LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

241

242

243

244

245

246

247

248

249

250

7.9.4 Changing from anonymous access to proxy access

This section does not apply to Windows ADS.

Your directory administrator may decide to change the directory server security policy and disallow

anonymous access to data hosted on the server. In this case, you would need to add a proxy user

and change the configuration profile to require proxy access.

If you have anonymous access and you want to change to using a proxy user, do the following:

1. Create the proxy user in the directory. With HP-UX Directory Server, you can use the Directory

Server Console. Select the Users and Groups tab, and then click on the Create button. For

example, you might create a user uid=proxyuser,ou=Special Users,o=hp.com.

2. Register the proxy user and password in the /etc/opt/ldapux/pcred file, following the

steps described in 7.9.3 Creating a new proxy user (page 242). Repeat this step for each

LDAP-UX client that uses the same profile. Alternately, you can copy the

/etc/opt/ldapux/pcred file to each host.

3. Change the credentialLevel attribute in your profile to be "proxy". Use the process

described in 7.10.2 to modify the profile.

If you want proxy access with anonymous access as a backup if proxy access fails, change

credentialLevel to be "proxy anonymous".

You can verify that the proxy user is configured with display_profile_cache and

ldap_proxy_config. The display_profile_cache command displays the current

configuration profile, including the credential level, which is either "proxy," "anonymous," or

"proxy anonymous." The ldap_proxy_config command displays and verifies the proxy user

the client is configured to use. For more information, see Section 9.2.4 (page 280), Section 9.2.6

(page 280), and Section 9.2.5 (page 280).

7.9.5 Changing from proxy access to anonymous access

This section does not apply to Windows ADS.

If you are using proxy access and you want to change to using anonymous access, do the following:

1. Change the credentialLevel attribute in your profile to be "anonymous", using directory

administration tools such as the HPDS Directory Server Console.

2. Download the profile to the client. If you have an automated process to download the profile,

you can wait until it executes. Or you can download the profile manually as described in

Section 2.5.8 (page 111).

3. Remove the proxy information:

cd /opt/ldapux/config

./ldap_proxy_config -e

4. Optionally, remove the proxy user from the directory if you no longer need it. With HP-UX

Directory Server, you can use the Directory Server Console.

7.10 Managing the LDAP-UX configuration profile

The LDAP-UX configuration profile /etc/opt/ldapux/ldapux_profile.bin (the configuration

profile translated from ldapux_profile.ldif in binary format) is a directory entry containing

configuration information common to many clients. Each client downloads the configuration profile

from the directory. This section explains the management operations pertaining to the configuration

profile.

7.10.1 Displaying the current configuration profile

You can display the profile in use by any client by running

/opt/ldapux/config/display_profile_cache on that client. The current profile is in the

binary file /etc/opt/ldapux/ldapux_profile.bin.

244 Administering LDAP-UX Client Services