Initializing Solaris clients

Solaris clients are setup using the ldapclient program. The exact procedure differs for Solaris 8 and Solaris 9 mainly because the ldapclient command was completely rewritten for Solaris 9 and therefore has a different syntax and set of options.

Note: for Solaris 8 you should also install the latest version of the LDAP patch 108993. (At time of writing this is version 20)

Solaris 9

Using Credential level set to proxy

ldapclient init -a domainname=<domainname> [ -a profileName=<profilename> ] -a proxydn=<DN of proxyaccount> <IP address of LDAP server>
eg.
ldapclient init -a domainname=ldap.net -a proxydn="cn=proxyagent,ou=profile,dc=ldap,dc=net" 1.2.3.4

If a profile name other than "default" is being used then that also needs to be specified with the -a profileName option

ldapclient init -a domainname=ldap.net -a profileName=myclient -a proxydn="cn=proxyagent,ou=profile,dc=ldap,dc=net" 1.2.3.4

You will then be prompted for the proxy account password

If the LDAP server is runnning in secure (SSL) mode on port 636 then you will also need the SSL certificates in this directory. The easiest way is to get these is to use a netscape browser to retrieve them from a CA. They are called cert7.db and key3.db. As a hack you could also copy them from another client that has been setup.

Using Credential level set to anonymous

If anonymous credential level is selected there is no need to specify the proxy account DN

ldapclient init -a domainname=<domainname> <IP address of LDAP server>
ldapclient init -a domainname=ldap.net 1.2.3.4

Note: the domainname should be the same as the value for the field "nisdomainname" at the baseDN for the maps in the DIT

Solaris 8

ldapclient -D<proxyaccount> -w <passwd> -P <profilename> -d <domainname> <IP address of LDAP server>

for example

ldapclient -D"cn=proxyagent,ou=profile,dc=ldap,dc=net" -w secret -P myclient -d ldap.net 1.2.3.4

Again, if the credential level is set to anonymous, then it is not necessary to specify the proxyaccount

ldapclient -P <profilename> -d <domainname> <IP address of LDAP server>

******* Notes: ******

1/ Ensure that "anyone" have read, search, compare access for the VLV feature. This ensures that anonymous searches do not fail when trying to use VLV control. If this is not set, the ldapclient initialization will fail typically with a confusing error of "cannot find search base DN"

2/ Ensure that "anyone" has read,search access to cn and objectclass attributes at top level of tree (eg dc=cg,dc=com). Again ldapclient initialization will fail with the same message as in 1/ if this is not done