HP UX Internet Express Software manual Creating Branches

Page 69

6The value of pw_cachesize determines how many individual passwd entries are allowed to be cached. The value of pw_expirecache determines the maximum length of time that the ldapcd caching daemon will check the cache for an individual passwd entry. When the value of pw_expirecache is exceeded, the ldapcd daemon returns to the server to look for the requested passwd entry.

The values for gr_cachesize and gr_expirecache work similarly to pw_cachesize and pw_expirecache, but they work for group entries.

7The value of machine_dn is the distinguished name by which the ldapcd caching daemon

binds to the directory to do searches and retrievals of information from the directory. By requiring each system to use a particular DN, you can determine which machines are accessing the directory and for what purpose. Further, you can also control read and search access to the directory on a machine-account basis.

8The name for the object class that defines the attributes for a UNIX account in the extended schema on your server (see Section : Extended LDAP Schema for UNIX Account Information).

9LDAP attribute names (on the right) are mapped to fields (on the left) in the passwd structure returned by a call to getpwent.

10Only the encrypted password is stored in the userPassword attribute.

11The name for the object class that defines the attributes for a UNIX group in the extended schema defined on your server (see Section : Extended LDAP Schema for UNIX Account Information).

12LDAP attribute names (on the right) are mapped to fields (on the left) in the group structure returned by a call to getgrent(3).

Note:

HP recommends you use the Administration utility to modify the ldapcd.conf file.

Creating Branches

By creating branches, you can organize an LDAP directory tree into meaningful categories of information, each with its own search base. The use of branches can improve the performance of an LDAP server by allowing queries to be confined to the branch that contains the information of interest. For example, you might create a separate branch to contain user information. To create a user information branch on the directory server, follow these steps:

1.Find the following information in the /etc/ldapcd.conf file:

Value of searchbase

Value of machine_dn

Value of machine_pass

2.Decide on a name for a new branch; for example, accounts.

3.Create a file containing the following, substituting the value you found in step 1 for searchbase:

dn: ou=accounts,o=searchbase

objectclass: top

objectclass: organizationalUnit

ou: accounts

description: description

4.Run the following command, substituting the values you found in step 1 for searchbase, machine_dn, and machine_pass, and specify the name of the file you created in step 3 with the -foption:

/usr/local/bin/ldapmodify -add \

-D "machine_dn" -w "machine_pass" \ -ffile

Managing the LDAP Module for System Authentication 69

Image 69
Contents Abstract Internet Express for Tru64 Unix VersionPage Contents User Authentication Mail Delivery Administration Mail Access Administration 132 Web Services Administration 155 XML Component Administration 164Network Security Administration 167 Ldap Directory Server Administration 195 Proxy Services Administration 190OpenSLP Administration 207 FTP Server Administration 213Samba File and Print Server Administration 216 Internet Relay Chat Administration 248 InterNetNews Server Administration 225Bind Domain Name Server Administration 260 PostgreSQL Database and MySQL Administration 249Jabber 265 Twiki 266About This Document Intended AudienceDocument Organization Typographic Conventions CommandComputer output User inputReading Documentation Using the Public Web Server Reading Documentation Using the Administration UtilityRelated Information Reading the DocumentationReading Reference Pages for Internet Express Components Reading Documentation from the Internet Express CD-ROMOn a Tru64 Unix System On a PCReading the Open Source Software Component Documentation Readers Comments# man -M /usr/news/man active.5 Internet electronic mail readerscomment@zk3.dec.comReaders Comments Using the Administration Utility Using the Administration UtilityAdministration Utility Menu Options and Tasks Using the Administration Utility Main MenuNavigating the Administration Utility Registering Your Internet Express InstallationUsing Administration Utility Forms Register OnlineSample Administration Utility Form Internet Express Accounts and Ports Accessing Administration ServersPort Number Description 8081 Internet ExpressAccessing the Internet Express Login Account Accessing and Managing the Internet MonitorManaging Internet Express in a TruCluster Environment Installing and Removing Components Using Internet Express Services in a ClusterTruCluster Impact on Internet Express Administration Keywords for URL Line Installing and Removing ComponentsHostname of the local host Port number from the current Web serverPerforming Web-Based System Management Accessing Web-Based System Management ToolsAccessing Web-Based System Management Tools Tuning Kernel Attribute ValuesUsing the Administration Utility Where to Find More Information Internet Express and AlphaServer Products Web SitesOpen Source Software Web Sites Firefox ExpectFreeRADIUS GnuPGJabber IRC ServerLynx Web Browser Majordomo Automated Internet Mailing Lists ManagerOpenLDAP MySQLOpenSLP PerlProcmail Mail Filtering Language PostgreSQL Relational Database Management SystemPure-FTP Server Samba File and Print ServerSystem Security Web Sites Applications Other Useful Web SitesInterNIC MicrosoftEncompass Manage Users Menu User AdministrationOverview of User Accounts User AdministrationPurging Obsolete Passwords Assigning Passwords to User AccountsSpecifying User Names Overview of User AccountsSearching for User Accounts Searching for User AccountsSelecting User Accounts Assigning Users to GroupsShows the Create Named User Account form Creating Captive Accounts for Named UsersCreating a Named User Account Creating Captive Accounts for Generic UsersCreating Generic User Accounts Creating a Noncaptive Account for a Unix System UserCreating a Noncaptive Account for a Unix System User To create a group, see Section Creating GroupsCreating a System User Account Creating GroupsCreating Groups Displaying User Account InformationDisplaying User Account Information Deleting User AccountsChanging Groups for User Accounts Changing Groups for User AccountsUser Administration Changing the Password for an Account Changing the Password for an AccountChanging Mail Services for Users Assigning Regular Delivery Mail Service Assigning POP with Password Mail ServiceChanging Mail Services for Users Assigning Cyrus Imap with Password Mail Service Assigning the Cyrus Imap Mail ServiceManaging the iass Account Assigning Apop with Password Mail ServiceChanging the iass Account Forwarding Address Managing the .users.list FileListing User Accounts and Passwords Managing the User Self-Administration FeaturePurging Passwords for User Accounts Removing the .users.list FileManaging the User Self-Administration Feature Enabling and Disabling the User Self-Administration FeatureManage User Self-Administration Menu Configure Web Server for Self-Administration Form Modifying the Web Server ConfigurationModify Web Server Configuration Enabling and Disabling Login DelaysAdding Groups Managing User Self-Administration GroupsAdding Groups Deleting and Modifying GroupsEnabling and Disabling Groups Customizing the User Self-Administration FeatureUser Administration User Authentication Managing the Ldap Module for System AuthenticationManaging the Ldap Module for System Authentication User Authentication Example 1 Security Matrix Enabled for LdapLdap Caching Daemon Example 2 Ldap Caching Daemon Configuration File Value of searchbase Value of machinedn Value of machinepass Creating BranchesUserbranch ou=accounts,searchbase Extended Ldap Schema for Unix Account InformationIndexing Attributes for the Directory Servers Configuring the Ldap Module for System Authentication Adding Indices for OpenLDAPLdap Database Index Types Modifying the Ldap Module Configuration Configuring the Ldap Module for System AuthenticationDefining Ldap System Parameters Configuring Ldap Password Attributes Configuring Ldap Group Attributes Testing the Ldap Module Configuration Importing and Exporting Users from /etc/passwdEnabling and Disabling the Ldap Module Importing Users from NIS Importing Users into the Directory ServerExporting Users from the Directory Server Adding an Ldap User in a C2 EnvironmentAccess Control Ldap Database Utilities Remove login names from all groups Remove login names from specified groupFile in which to store search results the default is Authentication mechanismChecking the Ldap Server Configuration Extracting Users from the /etc/passwd FileAdding a User Entry Retrieving a User Entry Deleting a User EntrySynchronizing with a Password File Adding a Group EntryLdapsyncuser -b branch filename Deleting a Group Entry Maintaining Group MembershipRetrieving a Group Entry Setting a Users Password in the Ldap Directory ServerStarting the ldapcd Daemon Ldapgetgroup -b branch -f input-fileStopping the ldapcd Daemon Maintaining the Ldap Directory Server Using Ldap CommandsAdding Entries to an Ldap Database Modifying Entries in an Ldap DatabaseFiles Modified by theLDAP Module for System Authentication Authentication Actions PerformedOverview of the Ldap Client Actions Performed by the Ldap ClientBehavior of the the ldapdc Daemon Operation of login/suDebugging ldapdc Etc/ldapusers.allow# su user1 Sendmail Server Administration Mail Delivery AdministrationMail Delivery Administration Bogofilter to filter spam Section Bogofilter Spam FilterConfiguring the System as a Mail Client Configuring the System as a Standalone Mail SystemConfiguring the System as a Mail Server Ldap see Section Configuring LdapCreating and Deleting Host Aliases for a Mail Server Sendmail Server Administration Changing the Sendmail Server ConfigurationPSInet see Section Configuring the X.25 Protocol Configuring Mail ProtocolsThrough Section Configuring the X.25 Protocol Creating and Deleting Pseudo Domain AliasesConfiguring the DECnet Phase IV Protocol Configuring the MTS ProtocolConfiguring the DECnet/OSI Protocol Configuring the X.25 Protocol Configuring the Uucp ProtocolAccessing the Configure Masquerading Form Configuring MasqueradingRoot Postmaster News Uucp Mailer-daemon Rdist Nobody Daemon Pop Imap Configuring Your System for MasqueradingExample 4 Sample Virtual Domain Table Configuring Virtual Domains# makemap btree virtusertable virtusertable Enabling Anti-Virus Enabling Procmail as a Local MailerConfiguring Relaying Configuring Anti-SpamExample 5 Sample Access Database for the Sendmail Server Configuring the Access DatabaseConfiguring an Access Database Configuring Checking on Senders Information Configuring LdapShows the Configure Ldap form Configuring Mail Filters MilterSocket inet1099@remotehost.com Socket local/var/run/f1.sockSocket inet61066@myhost.com Socket inet1066@myhost.com,T=C5mS10sR10sE5mSample -p local/var/run/example1.sock Adding a Queue Configuring Queues# sendmail -bt -q queue-name Modifying a Queue GroupDeleting a Queue Group Configuring Queue Performance Queue TimersGeneral Queue Properties Configuring Trusted Layer Security Sendmail TimersSendmail Tunable Parameters Certificate Issuer One that issues certificates a CA Certificate DefaultsTLS Certificate Values Certicate Authority Abbreviation Certificate AuthorityEnabling Support Using the Access Database Marked as permanent VERIFYbits CIname Sendmail Server AdministrationFailure marked as temporary SideConfiguring Mailbox Access Controlling the Sendmail ServerRelay or Subject Majordomo Mailing List Administration Majordomo Mailing List AdministrationViewing the Sendmail Server Log Creating a Majordomo Mailing ListChanging List Owner or Charter Changing a Majordomo Mailing List ConfigurationChanging Subscription Parameters Changing Administration ParametersChanging Message Content Parameters Changing Digest Parameters Changing Command Access ParametersChanging List Restriction Parameters Changing Moderated List ParametersDeleting a Majordomo List MailmanChanging Address Processing Parameters MailmanCreate a Mailing List Creating the Initial Mailman List Using a ScriptDeleting a Mailing List Managing MailmanMailman Mailing List Administration Menu Mailman Scripts Bogofilter Spam FilterMailman Log Files Training BogofilterFiltering with Bogofilter Using Bogofilter with procmailFilter Integration with Other Tools Bogofilter/wordlist.dbMutt Integration with Bogofilter Pine Integration with BogofilterMail Transport Agent MTA Integration with Bogofilter Bogofilter Spam Filter POP Mail Server Administration Mail Access AdministrationControlling the POP3 Server Controlling the POP2 ServerImap Mail Server Administration Imap Mail Server AdministrationViewing the POP Mail Server Log Setting Up a Unix User Account for UW Imap Setting Up a Unix User Account for Cyrus ImapConverting Imap Mail Folders Controlling the UW Imap Server Controlling the Cyrus Imap ServerUsr/dt/bin/mailcv -evdt -I -f foldername directoryname user Usr/dt/bin/mailcv -I -t -f ./bar dukeViewing the Imap Server Log Configuring SSL for UW-IMAPIMP Webmail Administration IMP Webmail AdministrationEnabling and Disabling IMP Webmail Accessing the IMP Webmail Administration MenuEnable/Disable IMP Webmail Managing Mail Server SettingsIMP Mail Server Settings Modifying the Mail Server ListAdding a Mail Server IMP Mail Server List Settings Managing Mailbox Settings Modifying a Mail ServerDeleting a Mail Server IMP Mailbox Settings Managing Compose SettingsManaging Message Settings IMP Compose SettingsPreference settings IMP Message Settings Managing Logging SettingsIMP Logging Settings Preference Driver Settings Managing Preference Driver SettingsManaging Horde Settings Managing Miscellaneous IMP SettingsMiscellaneous IMP Settings Setting Description Allow usage of foldersHorde Settings Managing Turba Settings IMP Turba Settings Using IMP Upgrade ToolsSetting Description Enabled Have access to their addressbookUpgrading IMP Databases Upgrading IMP ConfigurationsIMP Database Upgrade Settings Accessing IMP Webmail Additional Webmail DocumentationNew Preference Table Web Services Administration Secure Web Server AdministrationSecure Web Server Administration Internet Express Ports and URLs Accessing the Secure Web ServersConfiguration Files for Secure Web Servers Changing Configuration ParametersWeb Server Management ServerHttpd.conf Srm.conf Access.conf Changing the Password for the Administration Web ServerHt//Dig Search Tool Administration Ht//Dig Search Tool AdministrationCreating the Search Index Ht//Dig Indexing and Search Administration Link to Ht//Dig Search Index Updated Ht//Dig Configuration File Message Searching the Index DocumentationHttp//hostname/htdig/search.html XML Component Administration Directories and Subsets for XML ComponentsDirectories and Subsets for XML Components Apache Cocoon Servlet Administration Apache Axis Server AdministrationApache Axis Server Administration Managing the Apache Axis ServerManaging the Apache Cocoon Servlet Enabling and Disabling the Cocoon ServletViewing the Cocoon Log Files TCP Wrapper Administration Network Security AdministrationNetwork Services Wrapped by Internet Express Network Services Wrapped by Internet ExpressModifying Access to a Wrapped Network Service Controlling Access to Other Network ServicesNetwork Service Access Options Testing TCP Security ModificationsFireScreen Administration Menu FireScreen AdministrationFireScreen Administration Installing FireScreenEtc/rc.config file Checking FireScreen Installation PrerequisitesFireScreen Administration Install FireScreen Page with Gateway Screening Enabled Configuring FireScreen Configure FireScreen Menu Setting Command-Line OptionsSet Options Confirmation Adding a Screening Rule Setting the Screening ModeAdd New Screening Rule Form Deleting a Screening Rule Checking Syntax of Screening RulesStarting FireScreen Starting and Stopping FireScreenStopping FireScreen Start/Stop FireScreen Form with Restart Option EnabledViewing FireScreen Status Viewing FireScreen Screening RulesViewing the FireScreen Log Snort Intrusion Detection System Viewing FireScreen StatisticsUsr/internet/docs/snort Snort documentation Configuring Snort Preprocessor Configuring Snort DecoderOption Disable Decode Alert Snort -vd -l ./logFreeRADIUS Server Administration Running SnortViewing Alert Messages Understanding FreeRADIUS Configuration Files Considerations While Installing FreeRADIUSStarting and Stopping the FreeRADIUS Server Users FileConfigure --disable-shared make make install Clients.conf fileRadiusd.conf file Viewing FreeRADIUS Log File Dante Socks Server Administration Proxy Services AdministrationProxy Services Administration Controlling the Dante Socks ServerConfiguring the Dante Socks Server Squid Proxy/Caching Server AdministrationAccessing Dante Socks Information Squid Proxy/Caching Server AdministrationConfiguring the Squid Proxy/Caching Server Reinitializing the Disk CacheManaging the Squid Proxy/Caching Server Rotating Log Files Displaying Access StatisticsControlling the Squid Proxy/Caching Server Ldap Directory Server Administration Understanding the Ldap Directory SchemaUnderstanding the Ldap Directory Schema Using the Ldap Browser Ldap Directory Server AdministrationExample 6 Ldap Standard Object Class Definition for Person Connecting to an Ldap Server Installing and Running the Ldap BrowserManaging Frequently Used Connections Creating or Editing Frequently Used ConnectionsConnecting to an Ldap Server using SSL Using the Main Browsing Window Disconnecting from an Ldap ServerReconnecting to an Ldap Server Opening a New Main Window Controlling Client-Side Schema CheckingClosing a Main Window Viewing a Directory Entry in a Separate WindowModifying a Directory Entry Adding a New Directory EntryDeleting a Directory Entry Copying a Directory EntryMoving a Directory Entry Renaming a Directory EntryAdding Attributes Modifying AttributesManaging Directory Entry Templates Deleting AttributesCreating Entry Templates Modifying Entry TemplatesViewing the Object Class Schema Viewing the Attribute SchemaSearching the Directory User Configuration File Managing and Using the OpenLDAP Directory ServerConfiguring the OpenLDAP Directory Server Managing the OpenLDAP Directory ServerLdap Directory Server Administration OpenSLP Administration Configuration Files and ExamplesOpenSLP Overview Configuring OpenSLP Using the OpenSLP Configuration and Registration FilesConfiguring Optional Security Configuring OpenSLP Running the ServicesConsiderations for Using SLP APIs Running the Example ConfigurationDocumentation DocumentationOpenSLP Administration Administering Pure-FTP Server FTP Server AdministrationAdministering Pure-FTP Server Creating or Modifying an Anonymous Pure-FTP User AccountFTP Server Administration Enabling or Disabling Anonymous Pure-FTP AccessEnabling or Disabling chroot Upload /data/ftp /pub yes ftp daemonEnabling or Disabling Pure-FTP server Displaying Active Pure-FTP UsersOptions for Modifying the smb.conf Configuration File Samba File and Print Server AdministrationUnderstanding the smb.conf Configuration File Samba File and Print Server AdministrationWorkgroup Understanding the smb.conf Configuration FileAdd the following value Administering the Samba Server Using the Swat Program Configuring the Samba Server Using the Swat ProgramAdministering the Samba Server Using the Swat Program Samba File and Print Server Administration Configure the Samba Server Menu Configuring Global Variables Configuring Share ParametersManage passwords see Section Administering Passwords Administering Passwords Viewing the Current ConfigurationControlling Printers Viewing the Status of the ServerSamba File and Print Server Administration 225 InterNetNews Server AdministrationSpecifying INN Configuration Data InterNetNews Server AdministrationINN Daemons Configuring an External Newsfeed Configuring an External NewsfeedRecommended Spool Space for News Articles Displaying an External NewsfeedArticle Retention Period Days 12 GBAdding an External Newsfeed Typically, a newsfeed has the following flags set Modifying Newsfeed Defaults Modifying an External NewsfeedRemoving an External Newsfeed Updating the Local Active File Managing Client AccessDisplaying Client Access Groups Adding a Client Access GroupAccess Groups Form Fields Removing a Client Access Group Modifying an Existing Client Access GroupManaging Client Authentication Groups Displaying Client Authentication GroupsAdding Client Authentication Groups Client Authentication Groups Menu FieldsUsr/bin/news/auth/passwd Modifying Client Authentication GroupsConfiguring Storage Method Entries Configuring Storage OptionsDeleting Client Authentication Groups Configuring Storage OptionsOptions on the Configure Storage Menu Adding a New Storage Method ClassModifying a Storage Method Class Deleting a Storage Method Class Configuring the Cnfs Storage MethodDisplaying Cnfs Entries Adding New Cnfs EntriesModifying Cnfs Entries Displaying Article Expiration Definitions Managing Article ExpirationDeleting Cnfs Entries Managing Article ExpirationSpecific newsgroup for example, rec.photo Adding an Article Expiration DefinitionManaging Article Expiration Specifying an Article Expiration Definition Modifying an Article Expiration DefinitionDeleting an Article Expiration Definition Managing Local NewsgroupsModifying the Retention Period for Expired Articles Managing Local NewsgroupsViewing INN Log Files Creating Local NewsgroupsDeleting Local Newsgroups Controlling the INN Server Controlling the INN ServerConfiguring IRC Internet Relay Chat AdministrationInternet Relay Chat Administration Controlling the IRC ServerInstalling PostgreSQL PostgreSQL Database and MySQL AdministrationInstalling PostgreSQL Starting and Stopping PostgreSQL ServerViewing the PostgreSQL Log File PostgreSQL Database and MySQL AdministrationAdministering PostgreSQL Accounts Administering PostgreSQL AccountsImportant Files and Directories Using Existing PostgreSQL Accounts Setting up a Crontab Entry for Vacuuming DatabasesRunning the Postmaster Startup Script PostgreSQL Files and DirectoriesSetting up a Crontab Entry for Vacuuming Databases PostgreSQL Database and MySQL Administration Setup Vacuum Crontab Form Scaling PostgreSQL #/sbin/init.d/postgres stop#/sbin/init.d/postgres start #/sbin/sysconfig -q ipc #ps -ef grep postmasterScaling PostgreSQL Directories and Files Established by MySQL Installation Administering MySQLStarting and Stopping MySQL MySQL DirectoriesMySQL Configuration Files Starting and Stopping the MySQL Server Using a Command LineViewing the MySQL Error Log MySQL Log FilesBind Overview Bind Domain Name Server AdministrationImportant Bind Files and Directories Bind Files and DirectoriesBind Binary File Directories Enabling Bind Bind Documentation Running the Bind Startup ScriptEnter /sbin/init.d/named start Enter /sbin/rcinet start Running the Bind Startup ScriptHttp//ops.ietf.org/dns/dynupd/secure-ddns-howto.html Jabber Controlling the Jabber ServerControlling the Jabber Server Twiki Starting TWikiTwiki Sample client server configuration Sample client server configurationStunnel Creating a Certificate of Authority Sendmail Supplemental InformationBackground OpenSSL Certificate Creation Sample mail filter Section Mail Filter ExampleMail Filter Example Mail Filter ExampleSendmail Supplemental Information Smfiversion Glossary Glossary273 FTPSee also Https 275 See TCP/IPSymbols IndexIndex Decus see Encompass deinstall.sh script Web site, 30 external newsfeed adding277 Index Ldap client, 87 Ldap commands Log file FireScreen viewing, 183 login account279 Index OpenLDAP Project Web site Poppassd server controlling281 Screening mode, 178 screening rule FireScreen 283 TIN
Related manuals
Manual 34 pages 37.15 Kb