![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
So at work they have me switching over the network from NIS to LDAP for a network of a couple hundred machines on a mixed network of Solaris10 and linux (Ubuntu). Now, the basic idea of LDAP is pretty easy and there are a number of books that'll teach it to you like O'Reilly's take on the subject. Unfortunately once you get past the basic introduction to what it is, the documentation peters out.
Documentation is important. In fact that's the very First Law of Language Design: a language is only as good as its documentation. The documentation for LDAP is like the documentation for an extremely proprietary product intended only for use by governments and very large corporations. First of all there's very little of it. Secondly what documentation there is goes into excruciating and technical detail of very specific and often esoteric facets of the product, but makes no attempt whatsoever to answer basic questions nor mention how one is to actually use it. Thirdly, what brief discussions there are of how to do half of a basic task only discuss a different model (openldap) than the one we're using, which is of course incompatible with ours (SunONE DS5.2).
Back when I started this blog I started it with the hopes of collecting my thoughts and experiences as I navigate the world of IT and F/OSS in particular. While oft I've been defunct at doing so, I think for this project especially it's important to keep a log of my discoveries so that others in my position may learn from my tribulations. And now, onward to the first colossi to be slain.
...
In truth, the first colossus was just getting the thing up and running enough to use the gui console to look at the (now sparse) directory tree and to get the thing to accept input in LDIF format. I didn't keep much documentation of that but it should be relatively straightforward even though you'll doubtless encounter some stumbling block along your way. For importing LDIF the manpage for ldapmodify is a helpful one. This page from Sun's documentation has a little more, but I also suggest reading what the O'Reilly book has to say in order to get an understanding of LDIF format itself. This is a script I wrote for converting passwd files into LDIF.
We'll skip the second and as yet undefeated colossus for now and
bound on to the third one mortally wounded just this past friday.
This site
has the bulk of what little documentation I've seen for setting up clients,
this page
from Sun has a tiny bit more; all other documentation only
looks at the server end of things. There's a complication however. From
a basic install the SunONE server doesn't understand the
DUAConfigProfile object class that
ldapclient generates and requires. Other
than that you can just use
ldapclient genprofile to output a profile, just
save the output and import it; see
ldapclient's manpage for more info.
In order to load new object classes first you need to get ahold of
the schema for them. The schema for
DUAConfigProfile is
here (in openldap's schema
format). Naturally the SunONE server doesn't understand OpenLDAP's
schema files.
This script
takes in an openldap schema file and prints out a
version Sun's server can understand.
This
page from Sun's documentation gives a brief overview of adding new
schema in. The big hangup it overlooks is that the files
must have an extension of
.ldif. If you save the output from that script
with a *.schema suffix, the server will ignore it. Other than those two
tricks installing new schema is easy: find the schema you need, convert
it to Sun's format with the script, save it to the
ServerRoot/slapd-serverID/config/schema
directory in the 9* range with an *.ldif suffix, and restart the server.
The second colossus is trying to set up autofs so that NFS partitions can be mounted automatically on need across your network. Last time I tried this I ended up hosing the box; I'll prolly hose another on monday when I try it again. Naturally, again, the automounter on linux is different from the one on Solaris. This page gives an overview on how to set things up for linux.
In short, for those who may be unfamiliar with autofs. There's an automounter file called auto.master which maps the directory containing mountpoints to a different kind of map; that second map maps the individual mountpoints to where they come from over nfs. In ldap you have a single automountMap object with a child automount object for every line of the file. Now we have the parent dirs point to ldap queries, each of those queries points to an ou which represents the second kind of map and has automount children for each line of the old file.
On Solaris the file is called auto_master instead (and linux can be configured to use underscore for compatibility) and instead of automountMap and automount, nisMap and nisObject are used instead, although I've heard (though I've mislaid the link) that as of Solaris10 the openldap/redhat objects should be the default. Naturally the schema for the openldap/redhat objects doesn't ship with SunONE, though they can be found in openldap format here with prerequisites here and here. Note that the core and cosine prereqs have some schema already declared by Sun's schemas. My Sun formatted versions with those duplicates commented out are here and here. Also I have some scripts I used for converting the old files and NIS maps here and here.
