Configuring Oracle Directory Server Enterprise Edition by Using the idsconfig Command - Working With Naming and Directory Services in Oracle Solaris 11.1

Configuring Oracle Directory Server Enterprise Edition by Using the `idsconfig` Command

Creating a Checklist Based on Your Server Installation

During the server installation process, you will have defined crucial variables, with which you should create a checklist similar to the one below before launching idsconfig. You can use the blank checklist provided in Blank Checklists for Configuring LDAP .

Note - The information included below will serve as the basis for all examples that follow in the LDAP-related chapters. The example domain is of a widget company, Example, Inc. with stores nationwide. The examples deal with the West Coast Division, with the domain name of west.example.com.

Table 11-1 Server Variables Defined for the example.com Network

Variable	Definition for Example Network
Port number at which an instance of the directory server is installed	`389` (default)
Name of server	`myserver` (from the FQDN `myserver.west.example.com` or the hos tname for `192.168.0.1`)
Replica servers (IPnumber:port number)	`192.168.0.2` [for `myreplica.west.example.com`]
Directory manager	cn=directory manager (default)
Domain name to be served	`west.example.com`
Maximum time (in seconds) to process client requests before timing out	`1`
Maximum number of entries returned for each search request	`1`

Note - If you are using host names in defining defaultServerList or preferredServerList, you must ensure that LDAP is not used for host lookups. This means thatldap must not be configured in the config/host property of the svc:/network/name-service/switch service.

Table 11-2 Client Profile Variables Defined for the example.com Network

Variable	Definition for Example Network
Profile name (the default name is default)	`WestUserProfile`
Server list (defaults to the local subnet)	`192.168.0.1`
Preferred server list (listed in order of which server to try first, second, and so on)	`none`
Search scope (number of levels down through the directory tree. '`One`', the default, or '`Sub`')	`one` (default)
Credential used to gain access to server. Default is `anonymous`	`proxy`
Follow Referrals? ( a pointer to another server if the main server is unavailable) Default is `no`.	`Y`
Search time limit (default is 30 seconds) for waiting for server to return information.	`default`
Bind time limit (default is 10 seconds) for contacting the server.	`default`
Authentication method Default is `none`.	`simple`

Note - Client profiles are defined per domain. At least one profile must be defined for a given domain.

Attribute Indexes

The idsconfig command indexes the following list of attributes for improved performance:

membernisnetgroup: pres,eq,sub
nisnetgrouptriple: pres,eq,sub
ipHostNumber: pres,eq,sub
uidNumber: pres,eq
gidNumber: pres,eq
ipNetworkNumber: pres,eq
automountkey: pres,eq
oncRpcNumber: pres,eq

Schema Definitions

idsconfig(1M) automatically adds the necessary schema definitions. Unless you are very experienced in LDAP administration, do not manually modify the server schema. See Chapter 14, LDAP Naming Service (Reference) for an extended list of schemas used by the LDAP naming service.

Using Browsing Indexes

The browsing index functionality of the Oracle Directory Server Enterprise Edition, otherwise known as the virtual list view (VLV), provides a way in which a client can view a select group or number of entries from very long list, thus making the search process less time consuming for each client. Browsing indexes provide optimized, predefined search parameters with which the LDAP naming client can access specific information from the various services more quickly. Keep in mind that if you do not create browsing indexes, the clients will not access all the entries of a given type if the server limits are exceeded. For example, if there are 5000 password entries, but the size limit of 1000 entries is enabled, 4000 entries will not be returned during some lookup operations. That can often cause login and other serious failures for the client machines.

VLV indexes are configured on the directory server and the proxy user has read access to these indexes.

Before configuring browsing indexes on the Oracle Directory Server Enterprise Edition, consider the performance cost associated with using these indexes. For more information, refer to the Administration Guide for the version of Oracle Directory Server Enterprise Edition that you are using.

idsconfig creates entries for several VLV indexes. See the idsconfig(1M) man page for more information. Refer to the output of the idsconfig command to determine the VLV entries created by idsconfig. See Example idsconfig Setup for sample idsconfig output.

Skip Navigation Links
Exit Print View
	Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library