Well, unfortunately there wasn't much feedback on this. One person pointed out that the native Sun LDAP client allows you to remap objectclasses/attributes. However, remapping memberUid to member doesn't work, as the latter is stored in DN format and the client doesn't know what to make of it. Another individual created a generic proxy account in his directory used by all systems to allow TLS. I don't particularly care for that approach, as access control generally distinguishes between "anonymous" and "authenticated" access, and such a generic account would blur the two. A third person is actually using PADL nss_ldap under Solaris 9 and is interested in switching to the native client due to support issues with Sun. On asking a similar question on the nss_ldap mailing list, a representative of Symas pointed out that they have successfully built and packaged pam_ldap and nss_ldap for Solaris 10. That's a commercial product though requiring licensing fees. I did some initial testing myself, and was able to get nss_ldap working compiled against the Sun LDAP libraries in plaintext, but not with TLS. At this point I guess I will fight a dual front of working on nss_ldap and also arguing with Sun technical support to try and get them to fix their product :)... Thanks... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson@csupomona.edu California State Polytechnic University | Pomona CA 91768 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Jan 22 20:36:42 2008
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:08 EST