HP UX LDAP-UX Integration Software manual 27

Installing And Configuring LDAP-UX Client Services

Plan Your Installation

•Where in your directory will you put your name service data?

Your directory architect needs to decide where in your directory to place your name service information. LDAP-UX Client Services by default expects user and group data to use the object classes and attributes specified by RFC 2307. The migration scripts by default create and populate a new subtree that conforms to RFC 2307. Figure 2-1 on page 15 shows a base DN of ou=unix,o=hp.com. Write the base DN of your name service data in Appendix A, “Configuration Worksheet,” on page 183.

If you prefer to merge your name service data into an existing directory structure, you can map the standard RFC 2307 attributes to alternate attributes. See “LDAP-UX Client Services Object Classes” on page 187 for more information.

•How will you put your user, group, and other data into your directory?

LDAP supports group membership defined in the X.500 syntax (using the member or uniquemember attribute), while still supporting the RFC 2307 syntax (using the memberuid attribute). This new group membership syntax increases LDAP-UX integration with LDAP and other LDAP-based applications, and may reduce administration overhead eliminating the need to manage the memberuid attribute. In addition, a new performance improvement has been made through the addition of a new caching daemon which caches passwd, group and X.500 group membership information retrieved from an LDAP server. This significantly reduces LDAP-UX’s response time to applications. In addition, the daemon re-uses connections for LDAP queries and maintains multiple connections to an LDAP server to improve performance.

The migration scripts provided with LDAP-UX Client Services can build and populate a new directory subtree for your user and group data.