From: Paul B. Henson (henson@acm.org)
Date: Tue Jan 22 2008 - 20:36:11 EST
Well, unfortunately there wasn't much feedback on this.
One person pointed out that the native Sun LDAP client allows you to remap
objectclasses/attributes. However, remapping memberUid to member doesn't
work, as the latter is stored in DN format and the client doesn't know what
to make of it.
Another individual created a generic proxy account in his directory used by
all systems to allow TLS. I don't particularly care for that approach, as
access control generally distinguishes between "anonymous" and
"authenticated" access, and such a generic account would blur the two.
A third person is actually using PADL nss_ldap under Solaris 9 and is
interested in switching to the native client due to support issues with
Sun.
On asking a similar question on the nss_ldap mailing list, a representative
of Symas pointed out that they have successfully built and packaged
pam_ldap and nss_ldap for Solaris 10. That's a commercial product though
requiring licensing fees.
I did some initial testing myself, and was able to get nss_ldap working
compiled against the Sun LDAP libraries in plaintext, but not with TLS.
At this point I guess I will fight a dual front of working on nss_ldap and
also arguing with Sun technical support to try and get them to fix their
product :)...
Thanks...
-- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson@csupomona.edu California State Polytechnic University | Pomona CA 91768 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:41 EDT