<html><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:10px">Dear <br>I have done steps of be;low link for solaris 10 and it works fine.<br style="" class=""><br style="" class=""><br style="" class=""><a style="" class="" href="https://www.redhat.com/archives/freeipa-users/2013-January/msg00021.html">Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?</a><div style="width:450px; font-family: 'Georgia', 'Times', 'Times New Roman', 'serif';margin-top:5px; margin-bottom: 5px;" id="enhancrCard_0" class="link-enhancr-attachment link-enhancr-element" contenteditable="false"><table class="link-enhancr-element" style="width:450px; height:auto; position: relative; display: block;" border="0" cellpadding="0" cellspacing="0"><tbody><tr class="link-enhancr-element"><td class="link-enhancr-element" colspan="7" style="height: 1px; background-color: #e5e5e5; font-size: 1px; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 1px; background-color: #e5e5e5; font-size: 1px; line-height:0px;"> </div></td></tr><tr class="link-enhancr-element"><td rowspan="5" class="link-enhancr-element" style="width: 1px; background-color: #e5e5e5; font-size: 1pt; border-collapse: collapse;"><div class="link-enhancr-element" style="width: 1px; background-color: #e5e5e5; font-size: 1pt;"> </div></td><td rowspan="5" class="link-enhancr-element" style="width: 14px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="width: 14px; background-color: #ffffff; font-size: 14pt;"> </div></td><td colspan="2" class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 6pt;"> </div></td><td rowspan="5" class="link-enhancr-element" style="width: 20px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="width: 20px; background-color: #ffffff; font-size: 20pt;"> </div></td><td class="link-enhancr-element" rowspan="5" style="width: 1px; background-color: #e5e5e5; font-size: 1pt; border-collapse: collapse;" width="1"><div class="link-enhancr-element" style="width: 1px; background-color: #e5e5e5; font-size: 1pt;"> </div></td></tr><tr><td class="link-enhancr-element" colspan="2" style="width: 100%; vertical-align: middle; font-family: 'Georgia', 'Times', 'Times New Roman', 'serif';"><div class="link-enhancr-text-part link-enhancr-element" style="line-height:16.5px; background-color: #ffffff; width: 414px;"><div class="link-enhancr-element" style="word-wrap: break-word; word-break: break-all;"><span class="link-enhancr-element icon icon-shrink link-enhancr-toggle"></span><span class="link-enhancr-element icon icon-close link-enhancr-delete"></span><a href="https://www.redhat.com/archives/freeipa-users/2013-January/msg00021.html" class="link-enhancr-card-urlWrapper link-enhancr-element" style="text-decoration: none !important; color: #000000 !important; line-height: 100%; font-size: 18px; display: block;"><span class="link-enhancr-element link-enhancr-card-title" style="margin: 0; font-weight: normal;margin-bottom: 3px; font-size: 18px; line-height: 21px; max-height: 43px; color: #000000; overflow: hidden !important; display: inline-block;">Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?</span></a><div style="font-size: 13px; line-height: 20px; color: #999999; max-height: 81px; font-family: 'Georgia', 'Times', 'Times New Roman', 'serif';overflow: hidden;" class="link-enhancr-card-description link-enhancr-element">[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] Re: [Freeipa-users] Does Solaris 11 work as client to IPA server? </div></div></div></td></tr><tr><td colspan="2" class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 6px; background-color: #ffffff; font-size: 6pt;"></div></td></tr><tr><td class="link-enhancr-element" style="vertical-align: middle; font-family: 'Arial', 'Helvetica Neue', 'Helvetica', 'sans-serif';"><div class="link-enhancr-element" style="font-size: 0pt;"><a href="https://www.redhat.com/archives/freeipa-users/2013-January/msg00021.html" class="link-enhancr-card-url link-enhancr-element" style="color: black; text-decoration: none !important;cursor:pointer !important;" target="_blank"><span class="link-enhancr-element link-enhancr-view-on" style="display: inline-block; line-height: 11px; max-width: 314px; min-width: 254px; overflow: hidden; max-height: 13px; word-break: break-all;"><span class="link-enhancr-element link-enhancr-mobile-no-resize" style="vertical-align:middle; font-size: 9px; line-height: 11px; color: #999999; -moz-text-size-adjust: none; -ms-text-size-adjust: none; -webkit-text-size-adjust:none; text-size-adjust:none;">View on <span style="font-weight: bold" class="link-enhancr-view-on-domain">www.redhat.com</span></span></span></a></div></td><td class="link-enhancr-element" style="vertical-align: middle; width: 100px; font-family: 'Arial', 'Helvetica Neue', 'Helvetica', 'sans-serif';"><div class="link-enhancr-element link-enhancr-preview-wrapper" style="max-width: 100px; min-width: 80px; overflow: hidden; text-align: right; line-height: 11px; max-height: 13px; font-size: 0pt;"><span class="link-enhancr-element link-enhancr-preview-by link-enhancr-mobile-no-resize" style="vertical-align:middle; font-size: 9px; line-height: 11px; color: #999999; -moz-text-size-adjust: none; -ms-text-size-adjust: none; -webkit-text-size-adjust:none; text-size-adjust:none;">Preview by Yahoo</span></div></td></tr><tr><td colspan="2" class="link-enhancr-element" style="height: 9px; background-color: #ffffff; font-size: 0pt; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 9px; background-color: #ffffff; font-size: 9pt;"></div></td></tr><tr class="link-enhancr-element"><td class="link-enhancr-element" colspan="7" style="height: 1px; background-color: #e5e5e5; font-size: 1px; border-collapse: collapse;"><div class="link-enhancr-element" style="height: 1px; background-color: #e5e5e5; font-size: 1px; line-height:0px"> </div></td></tr></tbody></table></div><div> </div><br style="" class=""><div style="" class=""><br style="" class=""></div> <div class="" style="font-family: verdana, helvetica, sans-serif; font-size: 10px;"> <div class="" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="" class="" dir="ltr"> <hr style="" class="" size="1"> <font style="" class="" size="2" face="Arial"> <b style="" class=""><span class="" style="font-weight:bold;">From:</span></b> Rob Crittenden <rcritten@redhat.com><br style="" class=""> <b style="" class=""><span class="" style="font-weight: bold;">To:</span></b> sipazzo <sipazzo@yahoo.com>; "Freeipa-users@redhat.com" <Freeipa-users@redhat.com> <br style="" class=""> <b style="" class=""><span class="" style="font-weight: bold;">Sent:</span></b> Saturday, October 11, 2014 8:40 PM<br style="" class=""> <b style="" class=""><span class="" style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] Solaris 10 client configuration using profile<br style="" class=""> </font> </div> <div style="" class=""><br style="" class="">sipazzo wrote:<br style="" class="">> Thank you,I know where the profile is in the directory tree and how I would invoke it were it there...I don't know how to get it into the directory tree so that it is available to clients. I see posts giving examples of different profilesthat could be used but no post as to how to add it to the directory. Sorry if I am missing something obvious.<br style="" class="">> <br style="" class="">> <br style="" class="">> --------------------------------------------<br style="" class="">> On Fri, 10/10/14, Rob Crittenden <<a style="" class="" ymailto="mailto:rcritten@redhat.com" href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>> wrote:<br style="" class="">> <br style="" class="">> Subject: Re: [Freeipa-users] Solaris 10 client configuration using profile<br style="" class="">> To: "sipazzo" <<a style="" class="" ymailto="mailto:sipazzo@yahoo.com" href="mailto:sipazzo@yahoo.com">sipazzo@yahoo.com</a>>, <a style="" class="" ymailto="mailto:freeipa-users@redhat.com" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br style="" class="">> Date: Friday, October 10, 2014, 4:53 PM<br style="" class="">> <br style="" class="">> sipazzo wrote:<br style="" class="">> ><br style="" class="">> Hello, I am trying to set up a default profile for my<br style="" class="">> Solaris 10 IPA clients as recommended. I generated a profile<br style="" class="">> on a Solaris with the attributes I needed except I got an<br style="" class="">> "invalid parameter" error when specifying the<br style="" class="">> domainName attribute like this -a domainName=example.com<br style="" class="">> even though this parameter works when I use it in <br style="" class="">> ldapclient manual. More of an issue though is I have been<br style="" class="">> unable to find documentation on getting the profile<br style="" class="">> incorporated into the ipa server. How do I get this profile<br style="" class="">> on the ipa server and make it available to my Solaris<br style="" class="">> clients? Also, my understanding is the clients periodically<br style="" class="">> check this profile so they stay updated with the latest<br style="" class="">> configuration information. What generates this check? Is it<br style="" class="">> time based, a restart of a service or ??<br style="" class="">> > <br style="" class="">> > Thank you for any<br style="" class="">> assistance.<br style="" class="">> > <br style="" class="">> <br style="" class="">> It's been forever since I configured a<br style="" class="">> Solaris anything client but I can<br style="" class="">> tell you<br style="" class="">> where the profile gets stored:<br style="" class="">> cn=profilename,cn=default,ou=profile,$SUFFIX<br style="" class="">> <br style="" class="">> IPA ships with a default<br style="" class="">> profile of:<br style="" class="">> <br style="" class="">> dn:<br style="" class="">> cn=default,ou=profile,$SUFFIX<br style="" class="">> ObjectClass:<br style="" class="">> top<br style="" class="">> ObjectClass: DUAConfigProfile<br style="" class="">> defaultServerList: $FQDN<br style="" class="">> defaultSearchBase: $SUFFIX<br style="" class="">> authenticationMethod: none<br style="" class="">> searchTimeLimit: 15<br style="" class="">> cn:<br style="" class="">> default<br style="" class="">> serviceSearchDescriptor:<br style="" class="">> passwd:cn=users,cn=accounts,$SUFFIX<br style="" class="">> serviceSearchDescriptor:<br style="" class="">> group:cn=groups,cn=compat,$SUFFIX<br style="" class="">> bindTimeLimit: 5<br style="" class="">> objectClassMap:<br style="" class="">> shadow:shadowAccount=posixAccount<br style="" class="">> followReferrals:TRUE<br style="" class="">> <br style="" class="">> The full schema can be found at<br style="" class="">> <a style="" class="" href="http://docs.oracle.com/cd/E23824_01/html/821-1455/schemas-17.html" target="_blank">http://docs.oracle.com/cd/E23824_01/html/821-1455/schemas-17.html</a><br style="" class="">> <br style="" class="">> So if your profile is named<br style="" class="">> foo you'd invoke it with something like:<br style="" class="">> <br style="" class="">> # ldapclient init -a<br style="" class="">> profileName=foo ipa.example.com<br style="" class="">> <br style="" class="">> rob<br style="" class="">> <br style="" class="">> <br style="" class=""><br style="" class="">Here is an example inspired by<br style="" class=""><a style="" class="" href="https://bugzilla.redhat.com/show_bug.cgi?id=815515" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=815515</a><br style="" class=""><br style="" class="">$ ldapmodify -x -D 'cn=Directory Manager' -W<br style="" class="">dn: cn=solaris_authssl_test,ou=profile,dc=example,dc=com<br style="" class="">objectClass: top<br style="" class="">objectClass: DUAConfigProfile<br style="" class="">cn: solaris_authssl_test<br style="" class="">authenticationMethod: tls:simple<br style="" class="">bindTimeLimit: 5<br style="" class="">credentialLevel: proxy<br style="" class="">defaultSearchBase: dc=example,dc=com<br style="" class="">defaultSearchScope: one<br style="" class="">defaultServerList: ipa01.example.com ipa02.example.com ipa03.example.com<br style="" class="">followReferrals: TRUE<br style="" class="">objectclassMap: shadow:shadowAccount=posixAccount<br style="" class="">objectclassMap: printers:sunPrinter=printerService<br style="" class="">preferredServerList: ipa01.example.com ipa02.example.com<br style="" class="">profileTTL: 6000<br style="" class="">searchTimeLimit: 10<br style="" class="">serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=example,dc=com<br style="" class="">serviceSearchDescriptor: group:cn=groups,cn=compat,dc=example,dc=com<br style="" class="">serviceSearchDescriptor: netgroup:cn=ng,cn=compat,dc=example,dc=com<br style="" class="">serviceSearchDescriptor: ethers:cn=computers,cn=accounts,dc=example,dc=com<br style="" class="">serviceSearchDescriptor: automount:cn=default,cn=automount,dc=example,dc=com<br style="" class="">serviceSearchDescriptor:<br style="" class="">auto_master:automountMapName=auto.master,cn=defualt,cn=automount,dc=example,dc=com<br style="" class="">serviceSearchDescriptor: aliases:ou=aliases,ou=test,dc=example,dc=com<br style="" class="">serviceSearchDescriptor: printers:ou=printers,ou=test,dc=example,dc=com<br style="" class=""><blank line><br style="" class="">^D<br style="" class=""><br style="" class="">You may want to check out<br style="" class=""><a style="" class="" href="https://bugzilla.redhat.com/show_bug.cgi?id=815533" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=815533 </a>as well.<br style="" class=""><br style="" class="">rob<br style="" class=""><br style="" class="">-- <br style="" class="">Manage your subscription for the Freeipa-users mailing list:<br style="" class=""><a style="" class="" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br style="" class="">Go To <a style="" class="" href="http://freeipa.org/" target="_blank">http://freeipa.org </a>for more info on the project<br style="" class=""><br style="" class=""><br style="" class=""></div> </div> </div> </div></body></html>