org" \ -a serviceSearchDescriptor="group:ou=Group,dc=example,dc=org" \ -a serviceSearchDescriptor="netgroup:ou=Netgroup,dc=example,dc=org" \ -a serviceSearchDescriptor="auto_home:ou=auto_home,ou=Mounts,dc=example,dc=org" \ -a attributeMap="auto_home:automountMapName=ou" \ -a attributeMap="auto_home:automountKey=cn" \ -a proxyDN="uid=proxyauth,ou=people,dc=example,dc=org" \ -a proxyPassword="foobar" Before you invoke that, you need to modify /etc/nsswitch.ldap to your needs (ldapclient will copy that to /etc/nsswitch.conf). You also need to put your TLS certs into /var/ldap in NSS format (you can generate/convert them with certutil[1]) and edit /etc/pam.conf for LDAP authentication. Regards, Christian Manal [1] http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
