Hi, I guess it must be able for the Solaris client to read at least the base so the client can see the supported features: # ldapsearch -h <ldapserver> -b "" -s base objectclass="*" should return the supportedcontrols, etc.
Am 08.03.12, schrieb MATON Brett <[email protected]>: > > <!-- > /* Font Definitions */ > @font-face > {font-family:"Cambria Math"; > panose-1:2 4 5 3 5 4 6 3 2 4;} > @font-face > {font-family:Calibri; > panose-1:2 15 5 2 2 2 4 3 2 4;} > /* Style Definitions */ > p.MsoNormal, li.MsoNormal, div.MsoNormal > {margin:0cm; > margin-bottom:.0001pt; > font-size:11.0pt; > font-family:"Calibri","sans-serif";} > a:link, span.MsoHyperlink > {mso-style-priority:99; > color:blue; > text-decoration:underline;} > a:visited, span.MsoHyperlinkFollowed > {mso-style-priority:99; > color:purple; > text-decoration:underline;} > span.EmailStyle17 > {mso-style-type:personal-compose; > font-family:"Calibri","sans-serif"; > color:windowtext;} > .MsoChpDefault > {mso-style-type:export-only;} > @page WordSection1 > {size:612.0pt 792.0pt; > margin:72.0pt 72.0pt 72.0pt 72.0pt;} > div.WordSection1 > {page:WordSection1;} > --> > > > > > I’ve got some hosts using Solaris 10 > > > > cat /etc/release > > Solaris 10 10/09 s10s_u8wos_08a SPARC > > Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. > > Use is subject to license terms. > > Assembled 16 September 2009 > > > > Which I’ve configured with ldapclient manual (failed miserably until I > allowed anonymous binds in dse.ldif). > > > > ldapclient manual -vv \ > > -a defaultSearchBase=<blah> \ > > -a defaultSearchScope=sub \ > > -a authenticationMethod=tls:simple \ > > -a credentialLevel=proxy \ > > -a proxyDN=cn=ldapsearch,cn=config \ > > -a proxyPassword=<blah> \ > > -a serviceAuthenticationMethod=pam_ldap:tls:simple \ > > -a domainName=<blah> \ > > -a certificatePath=/var/ldap \ > > -a serviceSearchDescriptor=group:ou=Groups,<blah> <389 server> > > > > If I turn anonymous binds off once the client is configured, it fails to > connect because the Solaris client is still insisting on making anonymous > binds. > > I’m getting these in my access log: > > > > [08/Mar/2012:15:04:49 +0100] conn=1 fd=64 slot=64 SSL connection from > <Solaris 10> to <389 DS> > > [08/Mar/2012:15:04:49 +0100] conn=1 SSL 128-bit RC4 > > [08/Mar/2012:15:04:49 +0100] conn=1 op=0 UNPROCESSED OPERATION - Anonymous > access not allowed > > [08/Mar/2012:15:04:49 +0100] conn=1 op=0 RESULT err=48 tag=101 nentries=0 > etime=0 > > [08/Mar/2012:15:04:49 +0100] conn=1 op=1 UNBIND > > [08/Mar/2012:15:04:49 +0100] conn=1 op=1 fd=64 closed - U1 > > > > Anyone come across this before and have a solution? I really don’t want to > have to allow anonymous binds... > > > > Brett > > > > > ------------------------------------------------------------------- > > GreeNRB > NRB considers its environmental responsibility and goes for green IT. > May we ask you to consider yours before printing this e-mail? > > > > NRB, daring to commit > This e-mail and any attachments, which may contain information that is > confidential and/or protected by intellectual property rights, are intended > for the exclusive use of the above-mentioned addressee(s). Any use (including > reproduction, disclosure and whole or partial distribution in any form > whatsoever) of their content is prohibited without prior authorization of > NRB. If you have received this message by error, please contact the sender > promptly by resending this e-mail back to him (her), or by calling the above > number. Thank you for subsequently deleting this e-mail and any files > attached thereto. > > > > > >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
