Manualshelf

LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
111112113114115116117118119120
2.5.8 Downloading the profile periodically
The setup program allows you to define a time interval after which the current profile is being
automatically refreshed. The start time for this periodic refresh is defined by the time the setup
program was run and the value defined for ProfileTTL. Therefore, it does not allow you to define
a specific time of day when the profile should be downloaded (refreshed). For more detailed
information, see the ldapclientd(1) manpage.
If you would like to manually control when you want to download the profile, you can use the
following steps:
1. When creating your profile entry using setup, set the ProfileTTL value to 0.
2. Using the command get_profile_entry -s nss, write a shell script that downloads
the profile. Below is an example that downloads the profile from the directory. Modify this
example for your environment. It also compares the new and old profiles and emails a status
message:
#!/bin/ksh
cp /etc/opt/ldapux/ldapux_profile.ldif /etc/opt/ldapux/ldapux_profile.sav
/opt/ldapux/config/get_profile_entry -s nss 2>&1>/tmp/profile.upd$$
diff /etc/opt/ldapux/ldapux_profile.ldif \
/etc/opt/ldapux/ldapux_profile.sav >> /tmp/profile.upd$$
if [ -s /tmp/profile.upd$$ ]; then
cat /tmp/profile.upd$$ | mailx -s "Profile cache
refreshed." root@sys01
else
echo "No changes." | mailx -s "Profile cache refreshed."
root@sys01
fi
rm -f /etc/opt/ldapux/ldapux_profile.sav
rm -f /tmp/profile.upd$$
3. Use the crontab command to create a crontab file (or edit your existing crontab file)
and specify how frequently you want the profile to be downloaded. For example, assuming
the script above is in the file /ldapux/download_ldap_profile, the following crontab
specification specifies that /ldapux/download_ldap_profile be executed nightly at
midnight:
0 0 * * * /ldapux/download_ldap_profile
For more information about the crontab command, see the crontab(1) manpage.
4. Log in as root and schedule the job with the crontab command. For example, assuming
the crontab entry above is in the file crontab.profile, the following schedules the
profile downloading:
crontab crontab.profile
2.5.9 Using the r-command for PAM_LDAP
LDAP-UX supports use of r-commands (commands for remote exeuction, such as rlogin, rcp,
and so forth) with LDAP account users whose password is hidden, or not in clear text or crypt
syntax.
To enable the use of r-commands, follow these steps:
1. Comment out the following line in the /etc/opt/ldapux/ldapux_client.conf file:
#password_as = "x"
2. Modify the account management session in the /etc/pam.conf file for PAM_LDAP and
add the "rcommand" option as follows:
# Account management
#
login account required libpam_hpsec.so.1
login account sufficient libpam_unix.so.1
login account required libpam_ldap.so.1 rcommand
2.5 Post-installation configuration tasks 113