LDAP-UX Client Services B.04.15 Administrator's Guide
2.11 Verify the LDAP-UX Client Services
This section describes some simple ways you can verify the installation and configuration of
your LDAP-UX Client Services. You may need to do more elaborate and detailed testing, especially
if you have a large environment.
If any of the following tests fail, see Troubleshooting (page 132).
1. Use the nsquery(1)
1
command to test the name service:
nsquery lookup_type lookup_query [lookup_policy]
For example, to test the name service switch to resolve a username lookup, enter:
nsquery passwd username ldap
where username is the login name of a valid user whose posix account information is in
the directory. You should see output something like the following depending on how you
have configured /etc/nsswitch.conf:
Using "ldap" for
the passwd policy. Searching ldap for jbloggs User name: jbloggs user
Id: 10000 Group Id: 2000 Gecos: Home Directory: /home/jbloggs Shell:
/bin/sh Switch configuration: Terminates Search
This tests the Name Service Switch configuration in /etc/nsswitch.conf. If you do not see
output like that above, check /etc/nsswitch.conf for proper configuration.
2. Use other commands to display information about users in the directory, making sure the
output is as expected:
pwget -n username nsquery hosts host_to_find grget -n groupname ls -l
NOTE: While you can use the following commands to verify your configuration, these
commands enumerate the entire passwd or group database, which may reduce network
and directory server performance for large databases:
pwget(with no options) grget(with no options) listusers logins
3. Use the beq search utility to search for the following services: pwd (password), grp (group),
shd (shadow password), srv (service), prt (protocol), rpc (RPC), hst (host), net (network),
ngp (netgroup), and grm (group membership). An example beq command using name as
the search key, pwd as the service, and ldap as the library on the 32 bit of an HP-UX 11i v1,
v2 or v3 PA system is shown below.
./beq -k n -s pwd -l /usr/lib/libnss_ldap.1 iuser1 nss_status........
NSS_SUCCESS pw_name...........(iuser1) pw_passwd.........(*) pw_uid............(101)
pw_gid............(21) pw_age............() pw_comment........() pw_gecos..........(gecos
data in files) pw_dir............(/home/iuser1) pw_shell..........(/usr/bin/sh)
pw_audid..........(0) pw_audflg.........(0)
Use the following beq command on 64 bit of an HP-UX 11i v2 or v3 IA machine:
./beq -k n -s pwd -l /usr/lib/hpux64/libnss_ldap.so.1 iuser1
Use the following beq command on 32 bit of an HP-UX 11i v2 or v3 IA machine:
./beq -k n -s pwd -l /usr/lib/hpux32/libnss_ldap.so.1 iuser1
Refer to "beq Search Tool" in Chapter 4 for command syntax and examples.
4. Log in to the client system from another system using rlogin or telnet. Log in as a user in
the directory and as a user in /etc/passwd to make sure both work.
5. Optionally, test your pam_authz authorization configuration:
If the pam_authz is configured without the pam_authz.policy file, verify the followings:
• logging into the client system from another system using rlogin or telnet with a user
name that is a member of a +@netgroup in the directory to make sure the user will be
allowed to log in.
1. nsquery(1) is a contributed tool included with the ONC/NFS product.
2.11 Verify the LDAP-UX Client Services 61