LDAP-UX Client Services B.05.00 Administrator's Guide
installation configures LDAP-UX, it initializes this subtree with the local host’s information.
Any additional hosts that use the guided installation to configure LDAP-UX will be added
under this subtree (joined to the LDAP-UX domain).
• ou=Configuration,ou=Services: Stores centrally managed configuration information
for LDAP-enabled applications, or information about services available in the domain. The
ldapentry tool can be used to manage items under this subtree. This subtree will be
populated with the LDAP-UX configuration profile and will register the HP-UX Directory
Server instance and the CA certificate used in the LDAP-UX domain.
Access control instructions (ACIs) are created (using the aci attribute) at the root suffix as well
as in the ou=Hosts, ou=People, and ou=Groups subtrees. These ACIs grant administration
privileges to the members of the initial groups defined in the ou=Groups subtree. Figure 2-2
(page 29) shows the function of the ACIs for each subtree. For more information about access
control in the LDAP-UX domain, see Section 2.3.2.3 (page 33).
Figure 2-2 LDAP-UX Domain subtrees and ACIs
LDAP_UX Domain
ou=Hosts
host 1
host 2
host 3
host 4
host 5
system & service info
owner, etc...
host based service
...
ou=Services,
ou=Configuration
Service Configuration
LDAP-UX Profile
Directory Server Profile
CA Profile
Identities
ou=Groups
ou=People
Domain Administrators
User Administrators
Host Administrators
...
ACIs allow management
by user and domain
administrator.
ACIs allow management
by domain administrator.
ACIs allow management
by administrator and owner.
ACIs allow management by
user and host administrators.
2.3.2.2 Information model
As mentioned previously, within the various subtrees defined in the LDAP-UX domain, various
types of objects can be managed, including users, groups, and hosts. Management of these objects
is based primarily on existing standards (defined by RFCs 2307, 2798 and 4519) and extended
schema defined for LDAP-UX. Most manageable information registered for users, groups, and
hosts is defined in the RFCs. LDAP-UX includes two additional schemas named ssh_schema
and ldapux50.
Information about the manageable objects and how they are defined in the LDAP-UX configuration
profile is included in Section 2.3.2.2.1 (page 29). Information about the schema used by LDAP-UX
is included in Section 2.3.2.2.2 (page 31).
2.3.2.2.1 Managed objects and how they are defined
For the configuration objects, the LDAP-UX configuration profile created by the guided installation
uses the schema defined by RFC 4876. For service objects, the directory server and CA server
entries are described by the ldapux50 schema and RFC 4523.
The following examples show entries created for hosts, users, and groups, displayed in LDIF
format.
2.3 Guided installation (autosetup) 29