Hi, I have scripted the following which is what we use when joining a new client to ldap:
setup_ldap.sh
#!/bin/sh
if [ ! -d /var/ldap ] ; then mkdir /var/ldap chown root:sys /var/ldap chmod 755 /var/ldap fi cd /var/ldap rm -rf /var/ldap/* >/dev/null 2>&1 /usr/sfw/bin/sparcv9/certutil -N -d /var/ldap if [ -f /etc/ssl/our_CA_cert.pem ] ; then /usr/sfw/bin/sparcv9/certutil -A -n "ca-cert1" -i /etc/ssl/our_CA_cert.pem -a -t CT -d . else echo 'Could not find /etc/ssl/our_CA_cert.pem' fi if [ -f /etc/ssl/our_CA_cert2.pem ] ; then /usr/sfw/bin/sparcv9/certutil -A -n "ca-cert2" -i /etc/ssl/our_CA_cert2.pem -a -t CT -d . else echo 'Could not find /etc/ssl/our_CA_cert2.pem' fi if [ -f /etc/ssl/our_root_CA.pem ] ; then /usr/sfw/bin/sparcv9/certutil -A -n "ca-cert-root" -i /etc/ssl/our_root_CA.pem -a -t CT -d . else echo 'Could not find /etc/ssl/our_root_CA.pem' fi
ldapclient init -v -a profileName=ldapprofilename -a domainName=example.com -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com -a proxyPassword=examplepasswd ldapserver1 svcadm enable svc:/network/ldap/client:default svcadm restart svc:/network/ldap/client:default svcadm enable svc:/system/name-service-cache:default svcadm restart svc:/system/name-service-cache:default
Obviously from the script above you can see that we have created profiles in ldap storing settings like uri etc.
We did this so that machines authenticate to our local ldap server first, then connect to remote servers if unable to get a response from the local server.
Let me know if you need anything else.
Cheers,
Adam,
What is the ldapclient init command you are using?
On Sun, Dec 11, 2011 at 5:14 AM, adam@spoontech.biz wrote:
Hi, I manage an OpenLDAP environment consisting of Linux, Solaris and AIX.
Here is the Schema I use for Solaris 10.
Hope this helps.
# Sun nisMapEntry attributes attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'nisPublickey' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'nisSecretkey' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.1.1.1.12 SUP name NAME 'nisDomain' )
# Sun additional attributes to RFC2307 attributes (NIS) attributetype ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC 'mgrpRFC822MailMember' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15 # NAME 'rfc822MailMember' # DESC 'rfc822MailMember' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' DESC 'nisNetIdUser' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' DESC 'nisNetIdGroup' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' DESC 'nisNetIdHost' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# Sun NIS publickey objectclass objectclass ( 1.3.6.1.1.1.2.14 NAME 'NisKeyObject' DESC 'NisKeyObject' SUP top MUST ( cn $ nisPublickey $ nisSecretkey ) MAY ( uidNumber $ description ) )
# Sun NIS domain objectclass objectclass ( 1.3.1.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'nisDomainObject' SUP top AUXILIARY MUST ( nisDomain ) )
# Sun NIS mailGroup objectclass objectclass ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'mailGroup' SUP top MUST ( mail ) MAY ( cn $ mgrpRFC822MailMember ) )
# Sun NIS nisMailAlias objectclass #objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5 # NAME 'nisMailAlias' # DESC 'nisMailAlias' # SUP top # MUST ( cn ) # MAY ( rfc822mailMember ) )
# Sun NIS nisNetId objectclass objectclass ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' DESC 'nisNetId' SUP top MUST ( cn ) MAY ( nisNetIdUser $ nisNetIdGroup $ nisNetIdHost ) )
# Below is optional unless you want to use ldap_gen_profile attributetype ( 1.3.6.1.4.1.42.2.27.5.1.15 SUP name NAME 'SolarisLDAPServers' DESC 'SolarisLDAPServers' SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.16 SUP name NAME 'SolarisSearchBaseDN' DESC 'SolarisSearchBaseDN' SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.17 NAME 'SolarisCacheTTL' DESC 'SolarisCacheTTL' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.18 SUP name NAME 'SolarisBindDN' DESC 'SolarisBindDN' SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.19 SUP name NAME 'SolarisBindPassword' DESC 'SolarisBindPassword' SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.20 SUP name NAME 'SolarisAuthMethod' DESC 'SolarisAuthMethod' SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.21 SUP name NAME 'SolarisTransportSecurity' DESC 'SolarisTransportSecurity' SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.24 SUP name NAME 'SolarisDataSearchDN' DESC 'SolarisDataSearchDN' SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.25 SUP name NAME 'SolarisSearchScope' DESC 'SolarisSearchScope' SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.26 NAME 'SolarisSearchTimeLimit' DESC 'SolarisSearchTimeLimit' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.27 SUP name NAME 'SolarisPreferedServer' DESC 'SolarisPreferedServer' )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.28 SUP name NAME 'SolarisPreferedServerOnly' DESC 'SolarisPreferedServerOnly' SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.42.2.27.5.1.29 SUP name NAME 'SolarisSearchReferral' DESC 'SolarisSearchReferral' SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.42.2.27.5.2.7 NAME 'SolarisNamingProfile' DESC 'Solaris LDAP NSS Profile' SUP top STRUCTURAL MUST ( cn $ SolarisLDAPServers ) MAY ( SolarisBindDN $ SolarisBindPassword $ SolarisSearchBaseDN $ SolarisAuthMethod $ SolarisTransportSecurity $ SolarisSearchReferral $ SolarisDataSearchDN $ SolarisSearchScope $ SolarisSearchTimeLimit $ SolarisCacheTTL ) )
# End of solaris.schema
I am working on getting a bunch of Solaris 10 hosts connected to
OpenLdap.
I am not Ldap expert by far however I must get this working.
I have 0 issues getting Linux clients to connect but Solaris 10 how
to's
docs are very evasive.
I have searched everywhere the best I can find is a few online docs
that
say you need to load a custom schema.
I just need user / passwd authentication to a directory nothing more.
Will
not be using TLS..