LDAP Setup and Configuration Guide

Directory Information Tree

Solaris LDAP clients use the information in a default Directory Information Tree (DIT) . This default DIT, however, can be overridden by specifying the modified DIT in the profile. The DIT is divided into containers that are subtrees containing entries for a specific information type.

The search baseDN specifies the location in the DIT where all information for the client is found. In the node designated as the search base, the NisDomainObject objectclass must exist. The search base node subtrees designate all the containers for the various information types. See Figure 2–1.

Figure 2–1 Directory Information Tree Containers


Table 2–1 lists the container and information type stored in the DIT:

Table 2–1 Directory Information Tree
 Container Information Type
 ou=Ethers bootparams(4), ethers(4)
 ou=Group group(4)
 ou=Hosts hosts(4), ipnodes(4),publickey(4)
 ou=Aliases aliases(4)
 ou=Netgroup netgroup(4)
 ou=Networks networks(4), netmasks(4)
 ou=People passwd(1), shadow(4), user_attr(4),audit_user(4), publickey for users
 ou=Protocols protocols(4)
 ou=Rpc rpc(4)
 ou=Services services(4)
 ou=SolarisAuthAttr auth_attr(4)
 ou=SolarisProfAttr prof_attr(4), exec_attr(4)
 ou=projects project
 nismapname=auto_* auto_*

Override the Default Containers in the DIT

If a particular LDAP deployment requires the default containers be overridden, it is possible to do so by specifying the modified container in the profile. You can define an alternate search baseDN for each of the databases

For example, assume that an organization wants to replace the ou=People container with ou=employee and ou=contractor containers. For this profile entry (which can exist anywhere in the DIT), an alternate search DN needs to be specified. Generate the LDAP client profile using the -B option to specify an alternate search DN. See ldap_gen_profile(1M) for details. The attribute looks like: