Manualshelf

LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Server Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
41424344454647484950
1. Type yes for the following question:
Do you want to remap any of the startdard RFC 2307 attributes? [yes]:
yes
2. Select the group service by entering 3 for the following question and press the return key:
Specify the service you want to map? [0]: 3
3. Enter 3 for the following question and press the return key:
Specify the attribute you want to map? [0]: 3
4. Enter the attributes you want to map to the member attribute:
[memberuid]: member
NOTE: LDAP-UX supports DN-based (X.500 style) membership syntax. This means that
you do not need to use the memberUid attributes to define the members of a POSIX group.
Instead, you can use either the member or uniqueMember attribute. LDAP-UX can convert
from the DN syntax to the POSIX syntax (an account name).
For ADS, the typical member attribute would be either memberUid or preferably the member
attribute.
5. Follow the prompts to finish the setup.
Step 2: Install the PAM Kerberos Product
LDAP-UX Client Services with Active Directory uses the Kerberos Authentication method. If
not already available on your system, you will need to install and configure PAM Kerberos.
Some instructions for doing this are shown later in this step. Additional information can be found
in the Configuration Guide for Kerberos Products on HP-UX, available at
http://docs.hp.com/hpux/internet.
In order to support integration with Active Directory server, a specific version of the
PAM-Kerberos product is required. On HP-UX 11i v1, version 1.11 of the PAM-Kerberos product
is required. On HP-UX 11i v2, version 1.23 of the PAM-Kerberos product is required.
If you wish to also use SASL/GSSAPI for proxied authentication, version 1.3.5.03 of the Kerberos
Client product is required. Version 1.3.5.03 of the Kerberos Client is a replacement for the
KRB5-Client components of the core HP-UX OS. This version is planned to be made available
late June, 2005. Please note that the KRB5CLIENT product is a superior product to previous
KRB5-Client patches (such as PHSS_33384). Although patch PHSS_33384 is required, and designed
to install over the core Kerberos client patch, and it will not overwrite the KRB5CLIENT product.
You need to add ipnodes service information in the /etc/nsswitch.conf file as follows:
ipnodes: dns files.
NOTE: For more information, refer to Kerberos Client Version 1.3.5.03 Release Notes available at
http://docs.hp.com/hpux/internet.
Both "PAM Kerberos" (J5849AA) and "Kerberos Client" (KRB5CLIENT) products can be
downloaded from http://software.hp.com. They are available at: http://
software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5849 AA and
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRB5CLIENT
Refer to the Configuration Guide for Kerberos Products in HP-UX Release Notes, available at
http://docs.hp.com/hpux/internet for any last minute changes.
You also need to install the required patch. For patch infomation, refer to LDAP-UX Integration
B.04.10 Release Notes available at http://docs.hp.com/hpux/internet.
44 Installing LDAP-UX Client Services