The following outlines how to set up a OpenSolaris client to work with a Linux OpenLDAP server.
The following is one line
ldapclient manual -a credentialLevel=proxy -a authenticationMethod=simple -a proxyDN=cn=admin,dc=server -a proxyPassword=yourpassword -a defaultSearchBase=dc=server -a defaultServerList=192.168.1.1:389 -a serviceSearchDescriptor=passwd:ou=People,dc=server -a
serviceSearchDescriptor=group:ou=Groups,dc=server
Add the following lines to their appropriate sections in /etc/pam.conf
login auth required pam_ldap.so.1
other auth required pam_ldap.so.1
passwd auth required pam_ldap.so.1
Test LDAP with
ldaplist -l passwd
Test user authentication using the following steps
mkdir /export/home/ldapuser
chown ldapuser /export/home/ldapuser
Edit /etc/auto_home and add the following BEFORE “+auto_home”
ldapuser localhost:/export/home/ldapuser
SSH to test
ssh ldapuser@localhost
You should be in! If not, you may have to change the following in /etc/ssh/sshd_config
PAMAuthenticationViaKBDInt no
#Change from yes to no
Restart SSH
svcadm restart ssh
If you are still unable to log in, your userPassword attribute probably needs to be changed from md5/md5crypt to crypt.
su – ldapuser
passwd
After changing your password you should be able to log in.
This works on Solaris 10 (x86 at least). Just confirmed.
The ldapclient fails at this point:
start: network/ldap/client:default… timed out
anybody seen this before?
What happens when you do:
telnet server 389
or if you use SSL/TLS
telnet server 636
My guess is that ldap/client is timing out because it can’t reach the LDAP server. Try re-running ldapclient with the -v option
Can you paste the ldapclient command you used and any output it gave (with the -v flag)?