LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

6 Dynamic group support...........................................................................173

6.1 Overview.......................................................................................................................173

6.2 Creating an HP-UX dynamic group ...................................................................................173

6.2.1 Creating an HP-UX POSIX dynamic group in an HP directory server environment..............173

6.2.1.1 Step 1: Creating a dynamic group.......................................................................173

6.2.1.2 Step 2: Adding POSIX attributes to a dynamic group.............................................174

6.2.2 Creating an HP-UX POSIX dynamic group in a Windows ADS environment.....................175

6.2.2.1 Step 1: Creating a dynamic group (an LDAP query group).....................................175

6.2.2.2 Step 2: Adding POSIX attributes to a dynamic group............................................176

6.2.2.3 Step 3: Setting read permissions for the proxy user..............................................176

6.2.3 Changing an HP-UX POSIX static group to a dynamic group.........................................176

6.2.4 Enabling dynamic group support...............................................................................177

6.3 Multiple group attribute mappings....................................................................................178

6.3.1 Multiple group attribute mapping examples.................................................................178

6.4 Number of group members returned..................................................................................180

6.5 Number of groups returned for a specific user....................................................................180

6.6 Performance impact for dynamic groups............................................................................181

6.6.1 Enabling and disabling enable_dynamic_getgroupsbymember......................................181

6.7 Configuring dynamic group caches...................................................................................181

7 Administering LDAP-UX Client Services......................................................182

7.1 Managing the LDAP-UX client daemon................................................................................182

7.1.1 Overview.................................................................................................................182

7.1.2 Using the ldapclientd administration tool.....................................................................182

7.1.2.1 Starting the client...............................................................................................182

7.1.2.2 Controlling the client..........................................................................................183

7.1.2.3 Improving client daemon performance.................................................................183

7.1.2.4 Command options.............................................................................................183

7.1.2.5 Diagnostics......................................................................................................183

7.1.2.6 Warnings........................................................................................................184

7.1.3 ldapclientd.conf configuration file...............................................................................184

7.1.3.1 Configuration file syntax.....................................................................................184

7.1.3.1.1 Section details............................................................................................185

7.1.3.2 Example Configuration file.................................................................................191

7.2 Integrating LDAP-UX with Trusted Mode..............................................................................194

7.2.1 Overview................................................................................................................194

7.2.2 Features and limitations............................................................................................194

7.2.2.1 Auditing..........................................................................................................194

7.2.2.2 Password and account policies...........................................................................195

7.2.2.3 PAM configuration file......................................................................................195

7.2.2.4 Limitations.......................................................................................................196

7.2.3 Configuration parameter...........................................................................................196

7.3 Configuring SASL/GSSAPI support for proxy user authentication (Windows ADS only).............196

7.3.1 How SASL/GSSAPI works.........................................................................................197

7.3.2 Configuring the proxy user........................................................................................197

7.3.2.1 Configuring the user principal............................................................................197

7.3.2.2 Service/host principal and keys.........................................................................197

7.3.2.3 Configuring a principal as the proxy user............................................................198

7.3.3 Keytab file..............................................................................................................198

7.3.4 Downloading SASL/GSSAPI profiles...........................................................................199

7.3.5 Changing authentication methods..............................................................................199

7.4 Configuring PAM_AUTHZ login authorization .....................................................................199

7.4.1 Policy and access rules.............................................................................................200

7.4.2 How login authorization works..................................................................................200

Contents 7