[SunHELP] ldap authentication on solaris 8 using ssl

EL KHOURY Marlène - 60.. ELKHOURY at eib.org
Wed Jun 19 06:11:54 CDT 2002 

Hi , i saw the procedure explaining how to authenticate using ldap instead
of NIS.
In fact , i am working to authenticate solaris 8 clients using iplanet
Directory server 5.1 with SSL.
i found a module from padl.com, to implement this solution (pam-ldap with
ssl) witch generate the rights libraries.
i installed Directory Server 5.1,  and enabled using ssl.
i want to use ldap only for client authentication only.
i added the objectclasses posixaccount, shadowaccount and posixgroup on ldap
schema.
on the client side :
i compiled the pam-ldap module , and made the modifications on /etc/pam.conf
to include pam-ldap.so.1
i created /etc/ldap.conf with the necessary informations to access to ldap
server.
and changed /etc/nsswithch.conf , by adding ldap on passwd and group lines.

do u have any idea on how to initialise my client?
i used a ldap-gen-profile, but when i am trying to add the profile in my
ldap directory , it is refused.
should i include solaris objectclass in my schema too???

using ldapclient -v -P default ip-serv-adress i have this error :
parsing -P
findDN begins
findDN:calling _ns_ldap_default_config
findDN rename /var/ldap/ldap-client_cred.orig , /var/ldap/ldap-client_cred
failed


or 'su' , i have pam_ldap: ldapssl-client-init unknown error.

if u have any idea concerning all that , it will be wellcome.

thx u for ur help.
Marlene El Khoury /SUN Luxembourg



--------------------------------------------------------------------

Les informations contenues dans ce message et/ou ses annexes sont
rserves  l'attention et  l'utilisation de leur destinataire et
peuvent tre confidentielles. Si vous n'tes pas destinataire de ce
message, vous tes informs que vous l'avez reu par erreur et que
toute utilisation en est interdite. Dans ce cas, vous tes pris de
le dtruire et d'en informer la Banque europenne d'investissement.

The information in this message and/or attachments is intended
solely for the attention and use of the named addressee and may be
confidential. If you are not the intended recipient, you are hereby
notified that you have received this transmittal in error and that
any use of it is prohibited. In such a case please delete this
message and kindly notify the European Investment Bank accordingly.

More information about the SunHELP mailing list