Hello guys,
I have been trying to set up my DSEE 6.3 on Solaris 10 using proxy with tls:simple authentication. I follow all the steps mentioned in the Installation Guide on Sun's site but there is a problem with ldapclient init when I use hostname instead of IP address in the Default Server List.
Here is the config for default profile :
1 Domain to serve : test.ldap
2 Base DN to setup : dc=test,dc=ldap
3 Profile name to create : default
4 Default Server List : pluto
5 Preferred Server List : pluto
6 Default Search Scope : one
7 Credential Level : proxy
8 Authentication Method : tls:simple
9 Enable Follow Referrals : FALSE
10 iDS Time Limit :
11 iDS Size Limit :
12 Enable crypt password storage : TRUE
13 Service Auth Method pam_ldap :
14 Service Auth Method keyserv :
15 Service Auth Method passwd-cmd:
16 Search Time Limit : 30
17 Profile Time to Live : 43200
18 Bind Limit : 10
19 Enable shadow update : FALSE
ldapsearch did not work before I installed the server certificate on the client machine using certutil. after certificate is ok, then ldapearch works fine over secure port.
I initialize the Solaris 10 client with the following command :
ldapclient -v init -a proxypassword=password -a proxydn=cn=smsproxy,ou=profile,dc=test,dc=ldap -a profilename=default -a domainname=test.ldap 10.1.1.29
In ldapclien manual it says when using TLS server list in the profile should be as hostnames not IP addresses. If I use IP addresses ldapclient init is OK but ldaplist, If I use hostname then ldapclient init fails. It looks like there was a sort of name resolution problem but all the names exist in the /etc/hosts file and nsswitch.conf configured to look at files.
I hope I was able to clarify my problem. Any help would be appreciated.
Thanks,
Niyazi