|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Administration: Naming and Directory Services Oracle Solaris 11 Information Library|
To populate the LDAP server with data, after the LDAP server has been configured with the proper DIT and schema. Use the new ldapaddent tool. This tool will create entries in LDAP containers from their corresponding /etc files. It can be used to populate data into the containers for the following types of data: aliases, auto_*, bootparams, ethers, group, hosts (including IPv6 addresses), netgroup, netmasks, networks, passwd, shadow, protocols, publickey, rpc, and services. Also, the RBAC-related files can be added: /etc/user_attr, /etc/security/auth_attr, /etc/security/prof_attr, and /etc/security/exec_attr.
By default, ldapaddent reads from the standard input and adds this data to the LDAP container associated with the database specified on the command line. But an input file from which data should be read can be specified using the -f option.
Because the entries are stored in the directory based on the client's configuration, the client must be configured to use the LDAP naming services.
For better performance, load the databases in this order:
passwd database followed by shadow database
networks database followed by netmasks database
bootparams database followed by ethers database
Note that when adding automounter entries, the database name is in the form of auto_* (for example, auto_home).
If you have /etc files from different hosts to add to the LDAP server, you can either merge all of them into the same /etc file and then use the ldapaddent command on one host to add the files, or run the ldapaddent command on the different hosts one by one, with the expectation that each host is already configured as an LDAP client.
If your naming service data is already in an NIS server, and you want to move the data to the LDAP server for LDAP naming services, use the ypcat command to dump the NIS map into files. Then, run the ldapaddent command against these files to add the data to the LDAP server.
The following procedure assumes that the tables are to be extracted from a yp client.
Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in Oracle Solaris Administration: Security Services.
# ldapclient init -a profileName=new -a domainName=west.example.com 192.168.0.1
# ldapaddent -D “cn=directory manager” -f /etc/hosts hosts
You will be prompted for a password.
In this example, the ldapaddent command will use the authentication method that has been configured in the profile new. Selecting simple will cause the password to be sent in the clear. For more information, refer to the ldapaddent(1M) man page.
In stand-alone mode, the command should be appear similar to the following:
# ldapaddent -h 192.168.0.1 -N new -M west.example.com -a simple-D “cn=directory manager” -f /etc/hosts hosts