LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

121

122

123

124

125

126

127

128

129

130

5.11 Creating a New Profile

To create a new profile, run /opt/ldapux/config/setup. When setup asks you for the distinguished

name (DN) of the profile, give a DN that does not exist and setup will prompt you for the

parameters to build a new profile. The setup program also configures the local client to use the

new profile.

Alternatively, you could use your directory administration tools to make a copy of an existing

profile and modify it.

You can also use the interactive tool create_profile_entry to create a new profile as follows:

cd /opt/ldapux/config ./create_profile_entry

Once you create a new profile, configure client systems to use it as described in Changing Which

Profile a Client Is Using (page 127).

5.12 Modifying a Profile

You can modify an existing profile directly using your directory administration tools, for example

with Netscape/Red Hat Console. See LDAP-UX Client Services Object Classes (page 245) for a

complete description of the DUAConfigProfile object class, its attributes, and what values each

attribute can have.

The ldapentry tool can also be used to modify the existing profile. This can be done with the

following command:

$ /opt/ldapux/bin/ldapentry -m "DN_of_profile"

$ cd /opt/ldapux/config

$ ./get_profile_entry -s nss

After modifying a profile, each client that regularly downloads its profile automatically will get

the changes as scheduled. See Download the Profile Periodically (page 64) for details.

5.13 Changing Which Profile a Client Is Using

Each client uses the profile specified in its start-up file /etc/opt/ldapux/ldapux_client.conf. To

make a client use a different profile in the directory, edit this file and change the DN specified

in the PROFILE_ENTRY_DN line. Then download the profile as described in Download the

Profile Periodically (page 64).

5.14 Changing from Anonymous Access to Proxy Access

If you have anonymous access and you want to change to using a proxy user, do the following:

1. Create the proxy user in the directory. With Netscape/Red Hat Directory Server, you can

use the Netscape Console.

2. Change the credentialLevel attribute in your profile to be "proxy" using your directory

administration tools, for example the Netscape Console.

If you want proxy access with anonymous access as a backup if proxy access fails, change

credentialLevel to be "proxy anonymous".

3. Download the profile to the client. If you have an automated process to download the profile,

you can wait until it executes. Or you can download the profile manually by running the

following command:

cd /opt/ldapux/config ./get_profile_entry -s nss

You can verify that the proxy user is configured with display_profile_cache and

ldap_proxy_config. display_profile_cache displays the current configuration profile, including

the credential level, which is either "proxy," "anonymous," or "proxy anonymous."

ldap_proxy_config displays and verifies the proxy user the client is configured to use. See The

5.11 Creating a New Profile 127