Manualshelf

NIS/LDAP Gateway Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
basedn The Distinguished Name in your directory where the NIS/LDAP Gateway
should begin all searches.
CAUTION: The file ypldapd.conf contains the proxy user's password and could represent
a security risk. Restricting the permissions on this file reduces this risk.
For testing, you can set ypdomain to a new domain, then set the domain name of your test
clients to that domain. When you finish testing, set it to your production domain.
After you modify the configuration file, you can copy it to your other NIS/LDAP Gateway
servers.
2. Verify that the proxy user can read passwords from your directory. The following command
ldapsearch -D "uid=proxy-user,ou=people,o=hp.com" -h servername
-w passwd -b o=hp.com uid=username
binds to the directory as the proxy user and reads the entry for the user username. Change
this example to use your proxy user, server, base DN, and user.
You should get output with a line like the following:
userpassword={crypt}d92lFl8SMksl2k24
If you don't, your proxy user may not be configured properly. Make sure you have access
permissions set correctly for the proxy user. See “Troubleshooting” for more information.
3. If you want the NIS/LDAP Gateway to automatically restart after rebooting your system,
edit the file /etc/rc.config.d/ypldapd and set YPLDAPD=1.
If you do this, you should also edit /etc/rc.config.d/namesvrs and set
NIS_MASTER_SERVER=0 and NIS_SLAVE_SERVER=0 so the NIS server does not
automatically restart after rebooting.
Start the NIS/LDAP Gateway Server Daemon
1. If the NIS daemon is running on the same system as your NIS/LDAP Gateway server, stop
the NIS daemon:
/sbin/init.d/nis.server stop
2. Start the NIS/LDAP Gateway daemon. If YPLDAPD=0 in the file /etc/rc.config.d/ypldapd,
use the following command:
/opt/ldapux/ypldapd/sbin/ypldapd
If YPLDAPD=1 in the file /etc/rc.config.d/ypldapd, use the following command:
/sbin/init.d/ypldapd start
To test all servers on a subnet, repeat the above steps for each NIS server on the local subnet.
Test the NIS/LDAP Gateway
This section describes some simple ways you can test the installation and configuration of your
NIS/LDAP Gateway. You may need to do more elaborate and detailed testing, especially if you
have a large environment.
The following procedure assumes you have created a new NIS domain called test-ldap for
testing purposes. Modify these commands as needed for your environment.
24 Installing the NIS/LDAP Gateway