Manualshelf

LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
51525354555657585960
Control user access to the system, using any of several methods mentioned in Section 2.5.6
(page 104)
Configure subsequent client systems (see the shortcuts mentioned in Section 2.5.7
(page 110))
Downloading the profile periodically (see Section 2.5.8 (page 111))
Enabling the use of -r commands with PAM_LDAP (see Section 2.5.9 (page 112))
2.4.2 Planning for your customized installation and configuration
Before beginning your installation, you should plan how you will set up and verify your LDAP
directory and your LDAP-UX Client Services environment before putting them into production.
Consider the following questions. Record your decisions and other information that you will need
later in “Configuration worksheet” (page 403).
How many HP directory servers and replicas will you need?
Each client system binds to an LDAP directory server containing your user, group, and other
data. Multiple clients can bind to a single directory server or replica server. The answer
depends on your environment, the size and configuration of your directory, and how many
users and clients you have. Write your directory server host and TCP port number in
“Configuration worksheet” (page 403). For more information, see the white paper Preparing
Your LDAP Directory for HP-UX Integration at:
http://www.hp.com/go/hpux-security-docs
Click HP-UX LDAP-UX Integration Software.
In addition, for more information about preparing an HP-UX Directory Server or Red Hat
Directory Server, see the appropriate Deployment Guide at the website mentioned previously.
You can add directory replicas to an existing LDAP-UX Client Services environment as described
under Section 7.5 (page 217). You can also review the LDAP-UX Integration Performance and
Tuning Guidelines, also located at the website mentioned previously.
Where will you get your name service data when migrating it to the directory?
You can get the data from your files in the /etc directory or, if you are using NIS, from the
same source files from which you create your NIS maps, or you can get the data from your
NIS maps themselves. Write this information in “Configuration worksheet” (page 403).
For information about how to import your information into the directory, see Section 2.5.1
(page 89). For information about the migration scripts, see Section 9.6 (page 383).
To add an individual user entry or modify an existing user entry in your directory, you may
use the ldapugadd or ldapugmod command or other directory administration tools such as
the ldapmodify command or the HP-UX Directory Server Console. For additional contributed
tools, see the LDAP-UX Integration Release Notes.
NOTE: You should keep a small subset of users in /etc/passwd, particularly the root login
. This enables administrative users to log in during installation and testing. Also, if the directory
is unavailable, you can still log in to the system.
Where in your directory will you put your name service data?
Your directory architect needs to decide where in your directory to place your name service
information. By default, LDAP-UX Client Services expects user and group data to use the object
classes and attributes specified by RFC 2307. By default, the migration scripts create and
populate a new subtree that conforms to RFC 2307. Figure 9 (page 62) shows a base DN of
ou=unix,o=hp.com. Write the base DN of your name service data in “Configuration
worksheet” (page 403).
2.4 Customized installation (setup) for an HP directory server environment 59