Manufacturing Part Number J4269-90071 E0207
Edition
Legal Notices
Contents
Administering LDAP-UX Client Services
Command and Tool Reference
User Tasks
Tables
Viii
Figures
Figures
New and Changed Documentation in This Edition
Intended Audience
What’s in This document
Publishing History
Xiii
HP Encourages Your Comments
Typographical Conventions
Chapter
Overview of LDAP-UX Client Services
Simplified NIS Environment
Overview of LDAP-UX Client Services
Traffic from replica updates
How LDAP-UX Client Services Works
Simplified LDAP-UX Client Services Environment
Introduction
Examples of Commands and Subsystems
Commands that use Commands that use PAM
That use PAM and NSS
Login, ftpd Ls, who
Overview of LDAP-UX Client Services
Local Start-up File and the Configuration Profile
Overview of LDAP-UX Client Services Chapter
Before You Begin
LDAP-UX Client Services
Summary of Installing and Configuring
Summary of Installing and Configuring
Optionally modify the /etc/opt/ldapux/pamauthz.policy
Plan Your Installation
Plan Your Installation
Still log in to the system
Share user names and passwords with other applications,
Example Directory Structure
Plan Your Installation
Plan Your Installation
Section must be set to yes. If the start option is enabled,
Plan Your Installation
Install LDAP-UX Client Services on a Client
Install LDAP-UX Client Services on a Client
Configure Your Directory
Configure Your Directory
Step
Configure Your Directory
Grant read access of all attributes of the posix schema
Configure Your Directory
Import Name Service Data into Your Directory
Import Name Service Data into Your Directory
Directory
Steps to Importing Name Service Data into Your
Configure the LDAP-UX Client Services
Configure the LDAP-UX Client Services
Configure the LDAP-UX Client Services
Quick Configuration
Required to start the services
Simple Sasl DIGEST-MD5
Configuration Parameter Default Values
Configure the LDAP-UX Client Services
Custom Configuration
Specify up to three directory hosts, to be searched in order
Specify the service you want to map?
Specify the attribute you want to map
You type 0 to exit this menu for the following question
Answer Y instead of the default N For the question
You want to create a custom search descriptor for
Configure the LDAP-UX Client Serivces with SSL Support
Configure the LDAP-UX Client Serivces with SSL Support
Steps to Download the CA Certificate from Mozilla Browser
Configuring the LDAP-UX Client to Use SSL
Mail users, and Trust the CA to identify software developers
Use the rm command to remove the old database files
Steps to create database files using the certutil utility
Configure the LDAP-UX Client Serivces with SSL Support
Configure LDAP-UX Client Services with Publickey Support
Configure LDAP-UX Client Services with Publickey Support
Enhanced Publickey-LDAP Software for HP-UX 11i v1 or
June
October
Extending the Publickey Schema into Your Directory
Admin Proxy User
Configuring an Admin Proxy User Using ldapproxyconfig
Password for an Admin Proxy User
Setting ACI for Key Management
Setting ACI for an Admin Proxy User
An Example
Setting ACI for a User
Configuring serviceAuthenticationMethod
Procedures Used to Configure serviceAuthenticationMethod
Authentication Methods
ServiceAuthenticationMethodkeyservsasl/digest-md5
Configuring Name Service Switch
Configure LDAP-UX Client Services with Publickey Support
AutoFS Support
Automount Schemas
AutoFS Patch Requirement
AutoFS Support
Schema
New Automount Schema
An Example
NisObject Automount Schema
Obsolete Automount Schema
Removing The Obsolete Automount Schema
Limitations
Attribute Mappings
New Automount Attribute NisObject Automount
Attribute Mappings
AutoFS Migration Scripts
Migration Scripts Description
Environment Variables
General Syntax For Migration Scripts
Examples
Syntax
Migrateautomount.pl Script
AutoFS Support
Following shows the /tmp/autoindirect.ldif file
Migratenisautomount.pl Script
Following shows the nispautomap.ldif file
Migratenispautofs.pl Script
Verify the LDAP-UX Client Services
Verify the LDAP-UX Client Services
Making sure the output is as expected
Verify the LDAP-UX Client Services
#cat /etc/nsswitch.conf
Configure Subsequent Client Systems
Configure Subsequent Client Systems
Change the current configuration
Download the Profile Periodically
Download the Profile Periodically
Crontab crontab.profile
Use r-command for Pamldap
Use r-command for Pamldap
#passwordas =
Password, and turning on the rcommand option for pamldap
Use r-command for Pamldap Chapter
Ldap Printer Configurator
Overview
Definitions
Overview
System
How the Ldap Printer Configurator works
How the Ldap Printer Configurator works
System administrator manually adds or removes printers to
Printer Configurator Architecture
Printer Configuration Parameters
Printer Configuration Parameters
Printer Schema
Printer Schema
An Example
Printer Schema
Managing the LP printer configuration
Managing the LP printer configuration
Example
Managing the LP printer configuration
Managing the LP printer configuration
Limitations of Printer Configurator
Limitations of Printer Configurator
Limitations of Printer Configurator Chapter
Administering LDAP-UX Client
Using The LDAP-UX Client Daemon
Using The LDAP-UX Client Daemon
Overview
Starting the client
Ldapclientd
Controlling the client
Client Daemon performance
Diagnostics
Command options
Missing settings
Ldapclientd.conf
Configuration file syntax
Opt/ldapux/config/setup
Using The LDAP-UX Client Daemon
100
Chapter 101
102
Chapter 103
Configuration File
Features and Limitations
Integrating with Trusted Mode
Integrating with Trusted Mode
Auditing
Password and Account Policies
PAM Configuration File
Others
Chapter 107
Configuration Parameter
Policy And Access Rules
Pamauthz Login Authorization Enhancement
Pamauthz Login Authorization Enhancement
Chapter 109
Pamauthz Environment
How Login Authorization Works
Chapter 111
Policy File
Fields in an Access Rule
Constructing an Access Rule in pamauthz.policy
Field Syntax in an Access Rule
Actiontyperule
Chapter 113
Action
No value is required
Chapter 115
116
Chapter 117
Policy Validator
Adding a Directory Replica
Adding a Directory Replica
An Example of /etc/opt/ldapux/pamauthz.policy File
Displaying the Proxy User’s DN
Displaying the Proxy User’s DN
Chapter 119
Creating a New Proxy User
Verifying the Proxy User
Example
Verifying the Proxy User
Creating a New Profile
Displaying the Current Profile
Displaying the Current Profile
Chapter 121
Changing Which Profile a Client Is Using
Modifying a Profile
Modifying a Profile
Access
Changing from Anonymous Access to Proxy
Changing from Proxy Access to Anonymous Access
Changing from Anonymous Access to Proxy Access
Changing from Proxy Access to Anonymous Access
Minimizing Enumeration Requests
Performance Considerations
Performance Considerations
Chapter 125
Client Daemon Performance
Ldapclientd Caching
Client Daemon Performance
Chapter 127
Map Name Benefits Example Side-Effect
128
Chapter 129
Ldapclientd Persistent Connections
Troubleshooting
Troubleshooting
Enabling and Disabling LDAP-UX Logging
Chapter 131
TIP
Enabling and Disabling PAM Logging
Netscape Directory Server Log Files
User Cannot Log on to Client System
Chapter 133
134
Chapter 135
You should get output like the following
136
Chapter 137
Command and Tool Reference
LDAP-UX Client Services Components
LDAP-UX Client Services Components
LDAP-UX Client Services Components Description
LDAP-UX Client Services Components
Component Description
Chapter 139
PA machine Files Description
LDAP-UX Client Services Libraries on the HP-UX 11.0 or 11i
LDAP-UX Client Services Libraries on the HP-UX 11i v2 PA
Machine Files Description
Chapter 141
LDAP-UX Client Services Libraries on the HP-UX 11i v2 IA
Createprofileentry Tool
Client Management Tools
Createprofilecache Tool
Client Management Tools
Displayprofilecache Tool
Createprofileschema Tool
Chapter 145
Getprofileentry Tool
Getprofileentry -s NSS
Ldapproxyconfig Tool
Chapter 147
File
148
Chapter 149
Beq Search Tool
Syntax
Beq Search Tool
Chapter 151
Examples
152
Chapter 153
Uid2dn Tool
Ldap Directory Tools
Getattrmap.pl Tool
Ldap Directory Tools
Chapter 155
Ldapentry
156
Chapter 157
Ldapsearch
Ldapmodify Ldapdelete Certutil
Adding One or More Users
Adding One or More Users
Chapter 159
Name Service Migration Scripts
Name Service Migration Scripts
Default Naming Context
Naming Context
Migrating All Your Files
Migrating Individual Files
Chapter 161
General Syntax for Perl Migration Scripts
Migration Scripts
Migration Scripts Script Name Description
Chapter 163
Script Name Description
164
Chapter 165
Ldappasswd Command
Ldappasswd Command
Chapter 167
168
Chapter 169
To Change Passwords
Cannot Change Passwords on Replica Servers
To Change Passwords
Chapter 171
172
To Change Personal Information
To Change Personal Information
Chapter 173
174
Chapter 175
Mozilla Ldap C SDK
176
Mozilla Ldap C SDK File Components
Mozilla Ldap C SDK File Components
Mozilla Ldap C SDK File Components on the PA machine
Files Description
Mozilla Ldap C SDK File Components on the IA machine
Chapter 179
Header Files Description
Mozilla Ldap C SDK API Header Files
Chapter 181
182
Appendix a 183
Table A-1 LDAP-UX Client Services Configuration Worksheet
Appendix a
Appendix a 185
186
Appendix B 187
Classes
Profile Attributes
Profile Attributes
Appendix B
Appendix B 189
190
Appendix C 191
file
Appendix C
Sample /etc/pam.ldap.trusted file
Appendix C 193
194
Glossary
PAM Authorization Service Module
Ldap Data Interchange Format Ldif
Glossary 195
Glossary
Slapd
Index
Symbols
NIS, 2, 12, 15
Pwget, 4, 69
200