LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
2.3.1 What autosetup does
As mentioned, the guided installation (autosetup) greatly simplifies the configuration process.
The procedure performs numerous activities automatically, with minimal input required from whoever
runs the script, including the following:
1. Automatically detects existing directory servers by querying the DNS server of the DNS domain
for any registered directory servers, and then tries to connect to the directory server with a
search request. If multiple SRV resource records are returned, autosetup stops searching
after it makes a successful connection. If a directory server cannot be found by DNS, you are
prompted for the host name and port number for an existing directory server in your environment
or asked if you want to create a new directory server instance on the local host.
2. If you choose to create a new directory server instance on the local host, autosetup creates
an HP-UX Directory Server instance on the local machine. This directory server instance is
configured with SSL and populated with a framework to support the LDAP-UX domain. For
information about the LDAP-UX domain created by autosetup, see Section 2.3.2 (page 31).
3. To guarantee confidentiality and data integrity, autosetup uses the StartTLS extended
operation on a regular LDAP connection with simple authentication (bind DN and password).
4. To trust the certificate presented by the server, autosetup determines whether the local HP-UX
host has a certificate database that includes the CA certificate that issues the server certificate.
5. If the CA certificate has not been preinstalled, to create certificate and key database files
(cert8.db and key3.db), autosetup obtains the server certificate from the directory
server, and then downloads all the trusted CA certificates published in the directory server.
The autosetup script places in the cert8.db database file the one CA certificate that
signed the SSL server certificate of the directory server. The cert8.db file stores public keys,
while the key3.db file stores private keys. A warning message is displayed to indicate that
an untrusted method is being used to obtain the CA certificate.
6. Because a configuration profile can be shared by LDAP-UX clients, autosetup searches for
an existing profile entry in the directory server, using a standard profile path
(ou=services,ou=configuration). If the default profile entry exists, autosetup
downloads it into an LDIF file (/etc/opt/ldapux/ldapux_profile.ldif) and creates
a binary profile file (/etc/opt/ldapux/ldapux_profile.bin) based on the LDIF file.
7. If the default profile entry does not exist, autosetup searches for any other profile entries
that might be saved. If any are found, you are prompted to select a configuration profile to
download or to create a default profile entry.
8. Before adding the profile entry, autosetup determines whether the schema defined in RFC
4876 exists in the directory server. If the schema does not exist, then the script extends the
directory server schema. Additionally, autosetup will extend the directory server with
additional LDAP-UX 5.0 schema and the ssh public key management schema.
9. Creates the startup file (/etc/opt/ldapux/ldapux_client.conf) on the LDAP-UX client
system, enabled for TLS support (enable_startTLS is set to 1). A sample of the file is
included in Section C.3 (page 414).
10. Creates a new computer account or host entry in the directory server that represents the current
HP-UX host. If a host entry already exists with the same name, an autosetup prompt asks
if the existing entry should be deleted and replaced.
11. Configures the host entry as a proxy user. It stores the encrypted proxy user information in the
/etc/opt/ldapux/pcred file. The proxy file contains the proxy user DN on the first line,
and the password on the second line.
12. Configures the NSS and PAM_LDAP by modifying the /etc/pam.conf and /etc/
nsswitch.conf files; samples of these files are included in “Samples of LDAP-UX
configuration files created or modified by autosetup” (page 410).
30 Installing and configuring LDAP-UX Client Services for an HP server environment