NIS+ to LDAP Migration Guide
Migrating NIS+ to LDAP
Configuring LDAP-UX Client Services
Chapter 234
NOTE You must run the setup program to configure the LDAP-UX Client
Services. Otherwise, the LDAP-UX Client Services will not work
properly. For detailed procedures on how to run setup program to
configure the LDAP-UX Client Services, see the “Configure the
LDAP-UX Client Services” section in the LDAP-UX Client Services
B.04.00 Administrator’s Guide available at http://www.docs.hp.com.
• Configure the Pluggable Authentication Module (PAM) by modifying
the file /etc/pam.conf.
Save a copy of /etc/pam.conf and modify the original file to add
/usr/lib/security/libpam_ldap.1 on the HP-UX 11i v1 system or
libpam_ldap.so.1 on the HP-UX 11i v2 system where it is
appropriate. If your system is in the standard mode, see
/etc/pam.ldap for an example. If your system is in the Trusted
Mode, see /etc/pam.ldap.trusted for an example.
• Configure the Name Service Switch (NSS) by modifying the file
/etc/nsswitch.conf.
Save a copy of /etc/nsswitch.conf file and modify the original to
add ldap to support name services. See /etc/nsswitch.ldap for a
sample.
• Optionally modify the disable_uid_range flag in the
/etc/opt/ldapux/ldapux_client.conf file to disable logins to the
local system from specific users.
• Optionally set up the login authorization for a subset of users from a
large repository such as an LDAP directory server.
The pam_authz service module provides functionality that allows the
administrator to control who can login to the system. Starting with
LDAP-UX Client Services B.04.00, pam_authz has been enhanced to
allow system administrators to configure their local access rules in a
local policy file, /etc/opt/ldapux/pam_authz.policy. pam_authz
uses these access control rules defined in the
/etc/opt/ldapux/pam_authz.policy file to control the login
authorization.