LDAP-UX Client Services B.05.00 Administrator's Guide
searching once it makes a successful connection. If a directory server cannot be found by
DNS, you will be prompted for the host name and port number for an existing directory
server in your environment or asked if you wish to create a new directory server instance
on the local host.
2. If you choose to create a new directory server instance on the local host, autosetup will
create an HP-UX Directory Server instance on the local machine. This directory server
instance will be configured with SSL and populated with a framework to support the
LDAP-UX domain. For information about the LDAP-UX domain created by autosetup,
see “Principles of the LDAP-UX domain” (page 27).
3. To guarantee confidentiality and data integrity, autosetup uses the StartTLS extended
operation on a regular LDAP connection with simple authentication (bind DN and password).
4. To trust the certificate presented by the server, autosetup determines whether the local
HP-UX host has a certificate database that includes the Certificate Authority (CA) certificate
that issues the server certificate.
5. If the CA certificate has not already been pre-installed, to create certificate and key database
files (cert8.db and key3.db), autosetup obtains the server certificate from the directory
server, and then downloads all the trusted CA certificates published in the directory server.
The autosetup script places in the cert8.db database file the one CA certificate that
signed the SSL server certificate of the directory server. The cert8.db file stores public
keys, while the key3.db file stores private keys. A warning message will be displayed to
indicate that an un-trusted method is being used to obtain the CA certificate.
6. Because a configuration profile can be shared by LDAP-UX clients, autosetup checks for
an existing profile entry in the directory server, using a standard profile path
(ou=services,ou=configuration). If the default profile entry exists, autosetup
downloads it into an LDIF file (/etc/opt/ldapux/ldapux_profile.ldif) and creates
a binary profile file (/etc/opt/ldapux/ldapux_profile.bin) based on the LDIF file.
7. If the default profile entry does not exist, autosetup checks for any other profile entries
that might be saved. If any are found, you are prompted to select a configuration profile to
download or to create a default profile entry.
8. Before adding the profile entry, autosetup determines whether the schema defined in RFC
4876 exists in the directory server. If the schema does not exist, then the script extends the
directory server schema. Additionally, autosetup will extend the directory server with
additional LDAP-UX 5.0 schema and the ssh public key management schema.
9. Creates the start-up file (/etc/opt/ldapux/ldapux_client.conf) on the LDAP-UX
client system, enabled for TLS support (enable_startTLS is set to 1). A sample of the file
is included in Section E.3 (page 361).
10. Creates a new computer account/host entry in the directory server that represents the current
HP-UX host. If a host entry already exists with the same name, an autosetup prompt asks
if the existing entry should be deleted and replaced.
11. Configures the host entry as a proxy user. It stores the encrypted proxy user information in
the /etc/opt/ldapux/pcred file. The proxy file contains two lines, the proxy user DN
on the first line, and the password on the second line.
12. Configures the NSS and PAM_LDAP by modifying the /etc/pam.conf and /etc/
nsswitch.conf files; samples of these files are included in “Samples of LDAP-UX
configuration files created or modified by autosetup” (page 359).
13. Modifies the LDAP-UX client daemon configuration file /etc/opt/ldapux/
ldapclientd.conf to:
• Enable the LDAP-UX client daemon ldapclientd to launch automatically whenever
the system is rebooted ([StartOnBoot] is defined with enable=yes).
• Set iproxy_is_restricted=yes in the [general] section, which indicates that
the host entry created in step 10 is not privileged. This setting enables additional
capabilities provided by the ldapuglist and ldaphostlist tools.
26 Installing and configuring LDAP-UX Client Services