LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

LDIF, edit the LDIF, then import the LDIF into your directory. For example, you could manually

add the unixAccount attributes to your existing entries under CN=Users and add their HP-UX

information there.

• Ensure that the user and group numbers to be imported or migrated do not collide with those

already on the HP-UX host (see “Ensure user and group numbers do not collide with those

already on the HP-UX host” (page 53)).

2.5.1.1 Ensure user and group numbers do not collide with those already on the HP-UX host

Before you import users into Windows ADS, make sure no users or groups to be managed in the

directory server collide with users or groups managed in the /etc/passwd and /etc/group

files on the HP-UX hosts being managed in the domain. To avoid UID number or GID number

collisions, a best practice is to establish separate UID and GID number ranges used on the HP-UX

host from those that will be used for directory entries. For example, all UID numbers less than 1000

could be reserved for entries in the /etc/passwd and /etc/group files.

2.5.1.2 Steps to importing name service data

To import your user, group, and other services data into your directory, complete the following

steps, modifying them as necessary.

1. Decide which migration method and scripts you will use.

Migration scripts are provided to ease the task of importing your existing name service data

into your Active directory. Refer to the “Command and tool reference” chapter of the LDAP-UX

Client Services Administrator's Guide for a complete description of the scripts, what they do,

and how to use them. Modify the migration scripts, if needed.

2. Back up your directory.

3. Run the migration scripts.

4. If the method you used above did not already import your data, use ldapmodify to import

the LDIF file into your directory.

2.5.2 Verifying LDAP-UX Client Services for Single Domain

This section describes some simple ways you can verify the installation and configuration of your

LDAP-UX Client Services. You may need to do more elaborate and detailed testing, especially if

you have a large environment.

If any of the following tests fail, see Section 6.19 (page 134).

1. Use the nsquery

command to test the name service:

nsquery lookup_type lookup_query [lookup_policy]

For example, to test the name service switch to resolve a username lookup, enter:

nsquery passwd username ldap

where username is the login name of a valid user whose POSIX account information is in

the directory. You should see output something like the following depending on how you have

configured /etc/nsswitch.conf:

Using "ldap" for the passwd policy.

Searching ldap for jbloggs

User name: jbloggs

user Id: 10000

Group Id: 2000

Gecos:

Home Directory: /home/jbloggs

Shell: /bin/sh

Switch configuration: Terminates Search

1. nsquery is a contributed tool included with the ONC/NFS product. For more information, see the nsquery(1) manpage.

2.5 Post-installation configuration tasks 53