Ludovic Poitou wrote: > Darren, > > On Nov 13, 2008, at 12:47 PM, Gilles Bellaton wrote: > >> I'm adding Carole and Ludo in copy as they will be able to answer more >> precisely than me >> to your questions. >> >>> The "into OpenSolaris" and an install location of /opt/opends are >>> incompatible. If the intention is delivery as part of OpenSolaris >>> then surely it should be installed in an integrated rather than >>> unbundled location ? >> Our intention is to deliver in the non WOS of OpenSOlaris as described >> here : >> http://wikihome.sfbay.sun.com/spe-re/Wiki.jsp?page=Indiana_docks >> So in a way similar to netbeans and glassfish >> >> We were thinking that /opt would be the appropriate location for such >> a delivery. >>> >>> What is the SMF service FMRI and what SMF method credential does it >>> run with? >> Carole, can you help me on this ? > > The FMRI as of today is planned as "network/ldap/opends". Feedback and > alternate suggestions are welcome. I have little experience with the > best practices for FMRI. > > After package installation, the Administrator must run a command to > specify the location of the Database, the user and group for running the > instance. If the user "opends" and group "opends" exist on the system, > they will be proposed by default. > > The SMF method credentials would then be as below : > > > <method_credential user='opends' > group='opends' > > privileges='basic,net_privaddr,sys_resource,!proc_info,!file_link_any' > > limit_privileges='basic,net_privaddr,sys_resource,!proc_info,!file_link_any' > /> > > >> >>> >>> What are the steps required to make this OpenDS delivery usable as >>> the LDAP backend for the OpenSolaris nsswitch ? Where is this >>> documented on how to do it ? Are all the required LDIF/schema files >>> delivered or are they reusing ones already in Solaris (including for >>> the Solaris RBAC databases - the package map seems to hint at this). > > Could you point me to the schema files that are delivered in Solaris > (OpenSolaris) for example for Solaris RBAC databases ? > The only reference to LDAP schema I could find was Kerberos and the > Solaris schema part of the idsconfig code.
/usr/share/lib/ldif/ The legacy idsconfig is sadly the only place that the ldif for the Solaris RBAC databases is shipped at the moment. > The intend of the OpenDS project is to deliver the schema files required > so that OpenDS requires as little configuration as possible (still need > to populate the server with DIT structure, content and access controls). Great. -- Darren J Moffat