Sun's solution to getting a server all set up for Solaris naming service
is a script called "idsconfig". This script can be found in
/usr/lib/ldap on Solaris 9 and up. Note that idsconfig is a part of
Solaris, not a part of Sun DS (or any other DS).
idsconfig will do schema updates that include DUAConfigProfile and some
RFC2307bis items. I'd think it would work with Fedora DS just as it
does with Sun DS.
idsconfig is not my favorite script ever, but it can get the job done.
You may have to tweak it slightly for your situation. Also, note that
the LDIF it uses to change the password scheme to CRYPT is incorrect.
The correct LDIF is:
dn: cn=Password Policy,cn=config
changetype: modify
replace: passwordStorageScheme
passwordStorageScheme: CRYPT
-- George
Brian Martinez wrote:
George,
That is correct, we are attempting to use the FDS7 as a central
authentication system for Solaris 10 NSS Clients with a PAM backend.
We believe that we are missing the proper schemas on the server
(DUAConfigProfile and Solaris) to support the Solaris Clients. The
ones on Tay's website seem to be in the wrong format (schema instead
of ldif)...or we just dont know how to import them!
We have been scrounging his site for clues/ideas...developers on the
client side are convinced the server is the issue...developers on the
server side believe it is the client. My take is that we already have
the server "most" of the way, because we are successfully
authenticating Linux clients securely to the FDS7 server and we are
missing some essential piece on the server side to solve the Solaris
puzzle.
If you have any further thoughts, ideas, or prayers...feel free to
send them our way.
From: "George Holbert" <gholbert@xxxxxxxxxxxx>
Reply-To: "General discussion list for the Fedora Directory server
project." <fedora-directory-users@xxxxxxxxxx>
To: "General discussion list for the Fedora Directory server
project." <fedora-directory-users@xxxxxxxxxx>
Subject: Re: Solaris Client
Date: Thu, 14 Jul 2005 11:08:06 -0700
Hi Brian,
By "Solaris Clients", I assume you mean Solaris naming service (for
passwd, group, etc.).
The answer is yes. Any modern, properly configured LDAP server,
including Fedora DS, can support Solaris naming service. However,
getting the server "properly configured" can be tricky.
However, since Sun's own directory server ("Sun Java Enterprise
System Directory Server") is so very similar to Fedora DS, much of
the same preparation methods and documentation regarding SunDS will
apply directly to Fedora DS.
A good starting point would be Gary Tay's fine documentation at:
http://web.singnet.com.sg/~garyttt/
Gary's docs were written around iPlanet/Sun DS, but as I mentioned,
pretty much all of this should also apply to Fedora DS.
Good luck!
-- George
Brian Martinez wrote:
All,
Does the Fedora DS support Solaris Clients? If so, where can I find
information, schema examples, etc....
Thanks in advance,
Brian
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
