Solaris 10′s native LDAP client and an OpenLDAP server
After plenty of hours of trying to figure out why it was that Sun’s native LDAP client wouldn’t talk to my OpenLDAP server I decided to call support. I had been through just about every Google result I could read and still got nowhere.
It turns out that when you use the native client you’re required to make some security concessions. The LDAP client’s config files exist only to tell it what server to initially try to connect to. The server it initially connects to MUST allow non-TLS queries to get some session information from the directory. The session information has to be in a specific form, and contain specific information.
I don’t have time for a proper tutorial right now, but I will post the document Sun sent to me.
Using Sun’s native LDAP client or OpenLDAP’s client to query an OpenLDAP server on Solaris 10
July 30th, 2009 at 6:45 am
There’s a million tutorials already at http://wikis.sun.com.
July 30th, 2009 at 7:53 am
That’s wonderful. This is a good tutorial. As I said I’d been through plenty of them and this was the first that had all the necessary detail.
As for writing a tutorial… I figured I may write one that’s geared toward people who aren’t familiar with these resources and just want a result on Google to work.
I have to ask… If you’re an ‘ldapguru’, why are you searching for help on LDAP ?
August 24th, 2009 at 10:42 am
I too have been banging my head against documentation shortfalls working to get Solaris 10′s native LDAP client online (in my case with OpenDS). On the first page of your attachment are insights that I can find no where else in Sun’s LDAP docs and wikis (referencing needed mechanism for NSS authentication requiring DNS ). The hard coding of several LDAP configuration variables in Solaris became evident after reading Warren Strange’s and Barbara Joyes Sun blogs on OpenDS furstration resolution and the related OpenSolaris OpenDS configuration docs and OpenDS wiki. I have never worked a Solaris issue so tied to Sun’s commercial product that the default installation command assumes installation of same and thus the beginnings of our headaches… Thanks much!!!
March 18th, 2010 at 12:01 pm
U can see the error below
# 1.
bash-3.00# su mandar
solaris-test% bash-3.00# ssh
bash-3.00# su mandar
solaris-test% ls
Desktop dev lib proc tmp
Documents devices lost+found ro usr
TT_DB etc mnt sbin var
bin export net sshd_config.org vol
boot hgfs noautoshutdown system
cdrom home opt temp
centrify kernel platform test.txt
# 2.
solaris-test% bash-3.00# ssh mandar@localhost
Password:
Password:
Password:
Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).
On the second part iam not able to login .
please suggest
March 19th, 2010 at 7:26 am
I wish I could help more than simply saying to start over, but it was what I had to do about 5 times before I got it right.
It’s also been so long that I’m not sure at all about the problem you’re having, specifically.
Have you restarted the SSH service?
Watch the LDAP server’s logs to see if the SSH service is even making LDAP queries.
If it is, make sure that the queries look right.