| 
 | |||
| Part I About Naming and Directory Services 1. Naming and Directory Services (Overview) 2. The Name Service Switch (Overview) Part II DNS Setup and Administration 3. DNS Setup and Administration (Reference) Part III NIS Setup and Administration 4. Network Information Service (NIS) (Overview) 5. Setting Up and Configuring NIS Service Part IV LDAP Naming Services Setup and Administration 8. Introduction to LDAP Naming Services (Overview/Reference) 9. LDAP Basic Components and Concepts (Overview) 10. Planning Requirements for LDAP Naming Services (Tasks) 11. Setting Up Sun Java System Directory Server With LDAP Clients (Tasks) Configuring Sun Java System Directory Server Using idsconfig Using Service Search Descriptors to Modify Client Access to Various Services Populating the Directory Server Using ldapaddent Populating the Directory Server With Additional Profiles Configuring the Directory Server to Enable Account Management Migrating Your Sun Java System Directory Server 12. Setting Up LDAP Clients (Tasks) 13. LDAP Troubleshooting (Reference) 14. LDAP General Reference (Reference) 15. Transitioning From NIS to LDAP (Overview/Tasks) 16. Transitioning From NIS+ to LDAP Part V Active Directory Naming Service 17. Setting Up Solaris Active Directory Clients A. Solaris 10 Software Updates to DNS, NIS, and LDAP | Running idsconfigNote - You do not need special rights to run idsconfig, nor do you need to be an LDAP naming client. Remember to create a checklist as mentioned in Creating a Checklist Based on Your Server Installation in preparation for running idsconfig. You do not have to run idsconfig from a server or an LDAP naming service client machine. You can run idsconfig from any Solaris machine on the network. Caution - idsconfig sends the Directory Manager's password in the clear. If you do not want this to happen, you must run idsconfig on the directory server itself, not on a client. How to Configure Sun Java System Directory Server Using idsconfig
 Example idsconfig SetupThis section provides an example of a simple idsconfig setup, without modifying many of the defaults. The most complicated method of modifying client profiles is by creating SSDs. Refer to Using Service Search Descriptors to Modify Client Access to Various Services for a detailed discussion. A carriage return sign after the prompt means that you are accepting the [default] by hitting enter. Note - Any parameters left blank in the summary screen will not be set up. After idsconfig has completed the setup of the directory, you need to run the specified commands on the server before the server setup is complete and the server is ready to serve clients. Example 11-1 Running idsconfig for the Example, Inc. Network# usr/lib/ldap/idsconfig It is strongly recommended that you BACKUP the directory server before running idsconfig. Hit Ctrl-C at any time before the final confirmation to exit. Do you wish to continue with server setup (y/n/h)? [n] Y Enter the directory server's hostname to setup: myserver Enter the Directory Server's port number (h=help): [389] Enter the directory manager DN: [cn=Directory Manager] Enter passwd for cn=Directory Manager : Enter the domainname to be served (h=help): [west.example.com] Enter LDAP Base DN (h=help): [dc=west,dc=example,dc=com] Enter the profile name (h=help): [default] WestUserProfile Default server list (h=help): [192.168.0.1] Preferred server list (h=help): Choose desired search scope (one, sub, h=help): [one] The following are the supported credential levels: 1 anonymous 2 proxy 3 proxy-anonymous 4 self 5 self proxy 6 self proxy anonymous Choose Credential level [h=help]: [1] 2 The following are the supported Authentication Methods: 1 none 2 simple 3 sasl/DIGEST-MD5 4 tls:simple 5 tls:sasl/DIGEST-MD5 6 sasl/GSSAPI Choose Authentication Method (h=help): [1] 2 Current authenticationMethod: simple Do you want to add another Authentication Method? N Do you want the clients to follow referrals (y/n/h)? [n] N Do you want to modify the server timelimit value (y/n/h)? [n] Y Enter the server time limit (current=3600): [-1] Do you want to modify the server sizelimit value (y/n/h)? [n] Y Enter the server size limit (current=2000): [-1] Do you want to store passwords in "crypt" format (y/n/h)? [n] Y Do you want to setup a Service Authentication Methods (y/n/h)? [n] Client search time limit in seconds (h=help): [30] Profile Time To Live in seconds (h=help): [43200] Bind time limit in seconds (h=help): [10] Do you wish to setup Service Search Descriptors (y/n/h)? [n] 
 
              Summary of Configuration
  1  Domain to serve               : west.example.com
  2  Base DN to setup              : dc=west,dc=example,dc=com
  3  Profile name to create        : WestUserProfile
  4  Default Server List           : 192.168.0.1
  5  Preferred Server List         : 
  6  Default Search Scope          : one
  7  Credential Level              : proxy
  8  Authentication Method         : simple
  9  Enable Follow Referrals       : FALSE
 10  Server Time Limit             : -1
 11  Server Size Limit             : -1
 12  Enable crypt password storage : TRUE
 13  Service Auth Method pam_ldap  : 
 14  Service Auth Method keyserv   : 
 15  Service Auth Method passwd-cmd: 
 16  Search Time Limit             : 30
 17  Profile Time to Live          : 43200
 18  Bind Limit                    : 10
 19  Service Search Descriptors Menu
Enter config value to change: (1-19 0=commit changes) [0] 
Enter DN for proxy agent:[cn=proxyagent,ou=profile,dc=west,dc=example,dc=com]
Enter passwd for proxyagent: 
Re-enter passwd: 
 WARNING: About to start committing changes. (y=continue, n=EXIT) Y 1. Changed timelimit to -1 in cn=config.
2. Changed sizelimit to -1 in cn=config.
3. Changed passwordstoragescheme to "crypt" in cn=config.
4. Schema attributes have been updated.
5. Schema objectclass definitions have been added.
6. Created DN component dc=west.
7. NisDomainObject added to dc=west,dc=example,dc=com.
8. Top level "ou" containers complete.
9. automount maps: auto_home auto_direct auto_master auto_shared processed.
10. ACI for dc=west,dc=example,dc=com modified to disable self modify.
11. Add of VLV Access Control Information (ACI).
12. Proxy Agent cn=proxyagent,ou=profile,dc=west,dc=example,dc=com added.
13. Give cn=proxyagent,ou=profile,dc=west,dc=example,dc=com read permission for 
password.
14. Generated client profile and loaded on server.
15. Processing eq,pres indexes:
      uidNumber (eq,pres)   Finished indexing.
      ipNetworkNumber (eq,pres)   Finished indexing.
      gidnumber (eq,pres)   Finished indexing.
      oncrpcnumber (eq,pres)   Finished indexing.
      automountKey (eq,pres)   Finished indexing.
16. Processing eq,pres,sub indexes:
      ipHostNumber (eq,pres,sub)   Finished indexing.
      membernisnetgroup (eq,pres,sub)   Finished indexing.
      nisnetgrouptriple (eq,pres,sub)   Finished indexing.
17. Processing VLV indexes:
      west.example.com.getgrent vlv_index     Entry created
      west.example.com.gethostent vlv_index   Entry created
      west.example.com.getnetent vlv_index    Entry created
      west.example.com.getpwent vlv_index     Entry created
      west.example.com.getrpcent vlv_index    Entry created
      west.example.com.getspent vlv_index     Entry created
      west.example.com.getauhoent vlv_index   Entry created
      west.example.com.getsoluent vlv_index   Entry created
      west.example.com.getauduent vlv_index   Entry created
      west.example.com.getauthent vlv_index   Entry created
      west.example.com.getexecent vlv_index   Entry created
      west.example.com.getprofent vlv_index   Entry created
      west.example.com.getmailent vlv_index   Entry created
      west.example.com.getbootent vlv_index   Entry created
      west.example.com.getethent vlv_index    Entry created
      west.example.com.getngrpent vlv_index   Entry created
      west.example.com.getipnent vlv_index    Entry created
      west.example.com.getmaskent vlv_index   Entry created
      west.example.com.getprent vlv_index     Entry created
      west.example.com.getip4ent vlv_index    Entry created
      west.example.com.getip6ent vlv_index    Entry created
idsconfig: Setup of myserver is complete.
Note: idsconfig has created entries for VLV indexes.  Use the
      directoryserver(1m) script on myserver to stop
      the server and then enter the following vlvindex
      sub-commands to create the actual VLV indexes:
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getgrent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.gethostent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getnetent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getpwent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getrpcent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getspent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getauhoent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getsoluent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getauduent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getauthent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getexecent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getprofent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getmailent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getbootent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getethent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getngrpent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getipnent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getmaskent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getprent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getip4ent
  directoryserver -s myserver vlvindex -n userRoot -T west.example.com.getip6ent | ||
| 
 |