LDAP-UX Integration B.04.10 Release Notes

Table Of Contents

NOTE: At the end of setup, you will be prompted to start/restart ldapclientd. You can

choose not to start it right away. However, you must start the daemon, ldapclientd, for

LDAP-UX functions to work.

For details on running the setup program, refer to LDAP-UX Client Services B.04.10

Administrator’s Guide.

2. Save a copy of /etc/pam.conf and modify the original file to add /usr/lib/security/libpam_ldap.1

on the HP-UX 11i v1 system or libpam_ldap.so.1 on the HP-UX 11i v2 system where it is

appropriate. If your system is in the standard mode, see /etc/pam.ldap for an example. If your

system is in the Trusted Mode, see /etc/pam.ldap.trusted for an example.

NOTE: If you use PAM Kerberos, you must configure PAM Kerberos. On the HP-UX 11i

v1 system, you need to add /usr/lib/security/libpam_kerberos.1 to /etc/pam.conf where it is

appropriate. On the HP-UX 11i v2 system, you need to add libpam_kerberos.so.1 to /etc/pam.conf

where it is appropriate. If your system is in the Trusted Mode, see LDAP-UX Client Services

B.04.10 with Microsoft Windows 2000/2003/2003 R2 Active Directory Server Administrator’s Guide

for the detailed configuration. You are able to find the Configuration Guide for Kerberos

product available at http://docs.hp.com.

3. Save a copy of /etc/nsswitch.conf file and modify the original to add ldap to support name

services. See /etc/nsswitch.ldap for an example.

4. Test your setup with a pwget (1) command and grget (1) command to ensure that the

client is reading the name services information from the LDAP directory.

5. If you use netgroup to control access to your hosts, you may wish to install and configure

pam_authz. See the pam_authz (5) man page for more details.

For more information on testing, troubleshooting, and shortcuts to configure additional

clients, refer to LDAP-UX Client Services B.04.10 Administrator’s Guide.

Configuring for Use with Microsoft Windows Active Directory Server

The LDAP-UX Client Services provides default attributes and search descriptor settings to work

with Microsoft Windows Services for UNIX 3.0 or 3.5 (SFU 3.0/SFU3.5) when working with the

Windows 2000/2003/2003 R2 Active Directory Server.

Windows 2003 R2 Active Directory Server provides the ADS 2003 R2’s RFC2307 schema which

is compliant with the IETF RFC2307 standard.

If you use SFU 2.0 with Microsoft Windows 2000/2003 ADS, you must run setup to select SFU

2.0 before running migration. Alternately, you can manually re-link the attribute configuration

file to SFU 2.0 before running migration. Use the following command to switch to SFU 2.0:

ln -fs /etc/opt/ldapux/default_profile_attr_ads_sfu2.ldif \

/etc/opt/ldapux/default_profile_attr_ads.ldif

If you use R’2 RFC 2307 schema with Windows 2003 R2 ADS, you must run setup to select R’2

RFC2307 before running migration. Alternately, you can manually re-link the attribute

configuration file to R2’s RFC2307 before running migration. Use the following command to

switch to R2’s RFC2307:

ln -fs /etc/opt/ldapux/default_profile_attr_ads_winr2.ldif \

/etc/opt/ldapux/default_profile_attr_ads.ldif

LDAP-UX Client Services will also use SFU 3.0/3.5 in the absence of the softlink

/etc/opt/ldapux/defualt_profile_attr_ads.ldif.

LDAP-UX Client Services 17