All, Does the Fedora DS support Solaris Clients? If so, where can I find information, schema examples, etc.... Thanks in advance, Brian
Hi Brian,
By "Solaris Clients", I assume you mean Solaris naming service (for
passwd, group, etc.).
The answer is yes. Any modern, properly configured LDAP server,
including Fedora DS, can support Solaris naming service. However,
getting the server "properly configured" can be tricky.
However, since Sun''s own directory server ("Sun Java Enterprise
System
Directory Server") is so very similar to Fedora DS, much of the same
preparation methods and documentation regarding SunDS will apply
directly to Fedora DS.
A good starting point would be Gary Tay''s fine documentation at:
http://web.singnet.com.sg/~garyttt/
Gary''s docs were written around iPlanet/Sun DS, but as I mentioned,
pretty much all of this should also apply to Fedora DS.
Good luck!
-- George
Brian Martinez wrote:
> All,
>
> Does the Fedora DS support Solaris Clients? If so, where can I find
> information, schema examples, etc....
>
> Thanks in advance,
> Brian
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
I currently have a Solaris 9 client using LDAP for passwd/group and NIS for netgroups and ethers maps, using TLS, against FDS. It took some doing, but it can be done. Solaris 10 looks like it''s going to be a similar process. If this is something worth documenting, I can probably help out with that effort on the wiki. Let me know. On 7/14/05, George Holbert <gholbert@broadcom.com> wrote:> Hi Brian, > > By "Solaris Clients", I assume you mean Solaris naming service (for > passwd, group, etc.). > > The answer is yes. Any modern, properly configured LDAP server, > including Fedora DS, can support Solaris naming service. However, > getting the server "properly configured" can be tricky. > > However, since Sun''s own directory server ("Sun Java Enterprise System > Directory Server") is so very similar to Fedora DS, much of the same > preparation methods and documentation regarding SunDS will apply > directly to Fedora DS. > > A good starting point would be Gary Tay''s fine documentation at: > http://web.singnet.com.sg/~garyttt/ > > Gary''s docs were written around iPlanet/Sun DS, but as I mentioned, > pretty much all of this should also apply to Fedora DS. > > Good luck! > -- George > > > Brian Martinez wrote: > > > All, > > > > Does the Fedora DS support Solaris Clients? If so, where can I find > > information, schema examples, etc.... > > > > Thanks in advance, > > Brian > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
George, That is correct, we are attempting to use the FDS7 as a central authentication system for Solaris 10 NSS Clients with a PAM backend. We believe that we are missing the proper schemas on the server (DUAConfigProfile and Solaris) to support the Solaris Clients. The ones on Tay''s website seem to be in the wrong format (schema instead of ldif)...or we just dont know how to import them! We have been scrounging his site for clues/ideas...developers on the client side are convinced the server is the issue...developers on the server side believe it is the client. My take is that we already have the server "most" of the way, because we are successfully authenticating Linux clients securely to the FDS7 server and we are missing some essential piece on the server side to solve the Solaris puzzle. If you have any further thoughts, ideas, or prayers...feel free to send them our way.>From: "George Holbert" <gholbert@broadcom.com> >Reply-To: "General discussion list for the Fedora Directory server >project." <fedora-directory-users@redhat.com> >To: "General discussion list for the Fedora Directory server project." ><fedora-directory-users@redhat.com> >Subject: Re: [Fedora-directory-users] Solaris Client >Date: Thu, 14 Jul 2005 11:08:06 -0700 > >Hi Brian, > >By "Solaris Clients", I assume you mean Solaris naming service (for passwd, >group, etc.). > >The answer is yes. Any modern, properly configured LDAP server, including >Fedora DS, can support Solaris naming service. However, getting the server >"properly configured" can be tricky. > >However, since Sun''s own directory server ("Sun Java Enterprise System >Directory Server") is so very similar to Fedora DS, much of the same >preparation methods and documentation regarding SunDS will apply directly >to Fedora DS. > >A good starting point would be Gary Tay''s fine documentation at: >http://web.singnet.com.sg/~garyttt/ > >Gary''s docs were written around iPlanet/Sun DS, but as I mentioned, pretty >much all of this should also apply to Fedora DS. > >Good luck! >-- George > > >Brian Martinez wrote: > >>All, >> >>Does the Fedora DS support Solaris Clients? If so, where can I find >>information, schema examples, etc.... >> >>Thanks in advance, >>Brian >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users@redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users
Sun''s solution to getting a server all set up for Solaris naming service is a script called "idsconfig". This script can be found in /usr/lib/ldap on Solaris 9 and up. Note that idsconfig is a part of Solaris, not a part of Sun DS (or any other DS). idsconfig will do schema updates that include DUAConfigProfile and some RFC2307bis items. I''d think it would work with Fedora DS just as it does with Sun DS. idsconfig is not my favorite script ever, but it can get the job done. You may have to tweak it slightly for your situation. Also, note that the LDIF it uses to change the password scheme to CRYPT is incorrect. The correct LDIF is: dn: cn=Password Policy,cn=config changetype: modify replace: passwordStorageScheme passwordStorageScheme: CRYPT -- George Brian Martinez wrote:> George, > > That is correct, we are attempting to use the FDS7 as a central > authentication system for Solaris 10 NSS Clients with a PAM backend. > > We believe that we are missing the proper schemas on the server > (DUAConfigProfile and Solaris) to support the Solaris Clients. The > ones on Tay''s website seem to be in the wrong format (schema instead > of ldif)...or we just dont know how to import them! > > We have been scrounging his site for clues/ideas...developers on the > client side are convinced the server is the issue...developers on the > server side believe it is the client. My take is that we already have > the server "most" of the way, because we are successfully > authenticating Linux clients securely to the FDS7 server and we are > missing some essential piece on the server side to solve the Solaris > puzzle. > > If you have any further thoughts, ideas, or prayers...feel free to > send them our way. > >> From: "George Holbert" <gholbert@broadcom.com> >> Reply-To: "General discussion list for the Fedora Directory server >> project." <fedora-directory-users@redhat.com> >> To: "General discussion list for the Fedora Directory server >> project." <fedora-directory-users@redhat.com> >> Subject: Re: [Fedora-directory-users] Solaris Client >> Date: Thu, 14 Jul 2005 11:08:06 -0700 >> >> Hi Brian, >> >> By "Solaris Clients", I assume you mean Solaris naming service (for >> passwd, group, etc.). >> >> The answer is yes. Any modern, properly configured LDAP server, >> including Fedora DS, can support Solaris naming service. However, >> getting the server "properly configured" can be tricky. >> >> However, since Sun''s own directory server ("Sun Java Enterprise >> System Directory Server") is so very similar to Fedora DS, much of >> the same preparation methods and documentation regarding SunDS will >> apply directly to Fedora DS. >> >> A good starting point would be Gary Tay''s fine documentation at: >> http://web.singnet.com.sg/~garyttt/ >> >> Gary''s docs were written around iPlanet/Sun DS, but as I mentioned, >> pretty much all of this should also apply to Fedora DS. >> >> Good luck! >> -- George >> >> >> Brian Martinez wrote: >> >>> All, >>> >>> Does the Fedora DS support Solaris Clients? If so, where can I find >>> information, schema examples, etc.... >>> >>> Thanks in advance, >>> Brian >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Brian Martinez wrote:> George, > > That is correct, we are attempting to use the FDS7 as a central > authentication system for Solaris 10 NSS Clients with a PAM backend. > > We believe that we are missing the proper schemas on the server > (DUAConfigProfile and Solaris) to support the Solaris Clients. The > ones on Tay''s website seem to be in the wrong format (schema instead > of ldif)...or we just dont know how to import them!You can use this script http://www.directory.fedora.redhat.com/download/ol-schema-migrate.pl found on this page http://directory.fedora.redhat.com/wiki/Howto:OpenLDAPMigration to convert .schema files to .ldif schema files. e.g. perl ol-schema-migrate.pl solaris.schema > slapd-myhost/config/schema/61solaris.ldif Then restart slapd> > We have been scrounging his site for clues/ideas...developers on the > client side are convinced the server is the issue...developers on the > server side believe it is the client. My take is that we already have > the server "most" of the way, because we are successfully > authenticating Linux clients securely to the FDS7 server and we are > missing some essential piece on the server side to solve the Solaris > puzzle. > > If you have any further thoughts, ideas, or prayers...feel free to > send them our way. > >> From: "George Holbert" <gholbert@broadcom.com> >> Reply-To: "General discussion list for the Fedora Directory server >> project." <fedora-directory-users@redhat.com> >> To: "General discussion list for the Fedora Directory server >> project." <fedora-directory-users@redhat.com> >> Subject: Re: [Fedora-directory-users] Solaris Client >> Date: Thu, 14 Jul 2005 11:08:06 -0700 >> >> Hi Brian, >> >> By "Solaris Clients", I assume you mean Solaris naming service (for >> passwd, group, etc.). >> >> The answer is yes. Any modern, properly configured LDAP server, >> including Fedora DS, can support Solaris naming service. However, >> getting the server "properly configured" can be tricky. >> >> However, since Sun''s own directory server ("Sun Java Enterprise >> System Directory Server") is so very similar to Fedora DS, much of >> the same preparation methods and documentation regarding SunDS will >> apply directly to Fedora DS. >> >> A good starting point would be Gary Tay''s fine documentation at: >> http://web.singnet.com.sg/~garyttt/ >> >> Gary''s docs were written around iPlanet/Sun DS, but as I mentioned, >> pretty much all of this should also apply to Fedora DS. >> >> Good luck! >> -- George >> >> >> Brian Martinez wrote: >> >>> All, >>> >>> Does the Fedora DS support Solaris Clients? If so, where can I find >>> information, schema examples, etc.... >>> >>> Thanks in advance, >>> Brian >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Gentlemen, Thank you for the assistance...we will implementing your suggestions immediately. I wll respond with results soon. Again, thank you for your rapid and helpful responses...>From: Rich Megginson <rmeggins@redhat.com> >Reply-To: "General discussion list for the Fedora Directory server >project." <fedora-directory-users@redhat.com> >To: "General discussion list for the Fedora Directory server project." ><fedora-directory-users@redhat.com> >Subject: Re: [Fedora-directory-users] Solaris Client >Date: Thu, 14 Jul 2005 13:21:01 -0600 > >Brian Martinez wrote: > >>George, >> >>That is correct, we are attempting to use the FDS7 as a central >>authentication system for Solaris 10 NSS Clients with a PAM backend. >> >>We believe that we are missing the proper schemas on the server >>(DUAConfigProfile and Solaris) to support the Solaris Clients. The ones >>on Tay''s website seem to be in the wrong format (schema instead of >>ldif)...or we just dont know how to import them! > >You can use this script >http://www.directory.fedora.redhat.com/download/ol-schema-migrate.pl >found on this page >http://directory.fedora.redhat.com/wiki/Howto:OpenLDAPMigration >to convert .schema files to .ldif schema files. e.g. >perl ol-schema-migrate.pl solaris.schema > >slapd-myhost/config/schema/61solaris.ldif >Then restart slapd > >> >>We have been scrounging his site for clues/ideas...developers on the >>client side are convinced the server is the issue...developers on the >>server side believe it is the client. My take is that we already have the >>server "most" of the way, because we are successfully authenticating Linux >>clients securely to the FDS7 server and we are missing some essential >>piece on the server side to solve the Solaris puzzle. >> >>If you have any further thoughts, ideas, or prayers...feel free to send >>them our way. >> >>>From: "George Holbert" <gholbert@broadcom.com> >>>Reply-To: "General discussion list for the Fedora Directory server >>>project." <fedora-directory-users@redhat.com> >>>To: "General discussion list for the Fedora Directory server project." >>><fedora-directory-users@redhat.com> >>>Subject: Re: [Fedora-directory-users] Solaris Client >>>Date: Thu, 14 Jul 2005 11:08:06 -0700 >>> >>>Hi Brian, >>> >>>By "Solaris Clients", I assume you mean Solaris naming service (for >>>passwd, group, etc.). >>> >>>The answer is yes. Any modern, properly configured LDAP server, >>>including Fedora DS, can support Solaris naming service. However, >>>getting the server "properly configured" can be tricky. >>> >>>However, since Sun''s own directory server ("Sun Java Enterprise System >>>Directory Server") is so very similar to Fedora DS, much of the same >>>preparation methods and documentation regarding SunDS will apply directly >>>to Fedora DS. >>> >>>A good starting point would be Gary Tay''s fine documentation at: >>>http://web.singnet.com.sg/~garyttt/ >>> >>>Gary''s docs were written around iPlanet/Sun DS, but as I mentioned, >>>pretty much all of this should also apply to Fedora DS. >>> >>>Good luck! >>>-- George >>> >>> >>>Brian Martinez wrote: >>> >>>>All, >>>> >>>>Does the Fedora DS support Solaris Clients? If so, where can I find >>>>information, schema examples, etc.... >>>> >>>>Thanks in advance, >>>>Brian >>>> >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users@redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> >>> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users@redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users@redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users > ><< smime.p7s >> >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users