Manualshelf

LDAP-UX Client Services B.04.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
Installing And Configuring LDAP-UX Client Services
Plan Your Installation
Chapter 2 13
NOTE You should keep a small subset of users in /etc/passwd, particularly
the root login. This allows administrative users to log in during
installation and testing. Also, if the directory is unavailable you can
still log in to the system.
Where in your directory will you put your name service data?
Your directory architect needs to decide where in your directory to
place your name service information. LDAP-UX Client Services by
default expects user and group data to use the object classes and
attributes specified by RFC 2307. The migration scripts by default
create and populate a new subtree that conforms to RFC 2307.
Figure 2-1 on page 15 shows a base DN of ou=unix,o=hp.com. Write
the base DN of your name service data in Appendix A,
“Configuration Worksheet,” on page 183.
If you prefer to merge your name service data into an existing
directory structure, you can map the standard RFC 2307 attributes
to alternate attributes. See “LDAP-UX Client Services Object
Classes” on page 187 for more information.
How will you put your user, group, and other data into your
directory?
LDAP supports group membership defined in the X.500 syntax
(using the member or uniquemember attribute), while still
supporting the RFC 2307 syntax (using the memberuid attribute).
This new group membership syntax increases LDAP-UX integration
with LDAP and other LDAP-based applications, and may reduce
administration overhead eliminating the need to manage the
memberuid attribute. In addition, a new performance improvement
has been made through the addition of a new caching daemon which
caches passwd, group and X.500 group membership information
retrieved from an LDAP server. This significantly reduces
LDAP-UX’s response time to applications. In addition, the daemon
re-uses connections for LDAP queries and maintains multiple
connections to an LDAP server to improve performance.
The migration scripts provided with LDAP-UX Client Services can
build and populate a new directory subtree for your user and group
data.