Manualshelf

LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
reduces LDAP-UX's response time to applications. In addition, the daemon re-uses
connections for LDAP queries and maintains multiple connections to an LDAP server to
improve performance.
The migration scripts provided with LDAP-UX Client Services can build and populate a
new directory subtree for your user and group data.
If you merge your data into an existing directory, for example to share user names and
passwords with other applications, the migration scripts can create LDIF files of your user
data, but you will have to write your own scripts or use other tools to merge the data into
your directory. You can add the posixAccount object class to your users already in the
directory to leverage your existing directory data.
See Import Name Service Data into Your Directory (page 32) for how to import your
information into the directory and Name Service Migration Scripts (page 170) for details on
the migration scripts.
CAUTION: If you place a root login in the LDAP directory, that user and password will
be able to log in as root to any client using LDAP-UX Client Services. Keeping the root user
in /etc/passwd on each client system allows the root user to be managed locally. This can
be especially useful if the network is down because it allows local access to the system.
It is not recommended that you put the same users both in /etc/passwd and in the directory.
This could lead to conflicts and unexpected behavior.
How many profiles do you need?
A configuration profile is a directory entry that contains configuration information shared
by a group of clients. The profile contains the information clients need to access user and
group data in the directory, for example:
Your directory server hosts
Where user, group, and other information is in the directory
The method clients use to bind to the directory
Other configuration parameters such as search time limits
If these parameters are the same for all your clients, you would need only one profile. You
will need at least one profile per directory server or replica. In general, it is a good idea to
have as few profiles as necessary to simplify maintenance. Look at the posixNamingProfile
object class in LDAP-UX Client Services Object Classes (page 185) to see what is in a profile
to decide how many different profiles you need.
If you are familiar with NIS, one example is to create a separate profile for each NIS domain.
Where in your directory will you put your profile?
The profile contains directory access information. It specifies how and where clients can
find user and group data in the directory. You can put the profile anywhere you want as
long as the client systems can read it. For example, you might put it near your user data, or
in a separate administrative area. You should put the profile in the same directory as your
user and group data to simplify access permissions. Clients must have access to both the
profile and the user and group data. The following example shows a configuration profile
DN of cn=profile1,ou=profiles,ou=devices,ou=unix,o=hp.com.
24 Installing And Configuring LDAP-UX Client Services