Entries in the OSI Tree
The OSI tree must contain entries for the subscribers who will be authenticated on the virtual host.
The virtual host or virtual domain does not need to have its own set of subscribers; the virtual host services can authenticate users against
the general ISP subscriber base. If you wish to have users authenticated against the general ISP subscriber base, make the associatedName attribute on the dc entries in the DC tree point to the top DN in the OSI tree (for example, ou=myIsp,c=US).
If you create a new domain in the OSI tree, you need to create an organizationalUnit (ou)
node naming the domain with an associatedDomain attribute that points to the proper domain or host name in the DC tree.
Below the virtual domain ou, you need to create ou nodes for People (to contain ispSubscriber entries), Groups, and Services (to contain ispService entries). Populating the People and
Services portions of the tree is explained in "Entries for Users for the Domain" and "Entries for Services in the Domain" below.
The procedure below uses a virtual host with its own set of subscribers. Since these subscribers are unique to the virtual domain, we need
to create an ou node in the OSI tree for the domain and set its associatedDomain attribute to
the name of the virtual domain in the DC tree.
To Create the Domain in the OSI Tree
-
Determine the distinguished name for the domain in the OSI tree. The distinguished name includes the
ounode for the domain, and all of the parents of that node in the tree.In this procedure we will create a domain directly below a top distinguished name of
o=myISP,c=US. The dn of the domain isou=SmallOrg,o=MyISP,c=US.Since we have only one host in the example, we could be more specific and use
ou=www,ou=SmallOrg,o=MyISP,c=US. By only specifying the domain, it is possible to add more virtual hosts to the domain later that use the same subscribers (for example, ifmail.smallorg.comis created later). -
Determine the dn of the virtual host in the DC tree. This will be used in the
associatedDomainattribute.For example,
dc=smallorg,dc=com. -
Create a text file for the ldif entries.
For example, /tmp/smallorg.ldif.
-
Create an ldif entry for the domain specifying the
dn, its object class attributes, theou, and theassociatedDomain.The object classes are always
organizationalUnitanddomainRelatedObject.For this example,
dn=ou=SmallOrg,o=MyISP,c=USand theassociatedDomainissmallorg.com(note that theassociatedDomainis specified as a domain name and not as a distinguished name).Here is what would be entered into the ldif file:
dn: ou=SmallOrg,o=MyISP,c=US ou: SmallOrg associatedDomain: smallorg.com objectClass: organizationalUnit objectClass: domainRelatedObject objectClass: top
-
Create ldif entries for the
People,Groups, andServicesnodes in the domain.These nodes all have
organizationalUnitobject classes, and are used to contain other data for the virtual domain.The following would be added to the end of the example ldif file:
dn: ou=People,ou=SmallOrg,o=MyISP,c=US ou: People objectClass: organizationalUnit dn: ou=Groups,ou=SmallOrg,o=MyISP,c=US ou: Groups objectClass: organizationalUnit dn: ou=Services,ou=SmallOrg,o=MyISP,c=US ou: Services objectClass: organizationalUnit
-
Save the file.
-
You may run ldapadd now to add the entries, or continue with the other procedures and add all of the required ldif entries to the file first.
To run ldapadd on the host where the Solaris ISP Server directory server is running:
% cd /opt/SUNWconn/bin % ./ldapadd -D cn=admin,o=myISP,c=US -w secret -f /tmp/smallorg.ldif
- © 2010, Oracle Corporation and/or its affiliates