The following outlines how to set up a OpenSolaris client to work with a Linux OpenLDAP server.
The following is one line
ldapclient manual -a credentialLevel=proxy -a authenticationMethod=simple -a proxyDN=cn=admin,dc=server -a proxyPassword=yourpassword -a defaultSearchBase=dc=server -a defaultServerList=192.168.1.1:389 -a serviceSearchDescriptor=passwd:ou=People,dc=server -a
Add the following lines to their appropriate sections in /etc/pam.conf
login auth required pam_ldap.so.1
other auth required pam_ldap.so.1
passwd auth required pam_ldap.so.1
Test LDAP with
ldaplist -l passwd
Test user authentication using the following steps
chown ldapuser /export/home/ldapuser
Edit /etc/auto_home and add the following BEFORE “+auto_home”
SSH to test
You should be in! If not, you may have to change the following in /etc/ssh/sshd_config
#Change from yes to no
svcadm restart ssh
If you are still unable to log in, your userPassword attribute probably needs to be changed from md5/md5crypt to crypt.
su – ldapuser
After changing your password you should be able to log in.
5 thoughts on “OpenSolaris LDAP Client to Linux OpenLDAP Server”
This works on Solaris 10 (x86 at least). Just confirmed.
The ldapclient fails at this point:
start: network/ldap/client:default… timed out
anybody seen this before?
What happens when you do:
telnet server 389
or if you use SSL/TLS
telnet server 636
My guess is that ldap/client is timing out because it can’t reach the LDAP server. Try re-running ldapclient with the -v option
Can you paste the ldapclient command you used and any output it gave (with the -v flag)?
If you get a time out on ldap starting up, use this before binding:
svcadm enable /network/ldap/client:default
This allows the ldap network client to start up.
In response to: Note that you cannot use base64 encoding, you have to use utf-8 encoding for special chars instead. — I have found that if I have a special character (or a newline) that ldap_add and ldap_modify will automatically do the base64 encoding for you. For example: <?php // assuming binding is done, etc. $entry[‘postalAddress’] = “123 East 456 WestnSuite A103”; ldap_modify($ds, $dn, $entry); ?> The function or server will take the newline and convert it into base64 automatically (same goes for other special characters). You may be able to verify by using a command-line ldapsearch ldapsearch -b “dc=example,dc=com” -x “(cn=Example Person)” postalAddress You’ll see that the result comes up as dn: cn=Example Person,dc=example,dc=com postalAddress:: MTIzIEVhc3QgNDU2IFdlc3QKU3VpdGUgQTEwMw== See the double colons after postal address? That’s how LDAP states it’s base64 encoded in this case.