[OmniOS-discuss] ldap auth
Paul B. Henson
henson at acm.org
Sat Aug 24 02:30:04 UTC 2013
On Fri, Aug 23, 2013 at 02:56:46PM -0700, Brian High wrote:
> ... However, in OmniOS r151006 (omnios-b281e50) the ldapsearch test
> fails when using TLS (-Z or -ZZ switches used) with:
>
> ldap_simple_bind: Can't contact LDAP server
I've got a vanilla omnios test box of the same vintage which seems to
work fine against my openldap server:
# ldapsearch -ZZ -P /var/ldap/cert8.db -h ldap.csupomona.edu -p 636 -b
dc=csupomona,dc=edu uid=astudent
version: 1
dn: uid=astudent,ou=user,dc=csupomona,dc=edu
[...]
I also just configured it to use ldap as a naming service with the
following setup (which we use in production on Solaris 10):
# cat /var/ldap/ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use
# ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= ldap.csupomona.edu
NS_LDAP_SEARCH_BASEDN= dc=csupomona,dc=edu
NS_LDAP_CACHETTL= 0
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=user,dc=csupomona,dc=edu
NS_LDAP_SERVICE_SEARCH_DESC=
automount:ou=automount,ou=service,dc=csupomona,dc=edu?sub
NS_LDAP_ATTRIBUTEMAP= group:cn=uid
NS_LDAP_ATTRIBUTEMAP= passwd:gecos=displayname
NS_LDAP_ATTRIBUTEMAP= automount:automountMapName=ou
NS_LDAP_ATTRIBUTEMAP= automount:automountKey=uid
NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount
NS_LDAP_OBJECTCLASSMAP= automount:automount=*
NS_LDAP_AUTH= tls:simple
NS_LDAP_CREDENTIAL_LEVEL= proxy
and after enabling ldap in nsswitch.conf, it seems to work fine:
# getent passwd astudent
astudent:x:45355:1012:A. B. Student Esq.:/user/astudent:/bin/bash
> Any ideas of what might be wrong here with the OmniOS ldap client?
So, I don't think the omnios client is inherently broken ;).
If you'd like to contact me off list and provide access to your ldap
server I could try and set up an omnios client pointing to it and see if
I can figure out what's not working...
More information about the OmniOS-discuss
mailing list