Arch Linux
CentOS
Fedora
Linux Mint
Suse
Ubuntu
Opensource
Android
FAQs
Q/A Forum
Firefox 16, a treat for developers http://t.co/cnd27CzT
Solaris 10 Directory Server LDAP
-=Step-by-Step Sun Directory Server Installation for Solaris 10=-
This document starts with an installed Solaris 10 server and covers the installation of a Whole-Root Zone, custom configuration for the zone, the installation of sudo and some other nice to haves.
Let’s begin by downloading all of the necessary files …
Go to http://www.sunfreeware.com and download the latest version of sudo for Solaris 10.
If you want Windows authentication, you might want to download pGina from http://pgina.sourceforge.net
Go to http://www.sun.com/download to go down under the heading Identity Management and click on Directory Server. Click on Directory Server 5 2005Q4 (5.2 P4) –> Click on download –> Sign In with your Sun access account –> Accept License Agreement –> and download.
Place all of the software in the /zones/pub directory (accept for pGina of course)
Create a zone
Within the directory which will be holding the zones, create a directory called ldapserver1. In this example, I will assume that the mount point is /zones/ldapserver1). Also, create a directory to share between the global and whole-root zone. Typically I make the /zones directory a mount to a SAN or something other than mounted off the root (/). I utilize /zones/pub as a common storage area for patches and software.
# mkdir /zones/ldapserver1
# mkdir /zones/pub
Prepare a zone creation script which is called ldapserver1.zone. I typically keep this file in the directory of the zone being created (/zones/ldapserver1). Notice what your physical network interface is before hand by issuing the following command:
root@sol10globalzone# ifconfig -a
# vi /zones/ldapserver1/ldapserver1.zone
create -b
set zonepath=/zones/ldapserver1
set autoboot=true
add fs
set dir=/pub
set special=/zones/pub
set type=lofs
end
# only add if CDROM exists
add fs
set dir=/cdrom
set special=/cdrom
set type=lofs
end
add net
set address=192.168.1.XXX
set physical=pcn0 #whatever your physical interface is
end
Install the zone
# cd /zones/ldapserver1
# zonecfg –z ldapserver1 –f ldapserver1.zone
# chmod 700 /zones/ldapserver1
# zonecfg –z ldapserver1 info
# zonecfg –z ldapserver1 verify
# zoneadm –z ldapserver1 install
# zoneadm list –icv
# zoneadm –z ldapserver1 ready
# zoneadm –z ldapserver1 boot
# zlogin –C ldapserver1 –> ensure it works and then exit …
You must have the zone configured to resolve its name through /etc/hosts or through a DNS server. Fix this first, if not using DNS, then put and entry into your /etc/hosts that looks like this:
# vi /etc/hosts
127.0.0.1 localhost loghost
192.168.1.XXX ldapserver1.domain.com ldapserver1
Reboot or restart network service …
Let’s Configure the ldapserver1
1. zlogin -z ldapserver1
2. vi /etc/passwd –> change shell from /sbin/sh to /bin/bash
3. vi /root/.profile and add custom prompt and add path
export PS1=�33[32;2mu@h e[31;2mtn e[30;0mw $
PATH=$PATH:/usr/local/bin:/usr/local/sbin
:wq then su – to see changes
4. vi /etc/hosts and add all of the machines
# cat /net//jumpstart/config/hosts >> /etc/hosts
5. vi /etc/resolv.conf and change server to
6. SUDO Setup
# gunzip /pub/sudo-1.6.8p9-sol10-sparc-local.gz
# pkgadd -d /pub/sudo-1.6.8p9-sol10-sparc-local
--> select 1 --> y --> y (add local admin user accounts by issuing
visudo command)
# groupadd -g 101 ldap
# mkdir /var/Sun
# useradd -g 101 -u 101 -c “ldap privsep” -d /var/Sun/mps -m -s /bin/bash ldap
# passwd ldap --> Password#1
# usermod -K defaultpriv=basic,net_privaddr ldap
7. Installation of iPlanet LDAP
# cd /pub
# gunzip ds* ; tar xvf ds*
# ./setup --> Enter --> Enter --> Enter --> yes
Fully Qualified Computer Name [ldapserver1.domain.com] Enter –> Enter –> Enter –> Enter –> Enter –> System User: ldap –> System Group: ldap –> Enter –> Enter –> Enter –> Enter –> Enter –>
admin Enter –> Password (twice) = Password#1 –> Enter –> Enter –> Password#1 –> Enter –> Enter –> watch progress bar …
Enter to end installation
8. Add the following Startup script:
# vi /etc/init.d/dscontrol
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#
#ident “@(#)slapd and admin 5.2p4 09/29/06″
case “$1″ in
start)
/var/Sun/mps/slapd-ldapserver1/start-slapd
/var/Sun/mps/start-admin
;;
restart)
/var/Sun/mps/slapd-ldapserver1/restart-slapd
/var/Sun/mps/restart-admin
;;
stop)
/var/Sun/mps/slapd-ldapserver1/stop-slapd
/var/Sun/mps/stop-admin
;;
*)
echo “Usage: $0 { start | restart | stop }”
exit 1
;;
esac
exit 0
# chmod 755 /etc/init.d/dscontrol
# ln -s /etc/init.d/dscontrol /etc/rc3.d/S90dscontrol
# ln -s /etc/init.d/dscontrol /etc/rc1.d/K90dscontrol
9. Configuration of IDS
# cd /usr/lib/ldap
# ./idsconfig –> y
hostname to setup: ldapserver1 –> Enter –> Enter –> passwd = Password#1 –> Enter –>
Enter –> Enter –> Enter –> Enter –> Enter –> Credential level = 2 –> Authentication Methods = 2 –> another Auth Method = n –> Enter –> Enter –> crypt format = y –> Enter –> Enter –> Enter –> Enter –> Enter –> Enter –> Enter –> passwd for proxyagent = differentpasswd (twice) –> committing changes = y
Exit the ldap server completely
10. Launching LDAP GUI and adding users (from SunRay or other Sun box)
# ssh -X username@ldapserver1.domain.com
# sudo mkdir /export/home/ ; chown /export/home/
# sudo /var/Sun/mps/startconsole & (is your local user in the sudoers file?)
–> Login using admin and Password#1
–> Open ldapserver1.domain.com
–> Open Server Group
–> Click on Directory Server and click on the Open button, this will launch a new window.
–> Click on the Directory Tab and Open dc=domain,dc=com
–> Open the last user created –> click on Posix User and note the UID
–> Right Click on People and select New –> User (opens a new window)
–> Fill in all of the blanks allowing the username to be first initial lastname.
–> Click on Posix user in the left sidebar menu
–> Click on Enable Posix User Attributes and enter the information, Gecos is optional information, usually I put the whole user’s name like the comment field when doing useradd. –> Click the OK button.
–> Right Click on new user’s name –> Edit with Generic Editor –> Click on gray area called Object class and then click on the Add Value button on the Right.
–> Within the open window, select shadowaccount and click the OK button –> and OK again to close the user window.
11. Initiating a Solaris 10 server as an LDAP Client
# Ensure that LDAP Client can resolve LDAP server name
# ssh @
# su -
# ldapclient init -a profileName=default
-a domainName=domain.com
-a proxyDN=cn=proxyagent,ou=profile,dc=domain,dc=com
-a proxyPassword=differentpasswd
-a defaultServerList=192.168.1.XXX (should get successfully configured)
# vi /etc/nssitch.conf –> should look like this …
passwd: files ldap
group: files ldap
hosts: files
ipnodes: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: files ldap
automount: files ldap
aliases: files ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
Autohome Installation within LDAP
Login in to the native LDAP (Light-Weight Directory Access Protocol) client
and perform the following steps.
1.Create an auto_master file:
root@ldapclient# vi /tmp/auto_master
# Master map for automounter
/home auto_home -nobrowse
2.Add it to LDAP database:
root@ldapclient# /usr/sbin/ldapaddent -D “cn=directory manager” -w password -f /tmp/auto_master auto_master
1 entries added
3. Create an auto_home file
root@ldapclient# vi /tmp/auto_home
# Home directory map for automounter
* nfsserver:/nfs/home/&
4. Add to LDAP database:
root@ldapclient# /usr/sbin/ldapaddent -D “cn=directory manager” -w dirmanager -f
/etc/auto_home auto_home
1 entries added
The automount maps will be stored as below in the directory server
root@ldapclient# ldaplist -l auto_master
dn: automountKey=/test,automountMapName=auto_master,o=sun.com
objectClass: automount
objectClass: top
automountKey: /home
automountInformation: auto_home -nobrowse
root@ldapclient# ldaplist -l auto_home
dn: automountKey=*,automountMapName=auto_home,o=sun.com
objectClass: automount
objectClass: top
automountKey: *
automountInformation: snoopy:/nfs/home/&
5. Start automount daemon
/etc/init.d/autofs start
6. Create a user in directory server and specify user’s home directory
root@ldapclient# /usr/bin/ldapsearch -b “o=domain.com” uid=ldapuser homedirectory
uid=ldapuser,ou=people,o=domain.com
homedirectory=/home/ldapuser
7. Login as a user and automount will mount the user’s home directory.
{loadposition user9}
Related Articles By Tags:
{loadposition user1}
For questions please refer to our Q/A forum at : http://ask.unixmen.com
Mel Kham
Founder of Unixmen, Living in Amsterdam. Am working in my free time to help people to understand the Opensource and to explain them in easy way how to make the fist steps to the the light.
Working day and night with my Co-founder Zinovsky to keep this website live even with less resources.
Like us on Facebook
This week Top Posts 
Top Things to do After Installing Ubuntu 13.04 ‘Raring Ringtail’ : Ubuntu 13.04 Raring Ringtail final is almost out. The final release it scheduled for release on Apri...0 comment(s) | 
Install lamp with 1 command in Ubuntu 12.10, 13.04 Raring Ringtail & LinuxMint13 : Updated: 10/09/2012 :LAMP (Linux, Apache, MySQL and PHP) is an open source Web development platform ...0 comment(s) | - Howto: Upgrade to Ubuntu 13.04 Raring Ringtail from 12.04, 12,10 | Desktop & Server : Updated 05-04-2013: Ubuntu 13.04 Raring Ringtail will be released Soon, If you have ubuntu 12,10, 12...0 comment(s) |
Steganography- Hide Your Files Inside An Image in Linux : Nowadays, our personal computer is not only a work tool, it is also our private space where we sto...1 comment(s) | - Scan Your Home Network With Nmap : Who should read this article? Everyone who is interested in computer security and computer networkin...0 comment(s) |
- How to use Remote Desktop in Ubuntu : Sometimes, we need to access our computer from other locations when we’re not at home and such. This...0 comment(s) |
Recent Posts
Recent Posts
- Secure File from Removal in Linux and Unix
- How to Install Nginx on FreeBSD 9.x
- Create a Launcher in Ubuntu Using Bash
- Scan Your Home Network With Nmap
- Steganography- Hide Your Files Inside An Image in Linux
- Unix/Linux File Recognition. Did You Know?
- Migrate from MySQL to MariaDB in FreeBSD
- Connect Your Android Galaxy Tablet to Ubuntu via USB
- ElementaryOS Beta 1 and 2 Comparison and Review
- Introduction to the Linux Command Line
Recent Comments
Unixmen Archive
Unixmen Twitts
Ubuntu 12.10 ‘Quantal Quetzal’: Beta 2 Sneak Peek http://t.co/hd4LwDOy
Top 5 security Myths about Linux; and their realities http://t.co/zO1LgHST
Maintained by
Anblik
.
Pat L
| #
I tried it and it works with a regular zip file, but if you password-protect the .zip file it does NOT work.
SK
| #
Yes we can. What kind of help you need? We are doing outsourcing and technical support for Linux and Open source worldwide. To know more about the details visit here.
ClintB
| #
After install as above, run shell script /opt/Citrix/ICAClient/wfica.sh manually and note lib errors still occur. I had the x64 motif loaded but had to manually install the x86 too. Got that from http://rpmfind.net/linux/rpm2html/search.php?query=libXm.so.4 Even after that, I still had to do a “yum install alsa-lib.i686 alsa-lib.x86_64″ to resolve any additional libasound.so.2 errors. Once those two lib issues were resolved, Citix Web Interface launched apps fine by telling browser to open launch.ica using /opt/Citrix/ICAClient/wfica.sh. Good luck Ernesto!
AD
| #
I need some Help on Linux,can you guide me ?
Edson Carlos
| #
In debian no found. I need link download install in linux debian