Oracle Solaris Trusted Extensions Configuration Guide

ProcedureInstall the Sun Java System Directory Server

The Directory Server packages are available from the Sun Software Gateway web site.

Before You Begin

You are on a Trusted Extensions system with only a global zone installed. The system has no labeled zones.

Trusted Extensions LDAP servers are configured for clients that use pam_unix to authenticate to the LDAP repository. With pam_unix, the password operations, and therefore the password policy, are determined by the client. Specifically, the policy set by the LDAP server is not used. For the password parameters that you can set on the client, see Managing Password Information in System Administration Guide: Security Services. For information about pam_unix, see the pam.conf(4) man page.

Note –

The use of pam_ldap on an LDAP client is not an evaluated configuration for Trusted Extensions.

  1. Before you install the Directory Server packages, add the FQDN to your system's hostname entry.

    The FQDN is the Fully Qualified Domain Name. This name is a combination of the host name and the administration domain, as in:

    ## /etc/hosts
    ... myhost

    On a system that is running a release prior to the Solaris 10 8/07 release, add IPv4 and IPv6 entries to the /etc/inet/ipnodes file. The entries for one system must be contiguous in the file.

    If you are not running the latest release of the Solaris OS, you must have the following patches installed. The first number is a SPARC patch. The second number is an X86 patch.

    • 138874–05, 138875–05: Native LDAP, PAM, name-service-switch patch

    • 119313-35, 119314-36: WBEM patch

    • 121308-21, 121308-21: Solaris Management Console patch

    • 119315-20, 119316-20: Solaris Management Applications patch

  2. Find the Sun Java System Directory Server packages on the Oracle Sun web site.

    1. On the Sun Software Gateway page, click the Get It tab.

    2. Click the checkbox for the Sun Java Identity Management Suite.

    3. Click the Submit button.

    4. If you are not registered, register.

    5. Log in to download the software.

    6. Click the Download Center at the upper left of the screen.

    7. Under Identity Management, download the most recent software that is appropriate for your platform.

  3. Install the Directory Server packages.

    Answer the questions by using the information from Collect Information for the Directory Server for LDAP. For a full list of questions, defaults, and suggested answers, see Chapter 11, Setting Up Sun Java System Directory Server With LDAP Clients (Tasks), in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) and Chapter 12, Setting Up LDAP Clients (Tasks), in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

  4. (Optional) Add the environment variables for the Directory Server to your path.

    # $PATH
  5. (Optional) Add the Directory Server man pages to your MANPATH.

  6. Enable the cacaoadm program and verify that the program is enabled.

    # /usr/sbin/cacaoadm enable
    # /usr/sbin/cacaoadm start
    start: server (pid n) already running
  7. Ensure that the Directory Server starts at every boot.

    Templates for the SMF services for the Directory Server are in the Sun Java System Directory Server packages.

    • For a Trusted Extensions Directory Server, enable the service.

      # dsadm stop /export/home/ds/instances/your-instance
      # dsadm enable-service -T SMF /export/home/ds/instances/your-instance
      # dsadm start /export/home/ds/instances/your-instance

      For information about the dsadm command, see the dsadm(1M) man page.

    • For a proxy Directory Server, enable the service.

      # dpadm stop /export/home/ds/instances/your-instance
      # dpadm enable-service -T SMF /export/home/ds/instances/your-instance
      # dpadm start /export/home/ds/instances/your-instance

      For information about the dpadm command, see the dpadm(1M) man page.

  8. Verify your installation.

    # dsadm info /export/home/ds/instances/your-instance
    Instance Path:         /export/home/ds/instances/your-instance
    Owner:                 root(root)
    Non-secure port:       389
    Secure port:           636
    Bit format:            32-bit
    State:                 Running
    Server PID:            298
    DSCC url:              -
    SMF application name:  ds--export-home-ds-instances-your-instance
    Instance version:      D-A00

For strategies to solve LDAP configuration problems, see Chapter 13, LDAP Troubleshooting (Reference), in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).