LDAP-UX Client Services B.04.15 with Microsoft Windows Active Directory Server Administrator's Guide (edition 8)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

Table Of Contents

LDAP-UX Client Services B.04.15 with Microsoft Windows Active Directory Administrator's Guide
Table of Contents
Preface
- About This Document
1 Introduction
- Overview of LDAP-UX Client Services
- How LDAP-UX Client Services Works
2 Installing LDAP-UX Client Services
- Before You Begin
- Summary of Installing and Configuring LDAP-UX Client Services
- Planning Your Installation
- Installing LDAP-UX Client Services on a Client
- Configuring Active Directory for HP-UX Integration
- Importing Name Service Data into Your Directory
- Configuring LDAP-UX Client Services
- Configuring the LDAP-UX Client Services with SSL or TLS Support
- Downloading the Profile Periodically
3 Active Directory Multiple Domains
- Domain Term Definitions
- Retrieving Data from a Remote Domain
  - Choosing Remote Domain Configuration or GCS
- Downloading an Automatic Profile
- Understanding the ldapux_client.conf Configuration File
- Resolving Duplicate Entries
- Changing Multiple Domain Configurations
- Limitations of Multiple Domains in Version B.03.00 or later
4 LDAP-UX Client Services with AutoFS Support
- Overview
- Automount Schemas
- Configuring Name Service Switch
- Configuring Automount Caches
- AutoFS Migration Scripts
5 LDAP Printer Configurator Support
- Overview
  - Definitions
- How the LDAP Printer Configurator works
  - Printer Configurator Architecture
- Printer Configuration Parameters
- Printer Schema and Attributes
  - Printer Attributes
    - Default Printer Attributes
    - Printer Attribute Mappings
- Managing the LP printer configuration
- Limitations of Printer Configurator
6 Dynamic Group Support
- Overview
- Specifying a Search Filter for a Dynamic Group
  - Creating an HP-UX POSIX Dynamic Group
- Multiple Group Attribute Mappings
  - Examples
  - Group Attribute Mappings
- Number of Group Members Returned
- Number of Groups Returned for a Specific User
- Performance Impact for Dynamic Groups
  - Enabling/Disabling enable_dynamic_getgroupsbymember
- Configuring Dynamic Group Caches
- Dynamic Group with Active Directory Server Multiple Domains
7 Administering LDAP-UX Client Services
- Using the LDAP-UX Client Daemon
- Integrating with Trusted Mode
- SASL GSSAPI Support
- PAM_AUTHZ Login Authorization
- Adding Additional Domain Controllers
- Adding Users, Groups, and Hosts
- User and Group Management
- Displaying the Proxy User's Distinguished Name
- Verifying the Proxy User
- Creating a New Proxy User
  - Example
- Displaying the Current Profile
- Creating a New Profile
- Modifying a Profile
- Changing Which Profile a Client is Using
- Creating an /etc/krb5.keytab File
- Considering Performance Impacts
- Client Daemon Performance
  - ldapclientd Caching
  - ldapclientd Persistent Connections
- Troubleshooting
8 Modifying User Information
- Changing Passwords
- Changing Personal Information
9 Mozilla LDAP C SDK
- Overview
- The Mozilla LDAP C SDK File Components
A Configuration Worksheet
B LDAP-UX Client Services Object Classes
- Profile Attributes
C Command, Tool, Schema Extension Utility, and Migration Script Reference
- LDAP-UX Client Services Components
- Client Management Tools
- LDAP User and Group Management Tools
- LDAP Directory Tools
- Schema Extension Utility
- Name Service Migration Scripts
- Unsupported Contributed Tools and Scripts
D Sample PAM Configuration File
E Sample /etc/krb5.conf File
F Sample /etc/pam.conf File for HP-UX 11i v1 Trusted Mode
G Sample /etc/pam.conf File for HP-UX 11i v2 Trusted Mode
H Sample PAM Configuration File for Security Policy Enforcement
Glossary
Index

Changing Authentication methods...............................................................................................105

PAM_AUTHZ Login Authorization ..................................................................................................106

Policy And Access Rules................................................................................................................106

How Login Authorization Works..................................................................................................106

PAM_AUTHZ Supports Security Policy Enforcement..................................................................108

Authentication using LDAP.....................................................................................................108

Authentication with Secure Shell (SSH) and r-commands......................................................108

Policy File.......................................................................................................................................109

Policy Validator..............................................................................................................................110

An Example of Access Rule Evaluation...................................................................................110

Dynamic Variable Support............................................................................................................110

Constructing an Access Rule in pam_authz.policy.......................................................................111

Fields in an Access Rule...........................................................................................................111

Static List Access Rule....................................................................................................................114

Dynamic Variable Access Rule .....................................................................................................116

Supported Functions for Dynamic Variables...........................................................................116

Examples..................................................................................................................................116

Security Policy Enforcement with Secure Shell (SSH) or r-commands.........................................118

Security Policy Enforcement Access Rule ...............................................................................118

An example of Access Rules...............................................................................................119

Configuring Access Permissions for Global Policy Attributes.................................................119

Configuring PAM Configuration File......................................................................................119

Evaluating the Windows Active Directory Server Security Policy..........................................120

PAM Return Codes ..................................................................................................................120

Directory Server Security Policies............................................................................................121

Adding Additional Domain Controllers.............................................................................................122

Adding Users, Groups, and Hosts......................................................................................................122

User and Group Management............................................................................................................124

LDAP User and Group Command-Line Tools..............................................................................124

Listing Users..................................................................................................................................126

Listing Groups...............................................................................................................................127

Adding a User or a Group.............................................................................................................129

Examples of Adding a User .....................................................................................................129

Examples of Adding a Group...................................................................................................131

Modifying Defaults in /etc/opt/ldapux/ldapug.conf ...............................................................132

Modifying a User ..........................................................................................................................133

Modifying a Group........................................................................................................................134

Deleting a User or a Group............................................................................................................135

Examples..................................................................................................................................136

Checking LDAP-UX Configuration ..............................................................................................137

Checking if LDAP-UX is Configured.......................................................................................137

Listing Available Templates.....................................................................................................138

Discovering Required Attributes.............................................................................................138

Displaying Configuration Defaults..........................................................................................138

Displaying the LDAP-UX Profile's DN....................................................................................139

Displaying Default Search Base...............................................................................................139

Displaying Recommended Attributes......................................................................................139

Displaying Attribute Mapping for a Specific Name Service....................................................140

Displaying the Proxy User's Distinguished Name.............................................................................141

Verifying the Proxy User.....................................................................................................................141

Creating a New Proxy User................................................................................................................141

Example.........................................................................................................................................141

Displaying the Current Profile............................................................................................................141

Creating a New Profile........................................................................................................................142

Modifying a Profile.............................................................................................................................142

6 Table of Contents