oracle home
Working With Oracle
®
Solaris 11.2 Directory and Naming Services: LDAP
Exit Print View
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.2 Information Library
»
Working With Oracle
®
Solaris ...
Updated: July 2014
Language:
English
Working With Oracle
®
Solaris 11.2 Directory and Naming Services: LDAP
July 2014
Describes how to set up and administer the LDAP naming service.
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
1 Introduction to the LDAP Naming Service
LDAP in This Oracle Solaris Release
Overview of LDAP Naming Service
How LDAP Stores Information
Comparison: LDAP Naming Service and Other Naming Services
LDAP Commands
General LDAP Commands
LDAP Commands Specific to LDAP Operations
2 LDAP and Authentication Service
LDAP Naming Services Security Model
Transport Layer Security
Client Credential Levels
enableShadowUpdate Switch
Credential Storage for LDAP Clients
Authentication Methods for the LDAP Naming Service
Specifying Authentication Methods for Specific Services in LDAP
Pluggable Authentication Methods
LDAP Service Module
pam_unix_* Service Modules
Kerberos Service Module
PAM and Changing Passwords
LDAP Account Management
LDAP Account Management With the pam_unix_* Modules
Example pam_conf File Using the pam_ldap Module for Account Management
3 Planning Requirements for LDAP Naming Services
LDAP Planning Overview
Planning the Configuration of the LDAP Client Profile
LDAP Network Model
Directory Information Tree
Security Considerations
Planning the Deployment of LDAP Master and Replica Servers
Planning the LDAP Data Population
Service Search Descriptors and Schema Mapping
Description of SSDs
attributeMap Attributes
objectclassMap Attribute
Summary: Default Client Profile Attributes to Prepare for LDAP Implementation
Blank Checklists for Configuring LDAP
4 Setting Up Oracle Directory Server Enterprise Edition With LDAP Clients
Preparing Information for Configuring the Directory Server
Server Information for LDAP
Client Profile Information for LDAP
Using Browsing Indexes
Creating the Directory Tree Definitions
How to Configure Oracle Directory Server Enterprise Edition for the LDAP Naming Service
Examples of Server Configuration for LDAP
Building the Directory Information Tree
Defining Service Search Descriptors
Populating the LDAP Server with Data
How to Populate the Server With Data
Additional Directory Server Configuration Tasks
Specifying Group Memberships by Using the Member Attribute
Populating the Directory Server With Additional Profiles
How to Populate the Directory Server With Additional Profiles by Using the ldapclient Command
Configuring the Directory Server to Enable Account Management
Account Management for Clients That Use the pam_ldap Module
Account Management for Clients That Use the pam_unix_* Modules
5 Setting Up LDAP Clients
Preparing for LDAP Client Setup
LDAP and the Service Management Facility
Defining Local Client Attributes
Administering LDAP Clients
Initializing an LDAP Client
Modifying an LDAP Client Configuration
Uninitializing an LDAP Client
Using LDAP for Client Authentication
Configuring PAM
Configuring PAM to Use UNIX policy
Configuring PAM to Use LDAP server_policy
Setting Up TLS Security
6 Troubleshooting LDAP
Monitoring LDAP Client Status
Verifying That the ldap_cachemgr Daemon Is Running
Checking the Current Profile Information
Verifying Basic Client-Server Communication
Checking Server Data From a Non-Client Machine
LDAP Configuration Problems and Solutions
Unresolved Host Name
Unable to Reach Systems in the LDAP Domain Remotely
Login Does Not Work
Lookup Too Slow
ldapclient Command Cannot Bind to a Server
Using the ldap_cachemgr Daemon for Debugging
ldapclient Command Hangs During Setup
Resolving Issues When Using Per-User Credentials
syslog File Indicates 82 Local Error
Kerberos Not Initializing Automatically
syslog File Indicates Invalid Credentials
The ldapclient init Command Fails in the Switch Check
Retrieving LDAP Naming Services Information
Listing All LDAP Containers
Listing All User Entry Attributes
7 LDAP Naming Service (Reference)
IETF Schemas for LDAP
RFC 2307bis Network Information Service Schema
Mail Alias Schema
Directory User Agent Profile (DUAProfile) Schema
Oracle Solaris Schemas
Projects Schema
Role-Based Access Control and Execution Profile Schema
Internet Print Protocol Information for LDAP
Internet Print Protocol Attributes
Internet Print Protocol ObjectClasses
Printer Attributes
Sun Printer ObjectClasses
Generic Directory Server Requirements for LDAP
Default Filters Used by LDAP Naming Services
8 Transitioning From NIS to LDAP
NIS-to-LDAP Service Overview
NIS-to-LDAP Tools and the Service Management Facility
NIS-to-LDAP Audience Assumptions
When Not to Use the NIS-to-LDAP Service
Effects of the NIS-to-LDAP Service on Users
NIS-to-LDAP Transition Terminology
NIS-to-LDAP Commands, Files, and Maps
Supported Standard Mappings
Transitioning From NIS to LDAP (Task Map)
Prerequisites for the NIS-to-LDAP Transition
Setting Up the NIS-to-LDAP Service
How to Set Up the N2L Service With Standard Mappings
How to Set Up the N2L Service With Custom or Nonstandard Mappings
Examples of Custom Maps
NIS-to-LDAP Best Practices With Oracle Directory Server Enterprise Edition
Creating Virtual List View Indexes With Oracle Directory Server Enterprise Edition
VLVs for Standard Maps
VLVs for Custom and Nonstandard Maps
Avoiding Server Timeouts With Oracle Directory Server Enterprise Edition
Avoiding Buffer Overruns With Oracle Directory Server Enterprise Edition
NIS-to-LDAP Restrictions
NIS-to-LDAP Troubleshooting
Common LDAP Error Messages
NIS-to-LDAP Issues
Debugging the NISLDAPmapping File
N2L Server Timeout Issue
N2L Lock File Issue
N2L Deadlock Issue
Reverting to NIS
How to Revert to Maps Based on Old Source Files
How to Revert to Maps Based on Current DIT Contents
Glossary
Index
A
B
C
D
E
F
G
I
K
L
M
N
O
P
R
S
T
U
V
W
X
Y