LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
2.4.1 Summary of customized installation and configuration steps
The following are the steps you take when custom installing and configuring an LDAP-UX Client
Services environment:
1. Plan your installation (see Section 2.4.2 (page 59)).
2. Install LDAP-UX Client Services on each client system (see Section 2.4.3 (page 65)).
3. Install and configure an LDAP directory, if not already done (see Section 2.4.4 (page 65)).
4. If you want to enable SSL support with LDAP-UX, install and set up the security database files
on the LDAP-UX client system (see Section 2.4.6 (page 78)).
5. Migrate your name service data to the directory (see Section 2.5.1 (page 89)).
6. Run the setup program to configure LDAP-UX Client Services on a client system (see
Section 2.4.5 (page 67)). The setup program does the following for you:
• Extends your RHDS/HPDS directory schema with the configuration profile schema, if not
already done.
• Imports the LP printer schema into your HP directory server if you choose to start the LDAP
printer configurator.
• Imports the NIS publickey schema into your HP directory if you choose to store the NIS-style
public keys of users and hosts in the LDAP directory.
• Imports the automount schema into your HP directory server if you choose to store the
AutoFS maps in the LDAP directory.
• Creates a startup file on the client. This enables each client to download the configuration
profile.
• Creates a centrally-managed configuration profile in the LDAP directory server. This profile
defines how HP-UX clients should access the directory server and defines the data model
(schema) used to identify users, groups, and other OS services. This profile can be shared
across numerous clients and defines what is known as the “LDAP-UX domain”. The setup
program can download an existing configuration profile, create a new one, or define a
local-only profile.
• Downloads the configuration profile from the directory to the client.
• Starts the product daemon ldapclientd, if you choose to start it. Starting with LDAP-UX
Client B.03.20 or later, the client daemon must be started to obtain LDAP-UX functionality.
With LDAP-UX Client B.03.10 or previous releases, running the client daemon is optional.
7. To specify LDAP authentication and name service, modify the files /etc/pam.conf and
/etc/nsswitch.conf, respectively, on the client (see Section 2.4.5 (page 67)).
8. Optionally, configure the PAM Authorization Service Module (PAM_AUTHZ) to control access
rules defined in the /etc/opt/ldapux/pam_authz.policy policy file. In addition, verify
the user access rights of a subset of users in a large repository needing access, modifying the
/etc/opt/ldapux/pam_authz.policy and /etc/pam.conf files. For command syntax,
see the pam_authz(5) manpage; for more information about configuring this service, see
Section 7.4 (page 199).
9. Perform the relevant postinstallation tasks described in Section 2.5 (page 89). These include:
• Importing name service data into your directory (see Section 2.5.1 (page 89))
• Verifying each client is working properly (see Section 2.5.2 (page 91))
• Enabling AutoFS support (see Section 2.5.3 (page 94))
• Enabling offline credential caching for authentication when the directory server is not
available (see Section 2.5.4 (page 101))
• Enabling integrated Compat Mode to control name services and user logins (see
Section 2.5.5 (page 102))
58 Installing and configuring LDAP-UX Client Services for an HP server environment