LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

100

brewer (): ldapugmod -P -t group -g 1999 DomainAdmins

bind-dn [uid=domadmin,ou=People,dc=mydomain,dc=example,dc=com]:

Password:

ntc9-212 (src/tools): ldapuglist -t group -n DomainAdmins

dn: cn=DomainAdmins,ou=Groups,dc=mydomain,dc=example,dc=com

cn: Domain Administrators

cn: DomainAdmins

gidNumber: 1999

memberUid: domadmin

For more information about using the ldapuglist and ldapugmod tools to list and modify users

and groups, see Section 7.7 (page 218).

2.5.1.2 Steps for importing name service data into your directory

Here are the steps for importing your user and group data into your LDAP directory. Modify them

as needed.

1. Decide which migration method and scripts you will use. Migration scripts are provided to

ease the task of importing your existing name service data into your LDAP directory.

For a complete description of the scripts, what they do, and how to use them, see Section 9.6

(page 383). Modify the migration scripts, if needed.

2. Back up your directory.

3. Run the migration scripts, using the worksheet in “Configuration worksheet” (page 403).

4. If the migration method that you used did not already do so, import the LDIF file into your

directory.

2.5.2 Verifying LDAP-UX Client Services

This section describes some simple ways you can verify the installation and configuration of your

LDAP-UX Client Services. These verification steps can be used for both HP directory server and

Windows ADS environments (readers of “Installing and configuring LDAP-UX Client Services for a

Windows ADS environment” (page 114) are referred to this section for information about verifying

LDAP-UX Client Services). You might need to do more elaborate and detailed testing, especially if

you have a large environment.

If any of the following tests fail, see Section 7.13 (page 251).

1. To test the name service, use the nsquery

command:

nsquery lookup_type lookup_query [lookup_policy]

For example, to test the name service switch to resolve a user name lookup, enter:

nsquery passwd username ldap

where username is the login name of a valid user whose POSIX account information is in

the directory. You should see output something like the following depending on how you have

configured /etc/nsswitch.conf:

Using "ldap" for the passwd policy.

Searching ldap for jbloggs

User name: jbloggs

user Id: 10000

Group Id: 2000

Gecos:

Home Directory: /home/jbloggs

Shell: /bin/sh

Switch configuration: Terminates Search

This tests the Name Service Switch configuration in /etc/nsswitch.conf. If you do not

see similar output, see /etc/nsswitch.conf for proper configuration.

2. Use other commands to display information about users in the directory, making sure the

output is as expected:

1. nsquery is a contributed tool included with the ONC/NFS product. For more information, see the nsquery(1) manpage.

2.5 Postinstallation configuration tasks 91