ebook img

Solaris and LDAP naming services : deploying LDAP in the Enterprise PDF

314 Pages·2001·1.358 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Solaris and LDAP naming services : deploying LDAP in the Enterprise

System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) SunMicrosystems,Inc. 4150NetworkCircle SantaClara,CA95054 U.S.A. PartNo:816–4556–10 January2005 Copyright2005SunMicrosystems,Inc. 4150NetworkCircle,SantaClara,CA95054U.S.A. Allrightsreserved. Thisproductordocumentisprotectedbycopyrightanddistributedunderlicensesrestrictingitsuse,copying,distribution,anddecompilation.No partofthisproductordocumentmaybereproducedinanyformbyanymeanswithoutpriorwrittenauthorizationofSunanditslicensors,ifany. Third-partysoftware,includingfonttechnology,iscopyrightedandlicensedfromSunsuppliers. PartsoftheproductmaybederivedfromBerkeleyBSDsystems,licensedfromtheUniversityofCalifornia.UNIXisaregisteredtrademarkintheU.S. andothercountries,exclusivelylicensedthroughX/OpenCompany,Ltd. Sun,SunMicrosystems,theSunlogo,docs.sun.com,AnswerBook,AnswerBook2,andSolarisaretrademarksorregisteredtrademarksofSun Microsystems,Inc.intheU.S.andothercountries.AllSPARCtrademarksareusedunderlicenseandaretrademarksorregisteredtrademarksof SPARCInternational,Inc.intheU.S.andothercountries.ProductsbearingSPARCtrademarksarebaseduponanarchitecturedevelopedbySun Microsystems,Inc. TheOPENLOOKandSun™GraphicalUserInterfacewasdevelopedbySunMicrosystems,Inc.foritsusersandlicensees.Sunacknowledgesthe pioneeringeffortsofXeroxinresearchinganddevelopingtheconceptofvisualorgraphicaluserinterfacesforthecomputerindustry.Sunholdsa non-exclusivelicensefromXeroxtotheXeroxGraphicalUserInterface,whichlicensealsocoversSun’slicenseeswhoimplementOPENLOOKGUIs andotherwisecomplywithSun’swrittenlicenseagreements. U.S.GovernmentRights–Commercialsoftware.GovernmentusersaresubjecttotheSunMicrosystems,Inc.standardlicenseagreementand applicableprovisionsoftheFARanditssupplements. DOCUMENTATIONISPROVIDED“ASIS”ANDALLEXPRESSORIMPLIEDCONDITIONS,REPRESENTATIONSANDWARRANTIES, INCLUDINGANYIMPLIEDWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEORNON-INFRINGEMENT,ARE DISCLAIMED,EXCEPTTOTHEEXTENTTHATSUCHDISCLAIMERSAREHELDTOBELEGALLYINVALID. Copyright2005SunMicrosystems,Inc. 4150NetworkCircle,SantaClara,CA95054U.S.A. Tousdroitsréservés. Ceproduitoudocumentestprotégéparuncopyrightetdistribuéavecdeslicencesquienrestreignentl’utilisation,lacopie,ladistribution,etla décompilation.Aucunepartiedeceproduitoudocumentnepeutêtrereproduitesousaucuneforme,parquelquemoyenquecesoit,sans l’autorisationpréalableetécritedeSunetdesesbailleursdelicence,s’ilyena.Lelogicieldétenupardestiers,etquicomprendlatechnologierelative auxpolicesdecaractères,estprotégéparuncopyrightetlicenciépardesfournisseursdeSun. CertainespartiesdeceproduitpourrontêtredérivéesdusystèmeBerkeleyBSDlicenciésparl’UniversitédeCalifornie.UNIXestunemarquedéposée auxEtats-Unisetdansd’autrespaysetlicenciéeexclusivementparX/OpenCompany,Ltd. Sun,SunMicrosystems,lelogoSun,docs.sun.com,AnswerBook,AnswerBook2,etSolarissontdesmarquesdefabriqueoudesmarquesdéposéesde SunMicrosystems,Inc.auxEtats-Unisetdansd’autrespays.TouteslesmarquesSPARCsontutiliséessouslicenceetsontdesmarquesdefabriqueou desmarquesdéposéesdeSPARCInternational,Inc.auxEtats-Unisetdansd’autrespays.LesproduitsportantlesmarquesSPARCsontbaséssurune architecturedéveloppéeparSunMicrosystems,Inc. L’interfaced’utilisationgraphiqueOPENLOOKetSun™aétédéveloppéeparSunMicrosystems,Inc.poursesutilisateursetlicenciés.Sunreconnaît leseffortsdepionniersdeXeroxpourlarechercheetledéveloppementduconceptdesinterfacesd’utilisationvisuelleougraphiquepourl’industrie del’informatique.SundétientunelicencenonexclusivedeXeroxsurl’interfaced’utilisationgraphiqueXerox,cettelicencecouvrantégalementles licenciésdeSunquimettentenplacel’interfaced’utilisationgraphiqueOPENLOOKetquienoutreseconformentauxlicencesécritesdeSun. CETTEPUBLICATIONESTFOURNIE“ENL’ETAT”ETAUCUNEGARANTIE,EXPRESSEOUIMPLICITE,N’ESTACCORDEE,YCOMPRISDES GARANTIESCONCERNANTLAVALEURMARCHANDE,L’APTITUDEDELAPUBLICATIONAREPONDREAUNEUTILISATION PARTICULIERE,OULEFAITQU’ELLENESOITPASCONTREFAISANTEDEPRODUITDETIERS.CEDENIDEGARANTIENE S’APPLIQUERAITPAS,DANSLAMESUREOUILSERAITTENUJURIDIQUEMENTNULETNONAVENU. 041202@10536 Contents Preface 15 PartI AboutNamingandDirectoryServices 19 1 NamingandDirectoryServices(Overview) 21 WhatIsaNamingService? 21 SolarisNamingServices 27 DescriptionoftheDNSNamingService 27 Descriptionofthe/etcFilesNamingService 28 DescriptionoftheNISNamingService 28 DescriptionoftheNIS+NamingService 28 DescriptionoftheLDAPNamingServices 29 NamingServices:AQuickComparison 29 2 TheNameServiceSwitch(Overview) 31 AbouttheNameServiceSwitch 31 Formatofthensswitch.confFile 32 Commentsinnsswitch.confFiles 36 KeyserverandpublickeyEntryintheSwitchFile 36 Thensswitch.confTemplateFiles 36 TheDefaultSwitchTemplateFiles 37 Thensswitch.confFile 40 SelectingaDifferentConfigurationFile 41 (cid:1)HowtoModifytheNameServiceSwitch 41 DNSandInternetAccess 42 3 IPv6andSolarisNamingServices 42 EnsuringCompatibilityWith+/-Syntax 43 TheSwitchFileandPasswordInformation 44 PartII DNSSetupandAdministration 45 3 DNSSetupandAdministration(Reference) 47 RelatedMaterials 47 MigratingFromBIND8toBIND9 48 DNSandtheServiceManagementFacility 49 Implementingrndc 50 Therndc.confConfigurationFile 50 DifferencesintheControlChannels 51 CommandsofBIND9rndc 51 BIND9Commands,Files,Tools,andOptions 52 BIND9ToolsandConfigurationFiles 52 ComparisonofBIND8andBIND9CommandsandFiles 53 DescriptionsofCommandandOptionChanges 53 Thenamed.confOptions 54 StatementsinBIND9 57 Summaryofthenamed.confOptions 58 PartIII NISSetupandAdministration 65 4 NetworkInformationService(NIS)(Overview) 67 NISIntroduction 67 NISArchitecture 68 NISMachineTypes 69 NISServers 69 NISClients 69 NISElements 70 TheNISDomain 70 NISDaemons 70 NISUtilities 71 NISMaps 71 NIS-RelatedCommands 75 NISBinding 77 4 SystemAdministrationGuide:NamingandDirectoryServices(DNS,NIS,andLDAP)(cid:127)January2005 Server-ListMode 77 BroadcastMode 78 5 SettingUpandConfiguringNISService 79 ConfiguringNIS—TaskMap 79 BeforeYouBeginConfiguringNIS 80 NISandtheServiceManagementFacility 80 PlanningYourNISDomain 81 IdentifyYourNISServersandClients 82 PreparingtheMasterServer 82 SourceFilesDirectory 82 PasswdFilesandNamespaceSecurity 83 PreparingSourceFilesforConversiontoNISMaps 83 PreparingtheMakefile 85 SettingUptheMasterServerWithypinit 85 MasterSupportingMultipleNISDomains 87 StartingandStoppingNISServiceontheMasterServer 87 StartingNISServiceAutomatically 88 StartingandStoppingNISFromtheCommandLine 88 SettingUpNISSlaveServers 89 PreparingaSlaveServer 89 SettingUpaSlaveServer 89 SettingUpNISClients 91 6 AdministeringNIS(Tasks) 93 PasswordFilesandNamespaceSecurity 93 AdministeringNISUsers 94 (cid:1)HowtoAddaNewNISUsertoanNISDomain 94 SettingUserPasswords 95 NISNetgroups 96 WorkingWithNISMaps 97 ObtainingMapInformation 98 ChangingaMap’sMasterServer 98 ModifyingConfigurationFiles 99 ModifyingandUsingtheMakefile 100 ModifyingMakefileEntries 102 UpdatingandModifyingExistingMaps 103 5 (cid:1)HowtoUpdateMapsSuppliedWiththeDefaultSet 104 ModifyingDefaultMaps 106 UsingmakedbmtoModifyaNon-DefaultMap 107 CreatingNewMapsfromTextFiles 107 AddingEntriestoaFile-BasedMap 107 CreatingMapsFromStandardInput 107 ModifyingMapsMadeFromStandardInput 108 AddingaSlaveServer 108 (cid:1)HowtoAddaSlaveServer 108 UsingNISWithC2Security 110 ChangingaMachine’sNISDomain 110 (cid:1)HowtoChangeaMachine’sNISDomainName 110 UsingNISinConjunctionWithDNS 111 (cid:1)HowtoConfigureMachineNameandAddressLookupThroughNISand DNS 111 DealingwithMixedNISDomains 112 TurningOffNISServices 112 7 NISTroubleshooting 113 NISBindingProblems 113 Symptoms 113 NISProblemsAffectingOneClient 114 NISProblemsAffectingManyClients 117 PartIV LDAPNamingServicesSetupandAdministration 123 8 IntroductiontoLDAPNamingServices(Overview/Reference) 125 AudienceAssumptions 125 SuggestedBackgroundReading 126 AdditionalPrerequisite 126 LDAPNamingServicesComparedtoOtherNamingServices 126 AdvantagesofLDAPNamingServices 127 RestrictionsofLDAPNamingServices 127 LDAPNamingServicesSetup(TaskMap) 128 9 LDAPBasicComponentsandConcepts(Overview) 129 LDAPDataInterchangeFormat(LDIF) 129 6 SystemAdministrationGuide:NamingandDirectoryServices(DNS,NIS,andLDAP)(cid:127)January2005 UsingFullyQualifiedDomainNamesWithLDAP 132 DefaultDirectoryInformationTree(DIT) 133 DefaultLDAPSchema 134 ServiceSearchDescriptors(SSDs)andSchemaMapping 134 DescriptionofSSDs 134 LDAPClientProfiles 137 ClientProfileAttributes 137 LocalClientAttributes 139 ldap_cachemgrDaemon 140 LDAPNamingServicesSecurityModel 141 Introduction 141 TransportLayerSecurity(TLS) 142 AssigningClientCredentialLevels 142 ChoosingAuthenticationMethods 144 PluggableAuthenticationMethods 147 AccountManagement 150 10 PlanningRequirementsforLDAPNamingServices(Tasks) 153 LDAPPlanningOverview 153 PlanningtheLDAPNetworkModel 154 PlanningtheDirectoryInformationTree(DIT) 154 MultipleDirectoryServers 155 DataSharingWithOtherApplications 155 ChoosingtheDirectorySuffix 156 LDAPandReplicaServers 156 PlanningtheLDAPSecurityModel 157 PlanningClientProfilesandDefaultAttributeValuesforLDAP 158 PlanningtheLDAPDataPopulation 158 (cid:1)HowtoPopulateaServerWithhostEntriesUsingldapaddent 159 11 SettingUpSunJavaSystemDirectoryServerWithLDAPClients(Tasks) 161 ConfiguringSunJavaSystemDirectoryServerUsingidsconfig 162 CreatingaChecklistBasedonYourServerInstallation 162 SchemaDefinitions 164 UsingBrowsingIndexes 164 UsingServiceSearchDescriptorstoModifyClientAccesstoVariousServices 165 SettingUpSSDsUsingidsconfig 165 7 Runningidsconfig 166 (cid:1)HowtoConfigureSunJavaSystemDirectoryServerUsingidsconfig 167 ExampleidsconfigSetup 167 PopulatingtheDirectoryServerUsingldapaddent 171 (cid:1)HowtoPopulateSunJavaSystemDirectoryServerWithUserPasswordData Usingldapaddent 171 ManagingPrinterEntries 172 AddingPrinters 172 Usinglpget 172 PopulatingtheDirectoryServerWithAdditionalProfiles 173 (cid:1)HowtoPopulatetheDirectoryServerWithAdditionalProfilesUsing ldapclient 173 ConfiguringtheDirectoryServertoEnableAccountManagement 174 MigratingYourSunJavaSystemDirectoryServer 175 12 SettingUpLDAPClients(Tasks) 177 PrerequisitestoLDAPClientSetup 177 LDAPandtheServiceManagementFacility 178 InitializinganLDAPClient 179 UsingProfilestoInitializeaClient 180 UsingProxyCredentials 180 InitializingaClientManually 181 ModifyingaManualClientConfiguration 181 UninitializingaClient 182 SettingUpTLSSecurity 183 ConfiguringPAM 184 RetrievingLDAPNamingServicesInformation 185 ListingAllLDAPContainers 185 ListingAllUserEntryAttributes 186 CustomizingtheLDAPClientEnvironment 186 Modifyingthensswitch.confFileforLDAP 186 EnablingDNSWithLDAP 187 13 LDAPTroubleshooting(Reference) 189 MonitoringLDAPClientStatus 189 Verifyingldap_cachemgrIsRunning 190 CheckingtheCurrentProfileInformation 191 VerifyingBasicClient-ServerCommunication 191 8 SystemAdministrationGuide:NamingandDirectoryServices(DNS,NIS,andLDAP)(cid:127)January2005 CheckingServerDataFromaNon-ClientMachine 191 LDAPConfigurationProblemsandSolutions 192 UnresolvedHostname 192 UnabletoReachSystemsintheLDAPDomainRemotely 192 LoginDoesNotWork 192 LookupTooSlow 193 ldapclientCannotBindtoServer 193 Usingldap_cachemgrforDebugging 194 ldapclientHangsDuringSetup 194 14 LDAPGeneralReference(Reference) 195 BlankChecklists 195 LDAPUpgradeInformation 196 Compatibility 197 Runningtheldap_cachemgrDaemon 197 NewautomountSchema 197 pam_ldapChanges 198 LDAPCommands 198 GeneralLDAPTools 199 LDAPToolsRequiringLDAPNamingServices 199 Examplepam.confFileforpam_ldap 199 Examplepam_conffileforpam_ldapConfiguredforAccountManagement 201 IETFSchemasforLDAP 203 RFC2307NetworkInformationServiceSchema 203 MailAliasSchema 208 DirectoryUserAgentProfile(DUAProfile)Schema 209 SolarisSchemas 211 SolarisProjectsSchema 211 Role-BasedAccessControlandExecutionProfileSchema 211 InternetPrintProtocolInformationforLDAP 213 InternetPrintProtocol(IPP)Attributes 213 InternetPrintProtocol(IPP)ObjectClasses 219 SunPrinterAttributes 220 SunPrinterObjectClasses 221 GenericDirectoryServerRequirementsforLDAP 221 DefaultFiltersUsedbyLDAPNamingServices 222 9 15 TransitioningFromNIStoLDAP(Overview/Tasks) 227 NIS-to-LDAPServiceOverview 227 NIS-to-LDAPToolsandtheServiceManagementFacility 228 NIS-to-LDAPAudienceAssumptions 228 WhenNottoUsetheNIS-to-LDAPService 229 EffectsoftheNIS-to-LDAPServiceonUsers 229 NIS-to-LDAPTransitionTerminology 230 NIS-to-LDAPCommands,Files,andMaps 231 SupportedStandardMappings 232 TransitioningFromNIStoLDAP(TaskMap) 233 PrerequisitesfortheNIS-to-LDAPTransition 234 SettingUptheNIS-to-LDAPService 234 (cid:1)HowtoSetUptheN2LServiceWithStandardMappings 235 (cid:1)HowtoSetUptheN2LServiceWithCustomorNonstandardMappings 237 ExamplesofCustomMaps 239 NIS-to-LDAPBestPracticesWithSunJavaSystemDirectoryServer 241 CreatingVirtualListViewIndexesWithSunJavaSystemDirectoryServer 241 AvoidingServerTimeoutsWithSunJavaSystemDirectoryServer 242 AvoidingBufferOverrunsWithSunJavaSystemDirectoryServer 243 NIS-to-LDAPRestrictions 244 NIS-to-LDAPTroubleshooting 244 CommonLDAPErrorMessages 244 NIS-to-LDAPIssues 245 RevertingtoNIS 248 (cid:1)HowtoReverttoMapsBasedonOldSourceFiles 249 (cid:1)HowtoReverttoMapsBasedonCurrentDITContents 249 16 TransitioningFromNIS+toLDAP 251 NIS+toLDAPOverview 251 rpc.nisdConfigurationFiles 252 NIS+toLDAPToolsandtheServiceManagementFacility 253 CreatingAttributesandObjectClasses 255 GettingStartedWiththeNIS+toLDAPTransition 256 /etc/default/rpc.nisdFile 256 /var/nis/NIS+LDAPmappingFile 259 NIS+toLDAPMigrationScenarios 264 MergingNIS+andLDAPData 265 MastersandReplicas(NIS+toLDAP) 268 10 SystemAdministrationGuide:NamingandDirectoryServices(DNS,NIS,andLDAP)(cid:127)January2005

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.