[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Solaris 10 Native Client connecting to OpenLdap How to needed
Hi, I have scripted the following which is what we use when joining a new
client to ldap:
setup_ldap.sh
#!/bin/sh
if [ ! -d /var/ldap ] ; then
mkdir /var/ldap
chown root:sys /var/ldap
chmod 755 /var/ldap
fi
cd /var/ldap
rm -rf /var/ldap/* >/dev/null 2>&1
/usr/sfw/bin/sparcv9/certutil -N -d /var/ldap
if [ -f /etc/ssl/our_CA_cert.pem ] ; then
/usr/sfw/bin/sparcv9/certutil -A -n "ca-cert1" -i
/etc/ssl/our_CA_cert.pem -a -t CT -d .
else
echo 'Could not find /etc/ssl/our_CA_cert.pem'
fi
if [ -f /etc/ssl/our_CA_cert2.pem ] ; then
/usr/sfw/bin/sparcv9/certutil -A -n "ca-cert2" -i
/etc/ssl/our_CA_cert2.pem -a -t CT -d .
else
echo 'Could not find /etc/ssl/our_CA_cert2.pem'
fi
if [ -f /etc/ssl/our_root_CA.pem ] ; then
/usr/sfw/bin/sparcv9/certutil -A -n "ca-cert-root" -i
/etc/ssl/our_root_CA.pem -a -t CT -d .
else
echo 'Could not find /etc/ssl/our_root_CA.pem'
fi
ldapclient init -v -a profileName=ldapprofilename -a
domainName=example.com -a
proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com -a
proxyPassword=examplepasswd ldapserver1
svcadm enable svc:/network/ldap/client:default
svcadm restart svc:/network/ldap/client:default
svcadm enable svc:/system/name-service-cache:default
svcadm restart svc:/system/name-service-cache:default
Obviously from the script above you can see that we have created profiles
in ldap storing settings like uri etc.
We did this so that machines authenticate to our local ldap server first,
then connect to remote servers if unable to get a response from the local
server.
Let me know if you need anything else.
Cheers,
> Adam,
>
> What is the ldapclient init command you are using?
>
>
>
> On Sun, Dec 11, 2011 at 5:14 AM, <adam@spoontech.biz> wrote:
>
>> Hi, I manage an OpenLDAP environment consisting of Linux, Solaris and
>> AIX.
>>
>> Here is the Schema I use for Solaris 10.
>>
>> Hope this helps.
>>
>> # Sun nisMapEntry attributes
>> attributetype ( 1.3.6.1.1.1.1.28
>> NAME 'nisPublickey'
>> DESC 'nisPublickey'
>> EQUALITY caseIgnoreIA5Match
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>>
>> attributetype ( 1.3.6.1.1.1.1.29
>> NAME 'nisSecretkey'
>> DESC 'nisSecretkey'
>> EQUALITY caseIgnoreIA5Match
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>>
>> attributetype ( 1.3.6.1.4.1.1.1.1.12 SUP name
>> NAME 'nisDomain' )
>>
>> # Sun additional attributes to RFC2307 attributes (NIS)
>> attributetype ( 2.16.840.1.113730.3.1.30
>> NAME 'mgrpRFC822MailMember'
>> DESC 'mgrpRFC822MailMember'
>> EQUALITY caseIgnoreIA5Match
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>>
>> #attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15
>> # NAME 'rfc822MailMember'
>> # DESC 'rfc822MailMember'
>> # EQUALITY caseIgnoreIA5Match
>> # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.1.1.12
>> NAME 'nisNetIdUser'
>> DESC 'nisNetIdUser'
>> EQUALITY caseExactIA5Match
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.1.1.13
>> NAME 'nisNetIdGroup'
>> DESC 'nisNetIdGroup'
>> EQUALITY caseExactIA5Match
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.1.1.14
>> NAME 'nisNetIdHost'
>> DESC 'nisNetIdHost'
>> EQUALITY caseExactIA5Match
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>>
>> # Sun NIS publickey objectclass
>> objectclass ( 1.3.6.1.1.1.2.14
>> NAME 'NisKeyObject'
>> DESC 'NisKeyObject'
>> SUP top
>> MUST ( cn $ nisPublickey $ nisSecretkey )
>> MAY ( uidNumber $ description ) )
>>
>> # Sun NIS domain objectclass
>> objectclass ( 1.3.1.6.1.1.1.2.15
>> NAME 'nisDomainObject'
>> DESC 'nisDomainObject'
>> SUP top AUXILIARY
>> MUST ( nisDomain ) )
>>
>> # Sun NIS mailGroup objectclass
>> objectclass ( 2.16.840.1.113730.3.2.4
>> NAME 'mailGroup'
>> DESC 'mailGroup'
>> SUP top
>> MUST ( mail )
>> MAY ( cn $ mgrpRFC822MailMember ) )
>>
>> # Sun NIS nisMailAlias objectclass
>> #objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5
>> # NAME 'nisMailAlias'
>> # DESC 'nisMailAlias'
>> # SUP top
>> # MUST ( cn )
>> # MAY ( rfc822mailMember ) )
>>
>> # Sun NIS nisNetId objectclass
>> objectclass ( 1.3.6.1.4.1.42.2.27.1.2.6
>> NAME 'nisNetId'
>> DESC 'nisNetId'
>> SUP top
>> MUST ( cn )
>> MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost ) )
>>
>> # Below is optional unless you want to use ldap_gen_profile
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.15 SUP name
>> NAME 'SolarisLDAPServers'
>> DESC 'SolarisLDAPServers'
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.16 SUP name
>> NAME 'SolarisSearchBaseDN'
>> DESC 'SolarisSearchBaseDN'
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.17
>> NAME 'SolarisCacheTTL'
>> DESC 'SolarisCacheTTL'
>> EQUALITY integerMatch
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.18 SUP name
>> NAME 'SolarisBindDN'
>> DESC 'SolarisBindDN'
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.19 SUP name
>> NAME 'SolarisBindPassword'
>> DESC 'SolarisBindPassword'
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.20 SUP name
>> NAME 'SolarisAuthMethod'
>> DESC 'SolarisAuthMethod'
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.21 SUP name
>> NAME 'SolarisTransportSecurity'
>> DESC 'SolarisTransportSecurity'
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.24 SUP name
>> NAME 'SolarisDataSearchDN'
>> DESC 'SolarisDataSearchDN'
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.25 SUP name
>> NAME 'SolarisSearchScope'
>> DESC 'SolarisSearchScope'
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.26
>> NAME 'SolarisSearchTimeLimit'
>> DESC 'SolarisSearchTimeLimit'
>> EQUALITY integerMatch
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.27 SUP name
>> NAME 'SolarisPreferedServer'
>> DESC 'SolarisPreferedServer' )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.28 SUP name
>> NAME 'SolarisPreferedServerOnly'
>> DESC 'SolarisPreferedServerOnly'
>> SINGLE-VALUE )
>>
>> attributetype ( 1.3.6.1.4.1.42.2.27.5.1.29 SUP name
>> NAME 'SolarisSearchReferral'
>> DESC 'SolarisSearchReferral'
>> SINGLE-VALUE )
>>
>> objectclass ( 1.3.6.1.4.1.42.2.27.5.2.7
>> NAME 'SolarisNamingProfile'
>> DESC 'Solaris LDAP NSS Profile'
>> SUP top STRUCTURAL
>> MUST ( cn $ SolarisLDAPServers )
>> MAY ( SolarisBindDN $ SolarisBindPassword $
>> SolarisSearchBaseDN $ SolarisAuthMethod $
>> SolarisTransportSecurity $ SolarisSearchReferral $
>> SolarisDataSearchDN $ SolarisSearchScope $
>> SolarisSearchTimeLimit $ SolarisCacheTTL ) )
>>
>> # End of solaris.schema
>> > I am working on getting a bunch of Solaris 10 hosts connected to
>> OpenLdap.
>> > I am not Ldap expert by far however I must get this working.
>> >
>> > I have 0 issues getting Linux clients to connect but Solaris 10 how
>> to's
>> > docs are very evasive.
>> >
>> > I have searched everywhere the best I can find is a few online docs
>> that
>> > say you need to load a custom schema.
>> >
>> > I just need user / passwd authentication to a directory nothing more.
>> Will
>> > not be using TLS..
>> >
>>