Re: Connect Solaris ldapclient to a Oracle internet directory

From: Chris Ridd <chrisridd_at_mac.com>
Date: Thu, 3 Jul 2008 11:56:36 +0100
Message-ID: <6d3pj4Fmig1U1@mid.individual.net>

On 2008-07-03 10:00:22 +0100, Denis <Denis.Nicklas_at_googlemail.com> said:

> ldapclient connects to the OID. Yippi :-)
> It was a combination between nsswich.conf pam.conf and ldapclient.
> Thanks for all your help so far.
>
> I have found some more good resources:
> http://www.sun.com/bigadmin/features/articles/nis_ldap_part2.jsp
> http://blogs.sun.com/jo/entry/sun_directory_server_6_x
>
> Now I would like to use SSL. The Solaris client needs PKCS12 formated
> key.db files. My problem is to get this keys in the right format.

You need Sun's directory server resource kit, which includes the "certutil" tool which will sort all this stuff out for you. I had to do something like this:

# LD_LIBRARY_PATH=/opt/dsrk52/lib:/opt/dsrk52/lib/nss/lib
# export LD_LIBRARY_PATH
# /opt/dsrk52/lib/nss/bin/certutil –A –n "My CA" -t "TCu,Cu,Tuw" -d

/tmp –i ~/myca.crt

Test with Sun's ldapsearch program using LDAPS and the files generated in /tmp:

/usr/bin/ldapsearch –h ldap.isode.com –Z –b "" -s base –P /tmp "(objectclass=*)"

Then, copy the cert7.db and key3.db files from /tmp into /var/ldap and chmod them to 0444.

Cheers,

Chris Received on Thu Jul 03 2008 - 05:56:36 CDT

This message: [ Message body ]
Next message: Chris Ridd: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Previous message: jstuglik: "Re: What are ORA$AT_OS_OPT_SY_665 like 11g jobs?"
In reply to: Denis: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Next in thread: Chris Ridd: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Reply: Chris Ridd: "Re: Connect Solaris ldapclient to a Oracle internet directory"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message