LDAP-UX Client Services B.05.00 Administrator's Guide

2.4.2 Planning for your customized installation and configuration
Before beginning your installation, you should plan how you will set up and verify your LDAP
directory and your LDAP-UX Client Services environment before putting them into production.
Consider the following questions. Record your decisions and other information that you will
need later in “Configuration worksheet” (page 347).
How many LDAP-based directory servers and replicas will you need?
Each client system binds to an LDAP directory server containing your user, group, and other
data. Multiple clients can bind to a single directory server or replica server. The answer
depends on your environment, the size and configuration of your directory, and how many
users and clients you have. Write your directory server host and TCP port number in
“Configuration worksheet” (page 347). For more information, see the white paper Preparing
Your LDAP Directory for HP-UX Integration at:
http://www.hp.com/go/hpux-security-docs
Click HP-UX LDAP-UX Integration Software.
In addition, for more information about preparing an HP-UX Directory Server or Red Hat
Directory Server, see the appropriate Deployment Guide at the website mentioned previously.
You can add directory replicas to an existing LDAP-UX Client Services environment as
described under Section 5.4 (page 158). You may also want to review the LDAP-UX Integration
Performance and Tuning Guidelines, also located at the website mentioned previously.
Where will you get your name service data when migrating it to the directory?
You can get the data from your files in the /etc directory or, if you are using NIS, from the
same source files from which you create your NIS maps, or you can get the data from your
NIS maps themselves. Write this information in “Configuration worksheet” (page 347).
For information about how to import your information into the directory, see Section 2.5.1
(page 90). For information about the migration scripts, see Section 7.6 (page 326).
To add an individual user entry or modify an existing user entry in your directory, you can
use the ldapugadd or ldapugmod command or other directory administration tools such
as the ldapmodify command or the HP-UX Directory Server Console. For additional
contributed tools, see the LDAP-UX Integration B.05.00 Release Notes.
NOTE: You should keep a small subset of users in /etc/passwd, particularly the root
login. This allows administrative users to log in during installation and testing. Also, if the
directory is unavailable, you can still log in to the system.
Where in your directory will you put your name service data?
Your directory architect needs to decide where in your directory to place your name service
information. By default, LDAP-UX Client Services expects user and group data to use the
object classes and attributes specified by RFC 2307. By default, the migration scripts create
and populate a new subtree that conforms to RFC 2307. Figure 2-3 (page 61) shows a base
DN of ou=unix,o=hp.com. Write the base DN of your name service data in “Configuration
worksheet” (page 347).
If you prefer to merge your name service data into an existing directory structure, you can
map the standard RFC 2307 attributes to alternate attributes. For more information, see
“LDAP-UX Client Services object classes” (page 349).
How will you put your user, group, and other data into your directory?
LDAP supports group membership defined in the X.500 syntax (using the member or
uniquemember attribute), while still supporting the RFC 2307 syntax (using the memberuid
attribute). This new group membership syntax increases LDAP-UX integration with LDAP
and other LDAP-based applications, and may reduce administration overhead eliminating
the need to manage the memberuid attribute. In addition, a new performance improvement
2.4 Customized installation (setup) 59