Create an LDAP Client for the LDAP Server - Trusted Extensions Configuration and Administration

Trusted Extensions Configuration and Administration

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Trusted Extensions Configuration and ... » Initial Configuration of Trusted Extensions » Configuring LDAP for Trusted Extensions » Configuring the Oracle Directory Server ... » Create an LDAP Client for the LDAP Server

Updated: July 2014

Trusted Extensions Configuration and Administration

Document Information

Using This Documentation

Part I Initial Configuration of Trusted Extensions

Chapter 1 Security Planning for Trusted Extensions

What's New in Trusted Extensions in Oracle Solaris 11.2

Planning for Security in Trusted Extensions

Results of Enabling Trusted Extensions From an Administrator's Perspective

Chapter 2 Configuration Roadmap for Trusted Extensions

Task Map: Preparing for and Enabling Trusted Extensions

Task Map: Choosing a Trusted Extensions Configuration

Task Map: Configuring Trusted Extensions With the Provided Defaults

Task Map: Configuring Trusted Extensions to Meet Your Site's Requirements

Chapter 3 Adding the Trusted Extensions Feature to Oracle Solaris

Initial Setup Team Responsibilities

Resolving Security Issues Before Installing Trusted Extensions

Installing and Enabling Trusted Extensions

Chapter 4 Configuring Trusted Extensions

Setting Up the Global Zone in Trusted Extensions

Creating Labeled Zones

Configuring the Network Interfaces in Trusted Extensions

Creating Roles and Users in Trusted Extensions

Creating Centralized Home Directories in Trusted Extensions

Troubleshooting Your Trusted Extensions Configuration

Additional Trusted Extensions Configuration Tasks

Chapter 5 Configuring LDAP for Trusted Extensions

Configuring LDAP on a Trusted Extensions Network

Configuring an LDAP Proxy Server on a Trusted Extensions System

Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System

Collect Information for the LDAP Server

Install the Oracle Directory Server Enterprise Edition

Create an LDAP Client for the LDAP Server

Configure the Logs for the Oracle Directory Server Enterprise Edition

Configure a Multilevel Port for the Oracle Directory Server Enterprise Edition

Populate the Oracle Directory Server Enterprise Edition

Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition

Create an LDAP Proxy Server

Creating a Trusted Extensions LDAP Client

Make the Global Zone an LDAP Client in Trusted Extensions

Part II Administration of Trusted Extensions

Appendix A Site Security Policy

Appendix B Configuration Checklist for Trusted Extensions

Appendix C Quick Reference to Trusted Extensions Administration

Appendix D List of Trusted Extensions Man Pages

Language:

Create an LDAP Client for the LDAP Server

You use this client to populate your LDAP Server for LDAP. You must perform this task before you populate the LDAP Server.

You can create the client temporarily on the Trusted Extensions Directory Server, then remove the client on the server, or you can create an independent client.

Before You Begin

You are in the root role in the global zone.

Add Trusted Extensions software to a system.
You can use the Trusted Extensions LDAP Server, or add Trusted Extensions to a separate system. For instructions, see Chapter 3, Adding the Trusted Extensions Feature to Oracle Solaris.

On the client, configure LDAP in the name-service/switch service.

Display the current configuration.

# svccfg -s name-service/switch listprop config
config                       application
config/value_authorization   astring       solaris.smf.value.name-service.switch
config/default               astring       "files ldap"
config/host                  astring       "files dns"
config/netgroup              astring       ldap
config/printer               astring       "user files ldap"

Change the following property from the default:

# svccfg -s name-service/switch setprop config/host = astring: "files ldap dns"

In the global zone, run the ldapclient init command.

In this example, the LDAP client is in the example-domain.com domain. The server's IP address is 192.168.5.5.

# ldapclient init -a domainName=example-domain.com -a profileName=default \
> -a proxyDN=cn=proxyagent,ou=profile,dc=example-domain,dc=com \
> -a proxyDN=cn=proxyPassword={NS1}ecc423aad0 192.168.5.5
System successfully configured

Set the server's enableShadowUpdate parameter to TRUE.
```
# ldapclient -v mod -a enableShadowUpdate=TRUE \
> -a adminDN=cn=admin,ou=profile,dc=example-domain,dc=com
System successfully configured
```
For information about the enableShadowUpdate parameter, see enableShadowUpdate Switch in Working With Oracle Solaris 11.2 Directory and Naming Services: LDAP and the ldapclient(1M) man page.

Copyright © 1992, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices