LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

271

272

273

274

275

276

277

278

279

280

chef (): /opt/ldapux/bin/ldapentry -m "$profiledn"

Press <return> to accept default Directory login: "uid=domadmin,ou=People,dc=mydomain,dc=example,dc=com"

Directory login:

Default accepted. "uid=domadmin,ou=People,dc=mydomain,dc=example,dc=com"

password:

You are then placed in an editor window, where you can add a central configuration policy.

Bolded text in the following example indicates what items were added:

version: 1

dn: cn=mydomain-ldapuxProfile,ou=Services,ou=Configuration,dc=mydomain,dc=example,dc=com

objectClass: top

objectClass: DUAConfigprofile

objectClass: configurableService

cn: mydomain-ldapuxProfile

preferredServerList: 127.0.0.1:389

defaultSearchBase: dc=mydomain,dc=example,dc=com

bindTimeLimit: 5

authenticationMethod: tls:simple

credentialLevel: proxy

attributeMap: passwd:userpassword=*NULL*

attributeMap: shadow:userpassword=*NULL*

attributeMap: group:memberUid=member uniqueMember memberUid

serviceSearchDescriptor: passwd:ou=People,

serviceSearchDescriptor: shadow:ou=People,

serviceSearchDescriptor: group:ou=Groups,

serviceSearchDescriptor: pam:ou=People,

serviceSearchDescriptor: rpc:ou=Services,

serviceSearchDescriptor: protocols:ou=Services,

serviceSearchDescriptor: networks:ou=Services,

serviceSearchDescriptor: hosts:ou=Hosts,

serviceSearchDescriptor: services:ou=Services,

serviceSearchDescriptor: printers:ou=Services,

serviceSearchDescriptor: automount:ou=Services,

serviceSearchDescriptor: netgroup:ou=Groups,

cfgGlobalPolicyDN: cn=mydomain-ldapuxProfile,dc=mydomain,dc=example,dc=com

serviceConfigParam: ssh/client/ssh_config:useldaphostkey yes

serviceConfigParam: ssh/client/ssh_config:updatekeyfromldap no

serviceConfigParam: ssh/server/sshd_config:useldaphostkey yes

In this example, the cfgGlobalPolicyDN attribute was added; it points to an entry that contains

the serviceConfigParam attributes. In this case, the cfgGlobalPolicyDN points back to the

profile entry itself, and the serviceConfingParam attributes were added directly to the same

configuration profile entry.

The format of the serviceConfigParam value is in two parts. The first part is a hierarchical

description of the service being configured. The second part is the specific parameter being

managed. The format of the service description is:

baseService/serviceSubsystem/...:

And the format for the parameter section is specific to the configuration file being managed. For

the ssh_config file, the following service description is used:

ssh/client/ssh_config:

For the sshd_config file, the following service description is used:

ssh/server/sshd_config:

In the previous example, useldaphostkey is being centrally managed, and will be added to

any host that is part of the same LDAP-UX domain. The following shows an example of how the

ssh_config file is changed:

# buffer size for hpn to non-hpn connections

# HPNBufferSize 2048

# Cipher 3des

# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

# EscapeChar ~

# Tunnel no

# TunnelDevice any:any

# PermitLocalCommand no

# Turn on/off Visual Fingerprinnt Display mode

# VisualHostKey no

8.5 Centrally managing ssh configuration 273