In the current LDAP implementation, proxy credentials that are set during initialization are stored in the SMF repository instead of in a client's profile. This implementation improves security surrounding a proxy's distinguished name (DN) and password information.
The SMF repository is svc:/network/ldap/client. It stores proxy information of clients that use proxy identity. Likewise, shadow data updates of clients whose credential level is not self are also saved to this repository.
For clients that use per-user authentication, the Kerberos identity and Kerberos ticket information for each principal (each user or host) are used during authentication. The directory server maps the Kerberos principal to a DN and the Kerberos credentials are used to authenticate to that DN. The directory server can then use its access control instruction (ACI) mechanisms to allow or deny access to naming service data as necessary.
In this environment, Kerberos ticket information is used to authenticate to the directory server. The system does not store authentication DNs or passwords. Therefore, setting the adminDN and adminPassword attributes is unnecessary when you initialize the client with the ldapclient command.