Solaris Miscellaneous Notes

How do I get and install patches?
See Sun's "Patches & Updates" site, but it appears that you have to have a Support contract with Sun to get these.
To apply patches, one probably uses the patchadd command.

How do I see what software is installed?
Use the pkginfo command. As a matter of fact, check out all the pkg commands,

pkginfo - lists the 1,012 packages that are installed on sol1

pkgchk - Checks on an installed package. For example,

   pkginfo | grep -i apache                 Shows main Apache package name is SUNWapch2r
   pkgchk -l SUNWapch2r | grep Pathname     Lists all the files & directories.

pkgrm - Removes a package.
pkgtrans - Prepares and "transfers" a package for installation. E.G.
```
   pkgtrans libgcc-3.4.6-sol10-sparc-local /var/spool/pkg
```
took the gcc compiler package I unzipped (whose first line was "# PaCkAgE DaTaStReAm") and wrote the /var/spool/pkg/SMClgcc346 directory, which I could then pkgadd from.
pkgadd - Installs software to the system. E.G. to install the gcc compiler, I
```
   pkgadd SMClgcc346
```
pkgparam - Shows installed time plus other junk.
pkg-config - Used to query the /usr/lib/pkgconfig directory & return info on installed packages. sol1 has 100 *.pc files in there, e.g. /usr/lib/pkgconfig/openssl.pc

How do I see what's on the 5 CDs that I could install?

   cd /export/install/sparc_10_606/Solaris_10/Product
   ls | cut -c1-4 | uniq  -c | sort -nr

will tell you the count of package prefixes, namely

   1265 SUNW  (Normal Sun packages)
     27 IPLT  (LDAP Admin & Directory Server?)
     18 FJSV  (Fujitsu things)
      3 TSIp  (Raptor GFX) System Software/Device Driver)
      3 JSat  (Japanese things)
      2 SMEv  (Support for Netra AX platforms?)

You can contrast that list with what's installed on sol1,

   pkginfo | awk '{print $2}' | cut -c1-4 | uniq -c | sort -nr

telling you the count of installed packages

   1011 SUNW
      8 SMC      (these 8 are the curl, gcc, gcc, nmap, subversion,
      1 FJSV      top & wget packages I installed manually)

I didn't see anything interesting in the list of of uninstalled software. It was mostly international languages and source code. You can look here at this Sun page to see their descriptions of all the packages on Solaris 10 6/06.

Check out all the different file systems.

/etc/svc/volatile - Temporary & volatile (type=tmpfs) file system with dozens of nothing log files for system things, a few lock files, and a couple of other things. Nothing too interesting.
/tmp - Another tmpfs file system, which guarantees it'll be empty across system reboots.
/var/run - Yet another /tmpfs file system.
/etc/mnttab - A cause of confusion because /etc/mnttab looks like a file (according to ls and you can vi it), and a file system (according to the "df" command). According to "man mnttab",
The file /etc/mnttab is really a file system that provides read-only access to the table of mounted file systems for the current host.
/net - Automount-controlled directory (svcs | svcadm autofs). The relavent line in /etc/auto_master is
```
   /net            -hosts          -nosuid,nobrowse
```
The "-hosts" is the "automapper map", and according to the automount man page,
The -hosts map is used with the /net directory and assumes that the map key is the hostname of an NFS server. The automountd daemon dynamically constructs a map entry from the server's list of exported file systems. References to a directory under /net/hermes will refer to the corresponding directory relative to hermes root.
So for example, I've got two file systems NFS-exported from linux1, /kickstart & /home. Initially, a
```
   ls -l /net
```
command shows nothing there, but adding the linux2 to the ls command immediately NFS-mounts both file systems (do a "df -a" to verify) and shows both,
```
  ls -l /net/linux2
   total 2
   dr-xr-xr-x   1 root     root           1 Nov  2 12:39 home
   dr-xr-xr-x   1 root     root           1 Nov  2 12:39 kickstart
```
(Why does this show up in a "df /net" but not a "df"? Because the "ignore" option is set in /etc/mnttab. Use "df -a" to see both "ignore" file systems, /net & /vol.)
I can't get the file systems mounted so I can see under the mount points, though.
```
  ls -l /net/linux2/home
  /net/linux2/home: Permission denied
```
I don't understand that.
/vol - Controlled by the /usr/sbin/vold daemon. According to man vold, it "manages removable media devices", CDs, DVDs, floppies and the like.
(Why does this show up in a "df /vol" but not a "df"? Because the "ignore" option is set in /etc/mnttab. Use "df -a" to see both "ignore" file systems, /net & /vol.)
/proc - Only has PID directories. It doesn't have any of the other subdirectories like Linux has (cpuinfo, ide, scsi, meminfo, etc). (Why does this show up in a "df /proc" but not a "df"? It's not set to "ignore" in /etc/mnttab as /net and /vol are.)
/export/home - The standard place for user's home directories if hosted on this server. This directory should be NFS-exported in write mode to the world, e.g.
```
   vi /etc/dfs/dfstab    and add this line,
   share -F nfs -o ro /export/home
   shareall
```
User's home directories are typically automountd-controlled at /home.
/devices - A "devfs" file system. See man devfs. I didn't see anything useful in here.
/system/contract - The ctfs man page says it's "the interface to the contract subsystem" and to see the contract man page for more details, but that page wasn't too useful.
/system/object - From the objfs man page, "the objfs filesystem describes the state of all modules currently loaded by the kernel.

From this decent Solaris reference:

First of all, let's get the tmpfs issue (/tmp, /var/run) out of the way. The tmpfs filesystem is a filesystem that takes memory from the virtual memory pool. What it lists as size of swap is the sum of the space currently taken by the filesystem and the available swap space unless the size is limited with the size=xxxx option.
In other words, the "size" of a tmpfs filesystem has nothing to do with the size of swap; at most with the available swap.
The second confusing issue is what "swap" really is. Solaris defines swap as the sum total of physical memory not otherwise used and physical swap. This is confusing to some who believe that swap is just the physical swap space.
The "swap -l" command will list the swap devices and files configured and how much of them is already in use.
The "swap -s" command will list the size of virtual swap. Physical swap added to the physical memory. On systems with plenty of memory, "swap -l" will typically show little or no swap space use but "swap -s" will show a lot of swap space used.

There are some perhaps-useful tools in /usr/proc/bin. See man proc for some details.

pstop - To stop a process
prun - To start it up again.
ptree - To see all children and parent processes.

There are others, but I didn't find them that interesting.

Where's lsof? Solaris didn't come with it. I had to download it from lsof.itap.purdue.edu then I

   bunzip2 -d lsof_4.77.bz2
   chmod +x lsof_4.77
   mv lsof_4.77 /usr/bin/lsof

Actually, Solaris 10 doesn't come with a lot of stuff. Where's a C compiler? curl or wget? top? nmap? subversion?
There's lots of stuff in /usr/sfw/bin including gcc, wget, mozilla, mysql, snmpwalk, Rick. You'll also find whoami in /usr/ucb.

I had to go to

   ftp ftp.sunfreeware.com
   cd /pub/freeware/sparc/10

and like a child in a candy store, grab all kinds of goodies. I got

gcc (package name = SMCgcc)
libgcc (package name = SMClgcc346)
curl (package name = SMCcurl)
nmap (package name = SMCnmap)
subversion (package name = SMCsubv14)
top (package name = SMCtop)
wget (package name = SMCwget)

(I should have probably gotten lsof from here as well, but Sun didn't have the latest. But see below.)

See this page for the list of what's on that FTP server and caveats for each.

Then for each,

   gzip -d  libgcc-3.4.6-sol10-sparc-local.gz
   pkgtrans libgcc-3.4.6-sol10-sparc-local    /var/spool/pkg
   pkgadd SMClgcc346

A further note on lsof. I had gotten lsof 4.77 from lsof.itap.purdue.edu, but that had a problem displaying the proper port numbers on open, being-listened-to sockets. E.G.

   lsof -i |grep sendmail
   sendmail 8164 root 5u IPv4 0x3000040f500 0t0 TCP *:65535 (LISTEN)
   sendmail 8164 root 6u IPv6 0x300004100c0 0t0 TCP [0:300:40:f500::]:* (LISTEN)
   sendmail 8164 root 7u IPv4 0x30000410740 0t0 TCP *:65535 (LISTEN)

Note the 65535 for the port numbers instead of smtp (port 25). I tried the version Sun had on its ftp ftp.sunfreeware.com, 4.76, but that did the same thing.

I tried recompiling the 4.77 from its source, but had compile problems.

   tar xf lsof_4.77.tar
   cd lsof_4.77
   tar xf lsof_4.77_src.tar
   cd lsof_4.77_src
   ./Configure solaris
   make
   (cd lib; make DEBUG="-O" CFGF="-Dsolaris=100000 -DHASPR_GWINDOWS ... )
   gcc  -Dsolaris=100000  -DHASPR_GWINDOWS ...  -O  -c  ckkv.c
   In file included from /usr/include/sys/vnode.h:47,
                    from /usr/include/sys/stream.h:22,
                    from /usr/include/netinet/in.h:66,
                    from ../machine.h:80,
                    from ckkv.c:33:
   /usr/include/sys/kstat.h:434: error: syntax error before "caddr32_t"
   /usr/include/sys/kstat.h:463: error: syntax error before '}' token
   /usr/include/sys/kstat.h:464: error: syntax error before '}' token
   /usr/include/sys/kstat.h:771: error: syntax error before '*' token
   /usr/include/sys/kstat.h:775: error: syntax error before '*' token
...

I found this web page which pointed to this still-open Solaris bug, which said

When attempting to compile lsof, the kstat header bailed out in 64 bit mode with "syntax error near caddr32_t". Turns out that kstat.h really needs sys/types32.h

As a work around, they said to add this line

   #include

to their machine.h file (in the ~/lsof_4.77/lsof_4.77_src directory). This fixed things just fine.

What is a "door" file? For example,

ls -l /var/run/name_service_door
Dr--r--r--   1 root     root           0 Oct 25 23:20 /var/run/name_service_door

According to 2002 "Survey of Process Environments",

A door descriptor is only found on Solaris machines. This is another interprocess communication mechanism that programs may use. Its use is similar to Remote Procedure Calls (RPS). One process, the server, makes a function available to client programs. It takes arguments and returns a status back to the client program. It has been documented as the fastest way to perform IPC between unrelated programs. The form of IPC only works within a machine and not across a network.

Similarly, a "p" is a FIFO or "named pipe" special file, but what is a "P" file?
According to "man ls", it's "an event port", whatever that is.
According to this "Solaris 10 OS Adoption Kit" -> "What's new?" -> "Features",

Event ports is an event completion framework that provides a scalable way for multiple threads or processes to wait for multiple pending asynchronous events from multiple objects.

So, are there any real examples of an "event port"? Only one that I could find, belonging to the svc.startd process.

   # find /proc/[1-9]*/fd ! -type f ! -type s ! -type c ! -type D ! -type d ! -type l ! -type p -ls
   0    0 ?---------   2 root     root            0 Oct 25 23:20 /proc/7/fd/5

Interesting that find doesn't show the "P". It has a question mark instead. The ls command shows it properly.

   # ls -l /proc/7/fd/5
   P---------   2 root     root           0 Oct 25 23:20 /proc/7/fd/5

So what is process 7?

   # ps -ef|grep ' 7 ' |grep svc
   root     7     1   0 23:19:59 ?           0:07 /lib/svc/bin/svc.startd

By the way, there are two pipe files in /etc,

   ls -l /etc/*pipe
   prw-------   1 root     root           0 Oct 31 14:37 /etc/initpipe
   prw-------   1 root     root           0 Nov  1 15:52 /etc/utmppipe

that get in the way of otherwise routine grep commands, e.g.

  grep foo /etc/*

   find /etc -type f -exec grep foo {} 2>/dev/null \; -ls

Both of the above commands will hang when grep gets to either of those /etc/*pipe files. There's this Solaris bug opened for this.
One solution is to use find,

find /etc -type f -exec grep foo {} \; ...

but then that goes down subdirectories and you may not want that.
Another workaround to

for i in *;do if [[ ! -p $i ]];then grep foo $i;fi;done

To patch the kernel (this was an interview question), you update the /etc/system file.
For example, to increase the number of file descriptors per process, add the following lines to /etc/system:

   * set hard limit on file descriptors
   set rlim_fd_max = 4096
   * set soft limit on file descriptors
   set rlim_fd_cur = 1024

See this list of possible tunable kernel parameters for Solaris 10.

How do I boot single user from CD?
In order to recover from some problems, you will need to boot single user from CDrom. On SPARC systems with Openboot PROMs, this is done by typing

   boot cdrom -s

at the ok prompt.
You can boot an interactive installation and escape to a shell window. This method has the advantage of usually mounting your filesystems under /a.

How do you start & stop daemons? Ala, AIX's startsrc/stopsrc/restart and Linux's service/chkconfig?

First some definitions:

SMF = Service Management Facility

FMRI = Fault Management Resource Identifier. The term to identify a system service, eg syslog is any of

     svc://localhost/system/system-log:default
     svc:/system/system-log:default
     system/system-log:default

svcs - A command to "report service status" or list the "managed service instances". There are

Count  Service Category   Example Service Names
=====  ================   =====================
  36   svc:/network        inetd & sendmail
  32   svc:/system         cron
  28   lrc:/etc            /etc/rc3_d/S50apache
   7   svc:/milestone      multi-user:default
   6   svc:/application    x11/xfs

svcadm - A command to control the SMF FMRI's (enable, disable, restart) both now and at the next system restart.
svccfg - Command to "manipule data in the service configuration repository"
svc.startd - "Master Restarter" daemon. This is the parent of sac and ttymon (Solaris's getty).
/usr/lib/saf/sac - Service Access Controller. Reads /etc/saf/_sactab.
/usr/lib/saf/ttymon - Console getty restarter, defined in /etc/saf/_sactab.

Some common tasks,

To list all services, svcs.
To query a service, svcs sendmail.
To start a service both now and at the next system boot, svcadm enable sendmail.
To start a service now but don't change what it does at the next system boot, svcadm enable -t sendmail.
To stop a service both now and at the next system boot, svcadm disable sendmail.
To stop a service now but don't change what it does at the next system boot, svcadm disable -t sendmail.
To restart a service, svcadm restart sendmail.
To show all information about a service (enabled, state, logfile (in /var/svc/log by default if not shown), restarter, dependencies, etc), svcs -l sendmail.
By the way, sendmail nowadays uses both the SMTP port (25) and the new submission port (587), usually to combat/control spam by requiring authentication.

The Apache web server comes disabled by default, but the webadmin userid & group (cutely, both uid & gid = 80) are there. To get it started up, I had to

cd /etc/apache2
cp -p httpd.conf-example httpd.conf
mkdir /var/run/apache2
chown webservd:webservd /var/run/apache2
svcadm enable apache2

Solaris uses special characters in file names that need to be escaped in a shell command. For example, the at-sign (@) and colon (:)

   ls -ld /devices/pci\@1f\,4000 /var/mail/\:saved
   drwxr-xr-x   6 root   sys    512 Oct 21 13:55 /devices/pci@1f,4000
   drwxrwxr-x   2 root   mail   512 Oct 21 01:17 /var/mail/:saved

To see your hardware configuration, use

   prtvtoc /dev/dsk/c0t0d0s2
   /usr/platform/sun4u/sbin/prtdiag
   sysdef

To get tricky and echo out some words in bold,

   bold=`tput smso` 
   offbold=`tput rmso` 
   echo "You must be the \"${bold}root${offbold}\" user to run this script."

From this web page
To install a patch, installpatch .
To check to see if a patch has been installed showrev �p |grep package name

To make use of the second disk drive on sol1, one needs to

Format it.
Make a file system on it.
Create the mount point.
Add a line to /etc/vfstab.
Mount it.

To format it, use the format command;

   format
   Searching for disks...done

   c0t1d0: configured with capacity of 16.86GB

   AVAILABLE DISK SELECTIONS:
          0. c0t0d0 
             /pci@1f,4000/scsi@3/sd@0,0
          1. c0t1d0 
             /pci@1f,4000/scsi@3/sd@1,0
   Specify disk (enter its number): 1
   selecting c0t1d0
   [disk formatted]
   Disk not labeled.  Label it now? y

   FORMAT MENU:
           disk       - select a disk
           type       - select (define) a disk type
           partition  - select (define) a partition table
           current    - describe the current disk
           format     - format and analyze the disk
           repair     - repair a defective sector
           label      - write label to the disk
           analyze    - surface analysis
           defect     - defect list management
           backup     - search for backup labels
           verify     - read and display labels
           save       - save new disk/partition definitions
           inquiry    - show vendor, product and revision
           volname    - set 8-character volume name
           !     - execute , then return
           quit
   format> volname
   Enter 8-character volume name (remember quotes)[""]:"2ndDrive"
   Ready to label disk, continue? yes

   format> inquiry
   Vendor:   SEAGATE
   Product:  ST318203LSUN18G
   Revision: 034A

   format> verify

   Primary label contents:

   Volume name = <2ndDrive>
   ascii name  = 
   pcyl        = 7508
   ncyl        = 7506
   acyl        =    2
   nhead       =   19
   nsect       =  248
   Part      Tag    Flag     Cylinders        Size            Blocks
     0       root    wm     223 - 3531        7.43GB    (3309/0/0) 15592008
     1       swap    wu       0 -  222      513.07MB    (223/0/0)   1050776
     2     backup    wm       0 - 7505       16.86GB    (7506/0/0) 35368272
     3 unassigned    wm       0               0         (0/0/0)           0
     4 unassigned    wm       0               0         (0/0/0)           0
     5 unassigned    wm       0               0         (0/0/0)           0
     6 unassigned    wm       0               0         (0/0/0)           0
     7       home    wm    3532 - 7505        8.93GB    (3974/0/0) 18725488

   format> quit

This partitioning it did was all wrong. I could use the backup partition to create my file system, but I thought it better to clean up those extra, unneeded partitions (root, swap, backup, and home), and consolidate everything into one partition. So with a little more format work, I got the partition table to be

   format> verify

   Primary label contents:

   Volume name = <2ndDrive>
   ascii name  = 
   pcyl        = 7508
   ncyl        = 7506
   acyl        =    2
   nhead       =   19
   nsect       =  248
   Part      Tag    Flag   Cylinders     Size            Blocks
     0        usr    wm     0 - 7505    16.86GB    (7506/0/0) 35368272
     1 unassigned    wm     0            0         (0/0/0)           0
     2     backup    wm     0 - 7505    16.86GB    (7506/0/0) 35368272
     3 unassigned    wm     0            0         (0/0/0)           0
     4 unassigned    wm     0            0         (0/0/0)           0
     5 unassigned    wm     0            0         (0/0/0)           0
     6 unassigned    wm     0            0         (0/0/0)           0
     7 unassigned    wm     0            0         (0/0/0)           0

As far as that "Partition ID Tag" goes, the possibilities include unassigned, boot, root, swap, usr, backup, stand, var, home, alternates, and reserved. According to this web page,

It doesn't actually matter (though I'd stay away from "swap" unless it really is a swap partition, and stay away from "stand", "boot", "alternates" and "reserved" altogether).

So I made it usr.

Create the new file system over that new slice.

   newfs /dev/rdsk/c0t1d0s0

Create the mount point,

   mkdir /extra

Add this line to /etc/vfstab.

   /dev/dsk/c0t1d0s0       /dev/rdsk/c0t1d0s0      /extra  ufs     2       yes     -

Mount the new file system.

   mount /extra

A note regarding that device name syntax. c0t1d0s0 stands for controller 0, target id 1, disk group 0 and slice 0.

To get Solaris to be more verbose during its boot process, before booting, intercept (by providing a key) the boot process, and at the "ok" prompt, enter

   ok boot -m verbose

What's the expected normal user creation process as far as home directories go and initial files (eg, .bashrc)? One can use the smc (Solaris Management Console) tool to add userids, administer systems, networks, disks, RAID drives,etc. When adding userids, it starts at userid 100 and hints you to put their home directories under /export/home. But even following their lead, the home directory was indeed mkdir'd on /export/home/mel, but the home directory inside /etc/passwd was /home/mel. What they did was also add this line

   mel sol1:/export/home/mel

to the bottom of the /etc/auto_home file and recycled the autofs (automount) daemon. I guess the idea is to have all home directories NFS-mounted on demand from some NFS server, starting at /home and managed by the automounter. If the directory is local to this system when you create the id, the smc tool does the mkdir /export/home/mel for you. If the real home directory is on some other NFS server, it doesn't. Either way, the proper line is added to /etc/auto_home.

To get other systems to share the id once it's created on the NFS server,

Add the /etc/passwd line,
Add the /etc/group line if necessary (usually it's not),
Add the /etc/shadow line,
Add the /etc/auto_home line.
Refresh the autofs daemon via svcadm refresh autofs

To break into a Solaris system (this according to this web page),

boot cdrom -s
mkdir /tmp/a
mount /dev/c0t0d0s0 /tmp/a
vi /tmp/a/etc/shadow

You can use dd to create a sparse file (IMO, useful in answering job interview questions only). As you can see, this created a 2GB file that, according to df -k, only occupies 24 blocks on my Solaris 10 system.

   df -k .
   Filesystem            kbytes    used   avail capacity  Mounted on
   /dev/dsk/c0t0d0s0    7677689 6490144 1110769    86%    /

   echo foo | dd of=raj obs=100000000 oseek=20

   ls -l raj
   -rw-r--r--   1 root     root     2000000004 Nov  6 13:03 raj

   df -k .
   Filesystem            kbytes    used   avail capacity  Mounted on
   /dev/dsk/c0t0d0s0    7677689 6490168 1110745    86%    /

But when you move it to another file system or copy it anywhere, even to the same file system, it gets expanded and looses its sparseness. You can use the GNU tar command, which has the �S or �sparse option to preserve sparseness (only linux has the -S or --sparse option in their default tar command).

Here's a list of all the Sun Solaris releases.

O.S. Level	Releases
Solaris 10	10, 10 01/06, 10 06/06
Solaris 9	9, 9 05/02, 9 09/02, 9 12/02, 9 04/03, 9 08/03, 9 12/03
Solaris 8	8, 8 06/00, 8 10/00, 8 01/01, 8 04/01, 8 07/01, 8 10/01, 8 02/02, 8 12/02, 8 03/03, 07/03
Solaris 7	7, 7 03/99, 7 05/99, 7 08/99, 7 11/99
Solaris 2.6	2.6 03/98, 2.6 05/98
Solaris 2.5	2.5.1 11/97

LDAP on Solaris 10

See the online Solaris 10 System Administration documentation from Sun, especially the "DNS, NIS, and LDAP" section.

This "QuickStart to Solaris 10 LDAP Authentication" page gives a short rundown of what's required. He has you

Update /etc/pam.conf.

cp -p /etc/pam.conf /etc/pam.conf.orig
vi /etc/pam.conf
Add these 6 lines where appropriate
- login auth sufficient pam_ldap.so.1
- rlogin auth sufficient pam_ldap.so.1
- other auth sufficient pam_ldap.so.1
- passwd auth sufficient pam_ldap.so.1
- other account sufficient pam_ldap.so.1
- other session sufficient pam_ldap.so.1
Update /etc/nsswitch.conf
1. cp -p /etc/nsswitch.conf /etc/nsswitch.conf.orig
2. cp -p /etc/nsswitch.ldap /etc/nsswitch.conf
3. vi /etc/nsswitch.conf
  and remove all the "[NOTFOUND=return]" from 9 lines
4. Add "dns" to the "hosts: ldap files" line.
Verify the LDAP client (ldapcachemgr) is down.
```
   svcs ldap/client
```
should report that svc:/network/ldap/client:default is disabled.
Enable the LDAP client (ldapcachemgr) for SMF.
```
   svcadm enable svc:/network/ldap/client:default 
```
*Note: Enabling the ldapclient service only prepares it for SMF management. The ldapcachmgr service will only begin running after the client is initialized.

Initialize the LDAP Client.

   ldapclient -v init -a domainName=jasperfamily.org ldap

The first time I did this, I got

   Parsing domainName=jasperfamily.org
   Arguments parsed:
           domainName: jasperfamily.org
           defaultServerList: ldap
   Handling init option
   About to configure machine by downloading a profile
   No profile specified. Using "default"
   findBaseDN: begins
   findBaseDN: ldap not running
   findBaseDN: calling __ns_ldap_default_config()
   found 1 namingcontexts
   findBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain=jasperfamily.org))"
   rootDN[0] dc=jasperfamily,dc=org
   jasperfamily,dc=org
   found_cxt = -1
   findBaseDN: Err exit
   Failed to find defaultSearchBase for domain jasperfamily.org

It's apparently looking for something in my LDAP schema with objectclass=nisDomainObject. Either that or it wants a profile.

Googling the above error led me to how to use ldapclient genprofile to create a profile in LDIF format that can be loaded into the LDAP server.

   ldapclient genprofile -a profileName=default \
       -a authenticationMethod=none \
       -a defaultSearchBase=dc=jasperfamily,dc=org \
       -a preferredServerList=ldap.jasperfamily.org \
       -a "defaultServerList=ldap.jasperfamily.org" > default.profile.ldif

gave me this default.profile.ldif file

   dn: cn=default,ou=profile,dc=jasperfamily,dc=org
   ObjectClass: top
   ObjectClass: DUAConfigProfile
   defaultServerList: ldap.jasperfamily.org
   defaultSearchBase: dc=jasperfamily,dc=org
   authenticationMethod: none
   preferredServerList: ldap.jasperfamily.org
   cn: default

and to add it to my LDAP database,

   ldapadd -h ldap -v -D "cn=Manager,dc=jasperfamily,dc=org" -w secret -f default.profile.ldif

On the other hand, there's this version of the ldapclient command

   ldapclient manual -a authenticationMethod=none \
                     -a defaultSearchBase=dc=jasperfamily,dc=org \
                     -a defaultServerList=ldap.jasperfamily.org

but that didn't work either.

Verify the LDAP Client is running.
```
   svcs ldap/client
```
should say the ldap/client is online.

This page was last updated: Wednesday, 08-Nov-2006 09:49:10 Pacific Standard Time