Sunday, June 05, 2005

Enterprise Security VIII: Getting there....

Phew! Finally got the ldapbind issue out of the way. The solution was simple: define LD_LIBRARY_PATH. I never did, as I did not anticipate writing programs on this platform.
That will tech me!

So, if you ever run into messages like:
ldapbind: error while loading shared libraries: libclntsh.so.10.1: cannot open shared object file: No such file or directory, remember this:
export LD_LIBRARY_PATH=$ORACLE_HOME/lib
and your ldapbind will probably result in a:
bind successfull

To be continued...

As a replacement to setting up your own Certificate Authority, take a look at this handy utility, GOSSL. I am setting up a web server in test right now, and will update with the results. Currently, it's looking good: Windows (2003 server) and Internet Explorerer (V6) have no problems with the new CA certificate, generated by GOSSL, nor with the server certificate.
Firefox still claims the server certificate is broken, although the CA is happily accepted.

Watch for updates - openssl used to be a part of the Oracle Apache installs (see your %ORACLE_HOME%\Apache\openssl directory) and is of course a far more lightweight -and thus more elegant, in my opinion- way to accomplish generation of CA and other digital certificates.
As more often the case, Oracle succeeded in creating an elephant from an ant.

No comments: