LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

361

362

363

364

365

366

367

368

369

370

E.3 ldapux_client.conf file after autosetup configuration

The autosetup script creates the start-up file /etc/opt/ldapux/ldapux_client.conf on

the LDAP-UX client system, enabled for TLS support (enable_startTLS is set to 1). The

following shows the ldapux_client.conf that is configured by autosetup.

LDAP-UX Client Services Configuration File

# file name: /etc/opt/ldapux/ldapux_client.conf

# This file contains two sections of information.

# The first, the [NSS] section, contains the general configuration

# for the LDAP-UX Client Services product. You can edit the

# configuration file to turn the configuration flags on and off.

# The second, the [profile] section, is generated either from the

# create_profile entry or the setup program.

# If you are an experienced administrator, you may edit this file.

# If the information in this file is not accurate, however, you will

# not be able to retrieve the Configuration Profile entry.

# Non-LDAP-UX Integration applications can take advantage of this file

# and the profile management tools. You should add the general

# configuration under the section for your product as was done in the

# [NSS] section, and your application will process the configuration

# under that section.

# Your application can call the profile management tools to retrieve

# the profile from the Directory Server and run a specific program to

# your application afterwards.

[NSS]

# This section processes all general configuration flags for LDAP-UX

# Integration.

# To enable logging:

# *uncomment the log_facility and log_level

# *modify the values if appropriate.

# Logging uses the syslog facility. You may have to modify the syslog

# Configuration and signal the syslog daemon to accept the log_facility

# and log_level configured here. See man syslogd(1M) for information on

# using syslog.

# LOG_INFO will log only unusual events. LOG_DEBUG logs trace information,

# and will reduce performance and generate large log files on active systems.

# options to log_facility: LOG_USER, LOG_MAIL, LOG_DAEMON, LOG_AUTH,

# LOG_SYSLOG, LOG_LOCAL0, LOG_LOCAL1,

# LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4,

# LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7

# options to log_level: LOG_DEBUG, LOG_INFO

#log_facility=LOG_LOCAL0

#log_level=LOG_INFO

# You can disable specific users so that they are unable to log in

# through the LDAP server by uncommenting the "disable_uid_range"

# flag and adding the UID numbers you want to disable. For example:

# disable_uid_range=0-100,120,300-400

# Note: The list of UID numbers must be on one line and the maximum

# number of ranges is 20. The system will ignore the typos and white spaces.

#disable_uid_range=0

# You can set the user password to be returned as any string (consisting

# of characters from the encrypted password and the "*" character) instead

# of "*" when the password is hidden. By returning something other than "*"

# for the hidden password, along with a specific pam_ldap configuration,

# r-commands such as rlogin will work with ldap users on the equivalent

# remote host. Since the password field of each /etc/passwd entry

# contains an "x" when supporting shadow password, the example provided

# below sets the return password to "x".

# The default setting is to return "*" for hidden password.

# Warning:

E.3 ldapux_client.conf file after autosetup configuration 361