There are a number of HOWTO guides and other tutorials about setting up Solaris for LDAP authentication, but none quite seemed to work for me. What follows are my notes on how I got it all set up. Hopefully it's useful to someone else in a similar predicament.

Being a Solaris admin, I've often used existing LDAP infrastructures for systems I was asked to install; recently I needed to look at a solution where there was no existing infrastructure which led me on this voyage of discovery.

So, to start with - LDAP is just a big lookup database which is optimised for read access; writes should be infrequent. Something like ORACLE RDBMS is a general purpose database which copes better with writes, at the expense of the read performance (compared to LDAP).

Using any database for storing your system lookup tables (the things referenced in /etc/nsswitch.conf) allows you to scale out your Solaris estate, without having to manage each file on every host. As these lookup tables tend to contain static information (notable exception is the shadow file for passwords as we all change our passwords regularly), LDAP makes a good choice and is supported by Solaris out of the box.

So the rough description of what I set out to build - not really up for discussion, but more to understand my approach:

• Software
  • Solaris 10 (latest update)
  • OpenLDAP (2.4.23 - http://www.openldap.org/software/download/)
  • Sun Studio 12 (Sun download centre)
• Topology
  • OpenLDAP master
  • 2 * OpenLDAP replicas