Manualshelf

LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
41424344454647484950
Installing LDAP-UX Client Services
Configuring LDAP-UX Client Services
Chapter 236
If you are using an existing profile, setup configures your client,
downloads the profile, and exits. In this case, continue by going to the
section “Step 2: Install the PAM Kerberos Product” on page 41.
8. If you are creating a new profile, enter the DN and password of a
directory user who can create a new profile, from Appendix A.
9. Choose the attribute map set to be used with the directory server.
You can select SFU 2.0 (option 1) or SFU 3.0/SFU3.5 (option 2). By
default, the SFU 3.0/SFU3.5 (option 2) is used as the attribute map
set.
10. Next, you will be asked whether you want to use SSL or not. Enter
“yes” if you want to use SSL for the secure communication between
LDAP clients and the Windows 2000 or 2003 Active Directory Server.
Enter “no” if you don’t want to use SSL.
If the certificate database files, cert7.db or cert8.db and key3.db, do
not exist on your client system, setup skips this step.
11. Next, it will prompt you for selecting the authentication method for
users to bind/authenticate to the server.
You have a choice between SIMPLE (the default), or SASL GSSAPI if
you choose to not enable SSL. However, you have a choice between
SIMPLE with SSL (the default), or SASL GSSAPI with SSL if you
choose to enable SSL.
12. Next, enter the host name and port number of the directory where
your account and group data is, from Appendix A.You can enter up to
three hosts, to be searched in order.
13. Enter the base DN where clients should search for name service
data, from Appendix A.
14. Enter Yes when prompted to ask if you want to accept the remaining
default configuration parameters.
15. Next, if you do not use SASL GSSAPI authentication, skip this step
and go to step 18. Otherwise, it will prompt you for setting up
principals used for SASL GSSAPI authentication as below:
There are two ways to set up principals used for SASL
GSSAPI authentication for LDAP-UX name service proxy
authentication:
* Host or service principal defined in a keytab file (such
as /etc/krb5.keytab)
* Proxy principal defined in LDAP-UX proxy credential file