sipazzo wrote: > Thank you,I know where the profile is in the directory tree and how I would > invoke it were it there...I don't know how to get it into the directory tree > so that it is available to clients. I see posts giving examples of different > profilesthat could be used but no post as to how to add it to the directory. > Sorry if I am missing something obvious. > > > -------------------------------------------- > On Fri, 10/10/14, Rob Crittenden <[email protected]> wrote: > > Subject: Re: [Freeipa-users] Solaris 10 client configuration using profile > To: "sipazzo" <[email protected]>, [email protected] > Date: Friday, October 10, 2014, 4:53 PM > > sipazzo wrote: > > > Hello, I am trying to set up a default profile for my > Solaris 10 IPA clients as recommended. I generated a profile > on a Solaris with the attributes I needed except I got an > "invalid parameter" error when specifying the > domainName attribute like this -a domainName=example.com > even though this parameter works when I use it in > ldapclient manual. More of an issue though is I have been > unable to find documentation on getting the profile > incorporated into the ipa server. How do I get this profile > on the ipa server and make it available to my Solaris > clients? Also, my understanding is the clients periodically > check this profile so they stay updated with the latest > configuration information. What generates this check? Is it > time based, a restart of a service or ?? > > > > Thank you for any > assistance. > > > > It's been forever since I configured a > Solaris anything client but I can > tell you > where the profile gets stored: > cn=profilename,cn=default,ou=profile,$SUFFIX > > IPA ships with a default > profile of: > > dn: > cn=default,ou=profile,$SUFFIX > ObjectClass: > top > ObjectClass: DUAConfigProfile > defaultServerList: $FQDN > defaultSearchBase: $SUFFIX > authenticationMethod: none > searchTimeLimit: 15 > cn: > default > serviceSearchDescriptor: > passwd:cn=users,cn=accounts,$SUFFIX > serviceSearchDescriptor: > group:cn=groups,cn=compat,$SUFFIX > bindTimeLimit: 5 > objectClassMap: > shadow:shadowAccount=posixAccount > followReferrals:TRUE > > The full schema can be found at > http://docs.oracle.com/cd/E23824_01/html/821-1455/schemas-17.html > > So if your profile is named > foo you'd invoke it with something like: > > # ldapclient init -a > profileName=foo ipa.example.com > > rob > >
Here is an example inspired by https://bugzilla.redhat.com/show_bug.cgi?id=815515 $ ldapmodify -x -D 'cn=Directory Manager' -W dn: cn=solaris_authssl_test,ou=profile,dc=example,dc=com objectClass: top objectClass: DUAConfigProfile cn: solaris_authssl_test authenticationMethod: tls:simple bindTimeLimit: 5 credentialLevel: proxy defaultSearchBase: dc=example,dc=com defaultSearchScope: one defaultServerList: ipa01.example.com ipa02.example.com ipa03.example.com followReferrals: TRUE objectclassMap: shadow:shadowAccount=posixAccount objectclassMap: printers:sunPrinter=printerService preferredServerList: ipa01.example.com ipa02.example.com profileTTL: 6000 searchTimeLimit: 10 serviceSearchDescriptor: passwd:cn=users,cn=accounts,dc=example,dc=com serviceSearchDescriptor: group:cn=groups,cn=compat,dc=example,dc=com serviceSearchDescriptor: netgroup:cn=ng,cn=compat,dc=example,dc=com serviceSearchDescriptor: ethers:cn=computers,cn=accounts,dc=example,dc=com serviceSearchDescriptor: automount:cn=default,cn=automount,dc=example,dc=com serviceSearchDescriptor: auto_master:automountMapName=auto.master,cn=defualt,cn=automount,dc=example,dc=com serviceSearchDescriptor: aliases:ou=aliases,ou=test,dc=example,dc=com serviceSearchDescriptor: printers:ou=printers,ou=test,dc=example,dc=com <blank line> ^D You may want to check out https://bugzilla.redhat.com/show_bug.cgi?id=815533 as well. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
