LDAP Setup and Configuration Guide

Client Profile

To simplify Solaris client setup, a client profile needs to be defined. This profile must be created on the server. During the initialization stage, a client can easily set up the system with the profile name and the server's address. The client profile allows the system administrators to define the LDAP environment to be used by Solaris clients.

The most obvious benefit of using a profile, is the ease of installing a machine. However, the true benefit of using profiles only becomes apparent when you start making changes in your environment (such as adding or removing servers). See ldap_gen_profile(1M) for details.

The following list shows the possible attributes that can be defined in the profile;

The ldap_gen_profile(1M) command is provided as part of the Solaris client tools to create client profiles. This tool generates an LDIF file which can be stored in the LDAP server using the ldapadd(1) command. The following example shows how to create a client profile.

How to Create a Client Profile

  1. Use ldap_gen_profile(1M) to create a client profile.

    # /usr/sbin/ldap_gen_profile \
    -P myprofile \
    -b dc=mkt,dc=mainstore,dc=com \
    -a simple -w mypasswd \
    -D cn=proxyagent,ou=profile,dc=mkt,dc=mainstore,dc=com \

    The following example shows the profile generated:

    dn: cn=myprofile,ou=profile,dc=mkt,dc=mainstore,dc=com
    SolarisBindDN: cn=proxyagent,ou=profile,dc=mkt,dc=mainstore,dc=com
    SolarisBindPassword: {NS1}xxxxxxxxxxxxxx
    SolarisSearchBaseDN: dc=mkt,dc=mainstore,dc=com
    SolarisAuthMethod: NS_LDAP_AUTH_SIMPLE
    SolarisTransportSecurity: NS_LDAP_SEC_NONE
    SolarisSearchReferral: NS_LDAP_FOLLOWREF
    SolarisSearchScope: NS_LDAP_SCOPE_ONELEVEL
    SolarisSearchTimeLimit: 30
    SolarisCacheTTL: 43200
    cn: myprofile
    ObjectClass: top
    ObjectClass: SolarisNamingProfile
  2. Save the generated profile to a file (such as profile.ldif) and use ldapadd(1) to store the client profile file in the LDAP server.

    # ldapadd -h ldap_server_hostname -D "cn=Directory Manager" \
    -w nssecret -f profile.ldif

The ldap_cachemgr(1M) on every client machine automatically updates the content of the LDAP configuration files. This means changes need to be made only on the server and those changes automatically propagate to every client in the namespace. The periodic update is based on the TTL, time to live value specified in the profile SolarisCacheTTL.