Re: Connect Solaris ldapclient to a Oracle internet directory

From: Denis <Denis.Nicklas_at_googlemail.com>
Date: Thu, 3 Jul 2008 02:00:22 -0700 (PDT)
Message-ID: <ef0a466a-3768-472f-b5b4-6ce52a525c12@b1g2000hsg.googlegroups.com>

On Jun 23, 8:37�pm, "Shakespeare" <what..._at_xs4all.nl> wrote:
> "denis" <Denis.Nick..._at_googlemail.com> schreef in berichtnews:dcd6d005-36cb-4488-8d28-dfd853a9bbd4_at_t54g2000hsg.googlegroups.com...
> On 19 Jun., 16:07, Chris Ridd <chrisr..._at_mac.com> wrote:
>
>
>
>
>
> > On 2008-06-18 15:28:01 +0100, denis <Denis.Nick..._at_googlemail.com> said:
>
> > > As far as I know the native Solaris ldap client doesn't have this
> > > commands.
> > > I found only:
> > > ldapadd ldapaddent ldapclient ldapdelete ldaplist
> > > ldapmodify ldapmodrdn ldapsearch
>
> > You should first test whether NSS is working against your Oracle
> > directory - test using tools like id. The ldaplist tool is specific to
> > NSS as well, and a useful test tool.
>
> > Once you're happy all that's working, *then* go and fight PAM. If
> > memory serves, the objectclasses present on directory entries is
> > important for pam_ldap.
>
> > Cheers,
>
> > Chris
>
> Thanks for all your answers.
>
> Here is an intermediate state:
> Thanks to shakespeare I found the Oracle� Authentication Services for
> Operating Systems Administrator�s Guide.
> In which I have learned that oracle provides client setup scripts
> (sslConfig_OIDclient.sh). I trying to find a test environment. I will
> post the results.
>
> According to Chris' advice I got ldaplist up and running but not id.
> The Sol version I am using is 10.
> NS_LDAP_SERVICE_AUTH_METHOD is added by using the �ldapclient -v mod �-
> a "serviceSearchDescriptor=..." command
>
> I found another very interesting thread:http://forum.java.sun.com/thread.jspa?threadID=5176398&messageID=9682137
>
> At the Moment I get the following error:
>
> Jun 23 12:02:46 sun1 sshd[10553]: [ID 285619 auth.debug] ldap
> pam_sm_authenticate(sshd-kbdint user1), flags = 0
> Jun 23 12:02:46 sun1 sshd[10553]: [ID 647000 auth.debug] ldap
> pam_sm_authenticate(sshd-kbdint user1), AUTHTOK not set
> Jun 23 12:03:10 sun1 sshd[10553]: [ID 800047 auth.info] Keyboard-
> interactive (PAM) userauth failed[9] while authenticating:
> Authentication failed
>
> Denis
>
> ====================================================
> Denis,
>
> thanks for your update. I look forward to a follow up with the success
> formula!
>
> Shakespeare- Hide quoted text -
>
> - Show quoted text -

ldapclient connects to the OID. Yippi :-) It was a combination between nsswich.conf pam.conf and ldapclient. Thanks for all your help so far.

I have found some more good resources:
http://www.sun.com/bigadmin/features/articles/nis_ldap_part2.jsp http://blogs.sun.com/jo/entry/sun_directory_server_6_x

Now I would like to use SSL. The Solaris client needs PKCS12 formated key.db files. My problem is to get this keys in the right format. Received on Thu Jul 03 2008 - 04:00:22 CDT

This message: [ Message body ]
Next message: jstuglik: "Re: What are ORA$AT_OS_OPT_SY_665 like 11g jobs?"
Previous message: yossarian: "Re: dropping a column in a production database"
Next in thread: Chris Ridd: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Reply: Chris Ridd: "Re: Connect Solaris ldapclient to a Oracle internet directory"
Reply: Neal A. Lucier: "Re: Connect Solaris ldapclient to a Oracle internet directory"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message