Sorry for late reply. I tried configuring ldapclient manually but no luck. I guess am missing something. Below is what I have.
1) ldap server IP = a.b.c.d 2) uri - ldaps://ldap.xx.Mycompany.com 3) I have cert file to authenticate to server - /etc/ssl/certs/cert.pem On debian clients, below are the files where ldap works fine. Pls guide on how to configure ldap client on OpenIndiana. I dono where to specify the cert,etc. $ cat /etc/ldap/ldap.conf BASE dc=Mycompany,dc=com URI ldaps://ldap.xx.Mycompany.com TLS_CACERT /etc/ssl/certs/cert.pem $ cat /etc/nss-ldapd.conf uid nslcd gid nslcd base dc=Mycompany,dc=com uri ldaps://ldap.xx.Mycompany.com $ cat /etc/pam_ldap.conf base dc=Mycompany,dc=com uri ldaps://ldap.xx.Mycompany.com ldap_version 3 pam_password crypt On Sun, Dec 25, 2011 at 5:47 PM, Chris Ridd <[email protected]> wrote: > > On 25 Dec 2011, at 09:27, Ram Chander wrote: > > > Hi, > > > > I am trying to setup ldap client and authentication on OpenIndiana but > > no success. I searched on internet but couldnt get proper steps. > > Can someone pls provide detailed steps on how to setup the same and > which > > packages to install ? > > Is your directory server already running with all the right entries in? If > not, get that working first. > > Once the server's working, I have a shell script I run on each Solaris > client that sets up ldapclient in "manual" mode. Before running it make > sure your /etc/nsswitch.ldap file contains a good value for hosts. It'll > automatically get copied to /etc/nsswitch.conf by ldapclient. The shell > script just runs: > > ldapclient -v manual \ > -a defaultServerList=127.0.0.1 \ > -a defaultSearchBase=o=MyCompany \ > -a authenticationMethod=simple \ > -a proxyDN=cn=Dummy,ou=System,o=MyCompany \ > -a proxyPassword=dummy > > The last two "proxy" lines are necessary but not used. (A longstanding > upstream misfeature.) This sets up the client to do anonymous searches for > user/group/etc details. > > To test that config works, run things like /usr/bin/id and > /usr/bin/getent. You should find that data is being returned from your LDAP > server. It helps if you can set up some LDAP-only groups or something so > that testing shows something "obviously" from LDAP. If not, run "ldapclient > uninit", and try "ldapclient -v manual" again with different args. > > Setting up authentication is a little more fiddly. Don't start this until > you have ldapclient configured properly. > > You have to edit /etc/pam.conf and append "<service> auth required > pam_ldap.so.1" to each section. I think you also have to edit the previous > line to "<service> auth binding pam_unix_auth.so.1 server_policy", but I > don't have a stock OI pam.conf file to hand to check. > > Here's the section for the login service in mine: > > login auth requisite pam_authtok_get.so.1 > login auth required pam_dhkeys.so.1 > login auth required pam_unix_cred.so.1 > login auth binding pam_unix_auth.so.1 server_policy > login auth required pam_ldap.so.1 > > Changes to pam.conf take immediate effect. You may need to tweak > sshd_config as well. > > Cheers, > > Chris > > _______________________________________________ > OpenIndiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
