Solaris 10 authentication against openldap

By hp on December 22, 2009 4:32 PM | No Comments | No TrackBacks

Here is a simple recipe, to authenticate users against an LDAP directory, using the native ldap client of Solaris 10.

Stop ldapclient and nscd

/etc/init.d/ldap.client stop
/etc/init.d/nscd stop

Add “ldap” to “passwd” and “groups” in /etc/nsswitch.conf, modify /etc/pam.conf and install /var/ldap/ldapclientfile. Create /var/ldap/ldapclientcred of the form

NS_LDAP_BINDDN= cn=admin,dc=ifi,dc=uzh,dc=ch
NS_LDAP_BINDPASSWD= {NS1}*****************

After restarting nscd and ldapclient

/etc/init.d/ldap.client start
/etc/init.d/nscd start

ldaplist should already yield a list of users defined in LDAP and “id” should be able to identify them.

All is left is to create the certificate database for ldapclient. Use the certutil to create it and add the RootCA of your LDAP server certificate

certutil -A -n certname.pem -t CT -d /var/ldap -i certname.pem

Now also login should work.

Categories:

Tags:

No TrackBacks

TrackBack URL: http://edelblog.ch/cgi-bin/movabletype/mt-tb.cgi/5

Leave a comment

Search

About this Entry

This page contains a single entry by hp published on December 22, 2009 4:32 PM.

working with kvm images was the previous entry in this blog.

encrypted usb sticks and hard drives step by step is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.