LDAP-UX Client Services B.04.00 Administrator's Guide
Installing And Configuring LDAP-UX Client Services
Configure LDAP-UX Client Services with Publickey Support
Chapter 2 51
Configuring serviceAuthenticationMethod is optional. If you do not
configure serviceAuthenticationMethod, LDAP-UX binds the Admin
Proxy user to the LDAP directory using the authentication method
specified for the proxy user.
Authentication Methods
LDAP-UX Client Services supports the following authentication methods
for the keyserv service:
• simple with SSL enabled
• SASL DIGEST-MD5 with SSL enabled
• simple with SSL disabled
• SASL DIGEST-MD5 with SSL disabled
NOTE SSL settings for both authenticationMethod and
serviceAuthenticationMethod must be set the same. It is not
supported to have SSL enabled for authenticationMethod and SSL
disabled for serviceAuthenticationMethod, or vice versa.
Procedures Used to Configure serviceAuthenticationMethod
Use the following steps on one of LDAP-UX client sytems to configure the
serviceAuthenticationMethod attribute in the
/etc/opt/ldapux/ldapux_profile.ldif file:
Step 1. Login as root.
Step 2. Use the ldapentry tool to modify the profile entry in the LDAP directory
server to include serviceAuthenticationMethod. To do this,
ldapentry requires the profile DN. You can find the profile DN from
PROFILE_ENTRY_DN in /etc/opt/ldapux/ldapux_client.conf after
you finish running the setup program. The following example edits the
profile entry "cn=ldapuxprofile,dc=org,dc=hp,dc=com":
For example:
cd /opt/ldapux/bin
./ldapentry -m "cn=ldapuxprofile,dc=org,dc=hp,dc=com"