LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
The guided installation (autosetup) is most advantageous if:
• You prefer simplicity, ease, and quickness of installation.
• You prefer an installation that enables immediate use of LDAP-UX, with minimal input required;
autosetup automatically provides default values for many parameters that must be provided
manually during a customized installation (you can customize parameters later, if desirable).
• You want HP-UX host management automatically enabled in the Active Directory Server (for
more information about host management, see “Managing hosts in an LDAP-UX domain”
(page 129).
• Your Active Directory Server has been enabled for using SSL. The guided installation will
automatically download the domain’s CA certificate and provide a simple means to
pre-distribute to additional HP-UX clients.
The customized installation (setup) is advantageous if:
• You are more experienced and familiar with the product, and you want to manually customize
the software during the installation.
• You want to install the HP-UX host into multiple-domain Windows environment. Guided
installation only supports installation into a single windows domain.
• You want a small LDAP deployment using a local-only profile; the local-only profile can also
be useful for testing purposes and for environments where administrators lack server
administrative privileges. Local-only profile support is enabled by running the setup program
with the -l option (see Section 2.4.5.2 (page 38)).
2.3 Guided installation (autosetup)
The guided installation greatly simplifies installation of LDAP-UX into a Windows domain. Setting
up an HP-UX client with LDAP-based security can be accomplished in a matter of moments. The
information required for installation is kept to an absolute minimum. For example, the only
information required when installing and configuring LDAP-UX into an existing domain is the name
of the directory server or the name of the domain being joined, as well as the credentials of a user
who is permitted to join the host to the domain. The guided installation can automatically discover
the ADS server if the HP-UX host is using the Windows DNS server for that domain. While the
guided installation (autosetup) is intended to be an interactive utility, you can use command-line
options to specify input required by the utility and make it completely automated. The command-line
options are described in detail in Section 2.3.2 (page 18).
While one of the strengths of LDAP-UX is its ability to integrate into any environment using a variety
of configuration options, the guided installation configures LDAP-UX with the most commonly-used
installation settings that support trusted integration into a Windows domain. To assure that the
associated Active Directory Server is trusted in the security management space for HP-UX, the
guided installation requires that the Active Directory Server be enabled for SSL support.
NOTE: SSL/TLS protocols support a variety of different cryptographic algorithms (ciphers) for
use in authentication operations between server and client, certificate transmissions, and session
key establishment. If a cipher is found to be flawed and subject to attack, administrators of HP-UX
and the directory server would need to know about their vulnerability. Ciphers can be disbled in
the directory server. For information about SSL/TLS ciphers and which ones are supported by
LDAP-UX, see Section 2.4.6.3 (page 52).
The guided installation supports two basic installation modes:
• Installing LDAP-UX for the first time in a Windows domain (First Installation into a Windows
Domain mode): In this mode, LDAP-UX Client Services is being set up for the first time in the
Windows environment. The guided installation process discovers information about your
2.3 Guided installation (autosetup) 15