LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Server Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

121

122

123

124

125

126

127

128

129

130

5. ADSI Edit appears in the Add/Remove Snap-In dialog box. Click OK.

6. In the Microsoft Management Console, click ADSI Edit and select Connect to... from

the Action menu.

7. In the Connection dialog box, check Naming Context, and select Domain NC from the

drop-down list at the right. Then click OK..

8. Domain NC appears on the right pane. Double-click it to expand the list.

9. To change group attributes:

a. Click the container of the group for which you want to set POSIX attributes.

b. Click the group and select Properties from the Action menu.

10. To create an object (rpc, services, and so on):

a. Click the container of the object you want to create, click the Action menu, choose

New and click on Object.

b. Select the Object Class ( msSFUIpNetwork, msSFUIpProtocol,

msSFUIpService, or msSFUOncRpc), and provide the mandatory attribute values

and object will be created.

c. Click the created object, and select Properties from the Action menu to set the RFC

2307 attributes.

11. In the Select Which Properties to View dialog box, select Optional from the drop-down

list on the right.

12. In the Select Which Properties to View dialog box, select the POSIX attribute for which

you want to set values.

13. After you finish all values settings, click OK.

Displaying the Proxy User's Distinguished Name

You can display the proxy user's distinguished name (DN) by running

/opt/ldapux/config/ldap_proxy_config -p.

The following command displays the current proxy user:

cd /opt/ldapux/config

./ldap_proxy_config -p

PROXY DN: CN=Proxy User, CN=Users, DC=cup, DC=hp, DC=com

Verifying the Proxy User

The proxy user information is stored encrypted in the file /etc/opt/ldapux/pcred and in

kernel memory, referred to as SCS (Secure Credential Store). To determine if these are

synchronized and check if the proxy user can authenticate to the directory, run

/opt/ldapux/config/ldap_proxy_config -vas follows:

cd /opt/ldapux/config

./ldap_proxy_config -v

File Credentials verified - valid

Creating a New Proxy User

Use the following steps to create a new proxy user and change your client systems to use the

new proxy user.

1. Add the new proxy user to your directory with appropriate access controls.

2. Configure each client to use the new proxy user by running

/opt/ldapux/config/ldap_proxy_config. Refer to the “Example” (page 124) below.

Displaying the Proxy User's Distinguished Name 123