Go to main content
oracle home
Working With Oracle
®
Solaris 11.3 Directory and Naming Services: LDAP
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.3 Information Library
»
Working With Oracle
®
Solaris ...
Updated: September 2018
Working With Oracle
®
Solaris 11.3 Directory and Naming Services: LDAP
Document Information
Using This Documentation
Product Documentation Library
Feedback
Chapter 1 Introduction to the LDAP Naming Service
Overview of the LDAP Naming Service
How LDAP Stores Information
LDAP Commands
General LDAP Commands
LDAP Configuration Commands
Chapter 2 LDAP and Authentication Service
LDAP Naming Service Security Model
Transport Layer Security
Client Credential Levels
Enabling Shadow Data Updates
Storing Credential for LDAP Clients
Authentication Methods for the LDAP Naming Service
Specifying Authentication Methods for Specific Services in LDAP
Pluggable Authentication Methods
LDAP Service Module
Configuring Oracle Directory Server Enterprise Edition for Passwordless Public Key Authentication
Configuring Microsoft Active Directory Server for Passwordless Public Key Authentication
pam_unix_* Service Modules
Kerberos Service Module
Changing Passwords That Use PAM
LDAP Account Management
LDAP Account Management With the pam_unix_* Modules
Chapter 3 Planning Requirements for LDAP Naming Services
LDAP Planning Overview
Planning the Configuration of the LDAP Client Profile
LDAP Network Model
Directory Information Tree
Security Considerations
Planning the Deployment of LDAP Master and Replica Servers
Single-Master Replication
Multi-Master Replication
Planning the LDAP Data Population
Service Search Descriptors and Schema Mapping
About Service Search Descriptors
attributeMap Attributes
objectclassMap Attribute
Default Filters Used by the LDAP Naming Service
Default Client Profile Attributes for LDAP Implementation
Checklists for Configuring LDAP
Chapter 4 Setting Up the Oracle Directory Server Enterprise Edition With LDAP Clients
Directory Server Requirements
Server Information for Configuring the Directory Server
LDAP Client Profile Information
Creating Browsing Indexes for the Directory Tree
Creating the Directory Tree Definitions
How to Configure Oracle Directory Server Enterprise Edition for the LDAP Naming Service
Example of Server Configuration for LDAP
Building the Directory Information Tree
Defining Service Search Descriptors
Populating the LDAP Server With Data
Additional Directory Server Configuration Tasks
Specifying Group Memberships by Using the Member Attribute
Populating the Directory Server With Additional Profiles
How to Populate the Directory Server With Additional Profiles
Configuring the Directory Server to Enable Account Management
Enabling Account Management for Clients That Use the pam_ldap Module
Enabling Account Management for Clients That Use the pam_unix_* Modules
Chapter 5 Setting Up LDAP Clients
Requirements for LDAP Client Setup
LDAP and the Service Management Facility
Defining LDAP Local Client Attributes
Initializing an LDAP Client
Modifying an LDAP Client Configuration
Uninitializing an LDAP Client
Using LDAP for Client Authentication
Configuring PAM for LDAP
Configuring PAM to Use UNIX policy
Configuring PAM to Use LDAP server_policy
Setting Up TLS Security
How to Set Up TLS Security
Chapter 6 Troubleshooting LDAP Configurations
Displaying the LDAP Naming Service Information
Displaying All LDAP Containers
Displaying All User Entry Attributes
Monitoring LDAP Client Status
Verifying the ldap_cachemgr Daemon Status
Checking the Client Profile Information
Verifying Basic Client-Server Communication
Checking LDAP Server Data From a Non-Client Machine
LDAP Configuration Problems and Solutions
Unresolved Host Name
Unable to Reach Systems in the LDAP Domain Remotely
Login Does Not Work
Lookup Too Slow
ldapclient Command Cannot Bind to a Server
Using the ldap_cachemgr Daemon for Debugging
ldapclient Command Hangs During Setup
Resolving Per-User Credentials Issues
syslog File Indicates 82 Local Error
Kerberos Not Initializing Automatically
syslog File Indicates Invalid Credentials
The ldapclient init Command Fails in the Switch Check
Chapter 7 LDAP Schemas
IETF Schemas for LDAP
RFC 2307bis Network Information Service Schema
Mail Alias Schema
Directory User Agent Profile (DUAProfile) Schema
Oracle Solaris Schemas
Projects Schema
Role-Based Access Control and Execution Profile Schema
Internet Print Protocol Information for LDAP
Internet Print Protocol Attributes
Internet Print Protocol ObjectClasses
Printer Attributes
Sun Printer ObjectClasses
Chapter 8 Transitioning From NIS to LDAP
About the NIS-to-LDAP Service
When Not to Use the NIS-to-LDAP Service
Effect of Installing the NIS-to-LDAP Service
NIS-to-LDAP Commands, Files, and Maps
Supported Standard Mappings
Transitioning From NIS to LDAP Task Map
Prerequisites for the NIS-to-LDAP Transition
Setting Up the NIS-to-LDAP Service
How to Set Up the N2L Service With Standard Mappings
How to Set Up the N2L Service With Custom or Nonstandard Mappings
Examples of Custom Maps
NIS-to-LDAP Best Practices With Oracle Directory Server Enterprise Edition
Creating Virtual List View Indexes With Oracle Directory Server Enterprise Edition
VLVs for Standard Maps
VLVs for Custom and Nonstandard Maps
Avoiding Server Timeouts With Oracle Directory Server Enterprise Edition
Avoiding Buffer Overruns With Oracle Directory Server Enterprise Edition
NIS-to-LDAP Restrictions
NIS-to-LDAP Troubleshooting
Common LDAP Error Messages
NIS-to-LDAP Issues
Debugging the NISLDAPmapping File
N2L Server Timeout Issue
N2L Lock File Issue
N2L Deadlock Issue
Reverting to NIS
How to Revert to Maps Based on NIS Source Files
How to Revert to Maps Based on DIT Contents
Glossary
Index
Index A
Index B
Index C
Index D
Index E
Index F
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index Y
Language:
English
Working With Oracle
®
Solaris 11.3 Directory and Naming Services: LDAP
September 2018
Describes how to set up and administer the LDAP naming service.
Document Information
Using This Documentation
Product Documentation Library
Feedback
1 Introduction to the LDAP Naming Service
Overview of the LDAP Naming Service
How LDAP Stores Information
LDAP Commands
General LDAP Commands
LDAP Configuration Commands
2 LDAP and Authentication Service
LDAP Naming Service Security Model
Transport Layer Security
Client Credential Levels
Enabling Shadow Data Updates
Storing Credential for LDAP Clients
Authentication Methods for the LDAP Naming Service
Specifying Authentication Methods for Specific Services in LDAP
Pluggable Authentication Methods
LDAP Service Module
Configuring Oracle Directory Server Enterprise Edition for Passwordless Public Key Authentication
Configuring Microsoft Active Directory Server for Passwordless Public Key Authentication
pam_unix_* Service Modules
Kerberos Service Module
Changing Passwords That Use PAM
LDAP Account Management
LDAP Account Management With the pam_unix_* Modules
3 Planning Requirements for LDAP Naming Services
LDAP Planning Overview
Planning the Configuration of the LDAP Client Profile
LDAP Network Model
Directory Information Tree
Security Considerations
Planning the Deployment of LDAP Master and Replica Servers
Single-Master Replication
Multi-Master Replication
Planning the LDAP Data Population
Service Search Descriptors and Schema Mapping
About Service Search Descriptors
attributeMap Attributes
objectclassMap Attribute
Default Filters Used by the LDAP Naming Service
Default Client Profile Attributes for LDAP Implementation
Checklists for Configuring LDAP
4 Setting Up the Oracle Directory Server Enterprise Edition With LDAP Clients
Directory Server Requirements
Server Information for Configuring the Directory Server
LDAP Client Profile Information
Creating Browsing Indexes for the Directory Tree
Creating the Directory Tree Definitions
How to Configure Oracle Directory Server Enterprise Edition for the LDAP Naming Service
Example of Server Configuration for LDAP
Building the Directory Information Tree
Defining Service Search Descriptors
Populating the LDAP Server With Data
Additional Directory Server Configuration Tasks
Specifying Group Memberships by Using the Member Attribute
Populating the Directory Server With Additional Profiles
How to Populate the Directory Server With Additional Profiles
Configuring the Directory Server to Enable Account Management
Enabling Account Management for Clients That Use the pam_ldap Module
Enabling Account Management for Clients That Use the pam_unix_* Modules
5 Setting Up LDAP Clients
Requirements for LDAP Client Setup
LDAP and the Service Management Facility
Defining LDAP Local Client Attributes
Initializing an LDAP Client
Modifying an LDAP Client Configuration
Uninitializing an LDAP Client
Using LDAP for Client Authentication
Configuring PAM for LDAP
Configuring PAM to Use UNIX policy
Configuring PAM to Use LDAP server_policy
Setting Up TLS Security
How to Set Up TLS Security
6 Troubleshooting LDAP Configurations
Displaying the LDAP Naming Service Information
Displaying All LDAP Containers
Displaying All User Entry Attributes
Monitoring LDAP Client Status
Verifying the ldap_cachemgr Daemon Status
Checking the Client Profile Information
Verifying Basic Client-Server Communication
Checking LDAP Server Data From a Non-Client Machine
LDAP Configuration Problems and Solutions
Unresolved Host Name
Unable to Reach Systems in the LDAP Domain Remotely
Login Does Not Work
Lookup Too Slow
ldapclient Command Cannot Bind to a Server
Using the ldap_cachemgr Daemon for Debugging
ldapclient Command Hangs During Setup
Resolving Per-User Credentials Issues
syslog File Indicates 82 Local Error
Kerberos Not Initializing Automatically
syslog File Indicates Invalid Credentials
The ldapclient init Command Fails in the Switch Check
7 LDAP Schemas
IETF Schemas for LDAP
RFC 2307bis Network Information Service Schema
Mail Alias Schema
Directory User Agent Profile (DUAProfile) Schema
Oracle Solaris Schemas
Projects Schema
Role-Based Access Control and Execution Profile Schema
Internet Print Protocol Information for LDAP
Internet Print Protocol Attributes
Internet Print Protocol ObjectClasses
Printer Attributes
Sun Printer ObjectClasses
8 Transitioning From NIS to LDAP
About the NIS-to-LDAP Service
When Not to Use the NIS-to-LDAP Service
Effect of Installing the NIS-to-LDAP Service
NIS-to-LDAP Commands, Files, and Maps
Supported Standard Mappings
Transitioning From NIS to LDAP Task Map
Prerequisites for the NIS-to-LDAP Transition
Setting Up the NIS-to-LDAP Service
How to Set Up the N2L Service With Standard Mappings
How to Set Up the N2L Service With Custom or Nonstandard Mappings
Examples of Custom Maps
NIS-to-LDAP Best Practices With Oracle Directory Server Enterprise Edition
Creating Virtual List View Indexes With Oracle Directory Server Enterprise Edition
VLVs for Standard Maps
VLVs for Custom and Nonstandard Maps
Avoiding Server Timeouts With Oracle Directory Server Enterprise Edition
Avoiding Buffer Overruns With Oracle Directory Server Enterprise Edition
NIS-to-LDAP Restrictions
NIS-to-LDAP Troubleshooting
Common LDAP Error Messages
NIS-to-LDAP Issues
Debugging the NISLDAPmapping File
N2L Server Timeout Issue
N2L Lock File Issue
N2L Deadlock Issue
Reverting to NIS
How to Revert to Maps Based on NIS Source Files
How to Revert to Maps Based on DIT Contents
Glossary
Index
A
B
C
D
E
F
H
I
K
L
M
N
O
P
R
S
T
U
V
Y