Manualshelf

LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
111112113114115116117118119120
NOTE: SSL/TLS protocols support a variety of different cryptographic algorithms (ciphers) for
use in authentication operations between server and client, certificate transmissions, and session
key establishment. If a cipher is found to be flawed and subject to attack, administrators of HP-UX
and the directory server must know about their vulnerability. Ciphers can be disabled in the directory
server. For information about SSL/TLS ciphers and which ones are supported by LDAP-UX, see
Section 2.4.6.5 (page 84).
The guided installation supports the following basic installation modes:
Installing LDAP-UX for the first time in a Windows domain (First Installation into a Windows
Domain mode): In this mode, LDAP-UX Client Services is being set up for the first time in the
Windows environment. The guided installation process discovers information about your
existing Active Directory Server and directory information tree and configures a new LDAP-UX
profile to follow the standard layout and attributes defined for an ADS domain.
The guided installation prompts for several parameters, depending on the exact circumstances.
These might include the DN and password of a user (the domain administrator, by default)
who has sufficient privileges to add the local host to the Windows domain.
The script gives you the option of entering the host name and port of an existing Active Directory
Server, or of specifying an existing Windows domain name. If you specify a remote host
where an existing ADS exists, the guided installation might not be able to validate the identity
of the directory server unless a valid domain (CA certificate) or server certificate has already
been installed on the host being configured. If a certificate does not exist there, you are given
the option of having the guided installation download and install the CA or server certificate
without assuring trust with the directory server unless the certificate is validated with the original.
For more information about retrieving the appropriate certificate for validation, see
Section 2.4.6.4 (page 82).
For an example and instructions for performing the First Installation into a Windows Domain
mode guided installation, see Section 3.3.3 (page 122).
Installing Additional HP-UX Hosts into a Windows Domain (Existing Windows LDAP-UX
Configuration mode): In this mode, LDAP-UX has already been configured in the environment
(an LDAP-UX configuration profile already exists). You can then use the guided installation to
join the HP-UX host to an existing Windows ADS domain. The guided installation simply
downloads the existing domain configuration and registers the host in the domain.
For an example and instructions for performing the Existing Windows LDAP-UX Configuration
mode guided installation, see Section 3.3.4 (page 124).
116 Installing and configuring LDAP-UX Client Services for a Windows ADS environment