Client Profile

To simplify Solaris client setup, a client profile needs to be defined. This profile must be created on the server. During the initialization stage, a client can easily set up the system with the profile name and the server's address. The client profile allows the system administrators to define the LDAP environment to be used by Solaris clients.

The most obvious benefit of using a profile, is the ease of installing a machine. However, the true benefit of using profiles only becomes apparent when you start making changes in your environment (such as adding or removing servers). See ldap_gen_profile(1M) for details.

The following list shows the possible attributes that can be defined in the profile;

• SolarisLDAPServers

  a comma separated list of LDAP server ip addresses with the optional colon separated port numbers that can be used by the client. There is no default for this parameter, and at least one LDAP server must be defined. In case of multiple servers, if the first server response is not retrieved, the next server is contacted.

• SolarisSearchBaseDN

  the LDAP Naming base DN where the Naming information will be stored.

• SolarisBindDN

  the LDAP identity used during the authentication process by the clients. Usually this is the proxy agent DN. The default is a NULL string.

• SolarisBindPassword

  the password of SolarisBindDN when using SIMPLE and CRAM_MD5 authentication. The default is a NULL string.

• SolarisAuthMethod

  the ordered list of authentication method(s) to be used by the clients. Possible methods include: NONE, SIMPLE or CRAM_MD5. The default is NONE. In case of multiple methods, if the first authentication method does not succeed, (except due to credentials), the next one is tried.

• SolarisTransportSecurity

  the secured transport to be used by the client. The default is NONE; currently NONE is the only option supported.

• SolarisDataSearchDN

  alternate baseDN when searching for Naming information. This allows you to override the default naming information type. The alternate baseDN consists of following format:

  database:alternate-baseDN-list

  The database is the information type defined in the nsswitch.conf file, and the alternate-baseDN-list is a list of alternate baseDNs enclosed with parentheses and separated by a comma. The lookup to a specific database is done in the order specified in this parameter. The default for all containers is NULL.

• SolarisSearchScope

  search scope to be used when looking up Naming information. Possible values are: Base, One level, or Subtree. Default is One level.

• SolarisSearchTimeLimit

  LDAP search time limit in seconds when searching for Naming information. The default is 30 seconds.

• SolarisCacheTTL

  Time-To-Live value for clients to refresh their profile information from the server. Set client_TTL to 0 (zero) if you do not want ldap_cachemgr to attempt an automatic refresh from the servers. The times are specified with either a zero 0 (for no expiration) or a positive integer in number of seconds. The default is 43200 (which is 12h).

• SolarisSearchReferral

  referral option to be used when looking up Naming information. Possible options are follow referral, or do not follow referral. Default is to always follow referrals.

The ldap_gen_profile(1M) command is provided as part of the Solaris client tools to create client profiles. This tool generates an LDIF file which can be stored in the LDAP server using the ldapadd(1) command. The following example shows how to create a client profile.

How to Create a Client Profile

1. Use ldap_gen_profile(1M) to create a client profile.

   # /usr/sbin/ldap_gen_profile \ -P myprofile \ -b dc=mkt,dc=mainstore,dc=com \ -a simple -w mypasswd \ -D cn=proxyagent,ou=profile,dc=mkt,dc=mainstore,dc=com \ 100.100.100.100

   The following example shows the profile generated:

   dn: cn=myprofile,ou=profile,dc=mkt,dc=mainstore,dc=com SolarisBindDN: cn=proxyagent,ou=profile,dc=mkt,dc=mainstore,dc=com SolarisBindPassword: {NS1}xxxxxxxxxxxxxx SolarisLDAPServers: 100.100.100.100 SolarisSearchBaseDN: dc=mkt,dc=mainstore,dc=com SolarisAuthMethod: NS_LDAP_AUTH_SIMPLE SolarisTransportSecurity: NS_LDAP_SEC_NONE SolarisSearchReferral: NS_LDAP_FOLLOWREF SolarisSearchScope: NS_LDAP_SCOPE_ONELEVEL SolarisSearchTimeLimit: 30 SolarisCacheTTL: 43200 cn: myprofile ObjectClass: top ObjectClass: SolarisNamingProfile

2. Save the generated profile to a file (such as profile.ldif) and use ldapadd(1) to store the client profile file in the LDAP server.

   # ldapadd -h ldap_server_hostname -D "cn=Directory Manager" \ -w nssecret -f profile.ldif

The ldap_cachemgr(1M) on every client machine automatically updates the content of the LDAP configuration files. This means changes need to be made only on the server and those changes automatically propagate to every client in the namespace. The periodic update is based on the TTL, time to live value specified in the profile SolarisCacheTTL.