LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
After you install and configure the LDAP directory or the Active Directory, and migrate your name
service data into it, HP-UX client systems locate the directory from a startup file. As shown in
Figure 6, the startup file tells the client system how to download a configuration profile from the
directory.
Figure 6 Local startup file and the configuration profile
Directory
Configuration
profile
LDAP-UX client
Startup
file
Configuration
profile
The shared configuration
profile is stored in the
directory and downloaded
to all LDAP-UX clients.
The startup file points
to the configuration
profile in the directory.
The configuration profile is a directory entry containing configuration information common to many
clients. Storing this information in the directory enables you to maintain it in one place and share
it among many clients rather than storing it redundantly across clients. Because the configuration
information is stored in the directory, each client simply needs to know where its profile is, which
is indicated by the startup file. Each client downloads the configuration profile from the specified
directory.
The configuration profile is an entry in the directory containing details on how clients are to access
the directory, such as:
• Where and how clients must search the directory for user, group, and other name service
information.
• How clients must bind to the directory: anonymously or as a proxy user. Anonymous access
is simplest and used most often because most data in the directory server is not considered
confidential. However, sometimes directory administrators do not allow anonymous access
(Active Directory definitely does not allow anonymous access), in which case a proxy user is
created to represent the OS and its users. With a proxy user, the OS can be granted access
to the data in the directory server. The proxy user credential (user ID and password) is stored
in the /etc/opt/ldapux/pcred file. Additionally, in some instances, administrators may
want to define an administrator proxy (Admin Proxy) credential. This credential is used to
represent administrators of the HP-UX OS, and may be used with administration tools such as
ldapugmod or ldaphostmgr, or may be used when NIS public keys are managed in the
directory server (management of NIS public keys in Active Directory is not supported). The
administrator credential (user ID and password) is stored in the /etc/opt/ldapux/acred
file.
The /etc/opt/ldapux/pcred file is created automatically by autosetup, which configures
the host entry as a proxy user. To manually configure a proxy user or Admin Proxy, use the
ldap_proxy_config tool. For information about this tool, see Section 9.2.6 (page 280).
NOTE: While the user credentials stored in the pcred and acred files are not visible as
plain text, the pcred and acred files are not encrypted. Access must be restricted to these
files.
• Other configuration parameters such as search time limits.
1.2 How LDAP-UX Client Services works 21