SGI: Security

OpenLDAP with TLS - ldapsearch works, authentication not


Since we upgraded to the latest IRIX version about a month ago I've been trying to get them boxes to use a Linux server running the latest OpenLDAP with TLS as source of their authentication, but no luck so far.

Running OpenLDAP on one of our SGI's itself (to see if this would give some more info) works too, but it's still a no go for authentication.
I can query the SGI server with ldapsearch locally, as well as from a remote machine, and I can also query the remote server with ldapsearch from my SGI box. :cry:

The only relevant info in the logs is: Can't contact LDAP server...

So before I start posting a bunch of config files somebody might have an idea of something I might be missing...

Also, is there some sort of good tutorial for this, because I kinda used a Gentoo Linux one to get the server up and running, but the client config is somewhat different and I haven't found a good one.


MultiPlatform single-sign on has been an obsession of mine for quite a while. Not too long ago I bought an octane and media from eBay. I've had some degree of success in getting it working(SSO that is). How far have you gotten and what's your end goal? LDAP logon via the Graphical console? did you get it working without SSL yet? My inital focus was on getting telnet/ssh working first. Below are my reaaaalllly rough notes on things that helped me(obviously they need to be fleshed out more). I didn't get SSL working yet(and hasn't been very important to me since I'm using LDAP in conjuction with KerberosV) I found the article at l to be helpful

This has been tested on an SGI Octane running IRIX 6.5.27
The first steps are to edit the two files /var/ns/ldap.conf and /etc/nsswitch.conf
aftewards you can either:
nsadmin flush nsadmin restart
killall -HUP nsd
if you then issue:
id <ldap user name>
you should get back some info
next is Kerberos.