Thank you, Michael. I've just about given up on solaris 10 ssl and the utilities that come with it. It simply DOES. NOT. WORK. I will give your directions a try. Thanks again in advance. --- Michael Montgomery <mmontgomery at theplanet.com> wrote: > I'm really not sure if this will help, but here are the full > instructions I used to get this working on a clean solaris 9 install (I > haven't given it a shot on solaris 10 yet) > > Download the nspr, and nss packages for Solaris 9 here > (http://sourceforge.net/project/showfiles.php?group_id=19386) > and install them. > > Get Sun one Resource Kit here: > http://www.sun.com/download/products.xml?id=3f74a0db > And install it. > > Next run this command to setup your certificate database: > > # LD_LIBRARY_PATH=/usr/lib:/usr/local/lib ; export LD_LIBRARY_PATH > # /opt/sunone/lib/nss/bin/certutil -N -d /var/ldap > > Add hosts entry to /etc/hosts for Ldap server, ** matching the > certificate name ** (in my case, server-cert). > You'll get this error, which will let you know the name you need to put > in /etc/hosts: (I couldn't 'pull' it from the cert in any way) > > Feb 15 13:31:28 unknown sendmail[2061]: libldap: CERT_VerifyCertName: > cert server name 'server-cert' does not match 'corporate-ds': SSL > connection denied > > Get CA cert from directory using these commands: > > [root at corporate-ds alias]# pwd > /opt/fedora-ds/alias > [root at corporate-ds alias]# ../shared/bin/certutil -L -d . -n "CA > certificate" -r > /root/cert.der > > Copy it to the solaris server, and import it with this: > > # /opt/sunone/lib/nss/bin/certutil -A -n "CA certificate" -i > /export/home/mmont/cert.der -t "CTu,u,u" -d /var/ldap/ > Run this command to set ldap client settings on the machine: > > # ldapclient -v manual -a authenticationMethod=tls:simple -a > credentialLevel=proxy \ > -a defaultSearchBase="dc=inside,dc=yourdomain,dc=com" \ > -a domainName=yourdomain.com -a followReferrals=false \ > -a serviceSearchDescriptor="netgroup: > ou=netgroup,dc=inside,dc=yourdomain,dc=com" \ > -a preferredServerList=10.5.1.18 -a > serviceAuthenticationMethod=pam_ldap:tls:simple \ > -a proxyPassword=blahblahblah -a > proxyDn=cn=proxyagent,ou=profile,dc=inside,dc=yourdomain,dc=com > > Restart ldap.client: > > # /etc/init.d/ldap.client stop ; sleep 2 ; /etc/init.d/ldap.client start > > That should do it. Test settings with id, getent, or ldaplist: (You must > be root, or sudo to use ldaplist) > > # ldaplist -l passwd yournamehere > (This should list your entry in the ldap dir) > > I hope this helps someone, and I'm sure I'll attempt to get solaris 10 > working at some point soon. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
