Solaris ISP Server 2.0 Reference Guide

Part I Solaris ISP Server Core

Solaris ISP Server^TM 2.0 core man pages.

man Pages(1m): Maintenance Commands

ispIntro(1M)

NAME

ispIntro.1m- Introduction to the command-line utilities for Solaris ISP Server

DESCRIPTION

The man pages offer detailed instruction and examples on the options and subcommands for each utility. The command-line utilities are available to start and run the host configuration tool that installs Solaris ISP Server components and configures the system; to register and unregister services on this host with the Sun Internet Administrator console; and to bulk load subscriber entries from an existing data source into the Solaris ISP Server directory service.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWispm
Interface Stability	Evolving

FILES

/opt/SUNWisp/sbin/hcjump

/opt/SUNWisp/lib/hclfmd

/opt/SUNWisp/sbin/hcstartup

/opt/SUNWisp/sbin/ispladp

/opt/SUNWisp/sbin/isprshp

/opt/SUNWisp/sbin/mchelp

/opt/SUNWisp/sbin/mcreg

/opt/SUNWisp/sbin/mcunreg

/opt/SUNWisp/ldap/sunds/sbin/sispload

/opt/SUNWisp/sbin/uninstall-sisp1.0

NOTES

hcjump(1m): performs a non-interactive Solaris ISP Server software installation and configuration. hcjump is designed to be called from a JumpStart custom configuration finish script.
hclfmd(1m): maintains log files written by syslogd and auditd, and periodically cycles and archives log files. hclfmd detects intrusion attempts and notifies.
hcstartup(1m): starts the host configuration tool and Web-based user interface for installation and configuration of Solaris ISP Server software. hcstartup performs setup and initialization, and from a browser presents the host configuration user interface.
ispldap(1m): creates entries in configuration files, for access by the ISP IDIA library functions (which return information required for accessing directory services). Also creates required directory services entries.
isprshp(1m): sets the port on which the Solaris ISP Server remote command execution daemon listens.
mchelp(1m): displays the release version of Sun^TM Internet Administrator^TM installed on the system and lists all utilities associated with it.
mcreg(1m): registers a software component making it available for management through the Sun Internet Administrator console. Overwrites any previous registration of the same component.
mcunreg(1m): unregisters a software component GUI, making it unavailable to the Sun Internet Administrator console.
sispload(1m): converts a file of user entries into an ldif file for loading into the Solaris ISP Server directory service.
uninstall-sisp1.0(1m): performs a non-interactive uninstall of Solaris^TM for ISPs^TM 1.0 components and saves the old data.

Solaris ISP Server 2.0 Last Revised February 1999

hcjump(1M)

NAME

hcjump

^TM

SYNOPSIS

hcjump

directory

DESCRIPTION

Performs setup and initialization for installation and configuration. hcjump is designed to be called from a JumpStart custom configuration finish script. You must have root access to run hcjump. It can also be used to perform a replicated installation and upgrade.

OPERANDS

directory: The path to the root directory of the installation media for Solaris ISP Server.

EXTENDED DESCRIPTION

hcjump does the following:

Copies the host configuration archive files into /tmp.
Copies information from the installation media into /var/opt/SUNWisp/hc/media.
Removes any existing configuration information in /var/opt/SUNWisp/hc/media to copy information from the installation media.
Copies files from the exported scenario directory into /var/opt/SUNWisp/hc/scenario.
Implements the scenario, installing and removing software and reconfiguring as specified.
Cleans up /tmp.

When you save an exported scenario from the host configuration GUI, a copy of hcjump is saved in its root directory. Invoke this version of hcjump from your finish script.

EXIT STATUS

The following exit values are returned:

0: Successful completion.
>0: An error occurred.

FILES

/var/opt/SUNWisp/hc: Both hcjump and hcstartup store configuration information in this directory. When hcjump is invoked, all data in the host configuration directory is removed and replaced with new data.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving

NOTES

When hcjump runs, it removes the information on the current state of the system in /var/opt/SUNWisp/hc saved by the host configuration software (hcstartup). For this reason, invoke hcjump before invoking hcstartup and not vice versa.

Solaris ISP Server 2.0 Last Revised February 1999

hclfmd(1M)

NAME

hclfmd

SYNOPSIS

hclfmd

DESCRIPTION

The host configuration log file management daemon is a resident daemon that is started when the system boots. It perfoms three basic functions:

hclfmd maintains log files written by syslogd:
- Deletes weekly archives older than one month.
- Creates a weekly archive by compiling and compressing a week's worth of daily logs and deleting the daily logs. The weekly log is named: name.YYYYMMDDHHMM-YYYYMMDDHHMM.tar.z.
- Cycles the daily logs by renaming the existing logs and sending a hangup (SIGHUP) signal.
hclfmd finds these files by reading /etc/syslog.conf.
hclfmd maintains log files written by auditd:
- Deletes weekly archives older than one month.
- Creates a weekly archive by compiling and compressing a week's worth of daily logs and deleting the daily logs. The weekly log is named: name.YYYYMMDDHHMM-YYYYMMDDHHMM.tar.z.
- Cycles the daily logs by running audit -n.
hclfmd finds these files by reading /etc/security/audit_control.
By default, every minute, hclfmd examines its log files for intrusion attempts. The interval at which hclfmd examines its log files and the files checked for intrusion attempts are defined in hclfmd.conf. If hclfmd discovers any intrusion attempts, it runs the notification command listed in the configuration file.

EXIT STATUS

The following exit values are returned:

0: Successful completion.
>0: An error occurred.

FILES

/etc/opt/SUNWisp/hc/hclfmd.conf: When hclfmd finds an intrusion attempt in a log file, it reads this file to discover a notification mechanism.
/etc/security/audit_control: hclfmd reads this file to discover audit logs to monitor.
/etc/syslog.conf: hclfmd reads this file to discover syslog logs to monitor.
/var/spool/cron/crontabls/root: hclfmd removes the cron entry for /usr/lib/newsyslog because the log file management functionality is an effective replacement for it.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving

hcstartup(1M)

NAME

hcstartup

^TM

SYNOPSIS

hcstartup

DESCRIPTION

Performs setup and initialization, and from a browser, accesses the host configuration user interface. You must have root access to run hcstartup.

`hcstartup` Prompts

There are Solaris for ISPs 1.0 components installed on this machine. Before installing Solaris ISP Server 2.0,this program will uninstall the old version. The configuration data for these components will be saved and they will be uninstalled (you may then select them forreinstallation and the saved data will be restored). Do you wish to proceed? (y/n) y

This message indicates that to proceed with the installation, Solaris for ISPs 1.0 components running on the machine will be uninstalled, data saved and used for upgrading to Solaris ISP Server 2.0.

Enter path to installation media(enter "none" if no media) current working directory

The current working directory is displayed and is the default value (if you press Return). If there is no distribution media available, only uninstall options may be performed.

Enter a port number for the temporary web server [8000]

Port 8000 is the default port for the temporary Web server. hcstartup checks to see if the port is available, and prompts for another if it is in use.

Please choose one of the following options:

The default selection is 1 which will start HotJava browser for host configuration (if you press Return). The second option allows you to open a browser of your choice for the host configuration process. You can also abort the installation by selecting the third option.

`hcstartup` Actions

Behind the scenes, hcstartup does the following:

Executes uninstall-sisp1.0 script to:
- Uninstall 1.0 components currently found installed on the machine.
- Save the 1.0 configuration data for upgrading to 2.0.
Copies host configuration archive information into /tmp.
Starts a temporary web server for the graphical user interface.
Copies information from the distribution media to /var/opt/SUNWisp/hc/media.
Provides browser options to begin host configuration process for installation.
When the configuration process is complete, cleans up /tmp.

FILES

/tmp/hcstartup.running: The presence of this file indicates that the utility is already running. hcstartup checks for this file when first invoked. If the file exists, another install and configuration process is already running, or one has exited improperly.
/tmp/hcbi.running: The presence of this file indicates that the batch install utility is running. hcstartup checks for this file when first invoked. If the file exists, another install and configuration process is already running, or one has exited improperly.
/tmp/hcpid: A number of temporary directories and files are created here. hcstartup removes them as a part of its cleanup.
/var/opt/SUNWisp/hc/media: Distributed media files are copied to this directory.

EXIT STATUS

The following exit values are returned:

0: Successful completion.
>0: An error occurred.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving

NOTES

If you run this command remotely, set the DISPLAY environment properly.

Solaris ISP Server 2.0 Last Revised February 1999

ispldap(1M)

NAME

ispldap- creates entries in configuration files, for access by the ISP IDIA library functions (which return information required for accessing directory services). Also creates required directory services entries

SYNOPSIS

ispldap

-d

RootBindDn

-w

Password

-s

"ServerName[:PortNumber] [Servername2[:PortNumber2] ...]"

-t

TopDN

-q

ispldap

-h

DESCRIPTION

Records access information about LDAP servers configured on the network, for use by the ISP Directory Information API. Creates the ou=componentID and ispVersion=versionNo entries in the directory for services that have recorded their need for them during service installation. Root access is required to run this command.

An application that requires access to the directory services should create an empty file in /etc/opt/SUNWisp/ldap/ispconf. The file must be named in the form componentID-version, where componentID is a string uniquely identifying the software and version is the software version number. After ispldap runs, the file contains the bind DN and password for that portion of the directory tree where application-specific entries have been made. Therefore, set permissions on the file to protect that information appropriately.

OPTIONS

-d RootBindDn

Specifies the distinguished name (DN) for binding to the directory as the directory administrator.

-h

Prints usage message and exits.

-q

Suppresses output messages and executes command in quiet mode.

-s "ServerName[:PortNumber] [Servername2[:PortNumber2] ...]"

Indicates the number of directory servers configured on the network. One server host name is required. Additional servers (as appropriate) can be specified. In every case, the port number is optional. If no port number is specified, the default port (389) is assumed.

Note -

In Solaris ISP Server^TM 2.0, only a single, unreplicated directory server is supported.

-t TopDN

Specifies the DN of the top Solaris ISP Server domain entry in the ISO tree.

-w Password

Indicates the password for binding to the directory as the administrator.

Note -

If you enter the password option on the command line, it is visible to anyone who can see your screen and to anyone issuing a ps command while ispldap is running. You can omit the -w option on the command line, avoiding these risks. The command then prompts you for the password, and your entry is not echoed on the screen.

EXAMPLES

Example 1 Storing Information about an LDAP Server

The following shows a standard use of ispldap to record information about an LDAP server on the host "Groucho" running on the default LDAP port (389).

# /opt/SUNWisp/bin/ispldap -d ou=admin,o=sun,c=us -s "Groucho" -t o=sun,c=us
# Password:

Example 2 Storing Information about an LDAP Server and Port

The following use of ispldap stores the bind information about an LDAP server on the host "Chico" running on port 2000:

# /opt/SUNWisp/bin/ispldap -d ou=admin,o=sun,c=us -s "Chico:2000" \
-t o=sun,c=us
# Password:

The bind DN is "ou=admin,o=sun,c=us."
The bind password is omitted from the command line arguments. The utility prompts for a password and does not echo it on the command line, keeping the password secure.
The DN for the top level domain entry for the product in this example is "o=sun,c=us."

Example 3 Storing Server Information using an IP Address

The following use of ispldap stores the bind information about an LDAP server at IP address 129.146.115.159 running on the default LDAP port (389).

# /opt/SUNWisp/bin/ispldap -d "ou=admin,o=sun,c=us" -s "129.146.115.159"
# Password:

EXIT STATUS

The following exit values are returned:

0: Successful completion.
>0: An error occurred.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWixamr
Interface Stability	Evolving

NOTES

If you modify the service entries in the directory services, particularly the distinguished name or the password, you must run this command again on the service host.

Solaris ISP Server 2.0 Last Revised February 1999

isprshp(1M)

NAME

^TM

SYNOPSIS

isprshp

-p

PortNumber

DESCRIPTION

Use isprshp to change the port on which the remote command execution daemon listens. Run this command once on each host managed by Sun^TM Internet Administrator^TM and set Sun Internet Administrator to the same port (using its graphical user interface).

OPTIONS

-p PortNumber: Enter a valid, available port number. If this option is omitted, the remote execution daemon is set to listen on its default port (50097).

EXAMPLES

Example 1 Setting the Port Number

# /opt/SUNWisp/bin/isprshp -p 60320

EXIT STATUS

The following exit values are returned:

0: Successful completion.
>0: An error occurred.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWixamr
Interface Stability	Evolving

NOTES

Solaris ISP Server 2.0 Last Revised February 1999

mchelp(1M)

NAME

mchelp

^TM

SYNOPSIS

mchelp

DESCRIPTION

Lists all command-line utilities associated with the installed version of Sun Internet Administrator. Displays the release version of the product. Run mchelp on the machine where Sun Internet Administrator is installed.

EXAMPLES

Example 1 `mchelp` Output

Invoke mchelp by entering it at the command line:

/opt/SUNWisp/sbin/mchelp

The following output is displayed at your terminal:

Sun Internet Administrator release 1.1 commands:

`mcadd`	`Adds a service to be managed`
`mcaddadm`	`Creates an administrator account`
`mcadmpwd`	`Sets an administrator password`
`mchelp`	`Lists all command-line utilities`
`mchostls`	`Lists all available services on a host`
`mcreg`	`Records information about a manageable user interface`
`mcrm`	`Removes a managed service from Sun Internet Administrator`
`mcrmadm`	`Deletes an administrator account`
`mcunreg`	`Deletes information about a manageable user interface`

EXIT STATUS

The following exit values are returned:

0: Successful completion.
>0: An error occurred.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving

mcreg(1M)

NAME

mcreg

^TM

SYNOPSIS

mcreg

-A

-c

componentID

-d

doc_path

-i

icon_path

-j

classpath

-l

-n

name

-r

"servlet_info"

-s

CGI_path

-v

componentVersion

-w

URL

-y

productVersion

mcreg

-c

componentID

-v

componentVersion

-y

productVersion

mcreg

-c

componentID

-i

icon_path

-l

-n

name

-v

componentVersion

-w

URL

-y

productVersion

mcreg

-c

componentID

-i

icon_path

-n

name

-v

componentVersion

-y

productVersion

-x

X_path

-u

user_name

-g

group_name

mcreg

-c

componentID

-i

icon_path

-n

name

-v

componentVersion

-y

productVersion

-p

prog_path

-a

-d

help_file

-u

user_name

-g

group_name

DESCRIPTION

Records user interface information for Sun Internet Administrator. Use the different forms of mcreg for the various supported user interface types. See the EXTENDED DESCRIPTION for a discussion of each form.

OPTIONS

-A

Indicates that the specified component is the graphical user interface of a three-tier, web-based service.

-c componentID

Specifies the unique component identifier for the service being registered. The package name is recommended because it is guaranteed to be unique.

-d doc_path

Specifies the path to all GUI files with the exception of CGI scripts. Specify the CGI location with the -s option.

-i icon_path

Specifies the full path to an optional GIF format file to be used as an icon in the Sun Internet Administrator GUI.

-j classpath

Specifies a Java classpath for any servlets being used. Required if servlets are used. A classpath is one or more colon-separated paths to class or jar files. Enter the full path for each.

-l

Indicates that Sun Internet Administrator should pass the locale to the component through the URL.

-n name

Specifies a simple name, such as "FTP," for use in the Sun Internet Administrator GUI.

-p "prog_path"

Specifies command-line program information. Enclose the entire entry in quotes. It takes:

The full path to the command-line executable. If standard parameters are required, enter them here. For example: -p "/usr/bin/ps -ef".
-a Enter this option if parameters are accepted from the user at runtime.
-d help_file Enter this option, and the complete path to supporting documentation for the command-line utility.
-g group_name Enter the name of the UNIX user group under which the command or X-program should run.
-u user_name Enter the UNIX user name under which the command or X-program should be run.

-r "servlet_info"

Specifies information required for each servlet used by the GUI being registered. For each servlet, the following information is required:

The path to the servlet, relative to the document root of the administration Web server.
The fully-qualified Java class name of the servlet.
Any required servlet arguments, listed by name and value.

Specify one -r option for each servlet used by the GUI.

-s CGI_path

Specifies the path to CGI used by the GUI, if any.

-v componentVersion

Specifies the release version of the component being registered. This is required.

-w URL

Specifies the path to the main (or opening) page of a Web-based GUI. This is the page that Sun Internet Administrator displays to the administrator when it receives a legitimate request to manage the service. For a three-tier application, enter a relative path. For a two-tier application, enter the full path to the page.

-x X_path

Specifies the full path to an X-based administration program. It takes:

-g group_name Enter the name of the UNIX user group under which the command or X-program should run.
-u user_name Enter the UNIX user name under which the command or X-program should be run.

-y productVersion

Specifies the product version that is displayed in the Sun Internet Administrator GUI. This is required.

EXTENDED DESCRIPTION

Three-Tier Web-Based GUIs

A three-tier Web-based GUI has one software component (ASCA) located on the same machine with Sun Internet Administrator and another (ASRA) located on the machine where the service resides. You must register both pieces.

To register the ASCA information, run mcreg on the Sun Internet Administrator host with -A, -c, -v, and -y options (see the first command synopsis).

To register the ASRA, run mcreg on the service host with the -c, -v, and -y options only (the second command synopsis).

Two-Tier Web-Based GUIs

To register a legacy GUI, which has only a software component on the service host, run mcreg on the service host using the third form of the command.

X-Based GUIs

To register the X-based administration program of a service, run mcreg on the service host using the fourth form of the command (including the -x option).

Command-Line User Interfaces

For each command-line utility supported by a service, run mcreg on the service host, using the fifth form of the command (including the -p option).

EXAMPLES

Example 1 Registering a Three-Tier Application on the Sun Internet Administrator Host

The following illustrates use of mcreg for registering Sun^TM Internet FTP Server^TM, which uses servlets for its three-tier graphical user interface. Run this form of the command on the machine where Sun Internet Administrator is installed.

# /opt/SUNWisp/sbin/mcreg
-A 
-c SUNWftpa
-d /opt/SUNWftpa/1.1/doc
-i /opt/SUNWftpa/images/ftp.gif
-j classes:/opt/fre/lib/classes:/opt/joe/lib/classes.jar
-l 
-n ftp
-r "main FTPAdmin.MainServlet"
-r "start FTPAdmin.StartServlet name=foo,owner=bar"
-s /opt/SUNWftpa/1.1/cgi-bin
-v 1.1
-y 1.1
-w cgi-bin/ftpadmin.cgi

mcreg

-A

Indicates that the software component being registered is a Web-base GUI component.

-c

SUNWftpa is the package name for the user interface, and thus is a unique identifier for it.

-d

Documentation for Sun Internet FTP Server resides at /opt/SUNWftpa/1.1/doc.

-i

The icon to display for Sun Internet FTP Server is at /opt/SUNWftpa/images/ftp.gif.

-j

The Java classpath for administration servlets being used includes:

classes
/opt/fre/lib/classes
/opt/joe/lib/classes.jar

-l

Indicates that the locale should be passed to the component through the URL.

-n

The user-friendly name to be displayed in Sun Internet Administrator is "ftp."

-r

The first servlet being used by the service is MainServlet in the Java package FTPAdmin. It takes no arguments on startup.

-r

The second servlet being used by the service is StartServlet in the Java package FTPAdmin. It takes two arguments on startup: name and owner.

-s

The CGI scripts used by the service reside in /opt/SUNWftpa/1.1/cgi-bin.

-v

The release version is 1.1.

-w

The first page to be served up to an administrator accessing this service is at cgi-bin/ftpadmin.cgi. Because Sun Internet FTP Server is a three-tier Web-based service, this path is relative to the document root of Sun Internet Administrator's Web server.

-y

The product version is 1.1.

Example 2 Registering a Three-Tier Application on Service Host

The following illustrates use of mcreg for registering Sun^TM Internet FTP Server^TM. Run this form of the command on the machine where Sun Internet FTP Server is installed.

# /opt/SUNWisp/sbin/mcreg -c SUNWftp -v 1.1 -y 1.1 -n ftp

mcreg

-c: SUNWftpa is the package name for the user interface, and thus is a unique identifier for it.
-v: The release version is 1.1.
-y: The product version is 1.1.
-n: The user-friendly name to be displayed in Sun Internet Administrator is "ftp."

Example 3 Registering a Two-Tier Application

The following illustrates the use of mcreg for registering Sun^TM WebServer^TM. Run this form of the command on the machine where the Sun WebServer service is installed.

# /opt/SUNWisp/sbin/mcreg
-c SUNWhttp
-i /opt/SUNWhttp/images/http.gif
-n Sun WebServer
-v 2.1
-y 2.1
-w http://httphost:9001/admin/main.html

# /opt/SUNWisp/sbin/mcreg
-c SUNWhttp
-i /opt/SUNWhttp/images/http.gif
-n Sun WebServer
-v 2.1
-y 2.1
-w http://httphost:9001/admin/main.html
-l

-c: SUNWhttp is the package name for the user interface, and thus is a unique identifier for it.
-i: The icon to display for Sun WebServer is at /opt/SUNWhttp/images/http.gif.
-l: Indicates that Sun Internet Administrator should pass the locale to the component through the URL. In this example, the first page to be served up to an administrator accesssing this service from Sun Internet Administrator administration console will be: http://httphost:9001/admin/main.html?locale=en_US where en_US refers to US English.
-n: The user-friendly name to be displayed in Sun Internet Administrator is "Sun WebServer".
-v: The release version is 2.1.
-w: The first page to be served up to an administrator accesssing this service is at http://httphost/9001/admin/main.html. Because Sun WebServer is a two-tier Web-based service, this is a complete URL to the administration server.
-y: The product version is 2.1.

Example 4 Registering an X-Based Application

The following illustrates use of mcreg for registering an X-based product. Run this form of the command on the machine where the service is installed.

# /opt/SUNWisp/sbin/mcreg
-c SUNWxtpa
-n XTP
-v 3.2
-y 3.1
-x /usr/Openwin/bin/xtpadmin -u root -g sys

-c

SUNWxtpa is the package name for the user interface, and thus is a unique identifier for it.

-n

The user-friendly name to be displayed in Sun Internet Administrator is "XTP."

-v

The release version is 3.2.

-x

The executable for the administration interface is at /opt/SUNWxtpa/bin/xtpadmin. It takes:

-g group_name This option indicates that the UNIX user group name under which the administration interface of the X-program should run is sys
-u user_name This option indicates that the UNIX user name under which the administration interface of the X-program should run is root.

-y

The product version is 3.1.

Example 5 Registering a Command-Line Interface

The following illustrates use of mcreg for registering a command-line utility. Run this form of the command on the machine where the service is installed.

# /opt/SUNWisp/sbin/mcreg
-c SUNWcli
-n SampleCLI
-p /usr/bin/ps
-p "/usr/bin/date" -a -d /usr/bin/datehelp.html -u root -g sys
-v 1.1
-y 1.1

-c

SUNWcli is the package name for the user interface, and thus is a unique identifier for it.

-n

The user-friendly name to be displayed in Sun Internet Administrator is "SampleCLI".

-p

Two command-line utilities are registered in this example.

In the first, ps is located at /usr/bin/ps. It takes no parameters and has no help file associated with it.

In the second, date is located at /usr/bin/date. Note that the complex argument of this option is enclosed in quotation marks. It takes:

-a This option indicates that it accepts parameters from the user at runtime.
-d This option indicates that its help file is located at /usr/bin/datehelp.html.
-g group_name The option indicates that the UNIX user group name under which the X-program should run is sys
-u user_name This option indicates that the UNIX user name under which the X-program should run is root.

-v

The release version is 1.1.

-y

The product version is 1.1.

EXIT STATUS

The following exit values are returned:

0: Successful completion.
>0: An error occurred.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving

NOTES

Use the option -l only if the component supports receiving locale information through the URL. We recommend using the browser to set your language preferences. This option is intended for browsers that do not support HTTP1.1 content negotiation.

All Solaris ISP Server components have the same component and product version except Sun^TM Directory Services whose component version is 3.2 (for -v) and product version is 3.1 (for -y).

Solaris ISP Server 2.0 Last Revised February 1999

mcunreg(1M)

NAME

mcunreg

^TM

SYNOPSIS

mcunreg

-c

componentID

-v

componentVersion

mcunreg

-A

-c

componentID

-v

componentVersion

DESCRIPTION

Removes information about a service's user interface, so that the service cannot be managed by Sun Internet Administrator (for example, on deinstallation). For all supported user interface types, run the first version of the command, with -c and -v options, on the machine where the service is installed. For three-tier Web-based user interfaces, run the second version of the command as well, specifying -A, -c, -v options, on the machine where Sun Internet Administrator is installed. Root access is required to run this command.

OPTIONS

-A: Specifies an administrative Web interface is being unregistered. Required in that case.
-c componentID: Specifies the software component being unregistered, by unique component identifier (package name). This option is required, and must match the componentID specified when mcreg was called to register the component.
-v componentVersion: Specifies the release version of the software component being unregistered This option is required, and must match the componentVersion specified when mcreg was called to register the component.

EXAMPLES

Example 1 `mcunreg` on the Service Host

To unregister all supported types of user interfaces, run this form of mcunreg on the host where the service is installed.

# /opt/SUNWisp/sbin/mcunreg
-c SUNWftpa
-v 1.1

mcunreg

-c

-v

mcreg

Example 2 `mcunreg` on the Sun Internet Administrator Host

To unregister a three-tier Web-based user interface, run this form of mcunreg on the Sun Internet Administrator host in addition to running the other form on the service host.

# /opt/SUNWisp/sbin/mcunreg
-A
-c SUNWftpa
-v 1.1

mcunreg

-c

-v

mcreg

-A

EXIT STATUS

The following exit values are returned:

0: Successful completion.
>0: An error occurred.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving

NOTES

Running this command completely disables the service for administration from Sun Internet Administrator.

Solaris ISP Server 2.0 Last Revised February 1999

sispload(1M)

NAME

sispload- converts a file of user entries into an ldif file for loading into the Solaris ISP Server directory service

SYNOPSIS

sispload

-b

baseDN

-d

debugLevel

-f

InputFile

-h

DirectoryHost

-m

mappingFile

-o

outputFile

-t

table

-V

variable

value

DESCRIPTION

This utility takes a data file with subscriber entries in the format described in sispload.mapping(4) and creates an ldif file that can be used to create the subscribers in a Sun Directory Services data store.

The mapping file defines how sispload will interpret each field in the input file and how those fields will be translated into entries in the directory service.

The output file can be used with ldapmodify(1M) to create the directory entries.

OPTIONS

-b baseDN

Specifies a base distinguished name (DN) to use as the root of all entries. The default is specified in the BASE_DN entry in the sispload.mapping(4) file, which is set to the base DN named when Solaris ISP Server was installed. Use this option to override the setting in the mapping file.

-d debugLevel

Sets the logging level for the dsservd(1M) daemon. You can set any combination of the following levels:

Mask: Description
1: Trace
2: Packets
4: Arguments
8: Connections
16: BER
32: Filters
64: Configuration
128: Access Control
256: Statistics (summary)
512: Statistics (detailed)
1024: Not Used
2048: Parse
65535: All information

-f InputFile

Specifies the file which contains raw data to be mapped to ldif entries. The raw data comes from some other data source, such as a database or NIS files. Each line in the input file corresponds to an entry or a change to an entry to be made in the directory service. See sispload.mapping(4) for information on the syntax rules for this file.

-h DirectoryHost

Specifies the host name of the directory server to which the user entries will be added. New entries will be checked against the directory on this host to determine whether new entries should be added or should modify existing user entries. If no host is specified, the local machine is the default.

-m mappingFile

Specifies the mapping file to use to translate input entries into directory entries. If no mapping file is specified, sispload.mapping in /etc/opt/SUNWconn/ldap/current/mapping is used. See sispload.mapping(4) for details on the format of the mapping file.

-o outputFile

Specifies a file root where output will be sent instead of STDOUT and STDERR. Two files will be created: outputFile.ldif contains ldif-format changes to make to the directory, and outputFile.err contains error and warning messages.

-t table

Specifies the table in the mapping file to use to create user entries. Valid parameters are

sisp - to create users with the ispSubscriber object class.
sisprad - to create users with the ispSubscriber and remoteUser (RADIUS user) object classes.
sispsims - to create users with the ispSubscriber and emailPerson object classes.
sispradsims - to create users with the ispSubscriber, remoteUser, and emailPerson object classes.

If -t is not specified, the sisp table is used.

-V variable=value...

Sets variables for use in the conversion. Repeat the -V flag to define multiple variables. For example:

-V BASE_DN=o=myISP,c=US \ -V SUNMS=mailbox

EXTENDED DESCRIPTION

The sispload utility is designed to migrate large sets of user data from one source into ispSubscriber entries in the Solaris ISP Server directory server. Any source data may be used, as long as it can be exported into an ASCII file in the format understood by sispload. The manual page for sispload.mapping(4) describes the syntax for the input file.

For each line in the input file, sispload attempts to construct an appropriate directory in ldif format. The entry contains the distinguished name, object class definitions, and all applicable attributes for the object classes. Data may not be available for some attributes. Use blank fields in the input file, and sispload will either ignore the attribute or set it to an appropriate default value.

For each entry created, sispload checks the directory on the named host (or the local host) to discover whether an entry already exists with matching data. If a matching subscriber entry is found, sispload attempts to create an ldif modify record instead of an add. If neither a modify nor an add record cannot be created, an error will be logged in the error file.

Before you make actual changes to the directory, you should run ldapmodify with the -n option to preview the changes that would be made. For example:

# ldapmodify -D 'cn=admin,o=XYZ,c=US' -w secret -h ldap2.xyz.com \-n -f bulkload.ldif

If there are errors, you may need to modify some of the entries that are being made, or you may need to delete some entries from the ldif file and modify them manually.

EXIT STATUS

The following exit values are returned:

0: Successful completion.
>0: An error occurred.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWixsds
Interface Stability	Evolving

uninstall-sisp1.0(1M)

NAME

uninstall-sisp1.0- Perform a non-interactive uninstall of Solaris for ISPs 1.0 components and save the old data.

SYNOPSIS

uninstall-sisp1.0

media_root

DESCRIPTION

Uninstalls Solaris for ISPs 1.0 components, if found installed, and saves the old data for upgrading to Solaris ISP Server 2.0. You must have root access to run this script. If you are upgrading from the:

Host configuration software (using hcstartup), this script is automatically executed.
Command line, you must execute this script before upgrading to Solaris ISP Server 2.0 software.

OPERANDS

media_root: The path to the root of the installation media for invoking this script.

`uninstall-sisp1.0` Prompts

If the script is executed by hcstartup, this prompt asks you to specify whether or not you wish to uninstall Solaris for ISPs 1.0 components, currently running on the machine, and save the data for an upgrade. You will not get this prompt if you execute this command from the command line.

`uninstall-sisp1.0` Actions

When invoked,

From the command line:
- Uninstalls 1.0 components currently installed on the machine.
- Saves 1.0 data in a component specific directory.
By hcstartup, requests your consent before proceeding to:
- Uninstall 1.0 components currently found installed on the machine.
- Save the 1.0 component data in a component specific directory.

ENVIRONMENT VARIABLES

See environ(5) for descriptions of the following environment variables that affect the execution of command_name: NLSPATH.

EXIT STATUS

The following exit values are returned:

0: Successful completion. Uninstalled 1.0 components and saved data successfully.
1: Exited silently. Did not find 1.0 components installed for upgrading.
2: An error occurred or the root to the installation media is incorrect.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving

man Pages(3x): Miscellaneous Library Functions

ispIntro(3X)

NAME

ispIntro- introduction to the ISP Directory Information API (IDIA) man pages

DESCRIPTION

The ISP Directory Information API (IDIA) contains C language library functions and a Java class that provide information to enable read-write access to information stored in the Lightweight Directory Access Protocol (LDAP) directory service. It supports ISP services that need to bind to the LDAP server and update service information.

The information provided by IDIA is determined during the Solaris ISP Server host configuration process and directory services initialization. The ispldap command-line utility stores this information for use by the API.

RETURN VALUES

See individual man pages for the return values of the C functions.

Each method in the Java class ispLdapService throws a Java IOException.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes.

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWispm

FILES

/opt/SUNWisp/include/isp_dir_api.h: The C header file for the LDAP directory services access API.
com.sun.isp.idia: The Java package for the IspLdapService class.
/opt/SUNWisp/include/mcauth.h: The C header file for ISPMC_aar().

NOTES

ispGetLdapInfo(3X): This C function provides the distinguished name and password for binding to the LDAP server with access to a particular region of the directory information tree (DIT).
ispGetLdapServers(3X): This C function provides the names and port numbers of LDAP directory servers configured on the network.
ispGetTopDn(3X): This C function provides the distinguished name of the root domain (top-level domain entry in the DIT, under which Solaris ISP Server information is stored).
ispLdapService(3X): This Java class provides information on LDAP servers configured on the network. Various class methods return the root domain entry in the DIT and distinguished names and passwords for binding to the directory.
ISPMC_aar(3X): This C function accepts the user name and password of an administrator of Sun Internet Administrator and validates against the entry in the directory services. It first checks the name and password, to authenticate that the user exists. Then it checks the component identifier and version provided to determine whether this user is authorized to access that service. The results of the check are passed back by means of the access parameter.

Solaris ISP Server 2.0 Last Revised February 1999

ispGetLdapInfo(3X)

NAME

ispGetLdapInfo- get the disinguished name and password for binding to an Lightweight Directory Access Protocol (LDAP) server with rights to update a particular region of the directory information tree (DIT)

SYNOPSIS

#include <isp_dir_api.h>

componentId

versionNo

ldapBindDn

ldapBindPasswd

compConfigDn

DESCRIPTION

Accepts the component identifier and version number for a particular software component and provides the distinguished name and password for binding to an LDAP server with access to update a particular portion of the DIT. Also provides the distinguished name of a component configuration entry if one exists.

PARAMETERS

The parameter descriptions follow in alphabetical order.

compConfigDn: An output argument that points to a Null-terminated string containing the distinguished name of a component configuration entry (if one exists) associated with the componentId and versionNo. If no such entry exists, this pointer is set to NULL.
componentId: An input argument that points to a character constant containing the identifier of the particular software component (service) of interest. Typical component identifiers are package names (or slight variants) as these are guaranteed to be unique.
ldapBindDn: An output argument that points to a Null-terminated string containing the distinguished name for binding to the LDAP server with access to the portion of the DIT associated with the component passed in componentId and versionNo.
ldapBindPasswd: An output argument that points to a Null-terminated string containing the password for binding to the LDAP server with access to the portion of the DIT associated with the component passed in componentId and versionNo.
versionNo: An input argument that points to a character constant containing the version number of the particular component of interest. Typical component version numbers are in the form major.minor (for example, 1.0).

EXTENDED DESCRIPTION

Use the information provided by the ispGetLdapInfo() function to bind to a known LDAP server (using the LDAP client library API), and to access component-specific configuration information if it exists.

Services that need read-only access can bind to the directory unauthenticated and perform searches and compares. This API provides information required to gain write access. Remember that the server access controls must be set to allow write access.

The caller of ispGetLdapInfo() is reponsible for calling free() on compConfigDn, ldapBindDn, and ldapBindPasswd.

RETURN VALUES

The ispGetLdapInfo() function returns the following.

0: Successful completion.
-1: An error occurred. The error number in errno is set as shown in ERRORS.

ERRORS

The ispGetLdapInfo() function sets the following errno values when an error occurs.

ENOENT: No entry exists for the specified componentId and versionNo.
EIO: The function is unable to read LDAP information from the disk. The underlying file may not exist. Use ispldap(1m) to create it.
EACCESS: The user does not have permission to access the LDAP information file on disk.

EXAMPLES

Example 1 Getting a Bind DN for Directory Services

The following shows a typical use of ispGetLdapInfo().

char *ftpLdapDn;
char *ftpLdapPasswd;
char *ftpCompDn;
if(ispGetLdapInfo(
                  "SUNWftp", 
                  "1.0", 
                  &ftpLdapDn, 
                  &ftpLdapPasswd, 
                  &ftpCompDn)==0)
{
    ldap_bind(ld, ftpLdapDN, ftpLdapPasswd);

    /*Do other processing as appropriate
      Use the ISP-wide root domain DN to find the 
      configuration information.
    */

    if(ftpLdapDn) free(ftpLdapDn);
    if(ftpLdapPasswd) free(ftpLdapPasswd);
    if(ftpCompDn) free(ftpCompDn);
 }

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving
MT_Level	Safe

FILES

/opt/SUNWisp/include/isp_dir_api.h: C header file for the LDAP directory services access API.

ispGetLdapServers(3X)

NAME

ispGetLdapServers- get the names and port numbers of Lightweight Directory Access Protocol (LDAP) servers configured on the network

SYNOPSIS

#include <isp_dir_api.h>

listOfLdapServers

DESCRIPTION

Provides a pointer to a Null-terminated character string containing a list of LDAP servers and port numbers.

The caller of ispGetLdapServers() is reponsible for calling free() on the listOfLdapServers string.

PARAMETERS

The parameter descriptions follow in alphabetical order.

listOfLdapServers

An output argument that points to a Null-terminated character string containing a list of LDAP servers and port numbers in the following syntax:

hostName1[:portNum1] [hostName2[:portNum2] ... ]

Note that hostName and its associated port number are separated by a colon (:), while different hostNames are separated by spaces.

The server host name is returned in a form that matches the parameter accepted by the LDAP client library, which could be an IP address in dot notation or a DNS name, and can be passed directly through to those function calls. If no LDAP servers are configured, listOfLdapServers is an empty string. If listOfLdapServers lists a server without a port number, that server is using the default LDAP port (389).

Note -

In Solaris ISP Server^TM 2.0, only a single directory server is supported. The only replication supported is when configuring the dirctory for operation with Sun Internet Mail Server.

RETURN VALUES

The ispGetLdapServers() function returns the following.

0: Successful completion.
-1: An error occurred. The error number in errno is set as shown in Missing Cross Reference Target.

ERRORS

The ispGetLdapServers() function sets the following errno values when an error occurs.

EIO: The function is unable to read LDAP information from the disk. The underlying file may not exist.
EACCESS: The user does not have permission to access the LDAP information file on disk.

EXAMPLES

Example 1 Getting a List of LDAP Servers

The following shows a standard use of ispGetLdapServers().

char* ldapServers;
if(ispGetLdapServers(&ldapServers)==0) 
{
    ldap_init(ldapServers, LDAP_PORT);
    /*other use of the directory server*/
    free(ldapServers);
}

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving
MT_Level	Safe

FILES

/opt/SUNWisp/include/isp_dir_api.h: C header file for the LDAP directory services access API.

ispGetTopDn(3X)

NAME

^TM

SYNOPSIS

#include <isp_dir_api.h>

ispGlobalDn

DESCRIPTION

Provides a pointer to a Null-terminated string containing the DN of the top-level Solaris ISP Server entry in the directory information tree (DIT). Sun^TM Internet Administrator^TM uses the ispGlobalDn to locate component-specific configuration information and administrator information in the directory. Service components should use the compDn returned by the ispGetLdapInfo() function.

The caller of ispGetTopDn() is reponsible for calling free() on ispGlobalDn.

PARAMETERS

The parameter descriptions follow in alphabetical order.

ispGlobalDn: An output argument that points to a Null-terminated string containing the distinguished name of the root domain entry in the DIT.

RETURN VALUES

The ispGetTopDn() function returns the following.

0: Successful completion.
-1: An error occurred. The error number in errno is set as shown in ERRORS.

ERRORS

The ispGetTopDn() function sets the following errno values when an error occurs.

ENOENT: No entry exists in the configuration file, or the file does not exist.
EIO: The function is unable to read Lightweight Directory Access Protocol (LDAP) information from the disk. The underlying file may not exist.
EACCESS: The user does not have permission to access the LDAP information file on disk.

EXAMPLES

Example 1 Getting the root DN

The following shows a standard use of ispGetTopDn().

char * ispTopDn = NULL;
if((ispGetTopDn(&ispTopDn)) < 0 ) {
  /check errno*/
}
else {
  printf("isp Top Dn = %s \n", ispTopDn);
  /*other processing using ispTopDn*/
}
if(ispTopDn) free(ispTopDn);

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving
MT_Level	Safe

FILES

/opt/SUNWisp/include/isp_dir_api.h: C header file for the LDAP directory services access API.

IspLdapService(3X)

NAME

IspLdapService- a Java class that provides information on Lightweight Directory Access Protocol (LDAP) servers configured on the network by Solaris ISP Server

SYNOPSIS

package com.sun.isp.idia;
public class IspLdapService()   {

  public IspLdapService(String Svc, String Vers)

      throws IOException {}

  public String Servers() throws IOException {}

  public String TopDn()  throws IOException {}

  public String BindDN() throws IOException {}

  public String BindPasswd() throws IOException {}

}

DESCRIPTION

The IspLdapService class uses Java Native methods Interface (JNI) to deliver the same information provided by the C library functions ispGetLdapServers(), ispGetLdapInfo(), and ispGetTopDn(). Because of the use of native methods, and for security reasons (IspLdapService accesses files on disk), it cannot be used from an applet.

METHODS

The public methods of IspLdapService follow in alphabetical order.

`BindDN()`

public String BindDN();

Returns a String object containing the DN to be used by the service to bind to the LDAP server. This DN (and its password) is associated with regions of the directory information tree (DIT) defined by the Service and Version parameters passed when this IspLdapService object was constructed. When a service requires privileged access (for example, to update entries in the directory) it binds using this DN.

`BindPasswd()`

public String BindPasswd();

Returns a String object containing the password to be used by the service to bind to the LDAP server. The DN and password are associated with regions of the DIT defined by the Service and Version parameters passed when this IspLdapService object was constructed.

`IspLdapService()`

public IspLdapService(String Service, String Version);

Constructs an IspLdapService object where

Service

Is a String object containing the component identifier of the service whose directory information is needed. A component identifier must be unique, and may be a package name or variant.

Note -

The component identifier must match that recorded by the mcreg command when the service software was installed and configured.

Version

Is a String object containing the version number of the service whose directory information is needed. The version number is typically in the form major.minor (for example, 1.0).

Note -

The version number must match that recorded by the mcreg command when the service software was installed and configured.

Each component that uses the directory services has its own region of the DIT for its component-specific information. The constructor initializes the String object returned by BindDN() to the distinguished name for binding to that portion of the DIT. It initializes the String object returned by BindPasswd() to the password attribute for that entry.

`Servers()`

public String Servers() ;

Returns a String object containing a list of LDAP servers configured on the network. If no servers are configured, an empty String is returned. The String has the following syntax:

hostName1[:portNum1] [hostName2[:portNum2] . . . ]

Note that hostName and its associated port number are separated by a colon (:), while different hostNames are separated by spaces. The server host name is returned in a form that matches the parameter accepted by the LDAP client library, which could be an IP address in dot notation or a DNS name, and can be passed directly through to those function calls.

Note -

In Solaris ISP Server^TM 2.0, only a single, directory server is supported. The only replication supported is when configuring the directory to operate with Sun Internet Mail Server.

`TopDn()`

public String TopDn()  ;

Returns a String object containing the distinguished name of the root domain entry in the DIT (the top-level entry under which Solaris ISP Server information is stored).

EXTENDED DESCRIPTION

The IspLdapService class is designed to work with Java Naming and Directory Interface (JNDI) to access information from any standard directory service without requiring specific directory knowledge on the part of the application. JNDI uses several JNDI Environment Properties to specify the LDAP server and the user name and credentials the application will use to bind to it. These are:

java.naming.provider.url (Context.PROVIDER_URL)
java.naming.dns.url (Context.DNS_URL)
java.naming.security.principal (Context.SECURITY_PRINCIPAL)
java.naming.security.credentials (Context.SECURITY_CREDENTIALS)

Each of these takes a Java String object and can be set as env.put(Context.XXX), by the application. An example of how to use IspLdapService with JNDI is included below.

EXCEPTIONS

Each of the public methods of IspLdapService throws a Java IOException when an error occurs in reading the configuration file from disk. Remember to handle these exceptions in your code.

EXAMPLES

Example 1 Using `IspLdapService` with JNDI

// JNDI packages  
import javax.naming.*;  
import javax.naming.directory.*;  
// ISP directory information classes  
import com.sun.isp.idia.*;   
...  
{ 
  ...  
  String ldapServers;  
  String topDN;  
  String bindDN;  
  String bindPwd;  
  
  // Fetch LDAP server, bindDN and password 
  // from Isp Dir Info API-classes and bind
  // to the LDAP server
  IspLdapService ftpService = new IspLdapService("SUNWftp", "1.0");

    try {
      ldapServers = ftpService.Servers(); 
      topDN = ftpService.TopDN(); 
      bindDN = ftpService.BindDN(); 
      bindPwd = ftpService.BindPasswd(); 
    } 
    catch (IOException e) { 
      System.err.println("Error determining Ldap information"); 
        return; 
    }

  // LDAP initialization 
  Hashtable env = new Hashtable(5, 0.75f); 
  env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory"); 
  env.put(javax.naming.Context.PROVIDER_URL, "ldap://" + ldapServers);
  env.put(javax.naming.Context.SECURITY_PRINCIPAL, bindDN);
  env.put(javax.naming.Context.SECURITY_CREDENTIALS, bindPwd); 

  ...

}

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving
MT_Level	Safe

FILES

com.sun.isp.idia: The Java package for the IspLdapService class.

ISPMC_aar(3X)

NAME

ISPMC_aar- authenticate a user of Sun Internet Administrator and verify access authorization to the given software component

SYNOPSIS

#include <mcauth.h>

admin_name

password

componentID

version

access

DESCRIPTION

This function accepts the user name and password of a user of Sun Internet Administrator and validates against the entry in the directory services. It first checks the name and password, to authenticate that the user exists. Then it checks the component identifier and version provided to determine whether this user is authorized to access that service. The results of the check are passed back by means of the access parameter.

PARAMETERS

admin_name: Points to a string containing the user name of the administrator being authenticated.
password: Points to a string containing this administrator's password.
componentID: Points to a string containing a unique component identifier of the software component the administrator is accessing.
version: Points to a string containing version number (major.minor) of the software component the administrator is accessing.
access: An output argument that points to an integer specifying the results of the check. If access is 1, the administrator is authenticated and authorized for access to the desired service. If access is zero (0), the administrator is not authorized, or the administrator entry does not exist (this is an invalid user).

RETURN VALUES

The ISPMC_aar() function function returns the following.

0

The function has exited properly. The results of the authentication and access check are in the access parameter.

nonzero

The function has exited with an error. The user has not been validated and the contents of access are insignificant.

Note -

Because this value can be set by a number of different programs, all using similar error numbers for different reasons, you should not rely on this value to determine a specific reason for the failure.

EXAMPLES

Example 1

#include <nl_types.h>
#include	"mcauth.h"
nl_catd         catd;	

main()
{
  char *name = "john";
  char *pwd = "smith";
  char *comp = "SUNWfoobar";
  char *version = "1.0";
  int  err, access;
    
  if ( (err = ISPMC_aar(name, pwd, comp, version, &access))== 0) {
    if (access == 1)
      printf ("Authenticated and authorized\n");
    else
      printf ("Authentication or authorization failed\n");
  } else {
      printf ("Error encountered\n");
  }
}

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWixamr
Interface Stability	Evolving

FILES

/opt/SUNWisp/include/mcauth.h: The C header file for ISPMC_aar().

man Pages(4): File Formats

ispIntro(4)

NAME

ispIntro- introduce the man pages for Solaris ISP Server foundation configuration files

DESCRIPTION

This page describes all of the man pages available for configuration files associated with Solaris ISP Server platform components.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWispm
Interface Stability	Stable

FILES

/etc/opt/SUNWisp/hclfmd.conf

/etc/opt/SUNWisp/ldap/lib/sispload.mapping

NOTES

hclmfd.conf(4): configures the Solaris ISP Server host configuration log file management daemon.
sispload.mapping(4): defines the translation methods used by sispload(1m) to convert user records from a structured text file to ldif entries.

Solaris ISP Server 2.0 Last Revised February 1999

hclfmd.conf(4)

NAME

hclfmd.conf

SYNOPSIS

/etc/opt/SUNWisp/hclfmd.conf

DESCRIPTION

The hclfmd.conf file contains the list of log files to be monitored by hclfmd. Each entry in the file has the following form:

interval:minutes
log_file:command

interval

Specifies the interval (in minutes) at which the listed log files are monitored. The interval can range from 1 minute to 10080 minutes (1 week).

minutes

Is the interval at which the log files are monitored. By default, the interval is set to one minute; that is, the log files are monitored every minute. You can modify the interval at which the log files are monitored by changing the interval values.

log_file

Is the complete path to the log file to be monitored. There should be an auth.err entry in /etc/syslog.conf for this file.

command

Is the notification command to run if new entries are found in the monitored file. The command is passed to /usr/bin/sh for execution, and may contain the following variables:

"%f"

Replaced with the name of the file where the new entries are found.

%c

Is a temporary file containing the new contents of the monitored log file.

Note -

If your command requires a literal percent sign (%), enter %%.

EXAMPLES

Example 1 Default `hclfmd.conf` entry

interval:1
/var/log/badauth:/usr/bin/mailx -s %f root <  %c

checks the log file (badauth) every minute and runs the mailx command every time it detects new entries in the log file with subject set to "%f" and the mail body being whatever is in file "%c".

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWisp
Interface Stability	Evolving

sispload.mapping(4)

NAME

sispload.mapping- defines the translation of user records from a structured text file to ldif records for adding Solaris ISP Server subscribers

SYNOPSIS

/etc/opt/SUNWisp/ldap/sunds/default/mapping/sispload.mapping

DESCRIPTION

The sispload.mapping file contains the default rules for translating a file of user records into ldif records. The file is used with sispload(1m) to create an output file of ldif records for each user. The resulting ldif file can be used with ldapadd(1m) to create records for all of the user records in the directory server.

The Extended Description section explains the default rules defined in sispload.mapping and the expected syntax of the input files. You need to create a new mapping file if your input files are in another format or your directory schema has been altered from the Solaris ISP Server default. The mapping file follows the syntax of mapping files used by dsimport(1m), and you should read the dsimport man page or see the Sun Directory Services 3.1 Administration Guide.

Note -

The syntax of the mapping file is complicated. It may be very difficult to create a mapping file that properly converts data into records for your directory. Editing the mapping file is not recommended.

EXTENDED DESCRIPTION

This section explains the syntax of the input file containing user data, the default mapping file, and the way the output ldif file is constructed from the input.

You must extract your current user data into an ASCII file with one entry per line according to the syntax described here. If you cannot get data that matches this syntax exactly, you may need to create a new mapping file to match the syntax of your file. You should change only the way lines are parsed in the LINE entries of the Extract section in the mapping file.

For more details on the use, syntax, and valid data for the attributes that are constructed, please refer to the following sources:

Solaris ISP Server 2.0 Administration Guide for information about the ispSubscriber object class. All of the sispload conversion tables use this class.
Sun Directory Services 3.1 Administration Guide for information about the remoteUser and emailPerson object classes used to create RADIUS and Sun Internet Mail Server users.

Input File Syntax

Each line in the input file corresponds to a resulting record in the ldif file and the directory. Each line is a series of fields separated by a delimiter.

The default delimiter is an exclamation point (!). You may change the delimiter by changing the value of SEPARATOR in the Dynamic section of the mapping file. You must also change the LINE entries because they are constructed with ! as the delimiter. Do not use a comma (,) or a space as the delimiter because records which contain distinguished name data will use commas and spaces as part of the data.

If your data does not include one of the expected fields, you may be able to use a null field between separators in the input file. For example, if your data does not include the third field expected in the input:

!data1!data2!!data4!...

Only optional fields may be omitted. Optional data is marked with an asterisk (*) at the end of the token name in the mapping file, and noted as optional in the descriptions below.

This section describes the form of the input file. For details on the object classes and attributes constructed from the input file see the Output section below.

There are four forms for the input file corresponding to four translation tables:

sisp is used to create user records using the ispSubscriber object class.
sisprad is used to create user records using the remoteUser object class and the ispSubscriber object class so that RADIUS authentication data is included.
sispsims is used to create user records using the emailPerson object class and the ispSubscriber object class so that Sun Internet Mail Server data is included. Use this table if you have configured a Sun Internet Mail Serverdirectory as a slave of the Solaris ISP Server directory.
sispradsims is used to create user records using the emailPerson, remoteUser, andispSubscriber object classes so that Sun Internet Mail Server data and RADIUS authentication data is included.

The table that is used is selected with the -t option for sispload. The default table is sisp.

The following subsections describe the input fields for each table.

sisp Input

Each line in the input file for the sisp table has the following syntax:

!LastName!FirstName!Nickname!Username!Password!DomainName!\
EmailAddress!Services!UID!GID!ContentDirectory!

Where:

LastName: Contains the real last name.
FirstName: Contains the real first name.
Nickname: (Optional) Contains an optional nickname or alias.
Username: Contains the user name used to log on to the network.
Password: (Optional) Contains the user's password.
DomainName: (Optional) Contains the fully qualified domain name to which this user belongs.
E-mailAddress: (Optional) Contains this user's fully qualified email address, including the domain name.
Services: (Optional) Contains a space-separated list of Solaris ISP Server ispService distinguished name entries that correspond to services that the user is allowed to use. For example, if the user has an FTP directory, there may be an entry of the form "ispversion=1.0, ou=SUNWftp, ou=Services, o=myisp, c=us."
UID: (Optional) Contains a UNIX user id number.
GID: (Optional) Contains a UNIX group id number.
ContentDirectory: (Optional) Identifies the directory used by the user for personal content (FTP uploads and personal web documents).

sisprad Input

Each line in the input file for the sisprad table has the following syntax:

!LastName!FirstName!Nickname!Username!Password!DomainName!\
E-mailAddress!Services!UID!GID!ContentDirectory!\
AuthSuffix!GroupCheck!GroupReply!

Where the fields from "Last Name" through "Content Directory" are the same as in the "sisp Input" section, and

AuthSuffix: (Optional) Defines a string that may be appended to the user name used for authentication when the RADIUS server processes the user for authentication. For example, the RADIUS server may append a domain string to authenticate users who belong to a particular domain. For example, a user logging in as "jdoe" might be authenticated as "jdoe@othernet.com."
GroupCheck: (Optional) Defines a list of attributes in a user's record that the RADIUS server will check against data supplied during authentication. If no GroupCheck information is supplied, RADIUS will check all of the remote user's attributes before granting access. An example attribute for GroupCheck is "userPassword." Separate multiple attributes by spaces in the input file.
GroupReply: (Optional) Defines a list of attributes returned by the RADIUS server with an access-accept or access-reject response. Example attributes that might be used in the GroupReply field are "radiusPppProfile" and "dynamicIPAddress." Separate multiple attributes by spaces in the input file.

sispsims Input

Each line in the input file for the sispsims table has the following syntax:

!LastName!FirstName!Nickname!Username!Password!DomainName!\
E-mailAddress!Services!UID!GID!ContentDirectory!\
AuthSuffix!GroupCheck!GroupReply!\
DataSource!MailServe!MailDomain!LegacyMail!\
MailDeliveryOption!RFC822Mailbox!MailFolderMap!MailQuota!\
ChannelType!

Where the fields from "Last Name" through "Content Directory" are the same as in the "sisp Input" section, and

DataSource

Contains a string identifying the original source of this data for reference.

MailServer

Defines the fully qualified domain name of the mail server to which mail for the user should be delivered.

LegacyMail

Defines an object class for users that use a legacy mail gateway channel. Valid object classes supported by Sun Internet Mail Server are gatewayCCMailUser, gatewayMSMailUser, and gatewayProfsUser.

MailDeliveryOption

Specifies the value of the mailDeliveryOption attribute for the user. The variable MAILDEV in the Common section will be used if there is no input in this field.

RFC822Mailbox

Specifies all of the email addresses defined for the user. This field may be left blank if the value of EmailAddress is the only valid address for the user.

MailFolderMap

Defines the message store for the user's mail folder. This field may be "UNIX V7" to use /var/mail or "Sun-MS" to use the Sun Internet Mail Server message store. The variable SUNMS in the Common section will be used if there is no input in this field.

MailQuota

Defines the maximum size (in bytes) of the message store for the user.

ChannelType

Defines the type of legacy mail channel for the user. This is an optional field for users that use a legacy mail gateway channel; valid data in this field are:

0 for CC:mail
1 for Microsoft Mail
4 for an SMTP mail system
8 for IBM PROFS

sispradsims Input

Each line in the input file for the sispsims table has the following syntax:

!LastName!FirstName!Nickname!Username!Password!DomainName!\
EmailAddress!Services!UID!GID!ContentDirectory!\
AuthSuffix!GroupCheck!GroupReply!\
DataSource!MailServer!MailDomain!LegacyMail!\
MailDeliveryOption!RFC822Mailbox!MailFolder!MailQuota!\
ChannelType!

The sispradsims input line is composed of all of the fields from the other three tables, which are described above.

Mapping File Syntax

The default mapping file is located in /etc/opt/SUNWisp/ldap/sunds/default/mapping/sispload.mapping.

The mapping file contains the rules for parsing the input file lines, assigning the fields to variables, and then using those variables to construct an ldif-format record for the directory server. In most cases, you will not need to edit this file. If you have a non-default input file format or if you have extended the default Solaris ISP Server schema, you may need to make changes to the mapping file. Please read this document and the man page for dsimport(1m) before editing the mapping file.

Note -

The mapping file contains four Table sections which define how input will be parsed and converted to ldif records. The four tables are sisp, sisprad, sispsims, and sispradsims.

See the Input File Syntax section for details on each table's function.

See the dsimport(1m) manual page for more detailed information on the contents of each table and the general rules for constructing a mapping.

The following token and variable definitions may help you adjust the mapping if you have trouble with the output or with creating valid input:

BASE_DN: Defines the distinguished name (dn) in the directory naming context where user records will be created. The default is the base dn specified when Solaris ISP Server was installed. The dn of each user will be cn=FirstName LastName (Username),ou="People", ou=domain [[ou=domain...]], BASE_DN.
DIRPREF: Defines a path prefix to all user ISP content directories. The default is /home. The value of the content directory field from the input file is appended to this value to get the full path for the ispContentDirectory attribute. The ispDirectoryRoot attribute for an ispService plus the ispContentDirectory forms the full path to the actual directory.
MATCH_FILTER: Defines the criteria for determining whether a record already exists in the directory. By default, a new record from the input data is considered a duplicate if there is already a record with a matching cn=FirstName LastName and mail=EmailAddress. Refer to dsimport(1m) for details on constructing a match filter if the default does not meet your needs.
SEPARATOR: Defines the field delimiter in the input data. If you change the SEPARATOR you must also change the delimiter used in the LINE definitions in the table's Dynamic and Extract sections.

Output

The output from sispload is stored in two files: filename.err contains error messages and filename.ldif contains ldif records for adding records to the directory.

The majority of the ldif file will consist of user records to add or modify. The format of the records depends on the translation table used. The user records for each table are explained below.

In addition to user records, there may be entries to create intermediate nodes where user data is stored. The ldif file may contain records that add organizationalUnit object classes to fill in the tree from the base DN to the ou=People node where users are stored.

sisp Output

The object class of user records when the sisp table is used is ispSubscriber.

The following list describes how the input data is used to construct attributes in the ldif user record. Refer to the "Input" section for information on the meaning of the input fields (shown in a different style).

dn

Specifies the complete distinguished name for the user record. The dn is constructed as follows:

dn=cn="FirstName LastName (Username)", ou="People", ou=DomainName[[ou=domain...]], $BASE_DN.

cn

Specifies an additional commonName attribute.

cn=FirstName LastName.

sn

Specifies the family name or surname.

sn=LastName.

givenname

Specifies the first or given name.

givenname=FirstName.

userid

Specifies the user name used for authentication.

userid=Username.

userPassword

Specifies the password used for authentication. If no password is given in the input data, the user name is used.

userid=Password || Username.

uidNumber

Specifies the user ID number used for processes and files owned by the user.

uidNumber=UID.

gidNumber

Specifies the group ID number used for processes and files owned by the user.

gidNumber=GID.

ispContentDirectory

Specifies a path prefix for the actual file system directory where the user stores personal content (such as web pages or FTP content). The ispContentDirectory attribute is built from appending the field from the input file to the value of DIRPREF in the mapping file Common section. If DIRPREF is null and there is no data in the input field, this attribute is not set.

ispContentDirectory= $DIRPREF/ContentDirectory.

ispAuthorizedServices

Specifies the distinguished name of each ISP service this user is allowed to use. Each distinguished name in the input file should reference the ispVersion attribute of an existing ispService record. Multiple services can be separated by spaces between the delimiters in the input file. An example of an entry in the input file is "ispversion=1.0,ou=SUNWftp,ou=Services,o=myisp,c=us."

ispAuthorizedServices=Services.

mail

Specifies the full email address.

mail=EmailAddress.

sisprad Additional Output

The object classes of user records when the sisprad table is used are remoteUser and ispSubscriber.

The ldif record contains all of the attributes described in the sisp Output section. In addition, the sisprad table generates the additional attributes for a remoteUser object listed below. Refer to the "Input" section for information on the meaning of the input fields (shown in a different style).

authsuffixname

Specifies the authSuffixName attribute. This string is added to the user name by the RADIUS server when it checks authentication. If there is no value in the input file, the user's DomainName is used.

authSuffixName=AuthSuffix ||DomainName.

grpCheckInfo

Specifies a list of attributes that the RADIUS server checks against the data supplied by a user session at login. If there is no value in the input file, the attributes authSuffixName and userPassword are used.

grpCheckInfo=GroupCheck || "authSuffixName userPassword".

authServiceProtocol

Specifies the type of service for the user. This attribute takes its value from the AUTHPROT variable defined in the Common section; the default value is Framed-User.

authServiceProtocol=$AUTHPROT.

framedrouting

Specifies the routing method for the user, when the user is a router to a network. This attribute takes its value from the FRAMEDROUTING variable defined in the Common section; the default value is None.

framedrouting=$FRAMEDROUTING.

framedprotocol

Specifies the framing to be used for framed access. This attribute takes its value from the FRAMEDPROTOCOL variable defined in the Common section; the default value is PPP.

framedprotocol=$FRAMEDPROTOCOL.

grpReplyInfo

Specifies a list of attributes returned by the RADIUS server with an access-accept or an access-reject response. If there is no value in the input file, the attributes authServiceProtocol, framedProtocol, and framedRouting are used.

grpReplyInfo=GroupReply || "authServiceProtocol framedProtocol framedRouting".

sispsims and sispradsims Additional Output

The object classes of user records when the sispsims table is used are emailPerson and ispSubscriber. If there is an input entry for LegacyMail, such as "gatewayCCMailUser," then this additional object class is also created for the user. When the sispradsims table is used, a remoteUser object class is created for each user record.

The ldif records from the sispsims table contain all of the attributes described in the "sisp Output" section. Records from the sispradsims table also include the records described in the "sisprad Output" section.

In addition, the sispsims and sispradsims tables generate the additional attributes for an emailPerson object listed below. Refer to the "Input" section for information on the meaning of the input fields (shown in a different style).

dataSource

Specifies the original source of the user data. This is an optional field for reference purpose. If the data source is blank in the input file, the string "Solaris for ISP Server(tm) sispload utility" is used.

dataSource=DataSource || "Solaris for ISP Server(tm) sispload utility"

mailhost

Specifies the fully qualified domain name of the SMTP/MIME mail server.

mailhost=MailServer

mailQuota

Specifies the maximum size in bytes of the user's message store, or 0 (zero) for unlimited size.

mailQuota=MailQuota

mailDeliveryOption

Specifies the method for delivering mail to the user. If there is no value in the input file, the attribute takes its value from the MAILDELIV variable defined in the Common section; the default value is mailbox. See "Appendix D. SIMS Directory Schema and Directory Information Tree " in Sun Internet Mail Server 3.5 Administrator's Guide for a complete list of valid values.

mailDeliveryOption=MailDeliveryOption || $MAILDELIV

mailFolderMap

Specifies the type of message store for the user's mail folders. If there is no value in the input file, the attribute takes its value from the SUNMS variable defined in the Common section; the default value is "SUN-MS".

mailFolderMap=MailDeliveryOption || $SUNMS.

preferredrfc822recipient

Specifies the user's internal email address. This attribute is built by combining the Username and MailServer tokens from the input file.

preferredrfc822recipient=UserName@MailServer.

rfc822Mailbox

Specifies an email address for the user. There may be multiple valid addresses separated by spaces in the input file; a separate rfc822Mailbox attribute is added for each address.

rfc822Mailbox=RFC822Mailbox.

channelType

Defines the type of legacy mail channel for the user.

channelType=ChannelType.

EXAMPLES

Example 1

The following listing shows an example input file with two user records. The records will be converted using the sisprad table.

!Smith!Joseph!Joe!jsmith!!myisp!\
jsmith@myisp.net!ispversion=1.0,ou=SUNWftp,ou=Services,o=MyISP,c=US!\
89091!10!jsmith!@myisp.net!authSuffixName userPassword!\
authServiceProtocol framedProtocol framedRouting\
radiusPppProfile!
!Jones!Janet!!janjones!!myisp!\
janjones@myisp.net!ispversion=1.0,ou=SUNWftp,ou=Services,o=MyISP,c=US!\
89092!10!janjones!@myisp.net!authSuffixName userPassword!\
authServiceProtocol framedProtocol framedRouting\
radiusPppProfile!

If the above data is in a file named /tmp/radius.input it could be converted to ldif records using sispload:

% cd /opt/SUNWisp/ldap/sunds/sbin
% ./sispload -b o=MyISP,c=US -t sisprad -f /tmp/radius

The file radius.ldif should contain the following records if the translation is successful and the user records do not already exist:

dn: cn=Joseph Smith (jsmith),ou=People,ou=myisp,o=MyISP,c=US
changetype: add
sn: Smith
cn: Joseph Smith
userid: jsmith
userPassword: jsmith
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ispSubscriber
objectClass: remoteUser
uidNumber: 89091
gidNumber: 10
ispContentDirectory: home/jsmith
ispauthorizedServices: ispversion=1.0,ou=SUNWftp,\
ou=Services,o=MyISP,c=US
mail: jsmith@myisp.net
authsuffixname: @myisp.net
grpCheckInfo: authSuffixName
grpCheckInfo: userPassword
authServiceProtocol: Framed-User
framedrouting: None
framedprotocol: PPP
grpReplyInfo: authServiceProtocol
grpReplyInfo: framedProtocol
grpReplyInfo: framedRouting
grpReplyInfo: radiusPppProfile
dn: cn=Janet Jones (janjones),ou=People,ou=myisp,o=MyISP,c=US
changetype: add
sn: Jones
cn: Janet Jones
userid: janjones
userPassword: janjones
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ispSubscriber
objectClass: remoteUser
uidNumber: 89092
gidNumber: 10
ispContentDirectory: home/janjones
ispauthorizedServices: ispversion=1.0,ou=SUNWftp,\
ou=Services,o=MyISP,c=US
mail: janjones@myisp.net
authsuffixname: @myisp.net
grpCheckInfo: authSuffixName
grpCheckInfo: userPassword
authServiceProtocol: Framed-User
framedrouting: None
framedprotocol: PPP
grpReplyInfo: authServiceProtocol
grpReplyInfo: framedProtocol
grpReplyInfo: framedRouting
grpReplyInfo: radiusPppProfile

Finally, these records can be added to the directory using ldapmodify(1m):

% cd /opt/SUNWconn/bin
% ./ldapmodify -D cn=admin,o=MyISP,c=US -w secret -f /tmp/radius.ldif

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWixsds
Interface Stability	Evolving

Part I Solaris ISP Server Core

man Pages(1m): Maintenance Commands

ispIntro(1M)

NAME

DESCRIPTION

ATTRIBUTES

FILES

SEE ALSO

NOTES

hcjump(1M)

NAME

SYNOPSIS

DESCRIPTION

OPERANDS

EXTENDED DESCRIPTION

EXIT STATUS

FILES

ATTRIBUTES

SEE ALSO

NOTES

hclfmd(1M)

NAME

SYNOPSIS

DESCRIPTION

EXIT STATUS

FILES

ATTRIBUTES

SEE ALSO

hcstartup(1M)

NAME

SYNOPSIS

DESCRIPTION

hcstartup Prompts

hcstartup Actions

FILES

EXIT STATUS

ATTRIBUTES

SEE ALSO

NOTES

ispldap(1M)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

EXAMPLES

Example 1 Storing Information about an LDAP Server

Example 2 Storing Information about an LDAP Server and Port

Example 3 Storing Server Information using an IP Address

EXIT STATUS

ATTRIBUTES

SEE ALSO

NOTES

isprshp(1M)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

EXAMPLES

Example 1 Setting the Port Number

EXIT STATUS

ATTRIBUTES

SEE ALSO

NOTES

mchelp(1M)

NAME

SYNOPSIS

DESCRIPTION

EXAMPLES

Example 1 mchelp Output

EXIT STATUS

ATTRIBUTES

SEE ALSO

mcreg(1M)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

EXTENDED DESCRIPTION

Three-Tier Web-Based GUIs

Two-Tier Web-Based GUIs

`hcstartup` Prompts

`hcstartup` Actions

Example 1 `mchelp` Output

Example 1 `mcunreg` on the Service Host

Example 2 `mcunreg` on the Sun Internet Administrator Host

`uninstall-sisp1.0` Prompts

`uninstall-sisp1.0` Actions