HP UX LDAP-UX Integration Software manual Attribute Mappings

Page 74

Installing And Configuring LDAP-UX Client Services

AutoFS Support

Step 3. Delete the following two entries in the /var/opt/netscape/servers/slapd-<server-instance>/ \ config/schema/10rfc2307.ldif file. These two entries contain the ‘automountInformation’ attributetype and the ‘automount’ objectclass. The data in these two entries define the obsolete automount schema. The complete two entries are:

attributeTypes:( 1.3.6.1.1.1.1.25 NAME ’automountInformation’ DESC ’Standard LDAP attribute type’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ’RFC 2307’)

objectClasses:( 1.3.6.1.1.1.2.9 NAME ’automount’ DESC ’Standard LDAP objectclass’ SUP top MUST (cn $automountInformation)MAY (description) X-ORIGIN ’RFC2307’)

Step 4. Restart the daemon, slapd. This is to ensure that the updated schema file is recognized by the Netscape Directory Server.

/var/opt/netscape/servers/slapd-<server-instance>/restart-slap d

For example:

/var/opt/netscape/servers/slapd-ldapA.cup.hp.com/restart-slapd

After you delete the obsolete automount schema, you must re-run the setup program to import the new automount schema into the LDAP directory server.

Attribute Mappings

LDAP-UX Client Services B.04.00 supports attribute mappings between the new RFC 2307-bis automount schema and the nisObject automount schema. This feature allows the directory administrators to use the nisObject schema if they have already deployed it.

When both new automount schema and nisObject schema exist in the LDAP directory server, if you choose to use the nisObject automount schema, you must run the setup program using the custom configuration to perform the attribute mappings and search filter changes for the automount service. The attribute mappings include the following:

Remap the new automount attributes to the nisObject automount attributes. The attribute mappings are done in step 10 of the Custom Configuration. For detailed information on how to remap the automunt attributes, see “Custom Configuration” on page 34.

60

Chapter 2

Page 73 Page 75
Image 74
Page 73 Page 75
Contents Edition Manufacturing Part Number J4269-90071 E0207Legal Notices Contents Administering LDAP-UX Client Services Command and Tool Reference User Tasks Tables Viii Figures Figures Intended Audience New and Changed Documentation in This EditionPublishing History What’s in This documentXiii Typographical Conventions HP Encourages Your CommentsOverview of LDAP-UX Client Services ChapterOverview of LDAP-UX Client Services Simplified NIS EnvironmentSimplified LDAP-UX Client Services Environment How LDAP-UX Client Services WorksTraffic from replica updates IntroductionThat use PAM and NSS Examples of Commands and SubsystemsCommands that use Commands that use PAM Login, ftpd Ls, who Overview of LDAP-UX Client Services Local Start-up File and the Configuration Profile Overview of LDAP-UX Client Services Chapter LDAP-UX Client Services Before You BeginSummary of Installing and Configuring Summary of Installing and ConfiguringOptionally modify the /etc/opt/ldapux/pamauthz.policy Plan Your Installation Plan Your InstallationStill log in to the system Share user names and passwords with other applications, Example Directory Structure Plan Your Installation Plan Your Installation Section must be set to yes. If the start option is enabled, Plan Your Installation Install LDAP-UX Client Services on a Client Install LDAP-UX Client Services on a ClientStep Configure Your DirectoryConfigure Your Directory Configure Your Directory Grant read access of all attributes of the posix schema Configure Your Directory Import Name Service Data into Your Directory Import Name Service Data into Your DirectorySteps to Importing Name Service Data into Your DirectoryConfigure the LDAP-UX Client Services Configure the LDAP-UX Client ServicesConfigure the LDAP-UX Client Services Quick Configuration Required to start the services Simple Sasl DIGEST-MD5 Configuration Parameter Default Values Configure the LDAP-UX Client Services Custom Configuration Specify up to three directory hosts, to be searched in order Specify the service you want to map? Specify the attribute you want to map You type 0 to exit this menu for the following question Answer Y instead of the default N For the question You want to create a custom search descriptor for Configure the LDAP-UX Client Serivces with SSL Support Configure the LDAP-UX Client Serivces with SSL SupportConfiguring the LDAP-UX Client to Use SSL Steps to Download the CA Certificate from Mozilla BrowserMail users, and Trust the CA to identify software developers Steps to create database files using the certutil utility Use the rm command to remove the old database filesConfigure the LDAP-UX Client Serivces with SSL Support Configure LDAP-UX Client Services with Publickey Support Configure LDAP-UX Client Services with Publickey SupportOctober Enhanced Publickey-LDAP Software for HP-UX 11i v1 orJune Configuring an Admin Proxy User Using ldapproxyconfig Extending the Publickey Schema into Your DirectoryAdmin Proxy User Setting ACI for an Admin Proxy User Setting ACI for Key ManagementPassword for an Admin Proxy User An ExampleConfiguring serviceAuthenticationMethod Setting ACI for a UserAuthentication Methods Procedures Used to Configure serviceAuthenticationMethodServiceAuthenticationMethodkeyservsasl/digest-md5 Configuring Name Service Switch Configure LDAP-UX Client Services with Publickey Support AutoFS Patch Requirement Automount SchemasAutoFS Support AutoFS SupportNew Automount Schema SchemaAn Example NisObject Automount Schema Limitations Obsolete Automount SchemaRemoving The Obsolete Automount Schema Attribute Mappings Attribute Mappings New Automount Attribute NisObject AutomountEnvironment Variables AutoFS Migration ScriptsMigration Scripts Description Examples General Syntax For Migration ScriptsMigrateautomount.pl Script SyntaxAutoFS Support Migratenisautomount.pl Script Following shows the /tmp/autoindirect.ldif fileMigratenispautofs.pl Script Following shows the nispautomap.ldif fileVerify the LDAP-UX Client Services Verify the LDAP-UX Client ServicesMaking sure the output is as expected Verify the LDAP-UX Client Services #cat /etc/nsswitch.conf Configure Subsequent Client Systems Configure Subsequent Client SystemsChange the current configuration Download the Profile Periodically Download the Profile PeriodicallyCrontab crontab.profile #passwordas = Use r-command for PamldapUse r-command for Pamldap Password, and turning on the rcommand option for pamldap Use r-command for Pamldap Chapter Ldap Printer Configurator Overview OverviewDefinitions System How the Ldap Printer Configurator works How the Ldap Printer Configurator worksSystem administrator manually adds or removes printers to Printer Configurator Architecture Printer Configuration Parameters Printer Configuration ParametersAn Example Printer SchemaPrinter Schema Printer Schema Example Managing the LP printer configurationManaging the LP printer configuration Managing the LP printer configuration Managing the LP printer configuration Limitations of Printer Configurator Limitations of Printer ConfiguratorLimitations of Printer Configurator Chapter Administering LDAP-UX Client Overview Using The LDAP-UX Client DaemonUsing The LDAP-UX Client Daemon Controlling the client LdapclientdStarting the client Client Daemon performanceCommand options DiagnosticsConfiguration file syntax Missing settingsLdapclientd.conf Opt/ldapux/config/setup Using The LDAP-UX Client Daemon 100 Chapter 101 102 Chapter 103 Configuration File Integrating with Trusted Mode Integrating with Trusted ModeFeatures and Limitations AuditingPassword and Account Policies Chapter 107 PAM Configuration FileOthers Configuration Parameter Pamauthz Login Authorization Enhancement Pamauthz Login Authorization EnhancementPolicy And Access Rules Chapter 109How Login Authorization Works Pamauthz EnvironmentPolicy File Chapter 111Field Syntax in an Access Rule Constructing an Access Rule in pamauthz.policyFields in an Access Rule ActiontyperuleChapter 113 No value is required ActionChapter 115 116 Policy Validator Chapter 117An Example of /etc/opt/ldapux/pamauthz.policy File Adding a Directory ReplicaAdding a Directory Replica Chapter 119 Displaying the Proxy User’s DNDisplaying the Proxy User’s DN Example Verifying the Proxy UserCreating a New Proxy User Verifying the Proxy UserDisplaying the Current Profile Displaying the Current ProfileCreating a New Profile Chapter 121Modifying a Profile Changing Which Profile a Client Is UsingModifying a Profile Changing from Proxy Access to Anonymous Access Changing from Anonymous Access to ProxyAccess Changing from Anonymous Access to Proxy AccessChanging from Proxy Access to Anonymous Access Performance Considerations Performance ConsiderationsMinimizing Enumeration Requests Chapter 125Client Daemon Performance Client Daemon PerformanceLdapclientd Caching Map Name Benefits Example Side-Effect Chapter 127128 Chapter 129 Ldapclientd Persistent Connections Enabling and Disabling LDAP-UX Logging TroubleshootingTroubleshooting Chapter 131Enabling and Disabling PAM Logging TIPChapter 133 Netscape Directory Server Log FilesUser Cannot Log on to Client System 134 You should get output like the following Chapter 135136 Command and Tool Reference Chapter 137LDAP-UX Client Services Components Description LDAP-UX Client Services ComponentsLDAP-UX Client Services Components Chapter 139 LDAP-UX Client Services ComponentsComponent Description LDAP-UX Client Services Libraries on the HP-UX 11.0 or 11i PA machine Files DescriptionChapter 141 LDAP-UX Client Services Libraries on the HP-UX 11i v2 PAMachine Files Description LDAP-UX Client Services Libraries on the HP-UX 11i v2 IA Createprofilecache Tool Client Management ToolsCreateprofileentry Tool Client Management ToolsCreateprofileschema Tool Displayprofilecache ToolGetprofileentry Tool Chapter 145Ldapproxyconfig Tool Getprofileentry -s NSSFile Chapter 147148 Chapter 149 Beq Search Tool Beq Search ToolSyntax Examples Chapter 151152 Uid2dn Tool Chapter 153Ldap Directory Tools Ldap Directory ToolsGetattrmap.pl Tool Ldapentry Chapter 155156 Ldapsearch Chapter 157Ldapmodify Ldapdelete Certutil Chapter 159 Adding One or More UsersAdding One or More Users Default Naming Context Name Service Migration ScriptsName Service Migration Scripts Naming ContextChapter 161 Migrating All Your FilesMigrating Individual Files Migration Scripts Script Name Description General Syntax for Perl Migration ScriptsMigration Scripts Script Name Description Chapter 163164 Chapter 165 Ldappasswd Command Ldappasswd CommandChapter 167 168 To Change Passwords Chapter 169To Change Passwords Cannot Change Passwords on Replica ServersChapter 171 172 Chapter 173 To Change Personal InformationTo Change Personal Information 174 Mozilla Ldap C SDK Chapter 175176 Mozilla Ldap C SDK File Components on the PA machine Mozilla Ldap C SDK File ComponentsMozilla Ldap C SDK File Components Files DescriptionMozilla Ldap C SDK File Components on the IA machine Chapter 179 Mozilla Ldap C SDK API Header Files Header Files DescriptionChapter 181 182 Table A-1 LDAP-UX Client Services Configuration Worksheet Appendix a 183Appendix a Appendix a 185 186 Classes Appendix B 187Appendix B Profile AttributesProfile Attributes Appendix B 189 190 file Appendix C 191Sample /etc/pam.ldap.trusted file Appendix CAppendix C 193 194 Ldap Data Interchange Format Ldif PAM Authorization Service ModuleGlossary Glossary 195Slapd GlossarySymbols IndexNIS, 2, 12, 15 Pwget, 4, 69 200
Related manuals
Manual 26 pages 60.39 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents