[Freeipa-users] Solaris 10 client configuration using profile
Rob Crittenden
rcritten at redhat.com
Fri Oct 10 23:53:51 UTC 2014
sipazzo wrote:
> Hello, I am trying to set up a default profile for my Solaris 10 IPA clients as recommended. I generated a profile on a Solaris with the attributes I needed except I got an "invalid parameter" error when specifying the domainName attribute like this -a domainName=example.com even though this parameter works when I use it in ldapclient manual. More of an issue though is I have been unable to find documentation on getting the profile incorporated into the ipa server. How do I get this profile on the ipa server and make it available to my Solaris clients? Also, my understanding is the clients periodically check this profile so they stay updated with the latest configuration information. What generates this check? Is it time based, a restart of a service or ??
>
> Thank you for any assistance.
>
It's been forever since I configured a Solaris anything client but I can
tell you where the profile gets stored:
cn=profilename,cn=default,ou=profile,$SUFFIX
IPA ships with a default profile of:
dn: cn=default,ou=profile,$SUFFIX
ObjectClass: top
ObjectClass: DUAConfigProfile
defaultServerList: $FQDN
defaultSearchBase: $SUFFIX
authenticationMethod: none
searchTimeLimit: 15
cn: default
serviceSearchDescriptor: passwd:cn=users,cn=accounts,$SUFFIX
serviceSearchDescriptor: group:cn=groups,cn=compat,$SUFFIX
bindTimeLimit: 5
objectClassMap: shadow:shadowAccount=posixAccount
followReferrals:TRUE
The full schema can be found at
http://docs.oracle.com/cd/E23824_01/html/821-1455/schemas-17.html
So if your profile is named foo you'd invoke it with something like:
# ldapclient init -a profileName=foo ipa.example.com
rob
More information about the Freeipa-users
mailing list