LDAP-UX Client Services B.04.15 Administrator's Guide

2.2 Summary of Installing and Configuring

The following summarizes the steps you take when installing and configuring an LDAP-UX

Client Services environment.

• See Plan Your Installation (page 21).

• Install LDAP-UX Client Services on each client system. See Install LDAP-UX Client Services

on a Client (page 26).

• Install and configure an LDAP directory, if not already done. See Configure Your Directory

(page 27).

• Configure your LDAP server to support SSL or TLS if you attempt to enable SSL or TLS

support with LDAP-UX. See “Configure the LDAP-UX Client Services with SSL or TLS

Support” (page 41).

• Migrate your name service data to the directory. See Import Name Service Data into Your

Directory (page 30).

• Install and set up the security database files on the LDAP-UX client system if you want to

enable SSL support with LDAP-UX. See Configure the LDAP-UX Client Services with SSL

or TLS Support (page 41).

• Run the setup program to configure LDAP-UX Client Services on a client system. Setup

does the following for you:

— Extends your Netscape/Red Hat directory schema with the configuration profile schema,

if not already done.

— Imports the LP printer schema into your LDAP directory server if you choose to start

the LDAP printer configurator.

— Imports the publickey schema into your LDAP directory if you choose to store the

public keys of users and hosts in the LDAP directory.

— Imports the automount schema into your LDAP directory server if you choose to store

the AutoFS maps in the LDAP directory.

— Creates a start-up file on the client. This enables each client to download the

configuration profile.

— Creates a configuration profile of directory access information in the directory, to be

shared by a group of (or possibly all) clients.

— Downloads the configuration profile from the directory to the client.

— Start the product daemon, ldapclientd, if you choose to start it. Starting with

LDAP-UX Client B.03.20 or later, the client daemon must be started for LDAP-UX

functions to work. With LDAP-UX Client B.03.10 or earlier, running the client daemon

is optional.

See Configure the LDAP-UX Client Services (page 31).

• Modify the files /etc/pam.conf and /etc/nsswitch.conf on the client to specify LDAP

authentication and name service, respectively. See Configure the LDAP-UX Client Services

(page 31).

• Optionally modify the disable_uid_range flag in the /etc/opt/ldapux/

ldapux_client.conf file to disable logins to the local system from specific ldap users.

• Optionally modify the /etc/opt/ldapux/pam_authz.policy and /etc/pam.conf

files to verify the user access rights of a subset of users in a large repository needing access,

if appropriate. See the pam_authz(5) man page for the command syntax.

• Verify each client is working properly. See Verify the LDAP-UX Client Services (page 61).

• See also Configure Subsequent Client Systems (page 63) for some shortcuts.

20 Installing And Configuring LDAP-UX Client Services