LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

111

112

113

114

115

116

117

118

119

120

Modifying a Profile

You can modify an existing profile directly using your directory administration tools, for example

with Netscape/Red Hat Console. See LDAP-UX Client Services Object Classes (page 185) for a

complete description of the DUAConfigProfile object class, its attributes, and what values each

attribute can have.

The ldapentry tool can also be used to modify the existing profile. This can be done with the

following command:

$ /opt/ldapux/bin/ldapentry -m "DN_of_profile"

$ cd /opt/ldapux/config

$ ./get_profile_entry -s nss

After modifying a profile, each client that regularly downloads its profile automatically will get

the changes as scheduled. See Download the Profile Periodically (page 69) for details.

Changing Which Profile a Client Is Using

Each client uses the profile specified in its start-up file /etc/opt/ldapux/ldapux_client.conf. To

make a client use a different profile in the directory, edit this file and change the DN specified

in the PROFILE_ENTRY_DN line. Then download the profile as described in Download the

Profile Periodically (page 69).

Changing from Anonymous Access to Proxy Access

If you have anonymous access and you want to change to using a proxy user, do the following:

1. Create the proxy user in the directory. With Netscape/Red Hat Directory Server, you can

use the Netscape Console.

2. Change the credentialLevel attribute in your profile to be "proxy" using your directory

administration tools, for example the Netscape Console.

If you want proxy access with anonymous access as a backup if proxy access fails, change

credentialLevel to be "proxy anonymous".

3. Download the profile to the client. If you have an automated process to download the profile,

you can wait until it executes. Or you can download the profile manually by running the

following command:

cd /opt/ldapux/config

./get_profile_entry -s nss

You can verify that the proxy user is configured with display_profile_cache and

ldap_proxy_config. display_profile_cache displays the current configuration profile, including

the credential level, which is either "proxy," "anonymous," or "proxy anonymous."

ldap_proxy_config displays and verifies the proxy user the client is configured to use. See The

display_profile_cache Tool (page 131), The ldap_proxy_config Tool (page 132), and The

get_profile_entry Tool (page 131) for more information.

Changing from Proxy Access to Anonymous Access

If you are using proxy access and you want to change to using anonymous access, do the

following:

1. Change the credentialLevel attribute in your profile to be "anonymous" using your directory

administration tools, for example the Netscape/Red Hat Directory Console.

2. Download the profile to the client. If you have an automated process to download the profile,

you can wait until it executes. Or you can download the profile manually as described in

Download the Profile Periodically (page 69).

118 Administering LDAP-UX Client Services