Configure Solaris 10’s native LDAP client to authenticate to OpenLDAP Server

1. Solaris’ LDAP authentication requires shadowAccount object class be bound to an account for lookups to succeed. Edit /usr/share/openldap/migration/ to add the shadowAccount object class below posixAccount

2. Run ldapclient command on the Solaris with the parameters as specified as here

3. Remove /etc/pam.conf with this file

4. edit /etc/nsswitch.conf.ldap, change :

hosts: ldap [NOTFOUND=return] […]

Sample .htaccess for mod_authnz_ldap/mod_auth_ldap for apache

AuthName “Pls login with your username and password” AuthType Basic AuthBasicProvider ldap AuthLDAPURL “ldap://,dc=edu,dc=hk?uid” AuthzLDAPAuthoritative off Allow from mynetwork/24 Deny from all Satisfy Any Require valid-user

This .htaccess will ask the user to enter the usernanme and password when connecting from outside mynetwork/24

Still working on how to do a posix group based authentication, however […]

Writing LDAP search filter

LDAP search filter is useful in Apache LDAP authentication and Ironport.

Under Ironport, I use the below filter to search for valid user with his aliase :


I use the below to search if an user/alias is in a specific posix group :


Under OpenLDAP, to search a user :

ldapsearch -x -b […]