Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: December 2017

Create an LDAP Client for the LDAP Server

You use this client to populate your LDAP Server for LDAP. You must perform this task before you populate the LDAP Server.

You can create the client temporarily on the Trusted Extensions Directory Server, then remove the client on the server, or you can create an independent client.

Before You Begin

You are in the root role in the global zone.

  1. Add Trusted Extensions software to a system.

    You can use the Trusted Extensions LDAP Server, or add Trusted Extensions to a separate system. For instructions, see Adding the Trusted Extensions Feature to Oracle Solaris.

  2. On the client, configure LDAP in the name-service/switch service.
    1. Display the current configuration.
      # svccfg -s name-service/switch listprop config
      config                       application
      config/value_authorization   astring       solaris.smf.value.name-service.switch
      config/default               astring       "files ldap"
      config/host                  astring       "files dns"
      config/netgroup              astring       ldap
      config/printer               astring       "user files ldap"
    2. Change the following property from the default:
      # svccfg -s name-service/switch setprop config/host = astring: "files ldap dns"
  3. In the global zone, run the ldapclient init command.

    In this example, the LDAP client is in the example-domain.com domain. The server's IP address is

    # ldapclient init -a domainName=example-domain.com -a profileName=default \
    > -a proxyDN=cn=proxyagent,ou=profile,dc=example-domain,dc=com \
    > -a proxyDN=cn=proxyPassword={NS1}ecc423aad0
    System successfully configured
  4. Set the server's enableShadowUpdate parameter to TRUE.
    # ldapclient -v mod -a enableShadowUpdate=TRUE \
    > -a adminDN=cn=admin,ou=profile,dc=example-domain,dc=com
    System successfully configured

    For information about the enableShadowUpdate parameter, see Enabling Shadow Data Updates in Working With Oracle Solaris 11.3 Directory and Naming Services: LDAP and the ldapclient(1M) man page.