LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

111

112

113

114

115

116

117

118

119

120

Adding a Directory Replica

Your LDAP directory contains configuration profiles downloaded by each client system and

name service data accessed by each client system. As your environment grows, you may need

to add a directory replica to your environment. LDAP-UX can take advantage of replica directory

servers and the alternates if one of them fails. Follow these steps to inform LDAP-UX about

multiple directory servers:

1. Create and configure your LDAP directory replica. For Netscape/Red Hat Directory Server

for HP-UX, see the Netscape Directory Server Deployment Guide.

2. Edit an existing profile and modify the defaultServerList or preferredServerList attribute to

specify a replica directory server. See Modifying a Profile (page 118).

See LDAP-UX Client Services Object Classes (page 185) for a description of the

defaultServerList or preferredServer attribute.

3. On all clients that are to use the replica server, edit the start-up file,

/etc/opt/ldapux/ldapux_client.conf, to refer to the replica host. Modify the LDAP_HOSTPORT

line to specify the replica server.

4. After modifying an existing profile, each client that regularly downloads its profile

automatically will get the changes as scheduled. SeeDownload the Profile Periodically

(page 69).

NOTE: Client systems using an LDAP directory replica may not be able to modify the directory

replica. In this case, the passwd(1) command will not work on those systems. They can use the

ldappasswd(8) command described under ldappasswd (page 137).

Displaying the Proxy User's DN

You can display the proxy user's distinguished name by running

/opt/ldapux/config/ldap_proxy_config -p.

The following command displays the current proxy user:

ldap_proxy_config -p

PROXY DN: uid=proxy,ou=people,o=hp.com

Verifying the Proxy User

The proxy user information is stored encrypted in the file /etc/opt/ldapux/pcred. You can check

if the proxy user can authenticate to the directory by running

/opt/ldapux/config/ldap_proxy_config -v as follows:

cd /opt/ldapux/config

./ldap_proxy_config -v

File Credentials verified - valid

Creating a New Proxy User

If you need to create a new proxy user and change your client systems to use the new proxy user,

use the following steps:

1. Add the new proxy user to your directory with appropriate access controls. See the steps

"Create a proxy user" and "Set access permissions for the proxy user" under the procedure

Configure Your Directory (page 29) for details.

2. Configure each client to use the new proxy user by running

/opt/ldapux/config/ldap_proxy_config. See The ldap_proxy_config Tool (page 132) for details.

See below for examples.

116 Administering LDAP-UX Client Services