Go to main content

Working With Oracle® Solaris 11.4 Directory and Naming Services: LDAP

Exit Print View

Updated: November 2020
 
 

Initializing an LDAP Client

You can initialize the LDAP client with the ldapclient in one of two ways:

  • Using a profile – When you use the ldapclient command, you must specify the server address of the profile and the domain. If you do not specify a profile, the default profile is assumed. The server provides the rest of the required information from the profile except the proxy and certificate database information.

    If a client's credential level is proxy or proxy anonymous, you must supply the proxy bind DN and password. For more information, see Client Credential Levels.

    To enable shadow data update, you must provide the administrator's credentials (adminDN and the adminPassword).

    Using a profile reduces the complexity of LDAP configuration, particularly in enterprise environments.

  • Defining all the parameters in a single command line – If profile does not exist, you can create the profile on the client itself. With this method, the profile information is stored in cache files and is never refreshed by the server.

You can use various options with the ldapclient command to initialize the client depending on the type of client and the client profile:

  • Initializing a client by using a profile that is configured with default values. For example:

    # ldapclient init -a profilename=new -a domainname=west.example.com 192.0.2.1
System successfully configured

  • Initialize a client whose profile is configured with per-user credentials and uses the sasl/GSSAPI authentication method.

    Note - Several requirements must be fulfilled when you initialize a client that is configured with per-user credentials, such as Kerberos configuration and DNS server configuration to work with LDAP. For information about Kerberos, see Managing Kerberos in Oracle Solaris 11.4. For information about DNS configuration, see Chapter 3, Managing DNS Server and Client Services in Working With Oracle Solaris 11.4 Directory and Naming Services: DNS and NIS.
    # ldapclient init -a profilename=gssapi_EXAMPLE.COM \
-a domainname=example.com 192.0.2.1

  • Initializing a client that uses proxy credentials. For example:

    # ldapclient init \
-a proxyDN=cn=proxyagent,ou=profile,dc=west,dc=example,dc=com \
-a domainname=west.example.com \
-a profilename=pit1 \
-a proxypassword=test1234 192.0.2.1

    The –a proxyDN and –a proxyPassword options are required if the profile to be used is set up for proxy. Because the credentials are not stored in the profile saved on the server, you must supply the information when you initialize the client. This method is more secure than the older method of storing the proxy credentials on the server.

    The proxy information is stored in the svc:/network/ldap/client service in the config and cred property groups.

  • Initializing a client to enable the shadow data to be updated. For example:

    # ldapclient init \
-a adminDN=cn=admin,ou=profile,dc=west,dc=example,dc=com \
-a adminPassword=admin-password \
-a domainName=west.example.com \
-a profileName=WestUserProfile \
-a proxyDN=cn=proxyagent,ou=profile,dc=west,dc=example,dc=com \
-a proxyPassword=proxy-password \
-a enableShadowUpdate=TRUE \
192.0.2.1
System successfully configured
Copyright © 2002, 2020, Oracle and/or its affiliates.  
Previous
Next