Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

To Configure an LDAP Repository for PAM

This procedure describes how to configure an Identity Synchronization for Windows-supported LDAP repository for PAM, using the following example information:

Prerequisites to configure an Identity Synchronization for Windows- supported LDAP repository for PAM.

Use the following steps to configure an Identity Synchronization for Windows- supported LDAP repository for PAM.

  1. Configure the LDAP store by using the Solaris OS idsconfig command-line tool.

    The idsconfig tool prompts you for values that are needed to form the directory information tree (DIT) to be contained in the LDAP store. The idsconfig tool will manipulate the requisite LDAP store schema to accommodate the impending user population.

    When you configure the test system, the following idsconfig summary screen is displayed:

    Summary of Configuration Screen
  2. To change the value of a configuration parameter, type its associated configuration number.

  3. Select an option from the list of predefined options that can be supplied to the selected parameter.

  4. Evaluate the following key parameters’ values:

    • Domain to serve

    • Base DN to setup

    • Profile name to create

    • Service Auth Method pam_ldap

    If necessary, use the idsconfig tool to change the context of these parameter values so they are appropriate for your deployment. If you are working in a test environment where you can change DNS entries and set machine IP addresses to arbitrary values, you may use the names and addresses provided in this appendix.

  5. Continue with the proxy creation initiated by the idsconfig tool by providing the appropriate values (default or custom) for the various parameters.

  6. After the configuration is complete and idsconfig stores the generated configuration, create virtual list view (VLV) indexes when prompted.

    Note –

    VLV indexes (also called browsing indexes) enable PAM to quickly search for groups, users, and so forth. For information about creating VLV indexes, go to:

    Managing Browsing Indexes in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide

    Pay particular attention to the number of VLV indexes that you are prompted to create. The idsconfig tool will provide a list of VLV indexes that are contextually sensitive to the state in which it finds the LDAP store.

    The following figure shows the resulting topology, as displayed on the Sun Java System Directory Server Console.

    Resulting Topology

    When you are finished configuring the LDAP repository for PAM, continue to To Populate the LDAP Repository.