LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

2.4.6.3 SSL/TLS ciphers...............................................................................................................82

2.4.7 Configuring LDAP-UX Client Services with NIS publickey support.....................................84

2.4.7.1 HP-UX Enhanced Publickey-LDAP software requirement............................................84

2.4.7.2 Extending the NIS publickey schema into your directory..............................................84

2.4.7.3 Admin Proxy user...........................................................................................................85

2.4.7.3.1 Configuring an Admin Proxy user by using ldap_proxy_config...........................85

2.4.7.3.2 Password for an Admin Proxy user........................................................................85

2.4.7.4 Setting ACI for key management....................................................................................85

2.4.7.4.1 Setting ACI for an Admin Proxy user.....................................................................85

2.4.7.4.2 Setting ACI for a user..............................................................................................87

2.4.7.5 Configuring serviceAuthenticationMethod....................................................................87

2.4.7.5.1 Authentication methods..........................................................................................87

2.4.7.5.2 Procedures used for configuring serviceAuthenticationMethod...........................87

2.4.7.6 Configuring Name Service Switch (NSS)........................................................................89

2.5 Post-installation configuration tasks...............................................................................................89

2.5.1 Importing name service data into your directory...................................................................90

2.5.1.1 Ensure user and group numbers do not collide with those created by a guided New

Directory Server mode installation............................................................................................90

2.5.1.2 Steps to importing name service data into your directory.............................................91

2.5.2 Verifying the LDAP-UX Client Services..................................................................................92

2.5.3 Enabling AutoFS support........................................................................................................95

2.5.3.1 Automount schemas.......................................................................................................95

2.5.3.1.1 New automount schema.........................................................................................95

2.5.3.1.2 The nisObject automount schema...........................................................................96

2.5.3.2 Attribute mappings.........................................................................................................97

2.5.3.3 Configuring NSS.............................................................................................................98

2.5.3.4 AutoFS migration scripts................................................................................................98

2.5.3.4.1 Environment variables............................................................................................98

2.5.3.4.2 General syntax for migration scripts.......................................................................99

2.5.3.4.3 The migrate_automount.pl script...........................................................................99

2.5.3.4.4 The migrate_nis_automount.pl script...................................................................101

2.5.3.4.5 The migrate_nisp_autofs.pl script.........................................................................102

2.5.4 Enabling offline credential caching for authentication when the directory server is

unavailable.....................................................................................................................................102

2.5.4.1 How the offline cache works.........................................................................................103

2.5.4.2 Configuring the offline cache........................................................................................103

2.5.5 Enabling integrated Compat Mode to control name services and user logins.....................104

2.5.5.1 Overview.......................................................................................................................104

2.5.5.2 Netgroups in LDAP.......................................................................................................105

2.5.5.3 Configuring integrated “compat” mode.......................................................................105

2.5.5.3.1 Limitations.............................................................................................................106

2.5.6 Controlling user access to the system through LDAP..........................................................106

2.5.6.1 Using the disable_uid_range flag to prevent access to the local system by unwanted

users .........................................................................................................................................106

2.5.6.2 Using the deny_local option to prevent access to the local system by unwanted

users..........................................................................................................................................107

2.5.6.3 Configuring PAM_LDAP authentication to ignore specific users................................109

2.5.7 Configuring subsequent client systems................................................................................112

2.5.8 Downloading the profile periodically...................................................................................113

2.5.9 Using the r-command for PAM_LDAP.................................................................................113

3 LDAP Printer configurator support............................................................................115

3.1 Overview.......................................................................................................................................115

3.1.1 Definitions.............................................................................................................................115

4 Table of Contents