Notes:
After you configure the LDAP Module for System Authentication, you must import users (unless you are using an existing LDAP server). For instructions on importing or exporting users and groups to and from the LDAP directory server, see Section : Importing and Exporting Users from /etc/passwd.
Statically linked clients and executables (which do not use shared libraries) cannot take advantage of the LDAP Module for System Authentication loadable architecture. For example, the /sbin/ls command (which is typically the default for root) is statically linked. On a system using the LDAP Module for System Authentication to authenticate user names, the output from the /sbin/ls
1 1008 | IASS_Usr | 60 | Nov 13 15:05 | bar | ||||
1 1008 | IASS_Usr | 1765 | Nov 13 | 15:05 | bs.txt | |||
1 1008 | IASS_Usr | 97 | Nov 13 | 15:05 | file.txt | |||
1 1008 | IASS_Usr | 855 | Nov | 13 | 15:05 | file2.txt | ||
1 1008 | IASS_Usr | 2 | Nov | 13 | 15:05 | foo | ||
Note that the owner is shown as a number instead of a name. (If groups were defined in the LDAP database rather than the /etc/group file, the output would have shown a number in place of group name, as well.)
In general, use the system tools in /usr/bin when the LDAP Module for System Authentication is enabled.
Modifying the LDAP Module Configuration
You can use the Administration utility to configure the following attributes of the LDAP Module for System Authentication:
•System parameters (see Section : Defining LDAP System Parameters)
•Password attributes (see Section : Configuring LDAP Password Attributes)
•Group attributes (see Section : Configuring LDAP Group Attributes
The default configuration parameters for the Group attributes are correct for most LDAP servers. Do not modify these fields unless you are very familiar with LDAP schemas and the schemas used by your server. The Internet Express installation and configuration utilities correctly configure the Internet
Defining LDAP System Parameters
To define system parameters for the LDAP Module for System Authentication, follow these steps:
1.From the Administration utility Main menu, choose Manage Components.
2.From the Manage Components menu, under Users, choose LDAP Module for System Authentication.
3.From the LDAP Module for System Authentication Administration menu, choose Modify Configuration.
4.From the Modify Configuration menu, choose Define System Parameters.
When the Define System Parameters form is displayed, the default values shown are those stored in the /etc/ldapcd.conf file.
5.Specify a Distinguished Name and Password. The Distinguished Name and Password are what you will use to bind to the directory server. These values are set when you initially configure the directory server during installation. Typically, you use the root distinguished name and password as specified in the directory server's configuration file (sladpd.conf). For the OpenLDAP Directory Server, the installation procedure initially sets the Root
