LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

361

362

363

364

365

366

367

368

369

370

# initializes the user's group access list. The following configuration

# controls if LDAP-UX should return dynamic groups that a user belongs to.

# If "enable_dynamic_getgroupsbymember" is set to 1, which is the default,

# LDAP-UX returns both static and dynamic groups that a user belongs to.

# As a result, the user has the access right granted to all those groups.

# If "enable_dynamic_getgroupsbymember" is set to 0, LDAP-UX returns only

# static groups that a user belongs to. As a result, the user has only the

# access rights granted to static groups, and does not have the access

# rights granted to dynamic groups.

# If you experience an unexpected delay when logging into the system, HP

# recommends that you uncomment the following line and set

# "enable_dynamic_getgroupsbymember" to 0.

#enable_dynamic_getgroupsbymember=1

# Prior to B.04.20, LDAP-UX appended the string, "#'*'B" when constructing

# search filters using the attribute uniquemember. Starting from B.04.20,

# this behavior has been turned off. You may re-enable this feature

# by setting enable_bitstring to 1. Please refer to "A Summary of

# the X.500(96) User schema for use wwith LDAPv3", RFC2256 as well

# as "Lightweight Directory Access Protocol (v3): Attribute Syntax

# Definitions", RFC2252, for more details on the Name And Optional UID

# syntax.

#enable_bitstring=1

# Setting "enable_compat_mode=1" enables LDAP-UX to process "+"/"-"

# entries in /etc/passwd and /etc/group as they are in compat mode

# while "ldap" is still configured as a regular repository for "passwd"

# and "group" in /etc/nsswitch.conf (e.g. /etc/nsswitch.ldap).

#enable_compat_mode=0

[profile]

#This section contains information clients need to access the configuration

#profile entry from an LDAP Directory Server.

#More than one application can share this file.

#For each application,

#the format begins with the keyword "Service:" followed by the service name,

#followed by one or more configuration information lines,

#followed by a line with "$" as the last line of the service,

#followed by another service with the same format if any. For example:

# Service: <service_name>

# <one or more configuration information lines>

# $

# Service: <service_name>

# <one or more configuration information lines>

# $

#The name service that LDAP-UX Client Services supports is "NSS".

#For example:

# Service:NSS

# # More than one 'host:port' can be included in this field,

# # delimited by ' '. For example:

# LDAP_HOSTPORT="abc.efg.hp.com def.anywhere.com"

# # The configuration profile entry name in the Directory Server. For example:

# PROFILE_ENTRY_DN="cn=myprofile, ou=myorgunit, o=myorg"

# #The application program the application is to execute after

# #the configuration profile entry is retrieved from the application.

# #For example:

# PROGRAM="/opt/ldapux/config/create_profile_cache"

# $

Service: NSS

LDAP_HOSTPORT_SSL="16.92.120.190:389"

PROFILE_ENTRY_DN="cn=DOC-ldapuxProfile,ou=Services,ou=Configuration,dc=doc,dc=acme,dc=com"

PROGRAM="/opt/ldapux/config/create_profile_cache"

E.4 ldapclientd.conf file after autosetup configuration

Before starting the LDAP-UX client daemon process, autosetup edits the client daemon

configuration file /etc/opt/ldapux/ldapclientd.conf to enable the LDAP-UX client

daemon ldapclientd to launch automatically whenever the system is rebooted and to enable

E.4 ldapclientd.conf file after autosetup configuration 363