LDAP-UX Client Services B.05.00 Administrator's Guide
2.4.5.2 Custom configuration
Running the setup program for a quick configuration, as described above, configures your
client using default values where possible. If you would like to customize these parameters,
proceed as follows.
If you want to use SSL or TLS, you must perform the following tasks before you run the custom
configuration. See Section 2.4.6 (page 79) for details.
• Ensure that you have installed the certificate database files, cert8.db and key3.db, on
your client system.
• If you choose to use TLS, set the enable_startTLS parameter to 1 in the /etc/opt/
ldapux/lldapux_client.conf file to enable TLS. To use SSL, set enable_startTLS
to 0 to disable TLS. By default, TLS is disabled.
NOTE: When configuring and setting up LDAP-UX, you will likely be prompted for credentials
of an administrator. If you are asked to enter the credentials (password) of a user, you should
make sure that the connection between your client and the HP-UX system (where you are running
setup) is secured and not subject to network eavesdropping. One option to protect such
communication may be to use the ssh protocol when connecting to the HP-UX host being
configured.
1. Perform the steps described in Section 2.4.5.1 (page 69).
However, after step 11, you will be asked whether you want to use SSL or not if the value
of the enable_startTLS parameter is 0 (disabled) or undefined. Enter "yes" to the following
question if you want to use SSL for the secure communication between LDAP clients and
the HP-UX Directory Server or Redhat Directory Server. Enter "no" to the following question
if you don't want to use SSL. Skip to step 2.
Do you want to use SSL (y/n)?
Otherwise, if the value of the enable_startTLS parameter is 1 (enabled), you will be
asked whether you want to use TLS or not. Enter "yes" to the following question if you want
to use TLS for the secure communication between LDAP clients and the HP-UX Directory
Server or Redhat Directory Server. Enter "no" to the following question if you don't want to
use TLS. Skip to step 3.
Do you want to use TLS (y/n)?
2. Next, it will prompt you for selecting the authentication method for users to bind/authenticate
to the server.
You have a choice between SIMPLE (the default), SASL/GSSAPI, or SASL/DIGEST-MD5 if
you choose to not enable SSL. However, you have a choice between SIMPLE with SSL (the
default), or SASL/GSSAPI or SASL/DIGEST-MD5 with SSL if you choose to enable SSL.
LDAP-UX supports the SASL/GSSAPI or SASL/DIGEST-MD5 authentication method.
SASL/GSSAPI is only supported for LDAP-UX used with Windows ADS.
If you select SASL DIGEST-MD5, two additional prompts will appear. The first will prompt
you for a user mapping (UID, DN, or Other). The second will prompt you for a single realm
to use when retrieving user authentication information. If no realm is specified, user
information will be retrieved from the first realm the directory server offers.
3. Specify the host name and optional port number where your directory is running. If you
choose to use TLS, the default directory port number is 389. If you choose to use SSL, the
default directory port number is 636.
For high availability, each LDAP-UX client can look for user and group information in up
to three different directory servers. You are able to specify up to three directory hosts, to be
searched in order.
4. Reply "no" when asked if you want to accept the remaining default configuration parameters.
2.4 Customized installation (setup) 73