Go to main content
oracle home
Working With Oracle
®
Solaris 11.4 Directory and Naming Services: LDAP
Exit Print View
Search Term
» ...
Documentation Home
»
Oracle Solaris 11.4 Information Library
»
Working With Oracle
®
Solaris ...
Updated: November 2020
Working With Oracle
®
Solaris 11.4 Directory and Naming Services: LDAP
Document Information
Using This Documentation
Product Documentation Library
Feedback
Chapter 1 Introduction to the LDAP Naming Service
Overview of the LDAP Naming Service
How LDAP Stores Information
LDAP Commands
General LDAP Commands
LDAP Configuration Commands
Chapter 2 LDAP and Authentication Service
LDAP Naming Service Security Model
Transport Layer Security
Client Credential Levels
Enabling Shadow Data Updates
Storing Credential for LDAP Clients
Authentication Methods for the LDAP Naming Service
Specifying Authentication Methods for Specific Services in LDAP
Pluggable Authentication Methods
LDAP Service Module
Enabling Account Management for Clients That Use the pam_ldap Module
Configuring Oracle Unified Directory for Passwordless Public Key Authentication
Configuring OpenLDAP Server for Passwordless Public Key Authentication
Configuring Microsoft Active Directory Server for Passwordless Public Key Authentication
pam_unix_* Service Modules
Kerberos Service Module
Changing Passwords That Use PAM
LDAP Account Management
LDAP Account Management With the pam_unix_* Modules
Chapter 3 Planning Requirements for LDAP Naming Services
LDAP Planning Overview
Planning the Configuration of the LDAP Client Profile
LDAP Network Model
Directory Information Tree
Security Considerations
Planning the Deployment of LDAP Master and Replica Servers
Planning the LDAP Data Population
Service Search Descriptors and Schema Mapping
About Service Search Descriptors
attributeMap Attributes
objectclassMap Attribute
Default Filters Used by the LDAP Naming Service
Default Client Profile Attributes for LDAP Implementation
Checklists for Configuring LDAP
Chapter 4 Setting Up an Oracle Unified Directory Server or OpenLDAP Server
The LDAP Server Configuration Utility
Setting Up the Oracle Unified Directory Server
How to Configure the Oracle Unified Directory Server
Creating the OUD Server Instance
Configuring the OUD Server
Setting Up the OpenLDAP Server
How to Pre-Configure a Newly Installed System to be an OpenLDAP Server
How to Migrate Existing OpenLDAP Server Configuration
Configuring the OpenLDAP Server for LDAP Clients
How to Configure an OpenLDAP Server With Settings from SMF
How to Configure OpenLDAP Server Interactively
Configuring openldap Service Properties
How to Specify Credentials
Using editprop to Modify openldap Service Properties
Troubleshooting OpenLDAP Server Configuration
ldapservercfg Warns that the System is Already Configured
ldapservercfg Shows Existing Base DNs
How to Remove OpenLDAP Configuration
Chapter 5 Setting Up LDAP Clients
Requirements for LDAP Client Setup
LDAP and the Service Management Facility
Defining LDAP Local Client Attributes
Initializing an LDAP Client
Modifying an LDAP Client Configuration
Uninitializing an LDAP Client
Using LDAP for Client Authentication
Configuring PAM for LDAP
Setting Up TLS Security
How to Set Up TLS Security
Chapter 6 Troubleshooting LDAP Configurations
Displaying the LDAP Naming Service Information
Displaying All LDAP Containers
Displaying All User Entry Attributes
Monitoring LDAP Client Status
Verifying the ldap_cachemgr Daemon Status
Viewing the State of the Service
Viewing the Information About the Service
Viewing Detailed Information About the State of the Service
Checking the Client Profile Information
Verifying Basic Client-Server Communication
Checking LDAP Server Data From a Non-Client Machine
name-service/cache Must be Enabled for Oracle Solaris 11.4
ldaplist Fails and is Restricted to Privileged Users
LDAP Configuration Problems and Solutions
Unresolved Host Name
Unable to Reach Systems in the LDAP Domain Remotely
Login Does Not Work
Lookup Too Slow
ldapclient Command Cannot Bind to a Server
Using the ldap_cachemgr Daemon for Debugging
ldapclient Command Hangs During Setup
Resolving Per-User Credentials Issues
syslog File Indicates 82 Local Error
Kerberos Not Initializing Automatically
syslog File Indicates Invalid Credentials
The ldapclient init Command Fails in the Switch Check
Chapter 7 LDAP Schemas
IETF Schemas for LDAP
RFC 2307bis Network Information Service Schema
Mail Alias Schema
Directory User Agent Profile (DUAProfile) Schema
Oracle Solaris Schemas
Projects Schema
Role-Based Access Control and Execution Profile Schema
Internet Print Protocol Information for LDAP
Internet Print Protocol Attributes
Internet Print Protocol ObjectClasses
Printer Attributes
Sun Printer ObjectClasses
Chapter 8 Transitioning From NIS to LDAP
About the NIS-to-LDAP Service
When Not to Use the NIS-to-LDAP Service
Effect of Installing the NIS-to-LDAP Service
NIS-to-LDAP Commands, Files, and Maps
Supported Standard Mappings
Transitioning From NIS to LDAP Task Map
Prerequisites for the NIS-to-LDAP Transition
Setting Up the NIS-to-LDAP Service
How to Set Up the N2L Service With Standard Mappings
How to Set Up the N2L Service With Custom or Nonstandard Mappings
Examples of Custom Maps
NIS-to-LDAP Best Practices With Oracle Unified Directory
Creating Virtual List View Indexes With Oracle Unified Directory
VLVs for Standard Maps
VLVs for Custom and Nonstandard Maps
Avoiding Server Timeouts With Oracle Unified Directory
Avoiding Buffer Overruns With Oracle Unified Directory
NIS-to-LDAP Restrictions
NIS-to-LDAP Troubleshooting
Common LDAP Error Messages
NIS-to-LDAP Issues
Debugging the NISLDAPmapping File
N2L Server Timeout Issue
N2L Lock File Issue
N2L Deadlock Issue
Reverting to NIS
How to Revert to Maps Based on NIS Source Files
How to Revert to Maps Based on DIT Contents
LDAP Glossary
Index
Index A
Index B
Index C
Index D
Index E
Index F
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index Y
Language:
English
Working With Oracle
®
Solaris 11.4 Directory and Naming Services: LDAP
November 2020
Describes how to set up and administer the LDAP naming service.
Document Information
Using This Documentation
Product Documentation Library
Feedback
1 Introduction to the LDAP Naming Service
Overview of the LDAP Naming Service
How LDAP Stores Information
LDAP Commands
General LDAP Commands
LDAP Configuration Commands
2 LDAP and Authentication Service
LDAP Naming Service Security Model
Transport Layer Security
Client Credential Levels
Enabling Shadow Data Updates
Storing Credential for LDAP Clients
Authentication Methods for the LDAP Naming Service
Specifying Authentication Methods for Specific Services in LDAP
Pluggable Authentication Methods
LDAP Service Module
Enabling Account Management for Clients That Use the pam_ldap Module
Configuring Oracle Unified Directory for Passwordless Public Key Authentication
Configuring OpenLDAP Server for Passwordless Public Key Authentication
Configuring Microsoft Active Directory Server for Passwordless Public Key Authentication
pam_unix_* Service Modules
Kerberos Service Module
Changing Passwords That Use PAM
LDAP Account Management
LDAP Account Management With the pam_unix_* Modules
3 Planning Requirements for LDAP Naming Services
LDAP Planning Overview
Planning the Configuration of the LDAP Client Profile
LDAP Network Model
Directory Information Tree
Security Considerations
Planning the Deployment of LDAP Master and Replica Servers
Planning the LDAP Data Population
Service Search Descriptors and Schema Mapping
About Service Search Descriptors
attributeMap Attributes
objectclassMap Attribute
Default Filters Used by the LDAP Naming Service
Default Client Profile Attributes for LDAP Implementation
Checklists for Configuring LDAP
4 Setting Up an Oracle Unified Directory Server or OpenLDAP Server
The LDAP Server Configuration Utility
Setting Up the Oracle Unified Directory Server
How to Configure the Oracle Unified Directory Server
Creating the OUD Server Instance
Configuring the OUD Server
Setting Up the OpenLDAP Server
How to Pre-Configure a Newly Installed System to be an OpenLDAP Server
How to Migrate Existing OpenLDAP Server Configuration
Configuring the OpenLDAP Server for LDAP Clients
How to Configure an OpenLDAP Server With Settings from SMF
How to Configure OpenLDAP Server Interactively
Configuring openldap Service Properties
How to Specify Credentials
Using editprop to Modify openldap Service Properties
Troubleshooting OpenLDAP Server Configuration
ldapservercfg Warns that the System is Already Configured
ldapservercfg Shows Existing Base DNs
How to Remove OpenLDAP Configuration
5 Setting Up LDAP Clients
Requirements for LDAP Client Setup
LDAP and the Service Management Facility
Defining LDAP Local Client Attributes
Initializing an LDAP Client
Modifying an LDAP Client Configuration
Uninitializing an LDAP Client
Using LDAP for Client Authentication
Configuring PAM for LDAP
Setting Up TLS Security
How to Set Up TLS Security
6 Troubleshooting LDAP Configurations
Displaying the LDAP Naming Service Information
Displaying All LDAP Containers
Displaying All User Entry Attributes
Monitoring LDAP Client Status
Verifying the ldap_cachemgr Daemon Status
Viewing the State of the Service
Viewing the Information About the Service
Viewing Detailed Information About the State of the Service
Checking the Client Profile Information
Verifying Basic Client-Server Communication
Checking LDAP Server Data From a Non-Client Machine
name-service/cache Must be Enabled for Oracle Solaris 11.4
ldaplist Fails and is Restricted to Privileged Users
LDAP Configuration Problems and Solutions
Unresolved Host Name
Unable to Reach Systems in the LDAP Domain Remotely
Login Does Not Work
Lookup Too Slow
ldapclient Command Cannot Bind to a Server
Using the ldap_cachemgr Daemon for Debugging
ldapclient Command Hangs During Setup
Resolving Per-User Credentials Issues
syslog File Indicates 82 Local Error
Kerberos Not Initializing Automatically
syslog File Indicates Invalid Credentials
The ldapclient init Command Fails in the Switch Check
7 LDAP Schemas
IETF Schemas for LDAP
RFC 2307bis Network Information Service Schema
Mail Alias Schema
Directory User Agent Profile (DUAProfile) Schema
Oracle Solaris Schemas
Projects Schema
Role-Based Access Control and Execution Profile Schema
Internet Print Protocol Information for LDAP
Internet Print Protocol Attributes
Internet Print Protocol ObjectClasses
Printer Attributes
Sun Printer ObjectClasses
8 Transitioning From NIS to LDAP
About the NIS-to-LDAP Service
When Not to Use the NIS-to-LDAP Service
Effect of Installing the NIS-to-LDAP Service
NIS-to-LDAP Commands, Files, and Maps
Supported Standard Mappings
Transitioning From NIS to LDAP Task Map
Prerequisites for the NIS-to-LDAP Transition
Setting Up the NIS-to-LDAP Service
How to Set Up the N2L Service With Standard Mappings
How to Set Up the N2L Service With Custom or Nonstandard Mappings
Examples of Custom Maps
NIS-to-LDAP Best Practices With Oracle Unified Directory
Creating Virtual List View Indexes With Oracle Unified Directory
VLVs for Standard Maps
VLVs for Custom and Nonstandard Maps
Avoiding Server Timeouts With Oracle Unified Directory
Avoiding Buffer Overruns With Oracle Unified Directory
NIS-to-LDAP Restrictions
NIS-to-LDAP Troubleshooting
Common LDAP Error Messages
NIS-to-LDAP Issues
Debugging the NISLDAPmapping File
N2L Server Timeout Issue
N2L Lock File Issue
N2L Deadlock Issue
Reverting to NIS
How to Revert to Maps Based on NIS Source Files
How to Revert to Maps Based on DIT Contents
LDAP Glossary
Index
A
B
C
D
E
F
H
I
K
L
M
N
O
P
R
S
T
U
V
Y