Solaris 10 Directory Server LDAP


Please shareShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditDigg thisShare on StumbleUponShare on VKBuffer this page

-=Step-by-Step Sun Directory Server Installation for Solaris 10=-


This document starts with an installed Solaris 10 server and covers the installation of a Whole-Root Zone, custom configuration for the zone, the installation of sudo and some other nice to haves.


Let’s begin by downloading all of the necessary files …
Go to and download the latest version of sudo for Solaris 10.

If you want Windows authentication, you might want to download pGina from

Go to to go down under the heading Identity Management and click on Directory Server. Click on Directory Server 5 2005Q4 (5.2 P4) –> Click on download –> Sign In with your Sun access account –> Accept License Agreement –> and download.

Place all of the software in the /zones/pub directory (accept for pGina of course)

Create a zone

Within the directory which will be holding the zones, create a directory called ldapserver1. In this example, I will assume that the mount point is /zones/ldapserver1). Also, create a directory to share between the global and whole-root zone. Typically I make the /zones directory a mount to a SAN or something other than mounted off the root (/). I utilize /zones/pub as a common storage area for patches and software.

# mkdir /zones/ldapserver1
# mkdir /zones/pub

Prepare a zone creation script which is called I typically keep this file in the directory of the zone being created (/zones/ldapserver1). Notice what your physical network interface is before hand by issuing the following command:

root@sol10globalzone# ifconfig -a

# vi /zones/ldapserver1/
create -b
set zonepath=/zones/ldapserver1
set autoboot=true
add fs
set dir=/pub
set special=/zones/pub
set type=lofs
# only add if CDROM exists
add fs
set dir=/cdrom
set special=/cdrom
set type=lofs
add net
set address=192.168.1.XXX
set physical=pcn0 #whatever your physical interface is

Install the zone
# cd /zones/ldapserver1
# zonecfg –z ldapserver1 –f
# chmod 700 /zones/ldapserver1
# zonecfg –z ldapserver1 info
# zonecfg –z ldapserver1 verify
# zoneadm –z ldapserver1 install
# zoneadm list –icv
# zoneadm –z ldapserver1 ready
# zoneadm –z ldapserver1 boot
# zlogin –C ldapserver1
–> ensure it works and then exit …

You must have the zone configured to resolve its name through /etc/hosts or through a DNS server. Fix this first, if not using DNS, then put and entry into your /etc/hosts that looks like this:

# vi /etc/hosts localhost loghost
192.168.1.XXX ldapserver1

Reboot or restart network service …

Let’s Configure the ldapserver1

1. zlogin -z ldapserver1

2. vi /etc/passwd –> change shell from /sbin/sh to /bin/bash

3. vi /root/.profile and add custom prompt and add path
export PS1=33[32;2mu@h e[31;2mtn e[30;0mw $
then su – to see changes

4. vi /etc/hosts and add all of the machines
# cat /net//jumpstart/config/hosts >> /etc/hosts

5. vi /etc/resolv.conf and change server to

6. SUDO Setup
# gunzip /pub/sudo-1.6.8p9-sol10-sparc-local.gz
# pkgadd -d /pub/sudo-1.6.8p9-sol10-sparc-local
–> select 1 –> y –> y (add local admin user accounts by issuing
visudo command)
# groupadd -g 101 ldap
# mkdir /var/Sun
# useradd -g 101 -u 101 -c “ldap privsep” -d /var/Sun/mps -m -s /bin/bash ldap
# passwd ldap –> Password#1
# usermod -K defaultpriv=basic,net_privaddr ldap

7. Installation of iPlanet LDAP
# cd /pub
# gunzip ds* ; tar xvf ds*
# ./setup
–> Enter –> Enter –> Enter –> yes

Fully Qualified Computer Name [] Enter –> Enter –> Enter –> Enter –> Enter –> System User: ldap –> System Group: ldap –> Enter –> Enter –> Enter –> Enter –> Enter –>

admin Enter –> Password (twice) = Password#1 –> Enter –> Enter –> Password#1 –> Enter –> Enter –> watch progress bar …

Enter to end installation

8. Add the following Startup script:
# vi /etc/init.d/dscontrol
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#ident “@(#)slapd and admin 5.2p4 09/29/06″

case “$1″ in





echo “Usage: $0 { start | restart | stop }”
exit 1
exit 0

# chmod 755 /etc/init.d/dscontrol
# ln -s /etc/init.d/dscontrol /etc/rc3.d/S90dscontrol
# ln -s /etc/init.d/dscontrol /etc/rc1.d/K90dscontrol

9. Configuration of IDS
# cd /usr/lib/ldap
# ./idsconfig –> y
hostname to setup
: ldapserver1 –> Enter –> Enter –> passwd = Password#1 –> Enter –>
Enter –> Enter –> Enter –> Enter –> Enter –> Credential level = 2 –> Authentication Methods = 2 –> another Auth Method = n –> Enter –> Enter –> crypt format = y –> Enter –> Enter –> Enter –> Enter –> Enter –> Enter –> Enter –> passwd for proxyagent = differentpasswd (twice) –> committing changes = y

Exit the ldap server completely

10. Launching LDAP GUI and adding users (from SunRay or other Sun box)
# ssh -X
# sudo mkdir /export/home/ ; chown /export/home/
# sudo /var/Sun/mps/startconsole
& (is your local user in the sudoers file?)
–> Login using admin and Password#1
–> Open
–> Open Server Group
–> Click on Directory Server and click on the Open button, this will launch a new window.
–> Click on the Directory Tab and Open dc=domain,dc=com
–> Open the last user created –> click on Posix User and note the UID
–> Right Click on People and select New –> User (opens a new window)
–> Fill in all of the blanks allowing the username to be first initial lastname.
–> Click on Posix user in the left sidebar menu
–> Click on Enable Posix User Attributes and enter the information, Gecos is optional information, usually I put the whole user’s name like the comment field when doing useradd. –> Click the OK button.
–> Right Click on new user’s name –> Edit with Generic Editor –> Click on gray area called Object class and then click on the Add Value button on the Right.
–> Within the open window, select shadowaccount and click the OK button –> and OK again to close the user window.

11. Initiating a Solaris 10 server as an LDAP Client
# Ensure that LDAP Client can resolve LDAP server name
# ssh @
# su -
# ldapclient init -a profileName=default
-a proxyDN=cn=proxyagent,ou=profile,dc=domain,dc=com
-a proxyPassword=differentpasswd
-a defaultServerList=192.168.1.XXX (should get successfully configured)
# vi /etc/nssitch.conf –> should look like this …

passwd: files ldap
group: files ldap
hosts: files
ipnodes: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: files ldap
automount: files ldap
aliases: files ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap

Autohome Installation within LDAP
Login in to the native LDAP (Light-Weight Directory Access Protocol) client
and perform the following steps.

1.Create an auto_master file:
root@ldapclient# vi /tmp/auto_master

# Master map for automounter
/home auto_home -nobrowse

2.Add it to LDAP database:
root@ldapclient# /usr/sbin/ldapaddent -D “cn=directory manager” -w password -f /tmp/auto_master auto_master
1 entries added

3. Create an auto_home file
root@ldapclient# vi /tmp/auto_home
# Home directory map for automounter
* nfsserver:/nfs/home/&

4. Add to LDAP database:
root@ldapclient# /usr/sbin/ldapaddent -D “cn=directory manager” -w dirmanager -f
/etc/auto_home auto_home
1 entries added

The automount maps will be stored as below in the directory server

root@ldapclient# ldaplist -l auto_master
dn: automountKey=/test,automountMapName=auto_master,
objectClass: automount
objectClass: top
automountKey: /home
automountInformation: auto_home -nobrowse

root@ldapclient# ldaplist -l auto_home
dn: automountKey=*,automountMapName=auto_home,
objectClass: automount
objectClass: top
automountKey: *
automountInformation: snoopy:/nfs/home/&

5. Start automount daemon
/etc/init.d/autofs start

6. Create a user in directory server and specify user’s home directory
root@ldapclient# /usr/bin/ldapsearch -b “” uid=ldapuser homedirectory


7. Login as a user and automount will mount the user’s home directory.

{loadposition user9}

Related Articles By Tags:

{loadposition user1}