Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019

Populate the LDAP Server With Trusted Extensions Data

Several LDAP databases have been created or modified to hold Trusted Extensions data about label configuration, users, and remote systems. In this procedure, you populate the LDAP server databases with Trusted Extensions information.

Before You Begin

You must be in the root role in the global zone. You are on an LDAP client. For the prerequisites, see Create an LDAP Client to Populate the LDAP Server.

  1. Create a staging area for files that you plan to use to populate the naming service databases.
    # mkdir -p /setup/files
  2. Copy the sample /etc files into the staging area.
    # cd /etc
    # cp aliases group networks netmasks protocols /setup/files
    # cp rpc services auto_master /setup/files
    # cd /etc/security/tsol
    # cp tnrhdb tnrhtp /setup/files


    Caution  -  Do not copy the *attr files. Rather, use the –S ldap option to the commands that add users, roles, and rights profiles to the LDAP repository. These commands add entries for the user_attr, auth_attr, exec_attr, and prof_attr databases. For more information, see the user_attr(5) and useradd(8) man pages.

  3. Remove the +auto_master entry from the /setup/files/auto_master file.
  4. Create the zone automaps in the staging area.
    # cp /zone/public/root/etc/auto_home_public /setup/files
    # cp /zone/internal/root/etc/auto_home_internal /setup/files
    # cp /zone/needtoknow/root/etc/auto_home_needtoknow /setup/files
    # cp /zone/restricted/root/etc/auto_home_restricted /setup/files

      In the following list of automaps, the first of each pair of lines shows the name of the file. The second line of each pair shows the file contents. The zone names identify labels from the default label_encodings file that is included with the Trusted Extensions software.

    • Substitute your zone names for the zone names in these lines.

    • myNFSserver identifies the NFS server for the home directories.

    * myNFSserver_FQDN:/zone/public/root/export/home/&
    * myNFSserver_FQDN:/zone/internal/root/export/home/&
    * myNFSserver_FQDN:/zone/needtoknow/root/export/home/&
    * myNFSserver_FQDN:/zone/restricted/root/export/home/&
  5. Populate the LDAP server with every file in the staging area.
  6. Disable the LDAP client on the LDAP server and verify that the client is disabled.

    For more information, see the ldapclient(8) man page.

  7. To add information to the Trusted Extensions network databases in LDAP after initial population, use the tncfg -S ldap command.

    For instructions, see Labeling Hosts and Networks.