Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: OpenLDAP setup
Operating Systems Solaris OpenLDAP setup Post 302531687 by bitlord on Friday 17th of June 2011 12:32:54 PM
Old 06-17-2011
OpenLDAP setup
At work I'm been givin the task to move are backend servers from NIS to LDAP. We have mostly Solaris 10 servers, as well as a few Redhat servers. I am going to use openLDAP as the LDAP server. I'm looking for a good how to guide on setting up the openLDAP server. Most of the docs I have found seem to fall apart around the configuring of the server and ldapclient setup. Most of the guilds are for Linux servers and Solaris seems to have more steps. I would also like to find a active forum for LDAP question.

If anyone has any experience with his I would love to get some guidance. I installed openLDAP with a package from sunfreeware.com. At this point I just want LDAP to work and I'm not concerned with security, I can lock it down after the fact.

I'm having two issues that I can tell right now .I'm having trouble getting the “ldapclient init” command to work. When I try to start the LDAP with svcs says it is maintenance mode. I'm thinking that I have an error in one of the files I have edited.

Any help would be great.
.
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

OpenLDAP and Apache

Hello! I'm starting to panic here! I'm trying to authorize Subversion (via apache) users at my company here via LDAP. Sure everything works when just authorizing users with require valid-user But! That is not what I'm looking for, I wish to Authorize by membership in specifik groups... This... (0 Replies)
Discussion started by: Esaia
0 Replies

2. AIX

openLDAP with Aix

hello I have a P570 with 3 partitions. These partitions are available, since 1 year. So there are a lot of users, files, etc, on these partition I must now install an openldap with Debian to manage all these users. But several pb: on LDAP, we are 1 iud for user and one home directory, 1 gid... (0 Replies)
Discussion started by: pascalbout
0 Replies

3. AIX

NIM server setup on etherchannel setup environment

I know that IBM's official stance is that NIM does not work on etherchannel environment, but has anyone able to get around it? I'm working on a p5-590 LPAR system, and the NIM master and clients are all on the same frame. Any help is appreciated. (1 Reply)
Discussion started by: pdtak
1 Replies

4. Red Hat

Need OpenLDAP Help

Hi, all: I'm studying for the RHCE and have hit the section on configuring an OpenLDAP client. I'd like to practice this, but I can't get an OpenLDAP server set up. I followed the directions in RedHat's Deployment Guide, and it looks like the server is up and running, but I can't get the... (0 Replies)
Discussion started by: rjlohman
0 Replies

5. Solaris

Openldap configuration

I m using Intel solaris 10 version . I m trying to install openldap and used several documents and package versions . But every time I got CC PATH error and while I solved the CC issue , I got Barkley DB error . :wall: Is there any perticular site from where I can install and configure... (1 Reply)
Discussion started by: sanjee
1 Replies

6. UNIX for Advanced & Expert Users

OpenLDAP and Solaris10 problems

Hi All, I have configured OpenLDAP sucessfully and set following results indicating that the user is loaded on the LDAP database test5:/ $ cat /etc/passwd | grep admin777 test5:/ $ getent passwd admin777 admin777:x:5011:1000::/:/bin/bash test5:/ $ id admin777 uid=5011(admin777)... (0 Replies)
Discussion started by: esawyja
0 Replies

7. Red Hat

Openldap 2.4.31 replication

Hi, I have done setup for openldap master and slave. Its working fine and replicating also. But it is working only with plane text password in syncrepl . How we can use encrypted password here also like we are using in rootpw ? Below portion is working. syncrepl rid=101 ... (3 Replies)
Discussion started by: Priy
3 Replies

LEARN ABOUT OSF1

ldap

ldap(1) 							   User Commands							   ldap(1)

NAME

       ldap - LDAP as a naming repository

DESCRIPTION

       LDAP  refers  to  Lightweight Directory Access Protocol, which is an industry standard for accessing directory servers. By initializing the
       client using ldapclient(1M) and using the keyword ldap in the name service switch file, /etc/nsswitch.conf, Solaris clients can obtain nam-
       ing  information from an LDAP server.  Information such as usernames, hostnames, and passwords are stored on the LDAP server in a Directory
       Information Tree or DIT. The DIT consists of entries which in turn are composed of attributes. Each attribute has a type and  one  or  more
       values.

       Solaris	LDAP  clients  use  the  LDAP  v3 protocol to access naming information from LDAP servers. The LDAP server must support the object
       classes and attributes defined in RFC2307bis (draft), which maps the naming service model on to LDAP. As an alternate to using  the  schema
       defined	in  RFC2307bis	(draft), the system can be configured to use other schema sets and the schema mapping feature is configured to map
       between the two. Refer to the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for more details.

       The ldapclient(1M) utility can make a Solaris machine an LDAP client by setting up the appropriate directories,	files,	and  configuration
       information. The LDAP client caches this configuration information in local cache files. This configuration information is accessed through
       the ldap_cachemgr(1M) daemon. This daemon also refreshes the information in the configuration files from the LDAP server, providing  better
       performance and security. The ldap_cachemgr must run at all times for the proper operation of the naming services.

       There  are two types of configuration information, the information  available through a profile, and the information configured per client.
       The profile contains all the information as to how the  client accesses the directory. The credential information for proxy user is config-
       ured on a per client basis and is not downloaded through the profile.

       The  profile  contains  server-specific parameters that are required by all clients to locate the servers for the desired LDAP domain. This
       information could be the  server's IP address and the search base Distinguished Name (DN), for instance. It is  configured  on  the  client
       from  the default profile during  client  initialization and is	periodically  updated by the ldap_cachemgr daemon when the expiration time
       has elapsed.

       Client profiles can be stored on the LDAP server and may be used by the ldapclient utility to initialize an LDAP client. Using  the  client
       profile is the easiest way to configure a  client  machine. See ldapclient(1M).

       Credential information includes client-specific parameters that are used  by  a client. This information could be the Bind DN (LDAP "login"
       name) of the client and the password. If these parameters are required, they are manually defined during the initialization  through  ldap-
       client(1M).

       The  naming information is stored in containers on the LDAP server. A container is a non-leaf entry in the DIT that contains naming service
       information. Containers are similar to maps in NIS and tables in NIS+. A default mapping between the NIS databases  and the containers	in
       LDAP  is  presented  below.  The location of these containers as well as their names  can be overridden through the use of serviceSearchDe-
       scriptors. For more information, see ldapclient(1M).

       +--------------------+--------------------+---------------------------+
       |Database	    |Object Class	 | Container		     |
       +--------------------+--------------------+---------------------------+
       |passwd		    |posixAccount	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |		    |shadowAccount	 |			     |
       +--------------------+--------------------+---------------------------+
       |group		    |posixGroup 	 | ou=Group,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |services	    |ipService		 | ou=Services,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |protocols	    |ipProtocol 	 | ou=Protocols,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |rpc		    |oncRpc		 | ou=Rpc,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |hosts		    |ipHost		 | ou=Hosts,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |ipnodes 	    |ipHost		 | ou=Hosts,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |ethers		    |ieee802Device	 | ou=Ethers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |bootparams	    |bootableDevice	 | ou=Ethers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |networks	    |ipNetwork		 | ou=Networks,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |netmasks	    |ipNetwork		 | ou=Networks,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |netgroup	    |nisNetgroup	 | ou=Netgroup,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |aliases 	    |mailGroup		 | ou=Aliases,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |publickey	    |nisKeyObject	 |			     |
       +--------------------+--------------------+---------------------------+
       |generic 	    |nisObject		 | nisMapName=...,dc=...     |
       +--------------------+--------------------+---------------------------+
       |printers	    |printerService	 | ou=Printers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |auth_attr	    |SolarisAuthAttr	 | ou=SolarisAuthAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |prof_attr	    |SolarisProfAttr	 | ou=SolarisProfAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |exec_attr	    |SolarisExecAttr	 | ou=SolarisProfAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |user_attr	    |SolarisUserAttr	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |audit_user	    |SolarisAuditUser	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+

       The security model for clients is defined by a combination of the credential level to be used, the authentication method, and the PAM  mod-
       ules  to  be  used.  The  credential  level defines what credentials the client should use to authenticate to the directory server, and the
       authentication method defines the method of choice.  Both these can be set with multiple values. The Solaris LDAP  supports  the  following
       values for credential level :

		 anonymous

		 proxy

       The Solaris LDAP supports the following values for authentication method:

		 none

		 simple

		 sasl/CRAM-MD5

		 sasl/DIGEST-MD5

		 tls:simple

		 tls:sasl/CRAM-MD5

		 tls:sasl/DIGEST-MD5

       More  protection can be provided by means of  access control, allowing the server to grant access for certain containers or entries. Access
       control is specified by Access Control Lists (ACLs) that are defined and stored in the LDAP server. The Access Control Lists  on  the  LDAP
       server  are  called Access Control  Instructions (ACIs) by the the SunOne Directory Server. Each ACL or ACI specifies one or more directory
       objects, for example, the cn attribute in a specific container, one or more clients to whom you grant or  deny  access,	and  one  or  more
       access  rights  that  determine what the clients can do to or with the objects. Clients can be users or	applications. Access rights can be
       specified as read and write, for example. Refer to the System Administration Guide: Naming and Directory  Services  (DNS,  NIS,	and  LDAP)
       regarding the restrictions on ACLs and ACIs when using LDAP as a naming repository.

       A  sample  nsswitch.conf(4) file called nsswitch.ldap is provided in the /etc directory. This is copied to /etc/nsswitch.conf  by the ldap-
       client(1M) utility. This file uses LDAP as a repository for the different databases in the  nsswitch.conf file.

       The following is a list of the user commands related to LDAP:

       idsconfig(1M)	       Prepares a SunOne Directory Server to be ready to support Solaris LDAP clients.

       ldapaddent(1M)	       Creates LDAP entries from corresponding /etc files.

       ldapclient(1M)	       Initializes LDAP clients, or generates a configuration profile to be stored in the directory.

       ldaplist(1)	       Lists the contents of the LDAP naming space.

FILES

       /var/ldap/ldap_client_cred      Files that contain the LDAP configuration of the client. Do not manually modify these files. Their  content
       /var/ldap/ldap_client_file      is not  guaranteed to be human readable. Use ldapclient(1M) to update them.

       /etc/nsswitch.conf	       Configuration file for the name-service switch.

       /etc/nsswitch.ldap	       Sample configuration file for the name-service switch configured with LDAP and files.

       /etc/pam.conf		       PAM framework configuration file.

SEE ALSO

       ldaplist(1),   idsconfig(1M),  ldap_cachemgr(1M),  ldapaddent(1M),  ldapclient(1M),  nsswitch.conf(4),  pam.conf(4),  pam_authtok_check(5),
       pam_authtok_get(5),  pam_authtok_store(5),   pam_dhkeys(5),   pam_ldap(5),   pam_passwd_auth(5),   pam_unix_account(5),	 pam_unix_auth(5),
       pam_unix_session(5)

       System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

NOTES

       The  pam_unix(5)  module  is  no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth-
       tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.10							    7 Jan 2004								   ldap(1)
All times are GMT -4. The time now is 08:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy