Solaris - Intro Notes - Back to Index

LDAP and Solaris


For general information and the current status of LDAP take a look Jeff Hodges' LDAP Roadmap & FAQ.

I recently heard a Sun employee suggest that struggling with LDAP under Solaris 8 is a waste of time and that users should go to Solaris 9 where LDAP is now properly integrated. I did a lot of work with LDAP under Solaris 8 and know people who are using it in production but would agree that it is tricky. Solaris 9 is distributed with the Sun ONE (formerly iplanet) Directory Server and has improved client side support for LDAP (see this FAQ). In fact Sun are confident enough to have indicated formally that there are plans to scrap NIS+ and have provided tools to assist migration to LDAP. However, I thought I would summarise notes relating to experiments with LDAP under Solaris 8 in early 2001.

I decided to start by setting up an OpenLDAP server on my Solaris 8 box. After a lot of mucking about on my own I eventually realised that someone called Phil had already solved a lot of the problems and created a very helpful guide to Secure LDAP for Solaris on his bolthole site which got me running.

Now, with a working server, the second part of the problem is to cajole your Solaris 8 box into using it as a naming service. One serious problem is that Solaris 8 native LDAP authentication does not offer session encryption but if you want to go ahead anyway refer to the Configuring Solaris8 with OpenLDAP guide at yPass.

On the other hand, it is possible to get the whole thing working with Transport Layer Security by dumping the native client stuff (you can even pkgrm SUNWnisr and SUNWnisu altogether) and installing the client side modules nss_ldap and pam_ldap from (see instructions on bolthole site).

The transfer syntax for LDAP (and SNMP) is called BER which stands for Basic Encoding Rules. The functions which support BER are available in which is distributed with OpenLDAP or in which is included in the Solaris 8 package SUNWcsl (the lber.h header is in SUNWlldap though). Ian Gregory 2010