I'm trying to join my OmniOS 038 systems to our AD so that UIDs and GIDs
resolve and I can get around the NFS 16 group limit.
The problem I'm having is that it appears the LDAP client in Illumos has no
support for LDAPS which is now a requirement.
>From the ldapclient man page:
CAUTION
Currently StartTLS is not supported by libldap.so.5, therefore the
port
number provided refers to the port used during a TLS open, rather
than
the port used as part of a StartTLS sequence. To avoid timeout
delays,
mixed use of TLS and non-TLS authentication mechanisms is not
recommended.
For example:
-h foo:1000 -a authenticationMethod=tls:simple
...or:
defaultServerList= foo:1000
authenticationMethod= tls:simple
The preceding refers to a raw TLS open on host foo port 1000, not an
open, StartTLS sequence on an unsecured port 1000. If port 1000 is
unsecured the connection will not be made.
As a second example, the following will incur a significant timeout
delay while attempting the connection to foo:636 with an unsecured
bind.
defaultServerList= foo:636 foo:389
authenticationMethod= simple
Has anyone found a way to work around this?
Thanks,
-Chip
------------------------------------------
illumos: illumos-discuss
Permalink:
https://illumos.topicbox.com/groups/discuss/Tb99e88b61c690e04-Mf793c00428f1ac9771ddff4a
Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
