Manualshelf

LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
61626364656667686970
IMPORTANT: Starting with LDAP-UX Client Services B.03.20, the client daemon, /opt/
ldapux/bin/ldapclientd, must be running for LDAP-UX functions to work. With LDAP-UX
Client Services B.03.10 or previous releases, running the client daemon, ldapclientd, is
optional.
NOTE: The LDAP printer configurator can support any directory servers that support the
LDAP printer schema based on RFC 3712.
However, the LDAP-UX Client Services only supports automatically importing the LDAP printer
schema into the directory server by running the setup program.
If your directory server does not support the LDAP printer schema, you might experience
problems when importing the printer schema.
Configure PAM by modifying the PAM configuration file /etc/pam.conf. See /etc/
pam.ldap for a sample (a sample of this file is provided in Section D.1 (page 421)).
For more information about PAM, see the pam(3) and pam.conf(4) manpages, and the
Managing Systems and Workgroups: A Guide for HP-UX System Administrators document at
the following location:
http://www.hp.com/go/hpux-core-docs (click HP-UX 11i v2)
Sample PAM configuration files and details about their structure are provided in “Sample
PAM configuration (pam.conf) files ” (page 420).
Configure NSS by modifying the file /etc/nsswitch.conf. See /etc/nsswitch.ldap
for a sample.
Optionally modify the disable_uid_range flag in the /etc/opt/ldapux/
ldapux_client.conf file to disable logins to the local system from specific users, as
described in Section 2.5.6.1 (page 105).
Optionally configure the authorization of one or more subgroups from a large repository such
as an LDAP directory server. For the detailed information on how to set up the policy file,
/etc/opt/ldapux/pam_authz.policy, see Section 7.4.4 (page 202).
After you configure your directory and the first client system, configuring additional client systems
is simpler. For more information, see Section 2.5.7 (page 110).
2.4.5.1 Quick configuration
You can quickly configure a HP-UX Directory Server/Rat Hat Directory Server directory and the
first client by letting most of the configuration parameters take default values as follows. For a
custom configuration, see Section 2.4.5.2 (page 72).
The steps described in this section assume that you don't use SSL or TLS support with LDAP-UX. If
you want to enable SSL support, see Section 2.4.5.2 (page 72).
NOTE: When configuring and setting up LDAP-UX, you will likely be prompted for credentials
of an administrator. If you are asked to enter the credentials (password) of a user, make sure that
the connection between your client and the HP-UX system (where you are running setup) is secured
and not subject to network eavesdropping. One option to protect such communication might be
to use the ssh protocol when connecting to the HP-UX host being configured.
1. Log in as root and run the setup program:
cd /opt/ldapux/config
./setup
2.4 Customized installation (setup) for an HP directory server environment 69