LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
5. Verify the installation and configuration of your LDAP-UX Client Services, as described in
“Verifying LDAP-UX Client Services for Single Domain” (page 53).
2.5.6 Downloading the profile periodically
The product setup program, /opt/ldapux/setup, allows you to define a time interval after
which the current profiles are being automatically refreshed. The start time for this periodic refresh
is defined by the time the setup program was run and the value defined for ProfileTTL. Therefore,
it does not allow you to define a specific time of day when the profiles should be downloaded
(refreshed).
NOTE: Starting with the B.03.00 release, if multiple domains are configured, there will be a
profile for each domain rather than just one profile for the entire system.
For more detailed information, refer to the ldapclientd(1m) manpage.
If you would like to manually control when you want to download the profile, you can use the
following steps:
1. When creating your profile entry using setup, set the ProfileTTL value to 0.
2. Using the command get_profile_entry -s nss, write a shell script that downloads the
profile. Below is an example that downloads the profile from the directory. Modify this example
for your environment. It also compares the new and old profiles and emails a status message:
#!/bin/ksh
cp /etc/opt/ldapux/ldapux_profile.ldif
/etc/opt/ldapux/ldapux_profile.sav
/opt/ldapux/config/get_profile_entry -s nss 2>&1 /tmp/profile.upd$$
diff /etc/opt/ldapux/ldapux_profile.ldif
/etc/opt/ldapux/ldapux_profile.sav >> /tmp/profile.upd$$
if [ -s /tmp/profile.upd$$ ]; then
cat /tmp/profile.upd$$ | mailx -s "Profile cache
refreshed." root@sys01
else
echo "No changes." | mailx -s "Profile cache refreshed."
root@sys01
fi
rm -f /etc/opt/ldapux/ldapux_profile.sav
rm -f /tmp/profile.upd$$
3. Use the crontab command to create a crontab file (or edit your existing crontab file)
and specify how frequently you want the profile to be downloaded. For example, assuming
the script above is in the file /ldapux/download_ldap_profile, the following crontab
specification specifies that /ldapux/download_ldap_profile be executed nightly at
midnight:
0 0 * * * /ldapux/download_ldap_profile
For more information about the crontab command, see the crontab(1) manpage.
4. Log in as root and schedule the job with the crontab command. For example, assuming the
crontab entry above is in the file crontab.profile, the following schedules the profile
download:
crontab crontab.profile
2.6 Unconfiguring LDAP-UX (removing the host from the ADS domain)
To remove the LDAP-UX configuration (remove the host from the Windows ADS domain), use the
netleave command located in /opt/ldapux/config. This command supports the following
command-line options:
-D privileged_user_DN Specifies the distinguished name (DN) of a user who has sufficient
directory server privileges to remove a computer account. This
62 Installing LDAP-UX Client Services