Solaris 10 LDAP client with TLS authenticated simple bind
/var/ldap/ldap_client_file
needs to contain:
NS_LDAP_AUTH= tls:simple NS_LDAP_CREDENTIAL_LEVEL= proxy
/var/ldap/ldap_client_cred
needs to contain:
NS_LDAP_BINDDN=NS_LDAP_BINDPASSWD= NS_LDAP_HOST_CERTPATH=
And here’s the non-obvious (and most important) step. You need to set up the above-referenced certificate store. Assuming your CA certificate is in /etc/sfw/openssl/certs/ca.crt
and you set NS_LDAP_HOST_CERTPATH= /var/ldap
(which is actually the default location), you need to do this:
# certutil -A -a -i /etc/sfw/openssl/certs/ca.crt -n RootCA -t CT -d /var/ldap