Manualshelf

LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Server Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
919293949596979899100
7 Administering LDAP-UX Client Services
This chapter describes administrative procedures that will be used to keep clients operating
efficiently and when expanding the computing environment. The following topics are included:
“Using the LDAP-UX Client Daemon” (page 91)
“Integrating with Trusted Mode” (page 100)
“SASL GSSAPI Support” (page 102)
“PAM_AUTHZ Login Authorization ” (page 106)
Adding Additional Domain Controllers” (page 122)
Adding Users, Groups, and Hosts” (page 122)
“Displaying the Proxy User's Distinguished Name” (page 123)
“Verifying the Proxy User” (page 123)
“Creating a New Proxy User” (page 123)
“Displaying the Current Profile” (page 124)
“Creating a New Profile” (page 124)
“Modifying a Profile” (page 124)
“Changing Which Profile a Client is Using” (page 125)
“Creating an /etc/krb5.keytab File” (page 125)
“Considering Performance Impacts” (page 125)
“Client Daemon Performance” (page 126)
“Troubleshooting” (page 128)
Using the LDAP-UX Client Daemon
This section contains the following information:
Overview of ldapclientd daemon operation.
Command line syntax and options for the ldapclientd command.
Configurable parameters and syntax in the ldapclientd configuration file
ldapclientd.conf.
Overview
The LDAP-UX client daemon is the central process that enables HP-UX to interact with LDAP
directory servers. To perform this role, the daemon executes the following tasks:
Receives requests from properly configured applications and services.
Generates connections and requests to the configured LDAP directory.
Returns appropriate reply to requesting application or service.
In addition to the basic tasks of enabling authentication for applications and services, the client
supports the following features:
Supports Multiple Domains: The client daemon enables LDAP-UX to use multiple domains
for directory servers like Active Directory Server (ADS). The daemon also allows PAM
Kerberos to authenticate POSIX users stored in multiple domains; supports multiple domains
in the Windows 2000/2003/2003 R2 Active Directory Server (ADS).
Supports X.500 group membership.
Automatic Profile Downloading: This feature updates the LDAP client configuration profile
by downloading a newer copy from the directory server when the profile TTL (Time To
Live) configuration value expires.
Manages the remote LP printer configuration: The client daemon automatically searches for
certain printer objects configured in the LDAP server and executes lpshut, lpadmin and
Using the LDAP-UX Client Daemon 91