Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Step by Step LDAP

Step by Step LDAP

Ratings: (0)|Views: 8|Likes:
Published by vivabindas
ldap config
ldap config

More info:

Published by: vivabindas on Aug 31, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less





-=Step-by-Step Sun Directory Server Installation for Solaris 10=-
This document starts with an installed Solaris 10 server and covers the installation of a Whole-Root Zone, custom configuration for the zone, theinstallation of sudo and some other nice to haves.Let¶s begin by downloading all of the necessary files «Go to http://www.sunfreeware.com and download the latest version of sudo for Solaris 10.If you want Windows authentication, you might want to download pGina from http://pgina.sourceforge.netGo to http://www.sun.com/download to go down under the heading Identity Management and click on Directory Server. Click on Directory Server 52005Q4 (5.2 P4) ±> Click on download ±> Sign In with your Sun access account ±> Accept License Agreement ±> and download.Place all of the software in the /zones/pub directory (accept for pGina of course)
Create a zone
 Within the directory which will be holding the zones, create a directory called ldapserver1. In this example, I will assume that the mount point is/zones/ldapserver1). Also, create a directory to share between the global and whole-root zone. Typically I make the /zones directory a mount to a SANor something other than mounted off the root (/). I utilize /zones/pub as a common storage area for patches and software.# mkdir /zones/ldapserver1# mkdir /zones/pub Prepare a zone creation script which is called ldapserver1.zone. I typically keep this file in the directory of the zone being created (/zones/ldapserver1).Notice what your physical network interface is before hand by issuing the following command:root@sol10globalzone# ifconfig -a# vi /zones/ldapserver1/ldapserver1.zonecreate -bset zonepath=/zones/ldapserver1set autoboot=trueadd fsset dir=/pubset special=/zones/pubset type=lofsend# only add if CDROM existsadd fsset dir=/cdromset special=/cdromset type=lofsendadd netset address=192.168.1.XXXset physical=pcn0 #whatever your physical interface isend Install the zone# cd /zones/ldapserver1# zonecfg ±z ldapserver1 ±f ldapserver1.zone
# chmod 700 /zones/ldapserver1# zonecfg ±z ldapserver1 info# zonecfg ±z ldapserver1 verify# zoneadm ±z ldapserver1 install# zoneadm list ±icv# zoneadm ±z ldapserver1 ready# zoneadm ±z ldapserver1 boot# zlogin ±C ldapserver1--> ensure it works and then exit ...You must have the zone configured to resolve its name through /etc/hosts or through a DNS server. Fix this first, if not using DNS, then put and entryinto your /etc/hosts that looks like this:# vi /etc/hosts127.0.0.1 localhost loghost192.168.1.XXX ldapserver1.domain.com ldapserver1 Reboot or restart network service «
et¶s Configure the ldapserver1
 1.zlogin -z ldapserver1 2.vi /etc/passwd--> change shell from /sbin/sh to /bin/bash3.vi /root/.profile and add custom prompt and add pathexport PS1=\033[32;2m\u@\h \e[31;2m\t\n \e[30;0m\w $PATH=$PATH:/usr/local/bin:/usr/local/sbin:wqthen su ± to see changes4.vi /etc/hosts and add all of the machines# cat /net//jumpstart/config/hosts >> /etc/hosts5.vi /etc/resolv.conf and change server to6. SUDO Setup# gunzip /pub/sudo-1.6.8p9-sol10-sparc-local.gz# pkgadd -d /pub/sudo-1.6.8p9-sol10-sparc-local--> select 1 --> y --> y (add local admin user accounts by issuingvisudo command)# groupadd -g 101 ldap# mkdir /var/Sun# useradd -g 101 -u 101 -c ³ldap privsep´ -d /var/Sun/mps -m -s /bin/bash ldap# passwd ldap --> Password#1# usermod -K defaultpriv=basic,net_privaddr ldap7. Installation of iPlanet LDAP# cd /pub# gunzip ds* ; tar xvf ds*# ./setup--> Enter --> Enter --> Enter --> yesFully Qualified Computer Name [ldapserver1.domain.com] Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> System User: ldap ±> System Group: ldap ±>Enter ±> Enter ±> Enter ±> Enter ±> Enter ±>admin Enter ±> Password (twice) = Password#1 ±> Enter ±> Enter ±> Password#1 ±> Enter ±> Enter ±> watch progress bar «Enter to end installation
8. Add the following Startup script:# vi /etc/init.d/dscontrol#!/sbin/sh## Copyright (c) 2001 by Sun Microsystems, Inc# All rights reserved.##ident ³@(#)slapd and admin 5.2p4 09/29/06case ³$1 instart)/var/Sun/mps/slapd-ldapserver1/start-slapd/var/Sun/mps/start-admin;;restart)/var/Sun/mps/slapd-ldapserver1/restart-slapd/var/Sun/mps/restart-admin;;stop)/var/Sun/mps/slapd-ldapserver1/stop-slapd/var/Sun/mps/stop-admin;;*)echo ³Usage: $0 { start | restart | stop }´exit 1;;esacexit 0# chmod 755 /etc/init.d/dscontrol# ln -s /etc/init.d/dscontrol /etc/rc3.d/S90dscontrol# ln -s /etc/init.d/dscontrol /etc/rc1.d/K90dscontrol 9. Configuration of IDS# cd /usr/lib/ldap# ./idsconfig ±> yhostname to setup: ldapserver1 ±> Enter ±> Enter ±> passwd = Password#1 ±> Enter ±>Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> Credential level = 2 ±> Authentication Methods = 2 ±> another Auth Method = n ±> Enter ±> Enter ±>crypt format = y ±> Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> Enter ±> passwd for proxyagent = differentpasswd (twice) ±> committingchanges = yExit the ldap server completely10. Launching LDAP GUI and adding users (from SunRay or other Sun box)# ssh -X username@ldapserver1.domain.com# sudo mkdir /export/home/ ; chown /export/home/# sudo /var/Sun/mps/startconsole& (is your local user in the sudoers file?) ±> Login using admin and Password#1 ±> Open ldapserver1.domain.com ±> Open Server Group ±> Click on Directory Server and click on the Open button, this will launch a new window.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->