LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
cd /opt/ldapux/config
./display_profile_cache
You can also find out from where in the directory the client downloaded the profile by displaying
the file /etc/opt/ldapux/ldapux_client.conf and looking for the line beginning with
PROFILE_ENTRY_DN, for example:
ldapcfinfo -P
dn: cn=example-ldapuxProfile,ou=Services,ou=Configuration,dc=example,dc=acme,dc=com
hostssl: 192.192.96.116:389
You can also find the profile location by using the following command:
/opt/ldapux/bin/ldapcfinfo -P
7.10.2 Modifying a configuration profile
For an HP directory server, you can modify an existing profile directly by using your directory
administration tools, such as the HPDS Directory Server Console. (For information about using your
directory's administration tools, see the appropriate directory server documentation.) For Windows
ADS, you can modify an existing profile directly by using the Active Directory Services Interface
(ADSI) and the ADSIedit utility on a Windows host, performing the steps described in
Section 7.10.2.2 (page 245). For either directory server environment, you can use the ldapentry
tool to modify a profile, as described in Section 7.10.2.1 (page 245).
After modifying a profile, each client that regularly downloads its profile automatically will get the
changes as scheduled. For information about downloading the profile automatically, see
Section 2.5.8 (page 111). LDAP-UX Client Services does not support automatic downloading of the
LDAP-UX profile when used with SASL/GSSAPI authentication using a host or service principal,
where that principal's key is stored in a Kerberos keytab file. For information about how to download
the profile manually, see Section 7.3.4 (page 199).
For a description of the DUAConfigProfile object class used for LDAP-UX configuration profiles, its
attributes, and what values each attribute can have, see RFC 4876 and “LDAP-UX Client Services
object classes” (page 406).
7.10.2.1 Using ldapentry to modify a profile
In an HP directory server environment only, the ldapentry tool can also be used to modify the
existing profile. This can be done with the following command:
DNPROFILE=`/opt/ldapux/bin/ldapcfinfo -P | grep "^dn:" | cut -d" " -f
2-`
$ /opt/ldapux/bin/ldapentry -m "$DNPROFILE"
$ cd /opt/ldapux/config
$ ./get_profile_entry -s nss
7.10.2.2 Using Windows ADSI and ADSIedit to modify a profile
1. Determine the location of the currently used configuration profile, as described in Section 7.10.1
(page 244).
2. On a Windows host, use ADSIedit to modify the appropriate attributes and values.
3. If profileTTL was previously set in the profile, ldapclientd will periodically update the
configuration on all clients (for information about enabling periodic updates, see Section 3.5.6
(page 158)). If profileTTL was not set, or you want to force an immediate update, use the
following command to download and install the current configuration profile:
/opt/ldapux/config/get_profile_entry -s NSS
7.10 Managing the LDAP-UX configuration profile 245