Manualshelf

LDAP-UX Integration B.04.20 Release Notes (April 2010 Update)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
NOTE: The -t "p,," represents the minimum trust attributes that may be assigned
to the LDAP servers certificate for LDAP-UX to successfully use SSL to connect to the
LDAP directory server. For additional information, see the following website:
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
If you want to use LDAP-UX with Microsoft Windows 2003 Active Directory with Services for
UNIX version 2.0 (SFU 2.0) , or to use Windows Active Directory Server 2003 R2 or 2008 with
RFC 2307, see the section “Configuring for Use with Microsoft Windows Active Directory Server
before you run setup or migration.
If your user and group data have been migrated to an LDAP directory, you can set up a client
system as described below. If you have not migrated your name service data to an LDAP directory,
refer to LDAP-UX Client Services B.04.15 Administrator’s Guide for complete migration details.
The following shows basic instructions for configuring the LDAP-UX Client Services:
1. When your LDAP directory is configured and contains your name service data, you can run
the setup program and follow the prompts to configure your client:
cd /opt/ldapux/config
./setup
NOTE: At the end of setup, you will be prompted to start/restart ldapclientd. You can
choose not to start it right away. However, you must start the daemon, ldapclientd, for
LDAP-UX functions to work.
For details on running the setup program, refer to LDAP-UX Client Services B.04.15
Administrator’s Guide.
2. Save a copy of /etc/pam.conf and modify the original file to add /usr/lib/security/libpam_ldap.1
on the HP-UX 11i v1 system or libpam_ldap.so.1 on the HP-UX 11i v2 system where it is
appropriate. If your system is in the standard mode, see /etc/pam.ldap for an example. If your
system is in the Trusted Mode, see /etc/pam.ldap.trusted for an example.
NOTE: If you use PAM Kerberos, you must configure PAM Kerberos. On the HP-UX 11i
v1 system, you need to add /usr/lib/security/libpam_kerberos.1 to /etc/pam.conf where it is
appropriate. On the HP-UX 11i v2 system, you need to add libpam_kerberos.so.1 to /etc/pam.conf
where it is appropriate. If your system is in the Trusted Mode, see LDAP-UX Client Services
B.04.15 with Microsoft Windows Active Directory Server Administrator’s Guide for the detailed
configuration. You are able to find the Configuration Guide for Kerberos product available
at the following website:
http://www.hp.com/go/hpux-security-docs
3. Save a copy of /etc/nsswitch.conf file and modify the original to add ldap to support name
services. See /etc/nsswitch.ldap for an example.
4. Test your setup with a pwget (1) command and grget (1) command to ensure that the
client is reading the name services information from the LDAP directory.
5. If you use netgroup to control access to your hosts, you may wish to install and configure
pam_authz. See the pam_authz (5) manpage for more details.
For more information on testing, troubleshooting, and shortcuts to configure additional
clients, refer to LDAP-UX Client Services B.04.15 Administrator’s Guide.
20 LDAP-UX Client Services