The following procedure creates an LDAP client for an existing Trusted Extensions Directory Server.
This procedure establishes the LDAP naming service configuration for the global zone on an LDAP client.
Use the txzonemgr script.
Before You Begin
The Oracle Directory Server Enterprise Edition, that is, the LDAP Server, must exist. The server must be populated with Trusted Extensions databases, and this client system must be able to contact the server. So, the LDAP Server must have assigned a security template to this client. A specific assignment is not required, a wildcard assignment is sufficient.
You must be in the root role in the global zone.
The standard naming service switch file for LDAP is too restrictive for Trusted Extensions.
# svccfg -s name-service/switch listprop config config application config/value_authorization astring solaris.smf.value.name-service.switch config/default astring files ldap config/netgroup astring ldap config/printer astring "user files ldap"
# svccfg -s name-service/switch setprop config/host = astring: "files dns ldap" # svccfg -s name-service/switch:default refresh
# svccfg -s name-service/switch listprop config config application config/value_authorization astring solaris.smf.value.name-service.switch config/default astring files ldap config/host astring files dns ldap config/netgroup astring ldap config/printer astring "user files ldap"
The Trusted Extensions databases use the default configuration files ldap, so are not listed.
# txzonemgr &
Enter Domain Name: Type the domain name Enter Hostname of LDAP Server: Type the name of the server Enter IP Address of LDAP Server servername: Type the IP address Enter LDAP Proxy Password: Type the password to the server Confirm LDAP Proxy Password: Retype the password to the server Enter LDAP Profile Name: Type the profile name
Proceed to create LDAP Client?
When you confirm, the txzonemgr script runs the ldapclient init command.
# ldapclient -v mod -a enableShadowUpdate=TRUE \ > -a adminDN=cn=admin,ou=profile,dc=domain,dc=suffix System successfully configured
# ldapclient list
The output looks similar to the following:
NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=domain-name ... NS_LDAP_BIND_TIME= number
If you get an error, redo Step 2 through Step 4. For example, the following error can indicate that the system does not have an entry on the LDAP server:
LDAP ERROR (91): Can't connect to the LDAP server. Failed to find defaultSearchBase for domain domain-name
To correct this error, you need to check the LDAP server.