LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

The configuration profile is a directory entry containing configuration information common to many

clients. Storing this information in the directory lets you maintain it in one place and share it among

many clients rather than storing it redundantly across the clients. Because the configuration

information is stored in the directory, all each client needs to know is where its profile is. Each

client downloads the configuration profile from the directory.

The configuration profile is an entry in the directory containing details on how clients are to access

the directory, such as:

• Where and how clients should search the directory for user, group, and other name service

information.

• How clients should bind to the directory: anonymously or as a proxy user. Anonymous access

is simplest and used most often because most data in the directory server is not considered

confidential. However, by default Active Directory does not allow anonymous access, in which

case a proxy user is created to represent the OS and its users. With a proxy user, the OS can

be granted access to the data in the directory server. This identity (user ID and password) is

stored in the /etc/opt/ldapux/pcred file. Additionally, in some instances, administrators

may wish to define an administrator proxy credential. This credential is used to represent

administrators of the HP-UX OS, and may be used with administration tools such as ldapugmod

or ldaphostmgr, or used when NIS public keys are managed in the directory server

(management of NIS public keys in Active Directory is not supported). The administrator

credential (user ID and password) is stored in the /etc/opt/ldapux/acred file.

NOTE: The user credentials are stored in the pcred and acred files, including the password.

While these credentials are not visible as plain text, the pcred and acred files are not

encrypted. Access must be restricted to these files.

• Other configuration parameters such as search time limits.

Figure 4 The local start-up file and the configuration profile

Active Directory

Configuration

profile

LDAP-UX client

Start-up

file

Configuration

profile

The shared configuration

profile is stored in the

directory and downloaded

to all LDAP-UX clients.

The start-up file points

to the configuration

profile in the directory.

1.2 How LDAP-UX Client Services works 13