To show if Active Directory support is enabled or disabled, enter: :
XSCF> showad
Use the setad command with its various parameters to configure Active Directory.
For example, you can use it to set up one primary and five alternate Active Directory
servers, assign group names and privileges, configure a particular user domain,
control logging of diagnostic messages, and more. A user domain can be configured
explicitly through the setad userdomain command on XSCF, or entered at login
prompt using the form, user@domain.
See the setad(8) and showad(8) man pages, and the note about these commands in
.
TABLE 3-8
Note – Once Active Directory has been configured and used, do not downgrade the
firmware. If, however, you must downgrade to XCP 1090 or earlier, run the
following command immediately after doing so: restoredefaults -c xscfu.
Configuring XSCF for LDAP over SSL Support
The commands setldapssl(8) and showldapssl(8) let you set and view LDAP
over SSL configuration from the command line. These commands do for LDAP over
SSL what the setad(8) and showad(8) commands do for Active Directory, and
support many of the same parameters.
For more information, see the setldapssl(8) and showldapssl(8) man pages.
New proxyuser System Account
To support Active Directory and LDAP over SSL, this release features a new system
account named proxyuser. Verify that no user account of that name already exists.
If one does, use the deleteuser(8) command to remove it, then reset XSCF before
using the Active Directory or LDAP over SSL feature.
4
Sun SPARC Enterprise M8000/M9000 Servers Product Notes for XCP 1091 • May 2010