Sun Directory Services 3.1 Configuration

To enable Solaris Bandwidth Manager to operate with Sun Directory Services, you must carry out a certain amount of configuration on the directory itself. Do this first. You must then save the Solaris Bandwidth Manager configuration into the directory. This operation automatically creates the necessary entries for policy information in the directory.

Configuring the Sun Directory Services Server

On the Sun Directory Services server, you must perform the following operations:

• Add the Solaris Bandwidth Manager schema files to the Sun Directory Services schema.

• Declare the policy agent as a replica of the subtrees containing Solaris Bandwidth Manager information.

  If you modify the Solaris Bandwidth Manager configuration in the directory, you must replicate the subtree containing the configuration. You must replicate all entries.

  The bind Distinguished Name (DN) to use in the replication is of the form uid=login, etc, where login is the login defined in the agent.properties file of the policy agent. The password to use in the replication is the password defined in the agent.properties file. Replication mode must be push.

• Set a replication schedule for the replication of information between the directory and the policy agents. You can set replication to immediate, which means that whenever modifications are made to entries that are within the scope of the replica, they are automatically pushed to the appropriate policy agent. Doing so is mandatory if you are working with the RADIUS protocol.

• Define Access Control Lists (ACLs) for Solaris Bandwidth Manager information: for remote user connections, you must give the policy agent read access to at least the policyRef attribute of the entries in the remote user subtree. To enable updates to the configuration stored in the directory from batool, you must provide write access to the policy agent on all entries and attributes in the subtree containing the Solaris Bandwidth Manager configuration.

Add the Solaris Bandwidth Manager schema files to the directory server configuration like this:

1. Copy the Solaris Bandwidth Manager schema files to the directory server. By default, the Solaris Bandwidth Manager schema files, policy.at.conf, and policy.oc.conf are located under /etc/opt/SUNWconn/ba/include.

2. Open the configuration file for Sun Directory Services, dsserv.conf, in a text editor. By default, this file is located under /etc/opt/SUNWconn/ldap/current.

3. In the main configuration section of dsserv.conf, include the schema files for Solaris Bandwidth Manager:

   # - Main Configuration Section - 
   #
   include		/etc/opt/SUNWconn/ldap/current/dsserv.at.conf
   include		/etc/opt/SUNWconn/ldap/current/dsserv.oc.conf
   include		/etc/opt/SUNWconn/ldap/current/dsserv.acl.conf
   include		/opt/SUNWconn/ba/include/policy.at.conf
   include		/opt/SUNWconn/ba/include/policy.oc.conf

   This include statement must contain the absolute path to the Solaris Bandwidth Manager schema files on the directory server.

4. Restart the directory server daemon, dsservd, to reload the directory configuration. This task is described in the Sun Directory Services 3.1 Administration Guide. The Schema section of the Directory Services Admin Console now lists the Solaris Bandwidth Manager object classes and attributes.

These tasks are described in detail in the Sun Directory Services 3.1 Collection.

Saving the Bandwidth Manager Configuration

Save the Solaris Bandwidth Manager configuration into the directory using the graphical tool batool. To do so, select the Save As option from the File menu, and choose URL. The URL dialog appears. Enter either the complete URL in the URL location field, or the individual parts of the URL in the relevant fields in the lower pane. If you enter the complete URL, do so in this format: ldap://username:password@hostname:portnumber/distinguishedname. If youfill in the fields in the lower pane, do so like this:

In either case:

• Enter the username as a Distinguished Name.

• The Distinguished name of the subtree to which you want to save the file must begin with a common name. If this common name does not already exist in the directory, it is created for you.