Manualshelf

LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
81828384858687888990
2.4.7.5.2 Procedures used for configuring the serviceAuthenticationMethod attribute
Use the following steps on one of LDAP-UX client sytems to configure the
serviceAuthenticationMethod attribute in the /etc/opt/ldapux/
ldapux_profile.ldif file:
1. Log in as root.
2. Use the ldapentry tool to modify the profile entry in the LDAP directory server to include
serviceAuthenticationMethod. To do this, ldapentry requires the profile DN. You
can find the profile DN from PROFILE_ENTRY_DN in /etc/opt/ldapux/
ldapux_client.conf after you finish running the setup program. The following example
edits the profile entry "cn=ldapuxprofile,dc=org,dc=hp,dc=com":
For example:
cd /opt/ldapux/bin
./ldapentry -m "cn=ldapuxprofile,dc=org,dc=hp,dc=com"
After you enter the prompts for "Directory login:" and "password:", ldapentry will bring
up an editor window with the profile entry. You can add the
serviceAuthenticationMethod attribute.
The value of the serviceAuthenticatioMethod entry depends on the authentication
method you configure. The following shows the possible values of the
serviceAuthenticationMethod attribute:
For SASL /DIGEST-MD5 using the Distinguish Name (DN) to generate the DIGEST-MD5
hash, the data in the entry is:
serviceAuthenticationMethod:keyserv:sasl/digest-md5:username=dn
For SASL /DIGEST-MD5 using the uid attribute to generate the DIGEST-MD5 hash, the
data in the entry is:
serviceAuthenticationMethod:keyserv:sasl/digest-md5
For SASL/DIGEST-MD5 with SSL enabled using the DN to generate the DIGEST-MD5
hash, the data in the entry is:
serviceAuthenticationMethod:keyserv:tls:sasl/digest-md5:username=dn
For SASL/DIGEST-MD5 with SSL enabled using the uid attribute to generate the
DIGEST-MD5 hash, the data in the entry is:
serviceAuthenticationMethod:keyserv:tls:sasl/digest-md5
For simple authentication, the data in the entry is:
serviceAuthenticationMethod:keyserv:simple
For simple with SSL enabled, the data in the entry is:
serviceAuthenticationMethod:keyserv:tls:simple
For more information on ldapentry, see “Command and tool reference” (page 276).
NOTE: If you use TLS for secure communication between LDAP clients and the HP-UX Directory
Server or Red Hat Directory Server, you must use the Directory Server Console to manually
add the values of the serviceAuthenticationMethod attribute.
3. Go to /opt/ldapux/config:
cd /opt/ldapux/config
4. Use /opt/ldapux/config/get_profile_entry to download the modified LDIF profile:
./get_profile_entry -s nss
88 Installing and configuring LDAP-UX Client Services for an HP server environment