LDAP Authentication on RedHat Linux and on Solaris 7 and 8 |
Simon Hood
The Plan
Get all general-user Unix boxes around campus authenticating from eUMIST,
i.e., LDAP server. First, get a Solaris 8 box authenticating of OpenLDAP
on a RedHat Linux box; then a Solaris 7 box doing the same (7 was reckoned
to be harder than 8); then get them authenticating to the NDS if
possible...
Contents:
Configuring the RedHat box to authenticate to itself using LDAP rather
than flat-files was easy --- just follow the instructions provided by
RedHat. Configuring the box so that Solaris boxes would authenticate from
it meant learning about adding schema to the server...
I had no idea how to set up a Solaris box as an LDAP client so I read all
the Solaris documentation which referred to their own LDAP-client software
and their (IPlanet/Netscape) LDAP server --- hence difficult to apply.
What I really wanted was to use the OpenLDAP stuff. Hence I ended up spending
a lot of time messing around with stuff what did not actually need doing
(see the Solaris 8 and Solaris 2.7 links). To see what actually needs
doing, which is relatively simple, see the Cosmos link.
(The only real problem is that Solaris utilities/client software wants one
version of the LDAP and associated libraries, whereas the Open versions of
the PAM and NSS stuff require another, leading to library conflicts ---
resolved in the 7 and Cosmos links.)
Getting the Solaris boxes to talk to the NDS server rather than the
OpenLDAP/RedHat server proved a problem --- an exhaustive study, down to
sniffing packets and looking at the conversation between machines (by usiing
snoop) resulted in the opinion that the Solaris end was fine. Some
tweaking of the NDS server did the trick:
I decided to try to eliminate a "feature". Oh well...
Sarah said add SSL and Certificates......
About this document:
Produced from the SGML: /home/isd/public_html/_ldap_authentication/_reml_grp/index.reml
On: 5/7/2004 at 13:33:51
Options: reml2 -i noindex -l long -o html -p multiple