LDAP-UX Client Services B.04.15 Administrator's Guide
• Do you want to use TLS (Transport Layer Security) or SSL for secure communication between
clients and Netscape/Red Hat Directory servers?
LDAP-UX supports SSL or TLS with password as the credential, using either simple bind
or DIGEST-MD5 authentication (DIGEST-MD5 is available for Netscape/Red Hat Directory
Server only) to ensure confidentiality and data integrity between clients and servers. startTLS
is a new extension operation of TLS protocol. You can utilize the StartTLS operation to set
the TLS secure connection over a regular (an un-encrypted) LDAP port. The secure connection
can also be established on an encrypted LDAP port when using SSL. By default, SSL and
TLS are disabled. For detailed information, refer to “Configure the LDAP-UX Client Services
with SSL or TLS Support” (page 41).
• What authentication method will you use when you choose to enable TLS?
You have a choice between SIMPLE (the default), or SASL DIGEST-MD5 with TLS.
• What authentication method will you use when you choose to enable SSL?
You have a choice between SIMPLE (the default), or SASL DIGEST-MD5 with SSL.
• What authentication method will you use when you choose to not enable SSL and TLS?
You have a choice between SIMPLE (the default), or SASL DIGEST-MD5. SASL DIGEST-MD5
improves security, preventing snooping over the network during authentication.
Using the DIGEST-MD5 authentication, the password must be stored in the clear text in the
LDAP directory. Using the DIGEST-MD5 authentication requires the proxy credential level.
• Do you want to import the LDAP printer schema if you choose to start the printer
configurator?
LDAP-UX Client Services B.03.20 or later provides the integration with the LDAP printer
configurator to simplify the LP printer management by updating LP printer configuration
automatically on your client system. A new printer schema, which is based on
IETF<draft-fleming-ldap-printer-schema-02>, is required to start the services.
IMPORTANT: If you attempt to use this new feature, in the ldapclientd.conf file, the
start configuration parameter of the printer services section must be set to yes. If the
start option is enabled, the printer configurator will start when ldapclientd is
initialized. By default, the start parameter is enabled.
• Do you want to import the publickey schema into your LDAP directory if you choose to
store and manage publickeys in the LDAP directory.
LDAP-UX Client Services B.04.00 supports discovery and management of publickeys in an
LDAP directory. Both public and private (secret) keys, used by the SecureRPC API can be
stored in user and host entries in an LDAP directory server, using the nisKeyObject
objectclass.
• Do you want to import the automount schema into your LDAP directory server if you choose
to store and manage automount maps in the LDAP directory?
LDAP-UX Client Services B.04.00 supports the automount service under the AutoFS
subsystem. This new feature allows you to store or retrieve automount maps in/from an
LDAP directory. LDAP-UX Client Services supports the new automount schema based on
RFC2307-bis. The nisObject automount schema can also be used if configured via attribute
mappings.
The setup program will import the new automount schema into your Directory Server. An
obsolete automount schema is shipped with the Netscape Directory Server version 6.x. You
must manually delete the obsolete automount schema before the setup program can
successfully import the new automount schema into the LDAP directory.
24 Installing And Configuring LDAP-UX Client Services