Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: November 2020
 
 

Quick Reference for the LDAP Directory Service in Trusted Extensions

The LDAP naming service is managed in Trusted Extensions as it is managed in Oracle Solaris. See the following for sources for LDAP in Oracle Solaris and Trusted Extensions database schema.

LDAP Packages and Documentation in Oracle Solaris

The OpenLDAP package pkg:/library/openldap is bundled with Oracle Solaris. For OpenLDAP information, including configuration and debugging, see OpenLDAP Documentation and Working With Oracle Solaris 11.4 Directory and Naming Services: LDAP.

The Oracle Unified Directory (OUD), an LDAP directory server from Oracle can be downloaded from the Oracle web site. For OUD information, including installation, see Oracle Identity Management (https://www.oracle.com/middleware/technologies/identity-management/).

Trusted Extensions Database Schema for LDAP

Trusted Extensions extends the LDAP server schema to accommodate the tnrhdb and tnrhtp databases. Trusted Extensions defines two new attributes, ipTnetNumber and ipTnetTemplateName, and two new object classes, ipTnetTemplate and ipTnetHost.

The attribute definitions are as follows:

ipTnetNumber
( 1.3.6.1.1.1.1.34 NAME 'ipTnetNumber'
DESC 'Trusted network host or subnet address'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
ipTnetTemplateName
( 1.3.6.1.1.1.1.35 NAME 'ipTnetTemplateName'
DESC 'Trusted network template name'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )

The object class definitions are as follows:

ipTnetTemplate
( 1.3.6.1.1.1.2.18 NAME 'ipTnetTemplate' SUP top STRUCTURAL
DESC 'Object class for Trusted network host templates'
MUST ( ipTnetTemplateName )
MAY ( SolarisAttrKeyValue ) )

ipTnetHost
( 1.3.6.1.1.1.2.19 NAME 'ipTnetHost' SUP top AUXILIARY
DESC 'Object class for Trusted network host/subnet address
to template mapping'
MUST ( ipTnetNumber $ ipTnetTemplateName ) )

The cipso template definition in LDAP is similar to the following:

ou=ipTnet,dc=example,dc=example1,dc=exampleco,dc=com
objectClass=top
objectClass=organizationalUnit
ou=ipTnet

ipTnetTemplateName=cipso,ou=ipTnet,dc=example,dc=example1,dc=exampleco,dc=com
objectClass=top
objectClass=ipTnetTemplate
ipTnetTemplateName=cipso
SolarisAttrKeyValue=host_type=cipso;doi=1;min_sl=ADMIN_LOW;max_sl=ADMIN_HIGH;

ipTnetNumber=0.0.0.0,ou=ipTnet,dc=example,dc=example1,dc=exampleco,dc=com
objectClass=top
objectClass=ipTnetTemplate
objectClass=ipTnetHost
ipTnetNumber=0.0.0.0
ipTnetTemplateName=internal