Manualshelf

LDAP-UX Integration B.05.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
ldapux/key3.db files, see the appropriate “Configuring LDAP-UX Client Services with SSL or
TLS support” section of the LDAP-UX Client Services B.05.01 Administrator Guide.
If you want to use LDAP-UX with Microsoft Windows Active Directory Server 2003 R2/2008 with
RFC 2307, see Section 2.4.3 (page 13) before you run setup or migration.
If your name service data (user, group, and so on) have been migrated to an LDAP directory, you
can set up a client system as described below. If you have not migrated your name service data
to an LDAP directory, refer to the LDAP-UX Client Services B.05.01 Administrator Guide for complete
migration details.
The following shows basic instructions for configuring the LDAP-UX Client Services:
1. When your LDAP directory is configured and contains your name service data, you can run
the setup program or autosetup program and follow the prompts to configure your client:
If you want to use customized installation mode:
cd /opt/ldapux/config
./setup
NOTE: At the end of setup, you will be prompted to start/restart ldapclientd. You can
choose not to start it right away. However, you must start the daemon, ldapclientd, for
LDAP-UX functions to work.
For information about running the setup program, see the LDAP-UX Client Services B.05.01
Administrator Guide. Continue to step 2.
If you want to use guided installation mode:
cd /opt/ldapux/config
./autosetup
After following the prompts, your installation will be complete. Thre is no need to continue to
step 2. Instead continue to step 4.
2. Save a copy of /etc/pam.conf, and modify the original file to add libpam_ldap.so.1
on an HP-UX 11i v2 or v3 system where it is appropriate. If your system is in Standard Mode,
see /etc/pam.ldap for an example. If your system is in the Trusted Mode, see /etc/
pam.ldap.trusted for an example.
NOTE: If you use PAM Kerberos, you must configure PAM Kerberos. On the HP-UX 11i v2
or v3 system, you need to add libpam_krb5.so.1 to /etc/pam.conf where it is
appropriate. If your system is in the Trusted Mode, information about the proper configuration
is provided in the LDAP-UX Client Services B.05.01 Administrator Guide. The configuration
guides for Kerberos client products are available at http://www.hp.com/go/hpux-security-docs
(select HP-UX Kerberos Data Security Software ).
3. Save a copy of /etc/nsswitch.conf file and modify the original to add ldap to support
name services. See /etc/nsswitch.ldap for an example.
4. Test your setup with a pwget (1) command and grget (1) command to ensure that the
client is reading the name services information from the LDAP directory.
5. If you use netgroup to control access to your hosts, you may wish to install and configure
pam_authz. For more information, see the pam_authz(5) manpage.
For more information on testing, troubleshooting, and shortcuts to configure additional clients,
see the LDAP-UX Client Services B.05.01 Administrator Guide.
2.4.3 Configuring for use with Microsoft Windows Active Directory Server
Windows 2003 R2/2008 Active Directory Server provides the ADS 2003 R2/2008’s RFC2307
schema, which is compliant with the IETF RFC2307 standard.
2.4 Installing and configuring the LDAP-UX Client Services 13