Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

LDAP TLS/SSL

807559Feb 27 2003 — edited Jun 21 2007
Hello,

I am in the process of migrating to LDAP. In the hostile environment my network is in, requires that this be done in the encrypted mode provided by TLS/SSL.

My LDAP server is configured for tls/ssl (port 636). I am able to successfully issue a ldapsearch command and retrieve data. This is of course the ldapsearch in /usr/iplanet/share/bin. Which I think indicates that my cert7 and key3 files are in the proper place and are valid.

My linux clients can ssh / authenticate using tls(port 636) against the ldap server.

My solaris9 machines simply hang when I force the issue of going thru port 636. They authenticate fine in clear text port 389. I have set the authmethod and serviceauthmethod both to tls:simple via ldapclient and it successfully configs the system. But as mentioned any access from that point is a hung command or if I have 389 open on the server it uses that.

If anyone is doing this maybe a look at your working ldap_client_file is what I need?

Ideas / suggestions?

TIA

Comments

Gaz in Oz

...wget seems to have downloaded something...

Did you supply your correct Oracle SSO username and password when running wget.sh?

How big is the zip file?

   $ ls -ltr V981627-01.zip

If the file looks roughly the right size then try using gunzip on the zip file.

If the file looks too small, the use vi or some other editor to see what V981627-01.zip actually contains.

Robeen

It is too small.

vi content:

<html>

<script language="javascript" type="text/javascript">

function submitForm()

{

var hash = location.hash;

if (hash) {

if(hash.indexOf("#") == -1){

hash="#"+hash

}

document.myForm.action = document.myForm.action+hash;

}

document.myForm.submit();

}

Dude! 
I downloaded the wget.sh file to download faster on server.

Why do you think it will be faster? It will probably be slower because it cannot take advantage of the Akamai download manager.

Anyway, the script prompts for your login name and password. The password does not echo and there are not screen updates until the download is completed. If you think something went wrong and press Ctrl-c then you get an incomplete file.

The problem is due to limitations of wget which is an interactive tools and not really suitable for scripting - it will require a wrapper script to occlude your login cookie and show a progress bar. Since  you have posted your login cookie, I suggest you change your login password to the Oracle download cloud asap.

Btw, the problem isn't Linux and and the topic rather belongs to .

lmu

Part of the problem is Linux for me.  I get that all the time, only the files are 0 bytes.  The download wants this added to the wget.command --no-check-certificate

Depending on the box I  use, some still get a zero byte file with --no-check-certificate added.

What parameters on the box would cause this? It is annoying.  It only happens on some

Dude!

I used the wget script that the download generated to download 19c GI a couple of days ago and it worked. I did not have to add anything. What clues exist that the problem has something to do with Linux?

lmu

I don't know that's why I'm asking.  Depending on which box  am downloading patches from using wget, determines if it works for me or not or if I need to use --no-check-certificate. There is nothing I can tell what is different from one or the other.   Most are OEL6, all are vm's. Some ovm, some VMware.  I'll try to see which is what.

Dude!

If you are transfering the script from another system, perhaps network/proxy issues come into play. Whether the login cookies/certificartes work will probably also depend on your external IP address.

Why using wget and not a web browser to download the files? You do not need to install X window or run X server to run Firefox on your Linux server.

User_DDTW0

I had the same problem, and used --no-check-certificate to get success on the download :)
tks for the help

1 - 8
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Jul 19 2007
Added on Feb 27 2003
#oracle-solaris, #solaris-9
17 comments
926 views