Solaris 10 Directory Server LDAP

by
Share this Article: Facebook3Google+1Twitter0LinkedIn0Reddit0Pinterest0StumbleUpon0Digg

-=Step-by-Step Sun Directory Server Installation for Solaris 10=-

 

This document starts with an installed Solaris 10 server and covers the installation of a Whole-Root Zone, custom configuration for the zone, the installation of sudo and some other nice to haves.

 

Let’s begin by downloading all of the necessary files …
Go to http://www.sunfreeware.com and download the latest version of sudo for Solaris 10.

If you want Windows authentication, you might want to download pGina from http://pgina.sourceforge.net

Go to http://www.sun.com/download to go down under the heading Identity Management and click on Directory Server. Click on Directory Server 5 2005Q4 (5.2 P4) –> Click on download –> Sign In with your Sun access account –> Accept License Agreement –> and download.

Place all of the software in the /zones/pub directory (accept for pGina of course)

Create a zone

Within the directory which will be holding the zones, create a directory called ldapserver1. In this example, I will assume that the mount point is /zones/ldapserver1). Also, create a directory to share between the global and whole-root zone. Typically I make the /zones directory a mount to a SAN or something other than mounted off the root (/). I utilize /zones/pub as a common storage area for patches and software.

# mkdir /zones/ldapserver1
# mkdir /zones/pub

Prepare a zone creation script which is called ldapserver1.zone. I typically keep this file in the directory of the zone being created (/zones/ldapserver1). Notice what your physical network interface is before hand by issuing the following command:

root@sol10globalzone# ifconfig -a

# vi /zones/ldapserver1/ldapserver1.zone
create -b
set zonepath=/zones/ldapserver1
set autoboot=true
add fs
set dir=/pub
set special=/zones/pub
set type=lofs
end
# only add if CDROM exists
add fs
set dir=/cdrom
set special=/cdrom
set type=lofs
end
add net
set address=192.168.1.XXX
set physical=pcn0 #whatever your physical interface is
end

Install the zone
# cd /zones/ldapserver1
# zonecfg –z ldapserver1 –f ldapserver1.zone
# chmod 700 /zones/ldapserver1
# zonecfg –z ldapserver1 info
# zonecfg –z ldapserver1 verify
# zoneadm –z ldapserver1 install
# zoneadm list –icv
# zoneadm –z ldapserver1 ready
# zoneadm –z ldapserver1 boot
# zlogin –C ldapserver1
–> ensure it works and then exit …

You must have the zone configured to resolve its name through /etc/hosts or through a DNS server. Fix this first, if not using DNS, then put and entry into your /etc/hosts that looks like this:

# vi /etc/hosts
127.0.0.1 localhost loghost
192.168.1.XXX ldapserver1.domain.com ldapserver1

Reboot or restart network service …

Let’s Configure the ldapserver1

1. zlogin -z ldapserver1

2. vi /etc/passwd –> change shell from /sbin/sh to /bin/bash

3. vi /root/.profile and add custom prompt and add path
export PS1=33[32;2mu@h e[31;2mtn e[30;0mw $
PATH=$PATH:/usr/local/bin:/usr/local/sbin
:wq
then su – to see changes

4. vi /etc/hosts and add all of the machines
# cat /net//jumpstart/config/hosts >> /etc/hosts

5. vi /etc/resolv.conf and change server to

6. SUDO Setup
# gunzip /pub/sudo-1.6.8p9-sol10-sparc-local.gz
# pkgadd -d /pub/sudo-1.6.8p9-sol10-sparc-local
--> select 1 --> y --> y (add local admin user accounts by issuing
visudo command)
# groupadd -g 101 ldap
# mkdir /var/Sun
# useradd -g 101 -u 101 -c “ldap privsep” -d /var/Sun/mps -m -s /bin/bash ldap
# passwd ldap --> Password#1
# usermod -K defaultpriv=basic,net_privaddr ldap

7. Installation of iPlanet LDAP
# cd /pub
# gunzip ds* ; tar xvf ds*
# ./setup
--> Enter --> Enter --> Enter --> yes

Fully Qualified Computer Name [ldapserver1.domain.com] Enter –> Enter –> Enter –> Enter –> Enter –> System User: ldap –> System Group: ldap –> Enter –> Enter –> Enter –> Enter –> Enter –>

admin Enter –> Password (twice) = Password#1 –> Enter –> Enter –> Password#1 –> Enter –> Enter –> watch progress bar …

Enter to end installation

8. Add the following Startup script:
# vi /etc/init.d/dscontrol
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#
#ident “@(#)slapd and admin 5.2p4 09/29/06″

case “$1″ in
start)

/var/Sun/mps/slapd-ldapserver1/start-slapd
/var/Sun/mps/start-admin
;;

restart)

/var/Sun/mps/slapd-ldapserver1/restart-slapd
/var/Sun/mps/restart-admin
;;

stop)

/var/Sun/mps/slapd-ldapserver1/stop-slapd
/var/Sun/mps/stop-admin
;;
*)
echo “Usage: $0 { start | restart | stop }”
exit 1
;;
esac
exit 0

# chmod 755 /etc/init.d/dscontrol
# ln -s /etc/init.d/dscontrol /etc/rc3.d/S90dscontrol
# ln -s /etc/init.d/dscontrol /etc/rc1.d/K90dscontrol

9. Configuration of IDS
# cd /usr/lib/ldap
# ./idsconfig –> y
hostname to setup
: ldapserver1 –> Enter –> Enter –> passwd = Password#1 –> Enter –>
Enter –> Enter –> Enter –> Enter –> Enter –> Credential level = 2 –> Authentication Methods = 2 –> another Auth Method = n –> Enter –> Enter –> crypt format = y –> Enter –> Enter –> Enter –> Enter –> Enter –> Enter –> Enter –> passwd for proxyagent = differentpasswd (twice) –> committing changes = y

Exit the ldap server completely

10. Launching LDAP GUI and adding users (from SunRay or other Sun box)
# ssh -X username@ldapserver1.domain.com
# sudo mkdir /export/home/ ; chown /export/home/
# sudo /var/Sun/mps/startconsole
& (is your local user in the sudoers file?)
–> Login using admin and Password#1
–> Open ldapserver1.domain.com
–> Open Server Group
–> Click on Directory Server and click on the Open button, this will launch a new window.
–> Click on the Directory Tab and Open dc=domain,dc=com
–> Open the last user created –> click on Posix User and note the UID
–> Right Click on People and select New –> User (opens a new window)
–> Fill in all of the blanks allowing the username to be first initial lastname.
–> Click on Posix user in the left sidebar menu
–> Click on Enable Posix User Attributes and enter the information, Gecos is optional information, usually I put the whole user’s name like the comment field when doing useradd. –> Click the OK button.
–> Right Click on new user’s name –> Edit with Generic Editor –> Click on gray area called Object class and then click on the Add Value button on the Right.
–> Within the open window, select shadowaccount and click the OK button –> and OK again to close the user window.

11. Initiating a Solaris 10 server as an LDAP Client
# Ensure that LDAP Client can resolve LDAP server name
# ssh @
# su -
# ldapclient init -a profileName=default
-a domainName=domain.com
-a proxyDN=cn=proxyagent,ou=profile,dc=domain,dc=com
-a proxyPassword=differentpasswd
-a defaultServerList=192.168.1.XXX (should get successfully configured)
# vi /etc/nssitch.conf –> should look like this …

passwd: files ldap
group: files ldap
hosts: files
ipnodes: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: files ldap
automount: files ldap
aliases: files ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap

Autohome Installation within LDAP
Login in to the native LDAP (Light-Weight Directory Access Protocol) client
and perform the following steps.

1.Create an auto_master file:
root@ldapclient# vi /tmp/auto_master

# Master map for automounter
/home auto_home -nobrowse

2.Add it to LDAP database:
root@ldapclient# /usr/sbin/ldapaddent -D “cn=directory manager” -w password -f /tmp/auto_master auto_master
1 entries added

3. Create an auto_home file
root@ldapclient# vi /tmp/auto_home
# Home directory map for automounter
* nfsserver:/nfs/home/&

4. Add to LDAP database:
root@ldapclient# /usr/sbin/ldapaddent -D “cn=directory manager” -w dirmanager -f
/etc/auto_home auto_home
1 entries added

The automount maps will be stored as below in the directory server

root@ldapclient# ldaplist -l auto_master
dn: automountKey=/test,automountMapName=auto_master,o=sun.com
objectClass: automount
objectClass: top
automountKey: /home
automountInformation: auto_home -nobrowse

root@ldapclient# ldaplist -l auto_home
dn: automountKey=*,automountMapName=auto_home,o=sun.com
objectClass: automount
objectClass: top
automountKey: *
automountInformation: snoopy:/nfs/home/&

5. Start automount daemon
/etc/init.d/autofs start

6. Create a user in directory server and specify user’s home directory
root@ldapclient# /usr/bin/ldapsearch -b “o=domain.com” uid=ldapuser homedirectory

uid=ldapuser,ou=people,o=domain.com
homedirectory=/home/ldapuser

7. Login as a user and automount will mount the user’s home directory.

{loadposition user9}

Related Articles By Tags:

{loadposition user1}

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

Share this Article: Facebook3Google+1Twitter0LinkedIn0Reddit0Pinterest0StumbleUpon0Digg