[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Using LDAP for User authentication

To: "'Jason Williams'" <jwilliams@courtesymortgage.com>, openldap-software@OpenLDAP.org
Subject: RE: Using LDAP for User authentication
From: Rob De Langhe <rob.delanghe@telindus.be>
Date: Wed, 2 Apr 2003 07:37:03 +0200

Hi,

we're running SUN boxes with Solaris-9, and there is a hands-on cookbook at
"docs.sun.com" about how to setup iPlanet Directory Server v5 as an LDAP
server, and how to generate SUN's so-called "profiles" for client hosts, and
how to setup a "proxyagent" account in the LDAP server which is used to bind
to the server for requests.

Then the final steps to make a Solaris client use the LDAP for
authentication:
1) set its NIS (no, it's nothing to do with Yellow Pages anymore!)
domainname
domainname <your.domain> ; echo "<your.domain>" > /etc/defaultdomain
2) initialize it for LDAP :
ldapclient init -a profilename=<nameoftheprofile> -a
proxyDN=cn=proxyagent,ou=profile,dc=your,dc=domain -a
proxyPassword=<proxypwd> <ip-addr-ldap-srv>

this creates the files in /var/ldap, and sets /etc/nsswitch.ldap in place as
/etc/nsswitch.conf.

I usually put back /etc/nsswitch.files in place, and then manually edit it
to make the 'passwd' and 'group' entries look like

passwd:	files ldap

That's it (for Solaris at least)

The tricky thing for Solaris hosts, is its concept of the proxyagent account
that's used to bind to the LDAP server for any client-host requests. You
have to make it in the LDAP server manually.
Besides that there are quite some attributes about NIS that need to be
defined/enabled in the schema. On iPlanet these are readily foreseen, on
openLDAP you will need to define them manually in the *.ldif files that
define your schema. I tried a few times with openLDAP schema to get it up
and running for Solaris, but no luck till now. Timeconstraints and lack of
public information made me step back to iPlanet (out of the box...)

Good luck

Rob

> -----Original Message-----
> From: Jason Williams [mailto:jwilliams@courtesymortgage.com]
> Sent: dinsdag 1 april 2003 21:19
> To: openldap-software@OpenLDAP.org
> Subject: Using LDAP for User authentication
> 
> 
> Hello everyone!
> 
> Well, I have a couple of questions about using LDAP for user 
> authentication.
> 
> First question: Is Samba necessary for LDAP authentication, 
> or is that only 
> if you are planning on setting up the server as a PDC?
> 
> Secondly, as I become more comfortable with LDAP, I am starting to 
> understand more about schema, objectclasses and designing.
> 
> At this point, I am trying to figure out what exactly I need 
> to setup LDAP 
> for authentication. Right now, I only have two users on a 
> test machine that 
> I am using. I guess my question would be, would would be the 
> easiest way at 
> this point to make my test machine start using LDAP for user 
> authentication?
> 
> Does anyone have some general guidelines or suggestions on how to get 
> started with this?
> 
> I really do appreciate everyones help.
> 
> Cheers,
> 
> Jason
>

Prev by Date: Re: Using LDAP for User authentication
Next by Date: AIX nss_ldap binaries
Index(es):
- Chronological
- Thread