LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
is shared with subsequently-configured client systems). For a detailed description of object
classes, see “LDAP-UX Client Services object classes” (page 406).
If the schema has already been extended, setup skips this step. Otherwise, to extend the
schema, enter the DN and password of a directory user who can extend the directory schema
(see “Configuration worksheet” (page 403)).
NOTE: If you ran the setup program using the -l option to maintain a local-only profile
(instead of having setup import the profile schema with LDAP-UX Client Services object class
DUAConfigProfile into your directory server), you are not asked whether to import the profile
schema; however, you are still prompted for the DN and password, as they are necessary if
the administrator wants to install other schema.
NOTE: Previous versions of Windows ADS required you to install SFU with Server for NIS
to extend Active Directory schema defined in RFC 2307; Windows 2003 R2 or 2008 Active
Directory Server already provides you with the RFC2307 schema, which is compliant with
the IETF RFC 2307 standard.
6. If the new automount schema has already been imported, setup skips this step.
Otherwise, you are asked whether or not you want to install the new automount schema which
is based on RFC 2307-bis. Enter yes to extend the new automount schema into the directory
server. Enter no if you do not want to import new automount schema into the directory server.
The setup program skips to step 7 if you enter no.
7. For new profiles, the profile object must be created under the
ConfigurationNamingContext container, which is usually CN=system, <domain
root>, or it can be created under any path with an object class of Container. These
container entries must exist before any new profile entries can be created.
8. Enter either the DN of a new profile, or the DN of an existing profile, from “Configuration
worksheet” (page 403).
To display all the profiles in the directory, use a command like the following:
ldapsearch -D <directory user> -w <credentials> -s sub
-b "CN=System, DC=cup, DC=hp, DC=com" -h <Active Directory host>
-p <Active Directory port> objectclass=DUAConfigProfile
If you are using an existing profile, setup configures your client, downloads the profile, and
exits. In this case, continue by going to Section 3.4.6.3 (page 149).
9. If you are creating a new profile, enter the DN and password of a directory user who can
create a new profile, from “Configuration worksheet” (page 403).
10. Select the default attribute map set (RFC 2307) by pressing Enter.
11. The setup program now detects the value of the enable_startTLS parameter. It also
verifies whether the cert8.db and key3.db certificate database files exist on your client
system. If these files do not exist, setup skips this step.
If the value of the enable_startTLS parameter is 0 (disabled) or undefined, you are asked
whether you want to use SSL or not. Enter yes if you want to use SSL for the secure
communication between LDAP clients and the Windows 2003 R2 or 2008 Active Directory
Server. Enter no if you don't want to use SSL. Continue to step 12.
Otherwise, if the value of the enable_startTLS parameter is 1 (enabled), you are asked
whether you want to use TLS or not. Enter yes if you want to use TLS for the secure
communication between LDAP clients and the Windows 2003 R2 or 2008 Active Directory
Server. Enter no if you don't want to use TLS. Continue to step 12.
3.4 Customized installation (setup) for a Windows ADS environment 141