!!!Directory User Agents (DUAs) Configuration Profile
The LDAP protocol has brought about a new and nearly ubiquitous acceptance of the directory server. Many new client applications (DUAs) are being created that use LDAP directories for many different services. And although the LDAP protocol has eased the development of these applications, some challenges still exist for both developers and directory administrators.
The goal of the DUAConfigProfile is an implementation of Directory User Agents (DUAs) described by RFC 2307. In developing these agents, we felt there are several issues that still need to be addressed to ease the deployment and configuration of a large network of these DUAs.
One of these challenges stems from the lack of a utopian schema. A utopian schema would be one that every application developer could agree upon and that would support every application. Unfortunately today, many DUAs define their own schema (like RFC 2307 vs. Microsoft's Services for Unix) containing similar attributes, but with different attribute names. This can lead to data redundancy within directory entries and give directory administrators unwanted challenges, updating schemas and synchronizing data.
So, one goal of [RFC 4876|http://www.rfc-editor.org/rfc/rfc4876.txt] is to eliminate data redundancy by having DUAs configure themselves to the schema of the deployed directory, instead of forcing its own schema on the directory.
!!!PAM Support by Platforms
Although the goal of the duaConfigProfile is not aimed at Operating System LDAP Clients, the use of the duaConfigProfile, as near as we know, has only been implemented on Operating System LDAP Clients.
!Solaris
The Solaris 9 implementation uses of DUAconfigProfile. The old profile (SolarisNamingProfile) type is identified as NS_LDAP_FILE_VERSION = 1.0 and the new profile (DUAconfigProfile) type is NS_LDAP_FILE_VERSION = 2.0
!HP-UX
Starting with LDAP-UX Integration product version B.03.01, the Configuration Profile Schema has been expanded to reflect the definitions in the most current IETF draft titled, A Configuration Schema for LDAP Based Directory User Agents in the document file titled, draft-joslin-config-schema-04.txt (which became [RFC 4876|http://www.rfc-editor.org/rfc/rfc4876.txt]). This allows LDAP-UX to integrate with configuration profiles that are supported by other vendors.
In so doing, the object classes posixNamingProfile and posixDUAProfile have been replaced by DUAConfigProfile.
!Linux
%%warning
Please advise which Linux Operating System and Versions (we can not find any) have support for the DUAConfigProfile in their LDAP clients!
%%
!! Now and RFC
The draft-joslin-config-schema-0#.txt (May 2007) was accepted as [RFC 4876|http://www.rfc-editor.org/rfc/rfc4876.txt].
!!Schema for DUAConfigProfile
The[Schema>> <<ldif >>file
<<isused>> <<basedto>> <<oncreate>> the
<<schemaDUAConfigProfile|DUAConfigProfile/DUAConfigProfile.schema.ldif]
There>> <<describedis>> <<inalso>> <<[rfc4876|http://www.rfc-editor.org/rfc/rfc4876.txt]
[LDIFan>> <<SchemaInformational>> <<fileRFC>> <<todiscussing>> <<create the
<<DUAConfigProfile|DUAConfigProfile/DUAConfigProfile.schema.ldif]Schema. [rfc4876|http://www.rfc-editor.org/rfc/rfc4876.txt]!![DUA Profile Attributes|DUAConfigProfileProfileAttributes]
!!Sample DUAConfigProfile
For details of the attributes or ObjectClasses refer to [RFC 4876|http://www.rfc-editor.org/rfc/rfc4876.txt].
{{{
version: 1
dn: ou=profile,ou=services,dc=willeke,dc=com
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: profile
dn: cn=default,ou=profile,ou=services,dc=willeke,dc=com
changetype: add
ObjectClass: top
ObjectClass: DUAConfigProfile
defaultServerList: 10.44.82.1 10.44.82.2
defaultSearchBase: ou=services,dc=willeke,dc=com?one
authenticationMethod: tls:simple
followReferrals: FALSE
defaultSearchScope: one
searchTimeLimit: 30
profileTTL: 3000
bindTimeLimit: 10
cn: default
credentialLevel: proxy
serviceSearchDescriptor: passwd: ou=people,dc=willeke,dc=com?sub
serviceSearchDescriptor: group: group:ou=group,ou=services,dc=willeke,dc=com?one
serviceSearchDescriptor: netgroup:ou=netgroups,ou=services,dc=willeke,dc=com?one
serviceSearchDescriptor: sudoers:ou=Sudoers,ou=services,dc=willeke,dc=com?one
objectclassMap: passwd:posixAccount=posixAccount
objectclassMap: group:posixGroup=posixGroup
objectclassMap: sudoers:sudoRole=sudoRole
objectclassMap: netgroup:nisNetgroup=nisNetgroup
}}}