HP UX Internet Express Software Using the Main Browsing Window, Disconnecting from an Ldap Server

Page 199

and server. For an SSL connection to be established successfully, the following conditions must be satisfied:

The LDAP server must be configured by its administrator to accept SSL connections. The default port for LDAP over SSL is port 636. Many servers are not configured by default to accept SSL connections, so check with the server administrator if there is any doubt.

The authentication certificate presented to the LDAP Browser by the server must be signed by a trusted certificate authority.

The LDAP Browser will automatically recognize and trust server certificates that are signed by any one of a group of well-known certificate authorities. However, if an LDAP server presents a certificate that is not signed by one of these well-known certificate authorities, the connection attempt will fail. This is typically the case when attempting to connect to LDAP servers that have been configured with self-signed certificates or certificates issued by a certificate authority internal to a company or organization. In cases such as this, the server's certificate must be manually added to a certificate store file that the LDAP Browser will use as a source of trusted certificates.

To add an LDAP server certificate to a trusted certificate store file, perform the following steps:

1.Obtain the LDAP server's digital certificate from the server's administrator.

Some administrators provide access to this certificate by posting a link to it on an associated Web site or by storing it in a publicly accessible entry in the LDAP directory. Either the binary form of the certificate or the printable Base64-encoded form defined by the Internet RFC 1421 standard is acceptable.

2.Import the certificate into a trusted certificate store file called .keystore in the user's home directory.

To accomplish this, use the keytool utility that ships as part of the Java installation. For example:

#keytool -import -alias someserver -file \ someserver.cer -keystore ~/.keystore storepass mypassword

Where someserver is an alias that will be used to refer to this certificate, someserver.cer is a file containing the certificate, and mypassword is a password used to access the keystore.

3.Restart the LDAP Browser to load the new keystore.

4.Connect to the LDAP server.

If the previous steps have been performed and the connection still cannot be made, verify that the host name, port, base distinguished name, and bind authentication information are all configured correctly. If the problem still remains, the LDAP Browser can be run from the command line with a special qualifier that turns on SSL debugging; this can sometimes reveal the problem. To use the qualifier, run the LDAP Browser from the directory where the ldapbrowser.jar file resides. For example:

# java -jar ldapbrowser.jar -Djavax.net.debug=all

Disconnecting from an LDAP Server

To terminate the currently established LDAP connection, choose Disconnect from the File menu.

Reconnecting to an LDAP Server

To disconnect and then reconnect from an established connection, or to reestablish a connection that was terminated, choose Reconnect from the File menu.

Using the Main Browsing Window

Once a connection is established, the main browsing window allows you to view and manage the information in the directory. The directory is graphically represented in tree form, with each

Using the LDAP Browser 199

Page 198 Page 200
Image 199
Page 198 Page 200
Contents Abstract Internet Express for Tru64 Unix VersionPage Contents User Authentication Mail Delivery Administration Mail Access Administration 132 XML Component Administration 164 Web Services Administration 155Network Security Administration 167 Ldap Directory Server Administration 195 Proxy Services Administration 190FTP Server Administration 213 OpenSLP Administration 207Samba File and Print Server Administration 216 Internet Relay Chat Administration 248 InterNetNews Server Administration 225Twiki 266 PostgreSQL Database and MySQL Administration 249Bind Domain Name Server Administration 260 Jabber 265Intended Audience About This DocumentDocument Organization User input CommandTypographic Conventions Computer outputReading the Documentation Reading Documentation Using the Administration UtilityReading Documentation Using the Public Web Server Related InformationOn a PC Reading Documentation from the Internet Express CD-ROMReading Reference Pages for Internet Express Components On a Tru64 Unix SystemInternet electronic mail readerscomment@zk3.dec.com Readers CommentsReading the Open Source Software Component Documentation # man -M /usr/news/man active.5Readers Comments Using the Administration Utility Using the Administration UtilityAdministration Utility Menu Options and Tasks Using the Administration Utility Main MenuRegister Online Registering Your Internet Express InstallationNavigating the Administration Utility Using Administration Utility FormsSample Administration Utility Form 8081 Internet Express Accessing Administration ServersInternet Express Accounts and Ports Port Number DescriptionAccessing and Managing the Internet Monitor Accessing the Internet Express Login AccountManaging Internet Express in a TruCluster Environment Using Internet Express Services in a Cluster Installing and Removing ComponentsTruCluster Impact on Internet Express Administration Port number from the current Web server Installing and Removing ComponentsKeywords for URL Line Hostname of the local hostPerforming Web-Based System Management Accessing Web-Based System Management ToolsAccessing Web-Based System Management Tools Tuning Kernel Attribute ValuesUsing the Administration Utility Internet Express and AlphaServer Products Web Sites Where to Find More InformationOpen Source Software Web Sites GnuPG ExpectFirefox FreeRADIUSMajordomo Automated Internet Mailing Lists Manager IRC ServerJabber Lynx Web BrowserPerl MySQLOpenLDAP OpenSLPSamba File and Print Server PostgreSQL Relational Database Management SystemProcmail Mail Filtering Language Pure-FTP ServerSystem Security Web Sites Microsoft Other Useful Web SitesApplications InterNICEncompass Manage Users Menu User AdministrationOverview of User Accounts User AdministrationOverview of User Accounts Assigning Passwords to User AccountsPurging Obsolete Passwords Specifying User NamesSearching for User Accounts Searching for User AccountsSelecting User Accounts Assigning Users to GroupsShows the Create Named User Account form Creating Captive Accounts for Named UsersCreating a Named User Account Creating Captive Accounts for Generic UsersCreating Generic User Accounts Creating a Noncaptive Account for a Unix System UserCreating a Noncaptive Account for a Unix System User To create a group, see Section Creating GroupsCreating a System User Account Creating GroupsCreating Groups Displaying User Account InformationDisplaying User Account Information Deleting User AccountsChanging Groups for User Accounts Changing Groups for User AccountsUser Administration Changing the Password for an Account Changing the Password for an AccountChanging Mail Services for Users Assigning POP with Password Mail Service Assigning Regular Delivery Mail ServiceChanging Mail Services for Users Assigning Cyrus Imap with Password Mail Service Assigning the Cyrus Imap Mail ServiceManaging the .users.list File Assigning Apop with Password Mail ServiceManaging the iass Account Changing the iass Account Forwarding AddressRemoving the .users.list File Managing the User Self-Administration FeatureListing User Accounts and Passwords Purging Passwords for User AccountsManaging the User Self-Administration Feature Enabling and Disabling the User Self-Administration FeatureManage User Self-Administration Menu Configure Web Server for Self-Administration Form Modifying the Web Server ConfigurationModify Web Server Configuration Enabling and Disabling Login DelaysAdding Groups Managing User Self-Administration GroupsAdding Groups Deleting and Modifying GroupsEnabling and Disabling Groups Customizing the User Self-Administration FeatureUser Administration Managing the Ldap Module for System Authentication User AuthenticationManaging the Ldap Module for System Authentication User Authentication Example 1 Security Matrix Enabled for LdapLdap Caching Daemon Example 2 Ldap Caching Daemon Configuration File Value of searchbase Value of machinedn Value of machinepass Creating BranchesUserbranch ou=accounts,searchbase Extended Ldap Schema for Unix Account InformationIndexing Attributes for the Directory Servers Adding Indices for OpenLDAP Configuring the Ldap Module for System AuthenticationLdap Database Index Types Configuring the Ldap Module for System Authentication Modifying the Ldap Module ConfigurationDefining Ldap System Parameters Configuring Ldap Password Attributes Configuring Ldap Group Attributes Importing and Exporting Users from /etc/passwd Testing the Ldap Module ConfigurationEnabling and Disabling the Ldap Module Adding an Ldap User in a C2 Environment Importing Users into the Directory ServerImporting Users from NIS Exporting Users from the Directory ServerAccess Control Ldap Database Utilities Authentication mechanism Remove login names from specified groupRemove login names from all groups File in which to store search results the default isExtracting Users from the /etc/passwd File Checking the Ldap Server ConfigurationAdding a User Entry Retrieving a User Entry Deleting a User EntryAdding a Group Entry Synchronizing with a Password FileLdapsyncuser -b branch filename Deleting a Group Entry Maintaining Group MembershipLdapgetgroup -b branch -f input-file Setting a Users Password in the Ldap Directory ServerRetrieving a Group Entry Starting the ldapcd DaemonModifying Entries in an Ldap Database Maintaining the Ldap Directory Server Using Ldap CommandsStopping the ldapcd Daemon Adding Entries to an Ldap DatabaseActions Performed by the Ldap Client Authentication Actions PerformedFiles Modified by theLDAP Module for System Authentication Overview of the Ldap ClientEtc/ldapusers.allow Operation of login/suBehavior of the the ldapdc Daemon Debugging ldapdc# su user1 Bogofilter to filter spam Section Bogofilter Spam Filter Mail Delivery AdministrationSendmail Server Administration Mail Delivery AdministrationLdap see Section Configuring Ldap Configuring the System as a Standalone Mail SystemConfiguring the System as a Mail Client Configuring the System as a Mail ServerCreating and Deleting Host Aliases for a Mail Server Sendmail Server Administration Changing the Sendmail Server ConfigurationCreating and Deleting Pseudo Domain Aliases Configuring Mail ProtocolsPSInet see Section Configuring the X.25 Protocol Through Section Configuring the X.25 ProtocolConfiguring the DECnet Phase IV Protocol Configuring the MTS ProtocolConfiguring the DECnet/OSI Protocol Configuring the X.25 Protocol Configuring the Uucp ProtocolAccessing the Configure Masquerading Form Configuring MasqueradingRoot Postmaster News Uucp Mailer-daemon Rdist Nobody Daemon Pop Imap Configuring Your System for MasqueradingExample 4 Sample Virtual Domain Table Configuring Virtual Domains# makemap btree virtusertable virtusertable Enabling Anti-Virus Enabling Procmail as a Local MailerConfiguring Relaying Configuring Anti-SpamExample 5 Sample Access Database for the Sendmail Server Configuring the Access DatabaseConfiguring an Access Database Configuring Checking on Senders Information Configuring LdapShows the Configure Ldap form Configuring Mail Filters MilterSocket inet1066@myhost.com,T=C5mS10sR10sE5m Socket local/var/run/f1.sockSocket inet1099@remotehost.com Socket inet61066@myhost.comSample -p local/var/run/example1.sock Adding a Queue Configuring QueuesModifying a Queue Group # sendmail -bt -q queue-nameDeleting a Queue Group Queue Timers Configuring Queue PerformanceGeneral Queue Properties Sendmail Timers Configuring Trusted Layer SecuritySendmail Tunable Parameters Certicate Authority Abbreviation Certificate Authority Certificate DefaultsCertificate Issuer One that issues certificates a CA TLS Certificate ValuesEnabling Support Using the Access Database Side VERIFYbits CIname Sendmail Server AdministrationMarked as permanent Failure marked as temporaryControlling the Sendmail Server Configuring Mailbox AccessRelay or Subject Creating a Majordomo Mailing List Majordomo Mailing List AdministrationMajordomo Mailing List Administration Viewing the Sendmail Server LogChanging List Owner or Charter Changing a Majordomo Mailing List ConfigurationChanging Subscription Parameters Changing Administration ParametersChanging Message Content Parameters Changing Digest Parameters Changing Command Access ParametersChanging List Restriction Parameters Changing Moderated List ParametersMailman MailmanDeleting a Majordomo List Changing Address Processing ParametersManaging Mailman Creating the Initial Mailman List Using a ScriptCreate a Mailing List Deleting a Mailing ListMailman Mailing List Administration Menu Training Bogofilter Bogofilter Spam FilterMailman Scripts Mailman Log FilesBogofilter/wordlist.db Using Bogofilter with procmailFiltering with Bogofilter Filter Integration with Other ToolsPine Integration with Bogofilter Mutt Integration with BogofilterMail Transport Agent MTA Integration with Bogofilter Bogofilter Spam Filter Controlling the POP2 Server Mail Access AdministrationPOP Mail Server Administration Controlling the POP3 ServerImap Mail Server Administration Imap Mail Server AdministrationViewing the POP Mail Server Log Setting Up a Unix User Account for Cyrus Imap Setting Up a Unix User Account for UW ImapConverting Imap Mail Folders Usr/dt/bin/mailcv -I -t -f ./bar duke Controlling the Cyrus Imap ServerControlling the UW Imap Server Usr/dt/bin/mailcv -evdt -I -f foldername directoryname userViewing the Imap Server Log Configuring SSL for UW-IMAPIMP Webmail Administration IMP Webmail AdministrationEnabling and Disabling IMP Webmail Accessing the IMP Webmail Administration MenuEnable/Disable IMP Webmail Managing Mail Server SettingsModifying the Mail Server List IMP Mail Server SettingsAdding a Mail Server IMP Mail Server List Settings Modifying a Mail Server Managing Mailbox SettingsDeleting a Mail Server IMP Mailbox Settings Managing Compose SettingsIMP Compose Settings Managing Message SettingsPreference settings IMP Message Settings Managing Logging SettingsIMP Logging Settings Preference Driver Settings Managing Preference Driver SettingsSetting Description Allow usage of folders Managing Miscellaneous IMP SettingsManaging Horde Settings Miscellaneous IMP SettingsHorde Settings Managing Turba Settings Have access to their addressbook Using IMP Upgrade ToolsIMP Turba Settings Setting Description EnabledUpgrading IMP Databases Upgrading IMP ConfigurationsIMP Database Upgrade Settings Additional Webmail Documentation Accessing IMP WebmailNew Preference Table Secure Web Server Administration Web Services AdministrationSecure Web Server Administration Internet Express Ports and URLs Accessing the Secure Web ServersServer Changing Configuration ParametersConfiguration Files for Secure Web Servers Web Server ManagementHttpd.conf Srm.conf Access.conf Changing the Password for the Administration Web ServerHt//Dig Search Tool Administration Ht//Dig Search Tool AdministrationCreating the Search Index Ht//Dig Indexing and Search Administration Link to Ht//Dig Search Index Updated Ht//Dig Configuration File Message Documentation Searching the IndexHttp//hostname/htdig/search.html Directories and Subsets for XML Components XML Component AdministrationDirectories and Subsets for XML Components Managing the Apache Axis Server Apache Axis Server AdministrationApache Cocoon Servlet Administration Apache Axis Server AdministrationEnabling and Disabling the Cocoon Servlet Managing the Apache Cocoon ServletViewing the Cocoon Log Files Network Services Wrapped by Internet Express Network Security AdministrationTCP Wrapper Administration Network Services Wrapped by Internet ExpressModifying Access to a Wrapped Network Service Controlling Access to Other Network ServicesNetwork Service Access Options Testing TCP Security ModificationsFireScreen Administration Menu FireScreen AdministrationFireScreen Administration Installing FireScreenEtc/rc.config file Checking FireScreen Installation PrerequisitesFireScreen Administration Install FireScreen Page with Gateway Screening Enabled Configuring FireScreen Configure FireScreen Menu Setting Command-Line OptionsSet Options Confirmation Adding a Screening Rule Setting the Screening ModeAdd New Screening Rule Form Deleting a Screening Rule Checking Syntax of Screening RulesStarting FireScreen Starting and Stopping FireScreenStopping FireScreen Start/Stop FireScreen Form with Restart Option EnabledViewing FireScreen Screening Rules Viewing FireScreen StatusViewing the FireScreen Log Viewing FireScreen Statistics Snort Intrusion Detection SystemUsr/internet/docs/snort Snort documentation Snort -vd -l ./log Configuring Snort DecoderConfiguring Snort Preprocessor Option Disable Decode AlertRunning Snort FreeRADIUS Server AdministrationViewing Alert Messages Users File Considerations While Installing FreeRADIUSUnderstanding FreeRADIUS Configuration Files Starting and Stopping the FreeRADIUS ServerClients.conf file Configure --disable-shared make make installRadiusd.conf file Viewing FreeRADIUS Log File Controlling the Dante Socks Server Proxy Services AdministrationDante Socks Server Administration Proxy Services AdministrationSquid Proxy/Caching Server Administration Squid Proxy/Caching Server AdministrationConfiguring the Dante Socks Server Accessing Dante Socks InformationReinitializing the Disk Cache Configuring the Squid Proxy/Caching ServerManaging the Squid Proxy/Caching Server Rotating Log Files Displaying Access StatisticsControlling the Squid Proxy/Caching Server Understanding the Ldap Directory Schema Ldap Directory Server AdministrationUnderstanding the Ldap Directory Schema Ldap Directory Server Administration Using the Ldap BrowserExample 6 Ldap Standard Object Class Definition for Person Creating or Editing Frequently Used Connections Installing and Running the Ldap BrowserConnecting to an Ldap Server Managing Frequently Used ConnectionsConnecting to an Ldap Server using SSL Disconnecting from an Ldap Server Using the Main Browsing WindowReconnecting to an Ldap Server Viewing a Directory Entry in a Separate Window Controlling Client-Side Schema CheckingOpening a New Main Window Closing a Main WindowCopying a Directory Entry Adding a New Directory EntryModifying a Directory Entry Deleting a Directory EntryModifying Attributes Renaming a Directory EntryMoving a Directory Entry Adding AttributesModifying Entry Templates Deleting AttributesManaging Directory Entry Templates Creating Entry TemplatesViewing the Attribute Schema Viewing the Object Class SchemaSearching the Directory Managing the OpenLDAP Directory Server Managing and Using the OpenLDAP Directory ServerUser Configuration File Configuring the OpenLDAP Directory ServerLdap Directory Server Administration Configuration Files and Examples OpenSLP AdministrationOpenSLP Overview Using the OpenSLP Configuration and Registration Files Configuring OpenSLPConfiguring Optional Security Configuring OpenSLP Running the ServicesConsiderations for Using SLP APIs Running the Example ConfigurationDocumentation DocumentationOpenSLP Administration Creating or Modifying an Anonymous Pure-FTP User Account FTP Server AdministrationAdministering Pure-FTP Server Administering Pure-FTP ServerUpload /data/ftp /pub yes ftp daemon Enabling or Disabling Anonymous Pure-FTP AccessFTP Server Administration Enabling or Disabling chrootEnabling or Disabling Pure-FTP server Displaying Active Pure-FTP UsersSamba File and Print Server Administration Samba File and Print Server AdministrationOptions for Modifying the smb.conf Configuration File Understanding the smb.conf Configuration FileWorkgroup Understanding the smb.conf Configuration FileAdd the following value Configuring the Samba Server Using the Swat Program Administering the Samba Server Using the Swat ProgramAdministering the Samba Server Using the Swat Program Samba File and Print Server Administration Configure the Samba Server Menu Configuring Share Parameters Configuring Global VariablesManage passwords see Section Administering Passwords Viewing the Status of the Server Viewing the Current ConfigurationAdministering Passwords Controlling PrintersSamba File and Print Server Administration 225 InterNetNews Server AdministrationInterNetNews Server Administration Specifying INN Configuration DataINN Daemons Configuring an External Newsfeed Configuring an External NewsfeedDays 12 GB Displaying an External NewsfeedRecommended Spool Space for News Articles Article Retention PeriodAdding an External Newsfeed Typically, a newsfeed has the following flags set Modifying an External Newsfeed Modifying Newsfeed DefaultsRemoving an External Newsfeed Updating the Local Active File Managing Client AccessAdding a Client Access Group Displaying Client Access GroupsAccess Groups Form Fields Removing a Client Access Group Modifying an Existing Client Access GroupClient Authentication Groups Menu Fields Displaying Client Authentication GroupsManaging Client Authentication Groups Adding Client Authentication GroupsUsr/bin/news/auth/passwd Modifying Client Authentication GroupsConfiguring Storage Options Configuring Storage OptionsConfiguring Storage Method Entries Deleting Client Authentication GroupsAdding a New Storage Method Class Options on the Configure Storage MenuModifying a Storage Method Class Adding New Cnfs Entries Configuring the Cnfs Storage MethodDeleting a Storage Method Class Displaying Cnfs EntriesModifying Cnfs Entries Managing Article Expiration Managing Article ExpirationDisplaying Article Expiration Definitions Deleting Cnfs EntriesSpecific newsgroup for example, rec.photo Adding an Article Expiration DefinitionManaging Article Expiration Specifying an Article Expiration Definition Modifying an Article Expiration DefinitionManaging Local Newsgroups Managing Local NewsgroupsDeleting an Article Expiration Definition Modifying the Retention Period for Expired ArticlesCreating Local Newsgroups Viewing INN Log FilesDeleting Local Newsgroups Controlling the INN Server Controlling the INN ServerControlling the IRC Server Internet Relay Chat AdministrationConfiguring IRC Internet Relay Chat AdministrationStarting and Stopping PostgreSQL Server PostgreSQL Database and MySQL AdministrationInstalling PostgreSQL Installing PostgreSQLViewing the PostgreSQL Log File PostgreSQL Database and MySQL AdministrationAdministering PostgreSQL Accounts Administering PostgreSQL AccountsImportant Files and Directories PostgreSQL Files and Directories Setting up a Crontab Entry for Vacuuming DatabasesUsing Existing PostgreSQL Accounts Running the Postmaster Startup ScriptSetting up a Crontab Entry for Vacuuming Databases PostgreSQL Database and MySQL Administration Setup Vacuum Crontab Form #/sbin/init.d/postgres stop Scaling PostgreSQL#/sbin/init.d/postgres start #ps -ef grep postmaster #/sbin/sysconfig -q ipcScaling PostgreSQL MySQL Directories Administering MySQLDirectories and Files Established by MySQL Installation Starting and Stopping MySQLMySQL Log Files Starting and Stopping the MySQL Server Using a Command LineMySQL Configuration Files Viewing the MySQL Error LogBind Files and Directories Bind Domain Name Server AdministrationBind Overview Important Bind Files and DirectoriesBind Binary File Directories Enabling Bind Running the Bind Startup Script Running the Bind Startup ScriptBind Documentation Enter /sbin/init.d/named start Enter /sbin/rcinet startHttp//ops.ietf.org/dns/dynupd/secure-ddns-howto.html Controlling the Jabber Server JabberControlling the Jabber Server Starting TWiki TwikiTwiki Sample client server configuration Sample client server configurationStunnel Sample mail filter Section Mail Filter Example Sendmail Supplemental InformationCreating a Certificate of Authority Background OpenSSL Certificate CreationMail Filter Example Mail Filter ExampleSendmail Supplemental Information Smfiversion Glossary Glossary273 FTPSee also Https 275 See TCP/IPIndex SymbolsIndex Web site, 30 external newsfeed adding Decus see Encompass deinstall.sh script277 Index Log file FireScreen viewing, 183 login account Ldap client, 87 Ldap commands279 Index Poppassd server controlling OpenLDAP Project Web site281 Screening mode, 178 screening rule FireScreen 283 TIN
Related manuals
Manual 34 pages 37.15 Kb
Top Page Image Contents