> > It has been broken like that since Solaris 10 (and > perhaps the backported ldapclient used by Solaris 8). > I believe there's some work going on to replace > ldapclient; hopefully it won't preserve that > particular bug :-)
Replacing with the pam_ldap and nss_ldap libraries from PADL that everyone else uses would be nice. I wonder what the status is on that... > > cert7.db, I think. At least that's what 'man > ldapsearch' says it uses, and the requirement seems > to come from the shared libsldap used by ldapsearch > and ldapclient. > > Are there any tools to manipulate cert7.db files in > OS? > cert8.db seems to work - I placed the cert8.db, key3.db, and secmod.db files in the /var/ldap directory. I'm not sure if Solaris has the tools to manipulate these files - since my DSs run on Linux, I just used Mozilla's NSS tools from Linux to create them and put my CA in there, and it seems to be fine. I also ran into an issue with the fact that Solaris's LDAP library looks for the objectClass: shadowAccount property in LDAP when it searches for valid PAM accounts (yet another thing that PADL's libraries do not require, or is at least configurable). So, I guess I get to add shadowAccount entries to all of the users that I want to have login privs to this system. -Nick -- This message posted from opensolaris.org
