LDAP-UX Integration B.04.10 Release Notes
Table Of Contents
- LDAP-UX Integration B.04.10 Release Notes
- Table of Contents
- 1 LDAP-UX Integration B.04.10 Release Note
- LDAP-UX Integration Overview
- LDAP-UX Client Services
- What’s New in LDAP-UX Client Services B.04.10
- Known Problems fixed in LDAP-UX Client Services A.04.10
- Compatibility and Installation Requirements for LDAP-UX Client Services
- Installing and Configuring the LDAP-UX Client Services
- Documentation
- Known Problems and Workarounds for LDAP-UX Client Services
- Limitations in LDAP-UX Client Services
- Services
- /etc/pam.conf
- LDAP Directory Interoperability
- Supported Name Service Databases
- Duplicated Data Entries in ADS Multiple Domains
- SSL With Windows 2000 Active Directory Server
- Limitations of Printer Configurator
- Unsupported Commands
- Clear Text Passwords
- Man page for ldapclientd.conf
- LDAP Security Policy Enforcement
- SASL/GSSAPI Profile Download Support
- Changing authentication methods
- Supported Features For Particular Directory Servers
- Additional Limitations with Active Directory
- NIS/LDAP Gateway
1. Retrieve the Base64-Encoded certificate from the certificate server and save it.
2. Use the rm command to remove the old database files, /etc/opt/ldapux/cert8.db and
/etc/opt/ldapux/key3.db:
rm -f /etc/opt/ldapux/cert8.db /etc/opt/ldapux/key3.db
3. Use the certutil utility with the -N option to initialize a new database:
/opt/ldapux/contrib/bin/certutil -N -d /etc/opt/ldapux
4. Add the CA certificate or the LDAP server’s certificate to the security database:
• To use the certutil command to add a CA certificate to the database:
For example, the following command adds the CA certificate, my-ca-cert, to the
security database directory,/etc/opt/ldapux, with the Base64-Encoded certificate
request file, /tmp/mynew.cert:
/opt/ldapux/contrib/bin/certutil -A -n my-ca-cert -t \
"C,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert
NOTE: The -t "C,," represents the minimum trust attributes that may be assigned
to the CA certificate for LDAP-UX to successfully use SSL to connect to the LDAP
directory server. If you have other applications that use the CA certificate for other
functions, then you may wish to assign additional trust flags. See
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html for additional information.
• To use the certutil command to add the LDAP server’s certificate to the security
database:
For example, the following command adds the LDAP server’s certificate,
my-server-cert, to the security database directory, /etc/opt/ldapux, with the
Base64-Encoded certificate request file, /tmp/mynew.cert.
/opt/ldapux/contrib/bin/certutil -A -n my-server-cert -t \
"P,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert
NOTE: The -t "p,," represents the minimum trust attributes that may be assigned
to the LDAP server’s certificate for LDAP-UX to successfully use SSL to connect to the
LDAP directory server. See http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
for additional information.
If you want to use LDAP-UX with Microsoft Windows 2000 or 2003 Active Directory with Services
for UNIX version 2.0 (SFU 2.0) , or to use Windows Active Directory Server 2003 R2 with RFC
2307, see the section “Configuring for Use with Microsoft Windows Active Directory Server”
before you run setup or migration.
If your user and group data have been migrated to an LDAP directory, you can set up a client
system as described below. If you have not migrated your name service data to an LDAP directory,
refer to LDAP-UX Client Services B.04.10 Administrator’s Guide for complete migration details.
The following shows basic instructions for configuring the LDAP-UX Client Services:
1. When your LDAP directory is configured and contains your name service data, you can run
the setup program and follow the prompts to configure your client:
cd /opt/ldapux/config
./setup
16 LDAP-UX Integration B.04.10 Release Note