Summary - Novell LDAP + Solaris

From: Pablo Jejcic <pablo.jejcic_at_smartweb.rgu.ac.uk>
Date: Thu Jul 22 2004 - 03:58:27 EDT
Great List... Again, a very good response, lot of people being very very 
helpful.
I'm finishing with the machine we need to use LDAP on, so I will try it 
very soon.

In short, look like the authentication is posible using Solaris almost as 
it is, but for more services tweaks are needed. Read below for more 
information and the original post.

Specail thanks to:
  Jeff (vaneek<at>cs.utk.edu) (Great links, and a very very good 
explanation)
  Al Cameron <al.cameron<at>shaw.ca>
  Terry Gardner <boosdad1959<at>yahoo.com>

Thanks again.-

Pablo Jejcic.-

------- Forwarded message -------
From: vaneek<at>cs.utk.edu

> I've recently done the same but with Open Directory from Apple but the
> steps should be similar. Solaris 8 and 9 are very similar in 
> configuration
> but care must be taken as to which version since the schemas are 
> different
> and the ldap command syntax has also change. All of this information can
> be found in the appropriate documentation at docs.sun.com. Read the
> Solaris 9 docs as well even if you are only using 8. It is more
> informative and contains additional information.
>
> The steps are as follows,
>
> 1. Add or modify schemas on the directory server. Mainly the nis.schema.
> You  should also consider adding the DUA schema for client profiles.
>
> 2. You may need to add attributes and object classes to your entries. I
> had to do very little for Mac users since users are already posix
> accounts. If you are using autoumount for example you will need to set up
> relevant containers. This would apply for any nis-like map you wish to
> store in the directory server. Again this is where the Solaris 8 an 9
> differences come in play. If you have both, use the Solaris 9 schemas, 
> the
> doc will also tell how to map a solaris 8 client.
>
> 3. Set up the client. a) Modify the /etc/nsswitch.ldap file to your
> liking. I found out the hard way that the tool to generate the client
> profile copies this file to /etc/nsswitch.conf everytime it is run. b)
> modify /etc/pam.conf You can use the default but pam_unix only handles
> crypt password. pam_ldap with use and encryption supported by LDAP. One
> caveat which I just discovered and have not investigated yet is that the
> passwd command on Solaris changes the LDAP password to clear. c) Generate
> the client profile. Here again the syntax between 8 and 9 will vary. Here
> is where you add you BindDN attributes (I added a container called
> ldapusers and a user named solaris) and your mappings for your maps such
> as passwd or auto_home.
>
> And that should do it. They key to success is to be consistant in the
> schemas, entries and other naming conventions. That is you can use
> auto_home or auto.home, just be consistant. I you use automount maps you
> must map everyone on the client side, auto_master,auto_home,
> auto_whatever.
>
> Here's a short page on setting up Solaris 9,
> http://research.imb.uq.edu.au/~l.rathbone/ldap/solaris9_native.shtml
>
>
> Hope that helps,
>
> Jeff
>
>
*********************************************************************************
From: Al Cameron <al.cameron<at>shaw.ca>

Hi Pablo,

If you just want authentication, I believe eDir can do it.

I haven't done it, but I did evaluate replacing all of NIS with Novell 
eDir.
I met with Novell.  They can do the authentication piece, but not the rest
of the NIS maps.  And they require replacing Sun's PAM / Name Service
Switch modules with either their own or PADL's (I don't recall which).

We chose Sun JSDS (was Sun ONE) because it seems more likely to
work in our environment and to keep the vendor support.

Regards,
Al

*********************************************************************************
Terry Gardner <boosdad1959<at>yahoo.com>

It does not matter which LDAP server you use. LDAP is a standard
protocol. If the directory schema contains the appropriate POSIX
objectclasses, you should have no trouble.


*********************************************************************************
Original Post:

-- Pablo Jejcic <pablo.jejcic@smartweb.rgu.ac.uk> wrote:
> Hi Gurus,
>  I have been requested to configure one of my solaris boxes to
> authenticate against a LDAP server running on Novell...
> Did anyone did something like this?
>  Thanks in advance.-
> -- Pablo Jejcic


-- 
Pablo Jejcic
Senior System Administrator
School of Computing / Smart Web Research Centre
http://www.smartweb.rgu.ac.uk/~pjejcic
T: 44-1224-262797
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Jul 22 03:59:19 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:35 EST