Running idsconfig
Note - You do not need special rights to run idsconfig,
nor do you need to be an LDAP naming client. Remember to create a checklist
as mentioned in "Creating a Checklist Based on Your Server Installation" in preparation for running idsconfig. You don not have to run idsconfig
from a server or an LDAP naming service client machine. You can run idsconfig from any Solaris machine on the network.
Caution - idsconfig sends the Directory Manager's
password in the clear. If you do not want this to happen, you must run idsconfig on the directory server itself, not on a client.
How to Configure the iPlanet Directory Server Using idsconfig
Make sure the target iPlanet Directory Server 5.1 is up and running.
Run idsconfig.
# /usr/lib/ldap/idsconfig
Answer the questions prompted. Note that 'no' [n] is the default user
input. If you need clarification on any given question, type and
a brief help paragraph will appear.
Refer to the following example run of idsconfig using
the definitions listed in the server and client checklists at the beginning
of this chapter in "Creating a Checklist Based on Your Server Installation". It is an example of a
simple setup, without modifying many of the defaults. The most complicated
method of modifying client profiles is by creating SSDs. Refer to "Using Service Search Descriptors to Modify Client Access to Various
Services"
for a detailed discussion.
A carriage return sign after the prompt means that you are accepting
the [default] by hitting enter.
Example 15-1 Running idsconfig for the Example, Inc. Network
(sysadmin@test) [3:10pm] ns_ldap [31] % sh idsconfig.sh
It is strongly recommended that you BACKUP the directory server
before running idsconfig.sh.
Hit Ctrl-C at any time before the final confirmation to exit.
Do you wish to continue with server setup (y/n/h)? [n] Y
|
Enter the iPlanet Directory Server's (iPlanet Directory Server)
hostname to setup: IPDSERVER
|
Enter the port number for iPlanet Directory Server (h=help): [389]
Enter the directory manager DN: [cn=Directory Manager]
Enter passwd for cn=Directory Manager :
Enter the domainname to be served (h=help): [west.example.com]
Enter LDAP Base DN (h=help): [dc=west,dc=example,dc=com]
Enter the profile name (h=help): [default]
Default server list (h=help): [192.168.0.0]
Preferred server list (h=help):
Choose desired search scope (one, sub, h=help): [one]
The following are the supported credential levels:
1 anonymous
2 proxy
3 proxy anonymous
Choose Credential level [h=help]: [1] 2
|
The following are the supported Authentication Methods:
1 none
2 simple
3 sasl/DIGEST-MD5
4 tls:simple
5 tls:sasl/DIGEST-MD5
Choose Authentication Method (h=help): [1] 2
|
Current authenticationMethod: simple
Do you want to add another Authentication Method? N
|
Do you want the clients to follow referrals (y/n/h)? [n] Y
|
Do you want to modify the server timelimit value (y/n/h)? [n] Y
|
Enter the time limit for iPlanet Directory Server (current=3600): [-1]
|
Do you want to modify the server sizelimit value (y/n/h)? [n] Y
|
Enter the size limit for iPlanet Directory Server (current=2000): [-1]
|
Do you want to store passwords in "crypt" format (y/n/h)? [n] Y
|
Do you want to setup a Service Authentication Methods (y/n/h)? [n]
Client search time limit in seconds (h=help): [30]
Profile Time To Live in seconds (h=help): [43200]
|
Bind time limit in seconds (h=help): [10] 2
|
Do you wish to setup Service Search Descriptors (y/n/h)? [n]
Summary of Configuration
1 Domain to serve : west.example.com
2 Base DN to setup : dc=west,dc=example,dc=com
3 Profile name to create : default
4 Default Server List : 192.168.0.0
5 Preferred Server List :
6 Default Search Scope : one
7 Credential Level : proxy
8 Authentication Method : simple
9 Enable Follow Referrals : TRUE
10 iPlanet Directory Server Time Limit : -1
11 iPlanet Directory Server Size Limit : -1
12 Enable crypt password storage : TRUE
13 Service Auth Method pam_ldap :
14 Service Auth Method keyserv :
15 Service Auth Method passwd-cmd:
16 Search Time Limit : 30
17 Profile Time to Live : 43200
18 Bind Limit : 2
19 Service Search Descriptors Menu
Enter config value to change: (1-19 0=commit changes) [0]
Enter DN for proxy agent:[cn=proxyagent,ou=profile,dc=west,dc=example,dc=com]
Enter passwd for proxyagent:
Re-enter passwd:
|
WARNING: About to start committing changes. (y=continue, n=EXIT) Y
|
1. Changed timelimit to -1 in cn=config.
2. Changed sizelimit to -1 in cn=config.
3. Changed passwordstoragescheme to "crypt" in cn=config.
4. Schema attributes have been updated.
5. Schema objectclass definitions have been added.
6. Created DN component dc=west.
7. NisDomainObject added to dc=west,dc=example,dc=com.
8. Top level "ou" containers complete.
9. Nis maps: auto_home auto_direct auto_master auto_shared processed.
10. ACI for dc=west,dc=example,dc=com modified to disable self modify.
11. Add of VLV Access Control Information (ACI).
12. Proxy Agent cn=proxyagent,ou=profile,dc=west,dc=example,dc=com added.
13. Give cn=proxyagent,ou=profile,dc=west,dc=example,dc=com read permission for
password.
14. Generated client profile and loaded on server.
15. Processing eq,pres indexes:
ipHostNumber (eq,pres) Finished indexing.
uidNumber (eq,pres) Finished indexing.
ipNetworkNumber (eq,pres) Finished indexing.
gidnumber (eq,pres) Finished indexing.
oncrpcnumber (eq,pres) Finished indexing.
16. Processing eq,pres,sub indexes:
membernisnetgroup (eq,pres,sub) Finished indexing.
nisnetgrouptriple (eq,pres,sub) Finished indexing.
17. Processing VLV indexes:
getgrent vlv_index Entry created
gethostent vlv_index Entry created
getnetent vlv_index Entry created
getpwent vlv_index Entry created
getrpcent vlv_index Entry created
getspent vlv_index Entry created
idsconfig.sh: Setup of iPlanet Directory Server server ipdserver is complete.
Note: idsconfig has created entries for VLV indexes. Use the
directoryserver(1m) script on ipdserver to stop
the server and then enter the following vlvindex
sub-commands to create the actual VLV indexes:
directoryserver -s ipdserver vlvindex -n userRoot -T getgrent
directoryserver -s ipdserver vlvindex -n userRoot -T gethostent
directoryserver -s ipdserver vlvindex -n userRoot -T getnetent
directoryserver -s ipdserver vlvindex -n userRoot -T getpwent
directoryserver -s ipdserver vlvindex -n userRoot -T getrpcent
directoryserver -s ipdserver vlvindex -n userRoot -T getspent
|