LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

411

412

413

414

415

416

417

418

419

420

# $

# Service: <service_name>

# <one or more configuration information lines>

# $

#The name service that LDAP-UX Client Services supports is "NSS".

#For example:

# Service:NSS

# # More than one 'host:port' can be included in this field,

# # delimited by ' '. For example:

# LDAP_HOSTPORT="abc.efg.hp.com def.anywhere.com"

# # The configuration profile entry name in the Directory Server. For example:

# PROFILE_ENTRY_DN="cn=myprofile, ou=myorgunit, o=myorg"

# #The application program the application is to execute after

# #the configuration profile entry is retrieved from the application.

# #For example:

# PROGRAM="/opt/ldapux/config/create_profile_cache"

# $

Service: NSS

LDAP_HOSTPORT_SSL="16.92.120.190:389"

PROFILE_ENTRY_DN="cn=DOC-ldapuxProfile,ou=Services,ou=Configuration,dc=doc,dc=acme,dc=com"

PROGRAM="/opt/ldapux/config/create_profile_cache"

C.4 ldapclientd.conf file after autosetup configuration

Before starting the LDAP-UX client daemon process, autosetup edits the client daemon

configuration file /etc/opt/ldapux/ldapclientd.conf to enable the LDAP-UX client daemon

ldapclientd to launch automatically whenever the system is rebooted and to enable the directory

server to restrict proxy user rights. The following shows the ldapclientd.conf that is configured

by autosetup. The same file is created for both HP server and Windows ADS environments.

#!/sbin/sh

# @(#) $Revision: 1.12 $

# ldap client daemon configuration.

# Please note, the below keys are case sensitive.

# Example:

# [passwd]

# enable=yes

# poscache_ttl=600

# negcache_ttl=600

# Note that "TTLs" (time to live) values are in seconds.

# Note that cache sizes are in bytes.

[StartOnBoot]

enable=yes

[general]

# If the proxy user is used and defined in /etc/opt/ldapux/pcred, this

# flag indicates if the proxy user does not hold privileged LDAP

# credentials, meaning the proxy user is restricted in it's rights to

# access "private" information in the directory server. Because

# ldapclientd provides an interface to access arbitrary information

# (attributes), ldapclientd needs to know if the proxy credential has

# more rights that it should.

# By default, and if set to zero, ldapclientd assumes the proxy user

# has privledged credentials, and thus will not allow access to attributes

# beyond that of the RFC2307 schema. However, you can ammend the list of

# allowed attributes using the allowed_attribute paramter defined below.

# If proxy_is_restricted is set to 1, then you are attesting that the

# directory server is restricting access to private or other confidential

# information from access by the proxy user.

proxy_is_restricted=1

# Allows the ldapclientd interface to return attributes that are associated

# with RFC2307-based services (such as users and groups), but that those

# attributes are not specifically part of the RFC2307 schema. Any attribute

# specified below should be considered public information.

allowed_attribute=hosts:sshPublicKey

allowed_attribute=passwd:sshPublicKey

C.4 ldapclientd.conf file after autosetup configuration 417