Ensure that SSL/TLS is enabled on the LDAP server if you want to access the server by using the corresponding security mechanism.
~$ /usr/sbin/ldapservercfg oud Enter the administration port number for DS (h=help): [4444] Enter the port number for DS (h=help): [389] 1389 Enter the directory manager CN: [Directory Manager] Enter password for Directory Manager: The following are existing base DNs [1] dc=example,dc=com Please select LDAP base DN: (1-1) [1] Validating LDAP Base DN and Suffix ... Found valid LDAP entry: dc=example,dc=com Found an existing backend "userRoot" sasl/GSSAPI is not supported by this LDAP server. If you want to enable sasl/GSSAPI authentication, please refer to server manual guide to setup sasl/GSSAPI and Kerberos first. Enter the profile name (h=help): [default] Default server list (h=help): [abc.example.com:1389] Choose desired search scope (one, sub, h=help): [one] The following are the supported credential levels: 1 anonymous 2 proxy Choose Credential level [h=help]: [2] Enter CN for proxy agent: [proxyagent] Enter password for proxy agent: Re-enter password: The following are the supported Authentication Methods: 1 simple 2 tls:simple Choose Authentication Method: [2] Do you want the clients to follow referrals? (yes/[no]) [yes] Do you want to store passwords in "crypt" format? (yes/[no]) [yes] Do you want to enable shadow update? (yes/[no]) [yes] Enter CN for the administrator: [admin] Enter password for the administrator: Re-enter password: Do you wish to setup Service Search Descriptors? (yes/[no]) [no] No replicated server found for base dn "dc=example,dc=com". Summary of Configuration 1 Profile name to create : default 2 Base DN to setup : dc=example,dc=com 3 Default Search Scope : one 4 Default Server List : abc.example.com:1389 5 Credential Level : proxy 6 Authentication Method : tls:simple 7 Enable crypt password storage : True 8 Enable shadow update : True 9 Service Search Descriptors Menu Enter config value to change: (1-9 0=commit changes) [0] WARNING: About to start committing changes. (yes/[no]) yes == Begin Directory Server Configuration == 1. Doing compatible configuration... Configuring server "abc.example.com" ... 2. Schema have been updated. 3. Adding suffix... Suffix dc=example,dc=com already existed. 4. NisDomainObject added to "dc=example,dc=com". 5. ACI "Anonymous access" was added for suffix "dc=example,dc=com". 6. ACI "Allow self entry modification except for some attributes" was added for suffix "dc=example,dc=com". 7. ACI "Configuration Administrator" was added for suffix "dc=example,dc=com". 8. ACI "Configuration Administrators Group" was added for suffix "dc=example,dc=com". Entry "people" was added into the directory. Entry "group" was added into the directory. Entry "rpc" was added into the directory. Entry "protocols" was added into the directory. Entry "networks" was added into the directory. Entry "aliases" was added into the directory. Entry "hosts" was added into the directory. Entry "services" was added into the directory. Entry "ethers" was added into the directory. Entry "profile" was added into the directory. Entry "printers" was added into the directory. Entry "netgroup" was added into the directory. Entry "projects" was added into the directory. Entry "SolarisAuthAttr" was added into the directory. Entry "SolarisProfAttr" was added into the directory. Entry "Timezone" was added into the directory. Entry "ipTnet" was added into the directory. 9. Top level "ou" containers complete. Entry "auto_home" was added into the directory. Entry "auto_direct" was added into the directory. Entry "auto_master" was added into the directory. Entry "auto_shared" was added into the directory. 10. automount maps: ['auto_home', 'auto_direct', 'auto_master', 'auto_shared'] processed. 11. ACI for dc=example,dc=com modified to disable self modification. 12. Proxy Agent cn=proxyagent,ou=profile,dc=example,dc=com added. 13. Administrator identity cn=admin,ou=profile,dc=example,dc=com added. 14. Add password-reset privilege to cn=admin,ou=profile,dc=example,dc=com. Proxy ACI LDAP_Naming_Services_proxy_password_read does not exist for dc=example,dc=com. 15. Give cn=admin,ou=profile,dc=example,dc=com read/write access to shadow data. 16. Non-Admin access to shadow data denied. 17. Generated client profile and loaded on server. 18. Setup indexes ... Checking indexes for server "abc.example.com": Will create index uidNumber (eq, pres) Will create index ipNetworkNumber (eq, pres) Will create index gidnumber (eq, pres) Will create index oncrpcnumber (eq, pres) Will create index automountKey (eq, pres) Will create index ipHostNumber (eq, pres, sub) Will create index membernisnetgroup (eq, pres, sub) Will create index nisnetgrouptriple (eq, pres, sub) Adding Access Control Information for VLV Index... Will create vlv_index example.com.getgrent Will create vlv_index example.com.gethostent Will create vlv_index example.com.getnetent Will create vlv_index example.com.getpwent Will create vlv_index example.com.getrpcent Will create vlv_index example.com.getspent Will create vlv_index example.com.getauhoent Will create vlv_index example.com.getsoluent Will create vlv_index example.com.getsolquent Will create vlv_index example.com.getauthent Will create vlv_index example.com.getexecent Will create vlv_index example.com.getprofent Will create vlv_index example.com.getmailent Will create vlv_index example.com.getbootent Will create vlv_index example.com.getethent Will create vlv_index example.com.getngrpent Will create vlv_index example.com.getipnent Will create vlv_index example.com.getmaskent Will create vlv_index example.com.getprent Will create vlv_index example.com.getip4ent Will create vlv_index example.com.getip6ent 19. Creating indexes... Configuring server "abc.example.com" ... 20. Rebuilding indexes... 21. Verifying indexes... == End Directory Server Configuration == Setup LDAP server is complete.