LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
1. Enter yes for the following question:
Do you want to remap any of the startdard RFC 2307 attributes? [yes]:
yes Enter
2. Select the group service by entering 3 for the following question:
Specify the service you want to map? [0]: 3 Enter
3. Next, a screen displays the following information:
Current Group attribute names:
1.cn ->[cn]
2.gidnumber -> [gidnumber]
3.memberuid -> [memberuid]
4.userpassword -> [userPassword]
Specify the attribute you want to map. [0]:
If you want to specify the attribute to map to memberuid, then enter 3 for the following
question:
Specify the attribute you want to map? [0]: 3 Enter
4. Enter the member attribute that you want to map to the memberuid attribute:
memberuid —> member Enter
5. Next, a screen displays the following information:
Current Group.attribute names:
1.cn ->[cn]
2.gidnumber -> [gidnumber]
3.memberuid -> [member]
4.userpassword -> [userPassword]
Specify the attribute you want to map. [0]:
To exit this menu, enter 0 for the following question:
Specify the attribute you want to map. [0]: 0 Enter
NOTE: LDAP-UX supports DN-based (X.500 style) membership syntax. This means that you do
not need to use the memberUid attribute to define the members of a POSIX group. Instead, you
may use either the member or uniqueMember attribute. LDAP-UX can convert from the DN syntax
to the POSIX syntax (an account name).
For HP-UX Directory Server or Red Hat Directory Server, the typical member attribute would be
either memberUid, member, or uniqueMember.
2.4.6 Configuring LDAP-UX Client Services with SSL or TLS support
The LDAP-UX Client Services supports either SSL (Secure Socket Layer) or TLS (Transport Layer
Security) to secure communication between LDAP clients and the LDAP directory server.
With SSL, an encrypted session is established on an encrypted port, 636. The LDAP-UX Client
Services supports SSL with a password as the credential, using either simple bind or SASL/GSSAPI,
or SASL/DIGEST-MD5 authentication to ensure confidentiality and data integrity between clients
and servers. (SASL/GSSAPI is only supported for LDAP-UX used with Windows ADS.) SSL enables
LDAP-UX clients to provide a secure way to protect the password over the network. In addition,
SSL/TLS can be used to validate the identity of the directory server (or Windows Active Directory
Server, ADS) if the privacy of the server’s and CA’s private keys can be assured. The directory
administrator can choose the authentication mechanism, such as using a simple password stored
in the directory server as a hash syntax.
The LDAP-UX Client Services supports SSL communication with Microsoft Windows Server 2003
R2 and 2008 Active Directory Server (ADS), HP-UX Directory Server 8.1 (or later), and Red Hat
Directory Server 8.0. For detailed information about how to set up and configure your HP directory
78 Installing and configuring LDAP-UX Client Services for an HP server environment