Using idsconfig with Sun DSEE 6.0

Despite the awesomely advanced management interface to Sun DSEE 6.0, I have found that the handy /usr/lib/ldap/idsconfig command that actually initializes the directory with the correct OUs, searchServiceDescriptors, and profiles that the Solaris ldapclient command uses to initialize the OS to use LDAP as a naming service. Also, the idsconfig command is no longer even mentioned in the DSEE 6.0 installation guide nor the administration guide (the logical place to describe this very helpful tool).

So, through a bit more of digging I happened to come across the command and a description of how to modify it to work with DSEE 6.0 in the Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide in Appendix A. (Pluggable Authentication Modules), of all places! Anyway, here an excerpt from that guide that will get you on your way with the idsconfig command:

For PAM to work with Directory Server 6.0, you must edit the /usr/lib/ldap/idsconfig script and change 5 to 6 in the following code:

if [ "${IDS_MAJVER}" != "5" ]; then

While executing the idsconfig command-line tool, you need to know which values to assign to the various configuration parameters. If you do not know, use the default values when prompted (other than the configuration parameters 1, 2, and 4).

Finally, I was able to initialize the directory as I was able to with previous versions of the Sun Directory Server. Especially helpful are the profiles that the idsconfig command creates in the directory under cn=profilename,ou=profiles,dc=yourdomain,dc=net which allows the LDAP clients to simply download the profile with all of the configuration options preset and simply copy them locally to become initialized. This saves a lot of time when converting a bunch of systems from file or nis for naming services in the nsswitch.conf file.

For a complete how-to of initializing the Sun Directory Server, please reference my wiki page: http://www.amcpu.org/wiki/index.php?title=SJSDS_Installation_Guide.

Also, for a walkthrough of configuring Solaris LDAP clients, check out this wiki entry: http://www.amcpu.org/wiki/index.php?title=SJSDS_Configure_LDAP_Clients.

Sun Directory Server EE 6.0 Rules!

I've been tinkering with Sun's latest LDAP directory server, and I must say that I am very impressed. The time to get up and running with an LDAP server that has self-signed SSL certificates, replication with neighbor servers, and an awesome web management interface is minimal compared to previous versions. The server comes packages with the Java Enterprise System Identity Management Suite and can be configured during the installation or afterwards. I like to have full control over the configuration, so I select to "Configure Later" which allows me to run the DS Control Center setup script later on.

I know that there are a lot more exciting blog postings on the Sun Blogs, but I wanted to show my appreciation for such a great improvement in Sun's LDAP offering. You'll see many more postings along this topic as I go through the steps of rolling out the DSEE 6.0 along with Sun Access Manager 7.1 (authentication services / SSO) and Sun Identity Manager 7.0 (user provisioning and access control).