Step 1: Setting up SSL for Solaris 11 LDAP client (changing AD password from Solaris)
Step 2: Change your ldapclient so that defaultServerList/NS_LDAP_SERVERS points to the full host name of your AD hosts. Using my existing example:
# ldapclient mod -a "defaultServerList=testdc01.testforest.dcs.bbk.ac.uk,testdc02.testforest.dcs.bbk.ac.uk"
Step 3: Change the authentication to tls:simple
# ldapclient mod -a authenticationMethod=tls:simple
Step 4: Test all is still working
# ldapclient list |egrep -i "AUTH|SERVERS"
NS_LDAP_SERVERS= testdc01.testforest.dcs.bbk.ac.uk, testdc02.testforest.dcs.bbk.ac.u
NS_LDAP_AUTH= tls:simple
Warning: Tested Solaris 11.2
If Firefox crashes make sure nscd is on (# svcadm enable svc:/milestone/name-services:default)
You can always double check it by snooping the network ports ("snoop port 636" and "snoop port 389"). That is is and I hope it has helped.
No comments:
Post a Comment