LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)
• Optionally modify the disable_uid_range flag in the /etc/opt/ldapux/ldapux_client.conf file
to disable logins to the local system from specific users.
• Optionally configure the authorization of one or more subgroups from a large repository
such as an LDAP directory server. For the detailed information on how to set up the policy
file, /etc/opt/ldapux/pam_authz.policy, see Policy File (page 101).
After you configure your directory and the first client system, configuring additional client
systems is simpler. Refer to Configure Subsequent Client Systems (page 68) for more information.
Quick Configuration
You can quickly configure a Netscape/Rat Hat directory and the first client by letting most of
the configuration parameters take default values as follows. For a custom configuration, see
Custom Configuration (page 38).
The steps described below assume that you don't use SSL or TLS support with LDAP-UX. If you
want to enable SSL support, see Custom Configuration (page 38).
1. Log in as root and run the Setup program:
cd /opt/ldapux/config
./setup
The Setup program asks you a series of questions and usually provides default answers.
Press the Enter key to accept the default, or change the value and press Enter. At any point
during setup, enter Control-b to back up or Control-c to exit setup.
2. Choose the Directory Server as your LDAP directory server (option 1).
3. Enter either the host name or IP address of the directory server where your profile exists,
or where you want to create a new profile from Configuration Worksheet (page 183).
4. Enter the port number of the previously specified directory server that you want to store
the profile from Configuration Worksheet (page 183). The default port number is 389.
5. If the profile schema has already been imported, setup skips this step. Otherwise, enter "yes"
to extend the profile schema if the schema has not been imported with LDAP-UX Client
Services object class DUAConfigProfile, See LDAP-UX Client Services Object Classes
(page 185) for a detailed description of this object class.
6. If the LDAP printer schema has already been extended, setup skips this steps. Otherwise,
enter "yes" to extend the LP printer schema if you choose to start the printer configurator.
The LDAP printer configurator is a feature that simplifies the LP printer management by
refreshing LP printer configurations on your client system. A new printer schema, which is
based on IETF<draft-fleming-ldap-printer-schema-02.txt>, is required to start the services.
7. If the publickey schema has already extended, setup skips this step. Otherwise, enter "yes"
to extend the publickey schema if you choose to store the public keys of users and hosts in
the LDAP directory. A publickey schema, which is based on RFC 2307-bis is required to
migrate the publickeys in the NIS+ credential table entries on the NIS+ server to the LDAP
directory.
8. If the new automount schema has already been imported, setup skips to step 9.
Otherwise, you will be asked whether or not you want to install the new automount schema
which is based on RFC 2307-bis. Enter "yes" if you want to import the new automount schema
into the LDAP directory server. Enter "no" if you do not want to import new automount
schema into the LDAP directory server. Setup skips to step 9 if you enter "no".
9. Next, if the setup program detects the obsolete automount schema exists in the LDAP
directory, it will prompt you for the information shown as follows:
The obsolete automount schema exists in the directory.
If you still want to use the new automount schema, you must
perform the following steps:
1. Exit this program
34 Installing And Configuring LDAP-UX Client Services