Hi,
I guess it must be able for the Solaris client to read at least the base so the client can
see the supported features:
# ldapsearch -h <ldapserver> -b "" -s base objectclass="*"
should return the supportedcontrols, etc.
Am 08.03.12, schrieb MATON Brett <Brett.Maton(a)nrb.be>:
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
-->
I’ve got some hosts using Solaris 10
cat /etc/release
Solaris 10 10/09 s10s_u8wos_08a SPARC
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 16 September 2009
Which I’ve configured with ldapclient manual (failed miserably until I allowed anonymous
binds in dse.ldif).
ldapclient manual -vv \
-a defaultSearchBase=<blah> \
-a defaultSearchScope=sub \
-a authenticationMethod=tls:simple \
-a credentialLevel=proxy \
-a proxyDN=cn=ldapsearch,cn=config \
-a proxyPassword=<blah> \
-a serviceAuthenticationMethod=pam_ldap:tls:simple \
-a domainName=<blah> \
-a certificatePath=/var/ldap \
-a serviceSearchDescriptor=group:ou=Groups,<blah> <389 server>
If I turn anonymous binds off once the client is configured, it fails to connect because
the Solaris client is still insisting on making anonymous binds.
I’m getting these in my access log:
[08/Mar/2012:15:04:49 +0100] conn=1 fd=64 slot=64 SSL connection from <Solaris 10>
to <389 DS>
[08/Mar/2012:15:04:49 +0100] conn=1 SSL 128-bit RC4
[08/Mar/2012:15:04:49 +0100] conn=1 op=0 UNPROCESSED OPERATION - Anonymous access not
allowed
[08/Mar/2012:15:04:49 +0100] conn=1 op=0 RESULT err=48 tag=101 nentries=0 etime=0
[08/Mar/2012:15:04:49 +0100] conn=1 op=1 UNBIND
[08/Mar/2012:15:04:49 +0100] conn=1 op=1 fd=64 closed - U1
Anyone come across this before and have a solution? I really don’t want to have to allow
anonymous binds...
Brett
-------------------------------------------------------------------
GreeNRB
NRB considers its environmental responsibility and goes for green IT.
May we ask you to consider yours before printing this e-mail?
NRB, daring to commit
This e-mail and any attachments, which may contain information that is confidential
and/or protected by intellectual property rights, are intended for the exclusive use of
the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or
partial distribution in any form whatsoever) of their content is prohibited without prior
authorization of NRB. If you have received this message by error, please contact the
sender promptly by resending this e-mail back to him (her), or by calling the above
number. Thank you for subsequently deleting this e-mail and any files attached thereto.