Tuesday, December 14, 2010

The Gloden Era

Just had to post this one :-)

Solaris and ldapclient with Active Directory (AD)

Been working on getting Solaris to auth to AD, not really out of choice, but hey I guess sometimes you got to do what you got to do.

Here is the ldapclient command that works with AD:

ldapclient  -v manual \
-a followReferrals=false \
-a "defaultServerList=" \
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a proxyDN=cn=ldapproxyuser,cn=users,dc=voc,dc=iam \
-a proxyPassword=proxypassword  \
-a defaultSearchBase=dc=voc,dc=iam \
-a domainName=voc.iam \
-a attributeMap=group:userpassword=userPassword \
-a attributeMap=group:memberuid=memberUid \
-a attributeMap=group:gidnumber=gidNumber \
-a attributeMap=passwd:gecos=gecos \
-a attributeMap=passwd:gidnumber=gidNumber \
-a attributeMap=passwd:uidnumber=uidNumber \
-a attributeMap=passwd:homedirectory=unixHomeDirectory \
-a attributeMap=passwd:loginshell=loginShell \
-a attributeMap=shadow:shadowflag=shadowFlag \
-a attributeMap=shadow:userpassword=userPassword \
-a objectClassMap=group:posixGroup=group \
-a objectClassMap=passwd:posixAccount=user \
-a objectClassMap=shadow:shadowAccount=user \
-a serviceSearchDescriptor=passwd:dc=voc,dc=iam?sub \
-a serviceSearchDescriptor=group:dc=voc,dc=iam?sub

Ref: http://mail.opensolaris.org/pipermail/sysadmin-discuss/2008-February/001740.html