All Rights Reserved. They all use SSL for authentification with the CA Cert file cacert.pem, which I put into /etc/ssl/certs/. All rights reserved. # # PAM configuration # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # auth definitive pam_user_policy.so.1 auth requisite Its almost as ldapclient does not resolv the hostname, just assumes its an IP and goes for it :/ Remove advertisements Sponsored Links lufen View Public Profile Find all posts by this content
btw, I also imported the server cert, just in case (didn't do anything) -bash-3.00# /usr/sfw/bin/certutil -L -d . Note: ldap Indixing has been done and the patches have been applied as per the support article.Env: Solaris 8TS 6.1iPlante LDAPThanksPrem Pratick Kumar Report Inappropriate Content Message 1 of 3 (130 Cheers, Farhan -- From: [email protected]: [email protected]: RE: Solaris 10 Native LDAP Client TLSDate: Mon, 17 Mar 2008 13:01:56 +0000 Hi Guys,I have Some details of my setup: Results of DS search issued from client: myclient-root: /var/ldap:143)-> ldapsearch -h myserver -D "cn=pr oxyagent,ou=profile,dc=example,dc=com" -w (removed) -b ou=profile,dc =example,dc=com objectclass=\* version: 1 dn: ou=profile,dc=example,dc=com ou: https://community.oracle.com/thread/1940775
the client will repeatedly fetch that profile according to the NS_LDAP_CACHETTL parameter. I initialize the Solaris 10 client with the following command : ldapclient -v init -a proxypassword=password -a proxydn=cn=smsproxy,ou=profile,dc=test,dc=ldap -a profilename=default -a domainname=test.ldap 10.1.1.29 In ldapclien manual it says when using TLS I have create the keys and cert's and everything. Please help meStill no luck with LDAP native client on Solaris 9.
One other possibility is that the client cannot resolve the IP to the FQDN (try "# getent 10.41.80.58" and verify it is a FQDN... Get Sun one Resource Kit here: http://www.sun.com/download/products.xml?id=3f74a0db And install it. Show 8 replies 1. Error: Unable To Update From Profile I install the DSEE 6.3.1 on Solaris 10 on Sparc from native packages.
Steps to perform unconfigure client: # ldapclient -v uninit Fix /etc/nsswitch.conf and verify # getent hosts 10.31.0.26 10.31.0.26 ds1-int.services.el.campus.intern Manually add client: # ldapclient -v manual -a domainName=el.campus.intern \ -a defaultSearchBase=dc=el,dc=campus,dc=intern Libsldap: Makeconnection: Failed To Open Connection Any help would be appreciated. They work fine with the authetification method simple. you could try here I got it all functional without TLS.
It looks like there was a sort of name resolution problem but all the names exist in the /etc/hosts file and nsswitch.conf configured to look at files. Libsldap Status 2 Mesg Unable To Load Configuration Var Ldap Ldap_client_file Add Solaris 9 to LDAP Stop nscd and LDAP client # /etc/init.d/nscd stop # /etc/init.d/ldap.client stop Put the keys into /var/ldap folder and correct file rights. # cp /export/home/wizard/Library/ldap/Solaris9/cert7.db \ /export/home/wizard/Library/ldap/Solaris9/key3.db Re: Problem on Solaris 10 Native ldap client. 807567 Jun 23, 2010 12:51 PM (in response to 807567) Hi, We've the same problem but the ldapclient command with the proxyagent as Tired of spam?
May 18 09:06:55 eris ldap_cachemgr: [ID 186574 daemon.error] Error: Unable to refresh profile:default: Session error no available conn. Test settings with id, getent, or ldaplist: (You must be root, or sudo to use ldaplist) # ldaplist -l passwd yournamehere (This should list your entry in the ldap dir) I Ldaplist Session Error No Available Conn Subscribe to our monthly newsletter for tech news and trends Membership How it Works Gigs Live Careers Plans and Pricing For Business Become an Expert Resource Center About Us Who We Error: Unable To Refresh Profile::session Error No Available Conn Feb 16 17:19:12 unknown ldap_cachemgr: [ID 186574 daemon.error] Error: Unable to refresh profile:default: Session error no available conn. -bash-3.00# ldaplist ldaplist: Object not found (Session error no available conn.) -bash-3.00# ldapclient
More discussions in Systems Networking All PlacesOracle CommunityArchived ForumsSystems Management Tasks Archived ForumsSystems Networking This discussion is archived 8 Replies Latest reply on Jun 26, 2010 10:39 AM by dcminter Problem news Join our community for more solutions or to ask questions. Register Lost Password? Step 1: Put keys and certs in place LDAP client will use the key- and certificate stores from /var/ldap to verify the server validity. Libsldap: Could Not Remove From Servers List
When examning the slapd logfiles it appears that the client doesn't even try to connect. Mail has the best spam protection around http://mail.yahoo.com Next Message by Thread: Re: solaris 10 SSL connections I'm really not sure if this will help, but here are the full instructions Sun Apr 29 10:40:55.4969 Error: Unable to update from profile Sun Apr 29 22:40:55.5163 Error: Unable to refresh profile:tls_profile:Session error no available conn. have a peek at these guys I have an OpenLDAP server running serving my client with namings services.
Now I initialize the client with ldapclient command : # ldapclient -v init -a proxypassword=password -a proxydn=cn=proxyagent,ou=profile,dc=test,dc=ldap -a domainname=test.ldap -a certificatePath=/var/ldap 10.1.1.28 success... Troubleshooting Solaris 10 Solaris 9 User Process cannot access /var/ldap/ldap_client_file Since user process can not acces /var/ldap/ldap_client_file directly due to file rights (which is correct), make sure nscd is working # This profile is stored in ldap under: cn=default.tls,ou=profile,….
If I use IP addresses ldapclient init is OK but ldaplist, If I use hostname then ldapclient init fails. Now, I export my server certificate from ldap server with the following command : # /opt/SUNWdsee/ds6/bin/dsadm export-cert -o /tmp/server-certificate /space/DS/ds1 defaultCert I copy this certificate to the client machine and before This is NOT the way to be used for normal host in the EL environment. Remove advertisements Sponsored Links jlliagre View Public Profile Find all posts by jlliagre #5 05-20-2010 niyazi Registered User Join Date: Apr 2010 Last Activity: 15 June 2012, 4:05
Have you had any success in solving it? Anyone got a clue to why? //Linus 0 Question by:mannie Facebook Twitter LinkedIn Google LVL 38 Best Solution byyuzh Check your setup against this "OpenLDAP SSL/TLS How-To" http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html And have a I am using Solaris 10 with the latest recommended patches applied. check my blog after certificate is ok, then ldapearch works fine over secure port.
With the sun solaris 9 Clients I have problems. Unix OS Advertise Here 794 members asked questions and received personalized solutions in the past 7 days. to use ds1-int (primary master): # ldapclient -v mod -a defaultServerList=10.31.0.26 to use ds2-int (secondary master): # ldapclient -v mod -a defaultServerList=10.31.0.27 to use both # ldapclient -v mod -a defaultServerList="10.31.0.26 They must return ds1-int.services.el.campus.intern and ds2-int.services.campus.intern # getent hosts 10.31.0.26 10.31.0.26 ds1-int.services.el.campus.intern # getent hosts 10.31.0.27 10.31.0.27 ds2-int.services.el.campus.intern DMZ Test connection and certificates using ldapsearch: # ldapsearch -h 220.127.116.11 -p 636
Mail has the best spam protection around http://mail.yahoo.com Next Message by Date: Build error Hi! The "ldap_gen_profile" command will generate a profile in LDIF format, so that you can upload that to the server.Solutions:1) 'sshd' account in /etc/passwd, please read the OpenSSH HOWTO for Sol8 on Thx for your help... Thanks, Shalom Message was edited by: shalomG 6963Views Tags: none (add) This content has been marked as final.
Covered by US Patent. slapd will display the SSL error codes associated with your connection attempts, which you can google to match to a text description. i.e., is the certificate subject "cn=cnyitlin02.company.com,o=company..." If so, you must also use the fully-qualified name in your client config, e.g.: NS_LDAP_SERVERS= cnyitlin02.company.com instead of: NS_LDAP_SERVERS= cnyitlin02 If not, might be the