After you run the setup tool successfully, use the tool /opt/ldapux/config/display_profile_cache to display the profile from a binary profile. By default, it displays the currently active profile in /etc/opt/ldapux/ldapux_profile.bin. You can check the display to see if the configuration is correct.

Again, for detailed information on how to use create_profile_cache and display_profile_cache, refer to “Installing and Administering LDAP-UX Client Servicess with Windows 2000 Active Director”.

Step 3: Configure a proxy user.

Part of the setup tool allows you to configure a proxy user. If you don’t use the setup tool to configure it, the tool /opt/ldapux/config/ldap_proxy_config can also configure a proxy user for the client accessing the directory. The proxy user information is stored encrypted in the file /etc/opt/ldapux/pcred and in kernel memory. You must run this tool logged in as root. The following example configures the proxy user with the contents of the file proxy_file and creates or updates the file /etc/opt/ldapux/pcred with the information in proxy_file:

/opt/ldapux/config/ldap_proxy_config -f proxy_file

The proxy user configuration can be verified, assuming the directory is accessible, by executing the command: /opt/ldapux/config/ldap_proxy_config -v

Again, refer to Installing and Administering LDAP-UX Client Services with Microsoft Windows 2000 Active Directory for more options.

Step 4: Change Name Service Switch (NSS) to use LDAP.

When the LDAP-UX product is installed, a NSS configuration file for LDAP, /etc/nsswitch.ldap, is created. You can either edit the original /etc/nsswitch.conf to specify the ldap name service and other name services you want to use, or copy /etc/nsswitch.ldap to /etc/nsswitch.conf. As of March 2001, only password and group are supported with AD. You should not specify “ldap” for other services if your directory server is Windows 2000 AD.

PAM Kerberos Configuration

Follow direction in “PAM Kerberos Configuration” on page 13.

19