Creating Subscriber Entries
Solaris for ISPs subscribers come in several varieties:
-
The general (basic) subscriber
-
The subscriber who uses virtually-hosted FTP or Web services
-
The subscriber who gains access to services through a RADIUS server
-
The subscriber who uses both, and whose directory entry requires both RADIUS and FTP information
In the sections that follow, instructions are provided for building the complex subscriber entry by creating the simpler entry and adding to it.
Creating a Basic Subscriber Entry
Before you can create subscriber entries, the domain and the People organizational unit entries must exist. Once you have created those entries, you can edit a text file (for example, people.ldif) and enter the data for the subscriber. The basic subscriber entry has the single object class ispSubscriber, and very few mandatory attributes. The file for a basic subscriber looks like this:
dn: cn=Jane Doe (jldoe),ou=People,ou=wcgate1,ou=eng,o=sun,c=US commonname: Jane Doe (jldoe) sn: Doe uid: jldoe userpassword: hidden objectclass: ispSubscriber
Where
- dn
-
Is the distinguished name of the subscriber entry.
- commonName
-
Is the naming attribute of a subscriber entry (ispSubscriber object class). For Solaris for ISPs subscribers and administrators, the value of the commonName attribute takes the form Firstname Lastname (userid).
- sn
-
Is the surname of the subscriber.
- uid
-
Is the login name of the subscriber.
- userPassword
-
Is the password, limited to eight characters if you are sharing password information with UNIX accounts. This value is generated with the encryption method you set in the directory services administration console.
- objectClass: ispSubscriber
-
Is the object class type of this subscriber entry.
You can create any number of subscriber entries by adding blocks of data with different attribute values to the file. When it is complete, save and close people.ldif. Obtain root access and add the subscriber entries to the directory with the following command, replacing the bind DN and password with your own:
# ldapadd -D "cn=admin,o=sun,c=US" -w password -f people.ldif
Adding FTP and Web Virtual Hosting Information
The information required for the specially-configured virtual hosting available with SunTM Internet FTP ServerTM and SunTM WebServerTM (SWS) adds only three attributes to the data file:
gidnumber: 60001 uidnumber: 60001 ispcontentdirectory: jldoe
Where
- gidNumber
-
Is the UNIX group ID specified for this user in the virtually-hosted domain for FTP and Web services.
- uidNumber
-
Is the UNIX user ID specified for this user in the virtually-hosted domain for FTP and Web services.
- ispContentDirectory
-
Is the location (relative to the associated domain's document root) where this subscriber's content files are located.
Note -
Setting the values for the uidNumber and gidNumber attributes requires existing UNIX accounts properly set up to share access to the virtual FTP domain. See the Sun Internet FTP Server on-line help for information on defining a virtual host configuration.
You can create any number of subscriber entries by adding blocks of data to the file. When it is complete, save and close people.ldif. Obtain root access and add the subscriber entries to the directory with the following command, replacing the bind DN and password with your own:
# ldapadd -D "cn=admin,o=sun,c=US" -w password -f people.ldif
If you have already created these entries, you must perform an ldapmodify. Locate the manual page for ldapmodify(1) and follow those instructions.
Adding Remote User Information
An entry for a subscriber who gains access to ISP services through a RADIUS server must support an additional object class (remoteUser) and has several attributes added to the entry information.
Note -
The default Solaris for ISPs configuration designates the root domain as the search base for RADIUS subscriber entries. If your configuration is different, use the directory services administration console to configure RADIUS and enter values appropriate for your search base.
The additional lines in the ldif file are:
objectclass: remoteUser authsuffixname: @ispxpress grpcheckinfo: authSuffixName grpcheckinfo: userPassword authserviceprotocol: Framed-User framedrouting: None framedprotocol: PPP grpreplyinfo: authServiceProtocol grpreplyinfo: framedProtocol grpreplyinfo: framedRouting
Where
- objectClass: remoteUser
-
Is a required object class for the subscriber accessing services using a RADIUS server.
- authsuffixname: @ispxpress
-
Is a suffix added to the subscriber's user name to enable the RADIUS server to distinguish among entries with the same uid in different domains. Enter the appropriate suffix for the specific user entry.
- grpcheckinfo: authSuffixName
-
Indicates that the RADIUS server should verify the authSuffixName attribute value before selecting the entry to authenticate against.
- grpcheckinfo: userPassword
-
Indicates that the RADIUS server should verify the userPassword attribute value before selecting the entry to authenticate against.
- authserviceprotocol: Framed-User
-
If you are using the default RADIUS configuration, enter this attribute exactly as shown. The correct value is determined by the configuration of your network access server.
- framedrouting: None
-
If you are using the default RADIUS configuration, enter this attribute exactly as shown. The correct value is determined by the configuration of your network access server.
- framedprotocol: PPP
-
If you are using the default RADIUS configuration, enter this attribute exactly as shown. The correct value is determined by the configuration of your network access server.
- grpreplyinfo: authServiceProtocol
-
Tells the RADIUS server to include the value of the authServiceProtocol attribute in its reply message.
- grpreplyinfo: framedProtocol
-
Tells the RADIUS server to include the value of the framedProtocol attribute in its reply message.
- grpreplyinfo: framedRouting
-
Tells the RADIUS server to include the value of the framedRouting attribute in its reply message.
You can create any number of subscriber entries by adding blocks of data to the file. When it is complete, save and close people.ldif. Obtain root access and add the subscriber entries to the directory with the following command, replacing the bind DN and password with your own:
# ldapadd -D "cn=admin,o=sun,c=US" -w password -f people.ldif
If you have already created these entries, you must perform an ldapmodify. Locate the manual page for ldapmodify(1) and follow those instructions.
The Complete ldif File
The complete ldif file for a complex user looks like:
dn: cn=Jane Doe (jldoe),ou=People,ou=wcgate1,ou=eng,o=sun,c=US commonname: Jane Doe (jldoe) sn: Doe uid: jldoe userpassword: hidden gidnumber: 60001 uidnumber: 60001 objectclass: ispSubscriber objectclass: remoteUser ispcontentdirectory: /home/users/jldoe authsuffixname: @ispxpress grpcheckinfo: authSuffixName grpcheckinfo: userPassword authserviceprotocol: Framed-User framedrouting: None framedprotocol: PPP grpreplyinfo: authServiceProtocol grpreplyinfo: framedProtocol grpreplyinfo: framedRouting
- © 2010, Oracle Corporation and/or its affiliates