LDAP Authentication on RedHat Linux and on Solaris 7 and 8

Simon Hood

The Plan

Get all general-user Unix boxes around campus authenticating from eUMIST, i.e., LDAP server. First, get a Solaris 8 box authenticating of OpenLDAP on a RedHat Linux box; then a Solaris 7 box doing the same (7 was reckoned to be harder than 8); then get them authenticating to the NDS if possible...

Configuring the RedHat box to authenticate to itself using LDAP rather than flat-files was easy --- just follow the instructions provided by RedHat. Configuring the box so that Solaris boxes would authenticate from it meant learning about adding schema to the server...

I had no idea how to set up a Solaris box as an LDAP client so I read all the Solaris documentation which referred to their own LDAP-client software and their (IPlanet/Netscape) LDAP server --- hence difficult to apply. What I really wanted was to use the OpenLDAP stuff. Hence I ended up spending a lot of time messing around with stuff what did not actually need doing (see the Solaris 8 and Solaris 2.7 links). To see what actually needs doing, which is relatively simple, see the Cosmos link.

(The only real problem is that Solaris utilities/client software wants one version of the LDAP and associated libraries, whereas the Open versions of the PAM and NSS stuff require another, leading to library conflicts --- resolved in the 7 and Cosmos links.)

Getting the Solaris boxes to talk to the NDS server rather than the OpenLDAP/RedHat server proved a problem --- an exhaustive study, down to sniffing packets and looking at the conversation between machines (by usiing snoop) resulted in the opinion that the Solaris end was fine. Some tweaking of the NDS server did the trick:

I decided to try to eliminate a "feature". Oh well...

Sarah said add SSL and Certificates......

About this document:

Produced from the SGML: /home/isd/public_html/_ldap_authentication/_reml_grp/index.reml
On: 5/7/2004 at 13:33:51
Options: reml2 -i noindex -l long -o html -p multiple