LDAP-UX Client Services B.04.15 Administrator's Guide
2.7.2 Custom Configuration
Running the Setup program for a quick configuration, as described above, configures your client
using default values where possible. If you would like to customize these parameters, proceed
as follows.
If you want to use SSL or TLS, you must perform the following tasks before you run the custom
configuration. See “Configure the LDAP-UX Client Services with SSL or TLS Support” (page 41)
for details.
• Ensure that you have installed the certificate database files, cert8.db or cert7.db and key3.db,
on your client system.
• If you choose to use TLS, set the enable_starttls parameter to 1 in the
/etc/opt/ldapux/lldapux_client.conf file to enable TLS. To use SSL, set enable_starttls to
0 to disable TLS. By default, TLS is disabled.
1. Perform the steps described in Quick Configuration (page 32).
However, after step 11, you will be asked whether you want to use SSL or not if the value
of the enable_starttls parameter is 0 (disabled) or undefined. Enter "yes" to the following
question if you want to use SSL for the secure communication between LDAP clients and
the Netscape/Red Hat Directory Server. Enter "no" to the following question if you don't
want to use SSL. Skip to step 2.
Do you want to use SSL (y/n)?
Otherwise, if the value of the enable_starttls parameter is 1 (enabled), you will be
asked whether you want to use TLS or not. Enter "yes" to the following question if you want
to use TLS for the secure communication between LDAP clients and the Netscape/Red Hat
Directory Server. Enter "no" to the following question if you don't want to use TLS. Skip to
step 3.
Do you want to use TLS (y/n)?
2. Next, it will prompt you for selecting the authentication method for users to bind/authenticate
to the server.
You have a choice between SIMPLE (the default), or SASL DIGEST-MD5 if you choose to
not enable SSL. However, you have a choice between SIMPLE with SSL (the default), or
SASL DIGEST-MD5 with SSL if you choose to enable SSL.
LDAP-UX supports SASL DIGEST-MD5 authentication method for Netscape Directory
Server 6.21 and Red Hat Directory Server 7.1 with SP2 version (B.07.10.20).
If you select SASL DIGEST-MD5, two additional prompts will appear. The first will prompt
you for a user mapping (UID, DN, or Other). The second will prompt you for a single realm
to use when retrieving user authentication information. If no realm is specified, user
information will be retrieved from the first realm the directory server offers.
Skip to step 4.
3. Next, it will prompt you for selecting the authentication method for users to bind/authenticate
to the server.
You have a choice between SIMPLE (the default), or SASL DIGEST-MD5 if you choose to
not enable TLS. However, you have a choice between SIMPLE with TLS (the default), or
SASL DIGEST-MD5 with TLS if you choose to enable TLS.
If you select SASL DIGEST-MD5, two additional prompts will appear. The first will prompt
you for a user mapping (UID, DN, or Other). The second will prompt you for a single realm
to use when retrieving user authentication information. If no realm is specified, user
information will be retrieved from the first realm the directory server offers.
2.7 Configure the LDAP-UX Client Services 35