Manualshelf

LDAP-UX Integration B.04.20 Release Notes (April 2010 Update)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
3. If you require ONC publickey, ONC AutoFS, or integration with Active Directory Server,
please see the above section for details about required product versions and how to obtain
them. Install those products and/or patches for this step.
4. Install required patches listed above, if they have not been installed yet.
NOTE: Starting with the LDAP-UX product version B.03.20 or later, system reboot is not required
after installing the product. Although a reboot might be required depending on the patches that
are installed at the same time as this product
3.4.2 Configuring the LDAP-UX Client
If you attempt to enable SSL or TLS support with LDAP-UX, you must configure the LDAP
directory server to support SSL or TLS, and install the certificate of the server or the controlling
certificate authority in the security databases (/etc/opt/ldapux/cert8.db and
/etc/opt/ldapux/key3.db) on your client before you run the setup program. For SSL or
TLS setup details, refer to LDAP-UX Client Services Administrator’s Guide or LDAP-UX Client
Services with Microsoft Windows 2003/2003 R2/2008 Active Directory Administrator’s Guide.
If your browser does not generate cert7.db or cert8.db and key3.db security database files,
you must export the certificate (preferably the root certificate of the Certificate Authority that
signed the LDAP servers certificate) from your certificate server as a Base64-Encoded certificate
and use the certutil utility to create the cert8.dband key3.db security database files.
Use the following steps to create the security database files:
1. Retrieve the Base64-Encoded certificate from the certificate server and save it.
2. If the /etc/opt/ldapux/cert8.db or /etc/opt/ldapux/key3.db database files do
not exist, use the certutil utility with the -N option to initialize a new database:
/opt/ldapux/contrib/bin/certutil -N -d /etc/opt/ldapux
3. Add the CA certificate or the LDAP servers certificate to the security database:
To use the certutil command to add a CA certificate to the database:
For example, the following command adds the CA certificate, my-ca-cert, to the
security database directory,/etc/opt/ldapux, with the Base64-Encoded certificate
request file, /tmp/mynew.cert:
/opt/ldapux/contrib/bin/certutil -A -n my-ca-cert -t \
"C,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert
NOTE: The -t "C,," represents the minimum trust attributes that may be assigned
to the CA certificate for LDAP-UX to successfully use SSL to connect to the LDAP
directory server. If you have other applications that use the CA certificate for other
functions, then you may wish to assign additional trust flags. For additional information,
see the following website:
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
To use the certutil command to add the LDAP servers certificate to the security
database:
For example, the following command adds the LDAP servers certificate,
my-server-cert, to the security database directory, /etc/opt/ldapux, with the
Base64-Encoded certificate request file, /tmp/mynew.cert.
/opt/ldapux/contrib/bin/certutil -A -n my-server-cert -t \
"P,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert
3.4 Installing and Configuring the LDAP-UX Client Services 19