LDAP-UX Client Services B.05.00 Administrator's Guide
2.4.1 Summary of customized installation and configuration steps
The following are the steps you take when custom installing and configuring an LDAP-UX Client
Services environment:
• Plan your installation (see Section 2.4.2 (page 59)).
• Install LDAP-UX Client Services on each client system (see Section 2.4.3 (page 64)).
• Install and configure an LDAP directory, if not already done (see Section 2.4.4 (page 65)).
• If you want to enable SSL support with LDAP-UX, install and set up the security database
files on the LDAP-UX client system (see Section 2.4.6 (page 79)).
• Migrate your name service data to the directory (see Section 2.5.1 (page 90)).
• Run the setup program to configure LDAP-UX Client Services on a client system (see
Section 2.4.5 (page 68)). The setup program does the following for you:
— Extends your RHDS/HPDS directory schema with the configuration profile schema, if
not already done.
— Imports the LP printer schema into your LDAP-based directory server if you choose to
start the LDAP printer configurator.
— Imports the NIS publickey schema into your LDAP-based directory if you choose to
store the NIS-style public keys of users and hosts in the LDAP directory.
— Imports the automount schema into your LDAP-based directory server if you choose
to store the AutoFS maps in the LDAP directory.
— Creates a start-up file on the client. This enables each client to download the
configuration profile.
— Creates a centrally-managed configuration profile in the LDAP directory server. This
profile defines how HP-UX clients should access the directory server and defines the
data model (schema) used to identify users, groups, and other OS services. This profile
can be shared across numerous clients and defines what is known as the “LDAP-UX
domain”. The setup program can download an existing configuration profile, create
a new one, or define a local-only profile.
— Downloads the configuration profile from the directory to the client.
— Starts the product daemon ldapclientd, if you choose to start it. Starting with
LDAP-UX Client B.03.20 or later, the client daemon must be started to obtain LDAP-UX
functionality. With LDAP-UX Client B.03.10 or earlier, running the client daemon is
optional.
• To specify LDAP authentication and name service, modify the files /etc/pam.conf and
/etc/nsswitch.conf, respectively, on the client (see Section 2.4.5 (page 68)).
• Optionally, configure the PAM Authorization Service Module (PAM_AUTHZ) to control
access rules defined in the /etc/opt/ldapux/pam_authz.policy policy file. In addition,
verify the user access rights of a subset of users in a large repository needing access,
modifying the /etc/opt/ldapux/pam_authz.policy and /etc/pam.conf files. For
command syntax, see the pam_authz(5) manpage; for more information about configuring
this service, see “PAM_AUTHZ login authorization ” (page 140).
• Perform the relevant post-installation tasks described in Section 2.5 (page 89). These include:
— Importing name service data into your directory (see Section 2.5.1 (page 90))
— Verifying each client is working properly (see Section 2.5.2 (page 92))
— Enabling AutoFS support (see “Enabling AutoFS support” (page 95))
— Enabling offline credential caching for authentication when the directory server is not
available (see “Enabling offline credential caching for authentication when the directory
server is unavailable” (page 102))
— Enabling integrated Compat Mode to control name services and user logins (see
Section 2.5.5 (page 104))
2.4 Customized installation (setup) 57