LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
owner: uid=domadmin,ou=people,dc=mydomain,dc=example,dc=com
uniqueMember: uid=domadmin,ou=People,dc=mydomain,dc=example,dc=com
cn: HostAdmins
gidNumber: 1872
When LDAP-UX creates the configuration profile, attributes from RFC 2307 define most of the
information model used for users, groups, and hosts. The configuration profile is created mostly
with defaults, meaning that the search filters and attributes are based on RFC 2307
recommendations. However, the profile includes a few exceptions that help improve interoperability
with other LDAP-enabled applications. The following is a sample profile generated by the guided
installation. A summary of the enhancements made to improve interoperability follows the example.
Example 4 Sample configuration profile
dn: cn=mydomain-ldapuxProfile,ou=Services,ou=Configuration,
dc=mydomain,dc=example,dc=com
objectClass: top
objectClass: DUAConfigprofile
objectClass: configurableService
cn: cup-ldapuxProfile
preferredServerList: 192.168.10.20:389
profileTTL: 14400
defaultSearchBase: dc=domain,dc=example,dc=com
bindTimeLimit: 5
authenticationMethod: tls:simple
credentialLevel: proxy
attributeMap: passwd:userpassword=*NULL*
attributeMap: shadow:userpassword=*NULL*
attributeMap: group:userpassword=*NULL*
attributeMap: group:memberUid=uniqueMember member memberUid
attributeMap: passwd:gecos=cn l telephoneNumber
serviceSearchDescriptor: passwd:ou=People,
serviceSearchDescriptor: shadow:ou=People,
serviceSearchDescriptor: group:ou=Groups,
serviceSearchDescriptor: pam:ou=People,
serviceSearchDescriptor: rpc:ou=Services,
serviceSearchDescriptor: protocols:ou=Services,
serviceSearchDescriptor: networks:ou=Services,
serviceSearchDescriptor: hosts:ou=Hosts,
serviceSearchDescriptor: services:ou=Services,
serviceSearchDescriptor: printers:ou=Services,
serviceSearchDescriptor: automount:ou=Services,
serviceSearchDescriptor: netgroup:ou=Groups,
The guided installation enhances the configuration profile to improve interoperability with other
LDAP-enabled applications in the following ways:
• Most all LDAP-enabled applications use the DN-based membership syntax, defined by the
X.500 standards. So, instead of using the memberUid attribute as the sole, primary attribute
for defining group membership, the guided installation uses the uniqueMember, member,
and memberUid attributes by default. In addition, when new members are added to a group
using the LDAP user or group management tools, LDAP-UX uses the uniqueMember attribute
to define that membership. It defines the membership based on the ordering found in
attributeMap, which lists a mapping from RFC 2307 attributes to alternate attributes.
• Instead of using the gecos attribute to define account details, the cn (common name), l
(location), and telephoneNumber attributes are mapped to fill the GECOS field. This
eliminates the need to define the gecos attribute in the directory server.
2.3 Guided installation (autosetup) for an HP directory server environment 35