Re: Connect Solaris ldapclient to a Oracle internet directory

From: Shakespeare <whatsin_at_xs4all.nl>
Date: Mon, 23 Jun 2008 20:37:01 +0200
Message-ID: <485fed52$0$14358$e4fe514c@news.xs4all.nl>

"denis" <Denis.Nicklas_at_googlemail.com> schreef in bericht news:dcd6d005-36cb-4488-8d28-dfd853a9bbd4_at_t54g2000hsg.googlegroups.com... On 19 Jun., 16:07, Chris Ridd <chrisr..._at_mac.com> wrote:
> On 2008-06-18 15:28:01 +0100, denis <Denis.Nick..._at_googlemail.com> said:
>
> > As far as I know the native Solaris ldap client doesn't have this
> > commands.
> > I found only:
> > ldapadd ldapaddent ldapclient ldapdelete ldaplist
> > ldapmodify ldapmodrdn ldapsearch
>
> You should first test whether NSS is working against your Oracle
> directory - test using tools like id. The ldaplist tool is specific to
> NSS as well, and a useful test tool.
>
> Once you're happy all that's working, *then* go and fight PAM. If
> memory serves, the objectclasses present on directory entries is
> important for pam_ldap.
>
> Cheers,
>
> Chris

Thanks for all your answers.

Here is an intermediate state:
Thanks to shakespeare I found the Oracle® Authentication Services for Operating Systems Administrator’s Guide. In which I have learned that oracle provides client setup scripts (sslConfig_OIDclient.sh). I trying to find a test environment. I will post the results.

According to Chris' advice I got ldaplist up and running but not id. The Sol version I am using is 10.
NS_LDAP_SERVICE_AUTH_METHOD is added by using the ldapclient -v mod - a "serviceSearchDescriptor=..." command

I found another very interesting thread: http://forum.java.sun.com/thread.jspa?threadID=5176398&messageID=9682137

At the Moment I get the following error:

Jun 23 12:02:46 sun1 sshd[10553]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd-kbdint user1), flags = 0 Jun 23 12:02:46 sun1 sshd[10553]: [ID 647000 auth.debug] ldap pam_sm_authenticate(sshd-kbdint user1), AUTHTOK not set Jun 23 12:03:10 sun1 sshd[10553]: [ID 800047 auth.info] Keyboardinteractive  (PAM) userauth failed[9] while authenticating: Authentication failed

Denis



Denis,

thanks for your update. I look forward to a follow up with the success formula!

Shakespeare Received on Mon Jun 23 2008 - 13:37:01 CDT

Original text of this message