mchesler@chesent.com wrote:
> I'm trying to implement LDAP to replace NIS+ and I've run into an
> issue. I have my LDAP server configured to run on port 389 and port
> 636 (running Sun Directory Server 5.2). I configured a Solaris 8
> machine to authenticate against the LDAP server, which seems to work
> fine (passwords are sent in crypt format, not ideal, but at least not
> plain-text). When I log into the client as an LDAP user and try to
> change the password using /usr/bin/passwd, I can see the plain-text
> password (both the original and new passwords) being sent over the
> line. How can I force any LDAP traffic to use SSL/TLS?
>
> >From snoop on LDAP server:
>
> LDAP: ----- Lightweight Directory Access Protocol Header -----
> LDAP: *[LDAPMessage]
> LDAP: [Message ID]
> LDAP: Operation *[APPL 6: Modify Request]
> LDAP: [Object Name]
> LDAP: uid=testuser,ou=People,dc=as3,dc
> LDAP: =com
> LDAP: *[Modification]
> LDAP: *[]
> LDAP: [Operation]
> LDAP: Replace
> LDAP: *[Modification]
> LDAP: [Attribute]
> LDAP: userpassword
> LDAP: *[Set]
> LDAP: [OctetString]
> LDAP: abc1234
> LDAP:


You need to install patch 108993-18 or later to get the PHASE2 ldap
client.
which is able to run SSL authentication.
This is the Default ldapclient on Solaris 9.

//Lars