Re: [Freeipa-devel] [PATCH][DOC] Update Solaris Documentation, add proxy agent, and profile
Hello, Just wondering if we have found a reviewer for this patch set? It would be nice to have this as a part of the docs. Thanks, Gabe On Wed, Apr 16, 2014 at 5:13 AM, Petr Spacek pspa...@redhat.com wrote: On 16.4.2014 05:01, Gabe Alford wrote: The following patches update the Solaris documentation and add a proxy agent/profile for Solaris. - Solaris documentation update https://fedorahosted.org/freeipa/ticket/3731 - Patch adds default Proxy Agent and default_secure profile through 20-nss_ldap.update when ipa-server-install is run. https://fedorahosted.org/freeipa/ticket/2561 Thank you Gabe! I think this chapter deserves review from a Solaris expert. Core IPA team doesn't have one so we need to find some victim ... :-) Sigbjorn, would you mind reviewing this patch set? Instructions how to build docs are here: http://www.freeipa.org/page/Contribute/Documentation Thank you very much! -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH][DOC] Update Solaris Documentation, add proxy agent, and profile
I saw a similar interest on freeipa-users list in FreeIPA 3.3 and Solaris 10 Client Integration: thread. Also note it is proposed to only have the guide maintained in the downstream guide in [Freeipa-users] What should we do with upstream guide? thread (I know you know about it). So it is likely the patch would only be applied either in downstream doc or would be even transferred in an article/howto on FreeIPA.org so that Solaris users can easily update it. Martin On 09/26/2014 03:08 PM, Gabe Alford wrote: Hello, Just wondering if we have found a reviewer for this patch set? It would be nice to have this as a part of the docs. Thanks, Gabe On Wed, Apr 16, 2014 at 5:13 AM, Petr Spacek pspa...@redhat.com mailto:pspa...@redhat.com wrote: On 16.4.2014 05:01, Gabe Alford wrote: The following patches update the Solaris documentation and add a proxy agent/profile for Solaris. - Solaris documentation update https://fedorahosted.org/__freeipa/ticket/3731 https://fedorahosted.org/freeipa/ticket/3731 - Patch adds default Proxy Agent and default_secure profile through 20-nss_ldap.update when ipa-server-install is run. https://fedorahosted.org/__freeipa/ticket/2561 https://fedorahosted.org/freeipa/ticket/2561 Thank you Gabe! I think this chapter deserves review from a Solaris expert. Core IPA team doesn't have one so we need to find some victim ... :-) Sigbjorn, would you mind reviewing this patch set? Instructions how to build docs are here: http://www.freeipa.org/page/__Contribute/Documentation http://www.freeipa.org/page/Contribute/Documentation Thank you very much! -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH][DOC] Update Solaris Documentation, add proxy agent, and profile
If we can, let's try to push the doc patch 0014 downstream (except for patch 0015 as that patch is an ldif update). Gabe On Fri, Sep 26, 2014 at 7:16 AM, Martin Kosek mko...@redhat.com wrote: I saw a similar interest on freeipa-users list in FreeIPA 3.3 and Solaris 10 Client Integration: thread. Also note it is proposed to only have the guide maintained in the downstream guide in [Freeipa-users] What should we do with upstream guide? thread (I know you know about it). So it is likely the patch would only be applied either in downstream doc or would be even transferred in an article/howto on FreeIPA.org so that Solaris users can easily update it. Martin On 09/26/2014 03:08 PM, Gabe Alford wrote: Hello, Just wondering if we have found a reviewer for this patch set? It would be nice to have this as a part of the docs. Thanks, Gabe On Wed, Apr 16, 2014 at 5:13 AM, Petr Spacek pspa...@redhat.com mailto:pspa...@redhat.com wrote: On 16.4.2014 05:01, Gabe Alford wrote: The following patches update the Solaris documentation and add a proxy agent/profile for Solaris. - Solaris documentation update https://fedorahosted.org/__freeipa/ticket/3731 https://fedorahosted.org/freeipa/ticket/3731 - Patch adds default Proxy Agent and default_secure profile through 20-nss_ldap.update when ipa-server-install is run. https://fedorahosted.org/__freeipa/ticket/2561 https://fedorahosted.org/freeipa/ticket/2561 Thank you Gabe! I think this chapter deserves review from a Solaris expert. Core IPA team doesn't have one so we need to find some victim ... :-) Sigbjorn, would you mind reviewing this patch set? Instructions how to build docs are here: http://www.freeipa.org/page/__Contribute/Documentation http://www.freeipa.org/page/Contribute/Documentation Thank you very much! -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH][DOC] Update Solaris Documentation, add proxy agent, and profile
On 16.4.2014 05:01, Gabe Alford wrote: The following patches update the Solaris documentation and add a proxy agent/profile for Solaris. - Solaris documentation update https://fedorahosted.org/freeipa/ticket/3731 - Patch adds default Proxy Agent and default_secure profile through 20-nss_ldap.update when ipa-server-install is run. https://fedorahosted.org/freeipa/ticket/2561 Thank you Gabe! I think this chapter deserves review from a Solaris expert. Core IPA team doesn't have one so we need to find some victim ... :-) Sigbjorn, would you mind reviewing this patch set? Instructions how to build docs are here: http://www.freeipa.org/page/Contribute/Documentation Thank you very much! -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH][DOC] Update Solaris Documentation, add proxy agent, and profile
Hello,
The following patches update the Solaris documentation and add a proxy
agent/profile for Solaris.
- Solaris documentation update
https://fedorahosted.org/freeipa/ticket/3731
- Patch adds default Proxy Agent and default_secure profile through
20-nss_ldap.update when ipa-server-install is run.
https://fedorahosted.org/freeipa/ticket/2561
Thanks,
Gabe
From ead26af4688e4ae067448ac8ea4c9d5870e99fd7 Mon Sep 17 00:00:00 2001
From: Gabe redhatri...@gmail.com
Date: Tue, 15 Apr 2014 18:41:27 -0600
Subject: [PATCH] [DOC] Update Solaris client documentation
- Re-organized Solaris client sections
- Added examples of DUAProfile(s) with ldapclient
- Updated Sudo section
- Updated NFS options
- Change defunct Blastwave repository to OpenCSW
https://fedorahosted.org/freeipa/ticket/3731
---
src/user_guide/en-US/InstallingClients.xml | 659 -
1 file changed, 359 insertions(+), 300 deletions(-)
diff --git a/src/user_guide/en-US/InstallingClients.xml b/src/user_guide/en-US/InstallingClients.xml
index 1665a6cc5071e652bcb5d8008a23e34eb26db9e8..29762f2fffd489a853504ea0217237d3d88e066b 100644
--- a/src/user_guide/en-US/InstallingClients.xml
+++ b/src/user_guide/en-US/InstallingClients.xml
@@ -906,48 +906,140 @@ ipa-client
section id=Configuring_an_IPA_Client_on_Solaris condition=fedora
titleConfiguring a Solaris System as IPAA; Client/title
- section id=Configuring_an_IPA_Client_on_Solaris_10
- titleConfiguring Solaris 10/title
- orderedlist
-listitem id=st.sol1
+ section id=Configuring_NTP_on_Solaris
+ titleConfiguring NTP/title
+ para
+Configure and enable NTP and synchronize the time between the client and the IPA; server.
+ /para
+ /section
+ section id=Configuring_Solaris_NSS
+ titleConfiguring the Name Service Switch File/title
+ para
+Solaris by default comes with multiple Name Service Switch (NSS) configuration file templates. When the commandldapclient/command is executed, it copies the filename/etc/nsswitch.ldap/filename to the filename/etc/nsswitch.conf/filename file.
+ /para
+ orderedlist
+listitem
para
- IPA; provides an example profile for configuring Solaris 10 as IPAA; client. This can be loaded using commandldapclient/command and the commandinit/command command:
+ On the Solaris client, remove the optionldap/option option from all entries in filename/etc/nsswitch.ldap/filename except for the optionpasswd/option, optiongroup/option, optionshadow/option, optionnetgroup/option, and optionsudoers/option entries.
/para
-programlisting language=Bash[root@solaris ~]# ldapclient init ipa.example.com/programlisting
+/listitem
+listitem
para
- The commandldapclient/command can also be run to enter the information for the IPA; domain manually:
+ Add the optiondns/option option to the optionhosts/option and optionipnodes/option in filename/etc/nsswitch.ldap/filename. For example:
+screenhosts: files dns
+ipnodes:files dns/screen
/para
-
-programlisting language=Bash[root@solaris ~]# ldapclient manual
- -a credentialLevel=proxy
- -a authenticationMethod=tls:simple
- -a defaultSearchBase=dc=example,dc=com
- -a domainName=example.com
- -a defaultServerList=192.168.0.1
- -a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com
- -a proxyPassword={NS1}fbc123a92116812
- -a attributeMap=group:memberuid=memberUid
- -a attributeMap=group:gidnumber=gidNumber
- -a attributeMap=passwd:gidnumber=gidNumber
- -a attributeMap=passwd:uidnumber=uidNumber
- -a attributeMap=passwd:homedirectory=homeDirectory
- -a attributeMap=passwd:loginshell=loginShell
- -a attributeMap=shadow:userpassword=userPassword
- -a objectClassMap=group:posixGroup=posixgroup
- -a objectClassMap=passwd:posixAccount=posixaccount
- -a objectClassMap=shadow:shadowAccount=posixaccount
- -a serviceSearchDescriptor=passwd:cn=users,cn=accounts,dc=example,dc=com
- -a serviceSearchDescriptor=group:cn=groups,cn=accounts,dc=example,dc=com
- -a serviceSearchDescriptor=netgroup:cn=sysaccounts,cn=etc,dc=example,dc=com
- -a serviceSearchDescriptor=shadow:cn=sysaccounts,cn=etc,dc=example,dc=com
- -a serviceSearchDescriptor=sudoers:cn=sysaccounts,cn=etc,dc=example,dc=com/programlisting
/listitem
+ /orderedlist
+ /section
+ section id=Configuring_Solaris_LDAP_Authentication
+ titleConfiguring LDAP Authentication/title
+ para
+Solaris uses the Directory User Agent Profile (DUAProfile) to configure Solaris as a LDAP client. Using a DUAProfile is easier both for installing and maintaining the Solaris clients as they will re-read the LDAP configuration from the DUA profile periodically.
+ /para
+ para
+IPA; provides a default profile for configuring Solaris as IPAA; client. One to connect to IPA; with an anonymous bind (xref linkend=Connecting_Solaris_to_IPA_with_Anonymous_Bind /), and the other to connect to IPA; securely (xref linkend=Connecting_Solaris_to_IPA_Securely
