Manualshelf

Preparing your LDAP Directory for HP-UX Integration

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
12345678910
1
Introduction
Audience
This document is intended for Directory Administrators and architects responsible for the design,
deployment and security of an enterprise directory. This document is also intended for HP-UX system
administrators involved with the migration of Posix naming data, such as NIS
1
databases or /etc/... files, into
an LDAP directory. Customers evaluating the use of LDAP as a naming service for HP-UX will also
benefit from this document. This document assumes you have a solid foundation in LDAP directory
technologies. As an example, the terms such as "object class," "RDN," "schema," "multi-valued attribute,"
etc., should be familiar to you. Aside from directory technologies, you should also understand the name
service switch (NSS) and pluggable authentication module (PAM) architectures on the HP-UX system.
Refer to the "pam" and "nsswitch.conf" man pages for an overview. For additional details about the PAM
subsystem, see "Managing Systems and Workgroups" at http://docs.hp.com/hpux/os. Finally, you should
also review and understand the architecture and features of the "LDAP-UX Integration" product bundle. For
documentation on the "NIS/LDAP Gateway" and "LDAP-UX Client Services" products see
http://docs.hp.com/hpux/internet.
Background & Overview
As enterprises grow and demands for computing resources grow even faster, the cost of administration of
these systems grows just as quickly. In a highly distributed environment, local processes, security practices
and administration methods are inconsistent, repetitive and difficult to audit. Some tools, such as NIS,
attempt to address some of these issues, but can be pushed to capacity in a large environment. As such,
enterprise IT architects are evaluating LDAP directories as one tool to help unify many of the above
practices.
LDAP directories can play many roles in an enterprise, one of them being a naming service for Posix
systems. Specifically LDAP can provide a scalable replacement to an NIS based architecture. Just as NIS
became a de-facto standard, a schema defined by RFC 2307
2
provides a standard way to represent Posix
naming information (NIS databases) in an LDAP directory. Aside from scalability, LDAP directories (often
with the help of a meta-directory) offer the promise to integrate many disparate applications (such as HP-UX
account information and a Human Resources database,) thus consolidating data and administration. For
example, a name change in an HR database could change the "finger" information in the HP-UX account.
And LDAP directories appear to be the backbone for future security mechanisms, such as a public key
infrastructure.
This document contains many topics and it will evolve as LDAP standards change and additional issues
arise. Because LDAP directory technology has not standardized all facets of a directory service (such as
access control,) this document focuses on the issues instead of examples. Where appropriate, examples are
provided for clarity.
1
NIS (Network Information Service) is a component of the ONC+™ subsystem, developed by Sun Microsystems.
2
Howard, "An Approach for Using LDAP as a Network Information Service", RFC 2307,
ftp://ftp.isi.edu/in-notes/rfc2307.txt