Categories

JAVA DATEBASE
Technology Network Community
Oracle Database
Fusion Middleware
Development Tools
Java
Desktop
Server & Storage Systems
Enterprise Management
Berkeley DB Family
Cloud Computing
Big Data
Business Intelligence
Architecture
Migration and Modernization
E-Business Suite
Siebel
PeopleSoft Enterprise
JD Edwards World
Industries
JD Edwards EnterpriseOne
User Productivity Kit Pro (UPK) and Tutor
Governance, Risk & Compliance (GRC)
Master Data Management (MDM)
Oracle CRM On Demand
On Demand: SaaS and Managed Applications
AutoVue Enterprise Visualization
Primavera
ATG
Agile PLM
Endeca Experience Management
Fusion Applications
Archived Forums

 



Tags

Solaris 10


ldap over ssl help please


I'm trying to implement Active Directory authentication/authorization over SSL.  I have this all working fine without SSL, and am now just trying to make things secure.  What has me baffled is that I can do an ldapsearch using SSL with the certs I've installed, over port 636.  For some reason if configure ldapclient to use tls:simple, logons hang as soon as the user ID is entered.  I am never prompted for a password, it just hangs.  Here is the log entry from pam debug, which repeats every 5 seconds:  Apr  7 10:44:56 ldapclient01 sshd[15281]: [ID 293258 auth.warning] libsldap: Status: 81  Mesg: openConnection: simple bind failed - Can't contact LDAP server Apr  7 10:44:56 ldapclient01 sshd[15281]: [ID 545954 auth.error] libsldap: makeConnection: failed to open connection to DomainDnsZones.EXAMPLE.COM  Anyone know what I might have done wrong, or how to troubleshoot further.  I thought that if ldapsearch worked, ldap authentication would as well.  Here is the ldapsearch command that is successful.  ldapsearch -v -h ldapserver.example.com -p 636 -D cn=solarisldap,ou=unix,dc=example,dc=com -w ********** -Z -P /var/ldap/cert8.db -b ou=users,dc=example,dc=com -s sub cn=*  Here is the ldapclient command I run, to setup for tls:simple  ldapclient manual -a credentialLevel=proxy -a authenticationMethod=tls:simple -a certificatePath=/var/ldap -a proxyDN="CN=solarisldap,OU=UNIX,dc=example,dc=com" -a proxyPassword="********" -a defaultSearchBase=dc=example,dc=com -a domainName=example.com -a "preferredServerList=192.168.240.21" -a "defaultServerList=192.168.240.21 192.168.240.25" -a serviceAuthenticationMethod=pam_ldap:tls:simple -a attributeMap=group:userpassword=msSFU30Password -a attributeMap=group:memberuid=msSFU30MemberUid -a attributeMap=group:gidnumber=msSFU30GidNumber -a attributeMap=passwd:gecos=msSFU30Gecos -a attributeMap=passwd:gidnumber=msSFU30GidNumber -a attributeMap=passwd:uidnumber=msSFU30UidNumber -a attributeMap=passwd:uid=sAMAccountName -a attributeMap=passwd:homedirectory=msSFU30HomeDirectory -a attributeMap=passwd:loginshell=msSFU30LoginShell -a attributeMap=shadow:shadowflag=msSFU30ShadowFlag -a attributeMap=shadow:userpassword=msSFU30Password -a attributeMap=shadow:uid=sAMAAccountName -a objectClassMap=group:posixGroup=group -a objectClassMap=passwd:posixAccount=user -a objectClassMap=shadow:shadowAccount=user -a serviceSearchDescriptor=passwd:dc=dc=example,dc=com?sub -a serviceSearchDescriptor=group:dc=dc=example,dc=com?sub  Thanks in advance for any assistance...

Hi,  There's a forum dedicated to Sun LDAP:  http://forum.java.sun.com/forum.jspa?forumID=761 do a search for SSL from that forum.  A lot of discussion on SSL and LDAP.  HTH, John

Thanks, I'm on my way.


Related Links

Sound Issue Sun M2
Boot cd rom from lom>
ufsdump/ufsrestore for duplicating disks - after boot, new FS is read-only
Solaris 10 installation problem on IBM Thinkpad - T43
OpenWindows Question
bge0 turn off autoneg
Configuring ce interface with ce.conf
Solaris 10, ftp file truncation
silly question from a newbee
Printer Driver Addition
Broken pipe - Solaris 10, Sun T2000
rpc.metad process consuming 25% of CPU
Lost Partition Table (Non Boot Drive) on Solaris 10 x86
configuring relay mailer
service manager
Post-reboot, unable to get beyond maintenance mode