[OmniOS-discuss] ldap auth
Ian Kaufman
ikaufman at eng.ucsd.edu
Thu Sep 5 17:01:15 UTC 2013
Quick question - are you restricting it to ONLY TLS/SSL LDAP over port
636, essentially shutting down port 389 communication? I beat my head
against the wall back in Solaris 10 as well. Apparently, the LDAP
cache manager needs to communicate over 389. What I finally resorted
to was installing OpenLDAP and setting up my Solaris 10 systems as
read only LDAP slaves, and then used the native LDAP client to talk to
the local OpenLDAP server over port 389 using the loopback interface.
Ian
On Thu, Sep 5, 2013 at 2:44 AM, Thierry Bingen <tbingen at homeshore.be> wrote:
> On Tue, 03 Sep 2013 12:17:07 -0700, Paul B. Henson kindly answered:
>
>> On 9/2/2013 7:17 AM, Thierry Bingen wrote:
>>
>>> Suffering from exactly the same problem (LDAP bind failing after upgrading from r151004 to r151006), I tried your recipe; my /etc/default/init now contains:
>>>
>>> TZ="Europe/Brussels"
>>> CMASK=022
>>> NSS_HASH_ALG_SUPPORT=+MD5
>>>
>>> but it did not make any difference after reboot, e.g.:
>>>
>>> # ldapsearch -h ldap.xxx.net -p 636 -Z -v -P /var/ldap/cert8.db -D "cn=Directory Manager" -b "dc=xxx,dc=net" "cn=Thierry Bingen"
>>> ldapsearch: started Mon Sep 2 15:29:40 2013 ldap_init( ldap.xxx.net, 636 )
>>> ldap_simple_bind: Can't contact LDAP server
>>
>>
>> If you run "echo $NSS_HASH_ALG_SUPPORT", is the environment variable set in the shell from which you are initiating the ldapsearch?
>
>
> Oops, I should have checked this and, indeed:
>
> root at lataie:~# echo $NSS_HASH_ALG_SUPPORT
> [nothing]
>
> hence I did
> root at lataie:~# export NSS_HASH_ALG_SUPPORT=+MD5
> root at lataie:~# echo $NSS_HASH_ALG_SUPPORT
> +MD5
>
> However, my ldapsearch command still fails just the same...
>
> By the way, I forgot to mention that I snooped the packets arriving on the LDAP server and they get there without any problem.
>
>> If you run "pargs -e <pid>" on the LDAP cache manager or name service cache process, does the environment variable show up?
>
> The ldap_cachemgr daemon fails to start for the same reason. (The truth is that this failure is my REAL problem; I used the ldapsearch example to shorten the explanation of the situation...)
>
> T.
> _______________________________________________
> OmniOS-discuss mailing list
> OmniOS-discuss at lists.omniti.com
> http://lists.omniti.com/mailman/listinfo/omnios-discuss
--
Ian Kaufman
Research Systems Administrator
UC San Diego, Jacobs School of Engineering ikaufman AT ucsd DOT edu
More information about the OmniOS-discuss
mailing list