Setting up Solaris LDAP clients

From Tom
Jump to: navigation, search

This documentation can be redistributed and/or modified under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

Unless required by applicable law, this documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

This documentation should not be used as a replacement for a valid Oracle service contract and/or an Oracle service engagement. Failure to follow Oracle guidelines for installation and/or maintenance could result in service/warranty issues with Oracle.

Use of this documentation is at your own risk!

--Tom Stevenson (talk) 17:11, 26 May 2015 (EDT)


The original LDAP profile which did NOT work with Solaris

Display LDAP profile CITProfile.

[root@tom2 ~]# ldapsearch -h ldap.wayne.edu -b "dc=wayne,dc=edu" cn=CITProfile
version: 1
dn: cn=CITProfile,ou=profile,dc=wayne,dc=edu
serviceSearchDescriptor: passwd:dc=wayne,dc=edu?sub
bindTimeLimit: 2
credentialLevel: proxy
cn: CITProfile
profileTTL: 43200
searchTimeLimit: 30
followReferrals: TRUE
authenticationMethod: simple
defaultSearchBase: dc=wayne,dc=edu
preferredServerList: 141.217.1.170:389
defaultServerList: 141.217.1.24:389 141.217.1.26:389
objectClass: top
objectClass: DUAConfigProfile
defaultSearchScope: one

Display LDAP user id CCSProfileManager

Display LDAP user id CCSProfileManager.

[root@tom2 ~]# ldapsearch -h ldap.wayne.edu -b "dc=wayne,dc=edu" cn=CCSProfileManager
version: 1
dn: cn=CCSProfileManager,ou=System Groups,ou=Groups,dc=wayne,dc=edu
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
objectClass: wayneObject
objectClass: wayneGroup
cn: CCSProfileManager
description: system group account for Tom S. and Jim G. to configure Solaris /
  Linux configuration profiles
roleOccupant: uid=aa0026,ou=People,dc=wayne,dc=edu

The LDAP procedure used to create the Solaris profile

The LDAP command to create the Solaris profile

Create the LDAP profile called Solaris.

[root@tom2 ~]# ldapadd -v -h ldap.wayne.edu -D "cn=CCSProfileManager,ou=System Groups,ou=Groups,dc=wayne,dc=edu" -j /etc/ldap_pw -f /tmp/ldap_add

Where "CSProfileManager" is the group ID to use to create the Solaris profile.
Where file "/etc/ldap_pw" has the LDAP password for CCSProfileManager.
Where file "/tmp/ldap_add" has the LDAP commands/options to execute.

The LDAP data pasted to the ldapadd command

Because this is my first attempt at creating a profile, this profile might require additional modifications.  The entry being created is a profile called Solaris.

[root@tom2 ~]# cat /tmp/ldap_add

# ldapadd -v -h ldap.wayne.edu -D "cn=CCSProfileManager,ou=System Groups,ou=Groups,dc=wayne,dc=edu" -j /etc/ldap_pw -f /tmp/ldap_add

dn: cn=Solaris,ou=CCS,ou=profile,dc=wayne,dc=edu
defaultSearchScope: one
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 141.217.1.146:389
preferredServerList: 141.217.1.146:389
defaultSearchBase: dc=wayne,dc=edu
authenticationMethod: simple
followReferrals: TRUE
searchTimeLimit: 30
profileTTL: 43200
cn: Solaris
credentialLevel: proxy
bindTimeLimit: 2
serviceSearchDescriptor: passwd:dc=wayne,dc=edu?sub

Four ways to display the LDAP Solaris profile

Three ways to display the LDAP Solaris profile using ldapsearch

[root@tom2 ~]# ldapsearch -h ldap.wayne.edu -b "ou=CCS,ou=profile,dc=wayne,dc=edu" cn=Solaris
version: 1
dn: cn=Solaris,ou=CCS,ou=profile,dc=wayne,dc=edu
defaultSearchScope: one
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 141.217.1.146:389
preferredServerList: 141.217.1.146:389
defaultSearchBase: dc=wayne,dc=edu
authenticationMethod: simple
followReferrals: TRUE
searchTimeLimit: 30
profileTTL: 43200
cn: Solaris
credentialLevel: proxy
bindTimeLimit: 2
serviceSearchDescriptor: passwd:dc=wayne,dc=edu?sub     
[root@tom2 ~]# ldapsearch -h ldap.wayne.edu -b "ou=profile,dc=wayne,dc=edu" cn=Solaris
version: 1
dn: cn=Solaris,ou=CCS,ou=profile,dc=wayne,dc=edu
defaultSearchScope: one
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 141.217.1.146:389
preferredServerList: 141.217.1.146:389
defaultSearchBase: dc=wayne,dc=edu
authenticationMethod: simple
followReferrals: TRUE
searchTimeLimit: 30
profileTTL: 43200
cn: Solaris
credentialLevel: proxy
bindTimeLimit: 2
serviceSearchDescriptor: passwd:dc=wayne,dc=edu?sub     
[root@tom2 ~]# ldapsearch -h ldap.wayne.edu -b "dc=wayne,dc=edu" cn=Solaris
version: 1
dn: cn=Solaris,ou=CCS,ou=profile,dc=wayne,dc=edu
defaultSearchScope: one
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: 141.217.1.146:389
preferredServerList: 141.217.1.146:389
defaultSearchBase: dc=wayne,dc=edu
authenticationMethod: simple
followReferrals: TRUE
searchTimeLimit: 30
profileTTL: 43200
cn: Solaris
credentialLevel: proxy
bindTimeLimit: 2
serviceSearchDescriptor: passwd:dc=wayne,dc=edu?sub     

One way to display the LDAP Solaris profile using ldaplist

[root@tom2 ~]# ldaplist -l ou=CCS,ou=profile Solaris
dn: cn=Solaris,ou=CCS,ou=profile,dc=wayne,dc=edu
        defaultSearchScope: one
        objectClass: top
        objectClass: DUAConfigProfile
        defaultServerList: 141.217.1.146:389
        preferredServerList: 141.217.1.146:389
        defaultSearchBase: dc=wayne,dc=edu
        authenticationMethod: simple
        followReferrals: TRUE
        searchTimeLimit: 30
        profileTTL: 43200
        cn: Solaris
        credentialLevel: proxy
        bindTimeLimit: 2
        serviceSearchDescriptor: passwd:dc=wayne,dc=edu?sub 

Random info which will be used for defining Netgroup

serviceSearchDescriptor="netgroup: ou=netgroup,dc=inside,dc=yourdomain,dc=com" 

Example Solaris profile using multiple serviceSearchDescriptor fields.

dn: cn=proxyagent,ou=profile,dc=example,dc=com
objectclass: top
objectclass: person
cn: proxyagent
sn: proxyagent
userpassword: proxy
dn: cn=default,ou=profile,dc=example,dc=com
objectclass: top
objectclass: DUAConfigProfile
profileTTL: 43200
bindTimeLimit: 10
credentialLevel: proxy
searchTimeLimit: 30
defaultSearchScope: sub
defaultSearchBase: dc=example,dc=com
cn: default
serviceSearchDescriptor: passwd:dc=example,dc=com?sub
serviceSearchDescriptor: shadow:dc=example,dc=com?sub
serviceSearchDescriptor: group:dc=example,dc=com?sub
serviceSearchDescriptor: netgroup:dc=example,dc=com?sub
authenticationMethod: tls:simple
defaultServerList: 192.168.10.61

--Tom Stevenson 16:24, 14 September 2011 (EDT)

Help contents:

Reading: Go | Search | URL | Namespace | Page name | Section | Link | Backlinks | Piped link | Interwiki link | Redirect | Variable | Category | Special page
Tracking changes: Recent | (enhanced) | Related | Watching pages | Page history | Diff | User contributions | Edit summary | Minor edit | Patrolled edit
Logging in and preferences: Logging in | Preferences | User style
Editing: Overview | Wikitext | New page | List | Images/files | Image page | Special characters | Formula | Table | EasyTimeline | Inputbox | Template | (p. 2) | Renaming (moving) a page | Editing shortcuts | Talk page | Testing | Export | Import | rlc |