LDAP-UX Integration B.05.00 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

cd /opt/ldapux/config

./autosetup

After following the prompts, your installation will be complete. Thre is no need to continue

to step 2. Instead continue to step 4.

2. Save a copy of /etc/pam.conf, and modify the original file to add libpam_ldap.so.1

on an HP-UX 11i v2 or v3 system where it is appropriate. If your system is in Standard Mode,

see /etc/pam.ldap for an example. If your system is in the Trusted Mode, see /etc/

pam.ldap.trusted for an example.

NOTE: If you use PAM Kerberos, you must configure PAM Kerberos. On the HP-UX 11i

v2 or v3 system, you need to add libpam_krb5.so.1 to /etc/pam.conf where it is

appropriate. If your system is in the Trusted Mode, see LDAP-UX Client Services B.05.00 with

Microsoft Windows Active Directory Server Administrator’s Guide for the detailed configuration.

The Configuration Guides for Kerberos client products are available at http://www.hp.com/

go/hpux-security-docs (Click HP-UX Kerberos Data Security Software ).

3. Save a copy of /etc/nsswitch.conf file and modify the original to add ldap to support

name services. See /etc/nsswitch.ldap for an example.

4. Test your setup with a pwget (1) command and grget (1) command to ensure that the

client is reading the name services information from the LDAP directory.

5. If you use netgroup to control access to your hosts, you may wish to install and configure

pam_authz. See the pam_authz (5) man page for more details.

For more information on testing, troubleshooting, and shortcuts to configure additional

clients, refer to LDAP-UX Client Services B.04.15 Administrator’s Guide.

2.3.3 Configuring for use with Microsoft Windows Active Directory Server

Windows 2003 R2/2008 Active Directory Server provides the ADS 2003 R2/2008’s RFC2307

schema, which is compliant with the IETF RFC2307 standard.

2.3.4 Profile format changes

The profile format has been changed in the product version B.04.10. If you previously configured

LDAP-UX B.04.00 or earlier version using the default profile /etc/opt/ldapux/

ldapux_profile.ldif, and now update the product to version B.04.10 or later, the product

will automatically update /etc/opt/ldapux/ldapux_profile.bin to the new format.

For the following cases, you must manually update the profile format by executing each

PROGRAM line after you update the product to version B.04.10 or later successfully:

• If you previously configured LDA-UX B.04.00 or earlier version using the different profile

other than /etc/opt/ldapux/ldapux_profile.ldif, and now update the product

to version B.04.10 or later.

• If you previously configured LDAP-UX B.04.00 or earlier version to work with ADS multiple

domains, and now update the product to version B.04.10 or later, you must manually execute

each PROGRAM line for remote domains configured in /etc/opt/ldapux/ldapux_client.conf.

For example, if /etc/opt/ldapux/ldapux_client.conf contains the following entries:

Service: NSS

PROFILE_ID="local"

LDAP_HOSTPORT="192.10.10.10:389"

PROFILE_ENTRY_DN="cn=ldapuxprof,CN=Configuration,DC=myorg,DC=mycom,DC=com"

PROGRAM="/opt/ldapux/config/create_profile_cache"

PROFILE_ID="eng.myorg.mycom.com"

LDAP_HOSTPORT="192.10.10.11:389"

PROFILE_ENTRY_DN="cn=ldapuxprof,cn=configuration,dc=eng,dc=myorg,dc=mycom,dc=com"

PROGRAM="/opt/ldapux/config/create_profile_cache \

2.3 Installing and configuring the LDAP-UX Client Services 15