Migrating NIS+ to LDAP

Configuring LDAP-UX Client Services

NOTE

You must run the setup program to configure the LDAP-UX Client

 

Services. Otherwise, the LDAP-UX Client Services will not work

 

properly. For detailed procedures on how to run setup program to

 

configure the LDAP-UX Client Services, see the “Configure the

 

LDAP-UX Client Services” section in the LDAP-UX Client Services

 

B.04.00 Administrator’s Guide available at http://www.docs.hp.com.

 

 

Configure the Pluggable Authentication Module (PAM) by modifying the file /etc/pam.conf.

Save a copy of /etc/pam.conf and modify the original file to add /usr/lib/security/libpam_ldap.1 on the HP-UX 11i v1 system or libpam_ldap.so.1 on the HP-UX 11i v2 system where it is appropriate. If your system is in the standard mode, see /etc/pam.ldap for an example. If your system is in the Trusted Mode, see /etc/pam.ldap.trusted for an example.

Configure the Name Service Switch (NSS) by modifying the file

/etc/nsswitch.conf.

Save a copy of /etc/nsswitch.conf file and modify the original to add ldap to support name services. See /etc/nsswitch.ldap for a sample.

Optionally modify the disable_uid_range flag in the

/etc/opt/ldapux/ldapux_client.conf file to disable logins to the local system from specific users.

Optionally set up the login authorization for a subset of users from a large repository such as an LDAP directory server.

The pam_authz service module provides functionality that allows the administrator to control who can login to the system. Starting with LDAP-UX Client Services B.04.00, pam_authz has been enhanced to allow system administrators to configure their local access rules in a local policy file, /etc/opt/ldapux/pam_authz.policy. pam_authz uses these access control rules defined in the

/etc/opt/ldapux/pam_authz.policy file to control the login authorization.

34

Chapter 2