LDAP-UX Client Services B.04.15 Administrator's Guide
4. Specify the host name and optional port number where your directory is running. If you
choose to use TLS, the default directory port number is 389. If you choose to use SSL, the
default directory port number is 636.
For high availability, each LDAP-UX client can look for user and group information in up
to three different directory servers. You are able to specify up to three directory hosts, to be
searched in order.
5. Reply "no" when asked if you want to accept the remaining default configuration parameters.
6. Select the client binding you want from Configuration Worksheet (page 243). This determines
the identity that client systems use when binding to the directory to search for user and
group information.
7. If you configured a proxy user, enter the DN and password of your proxy user, from
Configuration Worksheet (page 243).
If you want to use the SASL DIGEST-MD5 authentication method, you need to configure a
proxy user with its credential level.
Using the SASL DIGEST-MD5 authentication, the password must be stored in the clear text
in the LDAP directory.
8. Enter the maximum time in seconds the client should wait for directory searches before
aborting. Enter 0 for no time limit.
9. Enter whether or not you want directory searches to follow referrals. Referrals are a
redirection mechanism supported by the LDAP protocol. Please see your directory manuals
for more information on referrals.
NOTE: If you want your directory searches to follow referrals, you must allow anonymous
access into your directories.
10. Enter the Profile TTL (Time To Live) value. This value defines the time interval between
automatic downloads (refreshes) of new configuration profiles from the directory. Automatic
refreshing ensures that the client is always configured using the newest configuration profile.
If you want to disable automatic refresh or manually control when the refresh occurs, enter
a value of 0. Download the Profile Periodically (page 64).
11. In this step, the setup program initiates a dialog where you can remap the standard object
class attributes to alternate attributes. You may want to do this if the attributes in your
directory do not conform to the object classes defined in RFC 2307.
You can remap the attributes for any of the supported services: passwd, shadow passwd,
group, PAM, netgroup, rpc, protocols, networks, hosts, services and automount.
NOTE: Make sure that the attribute names are entered correctly to avoid unpredictable
results later.
Refer to RFC 2307 at http://www.ietf.org/rfc/rfc2307.txt for a description of the standard
object classes and attributes.
At this point, the setup program will display the following dialog:
LDAP-UX Client
Services supports the following services: 1.Password
7.Networks 2.Shadow passwd
8.Hosts 3.Group 9.Services 4.PAM
(Pluggable Authentication Module)10.Printers 5.RPC
11.Automount 6 Protocols
12.Netgroup
Each services
uses a standard object class (defined by RFC 2307) You can remap any
36 Installing And Configuring LDAP-UX Client Services