[Freeipa-users] Solaris 10 client configuration using profile

mohammad sereshki mohammadsereshki at yahoo.com
Sat Oct 11 17:38:22 UTC 2014 

Dear 
I have done steps of be;low link for solaris 10 and it works fine.


Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?
  
          
Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?
[Date Prev][Date Next]   [Thread Prev][Thread Next]   
[Thread Index]
[Date Index]
[Author Index] Re: [Freeipa-users] Does Solaris 11 work as client to IPA server?   
View on www.redhat.com Preview by Yahoo  
  
 



________________________________
 From: Rob Crittenden <rcritten at redhat.com>
To: sipazzo <sipazzo at yahoo.com>; "Freeipa-users at redhat.com" <Freeipa-users at redhat.com> 
Sent: Saturday, October 11, 2014 8:40 PM
Subject: Re: [Freeipa-users] Solaris 10 client configuration using profile
 

sipazzo wrote:
> Thank you,I know where the profile is in the directory tree and how I would invoke it were it there...I don't know how to get it into the directory tree so that it is available to clients. I see posts giving examples of different profilesthat could be used but no post as to how to add it to the directory. Sorry if I am missing something obvious.
> 
> 
> --------------------------------------------
> On Fri, 10/10/14, Rob Crittenden <rcritten at redhat.com> wrote:
> 
>  Subject: Re: [Freeipa-users] Solaris 10 client configuration using profile
>  To: "sipazzo" <sipazzo at yahoo.com>, freeipa-users at redhat.com
>  Date: Friday, October 10, 2014, 4:53 PM
>  
>  sipazzo wrote:
>  >
>  Hello, I am trying to set up a default profile for my
>  Solaris 10 IPA clients as recommended. I generated a profile
>  on a Solaris with the attributes I needed except I got an
>  "invalid parameter" error when specifying the
>  domainName attribute like this -a domainName=example.com
>  even though this parameter works when I use it in 
>  ldapclient manual. More of an issue though is I have been
>  unable to find documentation on getting the profile
>  incorporated into the ipa server. How do I get this profile
>  on the ipa server and make it available to my Solaris
>  clients? Also, my understanding is the clients periodically
>  check this profile so they stay updated with the latest
>  configuration information. What generates this check? Is it
>  time based, a restart of a service or ??
>  > 
>  > Thank you for any
>  assistance.
>  > 
>  
>  It's been forever since I configured a
>  Solaris anything client but I can
>  tell you
>  where the profile gets stored:
>  cn=profilename,cn=default,ou=profile,$SUFFIX
>  
>  IPA ships with a default
>  profile of:
>  
>  dn:
>  cn=default,ou=profile,$SUFFIX
>  ObjectClass:
>  top
>  ObjectClass: DUAConfigProfile
>  defaultServerList: $FQDN
>  defaultSearchBase: $SUFFIX
>  authenticationMethod: none
>  searchTimeLimit: 15
>  cn:
>  default
>  serviceSearchDescriptor:
>  passwd:cn=users,cn=accounts,$SUFFIX
>  serviceSearchDescriptor:
>  group:cn=groups,cn=compat,$SUFFIX
>  bindTimeLimit: 5
>  objectClassMap:
>  shadow:shadowAccount=posixAccount
>  followReferrals:TRUE
>  
>  The full schema can be found at
>  http://docs.oracle.com/cd/E23824_01/html/821-1455/schemas-17.html
>  
>  So if your profile is named
>  foo you'd invoke it with something like:
>  
>  # ldapclient init -a
>  profileName=foo ipa.example.com
>  
>  rob
>  
> 

Here is an example inspired by
https://bugzilla.redhat.com/show_bug.cgi?id=815515

$ ldapmodify -x -D 'cn=Directory Manager' -W
dn: cn=solaris_authssl_test,ou=profile,dc=example,dc=com
objectClass: top
objectClass: DUAConfigProfile
cn: solaris_authssl_test
authenticationMethod: tls:simple
bindTimeLimit: 5
credentialLevel: proxy
defaultSearchBase: dc=example,dc=com
defaultSearchScope: one
defaultServerList: ipa01.example.com ipa02.example.com ipa03.example.com
followReferrals: TRUE
objectclassMap: shadow:shadowAccount=posixAccount
objectclassMap: printers:sunPrinter=printerService
preferredServerList: ipa01.example.com ipa02.example.com
profileTTL: 6000
searchTimeLimit: 10
serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=example,dc=com
serviceSearchDescriptor: group:cn=groups,cn=compat,dc=example,dc=com
serviceSearchDescriptor: netgroup:cn=ng,cn=compat,dc=example,dc=com
serviceSearchDescriptor: ethers:cn=computers,cn=accounts,dc=example,dc=com
serviceSearchDescriptor: automount:cn=default,cn=automount,dc=example,dc=com
serviceSearchDescriptor:
auto_master:automountMapName=auto.master,cn=defualt,cn=automount,dc=example,dc=com
serviceSearchDescriptor: aliases:ou=aliases,ou=test,dc=example,dc=com
serviceSearchDescriptor: printers:ou=printers,ou=test,dc=example,dc=com
<blank line>
^D

You may want to check out
https://bugzilla.redhat.com/show_bug.cgi?id=815533 as well.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141011/1f5b7eb7/attachment.htm>

More information about the Freeipa-users mailing list