1 Create Domain
1.1 Set default domain
Assume that you are working on the following host: abhi with ip address 172.16.60.33
root@abhi # domainname testing.ldap
root@abhi# domainname > /etc/defaultdomain
1.2 Add host
Add the string abhi.testing.ldap to your hosts file.
root@abhi# vi /etc/inet/hosts
+--------------------------
| 172.16.60.33 abhi abhi.testing.ldap loghost
2 Install the LDAP server
The LDAP Server is installed with the following packages: IPLTdsu (IPLTnls, IPLTnspr (IPLTnss, IPLTjss), IPLTpldap).
Make sure that these packages are installed on your machine.
Insert the Solaris 10 DVD into the drive.
root@abhi# cd /cdrom/cdrom0/Solaris_10/Product
root@abhi# pkgadd -d . IPLTnspr
root@abhi# pkgadd -d . IPLTnss
root@abhi# pkgadd -d . IPLTjss
root@abhi# pkgadd -d . IPLTnls
root@abhi# pkgadd -d . IPLTpldap
root@abhi# pkgadd -d . IPLTdsu
root@abhi# pkgadd -d . IPLTdsr
root@abhi# cd /
root@abhi# eject cdrom
3 Create basic LDAP Server setup
root@abhi# directoryserver setup
Would you like to continue with configuration? [Yes]:
Press enter
Select the component you want to configure [1]:
press enter
Choose a configuration type [2]:
press enter
Specify the components you wish to configure [All]:
press enter
Specify the components you wish to configure [1, 2]:
press enter
Specify the components you wish to configure [1, 2]:
press enter
Computer name [abhi.testing.ldap]:
press enter
System User [nobody]:
press enter
System Group [nobody]:
press enter
Do you want to register this software with an existing iplanet
configuration directory server? [No]:
press enter
Do you want to use another directory to store your data? [No]:
press enter
Directory server network port [389]:
press enter
Directory server identifier [abhi]:
press enter
iPlanet configuration directory server administrator ID [admin]:
press enter
Password:
abhi123
Password (again):
abhi123
Suffix [dc=testing, dc=ldap]:
press enter
Directory Manager DN [cn=Directory Manager]:
press enter
Password:
abhi1234
Password (again):
abhi1234
Administration Domain [testing.ldap]:
press enter
Administration port [24459]:
5100
Run Administration Server as [root]:
press enter
Press return to continue...
root@abhi#
4 Prepare the Directory Server
root@abhi# cd /usr/lib/ldap
root@abhi# ./idsconfig
Do you wish to continue with server setup (y/n/h)? [n] y
Enter the iPlanet Directory Server's (iDS) hostname setup:
abhi
Enter the port number for iDS (h=help): [389]
press enter
Enter the directory manager DN: [cn=Directory Manager]
press enter
Enter passwd for cn=Directory Manager :
abhi1234
Enter the domainname to be served (h=help): [testing.ldap]
press enter
Enter LDAP Base DN (h=help): [dc=testing,dc=ldap]
press enter
Enter the profile name (h=help): [default]
press enter
Default server list (h=help): [172.16.60.33]
press enter
Preferred server list (h=help):
press enter
Choose desired search scope (one, sub, h-help): [one]
press enter
Choose Credential level [h=help]: [1]
2
Choose Authentication Method (h=help): [1]
2
Do you want to add another Authentication Method?
n
Do you want the clients to follow referrals (y/n/h)? [n]
press enter
Do you want to modify the server timelimit value (y/n/h)? [n]
press enter
Do you want to modify the server sizelimit value (y/n/h)? [n]
press enter
Do you want to store passwords in "crypt" format (y/n/h)? [n] y
Do you want to setup a Service Authentication Methods (y/n/h)? [n]
press enter
Client search time limit in seconds (h=help): [30]
press enter
Profile Time To Live in seconds (h=help): [43200]
press enter
Bind time limit in seconds (h=help): [10]
press enter
Do you wish to setup Service Search Descriptors (y/n/h)? [n]
press enter
Enter config value to change (1-19 0=commit changes) [0]
press enter
Enter DN for proxy agent: [cn=proxyagent,ou=profile,
dc=testing,dc=ldap]
press enter
Enter passwd for proxyagent:
proxy
Re-enter passwd:
proxy
WARNING: About to start committing change. (y=continue, n=EXIT)
y
root@abhi#
5 Configure first LDAP client
5.1 Create client system description (ldif file)
On the LDAP server.
root@abhi# vi /tmp/host1.ldif
dn: cn=host1,ou=hosts,dc=testing,dc=ldap
changetype: add
cn: host1
iphostnumber: 172.16.60.34
objectclass: top
objectclass: device
objectclass: ipHost
5.2 Load ldif file in LDAP server
ldis stands for LDAP data interchange format.
On the LDAP server.
root@abhi# ldapmodify -c \
> -D "cn=directory manager" \
> -w abhi1234 \
> -f /tmp/host1.ldif
5.3 Set default domain on client
On the LDAP client.
client # domainname testing.ldap
client # domainname > /etc/defaultdomain
5.4 Add server to hosts file
Add the string abhi.testing.ldap to your hosts file.
On the LDAP client.
client # vi /etc/inet/hosts
+--------------------------
| 172.16.60.33 abhi abhi.testing.ldap loghost
5.5 Configure first client as a LDAP Client
client # ldapclient \
> -v init \
> -a proxypassword=proxy \
> -a proxydn=cn=proxyagent,ou=profile,dc=testing,dc=ldap \
> -a domainname=testing.ldap \
> 172.16.60.33
6 Populate LDAP databases
Edit /etc/hosts on the client so that it only contains the hosts you want to store in LDAP.
client # vi /etc/hosts
client # ldapaddent \
> -D "cn=directory manager" \
> -w abhi1234 \
> -a simple \
> -f /etc/hosts hosts
6.1 Check hosts database
client # ldaplist hosts
6.2 Populate passwd database
client # ldapaddent \
> -D "cn=directory manager" \
> -w abhi1234 \
> -a simple \
> -f /etc/passwd \
> passwd
client # ldapaddent \
> -D "cn=directory manager" \
> -w abhi1234 \
> -a simple \
> -f /etc/shadow \
> shadow
7 Listing content of LDAP server
client # ldaplist
client # ldaplist passwd
client # ldaplist hosts
8 Configure all other clients
All other clients can be configured through:
8.1 Set default domain
client # domainname testing.ldap
client # domainname > /etc/defaultdomain
8.2 Add LDAP client to hosts file
client # vi /etc/inet/hosts
+--------------------------
| 172.16.60.x clientname clientname.testing.ldap loghost
8.3 Configure as LDAP Client
clientname # ldapclient \
> -v init \
> -a proxypassword=proxy \
> -a proxydn=cn=proxyagent,ou=profile,dc=testing,dc=ldap \
> -a domainname=testing.ldap \
> 172.16.60.33
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment