HP UX Internet Express Software Overview of the Ldap Client, Actions Performed by the Ldap Client

Engineering, c=US" dn: cn=Joseph Shmoe, o=HP Engineering, c=US

changetype: modify replace: title title: Process Engineer - ^D modifying entry cn=Joseph Shmoe, o=HP Engineering, c=US

You can use the ldapsearch command to retrieve the modified entry:

#/usr/local/bin/ldapsearch -b 'o=HP Engineering, c=US' 'cn=Joe Shmoe' cn=Joseph

Shmoe, o=HP Engineering, c=US objectclass=personcn=Joseph Shmoe cn=Joe Shmoe sn=Shmoe givenname=Joseph mail=shmoe@fac.digieng.com uid=jshmoe title=Process Engineer

For more information, see ldapmodify(1).

Overview of the LDAP Client

This section provides a summary of the LDAP client functionality and related files.

Actions Performed by the LDAP Client

The LDAP client daemon does the following when started.

•Updates the /etc/sia/matrix.conf file to include the LDAP Security Integration Architecture (SIA) mechanism.

•Adds the following entry to the /etc/inittab file to automatically start the LDAP client daemon when the system starts:

ldapcd:34:respawn:/usr/sbin/ldapcd -D /dev/console 2&1

Authentication Actions Performed

When you install and enable the LDAP Module for System Authentication subset, user and group authentication takes place through an LDAP server.

For example, an LDAP server transparently provides authentication information for login (rlogin, ftp, telnet, su) and mail (POP and IMAP).

For users not found in the LDAP directory, authentication automatically falls back to using the local authentication mechanism (/etc/passwd) and/or NIS, if it is configured.

Files Modified by theLDAP Module for System Authentication

The LDAP module for system authentication configures the security matrix in the /etc/sia/ matrix.conf file for system authentication.

The security matrix consists of a list of security-related system calls and the library to be used for each call.

Files Not Modified by the LDAP Module for System Authentication

The LDAP module does not add or modify either /etc/nsswitch.conf or /etc/svc.conf.

In case /etc/nsswitch.conf or /etc/svc.conf are modified manually by someone to include LDAP entries, you should revert the file back to its original state.

Other Important Files

Other relevant files include /etc/ldapusers.deny and /etc/ldapusers.allow .

/etc/ldapusers.deny

The /etc/ldapusers.deny file is a text file in which you enter the name of a Tru64 UNIX user who will not be authenticated by LDAP authentication.

A default /etc/ldapusers.deny file is provided when you install the LDAP client software.

Overview of the LDAP Client 87