LDAP-UX Client Services B.04.00 Administrator's Guide
Installing And Configuring LDAP-UX Client Services
Configure Your Directory
Chapter 2 21
Configure Your Directory
This section describes how to configure your directory to work with
LDAP-UX Client Services. Examples are given for Netscape Directory
Server for HP-UX version 6.x. See the LDAP-UX Integration B.04.00
Release Notes for information on supported directories. If you have a
different directory, see the documentation for your directory for details
on how to configure it.
See Preparing Your LDAP Directory for HP-UX Integration at
http://docs.hp.com/hpux/internet for more details on directory
configuration.
Step 1. Install the posix schema (RFC 2307) into your directory.
If you have Netscape Directory Server for HP-UX version 4.0, or later,
the posix schema is already installed.
The schema is in the file /opt/ldapux/ypldapd/etc/slapd-v3.nis.conf. For
information on the posix schema (RFC 2307), see
http://www.ietf.org/rfc.html. RFC 2307 consists of object classes such as:
posixAccount, posixGroup, shadowAccount, etc. posixAccount represents
a user entry from /etc/passwd. posixGroup represents a group entry from
/etc/group. And shadowAccount provides additional user information for
added security.
Step 2. Restrict write access to certain passwd (posixAccount) attributes of the
posix schema.
CAUTION Make sure you restrict access to the attributes listed below. Allowing
users to change them could be a security risk
Grant write access of the uidnumber, gidnumber, homedirectory, and uid
attributes only to directory administrators; disallow write access by all
other users. You may want to restrict write access to other attributes in
the passwd (posixAccount) entry as well.