[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Configuring Solaris 8 clients

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: RE: Configuring Solaris 8 clients
From: Igor Brezac <igor@ipass.net>
Date: Wed, 26 Mar 2003 08:56:52 -0500 (EST)
Cc: rcorominas@citec.es, Matthew Mauzy <matthew_mauzy@unc.edu>, LDAP Mailing List <openldap-software@OpenLDAP.org>
In-reply-to: <489540111.1048638599@cadabra.stanford.edu>
References: <NGBBLJJNKPENMPNKJBMMGEKDCAAA.rcorominas@citec.es> <489540111.1048638599@cadabra.stanford.edu>

On Wed, 26 Mar 2003, Quanah Gibson-Mount wrote:

>
>
> --On Wednesday, March 26, 2003 9:14 AM +0100 Ramon Corominas
> <rcorominas@citec.es> wrote:
>
> > Hi,
> >
> > Where can I get documentation about configuring solaris clients ?
> >
> > Thanks in advance,
> >
>
> Ramon,
>
> I got it working in Solaris 9 in the following fashion:
>
> To set up a Solaris 9 machine for LDAP instead of NIS, one simply needs to
> do the following:
>
> edit /etc/nsswitch.ldap
>
> Change the hosts: line from
> hosts: ldap [blah.....] files
> to
> hosts: files dns
>
> and then run this command:
>
> ldapclient manual -a authenticationMethod=none -a
> defaultSearchBase=dc=stanford,dc=edu -a
> defaultServerList="ldap-test1.Stanford.EDU" -a domainName="stanford.edu" -a
> followReferrals=false -a
> serviceSearchDescriptor=passwd:cn=accounts,dc=stanford,dc=edu\?sub -a
> serviceSearchDescriptor=group:cn=accounts,dc=stanford,dc=edu\?sub
>
> Of course, this only works for Stanford, but it gives you an idea how to
> configure it.
>
>
>
> For Solaris 8:
>
> 1. Create /var/ldap/ldap_client_file
> #
> # Do not edit this file manually; your changes will be lost.Please use
> ldapclien
> t (1M) instead.
> #
> NS_LDAP_FILE_VERSION= 1.0
> NS_LDAP_SERVERS= 172.24.14.237:389
> NS_LDAP_SEARCH_BASEDN= dc=stanford,dc=edu
> NS_LDAP_AUTH= NS_LDAP_AUTH_NONE
> NS_LDAP_TRANSPORT_SEC= NS_LDAP_SEC_NONE
> NS_LDAP_SEARCH_REF= NS_LDAP_NOREF
> NS_LDAP_DOMAIN= stanford.edu
> NS_LDAP_EXP= 1045640377
> NS_LDAP_SEARCH_DN= passwd:(cn=accounts,dc=stanford,dc=edu),
> group:(cn=accounts,d
> c=stanford,dc=edu)
> NS_LDAP_SEARCH_SCOPE= NS_LDAP_SCOPE_SUBTREE
> NS_LDAP_SEARCH_TIME= 30
>
>
> 2.Create /var/ldap/ldap_client_cred:
> #
> # Do not edit this file manually; your changes will be lost.Please use
> ldapclient (1M) instead.
> #
> NS_LDAP_BINDDN= cn=accounts,dc=stanford,dc=edu
>
> 3. Edit /etc/nsswitch.conf so the passwd: line to read:
>
> passwd: file ldap
>
>
> 4. tests:
>
> /usr/bin/listuser
>
>

This is a bit too simplistic and it will not work on Solaris 9 until
ldap_cachemgr is started.  To make this setup complete you need to add
your domain to /etc/defaultdomain, /etc/init.d/ldap.client start and
restart nscd (/etc/init.d/nscd stop and then start).  nscd does not need
to run in order for this to work, in the long run you do want nscd
running.  For more check out:

Solaris 9
http://docs.sun.com/db/doc/806-4077/6jd6blbdk?a=view

Solaris 8
http://docs.sun.com/db/doc/806-5580?q=ldap

-- 
Igor

Follow-Ups:
- RE: Configuring Solaris 8 clients
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- RE: Configuring Solaris 8 clients
  - From: Ramon Corominas <rcorominas@citec.es>
- RE: Configuring Solaris 8 clients
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Openldap reliability
Next by Date: RE: Configuring Solaris 8 clients
Index(es):
- Chronological
- Thread