LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
# Setting enable_startTLS to 1 does not alone configure TLS session
# encryption. It merely specifies that TLS should be used instead of
# SSL when encryption/validation is required. Just as with SSL,
# in order to fully enable TLS, the /etc/opt/ldapux/cert8.db must
# contain a CA or LDAP server certificate and TLS/SSL must be enabled in
# the LDAP-UX configuration profile (created by the /opt/ldapux/config/setup
# tool).
#
# Note: In future LDAP-UX releases, TLS will be enabled by default instead of
# SSL for new installations.
#
enable_startTLS=1
# You can use the following configuration to adjust the level of validation
# done of the SSL certificates of LDAP servers. There are three options
# available for peer_cert_policy:
# WEAK performs no validation of SSL certificates.
# CERT is the default and verifies that the issuers of peer SSL certificates
# are trusted.
# CNCERT performs both the CERT check and also verifies that the common name
# or subjectAltName values embedded in the certificate matches the
# address used to connect to the LDAP server, as described in RFC 4513.
# Please note that LDAP-UX normally stores the IP address of LDAP
# servers in the configuration profile, and certificates normally
# embed the host name or fully qualified host name. Therefore the
# preferredserverlist setting in the profile may need to be adjusted
# to address the LDAP server using its host name if this option is
# used. Host names may not be used in the profile if the system is
# configured to use LDAP-UX for host name resolution. Please see the
# documentation for details on manually adjusting the profile.
#
#peer_cert_policy=CERT
# LDAP-UX returns group information requested by initgroups(3C), which
# initializes the user's group access list. The following configuration
# controls if LDAP-UX should return dynamic groups that a user belongs to.
#
# If "enable_dynamic_getgroupsbymember" is set to 1, which is the default,
# LDAP-UX returns both static and dynamic groups that a user belongs to.
# As a result, the user has the access right granted to all those groups.
#
# If "enable_dynamic_getgroupsbymember" is set to 0, LDAP-UX returns only
# static groups that a user belongs to. As a result, the user has only the
# access rights granted to static groups, and does not have the access
# rights granted to dynamic groups.
#
# If you experience an unexpected delay when logging into the system, HP
# recommends that you uncomment the following line and set
# "enable_dynamic_getgroupsbymember" to 0.
#
#enable_dynamic_getgroupsbymember=1
# Prior to B.04.20, LDAP-UX appended the string, "#'*'B" when constructing
# search filters using the attribute uniquemember. Starting from B.04.20,
# this behavior has been turned off. You may re-enable this feature
# by setting enable_bitstring to 1. Please refer to "A Summary of
# the X.500(96) User schema for use with LDAPv3", RFC2256 as well
# as "Lightweight Directory Access Protocol (v3): Attribute Syntax
# Definitions", RFC2252, for more details on the Name And Optional UID
# syntax.
#
#enable_bitstring=1
# Setting "enable_compat_mode=1" enables LDAP-UX to process "+"/"-"
# entries in /etc/passwd and /etc/group as they are in compat mode
# while "ldap" is still configured as a regular repository for "passwd"
# and "group" in /etc/nsswitch.conf (e.g. /etc/nsswitch.ldap).
#enable_compat_mode=0
[profile]
#This section contains information clients need to access the configuration
#profile entry from an LDAP Directory Server.
#More than one application can share this file.
#For each application,
#the format begins with the keyword "Service:" followed by the service name,
#followed by one or more configuration information lines,
#followed by a line with "$" as the last line of the service,
#followed by another service with the same format if any. For example:
#
# Service: <service_name>
# <one or more configuration information lines>
416 Samples of LDAP-UX configuration files created or modified by autosetup