While on RedHat systems you just have to launch system-config-authentication (export display first), then select Enable LDAP support, and configure LDAP

Just have to enter LDAP Search base DN (dc=example, dc=com) and  LDAP server IP address (192.168.25.25:389)

Then press ok and you can complete an ssh user@localhost , su -  user  easily

 NB : there is no need to start or restart any service or process as the command system-config-authentication does it while ending.

—————————————————————————————————————————————————————————

The settings are quite less simple on Solaris :

1/ first set the appropriate pam.conf, that can be found on the documentation : http://docs.sun.com/app/docs/doc/816-4556/clientsetup-1?a=view

I copy it here :

#

# Authentication management

#

# login service (explicit because of pam_dial_auth)

#

login    auth requisite        pam_authtok_get.so.1

login    auth required        pam_dhkeys.so.1

login    auth required        pam_dial_auth.so.1

login    auth required        pam_unix_cred.so.1

login    auth sufficient        pam_unix_auth.so.1

login    auth required        pam_ldap.so.1

#

# rlogin service (explicit because of pam_rhost_auth)

#

rlogin    auth sufficient        pam_rhosts_auth.so.1

rlogin    auth requisite        pam_authtok_get.so.1

rlogin    auth required        pam_dhkeys.so.1

rlogin    auth required        pam_unix_cred.so.1

rlogin    auth sufficient        pam_unix_auth.so.1

rlogin    auth required        pam_ldap.so.1

#

# rsh service (explicit because of pam_rhost_auth,

# and pam_unix_auth for meaningful pam_setcred)

#

rsh    auth sufficient        pam_rhosts_auth.so.1

rsh    auth required        pam_unix_cred.so.1

#

# PPP service (explicit because of pam_dial_auth)

#

ppp    auth requisite        pam_authtok_get.so.1

ppp    auth required        pam_dhkeys.so.1

ppp    auth required        pam_dial_auth.so.1

ppp    auth sufficient        pam_unix_auth.so.1

ppp    auth required        pam_ldap.so.1

#

# Default definitions for Authentication management

# Used when service name is not explicitly mentioned for authentication

#

other    auth requisite        pam_authtok_get.so.1

other    auth required        pam_dhkeys.so.1

other    auth required        pam_unix_cred.so.1

other    auth sufficient        pam_unix_auth.so.1

other    auth required        pam_ldap.so.1

#

# passwd command (explicit because of a different authentication module)

#

passwd    auth sufficient        pam_passwd_auth.so.1

passwd    auth required        pam_ldap.so.1

#

# cron service (explicit because of non-usage of pam_roles.so.1)

#

cron    account required    pam_unix_account.so.1

#

# Default definition for Account management

# Used when service name is not explicitly mentioned for account management

#

other    account requisite    pam_roles.so.1

other    account required    pam_unix_account.so.1

#

# Default definition for Session management

# Used when service name is not explicitly mentioned for session management

#

other    session required    pam_unix_session.so.1

#

# Default definition for  Password management

# Used when service name is not explicitly mentioned for password management

#

other    password required    pam_dhkeys.so.1

other    password requisite    pam_authtok_get.so.1

other    password requisite    pam_authtok_check.so.1

other    password required    pam_authtok_store.so.1

#

# Support for Kerberos V5 authentication and example configurations can

# be found in the pam_krb5(5) man page under the "EXAMPLES" section.

#

Caution : write tabulations between fields and not simple spaces, to avoid syntax errors.

ssh and su will use the pam service login, and will use for authentication as a required module pam_ldap.so.1. This module will return to ldap/client service the result of authentication : pass or fail.

This module is not required for authentication in the default pam.conf, which causes ldap authentication with pam to fail.

Then run the ldapclient init command to set up configuration parameters to Sun ldap Directory server :

Depending on the client is using proxy to authenticate, two cases occur :

1. without proxy :

ldapclient init -a profileName=default -a domainName=example.com \

192.168.25.25:389

2. with proxy

ldapclient init -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com \

-a domainName=example.com \

-a profileName=proxy \

-a proxyPassword=test1234 \

192.168.25.25:389

Check by runnning successfully ssh user@localhost or su -  user.

Caution : the parameter "profileName" is to check on ldap Directory server before running the above command. Open the Ldap base Search dc=example, dc=com, then go to ou=profile, then find the name of the profile with.without proxy. Both may exist.

NB1: Ldap server port is optionnal,  default value is 389.

NB2 : there is no need to start SMF network/ldap/client:default manually or to change properties of this SMF (svcs -l network/ldap/client:default), as it is started automatically by ldapclient init, and default values are ok

NB3: be very careful when using ldapclient manual instead of ldapclient init because checks with ldap server are not all completed by running this command. Even if the command exits with 0 and returns a successful message, parameters like profileName and proxyPassword are note checked. So prefer ldapclient init which returns a reliable result while ending.

Source/Kaynak : http://blogs.sun.com/bjoyes/entry/solaris_vs_redhat_configuring_an