Document Information
Preface
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Solaris Trusted Extensions Software to the Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
Using a Naming Service in Trusted Extensions
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Tasks)
A. Site Security Policy
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Common Security Violations
Additional Security References
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Preparing to Create Zones by Using CDE Actions (Task Map)
Creating Labeled Zones by Using CDE Actions (Task Map)
C. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
D. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
E. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Solaris Man Pages That Are Modified by Trusted Extensions
Glossary
Index
|
Using the LDAP Naming Service in Trusted Extensions
The LDAP naming service is managed in Trusted Extensions as it is
managed in the Solaris OS. The following is a sample of useful commands,
and contains references to more detailed information:
For strategies to solve LDAP configuration problems, see Chapter 13, LDAP Troubleshooting (Reference), in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). To troubleshoot client-to-server LDAP connection problems that are affected by labels, see How to Debug a Client Connection to the LDAP Server. To troubleshoot other client-to-server LDAP connection problems, see Chapter 13, LDAP Troubleshooting (Reference), in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). To display LDAP entries from an LDAP client, type: $ ldaplist -l
$ ldap_cachemgr -g To display LDAP entries from an LDAP server, type: $ ldap_cachemgr -g
$ idsconfig -v To list the hosts that LDAP manages, type: $ ldaplist -l hosts Long listing
$ ldaplist hosts One-line listing To list information in the Directory Information Tree (DIT) on LDAP, type: $ ldaplist -l services | more
dn: cn=apocd+ipServiceProtocol=udp,ou=Services,dc=exampleco,dc=com
objectClass: ipService
objectClass: top
cn: apocd
ipServicePort: 38900
ipServiceProtocol: udp
...
$ ldaplist services name
dn=cn=name+ipServiceProtocol=udp,ou=Services,dc=exampleco,dc=com To display the status of the LDAP service on the client, type: # svcs -xv network/ldap/client
svc:/network/ldap/client:default (LDAP client)
State: online since date
See: man -M /usr/share/man -s 1M ldap_cachemgr
See: /var/svc/log/network-ldap-client:default.log
Impact: None. To start and stop the LDAP client, type: # svcadm enable network/ldap/client # svcadm disable network/ldap/client To start and stop the LDAP server in version 5.2 of Sun Java System Directory Server software, type: # installation-directory/slap-LDAP-server-hostname/start-slapd
# installation-directory/slap-LDAP-server-hostname/stop-slapd To start and stop the LDAP server in version 6 of Sun Java System Directory Server software, type: # dsadm start /export/home/ds/instances/your-instance
# dsadm stop /export/home/ds/instances/your-instance To start and stop a proxy LDAP server in version 6 of Sun Java System Directory Server software, type: # dpadm start /export/home/ds/instances/your-instance
# dpadm stop /export/home/ds/instances/your-instance
|
