Thanks everyone for all of your help. I just got it working, and the : Dec 20 12:22:17 solarisldap nscd[2377]: libldap: CERT_VerifyCertName: cert server name 'server-cert' does not match 'ldapserver': SSL connection denied Issue was simply an /etc/hosts problem. Once I looked closely at the CA, and server cert, and didn't notice "ldapserver", I though it must be nsswitch/hosts issues. I found the problem in /etc/hosts, corrected it, re-ran ldapclient, and hallelujah, it works: # id mmontgomery uid=1000(mmontgomery) gid=10000(UnixIS) Thanks, once again, for all of your help in getting this working. Have a good day. On Tue, 2005-12-20 at 13:27 -0500, Jamie McKnight wrote: > On Tue, 2005-12-20 at 12:06 -0600, Michael Montgomery wrote: > > Thanks for the info... but > > > > I don't have netscape installed on this solaris server, so i can't use > > it to create the db. I found a certutil package that seems to create > > old db files here: > > > > http://www.gurulabs.com/goodies/downloads.php > > > > I guess I could install a really old version of netscape on my desktop > > machine, and use it, but is there an easier way to go about this, as > > trying to import the server cert gives this: > > > > bash-3.00# /usr/local/bin/certutil -A -n "CA certificate" > > -i /root/cert.crt -t > > "CTu,u,u" > > certutil: could not obtain certificate from file: Failure to load > > dynamic library. > > George Holbert's reply has some links you might try. I think that if > you use the "Install Everything + OEM" aka SUNWCXall installation option > for Solaris 9, you should also have the sunone directory server software > installed. It might (can't remember for sure at the moment) have a > certutil you can use. grep certutil /var/sadm/install/contents would > tell you for sure. > > I have also noticed that certutil is picky about where it runs, and > needs a library in cwd when you run it in some instances (seen this with > SunOne Directory Server 5.2 running under linux, look at the > ~dsroot/alias dir as it has a .so lib there for certutil IIRC). > > Good luck. If you have any issues once getting it in cert7.db format > with your SSL connections just shout. At my day job, I currently have > 300+ Solaris 8/Solaris 9 servers running in tls:simple mode. > > > > > > Thanks again for any help you can offer. > > No problem. Sorry for being short on the first email (and thanks George > for covering my lack of additional info), was short on time, and wanted > to get the info about cert7.db out. > > Jamie > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Michael Montgomery Systems Administrator http://theplanet.com
