Don't Read My Blog

Solaris 11.4 LDAP Client Won’t Initialize TLS

Solaris 11.4 LDAP Client Won’t Initialize TLS

If your standard method for initializing an LDAP client in Solaris 11.3 no longer works in 11.4, you may need to look at your certificate locations.

Previously, the LDAP client in Solaris was looking for *.db files containing your LDAP server’s certificate, typically in the /var/ldap directory.  In 11.4, more of openldap seems to be integrated with the Solaris 11.4 LDAP client.  If you are using a standard Certificate Authority (CA) to issue your certificates, you can make the following addition to your /etc/openldap/ldap.conf file:

TLS_CACERT /etc/certs/ca-certificates.crt

Once you do this, your ldapclient command should correctly find the CA for your LDAP server.

If you are using your own CA to create your LDAP server’s certificate, you can add your root CA certificate to the Solaris 11 certificate store with:

cp ~/cacert.pem /etc/certs/CA/ca_whatever_com.pem 
svcadm restart ca-certificates

More information on setting up an openldap server to provide client LDAP services in Solaris 11.4 can be found in my blog post Configuring OpenLDAP to Provide Name Services in Solaris 11.4.

Leave a Reply

Your email address will not be published. Required fields are marked *