Re: Connect Solaris ldapclient to a Oracle internet directory

From: denis <Denis.Nicklas_at_googlemail.com>
Date: Mon, 14 Jul 2008 01:39:53 -0700 (PDT)
Message-ID: <23c6d47d-52d2-49a8-a5c1-063e35fff0a5@m44g2000hsc.googlegroups.com>

On 3 Jul., 19:27, "Neal A. Lucier" <nluc..._at_math.purdue.edu> wrote:

> Denis wrote:
> > Now I would like to use SSL. The Solaris client needs PKCS12 formated
> > key.db files. My problem is to get this keys in the right format.
>
> On Solaris 10 if you have the CA certificate that signed your LDAP server's
> certificate and it is base64 encoded then the following commands will create the
> certificate database, import the certificate, and list the contents of the
> database, see
>
> http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
>
> /usr/sfw/bin/certutil -N -d /var/ldap
>
> # the following command is all one line
> /usr/sfw/bin/certutil -A -d /var/ldap -n name_of_cert_in_db -t C,, -a -i
> /path/to/cert/cert.txt
>
> /usr/sfw/bin/certutil -L -d /var/ldap
>
> Neal

Sad but true i am still fighting against SSL. The problem:
libsldap: Status: 7 Mesg: Session error no available conn. libsldap: Status: 81 Mesg: openConnection: simple bind failed - Can't contact LDAP server

I tried ldapsearch and -list

/usr/sfw/bin/certutil -L -d /var/ldap/

testserver                                           CT,C,c
prodserver                                          CT,C,c
CA                                                    CT,,

snoop:
                                    LDAP:        *[LDAPMessage]
LDAP:                                           [Message ID]
LDAP:                                          Operation *[APPL 4:
Search ResEntry]
LDAP:                                              [Object Name]
LDAP:                                             *[Partial
Attributes]
LDAP:                                                *[Attribute]
LDAP:                                                    [Type]

LDAP:
supportedco
LDAP:
ntrol

LDAP:                                                   *[Vals]

LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113730.
LDAP:
3.4.2
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.1
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.2
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.3
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.4
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.5
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.6
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.7
LDAP:
[Value]

LDAP:
1.2.840.1
LDAP:
13556.1.4

LDAP:                                                                          .

473
LDAP:
[Value]

LDAP:
1.2.840.1
LDAP:
13556.1.4

LDAP:                                                                          .

319
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.14
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.16
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.23
LDAP:
[Value]

LDAP:
2.16.840.
LDAP:
1.113894.
LDAP:
1.8.29

LDAP:                                                *[Attribute]
LDAP:                                                    [Type]

LDAP:
supportedsa
LDAP:
slmechanism
LDAP:
s

LDAP:                                                   *[Vals]

LDAP:
[Value]

LDAP:
DIGEST-MD
LDAP:
5

LDAP:                                      LDAP:
*[LDAPMessage]
LDAP:                                           [Message ID]
LDAP:                                          Operation *[APPL 5:
Search ResDone]
LDAP:                                              [Result Code]
LDAP:                                               Success
LDAP:                                              [Matched DN]
LDAP:                                              [Error Message]

LDAP:
TCP: Destination port = 389 (LDAP)

LDAP:  ----- LDAP:   -----
LDAP:
LDAP:  ""
LDAP:

TCP: Destination port = 389 (LDAP)
LDAP: ----- Lightweight Directory Access Protocol Header -----

                                    LDAP:        *[LDAPMessage]
LDAP:                                           [Message ID]
LDAP:                                          Operation  [APPL 2:

Unbind Request]

ldapclient
NS_LDAP_AUTH= tls:simple

I found out that there are some issues arround LDAP and SSL under Solaris:
http://www.mail-archive.com/fedora-directory-users@redhat.com/msg02100.html Received on Mon Jul 14 2008 - 03:39:53 CDT

This message: [ Message body ]
Next message: denis: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Previous message: DA Morgan: "Re: Is 11g ready for Production....?"
In reply to: Neal A. Lucier: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Next in thread: denis: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Reply: denis: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Reply: Chris Ridd: "Re: Connect Solaris ldapclient to a Oracle internet directory"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message