Technology Network Community
Oracle Database
Fusion Middleware
Development Tools
Server & Storage Systems
Enterprise Management
Berkeley DB Family
Cloud Computing
Big Data
Business Intelligence
Migration and Modernization
E-Business Suite
PeopleSoft Enterprise
JD Edwards World
JD Edwards EnterpriseOne
User Productivity Kit Pro (UPK) and Tutor
Governance, Risk & Compliance (GRC)
Master Data Management (MDM)
Oracle CRM On Demand
On Demand: SaaS and Managed Applications
AutoVue Enterprise Visualization
Agile PLM
Endeca Experience Management
Fusion Applications
Archived Forums



Solaris 10

ldap over ssl help please

I'm trying to implement Active Directory authentication/authorization over SSL.  I have this all working fine without SSL, and am now just trying to make things secure.  What has me baffled is that I can do an ldapsearch using SSL with the certs I've installed, over port 636.  For some reason if configure ldapclient to use tls:simple, logons hang as soon as the user ID is entered.  I am never prompted for a password, it just hangs.  Here is the log entry from pam debug, which repeats every 5 seconds:  Apr  7 10:44:56 ldapclient01 sshd[15281]: [ID 293258 auth.warning] libsldap: Status: 81  Mesg: openConnection: simple bind failed - Can't contact LDAP server Apr  7 10:44:56 ldapclient01 sshd[15281]: [ID 545954 auth.error] libsldap: makeConnection: failed to open connection to DomainDnsZones.EXAMPLE.COM  Anyone know what I might have done wrong, or how to troubleshoot further.  I thought that if ldapsearch worked, ldap authentication would as well.  Here is the ldapsearch command that is successful.  ldapsearch -v -h -p 636 -D cn=solarisldap,ou=unix,dc=example,dc=com -w ********** -Z -P /var/ldap/cert8.db -b ou=users,dc=example,dc=com -s sub cn=*  Here is the ldapclient command I run, to setup for tls:simple  ldapclient manual -a credentialLevel=proxy -a authenticationMethod=tls:simple -a certificatePath=/var/ldap -a proxyDN="CN=solarisldap,OU=UNIX,dc=example,dc=com" -a proxyPassword="********" -a defaultSearchBase=dc=example,dc=com -a -a "preferredServerList=" -a "defaultServerList=" -a serviceAuthenticationMethod=pam_ldap:tls:simple -a attributeMap=group:userpassword=msSFU30Password -a attributeMap=group:memberuid=msSFU30MemberUid -a attributeMap=group:gidnumber=msSFU30GidNumber -a attributeMap=passwd:gecos=msSFU30Gecos -a attributeMap=passwd:gidnumber=msSFU30GidNumber -a attributeMap=passwd:uidnumber=msSFU30UidNumber -a attributeMap=passwd:uid=sAMAccountName -a attributeMap=passwd:homedirectory=msSFU30HomeDirectory -a attributeMap=passwd:loginshell=msSFU30LoginShell -a attributeMap=shadow:shadowflag=msSFU30ShadowFlag -a attributeMap=shadow:userpassword=msSFU30Password -a attributeMap=shadow:uid=sAMAAccountName -a objectClassMap=group:posixGroup=group -a objectClassMap=passwd:posixAccount=user -a objectClassMap=shadow:shadowAccount=user -a serviceSearchDescriptor=passwd:dc=dc=example,dc=com?sub -a serviceSearchDescriptor=group:dc=dc=example,dc=com?sub  Thanks in advance for any assistance...

Hi,  There's a forum dedicated to Sun LDAP: do a search for SSL from that forum.  A lot of discussion on SSL and LDAP.  HTH, John

Thanks, I'm on my way.

Related Links

visibility of existing patches rolled into new release
SMC 2.1 Solaris 10
How do I use pkgadd so I can load Solaris 10 patches
mdi_pi_disable during boot
Solaris 10 - Patch problems
Machine crashed - Unexpected failure in ELF signature verification.
Problem initializing on Solaris 10 with SAP NW2004s.
A crash issue
Can't Create Users in /home
Adobe Reader 8.
SVM problem.
"ps -eaf | grep" is not behaving as desired
Solaris 9/10 Installation
system hang on shutdown when issuing "init 6" or "shutdown -i6 -g0 -y"
Check Battary Status