LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
NOTE: When configuring and setting up LDAP-UX, you will likely be prompted for credentials
of an administrator. If you are asked to enter the credentials (password) of a user, make sure that
the connection between your client and the HP-UX system (where you are running setup) are secured
and not subject to network eavesdropping. One option to protect such communication might be
to use the ssh protocol when connecting to the HP-UX host being configured.
If you want to use SSL or TLS, you must perform the following tasks before you run the setup
program:
• Ensure to have the certificate database files, cert8.db and key3.db, on your client system.
To create these database files using the certutil utility, see Section 2.4.6.4 (page 82).
NOTE: If you already have the certificate database files cert8.db and key3.db on your
client for your HP-UX applications, you can simply create a symbolic link /etc/opt/ldapux/
cert8.db that points to cert8.db, and /etc/opt/ldapux/key3.db that points to
key3.db.
• If you choose to use TLS, set the enable_startTLS parameter to 1 in the /etc/opt/
ldapux/lldapux_client.conf file to enable TLS. To use SSL, set enable_startTLS
to 0 to disable TLS. By default, TLS is disabled. For more information about configuring LDAP-UX
Client Services with TLS or SSL support, see Section 2.4.6 (page 78).
• You must install and configure PAM Kerberos product before you run the setup program.
For information about installing the PAM Kerberos product, see Section 3.4.6.1 (page 139).
• Configure the Kerberos configuration file /etc/krb5.conf to specify the default realm, the
location of a KDC server and the logging file name. For information about configuring the
Kerberos configuration file, see Section 3.4.6.3 (page 149). For a sample of the /etc/
krb5.conf file, see “Sample /etc/krb5.conf file” (page 434).
• Create a new proxy user, as described in Section 7.9.3 (page 242).
• Configure the PAM Kerberos library, libpam_krb5.so.1 in the PAM configuration file,
pam.conf. For information about configuring this library and a sample PAM configuration
file, see “Sample PAM configuration (pam.conf) files ” (page 420).
1. Log in as root and run the setup program:
cd /opt/ldapux/config
./setup
The setup program asks you a series of questions and usually provides default answers.
Press Enter to accept the default, or change the value and press Enter. At any point during
setup, press Control-b to return to the previous screen or press Control-c to exit setup.
NOTE: To use a local-only profile, run the setup program using the -l option . Use the
local-only profile for small deployments, testing purposes, and for environments where
administrators lack server administrative privileges.
2. Select Windows 2003 R2 or 2008 as your directory server (option 2).
3. Enter either the host name or IP address of the directory server where your profile exists, or
where you want to create a new profile.
4. Enter the port number of the previous specified directory server that you want to store the
profile, from “Configuration worksheet” (page 403). The default port number is 389.
5. The setup program verifies that the directory's profile schema has been extended with the
LDAP-UX Client Services object class DUAConfigProfile. This must be done once (the schema
140 Installing and configuring LDAP-UX Client Services for a Windows ADS environment