Go to main content

Managing Network File Systems in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018

How to Use a Secured Connection to the NSDB

Before You Begin

You must have an LDAP server installed. For more information, see Chapter 4, Setting Up the Oracle Directory Server Enterprise Edition With LDAP Clients in Working With Oracle Solaris 11.3 Directory and Naming Services: LDAP.

  1. Become an administrator.

    For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  2. On the LDAP server, create a certificate.

    You need a certificate to secure the LDAP traffic.

    $ mkdir /etc/openldap/certs
    $ mkdir /etc/openldap/certs/keys
    $ cd /etc/openldap/certs
    $ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
      -keyout keys/ldapskey.pem -out ldapscert.pem
    $ chown -R openldap:openldap /etc/openldap/certs/*
    $ chmod 0400 keys/ldapskey.pem
  3. Add declarations to the /etc/openldap/slapd.conf file.
    TLSCertificateFile /etc/openldap/certs/ldapscert.pem
    TLSCertificateKeyFile /etc/openldap/certs/keys/ldapskey.pem
  4. Copy the certificate to the NFS server and clients.
    $ scp ldap-server:/etc/openldap/certs/keys/ldapskey.pem \
    $ chmod 0400 /etc/openldap/certs/keys/ldapskey.pem
  5. On the NFS server and clients, update the connection entry.
    $ nsdbparams update -f ldapscert.pem -t FEDFS_SEC_TLS localhost

    For information about options available with the nsdbparams command, see the nsdbparams(1M) man page.