LDAP-UX Integration B.04.17 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

• If you have already configured other NIS/LDAP Gateway servers on other systems, you can

simply duplicate the configuration file /opt/ldapux/ypldapd/etc/ypldapd.conf on the local

system.

• Otherwise, edit the file /opt/ldapux/ypldapd/etc/ypldapd.conf and add the appropriate

values according to the descriptions in the file. Minimally you will need to update the

ypdomain, ldaphost, basedn, binddn and bindcred parameters. If you have a large LDAP

database and you are using 11i v1 or v2 NIS clients, you should set preload_maps to

preload_maps group.bynam. The user you identify in the binddn must be an LDAP

directory user that is allowed to read the userPassword attribute.

• If the NIS domain you use is the same as the domain being used by an existing NIS server,

you must stop and disable the NIS server. You can do this by executing the command

/sbin/init.d/nis.server stop to stop the NIS server. Then change

NIS_SLAVE_SERVER and NIS_MASTER_SERVER to 0 in the file /etc/rc.config.d/namesvrs.

Once your NIS/Gateway server is running, you can test your setup with a ypcat(1) command,

such as ypcat group. You may need to wait (up to a minute) as the ypbind(1M) process attempts

to find the new NIS/LDAP Gateway server. To avoid this wait, you can stop and restart the client

as follows before issuing the ypcat command:

/sbin/init.d/nis.client stop

/sbin/init.d/nis.client start

Installing and Configuring LDAP Client Administration Tools

This section provides basic instructions for installing the LDAP Client Administration Tools. For

complete installation and configuration instructions, see NIS/LDAP Gateway Administrator’s Guide.

Configuration Quick Start

This product does not require any specific configuration. However, once you have installed the

product, read the file /opt/ldapux/bin/README-ADMIN for instructions on how to simplify

LDAP directory administration from your LDAP-UX or NIS/LDAP Gateway clients.

You may also wish to create a front-end script to the ldappasswd command, to hide the LDAP

directory from the average HP-UX user.

Below are two examples you can cut and paste into a passwd shell script and then modify for

your environment:

#!/usr/bin/ksh

/opt/ldapux/bin/ldappasswd -b "your_base_DN" -h "ldap_server_host_name" \

-p "ldap_port"

#!/usr/bin/ksh

/opt/ldapux/bin/ldappasswd -b "ou=people,o=hp.com" \

-h "dirserver.lab.hp.com" -p 389

Known Problems and Workarounds

Known Problem

If the NIS Client is on same box as ypldapd, it can bind to wrong server.

Workaround

If you want NIS Clients to bind with specific ypldapd or NIS Server, configure your client’s box

as follows: Specify "YPSET_ADDR=machine’s name" in the etc/rc.config.d/namesrvs file.

Limitations in NIS/LDAP Gateway

The following are limitations in this version of the NIS/LDAP Gateway.

• Crypt Passwords

The NIS/LDAP Gateway product requires that user passwords be stored in the directory

server in the same format as stored in an /etc/passwd file. This is known as “Unix Crypt”

26 LDAP-UX Integration B.04.17 Release Note