Manualshelf

LDAP-UX Integration B.04.17 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
signed the LDAP servers certificate) from your certificate server as a Base64-Encoded certificate
and use the certutilutility to create the cert8.dband key3.db security database files.
Use the following steps to create the security database files:
1. Retrieve the Base64-Encoded certificate from the certificate server and save it.
2. Use the rm command to remove the old database files, /etc/opt/ldapux/cert8.db and
/etc/opt/ldapux/key3.db:
rm -f /etc/opt/ldapux/cert8.db /etc/opt/ldapux/key3.db
3. Use the certutil utility with the -N option to initialize a new database:
/opt/ldapux/contrib/bin/certutil -N -d /etc/opt/ldapux
4. Add the CA certificate or the LDAP servers certificate to the security database:
To use the certutil command to add a CA certificate to the database:
For example, the following command adds the CA certificate, my-ca-cert, to the
security database directory,/etc/opt/ldapux, with the Base64-Encoded certificate
request file, /tmp/mynew.cert:
/opt/ldapux/contrib/bin/certutil -A -n my-ca-cert -t \
"C,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert
NOTE: The -t "C,," represents the minimum trust attributes that may be assigned
to the CA certificate for LDAP-UX to successfully use SSL to connect to the LDAP
directory server. If you have other applications that use the CA certificate for other
functions, then you may wish to assign additional trust flags. See
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html for additional information.
To use the certutil command to add the LDAP servers certificate to the security
database:
For example, the following command adds the LDAP servers certificate,
my-server-cert, to the security database directory, /etc/opt/ldapux, with the
Base64-Encoded certificate request file, /tmp/mynew.cert.
/opt/ldapux/contrib/bin/certutil -A -n my-server-cert -t \
"P,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert
NOTE: The -t "p,," represents the minimum trust attributes that may be assigned
to the LDAP servers certificate for LDAP-UX to successfully use SSL to connect to the
LDAP directory server. See http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
for additional information.
If you want to use LDAP-UX with Microsoft Windows 2000 or 2003 Active Directory with Services
for UNIX version 2.0 (SFU 2.0) , or to use Windows Active Directory Server 2003 R2 with RFC
2307, see the section “Configuring for Use with Microsoft Windows Active Directory Server
before you run setup or migration.
If your user and group data have been migrated to an LDAP directory, you can set up a client
system as described below. If you have not migrated your name service data to an LDAP directory,
refer to LDAP-UX Client Services B.04.15 Administrator’s Guide for complete migration details.
The following shows basic instructions for configuring the LDAP-UX Client Services:
LDAP-UX Client Services 13