Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
Previous Next

LDAP Client Profiles

To simplify Solaris client setup, and avoid having to reenter the same information for each and every client, create a single client profile on the directory server. This way, a single profile defines the configuration for all clients configured to use it. Any subsequent change to the profile attributes is propagated to the clients at a rate defined by the refresh interval.

These client profiles should be stored in a well-known location on the LDAP server. The root DN for the given domain must have an object class of nisDomainObject and a nisDomain attribute containing the client's domain. All profiles are located in the ou=profile container relative to this container. These profiles should be readable anonymously.

Client Profile Attributes

The following table shows the Solaris LDAP client's profile attributes, which can be set automatically when you run idsconfig. See Initializing a Client Manually and the idsconfig(1M) man page for information on how to set a client profile manually.

Table 9-2 Client Profile Attributes

Attribute

Description

cn

The profile name. The attribute has no default value. The value must be specified.

preferredServerList

The host addresses of the preferred servers is a space separated list of server addresses. (Do not use host names.) The servers in this list are tried in order before those in defaultServerList until a successful connection is made. This has no default value. At least one server must be specified in either preferredServerList or defaultServerList.

defaultServerList

The host addresses of the default servers is a space separated list of server addresses. (Do not use host names.) After the servers in preferredServerlist are tried, those default servers on the client's subnet are tried, followed by the remaining default servers, until a connection is made. At least one server must be specified in either preferredServerList or defaultServerList. The servers in this list are tried only after those on the preferred server list. This attribute has no default value.

defaultSearchBase

The DN relative to which to locate the well-known containers. There is no default for this value. However, this can be overridden for a given service by the serviceSearchDescriptor attribute.

defaultSearchScope

Defines the scope of a database search by a client. It can be overridden by the serviceSearchDescriptor attribute. The possible values are one or sub. The default value is a one level search.

authenticationMethod

Identifies the method of authentication used by the client. The default is none (anonymous). See Choosing Authentication Methods for more information.

credentialLevel

Identifies the type of credentials a client should use to authenticate. The choices are anonymous, proxy, or self (also known as per user). The default is anonymous.

serviceSearchDescriptor

Defines how and where a client should search for a naming database, for example, if the client should look in one or more points in the DIT. By default no SSDs are defined.

serviceAuthenticationMethod

Authentication method used by a client for the specified service. By default, no service authentication methods are defined. If a service does not have serviceAuthenticationMethod defined, it will default to the value of authenticationMethod.

attributeMap

Attribute mappings used by client. By default no attributeMap is defined.

objectclassMap

Object class mappings used by client. By default no objectclassMap is defined.

searchTimeLimit

Maximum time [in seconds] a client should allow for a search to complete before timing out. This does not affect the time the LDAP server will allow for a search to complete. The default value is 30 seconds.

bindTimeLimit

Maximum time in seconds a client should allow to bind with a server before timing out. Default value is 30 seconds.

followReferrals

Specifies whether a client should follow an LDAP referral. Possible values TRUE or FALSE. The default value is TRUE.

profileTTL

Time between refreshes of the client profile from the LDAP server by the ldap_cachemgr(1M). Default is 43200 seconds or 12 hours. If given a value of 0, the profile will never be refreshed.

Local Client Attributes

The following table lists the client attributes that can be set locally using ldapclient. See the ldapclient(1M) man page for more information.

Table 9-3 Local Client Attributes

Attribute

Description

domainName

Specifies the client's domain name (which becomes the default domain for the client machine). This attribute has no default value and must be specified.

proxyDN

The proxy's distinguished name. If the client machine is configured with credentialLevel of proxy, the proxyDN must be specified.

proxyPassword

The proxy's password. If the client machine is configured with credentialLevel of proxy, proxyPassword must be defined.

certificatePath

The directory on the local file system containing the certificate databases. If a client machine is configured with authenticationMethod or serviceAuthenticationMethod using TLS, then this attribute is used. The default value is /var/ldap.

Note - If the BaseDN in an SSD contains a trailing comma, it is treated as a relative value of the defaultSearchBase. The values of the defaultSearchBase are appended to the BaseDN before a search is performed.
Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire