Categories

JAVA DATEBASE
Technology Network Community
Oracle Database
Fusion Middleware
Development Tools
Java
Desktop
Server & Storage Systems
Enterprise Management
Berkeley DB Family
Cloud Computing
Big Data
Business Intelligence
Architecture
Migration and Modernization
E-Business Suite
Siebel
PeopleSoft Enterprise
JD Edwards World
Industries
JD Edwards EnterpriseOne
User Productivity Kit Pro (UPK) and Tutor
Governance, Risk & Compliance (GRC)
Master Data Management (MDM)
Oracle CRM On Demand
On Demand: SaaS and Managed Applications
AutoVue Enterprise Visualization
Primavera
ATG
Agile PLM
Endeca Experience Management
Fusion Applications
Archived Forums

 



Tags

Solaris 10


ldap over ssl help please


I'm trying to implement Active Directory authentication/authorization over SSL.  I have this all working fine without SSL, and am now just trying to make things secure.  What has me baffled is that I can do an ldapsearch using SSL with the certs I've installed, over port 636.  For some reason if configure ldapclient to use tls:simple, logons hang as soon as the user ID is entered.  I am never prompted for a password, it just hangs.  Here is the log entry from pam debug, which repeats every 5 seconds:  Apr  7 10:44:56 ldapclient01 sshd[15281]: [ID 293258 auth.warning] libsldap: Status: 81  Mesg: openConnection: simple bind failed - Can't contact LDAP server Apr  7 10:44:56 ldapclient01 sshd[15281]: [ID 545954 auth.error] libsldap: makeConnection: failed to open connection to DomainDnsZones.EXAMPLE.COM  Anyone know what I might have done wrong, or how to troubleshoot further.  I thought that if ldapsearch worked, ldap authentication would as well.  Here is the ldapsearch command that is successful.  ldapsearch -v -h ldapserver.example.com -p 636 -D cn=solarisldap,ou=unix,dc=example,dc=com -w ********** -Z -P /var/ldap/cert8.db -b ou=users,dc=example,dc=com -s sub cn=*  Here is the ldapclient command I run, to setup for tls:simple  ldapclient manual -a credentialLevel=proxy -a authenticationMethod=tls:simple -a certificatePath=/var/ldap -a proxyDN="CN=solarisldap,OU=UNIX,dc=example,dc=com" -a proxyPassword="********" -a defaultSearchBase=dc=example,dc=com -a domainName=example.com -a "preferredServerList=192.168.240.21" -a "defaultServerList=192.168.240.21 192.168.240.25" -a serviceAuthenticationMethod=pam_ldap:tls:simple -a attributeMap=group:userpassword=msSFU30Password -a attributeMap=group:memberuid=msSFU30MemberUid -a attributeMap=group:gidnumber=msSFU30GidNumber -a attributeMap=passwd:gecos=msSFU30Gecos -a attributeMap=passwd:gidnumber=msSFU30GidNumber -a attributeMap=passwd:uidnumber=msSFU30UidNumber -a attributeMap=passwd:uid=sAMAccountName -a attributeMap=passwd:homedirectory=msSFU30HomeDirectory -a attributeMap=passwd:loginshell=msSFU30LoginShell -a attributeMap=shadow:shadowflag=msSFU30ShadowFlag -a attributeMap=shadow:userpassword=msSFU30Password -a attributeMap=shadow:uid=sAMAAccountName -a objectClassMap=group:posixGroup=group -a objectClassMap=passwd:posixAccount=user -a objectClassMap=shadow:shadowAccount=user -a serviceSearchDescriptor=passwd:dc=dc=example,dc=com?sub -a serviceSearchDescriptor=group:dc=dc=example,dc=com?sub  Thanks in advance for any assistance...

Hi,  There's a forum dedicated to Sun LDAP:  http://forum.java.sun.com/forum.jspa?forumID=761 do a search for SSL from that forum.  A lot of discussion on SSL and LDAP.  HTH, John

Thanks, I'm on my way.


Related Links

visibility of existing patches rolled into new release
SMC 2.1 Solaris 10
How do I use pkgadd so I can load Solaris 10 patches
mdi_pi_disable during boot
Solaris 10 - Patch problems
Machine crashed - Unexpected failure in ELF signature verification.
Problem initializing libsapsecu.so on Solaris 10 with SAP NW2004s.
A crash issue
Can't Create Users in /home
iscsiadm
Adobe Reader 8.
SVM problem.
"ps -eaf | grep test.sh" is not behaving as desired
Solaris 9/10 Installation
system hang on shutdown when issuing "init 6" or "shutdown -i6 -g0 -y"
Check Battary Status