LDAP-UX Client Services B.04.15 with Microsoft Windows Active Directory Server Administrator's Guide (edition 8)
Table Of Contents
- LDAP-UX Client Services B.04.15 with Microsoft Windows Active Directory Administrator's Guide
- Table of Contents
- Preface
- 1 Introduction
- 2 Installing LDAP-UX Client Services
- Before You Begin
- Summary of Installing and Configuring LDAP-UX Client Services
- Planning Your Installation
- Installing LDAP-UX Client Services on a Client
- Configuring Active Directory for HP-UX Integration
- Step 1: Install Active Directory
- Step 2: Install SFU 2.0, 3.0 or 3.5 including Server for NIS
- Step 3: Create a Proxy User
- Step 4: Add an HP-UX Client Machine Account to Active Directory
- Step 5: Use ktpass to Create the Keytab File for the HP-UX client machine
- Step 6: Add POSIX Attributes into the Global Catalog
- Importing Name Service Data into Your Directory
- Configuring LDAP-UX Client Services
- Step 1: Run the Setup Program
- Step 2: Install the PAM Kerberos Product
- Step 3: Configure Your HP-UX Machine to Authenticate Using PAM Kerberos
- Step 4: Configure the Name Service Switch (NSS)
- Step 5: Configure the PAM Authorization Service Module (pam_authz)
- Step 6: Configure the Disable Login Flag
- Step 7: Verify LDAP-UX Client Services for Single Domain
- Step 8: Configure Subsequent Client Systems
- Configuring the LDAP-UX Client Services with SSL or TLS Support
- Downloading the Profile Periodically
- 3 Active Directory Multiple Domains
- 4 LDAP-UX Client Services with AutoFS Support
- 5 LDAP Printer Configurator Support
- 6 Dynamic Group Support
- 7 Administering LDAP-UX Client Services
- Using the LDAP-UX Client Daemon
- Integrating with Trusted Mode
- SASL GSSAPI Support
- PAM_AUTHZ Login Authorization
- Policy And Access Rules
- How Login Authorization Works
- PAM_AUTHZ Supports Security Policy Enforcement
- Policy File
- Policy Validator
- Dynamic Variable Support
- Constructing an Access Rule in pam_authz.policy
- Static List Access Rule
- Dynamic Variable Access Rule
- Security Policy Enforcement with Secure Shell (SSH) or r-commands
- Adding Additional Domain Controllers
- Adding Users, Groups, and Hosts
- User and Group Management
- Displaying the Proxy User's Distinguished Name
- Verifying the Proxy User
- Creating a New Proxy User
- Displaying the Current Profile
- Creating a New Profile
- Modifying a Profile
- Changing Which Profile a Client is Using
- Creating an /etc/krb5.keytab File
- Considering Performance Impacts
- Client Daemon Performance
- Troubleshooting
- 8 Modifying User Information
- 9 Mozilla LDAP C SDK
- A Configuration Worksheet
- B LDAP-UX Client Services Object Classes
- C Command, Tool, Schema Extension Utility, and Migration Script Reference
- LDAP-UX Client Services Components
- Client Management Tools
- LDAP User and Group Management Tools
- Environment Variables
- Return Value Formats
- Common Return Codes
- The ldapuglist Tool
- The ldapugadd Tool
- The ldapugmod Tool
- The ldapugdel Tool
- The ldapcfinfo Tool
- LDAP Directory Tools
- Schema Extension Utility
- Name Service Migration Scripts
- Unsupported Contributed Tools and Scripts
- D Sample PAM Configuration File
- E Sample /etc/krb5.conf File
- F Sample /etc/pam.conf File for HP-UX 11i v1 Trusted Mode
- G Sample /etc/pam.conf File for HP-UX 11i v2 Trusted Mode
- H Sample PAM Configuration File for Security Policy Enforcement
- Glossary
- Index
Managing the LP printer configuration
The LDAP-UX Client Services provide the printer configurator integration; the product daemon
automatically updates the remote LP printer configuration of a client system based on the available
printer objects in the ADS Directory Server. The printer configurator provides the printer
configuration management; it verifies if the printer configuration has any conflict with the LP
printer configurations in the client system before it actually adds or deletes a printer.
Following are five examples to show how the LDAP printer configurator provides central
management of printer services based on the printer objects stored in the directory server. These
examples use the alternate printer attributes, printerbyname and printer-resource. The
printerbyname attribute specifies the local printer name. The printer-resource attribute provides
the remote host name and remote printer name.
Example 1:
An administrator sets up a new printer located in the Engineering Lab and wants this printer to
be shared. This printer is physically connected to a system hostA and is set up as a local printer
lj2004. The administrator creates a new printer entry in the directory server as follow:
dn: printer-name=laser2,ou=printers,dc=hp,dc=com
printerbyname: laser2
printer-resource: lpd://hostA.hp.com/lj2004
A new printer configuration for laser2 is created automatically in every client system if the
LDAP printer configurator is running. The print queue for laser2 is enabled and ready to accept
print jobs. Users can sent their print jobs to laser2 by typing lp -dlaser2 filename.
Example 2:
IT department would like to store additional service information in the printer object. The
administrator modifies the printer object by adding more printer attributes. The modified content
of the printer object is shown as below:
dn: printer-name=laser2,ou=printers,dc=hp,dc=com
printerbyname: laser2
printer-resource: lpd://hostA.hp.com/lj2004
printer-location: Engineering Lab
printer-model: Hewlett Packard laserjet Model 2004N
printer-service-person: David Lott
Since the local printer name, remote hostname, remote printer name, and the printing protocol
information are still the same, the LDAP Printer Configurator will not change the current remote
LP printer configuration for laser2.
Example 3:
The system hostA.hp.com is retired. The Laserjet 2004 printer is now connected to system
hostC and set up as a local LP printer lj2004. The administrator should update the printer
object by changing the value in printer-resource attribute. The following shows the updated
information of print objects:
dn: printer-name=laser2,ou=printers,dc=hp,dc=com
printerbyname: laser2
printer-resource: lpd://hostC.hp.com/lj2004
printer-model: Hewlett Packard laserjet Model 2004N
printer-service-person: David Lott
The current remote LP laser2 printer configuration is removed from the client system, and the
new laser2 printer configuration with new remote hostname information is added to the client
system. In fact, if either remote hostname or remote printer name of printer-resource
attribute is modified, the printer configurator will remove the current remote LP printer
configuration and create the new printer configuration with the updated resource information.
78 LDAP Printer Configurator Support