Solaris 9 and LDAP

This page describes the use of a Solaris 9 system as a directory server for Solaris Operating Environment data

Installation

In Solaris 9 the Iplanet Directory Server version 5.1 is included in the base distribution, so no additional packages are needed to be installed. The Iplanet packages which are included are as follows.

Solaris Packages

system      IPLTadcon      Administration Server Console
system      IPLTadman      Administration Server Documentation
system      IPLTadmin      Administration Server
system      IPLTcons       Console Client Base
system      IPLTdscon      Directory Server Console
system      IPLTdsman      Directory Server Documentation
system      IPLTdsr        Directory Server (root)
system      IPLTdsu        Directory Server (usr)
system      IPLTjss        Network Security Services for Java
system      IPLTnls        Nationalization Languages and Localization Support
system      IPLTnspr       Portable Runtime Interface
system      IPLTnss        Network Security Services
system      IPLTpldap      PerLDAP

Initial Configuration of Directory server

Firstly the directory server setup script is run to configure the directory server with the base suffix for the directory.

#/usr/sbin/directoryserver setup

This is a menu driven configuration where most of the questions are straightforward.

Some examples of the information that is needed:
Computer name: mars.jw.com (Use DNS domain not NIS+)
System User: nobody
System Group: nobody

Directory server port : 389 (Use this default port)
suffix: dc=ldap, dc=net
admin domain: ldapadmin.net

Administration server port : 5000 (Don't use random suggested port)
Run Admin server as : root

Starting Console

The directory server java console is started by running the command

/usr/sbin/directoryserver startconsole

This actually runs the command
/usr/iplanet/ds5/startconsole

Running idsconfig

The idsconfig script provided with Solaris 9 configures a bare installation of Iplanet directory server so that it can be used for storing solaris data for authentication.

(This covers many of the tasks which previously needed to be done manually when configuring a server on Solaris 8)

This includes:

Creating the containers for Solaris data in the DIT
Defining the credential level
Creating proxy accounts if needed
Defining profiles
Assigning the nisdomainname attribute correctly
Attaching ACLs to branches and containers in the DIT
Tuning the directory server
Generating indexes
Generating Browsing (VLV) indexes

The script can be found in /usr/lib/ldap/idsconfig

Example of running the idsconfig script

Initializing Solaris Clients

Details of how to initialize Solaris Clients

Note:
A LDAP server can not be its own client. The LDAP server will need to use standalone /etc files.

Populating containers

Use the ldapaddent command to populate the directory containers from the equivilent /etc files.

The example belows shows the rpc table being populated
ldapaddent -v -a simple -D "cn=directory manager" -f /etc/rpc rpc

Note: The system which this command is run on must be a LDAP client, and as the LDAP server cannot be a client of itself this implies that you must setup a client first to be able to run this command

Adding entries to containers

As well as using ldapaddent to add entries to the containers, this can be done via ldapadd using a ldif file or perldap or the GUI and other possibilities. To do this you need to know the schema and the needed attributes for the various solaris data. This section shows some examples of this data in LDIF format.

LDIF examples for Solaris Data