LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
NOTE: If you are planning a first-time deployment of managing user and group data in the
directory server, HP suggests that you devise a strategy to avoid UID number and GID number
overlap. Most likely, you will need to continue managing some accounts that are local to the hosts
in the LDAP-UX domain. Often the root user, and sometimes application accounts (such as www for
the httpd process) remain managed in the local /etc/passwd file. Devise a convention
establishing a range for UID numbers and one for GID numbers such that accounts and groups in
LDAP do not conflict with those on the local hosts. For example, accounts in LDAP could all have
UID numbers greater than 1000, while accounts on local hosts would be restricted to UID numbers
less than 1000.
For information about ensuring that user and group numbers to be migrated or imported into a
new directory server do not collide with the ones created by the guided installation, see
Section 2.5.1.1 (page 90).
NOTE: When configuring and setting up LDAP-UX, you will likely be prompted for credentials
of an administrator. If you are asked to enter the credentials (password) of a user, make sure that
the connection between your client and the HP-UX system (where you are running autosetup) is
secured and not subject to network eavesdropping. One option to protect such communication
might be to use the ssh protocol when connecting to the HP-UX host being configured.
2.3.4.1 Interactively running New Directory Server Installation mode
To interactively install LDAP-UX and create a new HP-UX Directory Server for your LDAP-UX
environment, follow these steps. Before you begin, make sure you have installed the HP-UX Directory
Server product on the local host.
1. Log in as root and run the autosetup command, as shown in the following example:
# /opt/ldapux/config/autosetup
2. The script detects whether a registered LDAP-protocol directory server instance exists in the
local DNS domain. You are creating a new LDAP-UX environment that needs a new directory
server, so a directory server is not found, as indicated. The first prompt gives you several
options. To run the installation so that it sets up a new directory server, press Enter, as shown:
Scanning DNS domain west.acme.com for any registered LDAP directory servers
- No directory servers found.
Please enter the host name and port number of a directory server,
a Windows domain name, or press Return to create a new directory
server on this host: Enter
3. The script begins creating a new directory server instance on the local host. It creates the
Directory Manager root DN as cn=Directory Manager and prompts you to create a
password and to reenter the password to confirm (the password is hidden):
The directory server requires a "super-user" ID. This ID has all
privileges (is not subject to any access control) on the directory server
and the name is set as "cn=Directory Manager". Please enter a password
for this user.
Please enter the "cn=Directory Manager" password: [password not displayed] Enter
Please re-enter the "cn=Directory Manager" password: [password not displayed] Enter
As indicated, the Directory Manager has all privileges and is not subject to directory server
access control policies. The Directory Manager is a unique, powerful entry that is typically
used to repair and recover from errors in the configuration. The Directory Manager can correct
problems that affect users who do not have access control privileges for doing so. There is no
directory entry for the Directory Manager user; it is used only for authentication. You cannot
create an actual directory server entry that uses the same distinguished name (DN) as the
2.3 Guided installation (autosetup) for an HP directory server environment 47