Professional Web Applications Themes

LDAP-solaris9 - Sun Solaris

I am using NIS as name server that I want to replace with LDAP. I was reading sun doentation, and i found this: One disadvantage of LDAP Naming Service is: A directory server (an LDAP server) cannot be its own client. In other words, you cannot configure the machine that is running the directory server software to become an LDAP naming service client. Here is my question: If I don't install LDAP client on the machine which is running Directory Server, how do I manage users etc. on the Directory Server machine? Thanks, Neso...

  1. #1

    Default LDAP-solaris9

    I am using NIS as name server that I want to replace with LDAP.
    I was reading sun doentation, and i found this:

    One disadvantage of LDAP Naming Service is:
    A directory server (an LDAP server) cannot be its own client. In other
    words, you cannot configure the machine that is running the directory
    server software to become an LDAP naming service client.

    Here is my question:
    If I don't install LDAP client on the machine which is running
    Directory Server, how do I manage users etc. on the Directory Server
    machine?

    Thanks, Neso

    Nebojsa Guest

  2. #2

    Default Re: LDAP-solaris9

    In article <ca>,
    Nebojsa Marusic <ca> wrote:
     

    Easy. You don't. That machine is used only for LDAP service.

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...



    Michael Guest

  3. #3

    Default Re: LDAP-solaris9

    > Here is my question: 

    Two ways:

    I do not know what LDAP Directory you are looking to use, but I have
    been using OpenLDAP on Linux servers and the server that is hosting
    the directory can indeed be a client of said directory (authenticate
    local logins and do name service lookups against the directory). I am
    not sure if Sun directory server has some kind of architectural
    limitation prohibiting this.

    You can create a script for adding accounts to the ldap directory that
    will first add the account to the local machine. There are a bunch of
    script out there for syncing passwords between /etc/passwd /etc/shadow
    and an ldap directory.

    Mike
    MikeM Guest

  4. #4

    Default Re: LDAP-solaris9

    "Michael Vilain " wrote:
     
    >
    >
    > Easy. You don't. That machine is used only for LDAP service.
    >[/ref]

    /usr/sbin/directoryserver startconsole
    manages the server, and can be run on the server.

    Works fine.

    Kelly

    Kelly Guest

  5. #5

    Default Re: LDAP-solaris9

    In article <ca>, Nebojsa Marusic <ca> writes:
    |> I am using NIS as name server that I want to replace with LDAP.
    |> I was reading sun doentation, and i found this:
    |>
    |> One disadvantage of LDAP Naming Service is:
    |> A directory server (an LDAP server) cannot be its own client. In other
    |> words, you cannot configure the machine that is running the directory
    |> server software to become an LDAP naming service client.
    |>

    You can define the server as its own client.

    First inialize the client, e.g:
    ldapclient init -a proxyDN=cn=proxyagent,ou=profile,dc=rrzn,dc=uni-hannover,dc=de -a domainName=rrzn.uni-hannover.de ldapservername

    Now the server is its own client.
    But you must also move a rc-script in /etc/rc2.d:
    mv S72directory S25directory
    Now after a reboot the the server will be started before the client-script.
    It works fine.

    Gerd Marquardt
    RRZN / Universitaet Hannover uni-hannover.de
    Schlosswender Str. 5 Tel. +49-511-762-4727
    D-30159 Hannover fax: +49-511-762-3003

    Gerd Guest

  6. #6

    Default Re: LDAP-solaris9

    On Thu, 09 Oct 2003 15:44:47 +0000, Nebojsa Marusic wrote:
     

    With /usr/sbin/directoryserver startconsole, as someone mentioned.
    Actually, I run this from my admin station.

    My question is why does it matter? Are clients logging into the LDAP
    server host to do their work? I have been running native LDAP in Solaris
    9 for a long time and I see no reason for a client to login to that host.

    Alex Moore
    Alex Guest

  7. #7

    Default Re: LDAP-solaris9


    "Alex Moore" <net> skrev i melding
    news:net... 
    >
    > With /usr/sbin/directoryserver startconsole, as someone mentioned.
    > Actually, I run this from my admin station.
    >
    > My question is why does it matter? Are clients logging into the LDAP
    > server host to do their work? I have been running native LDAP in Solaris
    > 9 for a long time and I see no reason for a client to login to that host.[/ref]

    Of course one manages (user) entries in the directory with
    /usr/sbin/directoryserver startconsole. I do think that is the issue.

    It does come as somewhat of a surprise to customers that "native LDAP
    in Solaris" by design implies one or two (for redundancy) dedicated servers
    which are not supposed to be their own clients and therefor cannot be
    used by users and their applications.

    This imposes a "hidden" extra costs on unknowing customers. Especially for
    small installations (just a couple of Suns) which still want to use this
    advanced naming service, this is annoying.

    The practical reason for his appears to be bootstrap ordering, i.e. at
    which time the server is available and when the client (LDAP cache manager)
    starts.
    As some have pointed out and we have found to be true, manually re-ordering
    related boot scripts appear to solve this. The server can be used as a
    production server for user applications.

    I fear this may also make it difficult to invoke Sun support for enterprise
    critical setups. When push comes to showe, I do not want to be in a situation
    where my 24/7 contract is void because I "hacked" the naming service setup.
    Of course, we are checking this with Sun next week.

    I hope that Solaris 10 or 11 fix this, and that DS becomes the fully integrated,
    standard naming service.
    Torsten Guest

  8. #8

    Default Re: LDAP-solaris9


    "Torsten Kirschner" <no> skrev i melding news:broadpark.no...
    [...] 
    >> My question is why does it matter? Are clients logging into the LDAP
    >> server host to do their work? I have been running native LDAP in Solaris
    >> 9 for a long time and I see no reason for a client to login to that host.[/ref][/ref]
     

    This should have read "I do _not_ think that is the issue.".


    Torsten Guest

Similar Threads

  1. compiling php-4.3.9 on Solaris9 X86
    By Zammo in forum PHP Development
    Replies: 0
    Last Post: October 6th, 12:20 AM
  2. Converting from NIS to LDAP under Solaris9
    By rascal1981 in forum Linux / Unix Administration
    Replies: 0
    Last Post: July 8th, 06:55 PM
  3. I need more than 255 IPs on solaris9, how?
    By www.ttdown.com in forum Sun Solaris
    Replies: 7
    Last Post: August 21st, 03:03 AM
  4. Solaris9 on Ultra5
    By stephane foucher in forum Sun Solaris
    Replies: 8
    Last Post: August 7th, 02:42 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139