LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

141

142

143

144

145

146

147

148

149

150

19. For Active Directory, you must set access to the directory by proxy user because anonymous

binding does not grant enough access right to an Active Directory. Enter the DN and password

of your proxy user from “Configuration worksheet” (page 403).

20. Enter the maximum time in seconds the client should wait for binding to the directory before

aborting ("bind time"). Enter 0 for no time limit.

CAUTION: The default client binding time is 5 seconds. Depending on the load on your

directory, this default value might not be high enough to service all database requests.

21. Enter the maximum time in seconds the client should wait for directory searches before aborting.

Enter 0 for no time limit.

22. Enter the Profile Time To Live (TTL) value. This value defines the time interval between

automatic downloads (refreshes) of new configuration profiles from the directory. Automatic

refreshing ensures that the client is always configured using the newest configuration profile.

If you want to disable automatic refresh or manually control when the refresh occurs, enter a

value of 0. Refer to Section 3.5.6 (page 158)

23. In this step, the setup program initiates a dialog where you can remap the standard object

class attributes to alternate attributes. You might want to do this if the attributes in your directory

do not conform to the object classes defined in RFC 2307.

You can remap the attributes for any of the supported services. For a list of supported services,

see “LDAP-UX Client Services object classes” (page 406).

NOTE: Make sure that the attribute names are entered correctly to avoid unpredictable

results later.

For a description of the standard object classes and attributes, see RFC 2307 at:

http://www.ietf.org/rfc/rfc2307.txt

The setup program displays the following dialog:

LDAP-UX Client Services supports the following services:

1.Password 7.Networks

2.Shadow passwd 8.Hosts

3.Group 9.Services

4.PAM (Pluggable Authentication Module)10.Printers

5.RPC 11.Automount

6 Protocols

Each services uses a standard object class (defined by RFC 2307)

You can remap any of these attributes to alternate attributes.

Do you want to remap any of the standard RFC 2307 attributes?

If you want to remap object class attributes for any of the supported services, enter yes. For

information about remapping the attributes, see Section 3.4.6.2.1 (page 146).

Enter no to this prompt to continue to step 25 of the setup process.

24. In this step, the setup program initiates a dialog where you can create a custom search

descriptor. A custom search descriptor enables you to specify a different search location or

filter for retrieving entries for services supported by LDAP-UX Client. Each name service can

have up to three different search descriptors. A custom search descriptor consists of three

parts: a search base DN, scope, and filter.

NOTE: Custom search descriptors have no relevance for PAM Kerberos. PAM Kerberos is

the only certified authentication method for LDAP-UX Client Services with Active Directory.

Each service can have up to three different search descriptors. The client uses the search

descriptors in order until it finds what it is looking for.

3.4 Customized installation (setup) for a Windows ADS environment 143