LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

directory server to suit managing an LDAP-UX domain. For more information about the

LDAP-UX domain, see Section 2.3.2 (page 27).

In this scenario, the guided installation:

— Configures the directory server with an LDAP-UX schema used for managing users,

groups, and hosts. This includes definition of the database indexes based on that schema.

— Defines the initial framework for the directory information tree.

— Defines access control rights for directory server and LDAP-UX domain administration.

— Creates an LDAP-UX configuration profile (based on RFC 4876) that can be used for

configuring additional clients. This file defines the LDAP-UX domain contents. For

information about this RFC, see:

http://www.ietf.org/rfc/rfc4876.txt

For more information about RFCs in general, see the following website:

http://www.ietf.org/rfc.html

— Provisions HP-UX host information into the directory server, to be used for proxied

authentication and ssh key management.

— Creates a certificate authority (CA) and server certificate along with a CA package depot

that can be pre-installed on HP-UX clients to be managed in the LDAP-UX domain.

The creating and provisioning of a new directory server instance is supported only with

Red Hat Directory Server 8.0 and HP-UX Directory Server 8.1 or later. The guided installation

will not create instances of earlier versions of Red Hat Directory Server or Netscape Directory

Server.

Instructions for installing LDAP-UX for the first time in an environment without a directory

server are described in Section 2.3.6 (page 44).

• Installing LDAP-UX into an existing directory server environment (Existing Directory

Server Installation mode): In this scenario, instead of creating a new directory server instance,

the guided Installation discovers information about your existing directory server and

directory information tree. The existing directory server must be HP-UX Directory Server

8.1 or later, or Red Hat Directory Server 8.0. The guided installation then configures LDAP-UX

accordingly. The guided installation requires that the existing directory information tree

follow the structure defined in Figure 2-1 (page 28), unless being installed into a Windows

domain.

If the directory server hosts a Windows domain, the guided installation configures the

LDAP-UX profile to follow the standard layout and attributes defined for an ADS domain.

For a non-ADS domain, the guided installation creates an LDAP-UX configuration profile

based on the existing directory information tree, with the defaults defined for an LDAP-UX

domain shown in Figure 2-1 (page 28). The guided installation provisions information about

the current host into the directory server. (For more information about the directory

information tree in an LDAP-UX domain, see Section 2.3.2.1 (page 28).)

In this scenario, the guided installation prompts for several parameters, depending on the

exact circumstances. You will be prompted for the existing directory server's host name (and

optionally the port), as well as the bind DN and password of a user who has sufficient

privileges to add the local HP-UX host to the LDAP-UX domain. When you specify a remote

host where the existing directory server is located, the guided installation cannot validate

the identity of the directory server unless a valid domain (CA certificate) or server certificate

exists on the local host. If one does not exist, you are given the option of having the guided

installation download and install the CA or server certificate (without trust) or, if the server

was created by autosetup, you can download (from the server to your host) a certificate

depot that installs the CA certificate for the LDAP-UX domain.

24 Installing and configuring LDAP-UX Client Services