Installing And Configuring
Plan Your Installation
| If you merge your data into an existing directory, for example to |
| share user names and passwords with other applications, the |
| migration scripts can create LDIF files of your user data, but you will |
| have to write your own scripts or use other tools to merge the data |
| into your directory. You can add the posixAccount object class to your |
| users already in the directory to leverage your existing directory |
| data. |
| See “Import Name Service Data into Your Directory” on page 25 for |
| how to import your information into the directory and “Name Service |
| Migration Scripts” on page 160 for details on the migration scripts. |
|
|
CAUTION | If you place a root login in the LDAP directory, that user and |
| password will be able to log in as root to any client using |
| Client Services. Keeping the root user in /etc/passwd on each client |
| system allows the root user to be managed locally. This can be |
| especially useful if the network is down because it allows local access |
| to the system. |
| It is not recommended that you put the same users both in |
| /etc/passwd and in the directory. This could lead to conflicts and |
| unexpected behavior. |
|
|
•How many profiles do you need?
A configuration profile is a directory entry that contains configuration information shared by a group of clients. The profile contains the information clients need to access user and group data in the directory, for example:
—Your directory server hosts
—Where user, group, and other information is in the directory
—The method clients use to bind to the directory
—Other configuration parameters such as search time limits
If these parameters are the same for all your clients, you would need only one profile. You will need at least one profile per directory server or replica. In general, it is a good idea to have as few profiles as necessary to simplify maintenance. Look at the posixNamingProfile object class in Appendix B,
14 | Chapter 2 |