Then I modified the ldapclient configuration to use tls:simple: # ldapclient mod -a authenticationMethod=tls:simple the configuration after: # ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_BINDDN= cn=proxyagent,ou=Profile,ou=unix,dc=ch,dc=abb,dc=com NS_LDAP_BINDPASSWD= xx The crypted password :) xx Join the community of 500,000 technology professionals and ask your questions. Yahoo! The "ldap_gen_profile" command will generate a profile in LDIF format, so that you can upload that to the server.Solutions:1) 'sshd' account in /etc/passwd, please read the OpenSSH HOWTO for Sol8 on this contact form
Feb 16 17:19:12 unknown ldap_cachemgr: [ID 186574 daemon.error] Error: Unable to refresh profile:default: Session error no available conn. -bash-3.00# ldaplist ldaplist: Object not found (Session error no available conn.) -bash-3.00# ldapclient But they should work with tls:simple, so: 1. There are a few Linux clients which connect over Port 636 to the Server. Now, I export my server certificate from ldap server with the following command : # /opt/SUNWdsee/ds6/bin/dsadm export-cert -o /tmp/server-certificate /space/DS/ds1 defaultCert I copy this certificate to the client machine and before
Prerequisites One needs to create certificate compatible with Solaris 9 (which uses cert7.db and key3.db) default.tls profile MUST exist in LDAP prior to execute following steps References http://www.muquit.com/muquit/software/mod_auth_ldap/ssl_tls.html http://docs.sun.com/app/docs/doc/806-4077/ Convert Key- Tired of spam? Any help would be appreciated. Error: Unable To Update From Profile Do not execute these steps again.
When configuring a host in one of the intranet-vlans, execute on the host: # cp /net/dsp3/data/home/wizard/Library/ldap/*.db /var/ldap/ # chmod 444 /var/ldap/*.db When configuring a host in one of the DMZs (no Libsldap Status 2 Mesg Unable To Load Configuration Var Ldap Ldap_client_file nslookups look fine. There are several steps depending on each other and some pittfalls you will hit if you don't exactly follow my guidelines. Everything goes well.
By the way, the documentation doesn't states a hostname must be used when TLS is enabled, only that there should be a full match between what is in the certificate and original site I follow all the steps mentioned in the Installation Guide on Sun's site but there is a problem with ldapclient init when I use hostname instead of IP address in the Ldaplist Session Error No Available Conn libsldap: Status: 2 Mesg: Unable to load configuration '/var/ldap/ldap_client_file' (''). Error: Unable To Refresh Profile::session Error No Available Conn Join & Ask a Question Need Help in Real-Time?
Like Show 0 Likes(0) Actions 4. Anyone got a clue to why? //Linus 0 Question by:mannie Facebook Twitter LinkedIn Google LVL 38 Best Solution byyuzh Check your setup against this "OpenLDAP SSL/TLS How-To" http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html And have a Next run this command to setup your certificate database: # LD_LIBRARY_PATH=/usr/lib:/usr/local/lib ; export LD_LIBRARY_PATH # /opt/sunone/lib/nss/bin/certutil -N -d /var/ldap Add hosts entry to /etc/hosts for Ldap server, ** matching the certificate mariner Faq Reply With Quote November 10th, 2005,04:47 PM #2 No Profile Picture JudgeX View Profile View Forum Posts Registered User Devshed Newbie (0 - 499 posts) Join Libsldap: Could Not Remove From Servers List
password include pam_authtok_common password required pam_authtok_store.so.1 passwd # # Copyright (c) 2012, Oracle and/or its affiliates. Cheers, Farhan -- From: [email protected]: [email protected]: RE: Solaris 10 Native LDAP Client TLSDate: Mon, 17 Mar 2008 13:01:56 +0000 Hi Guys,I have Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for You can not post a blank message.
Locking. They must return ds1-int.services.el.campus.intern and ds2-int.services.campus.intern # getent hosts 10.31.0.26 10.31.0.26 ds1-int.services.el.campus.intern # getent hosts 10.31.0.27 10.31.0.27 ds2-int.services.el.campus.intern DMZ Test connection and certificates using ldapsearch: # ldapsearch -h 22.214.171.124 -p 636 I used Netscape to connect to the server on Port 636 to receive the two ".db" files cert7.db and key3.db.
I got it all functional without TLS. While on server I get following in debugs Mar 21 23:29:50 rhapp04-t1 slapd: connection_read(10): checking for input on id=0Mar 21 23:29:50 rhapp04-t1 slapd: connection_read(10): TLS accept error error=-1 id=0, closingMar i.e., is the certificate subject "cn=cnyitlin02.company.com,o=company..." If so, you must also use the fully-qualified name in your client config, e.g.: NS_LDAP_SERVERS= cnyitlin02.company.com instead of: NS_LDAP_SERVERS= cnyitlin02 If not, might be the Skip navigationOracle Community DirectoryOracle Community FAQLog inRegisterMy Oracle Support Community (MOSC)SearchSearchCancelGo Directly To Oracle Technology Network CommunityMy Oracle Support CommunityOPN Cloud ConnectionOracle Employee CommunityOracle User Group CommunityTopliners CommunityOTN Speaker BureauJava CommunityError:
not solvable ! I have downloaded dsbuild-fds101-1.tar.gz, but I'm unable to build Netscape SDK. More discussions in Systems Networking All PlacesOracle CommunityArchived ForumsSystems Management Tasks Archived ForumsSystems Networking This discussion is archived 8 Replies Latest reply on Jun 26, 2010 10:39 AM by dcminter Problem Tired of spam?
Remove advertisements Sponsored Links jlliagre View Public Profile Find all posts by jlliagre #5 05-20-2010 niyazi Registered User Join Date: Apr 2010 Last Activity: 15 June 2012, 4:05 They all use SSL for authentification with the CA Cert file cacert.pem, which I put into /etc/ssl/certs/. This can take up to 30sec for the first time.) # ls /home/wizard Step 6: Adapt pam.conf to allow ldap authentication Don't forget that PAM is required for user authentication. I also put the file cacert.pem which the Linux clients use into this directory. 2.
I have installed the latest patches on both machines and it didn't solved the problem. References http://blogs.sun.com/baban/entry/steps_to_setup_ssl_using http://docs.sun.com/app/docs/doc/816-5166/6mbb1kq6e?a=view Create default.tls profile Create NEW PROFILE for use in intranet with encryption tls:simple # ldapclient genprofile -a profileName=default.tls \ -a defaultSearchBase=dc=el,dc=campus,dc=intern \ -a authenticationMethod=tls:simple \ -a defaultServerList="10.31.0.26 10.31.0.27" I'm getting the answers from the ldapsearch command with the SSL. ./ldapsearch -h ismesl90 -p 636 -Z -P /var/ldap -D "cn=Directory Manager" -w password -b "cn=Password Policy,cn=config" "(objectclass=*)" version: 1 dn: also have a look at: http://sunportal.sunmanagers.org/pipermail/summaries/2005-March/006204.html 0 Write Comment First Name Please enter a first name Last Name Please enter a last name Email We will never share this with
Please add it. Please help me to sort out this issueLDAP Server: Linux (OpenLdap), LDAP Client: Solaris 10 (Native Client)When I run following command to test, it works fine, ldapsearch -v -h test -p They clients are set up new and on the recommended Patch level: # uname -a SunOS sun54 5.9 Generic_117171-12 sun4u sparc SUNW,Ultra-5_10 What's the problm? niyazi View Public Profile Find all posts by niyazi #4 05-19-2010 jlliagre ɹǝsn sɹɐlos Join Date: Dec 2007 Last Activity: 19 October 2016, 2:30 PM EDT Location:
Thanks, Shalom Message was edited by: shalomG 6963Views Tags: none (add) This content has been marked as final.