Manualshelf

LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
31323334353637383940
Table 2-1 Configuration Parameter Default Values (continued)
Default ValueParameter
no limitSearch time limit
YesUse of referrals
0 - infiniteProfile TTL (Time To Live)
YesUse standard RFC-2307 object class attributes for supported services
YesUse default search descriptions for supported services
SimpleAuthentication method
To change any of these default values, refer to Custom Configuration (page 35).
17. After entering all the configuration information, setup extends the schema, creates a new
profile, and configures the client to use the directory.
18. Configure the Pluggable Authentication Module (PAM).
Save a copy of the file /etc/pam.conf and edit the original to specify LDAP authentication
and other authentication methods you want to use. See /etc/pam.ldap for a sample. You
may be able to just copy /etc/pam.ldap to /etc/pam.conf. See pam(3), pam.conf(4), and Managing
Systems and Workgroups at http://docs.hp.com/hpux for more information on PAM.
19. Configure the Name Service Switch (NSS).
Save a copy of the file /etc/nsswitch.conf and edit the original to specify the ldap name
service and other name services you want to use. See /etc/nsswitch.ldap for a sample. You
may be able to just copy /etc/nsswitch.ldap to /etc/nsswitch.conf. See nsswitch.conf(4)
for more information.
20. Optionally, configure the Pam Authorization Service module (pam_authz).
LDAP-UX Client Services provides a sample configuration file,
/etc/opt/ldapux/pam_authz.conf.template. This sample file shows you how to
configure the policy file to work with pam_authz. You can copy this sample file and edit it
using the correct syntax to specify the access rules you wish to authorize or exclude from
authorization. For more detailed information on how to configure the policy file. see
PAM_AUTHZ Login Authorization (page 94).
The sample /etc/pam.conf file in the man page will show you how to configure the
/etc/pam.conf file to work with pam_authz. For more detailed information about
pam_authz, refer to the pam_authz(5) man page.
21. Optionally configure the disable_uid_range flag.
Save a copy of the file /etc/opt/ldapux/ldapux_client.conf and edit the original
to activate the disable_uid_range flag. Uncomment the flag in the [NSS] portion of the file
and fill in the UID range. The format is disable_uid_range=uid#,[uid#-uid#], .... where uid#
stands for uid number.
For example: disable_uid_range=0-100,300-450,89
Note:
White spaces between numbers are ignored.
Only one line of the list is accepted, however, the line can be wrapped.
The maximum number of ranges is 20.
22. Verify the LDAP-UX Client Services (page 61).
23. Configure subsequent clients by running setup on those clients and specifying an existing
configuration profile. Or for a simpler process see Configure Subsequent Client Systems
(page 63).
34 Installing And Configuring LDAP-UX Client Services