Ensure that SSL/TLS is enabled on the LDAP server if you want to access the server by using the corresponding security mechanism.
~$ /usr/sbin/ldapservercfg oud
Enter the administration port number for DS (h=help): [4444]
Enter the port number for DS (h=help): [389] 1389
Enter the directory manager CN: [Directory Manager]
Enter password for Directory Manager:
The following are existing base DNs
[1] dc=example,dc=com
Please select LDAP base DN: (1-1) [1]
Validating LDAP Base DN and Suffix ...
Found valid LDAP entry: dc=example,dc=com
Found an existing backend "userRoot"
sasl/GSSAPI is not supported by this LDAP server.
If you want to enable sasl/GSSAPI authentication, please refer to server
manual guide to setup sasl/GSSAPI and Kerberos first.
Enter the profile name (h=help): [default]
Default server list (h=help): [abc.example.com:1389]
Choose desired search scope (one, sub, h=help): [one]
The following are the supported credential levels:
1 anonymous
2 proxy
Choose Credential level [h=help]: [2]
Enter CN for proxy agent: [proxyagent]
Enter password for proxy agent:
Re-enter password:
The following are the supported Authentication Methods:
1 simple
2 tls:simple
Choose Authentication Method: [2]
Do you want the clients to follow referrals? (yes/[no]) [yes]
Do you want to store passwords in "crypt" format? (yes/[no]) [yes]
Do you want to enable shadow update? (yes/[no]) [yes]
Enter CN for the administrator: [admin]
Enter password for the administrator:
Re-enter password:
Do you wish to setup Service Search Descriptors? (yes/[no]) [no]
No replicated server found for base dn "dc=example,dc=com".
Summary of Configuration
1 Profile name to create : default
2 Base DN to setup : dc=example,dc=com
3 Default Search Scope : one
4 Default Server List : abc.example.com:1389
5 Credential Level : proxy
6 Authentication Method : tls:simple
7 Enable crypt password storage : True
8 Enable shadow update : True
9 Service Search Descriptors Menu
Enter config value to change: (1-9 0=commit changes) [0]
WARNING: About to start committing changes. (yes/[no]) yes
== Begin Directory Server Configuration ==
1. Doing compatible configuration...
Configuring server "abc.example.com" ...
2. Schema have been updated.
3. Adding suffix...
Suffix dc=example,dc=com already existed.
4. NisDomainObject added to "dc=example,dc=com".
5. ACI "Anonymous access" was added for suffix "dc=example,dc=com".
6. ACI "Allow self entry modification except for some attributes" was added for suffix "dc=example,dc=com".
7. ACI "Configuration Administrator" was added for suffix "dc=example,dc=com".
8. ACI "Configuration Administrators Group" was added for suffix "dc=example,dc=com".
Entry "people" was added into the directory.
Entry "group" was added into the directory.
Entry "rpc" was added into the directory.
Entry "protocols" was added into the directory.
Entry "networks" was added into the directory.
Entry "aliases" was added into the directory.
Entry "hosts" was added into the directory.
Entry "services" was added into the directory.
Entry "ethers" was added into the directory.
Entry "profile" was added into the directory.
Entry "printers" was added into the directory.
Entry "netgroup" was added into the directory.
Entry "projects" was added into the directory.
Entry "SolarisAuthAttr" was added into the directory.
Entry "SolarisProfAttr" was added into the directory.
Entry "Timezone" was added into the directory.
Entry "ipTnet" was added into the directory.
9. Top level "ou" containers complete.
Entry "auto_home" was added into the directory.
Entry "auto_direct" was added into the directory.
Entry "auto_master" was added into the directory.
Entry "auto_shared" was added into the directory.
10. automount maps: ['auto_home', 'auto_direct', 'auto_master', 'auto_shared'] processed.
11. ACI for dc=example,dc=com modified to disable self modification.
12. Proxy Agent cn=proxyagent,ou=profile,dc=example,dc=com added.
13. Administrator identity cn=admin,ou=profile,dc=example,dc=com added.
14. Add password-reset privilege to cn=admin,ou=profile,dc=example,dc=com.
Proxy ACI LDAP_Naming_Services_proxy_password_read does not exist for dc=example,dc=com.
15. Give cn=admin,ou=profile,dc=example,dc=com read/write access to shadow data.
16. Non-Admin access to shadow data denied.
17. Generated client profile and loaded on server.
18. Setup indexes ...
Checking indexes for server "abc.example.com":
Will create index uidNumber (eq, pres)
Will create index ipNetworkNumber (eq, pres)
Will create index gidnumber (eq, pres)
Will create index oncrpcnumber (eq, pres)
Will create index automountKey (eq, pres)
Will create index ipHostNumber (eq, pres, sub)
Will create index membernisnetgroup (eq, pres, sub)
Will create index nisnetgrouptriple (eq, pres, sub)
Adding Access Control Information for VLV Index...
Will create vlv_index example.com.getgrent
Will create vlv_index example.com.gethostent
Will create vlv_index example.com.getnetent
Will create vlv_index example.com.getpwent
Will create vlv_index example.com.getrpcent
Will create vlv_index example.com.getspent
Will create vlv_index example.com.getauhoent
Will create vlv_index example.com.getsoluent
Will create vlv_index example.com.getsolquent
Will create vlv_index example.com.getauthent
Will create vlv_index example.com.getexecent
Will create vlv_index example.com.getprofent
Will create vlv_index example.com.getmailent
Will create vlv_index example.com.getbootent
Will create vlv_index example.com.getethent
Will create vlv_index example.com.getngrpent
Will create vlv_index example.com.getipnent
Will create vlv_index example.com.getmaskent
Will create vlv_index example.com.getprent
Will create vlv_index example.com.getip4ent
Will create vlv_index example.com.getip6ent
19. Creating indexes...
Configuring server "abc.example.com" ...
20. Rebuilding indexes...
21. Verifying indexes...
== End Directory Server Configuration ==
Setup LDAP server is complete.