Manualshelf

LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
1. Plan your installation (see Section 2.4.2 (page 28)).
2. Install LDAP-UX Client Services on each client system (see Section 2.4.3 (page 33)).
3. Install and configure the Active Directory, if not already done (see Section 2.4.4 (page 34)).
4. Install the PAM Kerberos product (see Section 2.4.5.1 (page 37))
5. Run the setup program to configure LDAP-UX Client Services on a client system (see
Section 2.4.5.2 (page 38)). Setup does the following for you:
Extends your Active Directory schema with the configuration profile schema, if not already
done.
NOTE: To use a local-only profile, run the setup program using the -l option . Use the
local-only profile for small deployments, testing purposes, and for environments where
administrators lack server administrative privileges.
Creates a start-up file on the client. This enables each client to download the configuration
profile.
Creates a configuration profile of directory access information in the directory, to be
shared by a group of (or possibly all) clients.
If the ADS multiple domains feature has been selected, Setup will also create the remote
domains profiles, Global Catalog server (GCS) profile, or both.
Downloads the configuration profile from the directory to the client.
Starts the product daemon, ldapclientd, if you choose to start it.
6. Section 2.4.5.3 (page 46)).
7. Specify LDAP name service (see Section 2.4.5.4 (page 47)).
8. Optionally, configure the PAM Authorization Service Module (PAM_AUTHZ) to control access
rules defined in a policy file (this is a step that can be performed while configuring LDAP-UX
Client Services (see Section 2.4.5.5 (page 47)); for more information about configuring this
service, see Section 6.4 (page 98)).
9. Optionally, configure the disable login flag (disable_uid_range) to disallow specific users
to log in to the local system (see Section 2.4.5.6 (page 47)).
10. If you attempt to enable SSL or TLS support with LDAP-UX, configure your LDAP server to
support SSL or TLS (see Section 2.4.6 (page 48)).
11. Migrate your supported name service data to the directory. Refer to Section 2.5.1 (page 52).
12. Verify each client is working properly (see Section 2.5.2 (page 53)).
13. Enable AutoFS support (see Section 2.5.3 (page 55)).
14. Prevent unwanted users from accessing the system through LDAP (“Preventing unwanted users
from accessing the system through LDAP” (page 60)).
15. Configure subsequent clients, using shortcuts described in Section 2.5.5 (page 61) .
2.4.2 Planning your customized installation
Before beginning your installation, plan how to set up and verify your Active Directory and your
LDAP-UX Client Services environment. Consider the following questions. Record your decisions and
configuration information in Appendix A (page 145).
Will Active Directory be set up with a single domain or multiple domains?
Starting from the release of B.03.00, LDAP-UX allows you to store your password and group
data in multiple domains. You need to decide if you want to store data in a single domain or
multiple domains. If multiple domains are selected, decide how to group data into different
domains. Data could be grouped based on organization, geography, or any variable
appropriate to your environment.
28 Installing LDAP-UX Client Services