| Skip Navigation Links | |
| Exit Print View | |
|
Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. Name Service Switch (Overview)
4. Setting Up Oracle Solaris Active Directory Clients (Tasks)
Part II NIS Setup and Administration
5. Network Information Service (Overview)
6. Setting Up and Configuring NIS (Tasks)
9. Introduction to LDAP Naming Services (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
Planning the LDAP Network Model
Planning the Directory Information Tree
Data Sharing With Other Applications
Planning the LDAP Security Model
Planning Client Profiles and Default Attribute Values for LDAP
Planning the LDAP Data Population
How to Populate a Server With host Entries by Using the ldapaddent Command
11. Setting Up Oracle Directory Server Enterprise Edition With LDAP Clients (Tasks)
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
14. LDAP Naming Service (Reference)
To populate the LDAP server with data, after the LDAP server has been configured with the proper DIT and schema. Use the new ldapaddent tool. This tool will create entries in LDAP containers from their corresponding /etc files. It can be used to populate data into the containers for the following types of data: aliases, auto_*, bootparams, ethers, group, hosts (including IPv6 addresses), netgroup, netmasks, networks, passwd, shadow, protocols, publickey, rpc, and services. Also, the RBAC-related files can be added: /etc/user_attr, /etc/security/auth_attr, /etc/security/prof_attr, and /etc/security/exec_attr.
By default, ldapaddent reads from the standard input and adds this data to the LDAP container associated with the database specified on the command line. But an input file from which data should be read can be specified using the -f option.
Because the entries are stored in the directory based on the client's configuration, the client must be configured to use the LDAP naming services.
For better performance, load the databases in this order:
passwd database followed by shadow database
networks database followed by netmasks database
bootparams database followed by ethers database
Note that when adding automounter entries, the database name is in the form of auto_* (for example, auto_home).
If you have /etc files from different hosts to add to the LDAP server, you can either merge all of them into the same /etc file and then use the ldapaddent command on one host to add the files, or run the ldapaddent command on the different hosts one by one, with the expectation that each host is already configured as an LDAP client.
If your naming service data is already in an NIS server, and you want to move the data to the LDAP server for LDAP naming services, use the ypcat command to dump the NIS map into files. Then, run the ldapaddent command against these files to add the data to the LDAP server.
The following procedure assumes that the tables are to be extracted from a yp client.
Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in Oracle Solaris 11.1 Administration: Security Services.
# ldapclient init -a profileName=new -a domainName=west.example.com 192.168.0.1
# ldapaddent -D “cn=directory manager” -f /etc/hosts hosts
You will be prompted for a password.
In this example, the ldapaddent command will use the authentication method that has been configured in the profile new. Selecting simple will cause the password to be sent in the clear. For more information, refer to the ldapaddent(1M) man page.
In stand-alone mode, the command should be appear similar to the following:
# ldapaddent -h 192.168.0.1 -N new -M west.example.com -a simple-D “cn=directory manager” -f /etc/hosts hosts
|