JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Naming and Directory Services (Overview)

2.  The Name Service Switch (Overview)

Part II DNS Setup and Administration

3.  DNS Setup and Administration (Reference)

Part III NIS Setup and Administration

4.  Network Information Service (NIS) (Overview)

5.  Setting Up and Configuring NIS Service

6.  Administering NIS (Tasks)

7.  NIS Troubleshooting

Part IV LDAP Naming Services Setup and Administration

8.  Introduction to LDAP Naming Services (Overview/Reference)

9.  LDAP Basic Components and Concepts (Overview)

LDAP Data Interchange Format (LDIF)

Using Fully Qualified Domain Names With LDAP

Default Directory Information Tree (DIT)

Default LDAP Schema

Service Search Descriptors (SSDs) and Schema Mapping

Description of SSDs

Attribute Map

objectClass Map

LDAP Client Profiles

Client Profile Attributes

Local Client Attributes

ldap_cachemgr Daemon

LDAP Naming Services Security Model


Transport Layer Security (TLS)

Assigning Client Credential Levels

enableShadowUpdate Switch

Credential Storage

Choosing Authentication Methods

Authentication and Services

Pluggable Authentication Methods

pam_unix Service Modules

pam_krb5 Service Module

pam_ldap Service Module

PAM and Changing Passwords

Account Management

Account Management With pam_unix

10.  Planning Requirements for LDAP Naming Services (Tasks)

11.  Setting Up Sun Java System Directory Server With LDAP Clients (Tasks)

12.  Setting Up LDAP Clients (Tasks)

13.  LDAP Troubleshooting (Reference)

14.  LDAP General Reference (Reference)

15.  Transitioning From NIS to LDAP (Overview/Tasks)

16.  Transitioning From NIS+ to LDAP

A.  Solaris 10 Software Updates to DNS, NIS, and LDAP

Service Management Facility Changes


pam_ldap Changes

Documentation Errors



LDAP Data Interchange Format (LDIF)

LDIF is a text-based format for describing directory service entities and their attributes. Using LDIF format you can move information from one directory to another with commands such as ldapadd and ldapmodify. The following are examples of LDIF format for each service. Use ldaplist(1) with the-l option to display the following information.

% ldaplist -l hosts myhost


dn: cn=myhost+ipHostNumber=,ou=Hosts,dc=mydc,dc=mycom,dc=com
cn: myhost
objectclass: top
objectclass: device
objectclass: ipHost
description: host 1 - floor 1 - Lab a - building b

% ldaplist -l passwd user1


dn: uid=user1,ou=People,dc=mydc,dc=mycom,dc=com
uid: user1
cn: user1
userpassword: {crypt}duTx91g7PoNzE
uidnumber: 199995
gidnumber: 20
gecos: Joe Smith [New York]
homedirectory: /home/user1
loginshell: /bin/csh
objectclass: top
objectclass: shadowAccount
objectclass: account
objectclass: posixAccount

% ldaplist -l services name


dn: cn=name+ipServiceProtocol=udp,ou=Services,dc=mydc,dc=mycom,dc=com
cn: name
cn: nameserver
ipserviceprotocol: udp
ipserviceport: 42
objectclass: top
objectclass: ipService

% ldaplist -l group mygroup


dn: cn=mygroup,ou=Group,dc=mydc,dc=mycom,dc=com
cn: mygroup
gidnumber: 4441
memberuid: user1
memberuid: user2
memberuid: user3
userpassword: {crypt}duTx91g7PoNzE
objectclass: top
objectclass: posixGroup

% ldaplist -lnetgroup mynetgroup


cn=mynetgroup,ou=netgroup,dc=central,dc=sun,dc=com objectclass=nisNetgroup
-objectclass: -top
-cn: -mynetgroup
-nisnetgrouptriple: -(,-,) nisnetgrouptriple=(user1.,-,)
-membernisnetgroup: -mylab

% ldaplist -l networks


dn: ipNetworkNumber=,ou=Networks,dc=mydc,dc=mycom,dc=com
cn: mynet-200-20-20
objectclass: top
objectclass: ipNetwork
description: my Lab Network

% ldaplist -l netmasks


dn: ipNetworkNumber=,ou=Networks,dc=mydc,dc=mycom,dc=com
cn: net-201
objectclass: top
objectclass: ipNetwork
description: my net 201

% ldaplist -l rpc ypserv


dn: cn=ypserv,ou=Rpc,dc=mydc,dc=mycom,dc=com
cn: ypserv
cn: ypprog
oncrpcnumber: 100004
objectclass: top
objectclass: oncRpc

% ldaplist -l protocols tcp


dn: cn=tcp,ou=Protocols,dc=mydc,dc=mycom,dc=com
cn: tcp
ipprotocolnumber: 6
description: transmission control protocol
objectclass: top
objectclass: ipProtocol

% ldaplist -l bootparams myhost


dn: cn=myhost,ou=Ethers,dc=mydc,dc=mycom,dc=com
bootparameter: root=boothost:/export/a/b/c/d/e
objectclass: top
objectclass: device
objectclass: bootableDevice
cn: myhost

% ldaplist -l ethers myhost


dn: cn=myhost,ou=Ethers,dc=mydc,dc=mycom,dc=com
macaddress: 8:1:21:71:31:c1
objectclass: top
objectclass: device
objectclass: ieee802Device
cn: myhost

% ldaplist -l publickey myhost


dn: cn=myhost+ipHostNumber=,ou=Hosts,dc=mydc,dc=mycom,dc=com
cn: myhost
description: Joe Smith
nispublickey: 9cc01614d929848849add28d090acdaa1c78270aeec969c9
nissecretkey: 9999999998769c999c39e7a6ed4e7afd687d4b99908b4de99
objectclass: top
objectclass: NisKeyObject
objectclass: device
objectclass: ipHost

% ldaplist -l aliases myname


dn: mail=myname,ou=aliases,dc=mydc,dc=mycom,dc=com
cn: myname
mail: myname
objectclass: top
objectclass: mailgroup