Manualshelf

NIS/LDAP Gateway Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
Log Files
You can check log files to see if any unusual incidents have occurred with the NIS/LDAP Gateway
or your directory. The NIS/LDAP Gateway logs important events and errors to the file
/var/adm/syslog/syslog.log. The Netscape/Red Hat Directory Server for HP-UX logs information
to files in the logs directory under /var/opt/netscape/servers/slapd-<serverID> where
slapd-<serverID> is the name of your directory server.
User Cannot Log on to Client System
If a user cannot log in to a client system, perform the following checks.
Make sure the NIS/LDAP Gateway daemon, ypldapd, is running. Use the following
command:
ps -ef | grep ypldapd
If it is not running, restart it as described in “Starting and Stopping the NIS/LDAP Gateway”.
Make sure the NIS daemon, ypserv, is not running. Use the following command:
ps -ef | grep ypserv
If it is running, stop it with a command like the following:
/sbin/init.d/nis.server stop
Make sure ypldapd can authenticate to the directory. If you are using a proxy user
(determined by the binddn parameter in the file /opt/ldapux/ypldap/etc/ypldapd.conf), try
searching for one of your user's information in the directory with a command like the
following:
ldapsearch -D "uid=proxy-user,ou=people,o=hp.com" -h servername \
-w passwd-b "o=hp.com" uid=username
using the name of your directory server, proxy user, user name, and password.
You should get output with a line like the following:
userpassword={crypt}d92lFl8SMksl2k24
If you don't, your proxy user may not be configured properly. Make sure you have access
permissions set correctly for the proxy user. See “Configure Your Directory” for details on
configuring the proxy user.
You can also try binding to the directory as the directory administrator and reading the
user's information.
Use the Directory Console to authenticate to the directory as the directory administrator.
Check the ACLs for the proxy user. Make sure the proxy user can view the userpassword
attribute and all the attributes listed below. If not, change the ACI to allow this. Make sure
all users can read their own information. If they cannot, change the ACI to allow this.
Make sure all users have the following attributes and can read them:
posixaccount
loginshell
uidnumber
uid
gidnumber
memberuid
homedirectory
30 Administering the NIS/LDAP Gateway