Chapter 11 describes how to administer Internet Express-provided Directory servers.

Default Configuration for the LDAP Module for System Authentication

Internet Express configures the security matrix in the/etc/sia/matrix.conf file to use the LDAP Module for System Authentication. The security matrix consists of a list of security-related system calls and the library to be used for each call. As shown in Example 1, the siad_ses_authent and siad_ses_estab calls are configured to use the libsialdap.so library first. If that library is not available, or if the requested information is not found in the LDAP server's directory, then the libc.so library is used.

See the siacfg(8) and matrix.conf(4) reference pages for more information about configuring security methods.

Example 1 Security Matrix Enabled for LDAP

.

.

.

siad_getgrgid=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so) siad_setpwent=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)

.

.

.

When you install the LDAP Module for System Authentication, the installation procedure checks the validity of the configuration information you supplied, and tries to connect to the LDAP server you specified during the installation, then enables the LDAP Module for System Authentication. If the connection fails, or if the required schema attributes are not found, the LDAP Module for System Authentication is not enabled and you must use the LDAP Module for System Authentication Administration menu to enable it (after correcting the problems) or use the /usr/internet/ ldap_tools/ldap_enable utility. Check the attribute values in the Distinguished Name, Password, System Name, Port Number, and the Search Base fields (see Section ).

The LDAP Module for System Authentication gets its information from the LDAP server by way of the ldapcd caching daemon (see Figure 20). This daemon runs at all times and is started by the following entry in the /etc/inittab file:

ldapcd:34:respawn:/usr/sbin/ldapcd -D > /dev/console 2>&1

66 User Authentication