Planning Client Profiles and Default Attribute Values

By going through the previous planning steps (network model, DIT, and security model), you should have some idea of the values for the following profile attributes.

• cn

• defaultServerList

• preferredServerList

• bindTimeLimit

• searchTimeLimit

• profileTTL

• defaultSearchBase

• defaultSearchScope

• serviceSearchDescriptor

• attributeMap

• objectclassMap

• followReferrals

• credentialLevel

• authenticationMethod

• serviceCredentialLevel

• serviceAuthenticationMethod

Of the preceding attributes, only cn, defaultServerList, and defaultSearchBase are required. They have no default values. The rest are optional, and some have default values.

See Chapter 16, Setting Up Clients (Tasks) for more information about setting up LDAP clients.

Planning the Data Population

To populate the LDAP server with data, after the LDAP server has been configured with the proper DIT and schema. Use the new ldapaddent tool. This tool will create entries in LDAP containers from their corresponding /etc files. It can be used to populate data into the containers for the following types of data: aliases, auto_*, bootparams, ethers, group, hosts (including IPv6 addresses), netgroup, netmasks, networks, passwd, shadow, protocols, publickey, rpc, and services.

By default, ldapaddent reads from the standard input and adds this data to the LDAP container associated with the database specified on the command line. But an input file from which data should be read can be specified using the -f option.

Because the entries are stored in the directory based on the client's configuration, the client must be configured to use the LDAP naming services.

For better performance, load the databases in this order:

1. passwd database followed by shadow database

2. networks database followed by netmasks database

3. bootparams database followed by ethers database

Note that when adding automounter entries, the database name is in the form of auto_* (for example, auto_home).

If you have /etc files from different hosts to add to the LDAP server, you can either merge all of them into the same /etc file and then use ldapaddent on one host to add the files, or perform ldapaddent on the different hosts one by one, with the expectation that each host is already configured as a LDAP client.

If your naming service data is already in an NIS server, and you want to move the data to the LDAP server for LDAP naming services, use the ypcat (or niscat) command to dump the NIS map into files. Then, run ldapaddent against these files to add the data to the LDAP server.

Note - ldapaddent can only be run on an LDAP client.

The following procedure assumes that the tables are to be extracted from a yp client.

How to Populate a Server With host Entries Using ldapaddent

1. Make sure that Sun ONE Directory Server was set up using idsconfig.

2. Become superuser on a client machine.

3. Make the machine an LDAP client.

   # ldapclient --p --d domainName=west.example.com 192.168.0.0

4. Populate the server with data.

   # ldapaddent -D "cn=directory manager" -f /etc/hosts hosts

In this example, the directory_manager password would be sent in the clear, as currently, ldapaddent binds using the simple authentication method.