LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)
Plan Your Installation
Before beginning your installation, you should plan how you will set up and verify your LDAP
directory and your LDAP-UX Client Services environment before putting them into production.
Consider the following questions. Record your decisions and other information you'll need later
in Configuration Worksheet (page 183).
• How many LDAP directory servers and replicas will you need?
Each client system binds to an LDAP directory server containing your user, group, and other
data. Multiple clients can bind to a single directory server or replica server. The answer
depends on your environment, the size and configuration of your directory and how many
users and clients you have.Write your directory server host and TCP port number in
Configuration Worksheet (page 183). See the white paper Preparing Your Directory for HP-UX
Integration at: http://docs.hp.com/hpux/internet for more information.
See the Netscape Directory Server Deployment Guide for more information. You can add directory
replicas to an existing LDAP-UX Client Services environment as described under Adding
a Directory Replica (page 116). You may also want to review the LDAP-UX performance
white paper at http://docs.hp.com/hpux/internet.
• Where will you get your name service data from when migrating it to the directory?
You can get it from your files in the /etc directory or, if you are using NIS, from the same
source files you create your NIS maps from, or you can get it from your NIS maps themselves.
Write this information in Configuration Worksheet (page 183).
See Import Name Service Data into Your Directory (page 32) for how to import your
information into the directory and Name Service Migration Scripts (page 170) for details on
the migration scripts.
To add an individual user entry or modify an existing user entry in your directory, you can
use the ldapmodify command or other directory administration tools such as the
Netscape/Red Hat Directory Console. See also the LDAP-UX Integration B.04.10 Release Notes
for additional contributed tools.
NOTE: You should keep a small subset of users in /etc/passwd, particularly the root login
. This allows administrative users to log in during installation and testing. Also, if the
directory is unavailable you can still log in to the system.
• Where in your directory will you put your name service data?
Your directory architect needs to decide where in your directory to place your name service
information. LDAP-UX Client Services by default expects user and group data to use the
object classes and attributes specified by RFC 2307. The migration scripts by default create
and populate a new subtree that conforms to RFC 2307. Example Directory Structure
(page 25) shows a base DN of ou=unix,o=hp.com. Write the base DN of your name service
data in Configuration Worksheet (page 183).
If you prefer to merge your name service data into an existing directory structure, you can
map the standard RFC 2307 attributes to alternate attributes. See LDAP-UX Client Services
Object Classes (page 185) for more information.
• How will you put your user, group, and other data into your directory?
LDAP supports group membership defined in the X.500 syntax (using the member or
uniquemember attribute), while still supporting the RFC 2307 syntax (using the memberuid
attribute). This new group membership syntax increases LDAP-UX integration with LDAP
and other LDAP-based applications, and may reduce administration overhead eliminating
the need to manage the memberuid attribute. In addition, a new performance improvement
has been made through the addition of a new caching daemon which caches passwd, group
and X.500 group membership information retrieved from an LDAP server. This significantly
Plan Your Installation 23