[Fedora-directory-users] Solaris Client
George Holbert
gholbert at broadcom.com
Thu Jul 14 19:09:47 UTC 2005
Sun's solution to getting a server all set up for Solaris naming service
is a script called "idsconfig". This script can be found in
/usr/lib/ldap on Solaris 9 and up. Note that idsconfig is a part of
Solaris, not a part of Sun DS (or any other DS).
idsconfig will do schema updates that include DUAConfigProfile and some
RFC2307bis items. I'd think it would work with Fedora DS just as it
does with Sun DS.
idsconfig is not my favorite script ever, but it can get the job done.
You may have to tweak it slightly for your situation. Also, note that
the LDIF it uses to change the password scheme to CRYPT is incorrect.
The correct LDIF is:
dn: cn=Password Policy,cn=config
changetype: modify
replace: passwordStorageScheme
passwordStorageScheme: CRYPT
-- George
Brian Martinez wrote:
> George,
>
> That is correct, we are attempting to use the FDS7 as a central
> authentication system for Solaris 10 NSS Clients with a PAM backend.
>
> We believe that we are missing the proper schemas on the server
> (DUAConfigProfile and Solaris) to support the Solaris Clients. The
> ones on Tay's website seem to be in the wrong format (schema instead
> of ldif)...or we just dont know how to import them!
>
> We have been scrounging his site for clues/ideas...developers on the
> client side are convinced the server is the issue...developers on the
> server side believe it is the client. My take is that we already have
> the server "most" of the way, because we are successfully
> authenticating Linux clients securely to the FDS7 server and we are
> missing some essential piece on the server side to solve the Solaris
> puzzle.
>
> If you have any further thoughts, ideas, or prayers...feel free to
> send them our way.
>
>> From: "George Holbert" <gholbert at broadcom.com>
>> Reply-To: "General discussion list for the Fedora Directory server
>> project." <fedora-directory-users at redhat.com>
>> To: "General discussion list for the Fedora Directory server
>> project." <fedora-directory-users at redhat.com>
>> Subject: Re: [Fedora-directory-users] Solaris Client
>> Date: Thu, 14 Jul 2005 11:08:06 -0700
>>
>> Hi Brian,
>>
>> By "Solaris Clients", I assume you mean Solaris naming service (for
>> passwd, group, etc.).
>>
>> The answer is yes. Any modern, properly configured LDAP server,
>> including Fedora DS, can support Solaris naming service. However,
>> getting the server "properly configured" can be tricky.
>>
>> However, since Sun's own directory server ("Sun Java Enterprise
>> System Directory Server") is so very similar to Fedora DS, much of
>> the same preparation methods and documentation regarding SunDS will
>> apply directly to Fedora DS.
>>
>> A good starting point would be Gary Tay's fine documentation at:
>> http://web.singnet.com.sg/~garyttt/
>>
>> Gary's docs were written around iPlanet/Sun DS, but as I mentioned,
>> pretty much all of this should also apply to Fedora DS.
>>
>> Good luck!
>> -- George
>>
>>
>> Brian Martinez wrote:
>>
>>> All,
>>>
>>> Does the Fedora DS support Solaris Clients? If so, where can I find
>>> information, schema examples, etc....
>>>
>>> Thanks in advance,
>>> Brian
>>>
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>
>>
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list