LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

111

112

113

114

115

116

117

118

119

120

• /etc/pam.conf

• /etc/nsswitch.conf

• /etc/opt/ldapux/acred if the /etc/opt/ldapux/acred file exists

• cert8.bd and key3.db files, if SSL is enabled

Set all file access mode permission to be the same as those of the first client being configured.

3. Enable the LDAP-UX configuration profile as follows:

cd /opt/ldapux/config

./create_profile_cache

Alternatively you could interactively run the setup program to download the profile from the

directory and respond no when asked if you want to change the current configuration:

cd /opt/ldapux/config

./setup

If you are using multiple Windows domains, download profiles for the GCS and each remote

domain. For information about downloading these profiles, see Section 4.3 (page 160).

4. If you are using a proxy user, configure and verify the proxy user by calling

ldap_proxy_config as follows:

cd /opt/ldapux/config

./ldap_proxy_config -v

5. Verify the LDAP-UX Client Services installation and configuration on the client, as described

in Section 2.5.2 (page 91) (for an HP directory server environment) or Section 3.5.2 (page 152)

(for a Windows ADS environment).

2.5.8 Downloading the profile periodically

Using the setup program, you can define a time interval after which the current profile is

automatically refreshed. The start time for this periodic refresh is determined by the time the setup

program completes and the value defined for ProfileTTL. Therefore, setup does not allow

you to define a specific time of day when the profile should be downloaded (refreshed). For more

information, see the ldapclientd(1) manpage.

If you want to manually determine the time when the profile is downloaded, you can use the

following steps, which are applicable to both HP directory server and Windows ADS environments

(readers of “Installing and configuring LDAP-UX Client Services for a Windows ADS environment”

(page 114) are referred to this section for information about downloading profiles):

NOTE: This note pertains to Windows ADS environments only: Starting with the B.03.00 release,

if multiple Windows domains are configured, one profile exists for each domain rather than just

one profile for the entire system.

1. When creating your profile entry using setup, set the ProfileTTL value to 0.

2. Using the command get_profile_entry -s nss, write a shell script that downloads the

profile. The following is an example that downloads the profile from the directory. Modify this

example for your environment. It also compares the new and old profiles and emails a status

message:

#!/bin/ksh

cp /etc/opt/ldapux/ldapux_profile.ldif /etc/opt/ldapux/ldapux_profile.sav

/opt/ldapux/config/get_profile_entry -s nss 2>&1>/tmp/profile.upd$$

diff /etc/opt/ldapux/ldapux_profile.ldif \

/etc/opt/ldapux/ldapux_profile.sav >> /tmp/profile.upd$$

if [ -s /tmp/profile.upd$$ ]; then

cat /tmp/profile.upd$$ | mailx -s "Profile cache

refreshed." root@sys01

else

echo "No changes." | mailx -s "Profile cache refreshed."

root@sys01

2.5 Postinstallation configuration tasks 111