Enabling Shadow Updating in LDAP (System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP))

System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

Enabling Shadow Updating in LDAP

How to Initialize a Client to Enable the Updating of Shadow Data

Become superuser or assume an equivalent role.

Roles contain authorizations and privileged commands. For more information about roles, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

To set the enableShadowUpdate switch and define the admin credential, run the ldapclient command.

To update an already running client, run this command:

# ldapclient mod -a enableShadowUpdate=TRUE \
-a adminDN=cn=admin,ou=profile,dc=west,dc=example,dc=com \
-a adminPassword=admin-password
System successfully configured

To initialize a client, run this command:

# ldapclient init \
-a adminDN=cn=admin,ou=profile,dc=west,dc=example,dc=com \
-a adminPassword=admin-password
-a domainName=west.example.com \
-a profileName=WestUserProfile \
-a proxyDN=cn=proxyagent,ou=profile,dc=west,dc=example,dc=com \
-a proxyPassword=i<proxy_password> \
192.168.0.1
System successfully configured

To verify the configuration, display the contents of the /var/ldap/ldap_client_cred file.

The output should contain lines similar to the following:

# cat /var/ldap/ldap_client_cred

   NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=west,dc=example,dc=com
   NS_LDAP_BINDPASSWD= {NS1}4a3788f8eb85de11
   NS_LDAP_ENABLE_SHADOW_UPDATE= TRUE
   NS_LDAP_ADMIN_BINDDN= cn=admin,ou=profile,dc=west,dc=example,dc=com
   NS_LDAP_ADMIN_BINDPASSWD= {NS1}4a3788f8c053434f