Trusted Extensions Configuration and Administration

Exit Print View

 
Updated: July 2014
 
 

Populate the Oracle Directory Server Enterprise Edition

Several LDAP databases have been created or modified to hold Trusted Extensions data about label configuration, users, and remote systems. In this procedure, you populate the LDAP Server databases with Trusted Extensions information.

Before You Begin

You must be in the root role in the global zone. You are on an LDAP client where shadow updating is enabled. For the prerequisites, see Create an LDAP Client for the LDAP Server.

  1. Create a staging area for files that you plan to use to populate the naming service databases. 
    # mkdir -p /setup/files
  2. Copy the sample /etc files into the staging area. 
    # cd /etc
# cp aliases group networks netmasks protocols /setup/files
# cp rpc services auto_master /setup/files

# cd /etc/security/tsol
# cp tnrhdb tnrhtp /setup/files
    Caution

    Caution  - Do not copy the *attr files. Rather, use the –S ldap option to the commands that add users, roles, and rights profiles to the LDAP repository. These commands add entries for the user_attr, auth_attr, exec_attr, and prof_attr databases. For more information, see the user_attr(4) and useradd(1M) man pages.

  3. Remove the +auto_master entry from the /setup/files/auto_master file.
  4. Create the zone automaps in the staging area. 
    # cp /zone/public/root/etc/auto_home_public /setup/files
# cp /zone/internal/root/etc/auto_home_internal /setup/files
# cp /zone/needtoknow/root/etc/auto_home_needtoknow /setup/files
# cp /zone/restricted/root/etc/auto_home_restricted /setup/files

      In the following list of automaps, the first of each pair of lines shows the name of the file. The second line of each pair shows the file contents. The zone names identify labels from the default label_encodings file that is included with the Trusted Extensions software.

    • Substitute your zone names for the zone names in these lines.

    • myNFSserver identifies the NFS server for the home directories.

    /setup/files/auto_home_public
* myNFSserver_FQDN:/zone/public/root/export/home/&

/setup/files/auto_home_internal
* myNFSserver_FQDN:/zone/internal/root/export/home/&

/setup/files/auto_home_needtoknow
* myNFSserver_FQDN:/zone/needtoknow/root/export/home/&

/setup/files/auto_home_restricted
* myNFSserver_FQDN:/zone/restricted/root/export/home/&
  5. Use the ldapaddent command to populate the LDAP Server with every file in the staging area.

    For example, the following command populates the server from the hosts file in the staging area.

    # /usr/sbin/ldapaddent -D "cn=directory manager" \
   -w dirmgr123 -a simple -f /setup/files/hosts hosts
  6. If you ran the ldapclient command on the Trusted Extensions Directory Server, disable the client on that system.

    In the global zone, run the ldapclient uninit command. Use verbose output to verify that the system is no longer an LDAP client.

    # ldapclient -v uninit

    For more information, see the ldapclient(1M) man page.

  7. To populate the Trusted Extensions network databases in LDAP, use the tncfg command with the –S ldap option.

    For instructions, see Labeling Hosts and Networks.

Copyright © 1992, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next