Managing Network File Systems in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014

How to Use a Secured Connection to the NSDB

Before You Begin

You must have an LDAP server installed.

  1. Become an administrator.

    For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  2. On the LDAP server, create a certificate.

    You need a certificate to secure the LDAP traffic.

    # mkdir /etc/openldap/certs
    # mkdir /etc/openldap/certs/keys
    # cd /etc/openldap/certs
    # openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
      -keyout keys/ldapskey.pem -out ldapscert.pem
    # chown -R openldap:openldap /etc/openldap/certs/*
    # chmod 0400 keys/ldapskey.pem
  3. Add declarations to the /etc/openldap/slapd.conf file.
    TLSCertificateFile /etc/openldap/certs/ldapscert.pem
    TLSCertificateKeyFile /etc/openldap/certs/keys/ldapskey.pem
  4. Copy the certificate to the NFS server and clients.
    # scp ldap-server:/etc/openldap/certs/keys/ldapskey.pem \
    # chmod 0400 /etc/openldap/certs/keys/ldapskey.pem
  5. On the NFS server and clients, update the connection entry.
    # nsdbparams update -f ldapscert.pem -t FEDFS_SEC_TLS localhost

    For information about options available with the nsdbparams command, see the nsdbparams (1M) man page.