Re: Connect Solaris ldapclient to a Oracle internet directory
Date: Mon, 14 Jul 2008 18:49:58 +0100
On 2008-07-14 09:39:53 +0100, denis <Denis.Nicklas_at_googlemail.com> said:
> On 3 Jul., 19:27, "Neal A. Lucier" <nluc..._at_math.purdue.edu> wrote:
>> Denis wrote:
>>> Now I would like to use SSL. The Solaris client needs PKCS12 formated >>> key.db files. My problem is to get this keys in the right format.
>> On Solaris 10 if you have the CA certificate that signed your LDAP server's
>> certificate and it is base64 encoded then the following commands will
>> create the
>> certificate database, import the certificate, and list the contents of the
>> database, see
>> /usr/sfw/bin/certutil -N -d /var/ldap
>> # the following command is all one line
>> /usr/sfw/bin/certutil -A -d /var/ldap -n name_of_cert_in_db -t C,, -a -i
>> /usr/sfw/bin/certutil -L -d /var/ldap
> > Sad but true i am still fighting against SSL. > The problem: > libsldap: Status: 7 Mesg: Session error no available conn. > libsldap: Status: 81 Mesg: openConnection: simple bind failed - Can't > contact LDAP server
The posted snoop output is a bit hard to parse, but it looks like it is communicating with the server and reading the root DSE successfully. So I don't believe the "Can't contact LDAP server" error is true :-)
There are two ways to talk SSL to an LDAP server, and I'm not sure which you're trying to make work.
- Create an SSL connection to port 636, and talk LDAP over that. That's often called LDAPS, by analogy with HTTP and HTTPS.
- Create a plaintext LDAP connection to port 389 and then switch using STARTTLS to using SSL (TLS) on that same connection.
Can you clarify?
Chris Received on Mon Jul 14 2008 - 12:49:58 CDT