Step by Step LDAP

c cc

c
This document starts with an installed Solaris 10 server and covers the installation of a Whole-Root Zone, custom configuration for the zone, the
installation of sudo and some other nice to haves.
Let¶s begin by downloading all of the necessary files «

Go to http://www.sunfreeware.com and download the latest version of sudo for Solaris 10.
If you want Windows authentication, you might want to download pGina from http://pgina.sourceforge.net
Go to http://www.sun.com/download to go down under the heading Identity Management and click on Directory Server. Click on Directory Server 5
2005Q4 (5.2 P4) ±> Click on download ±> Sign In with your Sun access account ±> Accept License Agreement ±> and download.
Place all of the software in the /zones/pub directory (accept for pGina of course)

Within the directory which will be holding the zones, create a directory called ldapserver1. In this example, I will assume that the mount point is
/zones/ldapserver1). Also, create a directory to share between the global and whole-root zone. Typically I make the /zones directory a mount to a SAN
or something other than mounted off the root (/). I utilize /zones/pub as a common storage area for patches and software.
# mkdir /zones/ldapserver1
# mkdir /zones/pub
Prepare a zone creation script which is called ldapserver1.zone. I typically keep this file in the directory of the zone being created (/zones/ldapserver1).
Notice what your physical network interface is before hand by issuing the following command:
root@sol10globalzone# ifconfig -a
# vi /zones/ldapserver1/ldapserver1.zone
create -b
set zonepath=/zones/ldapserver1
set autoboot=true
add fs
set dir=/pub
set special=/zones/pub
set type=lofs
end
# only add if CDROM exists
add fs
set dir=/cdrom
set special=/cdrom
set type=lofs
end
add net
set address=192.168.1.XXX
set physical=pcn0 #whatever your physical interface is
end
Install the zone

# cd /zones/ldapserver1
# zonecfg ±z ldapserver1 ±f ldapserver1.zone
# chmod 700 /zones/ldapserver1
# zonecfg ±z ldapserver1 info
# zonecfg ±z ldapserver1 verify
# zoneadm ±z ldapserver1 install
# zoneadm list ±icv
# zoneadm ±z ldapserver1 ready
# zoneadm ±z ldapserver1 boot
# zlogin ±C ldapserver1 --> ensure it works and then exit ...
You must have the zone configured to resolve its name through /etc/hosts or through a DNS server. Fix this first, if not using DNS, then put and entry
into your /etc/hosts that looks like this:
# vi /etc/hosts
127.0.0.1 localhost loghost
192.168.1.XXX ldapserver1.domain.com ldapserver1
Reboot or restart network service «
=
1. zlogin -z ldapserver1
2. vi /etc/passwd --> change shell from /sbin/sh to /bin/bash
3. vi /root/.profile and add custom prompt and add path

export PS1=\033[32;2m\u@\h \e[31;2m\t\n \e[30;0m\w $
PATH=$PATH:/usr/local/bin:/usr/local/sbin
:wq then su ± to see changes
4. vi /etc/hosts and add all of the machines

# cat /net//jumpstart/config/hosts >> /etc/hosts
5. vi /etc/resolv.conf and change server to
6. SUDO Setup
# gunzip /pub/sudo-1.6.8p9-sol10-sparc-local.gz
# pkgadd -d /pub/sudo-1.6.8p9-sol10-sparc-local
--> select 1 --> y --> y (add local admin user accounts by issuing
visudo command)
# groupadd -g 101 ldap
# mkdir /var/Sun
# useradd -g 101 -u 101 -c ³ldap privsep´ -d /var/Sun/mps -m -s /bin/bash ldap
# passwd ldap --> Password#1
# usermod -K defaultpriv=basic,net_privaddr ldap
7. Installation of iPlanet LDAP

# cd /pub
# gunzip ds* ; tar xvf ds*
# ./setup --> Enter --> Enter --> Enter --> yes
Fully Qualified Computer Name [ldapserver1.domain.com] Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> System User: ldap ±> System Group: ldap ±>
Enter ±> Enter ±> Enter ±> Enter ±> Enter ±>
admin Enter ±> Password (twice) = Password#1 ±> Enter ±> Enter ±> Password#1 ±> Enter ±> Enter ±> watch progress bar «
Enter to end installation

8. Add the following Startup script:
# vi /etc/init.d/dscontrol
#!/sbin/sh
#
# Copyright (c) 2001 by Sun Microsystems, Inc
# All rights reserved.
#
#ident ³@(#)slapd and admin 5.2p4 09/29/06Ǝ
case ³$1Ǝ in
start)
/var/Sun/mps/slapd-ldapserver1/start-slapd
/var/Sun/mps/start-admin
;;
restart)
/var/Sun/mps/slapd-ldapserver1/restart-slapd
/var/Sun/mps/restart-admin
;;
stop)
/var/Sun/mps/slapd-ldapserver1/stop-slapd
/var/Sun/mps/stop-admin
;;
*)
echo ³Usage: $0 { start | restart | stop }´
exit 1
;;
esac
exit 0
# chmod 755 /etc/init.d/dscontrol

# ln -s /etc/init.d/dscontrol /etc/rc3.d/S90dscontrol
# ln -s /etc/init.d/dscontrol /etc/rc1.d/K90dscontrol
9. Configuration of IDS
# cd /usr/lib/ldap
# ./idsconfig ±> y
hostname to setup: ldapserver1 ±> Enter ±> Enter ±> passwd = Password#1 ±> Enter ±>
Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> Credential level = 2 ±> Authentication Methods = 2 ±> another Auth Method = n ±> Enter ±> Enter ±>
crypt format = y ±> Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> passwd for proxyagent = differentpasswd (twice) ±> committing
changes = y
Exit the ldap server completely
10. Launching LDAP GUI and adding users (from SunRay or other Sun box)
# ssh -X username@ldapserver1.domain.com
# sudo mkdir /export/home/ ; chown /export/home/
# sudo /var/Sun/mps/startconsole & (is your local user in the sudoers file?)
±> Login using admin and Password#1
±> Open ldapserver1.domain.com
±> Open Server Group
±> Click on Directory Server and click on the Open button, this will launch a new window.
±> Click on the Directory Tab and Open dc=domain,dc=com
±> Open the last user created ±> click on Posix User and note the UID
±> Right Click on People and select New ±> User (opens a new window)
±> Fill in all of the blanks allowing the username to be first initial lastname.
±> Click on Posix user in the left sidebar menu
±> Click on Enable Posix User Attributes and enter the information, Gecos is optional information, usually I put the whole user¶s name like the comment
field when doing useradd. ±> Click the OK button.
±> Right Click on new user¶s name ±> Edit with Generic Editor ±> Click on gray area called Object class and then click on the Add Value button on the
Right.
±> Within the open window, select shadowaccount and click the OK button ±> and OK again to close the user window.
11. Initiating a Solaris 10 server as an LDAP Client

# Ensure that LDAP Client can resolve LDAP server name
# ssh @
# su -
# ldapclient init -a profileName=default \
-a domainName=domain.com \
-a proxyDN=cn=proxyagent,ou=profile,dc=domain,dc=com \
-a proxyPassword=differentpasswd \
-a defaultServerList=192.168.1.XXX (should get successfully configured)
# vi /etc/nssitch.conf ±> should look like this «
passwd: files ldap

group: files ldap
hosts: files
ipnodes: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: files ldap
automount: files ldap
aliases: files ldap
services: files ldap
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
± =
±
Login in to the native LDAP (Light-Weight Directory Access Protocol) client
and perform the following steps.
1.Create an auto_master file:

root@ldapclient# vi /tmp/auto_master
# Master map for automounter

/home auto_home -nobrowse
2.Add it to LDAP database:

root@ldapclient# /usr/sbin/ldapaddent -D "cn=directory manager" -w password -f /tmp/auto_master auto_master
1 entries added
3. Create an auto_home file
root@ldapclient# vi /tmp/auto_home
# Home directory map for automounter
* nfsserver:/nfs/home/&
4. Add to LDAP database:

root@ldapclient# /usr/sbin/ldapaddent -D "cn=directory manager" -w dirmanager -f
/etc/auto_home auto_home
1 entries added
The automount maps will be stored as below in the directory server
root@ldapclient# ldaplist -l auto_master

dn: automountKey=/test,automountMapName=auto_master,o=sun.com
objectClass: automount
objectClass: top
automountKey: /home
automountInformation: auto_home -nobrowse
root@ldapclient# ldaplist -l auto_home

dn: automountKey=*,automountMapName=auto_home,o=sun.com
objectClass: automount
objectClass: top
automountKey: *
automountInformation: snoopy:/nfs/home/&
5. Start automount daemon

/etc/init.d/autofs start
6. Create a user in directory server and specify user's home directory

root@ldapclient# /usr/bin/ldapsearch -b "o=domain.com" uid=ldapuser homedirectory
uid=ldapuser,ou=people,o=domain.com
homedirectory=/home/ldapuser
7. Login as a user and automount will mount the user's home directory.

Step by Step LDAP

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Step by Step LDAP

Transféré par

Droits d'auteur :

Formats disponibles

c cc

Let¶s begin by downloading all of the necessary files «

Install the zone

Reboot or restart network service «

2. vi /etc/passwd --> change shell from /sbin/sh to /bin/bash

3. vi /root/.profile and add custom prompt and add path

4. vi /etc/hosts and add all of the machines

5. vi /etc/resolv.conf and change server to

7. Installation of iPlanet LDAP

Enter to end installation

# chmod 755 /etc/init.d/dscontrol

Exit the ldap server completely

11. Initiating a Solaris 10 server as an LDAP Client

passwd: files ldap

1.Create an auto_master file:

# Master map for automounter

2.Add it to LDAP database:

4. Add to LDAP database:

The automount maps will be stored as below in the directory server

root@ldapclient# ldaplist -l auto_master

root@ldapclient# ldaplist -l auto_home

5. Start automount daemon

6. Create a user in directory server and specify user's home directory

Vous aimerez peut-être aussi

c cc