First, you need to add the Trusted Extensions databases to the existing LDAP Server on an Oracle Solaris system. Second, to enable Trusted Extensions systems to access the LDAP Server, you then need to configure a Trusted Extensions system to be the LDAP proxy server.
If an LDAP server already exists at your site, create a proxy server on a Trusted Extensions system.
Before You Begin
You have populated the LDAP server from a client that was modified to set the enableShadowUpdate parameter to TRUE. For the requirement, see Create an LDAP Client for the LDAP Server.
In addition, you have added the databases that contain Trusted Extensions information to the LDAP server from a client where the enableShadowUpdate parameter was set to TRUE. For details, see Populate the Oracle Directory Server Enterprise Edition.
You must be in the root role in the global zone.
The following are sample commands. The ldapclient init command defines proxy values.
# ldapclient init \ -a proxyDN=cn=proxyagent,ou=profile,dc=west,dc=example,dc=com \ -a domainName=west.example.com \ -a profileName=pit1 \ -a proxyPassword=test1234 192.0.2.1 System successfully configured
The ldapclient mod command enables shadow updating.
# ldapclient mod -a enableShadowUpdate=TRUE \ -a adminDN=cn=admin,ou=profile,dc=west,dc=example,dc=com \ -a adminPassword=admin-password System successfully configured
For details, see Chapter 5, Setting Up LDAP Clients in Working With Oracle Solaris 11.3 Directory and Naming Services: LDAP.
# ldaplist -l database
Troubleshooting
For strategies to solve LDAP configuration problems, see Chapter 6, Troubleshooting LDAP Configurations in Working With Oracle Solaris 11.3 Directory and Naming Services: LDAP.