Manualshelf

LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
NOTE: If you are planning a first-time deployment of managing user and group data in the
directory server, HP suggests that you devise a strategy to avoid UID number and GID number
overlap. Most likely, you will need to continue managing some accounts that are local to the hosts
in the LDAP-UX domain. Often the root user, and sometimes application accounts (such as www for
the httpd process) remain managed in the local /etc/passwd file. Devise a convention
establishing a range for UID numbers and one for GID numbers such that accounts and groups in
LDAP do not conflict with those on the local hosts. For example, accounts in LDAP could all have
UID numbers greater than 1000, while accounts on local hosts would be restricted to UID numbers
less than 1000.
For information about ensuring that user and group numbers to be migrated or imported into a
directory server do not collide with the ones already on the HP-UX host, see Section 2.5.1.1
(page 53).
NOTE: When configuring and setting up LDAP-UX, you will likely be prompted for credentials
of an administrator. If you are asked to enter the credentials (password) of a user, make sure that
the connection between your client (where you are running autosetup) and the HP-UX system is
secured and not subject to network eavesdropping. One option to protect such communication
may be to use the ssh protocol when connecting to the HP-UX host being configured.
2.3.3.1 Interactively running First Installation into a Windows Domain mode
To interactively install LDAP-UX into a Windows domain for the first time (where there is no existing
LDAP-UX configuration profile), follow these steps. This example assumes that you have pre-installed
a CA certificate, as described in step 2. If you have not installed the domain’s CA certificate, you
will be prompted to answer whether to trust the directory server, which cannot be positively
identified.
1. Log in as root and run the autosetup command, as shown in the following example:
# /opt/ldapux/config/autosetup
2. The autosetup script searches for any registered directory servers, querying the DNS server
of the Windows domain but does not find one, as indicated in the following example.
NOTE: If a registered directory server is found, autosetup uses that directory server
automatically unless you specify another using the -h option or the LDAP_HOSTPORT
environment variable. The installation and configuration would be similar to that which follows.
The script gives you the option of entering the host name and port of an existing directory
server, or of specifying an existing Windows domain name. The installer specifies
hpdhcalif.nwest.acme.com:389 for the host name and port.
Scanning DNS domain "west.acme.com" for any registered LDAP directory servers...
- No directory servers found.
Please enter the host name and port number of a directory server
[hostname:port], or a Windows domain name: hpdhcalif.nwest.acme.com:389 Return
22 Installing LDAP-UX Client Services