08-26-2009
Empty LDAP client file
Hi All,
I am getting one strange problem of empty LDAP_client_ file. There was one /var 100% overload issue few days back. After that we are observing this new issue.
I got to know about similar issue SunSolve Bug ID 6495683 - “LDAP client files & cred files are deleted when /var is full” but I do not have much details on it.
Can anybody help me out please?
ldap/client service is online & ldap_cachemgr process is running
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Has anyone successfully authenticated unix users via Active Directory using
LDAP client on AIX v5.2 or v5.3?? ldapsearch from our unix box retrieves
info from AD but having trouble authenticating unix id when I logon - get a msg ': 3004-318 Error obtaining the user's password information'. Not... (0 Replies)
Discussion started by: DANNYC
0 Replies
2. Solaris
I have an issue here with ldap client. It stoped and won't start.
What I have got:
sadm $ tail /var/adm/messages
Apr 16 09:17:24 hostname inetd: libsldap: Status: 2 Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('').
Apr 16 09:17:24 hostname inetd: libsldap: Status: 2 ... (3 Replies)
Discussion started by: aixlover
3 Replies
3. Solaris
Hi Gurus
I am a novice in LDAP and need to configure an LDAP client(Solaris 10).
The client has to bind to an AD for LDAP queries. I have created a user called testbind in AD for binding purpose.
I am planning to configure LDAP client manually(as the requirement is as such).
This is the... (16 Replies)
Discussion started by: Renjesh
16 Replies
4. AIX
Hello,
I am trying to configure an AIX machina to authenticate against a Windows 2003 AD, and I am desesperately trying to find the ldap.client lpp
in the internet.
I am using AIX 5.3 and I don't have access to the DVD media,
please help!
Thankyou,
Tiago (2 Replies)
Discussion started by: tiagoskid
2 Replies
5. Solaris
Configure ldap client:
I have configured my ldapclient with the AuthenticationMethod=simple and with the credentialLevel=proxy. However, as soon as i want to set the AuthenticationMethod=sasl/GSSAPI, and credentiallevel=self, then it fails to configure. Kerberos is already setup successfully. The... (0 Replies)
Discussion started by: Henk Trumpie
0 Replies
6. UNIX for Advanced & Expert Users
Hello,
I'm new to Centos and to openldap. I am by trade a Solaris Admin. I'm experimenting with openldap and thought Linux would be easier to install and setup openldap on, so far this is true. The problem I'm having is that I can't get the client server to authenticate to the openldap server. I... (1 Reply)
Discussion started by: bitlord
1 Replies
7. AIX
Hi,
I am trying to authenticate AIX server against a IDS LDAP instance.
The AIX version is 6.1 and TDS client is 6.1.
I configured the secldapclntd using ldap.cfg file and changed /etc/security/user to set SYSTEM=LDAP, registry=LDAP for one user. Below are the ldap.cfg configurations -
... (5 Replies)
Discussion started by: vs1
5 Replies
8. Proxy Server
Hi guys. First, sorry for my english, I´m tried to write the best form but sure I´m not do it.
I´m tried to configure the native ldap client on Solaris 10 but yet dosen't work. May be the problem is in the pam.conf or something like that.
This is the line I was applied to configure the... (7 Replies)
Discussion started by: sultano
7 Replies
9. AIX
I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly.
but when I try to log on with a windows user after entering the password login hangs and get no response.
I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in.
ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies
10. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
LEARN ABOUT CENTOS
strongimcv_pki---issue
PKI --ISSUE(8) strongSwan PKI --ISSUE(8)
NAME
pki --issue - Issue a certificate using a CA certificate and key
SYNOPSIS
pki --issue [--in file] [--type type] --cakey file|--cakeyid hex --cacert file [--dn subject-dn] [--san subjectAltName] [--lifetime days]
[--serial hex] [--flag flag] [--digest digest] [--ca] [--crl uri [--crlissuer issuer]] [--ocsp uri] [--pathlen len] [--nc-
permitted name] [--nc-excluded name] [--policy-mapping mapping] [--policy-explicit len] [--policy-inhibit len]
[--policy-any len] [--cert-policy oid [--cps-uri uri] [--user-notice text]] [--outform encoding] [--debug level]
pki --issue --options file
pki --issue -h | --help
DESCRIPTION
This sub-command of pki(1) is used to issue a certificate using a CA certificate and private key.
OPTIONS
-h, --help
Print usage information with a summary of the available options.
-v, --debug level
Set debug level, default: 1.
-+, --options file
Read command line options from file.
-i, --in file
Public key or PKCS#10 certificate request file to issue. If not given the key/request is read from STDIN.
-t, --type type
Type of the input. Either pub for a public key, or pkcs10 for a PKCS#10 certificate request, defaults to pub.
-k, --cakey file
CA private key file. Either this or --cakeyid is required.
-x, --cakeyid hex
Key ID of a CA private key on a smartcard. Either this or --cakey is required.
-c, --cacert file
CA certificate file. Required.
-d, --dn subject-dn
Subject distinguished name (DN) of the issued certificate.
-a, --san subjectAltName
subjectAltName extension to include in certificate. Can be used multiple times.
-l, --lifetime days
Days the certificate is valid, default: 1095.
-s, --serial hex
Serial number in hex. It is randomly allocated by default.
-e, --flag flag
Add extendedKeyUsage flag. One of serverAuth, clientAuth, crlSign, or ocspSigning. Can be used multiple times.
-g, --digest digest
Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. Defaults to sha1.
-f, --outform encoding
Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.
-b, --ca
Include CA basicConstraint extension in certificate.
-u, --crl uri
CRL distribution point URI to include in certificate. Can be used multiple times.
-I, --crlissuer issuer
Optional CRL issuer for the CRL at the preceding distribution point.
-o, --ocsp uri
OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple times.
-p, --pathlen len
Set path length constraint.
-n, --nc-permitted name
Add permitted NameConstraint extension to certificate.
-N, --nc-excluded name
Add excluded NameConstraint extension to certificate.
-M, --policy-mapping issuer-oid:subject-oid
Add policyMapping from issuer to subject OID.
-E, --policy-explicit len
Add requireExplicitPolicy constraint.
-H, --policy-inhibit len
Add inhibitPolicyMapping constraint.
-A, --policy-any len
Add inhibitAnyPolicy constraint.
Certificate Policy
Multiple certificatePolicy extensions can be added. Each with the following information:
-P, --cert-policy oid
OID to include in certificatePolicy extension. Required.
-C, --cps-uri uri
Certification Practice statement URI for certificatePolicy.
-U, --user-notice text
User notice for certificatePolicy.
EXAMPLES
To save repetitive typing, command line options can be stored in files. Lets assume pki.opt contains the following contents:
--cacert ca_cert.der --cakey ca_key.der --digest sha256
--flag serverAuth --lifetime 1460 --type pkcs10
Then the following command can be used to issue a certificate based on a given PKCS#10 certificate request and the options above:
pki --issue --options pki.opt --in req.der > cert.der
SEE ALSO
pki(1)
5.1.1 2013-08-12 PKI --ISSUE(8)