Planning Client Profiles and Default Attribute Values
By going through the previous planning steps (network model, DIT, and security model), you should have some ideas of what the values for the following profile attributes.
cn
defaultServerList
preferredServerList
bindTimeLimit
searchTimeLimit
profileTTL
defaultSearchBase
defaultSearchScope
serviceSearchDescriptor
attributeMap
objectclassMap
followReferrals
credentialLevel
authenticationMethod
serviceCredentialLevel
serviceAuthenticationMethod
Out of the above attributes, only the cn, the defaultServerList and defaultSearchBase are required attributes. They have no default values. The rest are optional, and some have default values.
See Chapter 16, Client Setup (Task) for more information on setting up LDAP clients.
Planning the Data Population
To populate the LDAP server with the LDAP naming service data, after the LDAP server has been configured with the proper DIT and schema, it is best to use the new ldapaddent tool. This tool will create entries in LDAP containers from their corresponding /etc files. It can be used to populate data into the containers for the following type of data: aliases, auto_*, bootparams, ethers, group, hosts (including IPv6 addresses), netgroup, netmasks, networks, passwd, shadow, protocols, publickey, rpc, and services.
By default, ldapaddent reads from the standard input and adds this data to the LDAP container associated with the database specified on the command line. But an input file from which data should be read can be specified using the -f option.
The entries are stored in the directory based on the client's configuration, thus the client must be configured to use the LDAP naming service.
For better performance, the recommended order in which the databases should be loaded is as follows.
passwd database followed by shadow database
networks database followed by netmasks database
bootparams database followed by ethers database
Note that when adding automounter entries, the database name is in the form of auto_* (for example, auto_home).
If you have /etc files from different hosts to be added to the LDAP server, you can either merge all of them into the same /etc file and then use ldapaddent on one host to add, or perform ldapaddent on the different hosts one by one, with the expectation that all these hosts are already configured as a LDAP client.
If your naming service data is already in a NIS server, and you want to move the data to the LDAP server for LDAP naming services, use the ypcat (or niscat) command to dump the NIS map into files and run ldapaddent against these files to add the data to the LDAP server.
For example, to add hosts information to the LDAP server do the following.
Example 14-1 How to add NIS information to an LDAP server
Become superuser.
Run ldapaddent.
# ldapaddent -h ldap_server_name -D directory manager -f hosts.data \ hosts
In the above example, the directory_manager password would be stored in the clear when using simple authentication.
You can also populate your directory server with NIS+ data using the proper settings in rpc.nisd. See the Appendix, "Transitioning from NIS+ to LDAP" in System Administration Guide: Naming and Directory Services (FNS and NIS+).