| 跳过导航链接 | |
| 退出打印视图 | |
|
系统管理指南:命名和目录服务(DNS、NIS 和 LDAP) Oracle Solaris 10 8/11 Information Library (简体中文) |
| 跳过导航链接 | |
| 退出打印视图 | |
|
|
系统管理指南:命名和目录服务(DNS、NIS 和 LDAP) Oracle Solaris 10 8/11 Information Library (简体中文) |
4. 网络信息服务 (Network Information Service, NIS)(概述)
11. 为使用 LDAP 客户机设置 Sun Java System Directory Server(任务)
使用 idsconfig 配置 Sun Java System Directory Server
如何使用 ldapaddent 向 Sun Java System Directory Server 置备用户口令数据
如何使用 ldapclient 向目录服务器置备其他配置文件
迁移 Sun Java System Directory Server
注 - 运行 idsconfig 无需特殊权限,也不必在 LDAP 命名客户机上运行。请记住在准备运行 idsconfig 时,按照基于服务器安装创建核对表中的说明创建一份核对表。您不必从服务器或 LDAP 命名服务客户机运行 idsconfig。在网络上的任何 Solaris 计算机上都可以运行 idsconfig。
 | 注意 - idsconfig 以明文形式发送目录管理器的口令。如果不希望如此,必须在目录服务器(而非客户机)上运行 idsconfig。 |
# /usr/lib/ldap/idsconfig
有关使用服务器和客户机核对表中列出的定义运行 idsconfig 的示例,请参阅示例 11-1,这些核对表位于本章开头处的基于服务器安装创建核对表中。
请注意 "no" [n] 是缺省的用户输入。如果需要清楚理解任何给定的问题,请键入
h
此时将出现一个简短的帮助段落。
在 idsconfig 完成了目录的设置之后,您需要在服务器上运行指定的命令,然后才能完成服务器的设置过程,服务器此时即准备就绪,可以为客户机提供服务。
本节提供了一个基本的 idsconfig 设置的示例,该示例使用了许多缺省值。修改客户机配置文件最复杂的方法就是创建 SSD。有关详细讨论,请参阅使用服务搜索描述符修改客户机对各个服务的访问。
提示后面方括号中的数据指示该提示的缺省值。要接受缺省值,请按下 Return 键。
注 - 对于摘要屏幕上任何留空的参数将不进行设置。
在 idsconfig 完成了目录的设置之后,您需要在服务器上运行指定的命令,然后才能完成服务器的设置过程,服务器此时即准备就绪,可以为客户机提供服务。
示例 11-1 为 Example, Inc. 网络运行 idsconfig
以下示例中,在 LDAP 服务器上创建了服务器实例后,idsconfig 实用程序将立即运行。
# usr/lib/ldap/idsconfig It is strongly recommended that you BACKUP the directory server before running idsconfig. Hit Ctrl-C at any time before the final confirmation to exit. Do you wish to continue with server setup (y/n/h)? [n] y Enter the JES Directory Server's hostname to setup: myserver Enter the port number for iDS (h=help): [389] Enter the directory manager DN: [cn=Directory Manager] Enter passwd for cn=Directory Manager : Enter the domainname to be served (h=help): [west.example.com] Enter LDAP Base DN (h=help): [dc=west,dc=example,dc=com] Checking LDAP Base DN ... Validating LDAP Base DN and Suffix ... No valid suffixes were found for Base DN dc=west,dc=example,dc=com Enter suffix to be created (b=back/h=help): [dc=west,dc=example,dc=com] Enter ldbm database name (b=back/h=help): [west] sasl/GSSAPI is not supported by this LDAP server Enter the profile name (h=help): [default] WestUserProfile Default server list (h=help): [192.168.0.1] Preferred server list (h=help): Choose desired search scope (one, sub, h=help): [one] The following are the supported credential levels: 1 anonymous 2 proxy 3 proxy anonymous 4 self 5 self proxy 6 self proxy anonymous Choose Credential level [h=help]: [1] 2 The following are the supported Authentication Methods: 1 none 2 simple 3 sasl/DIGEST-MD5 4 tls:simple 5 tls:sasl/DIGEST-MD5 6 sasl/GSSAPI Choose Authentication Method (h=help): [1] 2
Current authenticationMethod: simple Do you want to add another Authentication Method? n Do you want the clients to follow referrals (y/n/h)? [n] Do you want to modify the server timelimit value (y/n/h)? [n] y Enter the time limit for iDS (current=3600): [-1] Do you want to modify the server sizelimit value (y/n/h)? [n] y Enter the size limit for iDS (current=2000): [-1] Do you want to store passwords in "crypt" format (y/n/h)? [n] y Do you want to setup a Service Authentication Methods (y/n/h)? [n] Client search time limit in seconds (h=help): [30] Profile Time To Live in seconds (h=help): [43200] Bind time limit in seconds (h=help): [10] Do you want to enable shadow update (y/n/h)? [n] Do you wish to setup Service Search Descriptors (y/n/h)? [n]
Summary of Configuration
1 Domain to serve : west.example.com
2 Base DN to setup : dc=west,dc=example,dc=com
Suffix to create : dc=west,dc=example,dc=com
Database to create : west
3 Profile name to create : WestUserProfile
4 Default Server List : 192.168.0.1
5 Preferred Server List :
6 Default Search Scope : one
7 Credential Level : proxy
8 Authentication Method : simple
9 Enable Follow Referrals : FALSE
10 iDS Time Limit : -1
11 iDS Size Limit : -1
12 Enable crypt password storage : TRUE
13 Service Auth Method pam_ldap :
14 Service Auth Method keyserv :
15 Service Auth Method passwd-cmd:
16 Search Time Limit : 30
17 Profile Time to Live : 43200
18 Bind Limit : 10
19 Enable shadow update : FALSE
20 Service Search Descriptors MenuEnter config value to change: (1-20 0=commit changes) [0] Enter DN for proxy agent: [cn=proxyagent,ou=profile,dc=west,dc=example,dc=com] Enter passwd for proxyagent: Re-enter passwd: WARNING: About to start committing changes. (y=continue, n=EXIT) y
1. Changed timelimit to -1 in cn=config.
2. Changed sizelimit to -1 in cn=config.
3. Changed passwordstoragescheme to "crypt" in cn=config.
4. Schema attributes have been updated.
5. Schema objectclass definitions have been added.
6. Database west successfully created.
7. Suffix dc=west,dc=example,dc=com successfully created.
8. NisDomainObject added to dc=west,dc=example,dc=com.
9. Top level "ou" containers complete.
10. automount maps: auto_home auto_direct auto_master auto_shared processed.
11. ACI for dc=west,dc=example,dc=com modified to disable self modify.
12. Add of VLV Access Control Information (ACI).
13. Proxy Agent cn=proxyagent,ou=profile,dc=west,dc=example,dc=com added.
14. Give cn=proxyagent,ou=profile,dc=west,dc=example,dc=com read permission
for password.
15. Generated client profile and loaded on server.
16. Processing eq,pres indexes:
uidNumber (eq,pres) Finished indexing.
ipNetworkNumber (eq,pres) Finished indexing.
gidnumber (eq,pres) Finished indexing.
oncrpcnumber (eq,pres) Finished indexing.
automountKey (eq,pres) Finished indexing.
17. Processing eq,pres,sub indexes:
ipHostNumber (eq,pres,sub) Finished indexing.
membernisnetgroup (eq,pres,sub) Finished indexing.
nisnetgrouptriple (eq,pres,sub) Finished indexing.
18. Processing VLV indexes:
west.example.com.getgrent vlv_index Entry created
west.example.com.gethostent vlv_index Entry created
west.example.com.getnetent vlv_index Entry created
west.example.com.getpwent vlv_index Entry created
west.example.com.getrpcent vlv_index Entry created
west.example.com.getspent vlv_index Entry created
west.example.com.getauhoent vlv_index Entry created
west.example.com.getsoluent vlv_index Entry created
west.example.com.getauduent vlv_index Entry created
west.example.com.getauthent vlv_index Entry created
west.example.com.getexecent vlv_index Entry created
west.example.com.getprofent vlv_index Entry created
west.example.com.getmailent vlv_index Entry created
west.example.com.getbootent vlv_index Entry created
west.example.com.getethent vlv_index Entry created
west.example.com.getngrpent vlv_index Entry created
west.example.com.getipnent vlv_index Entry created
west.example.com.getmaskent vlv_index Entry created
west.example.com.getprent vlv_index Entry created
west.example.com.getip4ent vlv_index Entry created
west.example.com.getip6ent vlv_index Entry created
idsconfig: Setup of iDS server myserver is complete.
Note: idsconfig has created entries for VLV indexes.
For DS5.x, use the directoryserver(1m) script on myserver
to stop the server. Then, using directoryserver, follow the
directoryserver examples below to create the actual VLV indexes.
For DS6.x, use dsadm command delivered with DS6.x on myserver
to stop the server. Then, using dsadm, follow the
dsadm examples below to create the actual VLV indexes.directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getgrent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.gethostent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getnetent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getpwent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getrpcent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getspent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getauhoent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getsoluent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getauduent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getauthent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getexecent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getprofent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getmailent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getbootent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getethent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getngrpent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getipnent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getmaskent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getprent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getip4ent directoryserver -s <server-instance> vlvindex -n west -T west.example.com.getip6ent
<install-path>/bin/dsadm reindex -l -t west.example.com.getgrent <directory-instance-path> dc=west,dc=example,dc=com <install-path>/bin/dsadm reindex -l -t west.example.com.gethostent <directory-instance-path> dc=west,dc=example,dc=com . . . <install-path>/bin/dsadm reindex -l -t west.example.com.getip6ent <directory-instance-path> dc=west,dc=example,dc=com
|