Before You Begin
You must have an LDAP server installed. For more information, see Chapter 4, Setting Up the Oracle Directory Server Enterprise Edition With LDAP Clients in Working With Oracle Solaris 11.3 Directory and Naming Services: LDAP.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
You need a certificate to secure the LDAP traffic.
$ mkdir /etc/openldap/certs $ mkdir /etc/openldap/certs/keys $ cd /etc/openldap/certs $ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ -keyout keys/ldapskey.pem -out ldapscert.pem $ chown -R openldap:openldap /etc/openldap/certs/* $ chmod 0400 keys/ldapskey.pem
TLSCertificateFile /etc/openldap/certs/ldapscert.pem TLSCertificateKeyFile /etc/openldap/certs/keys/ldapskey.pem
$ scp ldap-server:/etc/openldap/certs/keys/ldapskey.pem \ /etc/openldap/certs/keys/ldapskey.pem $ chmod 0400 /etc/openldap/certs/keys/ldapskey.pem
$ nsdbparams update -f ldapscert.pem -t FEDFS_SEC_TLS localhost
For information about options available with the nsdbparams command, see the nsdbparams(1M) man page.