Hi, Fernando : First question, did you run the command /usr/lib/ldap/idsconfig to configure the LDAP server after installation? ( Be careful, the idsconfig need correct input.)
Second, here are some infomation can help you: 1) You need install the LDAP server on Trusted Solaris System, and make the LDAP service listening PORT/TCP as a Multi-Level Port in global zone in the /etc/security/tsol/tnzonecfg file. 2) You need to install LDAP Proxy Server to support LDAP client, for example: LDAP server running on 10389 port, and Proxy server running on standard 389 port (this one should be MLP), and client connect to proxy 389 port, proxy connect to 10389 port. You can install both server and proxy on same machine, it's no problem. 3) After installation, you can run /var/Sun/mps/start-admin,startconsole to start LDAP administration console, It can manage the server and proxy, and manage Port should already be specified when you install the LDAP. 4) Don't forget to populate tnrhdb and tnrhtp info to LDAP server, and make each zone be the proxy server client with "ldapclient init" command on the client machine. 5) LDAP server can't be the client of itself. Try it again! -Joe Subject: [security-discuss] TX install issues (what's wrong?) From: Fernando Vilas <fvilas at iname.com> Date: Tue, 03 Apr 2007 15:52:03 -0700 (PDT) To: security-discuss at opensolaris.org I have been trying to install TX on Solaris 10u3 following the instructions here: http://docs.sun.com/app/docs/doc/819-0867/6n39012nt?a=view At the point of "Make the Global Zone an LDAP Client", it mentions having to setup an LDAP server, so I follow the link to here: http://docs.sun.com/app/docs/doc/819-0867/6n39012p6?a=view When I get to step 8, "Use the ldapaddent command to populate every file in the staging area", the command fails with "Container hosts does not exist". That's if I create /var/ldap/ldap_client_file /var/ldap/ldap_client_cred to get past the failure opening /var/ldap/ldap_client_file. This is a fresh install, just for testing TX, so I don't mind reinstalling at all. I've tried Directory Server 05Q4 and Directory Server 6, with identical results. Any help would be greatly appreciated. This message posted from opensolaris.org _______________________________________________ security-discuss mailing list security-discuss at opensolaris.org
