Someone asked me how to setup a LDAP client on Solaris if you are using DHCP. I thought it would be a simple answer since Solaris comes with Automatic Network mode. The Automatic mode does a very good job and you can configure a lot of settings, but LDAP support is very limited.
Configuring LDAP When in Automatic Mode (Ref: from Managing Network Configuration When in Automatic Mode)
"Automatic network configuration mode provides limited support for LDAP. Only LDAP anonymous mode works when in automatic mode. If you want to use an LDAP proxy or LDAP self modes and some form of security credentials you must first enable the DefaultFixed profile and manually configure your network. For instructions, see Chapter 12, Setting Up LDAP Clients (Tasks), in Oracle Solaris Administration: Naming and Directory Services."
So, here is a little step by step guide:
Some good references:
- How to Get Started Configuring Your Network in Oracle Solaris 11
- Link to oracle.com Transitioning From Oracle Solaris 10 to Oracle Solaris 11.1
- Here is a scripted version of the following which was done by Damien Benoist
# netadm enable -p ncp DefaultFixed# /usr/sbin/netadm list
TYPE PROFILE STATE
ncp Automatic disabled
ncp DefaultFixed online
loc NoNet offline
loc Automatic offline
loc DefaultFixed online
Create the IP interfaces (for example net0)
# dladm show-physLINK MEDIA STATE SPEED DUPLEX DEVICE
net0 Ethernet unknown 1000 full e1000g0# ipadm create-ip net0# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes ---
net0 ip down no ---
The following sets up a DHCP address on net0. The "-h my-host" Specifies the hostname to which the client would like the DHCP server to map the client's leased IPv4 address. This is not required but it helped in my DNS/DHCP setup.
# ipadm create-addr -T dhcp -h my-host net0/v4# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
net0 ip ok yes --
You should now see a DHCP address appear
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 dhcp ok 193.1.1.218/24
lo0/v6 static ok ::1/128
# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 193.61.29.245 UG 2 17 net0
127.0.0.1 127.0.0.1 UH 2 186 lo0
193.61.29.0 193.61.29.218 U 7 1020 net0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
::1 ::1 UH 2 0 lo0
You can also add a IPv6 address but is is not required. "-t" flags specifies that the configured address is temporary and changes apply only to the active configuration and will be lost after a reboot. I only add this as an example.
# ipadm create-addr -t -T addrconf net0/v6# /usr/sbin/ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/v4 dhcp ok 193.61.29.218/24
lo0/v6 static ok ::1/128
net0/v6 addrconf ok fe80::a00:27ff:fefd:319c/10
You can now setup your LDAP information.
The following is taken from a previous blog entry: Solaris 11 Authentication Login with Active Directory
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a proxyDN=cn=srv_ldapproxy,cn=Users,dc=dcs,dc=bbk,dc=ac,dc=uk \
-a proxyPassword=ClearTextPassword \
-a defaultSearchBase=dc=dcs,dc=bbk,dc=ac,dc=uk \
-a domainName=DCS.BBK.AC.UK \
-a "defaultServerList=193.61.1.1,193.61.2.2" \
-a attributeMap=group:userpassword=userPassword \
-a attributeMap=group:memberuid=memberUid \
-a attributeMap=group:gidnumber=gidNumber \
-a attributeMap=passwd:gecos=description \
-a attributeMap=passwd:gidnumber=gidNumber \
-a attributeMap=passwd:uidnumber=uidNumber \
-a attributeMap=passwd:homedirectory=unixHomeDirectory \
-a attributeMap=passwd:loginshell=loginShell \
-a attributeMap=shadow:shadowflag=shadowFlag \
-a attributeMap=shadow:userpassword=userPassword \
-a objectClassMap=group:posixGroup=group \
-a objectClassMap=passwd:posixAccount=user \
-a objectClassMap=shadow:shadowAccount=user \
-a serviceSearchDescriptor=passwd:dc=dcs,dc=bbk,dc=ac,dc=uk?sub \
-a serviceSearchDescriptor=group:dc=dcs,dc=bbk,dc=ac,dc=uk?sub
# svccfg
svc:> select name-service/switch
svc:/system/name-service/switch>
setprop config/password = "files ldap"
setprop config/group = "files ldap"
setprop config/host = "files [SUCCESS=return] dns"
setprop config/network = "files"
setprop config/protocol = "files"
setprop config/rpc = "files"
setprop config/ether = "files"
setprop config/netmask = "files"
setprop config/bootparam = "files"
setprop config/publickey = "files"
setprop config/netgroup= "files"
setprop config/automount = "files ldap"
setprop config/alias = "files"
setprop config/service = "files"
setprop config/project = "files"
setprop config/auth_attr = "files"
setprop config/prof_attr = "files"
setprop config/tnrhtp = "files"
setprop config/tnrhdb = "files"
setprop config/printer = "user files"
svc:/system/name-service/switch> select system/name-service/switch:default
svc:/system/name-service/switch:default> refresh
svc:/system/name-service/switch:default> validate
svc:/system/name-service/switch:default> exit
# svcadm restart svc:/milestone/name-services:default
# egrep "ldap|dns" /etc/nsswitch.conf
passwd: files ldap
group: files ldap
hosts: files [SUCCESS=return] dns
ipnodes: files [SUCCESS=return] dns
automount: files ldap
Now when the system is reboot everything should stay the same.......
No comments:
Post a Comment