Re: Connect Solaris ldapclient to a Oracle internet directory

From: Shakespeare <>
Date: Mon, 23 Jun 2008 20:37:01 +0200
Message-ID: <485fed52$0$14358$>

"denis" <> schreef in bericht On 19 Jun., 16:07, Chris Ridd <> wrote:
> On 2008-06-18 15:28:01 +0100, denis <> said:
> > As far as I know the native Solaris ldap client doesn't have this
> > commands.
> > I found only:
> > ldapadd ldapaddent ldapclient ldapdelete ldaplist
> > ldapmodify ldapmodrdn ldapsearch
> You should first test whether NSS is working against your Oracle
> directory - test using tools like id. The ldaplist tool is specific to
> NSS as well, and a useful test tool.
> Once you're happy all that's working, *then* go and fight PAM. If
> memory serves, the objectclasses present on directory entries is
> important for pam_ldap.
> Cheers,
> Chris

Thanks for all your answers.

Here is an intermediate state:
Thanks to shakespeare I found the Oracle® Authentication Services for Operating Systems Administrator’s Guide. In which I have learned that oracle provides client setup scripts ( I trying to find a test environment. I will post the results.

According to Chris' advice I got ldaplist up and running but not id. The Sol version I am using is 10.
NS_LDAP_SERVICE_AUTH_METHOD is added by using the ldapclient -v mod - a "serviceSearchDescriptor=..." command

I found another very interesting thread:

At the Moment I get the following error:

Jun 23 12:02:46 sun1 sshd[10553]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd-kbdint user1), flags = 0 Jun 23 12:02:46 sun1 sshd[10553]: [ID 647000 auth.debug] ldap pam_sm_authenticate(sshd-kbdint user1), AUTHTOK not set Jun 23 12:03:10 sun1 sshd[10553]: [ID 800047] Keyboardinteractive  (PAM) userauth failed[9] while authenticating: Authentication failed



thanks for your update. I look forward to a follow up with the success formula!

Shakespeare Received on Mon Jun 23 2008 - 13:37:01 CDT

Original text of this message