Manualshelf

LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
51525354555657585960
1. Login as root.
2. Use the ldapentry tool to modify the profile entry in the LDAP directory server to include
serviceAuthenticationMethod. To do this, ldapentry requires the profile DN. You
can find the profile DN from PROFILE_ENTRY_DN in
/etc/opt/ldapux/ldapux_client.conf after you finish running the setup program.
The following example edits the profile entry
"cn=ldapuxprofile,dc=org,dc=hp,dc=com":
For example:
cd /opt/ldapux/bin
./ldapentry -m "cn=ldapuxprofile,dc=org,dc=hp,dc=com"
After you enter the prompts for "Directory login:" and "password:", ldapentry will bring
up an editor window with the profile entry. You can add the
serviceAuthenticationMethod attribute.
The value of the serviceAuthenticatioMethod entry depends on the authentication
method you configure. The following shows the possible values of the
serviceAuthenticationMethod attribute:
For SASL DIGEST-MD5 using the Distinguish Name (DN) to generate the DIGEST-MD5
hash, the data in the entry is:
serviceAuthenticationMethod:keyserv:sasl/digest-md5:username=dn
For SASL DIGEST-MD5 using the UID attribute to generate the DIGEST-MD5 hash, the
data in the entry is:
serviceAuthenticationMethod:keyserv:sasl/digest-md5
For SASL DIGEST-MD5 with SSL enabled using the DN to generate the DIGEST-MD5
hash, the data in the entry is:
serviceAuthenticationMethod:keyserv:tls:sasl/digest-md5:username=dn
For SASL DIGEST-MD with SSL enabled using the UID attribute to generate the
DIGEST-MD5 hash, the data in the entry is:
serviceAuthenticationMethod:keyserv:tls:sasl/digest-md5
For simple authentication, the data in the entry is:
serviceAuthenticationMethod:keyserv:simple
For simple with SSL enabled, the data in the entry is:
serviceAuthenticationMethod:keyserv:tls:simple
For more information on ldapentry, refer to Command and Tool Reference (page 127).
NOTE: If you use TLS for secure communication between LDAP clients and the
Netscape/Red Hat Directory Server, you need to use Directory Server Console to manually
add the values of the serviceAuthenticationMethod attribute.
3. Go to /opt/ldapux/config:
cd /opt/ldapux/config
4. Use /opt/ldapux/config/get_profile_entry to download the modified LDIF profile:
./get_profile_entry -s nss
5. Run the /opt/ldapux/config/display_profile_cache tool to check the configuration
of the serviceAuthenticationMethod attribute:
./display_profile_cache
For example:
54 Installing And Configuring LDAP-UX Client Services