Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) Oracle Solaris 11 Express 11/10 |
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. The Name Service Switch (Overview)
Part II DNS Setup and Administration
3. DNS Setup and Administration (Reference)
Part III NIS Setup and Administration
4. Network Information Service (NIS) (Overview)
5. Setting Up and Configuring NIS Service
Part IV LDAP Naming Services Setup and Administration
8. Introduction to LDAP Naming Services (Overview/Reference)
9. LDAP Basic Components and Concepts (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
11. Setting Up Sun Java System Directory Server With LDAP Clients (Tasks)
Configuring Sun Java System Directory Server by Using idsconfig
Using Service Search Descriptors to Modify Client Access to Various Services
Setting Up SSDs Using idsconfig
How to Configure Sun Java System Directory Server by Using idsconfig
Populating the Directory Server Using ldapaddent
How to Populate Sun Java System Directory Server With User Password Data Using ldapaddent
Populating the Directory Server With Additional Profiles
How to Populate the Directory Server With Additional Profiles Using ldapclient
Configuring the Directory Server to Enable Account Management
Migrating Your Sun Java System Directory Server
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
14. LDAP General Reference (Reference)
15. Transitioning From NIS to LDAP (Overview/Tasks)
Part V Active Directory Naming Service
During the server installation process, you will have defined crucial variables, with which you should create a checklist similar to the one below before launching idsconfig. You can use the blank checklist provided in Blank Checklists.
Note - The information included below will serve as the basis for all examples that follow in the LDAP related chapters. The example domain is of an widget company, Example, Inc. with stores nationwide. The examples will deal with the West Coast Division, with the domain west.example.com
Table 11-1 Server Variables Defined
|
Note - If you are using hostnames in defining defaultServerList or preferredServerList, you MUST ensure LDAP is not used for hosts lookup. This means ldap must not be in /etc/nsswitch.conf hosts line.
Table 11-2 Client Profile Variables Defined
|
Note - Client profiles are defined per domain. At least one profile must be defined for a given domain.
idsconfig indexes the following list of attributes for improved performance.
pres,eq,sub
pres,eq,sub
pres,eq,sub
pres,eq
pres,eq
pres,eq
pres,eq
pres,eq
idsconfig(1M) automatically adds the necessary schema definitions. Unless you are very experienced in LDAP administration, do not manually modify the server schema. See Chapter 14, LDAP General Reference (Reference) for an extended list of schemas used by the LDAP naming service.
The browsing index functionality of the Sun Java System Directory Server, otherwise known as the virtual list view (VLV), provides a way in which a client can view a select group or number of entries from very long list, thus making the search process less time consuming for each client. Browsing indexes provide optimized, predefined search parameters with which the Solaris LDAP naming client can access specific information from the various services more quickly. Keep in mind that if you do not create browsing indexes, the clients may not get all the entries of a given type because the server limits for search time or number of entries might be enforced.
VLV indexes are configured on the directory server and the proxy user has read access to these indexes.
Before configuring browsing indexes on the Sun Java System Directory Server, consider the performance cost associated with using these indexes. For more information, refer to the Administration Guide for the version of Sun Java System Directory Server that you are using.
idsconfig creates entries for several VLV indexes. Use the directoryserver script to stop the server and to create the actual VLV indexes. See the idsconfig(1M) and the directoryserver(1M) man pages for more information. Refer to the output of the idsconfig command to determine the VLV entries created by idsconfig and the syntax of the corresponding directoryserver commands that you need to run. See Example idsconfig Setup for sample idsconfig output.