LDAP-UX Client Services B.05.00 Administrator's Guide
NOTE:
Unless you pre-install a CA or server certificate for the directory server, the autosetup
tool has no means of validating the identity of the directory server. The tool can download
and permanently install the CA or server certificate for the server; however, the server could
be an impostor. If autosetup created the specified server, it created a depot file on that
server's host that contains the CA certificate for that server. The depot on the specified host
in this example is found at : /tmp/ca-calif.acme.com.depot. The depot file can be
distributed to your host or any other HP-UX clients to be established in the same LDAP-UX
domain. By installing it on your host prior to configuring LDAP-UX, you pre-establish trust
with the specified remote server. For more information, see Section 2.3.2.3.3 (page 35).
If the specified server was not created by autosetup, you can obtain and pre-install the
CA or server certificate directly from the server (in /etc/opt/ldapux) and pre-install it
on your host, following the instructions in Section 2.4.6.2 (page 79).
If the CA certificate is not installed on your local host at this point of the guided installation,
autosetup warns you that it cannot validate the identity of the remote server and suggests
installing the CA certificate. You can abort so that you can install the CA certificate before
proceeding with the rest of the guided installation, or you can continue, trusting the CA
certificate that will be installed automatically by autosetup.
This example assumes the CA certificate has already been installed; therefore, you will not
see the warning and the prompt asking whether to abort or continue.
3. The script then asks for the DN of the directory server user who can add the local host to
the directory server's LDAP–UX domain. This is any host administrator with such privileges
(a member of the DomainAdmins group). In this example, the DN for the user with such
privileges is uid=domadmin,ou=people,dc=calif,dc=acme,dc=com. The server's
DNS domain in this example is calif.acme.com; this will be the name of the LDAP-UX
domain configured by autosetup. This being the first time adding an HP-UX host to this
directory server, LDAP-UX will extend the server's schema.
Please enter the DN of a user that has sufficient privilege to add this host
to the "calif.acme.com" domain. Note also that if this is the first
time adding an HP-UX host to this directory server, LDAP-UX may
also need to extend the server's schema. Please enter the DN of an
Administrator with these privileges or press Return for the default value.
[uid=domadmin,ou=people,dc=calif,dc=acme,dc=com]: Return
4. Enter the password for the user identified in the preceding step (the entered password is
not visible):
Enter the password for the above user: [password not displayed] Return
The installation now begins, followed by other related tasks; autosetup displays the progress
and results, as in the following example. As indicated, because an existing LDAP-UX configuration
profile does not exist, autosetup creates a new one. The profile and the associated LDAP-UX
domain will be based on the existing directory tree. In addition, autosetup provisions
information about the local host into the existing directory server.
* Extending schemas ... done.
No LDAP-UX Configuration Profile was found. Creating a new one.
* Downloading profile from DS ... done.
* Configuring ldapux_client.conf ... done.
* Provisioning LDAP-UX Client information into the Directory Server ... done.
* Setting up proxy user ... done.
* Configuring "/etc/nsswitch.conf" and "/etc/pam.conf" to use ldap ... done.
* Starting ldapclientd daemon ... done.
* Starting ldapcconfd ... done.
52 Installing and configuring LDAP-UX Client Services