Solaris LDAP clients use the information in a default Directory Information Tree (DIT) . This default DIT, however, can be overridden by specifying the modified DIT in the profile. The DIT is divided into containers that are subtrees containing entries for a specific information type.
The search baseDN specifies the location in the DIT where all information for the client is found. In the node designated as the search base, the NisDomainObject objectclass must exist. The search base node subtrees designate all the containers for the various information types. See Figure 2–1.
Table 2–1 lists the container and information type stored in the DIT:
Table 2–1 Directory Information TreeContainer | Information Type |
---|---|
ou=Ethers | bootparams(4), ethers(4) |
ou=Group | group(4) |
ou=Hosts | hosts(4), ipnodes(4),publickey(4) |
ou=Aliases | aliases(4) |
ou=Netgroup | netgroup(4) |
ou=Networks | networks(4), netmasks(4) |
ou=People | passwd(1), shadow(4), user_attr(4),audit_user(4), publickey for users |
ou=Protocols | protocols(4) |
ou=Rpc | rpc(4) |
ou=Services | services(4) |
ou=SolarisAuthAttr | auth_attr(4) |
ou=SolarisProfAttr | prof_attr(4), exec_attr(4) |
ou=projects | project |
nismapname=auto_* | auto_* |
If a particular LDAP deployment requires the default containers be overridden, it is possible to do so by specifying the modified container in the profile. You can define an alternate search baseDN for each of the databases
For example, assume that an organization wants to replace the ou=People container with ou=employee and ou=contractor containers. For this profile entry (which can exist anywhere in the DIT), an alternate search DN needs to be specified. Generate the LDAP client profile using the -B option to specify an alternate search DN. See ldap_gen_profile(1M) for details. The attribute looks like:
SolarisDataSearchDN="passwd:(ou=employee,dc=mkt,dc=mystore,dc=com), (ou=contractor,dc=mkt,dc=mystore,dc=com)" |