Customer issue when trying to implement LDAP profiles on Solaris
The customer has a working configuration to bind Solaris servers to LDAP using profilesAn example follows:
however there is a security concern because we have not found a way to implement profiles
without the nisDomain Object of all our clients being visible to every client
when doing an anonymous bind. Need to see if it is possible to hide the details of each
client beneath the top level nisDomain and also implement profiles.
Is this possible? If yes, pointers to any references would be most helpful.
Below is the output visible when running an anonymous bind with my current implementation. The top level domain version: 1 dn: dc=custX,dc=com nisDomain: custX.com objectClass: top objectClass: domain objectClass: nisdomainobject dn: o=Administration, dc=custX,dc=com objectClass: top objectClass: organization o: Administration Then each of the client nisDomain's e.g. client 1 through to 45. dn: o=client1.custX.com,dc=custX,dc=com nisDomain: client1.custX.com o: sma.custX.com objectClass: top objectClass: organization objectClass: nisDomainObject ......... dn: o=client45.custX.com,dc=custX,dc=com nisDomain: client.custX.com o: tan.custx.com objectClass: top objectClass: organization objectClass: nisDomainObject And the profile information for each client dn: cn=client1_profile_b,ou=profile,o=client1.custX.com,dc=custX,dc=com objectClass: top objectClass: DUAConfigProfile defaultServerList: 172.22.22.22 defaultSearchBase: o=client1.custX.com,dc=custX,dc=com authenticationMethod: simple defaultSearchScope: one preferredServerList: 172.3.121.13 172.3.121.19 profileTTL: 600 cn: eng_profile_b credentialLevel: proxy
0