LDAP-UX Client Services B.05.00 Administrator's Guide
objectClass: configurableService
cn: cup-ldapuxProfile
preferredServerList: 192.168.10.20:389
profileTTL: 14400
defaultSearchBase: dc=domain,dc=example,dc=com
bindTimeLimit: 5
authenticationMethod: tls:simple
credentialLevel: proxy
attributeMap: passwd:userpassword=*NULL*
attributeMap: shadow:userpassword=*NULL*
attributeMap: group:userpassword=*NULL*
attributeMap: group:memberUid=uniqueMember member memberUid
attributeMap: passwd:gecos=cn l telephoneNumber
serviceSearchDescriptor: passwd:ou=People,
serviceSearchDescriptor: shadow:ou=People,
serviceSearchDescriptor: group:ou=Groups,
serviceSearchDescriptor: pam:ou=People,
serviceSearchDescriptor: rpc:ou=Services,
serviceSearchDescriptor: protocols:ou=Services,
serviceSearchDescriptor: networks:ou=Services,
serviceSearchDescriptor: hosts:ou=Hosts,
serviceSearchDescriptor: services:ou=Services,
serviceSearchDescriptor: printers:ou=Services,
serviceSearchDescriptor: automount:ou=Services,
serviceSearchDescriptor: netgroup:ou=Groups,
The guided installation enhances the configuration profile to improve interoperability with other
LDAP-enabled applications in the following ways:
• Most all LDAP-enabled applications use the DN-based membership syntax, defined by the
X.500 standards. So, instead of using the memberUid attribute as the sole, primary attribute
for defining group membership, the guided installation uses the uniqueMember, member,
and memberUid attributes by default. In addition, when new members are added to a group
(using the LDAP user/group management tools), LDAP-UX uses the uniqueMember attribute
to define that membership (based on the ordering found in attributeMap, which lists a
mapping from RFC 2307 attributes to alternate attributes).
• Instead of using the gecos attribute to define account details, the cn (common name), l
(location), and telephoneNumber attributes are mapped to fill the GECOS field. This
eliminates the need to define the gecos attribute in the directory server.
• To use common authentication with other LDAP-enabled applications, the userPassword
attribute is defined as NULL. This means it is not visible to applications on the HP-UX host.
But instead, applications use the standardized Pluggable Authentication Module (PAM)
framework to perform authentication.
2.3.2.2.2 Domain entity classification schema
The guided installation (and LDAP-UX B.05.00 or later) provides new schema that can be used
to manage information about users, groups, hosts, and services in your network. As indicated
in Table 2-1 (page 32) and Table 2-2 (page 32), LDAP-UX only uses some of the newly added
schema directly by default . The tables describe the full list of new attributes and object classes,
and explain how the schema are used. The recommended uses are merely advisory. Each
organization can customize usage to suit its unique needs. Table 2-1 (page 32) describes the new
attributes.
2.3 Guided installation (autosetup) 31