2008-05-03

Solaris 10 LDAP client with TLS authenticated simple bind

Filed under: Geekiness — iain @ 18:39:37

/var/ldap/ldap_client_file needs to contain:

    NS_LDAP_AUTH= tls:simple
    NS_LDAP_CREDENTIAL_LEVEL= proxy

/var/ldap/ldap_client_cred needs to contain:

    NS_LDAP_BINDDN= 
    NS_LDAP_BINDPASSWD= 
    NS_LDAP_HOST_CERTPATH= 

And here’s the non-obvious (and most important) step. You need to set up the above-referenced certificate store. Assuming your CA certificate is in /etc/sfw/openssl/certs/ca.crt and you set NS_LDAP_HOST_CERTPATH= /var/ldap (which is actually the default location), you need to do this:

    # certutil -A -a -i /etc/sfw/openssl/certs/ca.crt -n RootCA -t CT -d /var/ldap

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

You must be logged in to post a comment.

Powered by WordPress