6. Configuring the RedHat Server for Solaris Clients

To achieve this we followed the Solaris documentation for configuring the IPlanet server (with adaptation): LDAP Setup and Configuration Guide, particularly Chapters 3 and 4. This said, as far as I can see, it turned out that some of these steps are not necessary for what we want. (Some of the Solaris schema is required; the ou=Profile and cn=Boiler_LDAP_Profile steps are apparently not required.)

1. First add the Solaris Schema stuff necessary to the server --- follow the material in the "Real" Doc line for line on configuring the server (Chapter 3), where possible and adapt to OpenLDAP (from iPlanet). The details entered to config the schema need to be altered to OpenLDAP understands them. Luckily most of this has been done --- see the schema links above.
2. Unfortunately I could not find translations of some attributes and so had to leave out corresponding (MUST) object classes --- this did not affect what I wanted.
3. Secondly add this (as suggested by this), organisationalUnit Profile:

           dn: ou=Profile,dc=example,dc=com
           objectclass: top
           objectclass: organizationalUnit
           ou: Profile
       

   so that the Solaris Profile can then be added (as suggested at the end of Chapter 3 of the "Real" Doc).
   
   To do this, put the above in a file called ou_Profile.ldif, say, and:

           ldapadd -x -D "cn=Manager, o=talbycsuumist, c=gb" -w secret \ 
                   -f ou_Profile.ldif
       

4. Then can add this (as generated by ldap_gen_profile on Solaris 8 machine) :

           dn: cn=Boiler_LDAP_Profile,ou=profile,o=talbycsuumist, c=gb
           ##                           ^^^^^^^^^^ not liked (no such object)
           #dn: cn=Boiler_LDAP_Profile,o=talbycsuumist, c=gb
           cn: Boiler_LDAP_Profile
           ObjectClass: top
           ObjectClass: SolarisNamingProfile
           SolarisLDAPServers: 130.88.100.77
           SolarisSearchBaseDN: o=boilercsuumist, c=gb
           #SolarisBindDN: cn=Manager, o=boilercsuumist, c=gb
           #SolarisBindPassword: {NS1}c53708877bc6
           #SolarisAuthMethod: NS_LDAP_AUTH_SIMPLE
           #SolarisTransportSecurity: NS_LDAP_SEC_NONE
           #SolarisSearchReferral: NS_LDAP_FOLLOWREF
           #SolarisSearchScope: NS_LDAP_SCOPE_ONELEVEL
           #SolarisSearchTimeLimit: 30
           #SolarisCacheTTL: 43200
       

   in the same way.

At this point one can load up a user (e.g., put the following in a file called si4.ldif and use ldapadd, or one can make use of a user which has been migrated into the LDAP directory from the RedHat box who does not exist on the Solaris box):

    dn: uid=si4,ou=People,o=talbycsuumist,c=gb
    uid: si4
    cn: si4
    objectClass: account
    objectClass: posixAccount
    objectClass: top
    objectClass: shadowAccount
    userPassword: letmein
    shadowLastChange: 11743
    shadowMax: 99999
    shadowWarning: 7
    loginShell: /bin/bash
    uidNumber: 504
    gidNumber: 504
    homeDirectory: /home/si4

To check from the client machine that all is well, try

    ldapsearch -h 130.88.100.87 -p389 -s sub -b "o=talbycsuumist,c=gb" \
        "uid=simonh"