 |
» |
|
|
|
This section describes the following programs for managing client systems. Most of these programs are called by the setup program during system configuration. create_profile_entry—creates a new profile in the directory. create_profile_cache—creates a new active profile from an LDIF profile. This is also called by the get_profile_entry tool. create_profile_schema—extends the schema in the directory for profiles. display_profile_cache—displays the currently active profile. get_profile_entry—downloads a profile from the directory to LDIF, and creates the profile cache. ldap_proxy_config—configures a proxy user.
create_profile_entry | |
This tool, found in /opt/ldapux/config, creates a new profile entry in the LDAP directory from information you provide interactively. The directory schema must have the DUAConfigProfile extension. create_profile_cache | |
This tool, found in /opt/ldapux/config, creates a binary profile file from an LDIF profile file, thus activating the profile for the client. (You can download a profile to LDIF from the directory with get_profile_entry.) Typically you run the setup program instead of running this program directly. Also refer to “Downloading the Profile Periodically”. create_profile_cache [-i infile] [-o outfile] |
where infile is the LDIF file containing a profile, by default/etc/opt/ldapux/ldapux_profile.ldif and outfile is the name of the binary output file, by default /etc/opt/ldapux/ldapux_profile.bin. The LDIF file must contain an entry for the object class DUAConfigProfile. create_profile_schema | |
This tool, found in /opt/ldapux/config, extends the Active Directory schema with the DUAConfigProfile object class using the information you provide interactively. Typically you run the setup program instead of running this program directly. display_profile_cache | |
This tool, found in /opt/ldapux/config, displays information from a binary profile (cache) file. By default, it displays the currently active profile in /etc/opt/ldapux/ldapux_profile.bin. display_profile_cache [-i infile] [-o outfile] |
where infile is a binary profile file, /etc/opt/ldapux/ldapux_profile.bin by default, and outfile is the output file, stdout by default. The binary profile contains mappings for all backend commands (even those that are unused or unsupported by LDAP-UX Client Services with Active Directory); all of which are displayed by display_profile_cache. The actual client configuration can be reviewed in the configuration profile LDIF file /etc/opt/ldapux/ldapux_profile.ldif. The following command displays the profile in the binary profile file /etc/opt/ldapux/ldapux_profile.bin to stdout: The following command displays the profile in the binary profile file my_profile.bin and writes the output to the file profile: display_profile_cache -i my_profile.bin -o profile |
get_profile_entry | |
This tool, found in /opt/ldapux/config downloads a profile from an LDAP directory into an LDIF file and calls create_profile_cache to create a binary profile file, thereby activating it on the client. This tool looks in the local client configuration file /etc/opt/ldapux/ldapux_client.conf for the profile DN. get_profile_entry -s service [-o outfile]
[-D bindDN -w passwd] [-p profile_id] |
where service is the name of a supported service, typically NSS, outfile is the name of a file to contain the LDIF output, by default /etc/opt/ldapux_profile.ldif, and profile_id is <remote domain name> or gc for PROFILE_ID field in /etc/opt/ldapux/ldapux_client.conf. The -p option only applies if you want to configure multiple domains. The following command downloads the profile for the NSS specified in the client configuration file /etc/opt/ldapux/ldapux_client.conf and places the LDIF in the file /etc/opt/ldapux/ldapux_profile.ldif. bindDN and password need to be provided if no valid proxy user is configured: get_profile_entry -s NSS -D bindDN -w passwd |
The following command downloads the profile for the NSS specified in the client configuration file /etc/opt/ldapux/ldapux_client.confand places the LDIF in the file profile1.ldif: get_profile_entry -s NSS -o profile1.ldif -D bindDN -w passwd |
The following command downloads the profile for the NSS and PROFILE_ID (ldap.ca.com) specified in the client configuration file /etc/opt/ldapux/ldapux_client.conf and places the LDIF in the file /etc/opt/ldapux/domain_profiles/ldapux_profile.ldif.ldap.ca.com: get_profile_entry -s NSS -D bindDN -w passwd -p ldap.ca.com |
The following command downloads the profile for the Name Service Switch (NSS) and PROFILE_ID (gc) specified in the client configuration file /etc/opt/ldapux/ldapux_client.confand places the LDIF in the file /etc/opt/ldapux/domain_profiles/ldapux_profile.ldif.gc get_profile_entry -s NSS -D bindDN -w passwd -p gc |
ldap_proxy_config | |
This tool, found in /opt/ldapux/config, configures a proxy user for the client accessing the directory. It stores the encrypted proxy user information in the file /etc/opt/ldapux/pcred. You must run this tool logged in as root. ldap_proxy_config [options] |
where options can be any of the following: - -e
erases the currently configured proxy user from the file /etc/opt/ldapux/pcred. Has no effect on the proxy user information in the directory itself. - -i
configures the proxy user interactively from stdin. Enter the command with -ithen press the Enter key. Next enter the proxy user DN then press the Enter key. Finally enter the proxy user credential or password and press the Enter key. - -f file
configures the proxy user from file. file must contain two lines: the first line must be the proxy user DN, and the second line must be the proxy user credential or password.
| | | |  | CAUTION: After using the -f file option you should delete or protect the file as it could be a security risk. | | | | |
- -d DN
configures the proxy user distinguished name to be DN. - -c passwd
configures the proxy user credential or password to be passwd. - -p
prints the DN of the current proxy user. - -v
verifies the current proxy user and credential by connecting to the server. - -h
displays help on this command.
With no options, ldap_proxy_config configures the proxy user as specified in the file /etc/opt/ldapux/pcred. The following example configures the proxy user as CN=Proxy User,CN=Users,DC=cup,DC=hp,DC=com with the password prox12pw and creates or updates the file /etc/opt/ldapux/pcredwith this information: ldap_proxy_config -i
CN=Proxy User,CN=Users,DC=cup,DC=hp,DC=com
prox12pw |
The following example displays the current proxy user: ldap_proxy_config -p
PROXY_DN: CN=Proxy User,CN=users,DC=cup,DC=hp,DC=com |
The following example checks the configured proxy user information and checks whether or not the client can bind to the directory as the proxy user with LDAP-UX Client Services B.03.10 or earlier: ldap_proxy_config -v
File Credentials verified - valid |
The following example configures the proxy user as CN=Proxy User,CN=Users,DC=cup,DC=hp,DC=com with the password prox12pw and creates or updates the file /etc/opt/ldapux/pcred with this information: ldap_proxy_config -d "CN=Proxy User,CN=Users,DC=cup,DC=hp,DC=com" \
-c prox12pw |
The following example configures the proxy user with the contents of the file proxyfile and updates the file /etc/opt/ldapux/pcredwith this information (the pcred file must exist first): ldap_proxy_config -f proxyfile |
The file proxyfile must contain two lines: the proxy user DN on the first line and password on the second line.
|
Printable version
