LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
4. Enter the port number of the previous specified directory server that you want to store the
profile, from Appendix A (page 145). The default port number is 389.
5. Setup will check the directory to see if the profile schema has been extended with the LDAP-UX
Client Services object class DUAConfigProfile. This must be done once (the schema is shared
with subsequently-configured client systems). See Appendix B (page 146) for a detailed
description of object classes.
If the schema has already been extended, setup skips this step. Otherwise, to extend the
schema, enter the DN and password of a directory user who can extend the directory schema
(refer to Appendix A (page 145)).
NOTE: If you ran the setup program using the -l option to maintain a local-only profile
(instead of having setup import the profile schema with LDAP-UX Client Services object class
DUAConfigProfile into your directory server), you are not asked whether to import the profile
schema; however, you are still prompted for the DN and password, as they are necessary if
the administrator wishes to install other schema.
NOTE: Previous versions of Windows ADS required you to install SFU with Server for NIS
to extend Active Directory schema defined in RFC 2307; Windows 2003 R2/2008 Active
Directory Server already provides you with the RFC2307 schema, which is compliant with
the IETF RFC 2307 standard.
6. If the new automount schema has already been imported, setup skips this step.
Otherwise, you will be asked whether or not you want to install the new automount schema
which is based on RFC 2307-bis. Enter "yes" to extend the new automount schema into the
directory server. Enter "no" if you do not want to import new automount schema into the
directory server. Setup skips to step 7 if you enter "no".
7. For new profiles, the profile object must be created under the 'ConfigurationNamingContext'
container, which is usually CN=system, <domain root>, or it can be created under any
path with an object class of 'Container'. These container entries must exist before any new
profile entries can be created.
8. Enter either the DN of a new profile, or the DN of an existing profile, from Appendix A
(page 145).
To display all the profiles in the directory, use a command like the following:
ldapsearch -D <directory user> -w <credentials> -s sub
-b "CN=System, DC=cup, DC=hp, DC=com" -h <Active Directory host>
-p <Active Directory port> objectclass=DUAConfigProfile
If you are using an existing profile, setup configures your client, downloads the profile, and
exits. In this case, continue by going to Section 2.4.5.3 (page 46).
9. If you are creating a new profile, enter the DN and password of a directory user who can
create a new profile, from Appendix A (page 145).
10. Select the default attribute map set (RFC 2307) by pressing Return.
11. Setup now checks the value of the enable_startTLS parameter. Setup also checks if the
certificate database files, cert8.db and key3.db, exist on your client system. If these files
do not exist, setup skips this step.
If the value of the enable_startTLS parameter is 0 (disabled) or undefined, you will be
asked whether you want to use SSL or not. Enter "yes" if you want to use SSL for the secure
communication between LDAP clients and the Windows 2003 R2 or 2008 Active Directory
Server. Enter "no" if you don't want to use SSL. Continue to step 12.
Otherwise, if the value of the enable_startTLS parameter is 1 (enabled), you will be asked
whether you want to use TLS or not. Enter "yes" if you want to use TLS for the secure
communication between LDAP clients and the Windows 2003 R2 or 2008 Active Directory
Server. Enter "no" if you don't want to use TLS. Continue to step 12.
2.4 Customized installation (setup) 39