Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home

LDAP-UX Client Services B.04.15 with Microsoft Windows Active Directory Administrator's Guide: HP-UX 11i v1, v2, and v3
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
   
 

HP Part Number: J4269-90076

Edition: 7

Published: August 2007

Table of Contents

Preface
About This Document
Intended Audience
New and Changed Documentation in This Edition
Document Organization
Typographical Conventions
Related Documents
Publishing History
HP Encourages Your Comments
1 Introduction
Overview of LDAP-UX Client Services
How LDAP-UX Client Services Works
Installing LDAP-UX Client Services
Before You Begin
Summary of Installing and Configuring LDAP-UX Client Services
Planning Your Installation
Installing LDAP-UX Client Services on a Client
Configuring Active Directory for HP-UX Integration
Step 1: Install Active Directory
Step 2: Install SFU 2.0, 3.0 or 3.5 including Server for NIS
Step 3: Create a Proxy User
Step 4: Add an HP-UX Client Machine Account to Active Directory
Step 5: Use ktpass to Create the Keytab File for the HP-UX client machine
Step 6: Add POSIX Attributes into the Global Catalog
Importing Name Service Data into Your Directory
Configuring LDAP-UX Client Services
Step 1: Run the Setup Program
Step 2: Install the PAM Kerberos Product
Step 3: Configure Your HP-UX Machine to Authenticate Using PAM Kerberos
Step 4: Configure the Name Service Switch (NSS)
Step 5: Configure the PAM Authorization Service Module (pam_authz)
Step 6: Configure the Disable Login Flag
Step 7: Verify LDAP-UX Client Services for Single Domain
Step 8: Configure Subsequent Client Systems
Configuring the LDAP-UX Client Services with SSL or TLS Support
TLS Support
Configuration Parameters
Configuring the LDAP-UX Client to Use SSL or TLS
Downloading the Profile Periodically
3 Active Directory Multiple Domains
Domain Term Definitions
Multiple Domains
Local Domains
Remote Domains
Global Catalog Server
Retrieving Data from a Remote Domain
Choosing Remote Domain Configuration or GCS
Downloading an Automatic Profile
Understanding the ldapux_client.conf Configuration File
Resolving Duplicate Entries
When there are duplicate entries in the local domain
When there are duplicate entries in remote domains
When there are duplicate entries in both local and remote Domains
Example
Changing Multiple Domain Configurations
Removing a Remote Domain from the Search Scope
Adding a Remote Domain to the Search Scope
Re-ordering the Remote Domain Search Sequence
Adding the GCS into the Search Scope
Removing the GCS from the Search Scope
Adding POSIX Attributes to the Global Catalog
Limitations of Multiple Domains in Version B.03.00 or later
4 LDAP-UX Client Services with AutoFS Support
Overview
Automount Schemas
New Automount Schema
Schema
An Example
Configuring Name Service Switch
Configuring Automount Caches
AutoFS Migration Scripts
Environment Variables
Examples
General Syntax For Migration Scripts
The migrate_automount_ads.pl Script
The migrate_nis_automount_ads.pl Script
5 LDAP Printer Configurator Support
Overview
Definitions
How the LDAP Printer Configurator works
Printer Configurator Architecture
Printer Configuration Parameters
Printer Schema and Attributes
Printer Attributes
Managing the LP printer configuration
Limitations of Printer Configurator
6 Dynamic Group Support
Overview
Specifying a Search Filter for a Dynamic Group
Creating an HP-UX POSIX Dynamic Group
Multiple Group Attribute Mappings
Examples
Group Attribute Mappings
Number of Group Members Returned
Number of Groups Returned for a Specific User
Performance Impact for Dynamic Groups
Enabling/Disabling enable_dynamic_getgroupsbymember
Configuring Dynamic Group Caches
Dynamic Group with Active Directory Server Multiple Domains
7 Administering LDAP-UX Client Services
Using the LDAP-UX Client Daemon
Overview
Client Daemon Performance
The ldapclientd Administration Tool
The ldapclientd.conf Configuration File
Integrating with Trusted Mode
Overview
Features and Limitations
Configuration Parameter
SASL GSSAPI Support
How SASL GSSAPI Works
Proxy User
Keytab File
SASL/GSSAPI Profile Download Support
Changing Authentication methods
PAM_AUTHZ Login Authorization
Policy And Access Rules
How Login Authorization Works
PAM_AUTHZ Supports Security Policy Enforcement
Policy File
Policy Validator
Dynamic Variable Support
Constructing an Access Rule in pam_authz.policy
Static List Access Rule
Dynamic Variable Access Rule
Security Policy Enforcement with Secure Shell (SSH) or r-commands
Adding Additional Domain Controllers
Adding Users, Groups, and Hosts
User and Group Management
LDAP User and Group Command-Line Tools
Listing Users
Listing Groups
Adding a User or a Group
Modifying a User
Modifying a Group
Deleting a User or a Group
Checking LDAP-UX Configuration
Displaying the Proxy User's Distinguished Name
Verifying the Proxy User
Creating a New Proxy User
Example
Displaying the Current Profile
Creating a New Profile
Modifying a Profile
Changing Which Profile a Client is Using
Creating an /etc/krb5.keytab File
Considering Performance Impacts
Enumeration Requests
Search Limits
Search Filter
Client Daemon Performance
ldapclientd Caching
ldapclientd Persistent Connections
Troubleshooting
Enabling and Disabling LDAP-UX Logging
Enabling and Disabling PAM Logging
Viewing Active Directory Service Log Files
User Cannot Log on to Client System
8 Modifying User Information
Changing Passwords
Changing Personal Information
9 Mozilla LDAP C SDK
Overview
The Mozilla LDAP C SDK File Components
A Configuration Worksheet
B LDAP-UX Client Services Object Classes
Profile Attributes
C Command, Tool, Schema Extension Utility, and Migration Script Reference
LDAP-UX Client Services Components
Client Management Tools
create_profile_entry
create_profile_cache
create_profile_schema
display_profile_cache
get_profile_entry
ldap_proxy_config
LDAP User and Group Management Tools
Environment Variables
Return Value Formats
Common Return Codes
The ldapuglist Tool
The ldapugadd Tool
The ldapugmod Tool
The ldapugdel Tool
The ldapcfinfo Tool
LDAP Directory Tools
ldappasswd
ldapsearch
ldapmodify
ldapdelete
Schema Extension Utility
Overview
How Does the Schema Extension Utility Work
ldapschema — The Schema Extension Tool
Schema Definition File
Defining Directory Specific Information
LDAP Directory Server Definition File
Mapping Unsupported Matching Rules and LDAP Syntaxes
Return Values From ldapschema
Name Service Migration Scripts
Naming Context
Migrating All Your Files
Migrating Individual Files
Unsupported Contributed Tools and Scripts
beq Search Tool
Certutil — Certificate Database Tool
uid2dn — Display User's Distinguished Name Tool
get_attr_map.pl — Get Attribute Map from Profile Tool
The get_ads_domTool — Get the Fully Qualified Domain Name Tool
D Sample PAM Configuration File
E Sample /etc/krb5.conf File
F Sample /etc/pam.conf File for HP-UX 11i v1 Trusted Mode
G Sample /etc/pam.conf File for HP-UX 11i v2 Trusted Mode
H Sample PAM Configuration File for Security Policy Enforcement
Glossary
Index

List of Figures

1-1 A Simplified NIS Environment
1-2 A Simplified LDAP-UX Client Services Environment
1-3 HP-UX Client Login Sequence with Windows 2000 (SFU 2.0)
1-4 The Local Start-up File and the Configuration Profile
2-1 Example Directory Structure for a Single Domain
2-2 Example Directory Structure for Multiple Domains
5-1 Printer Configurator Architecture
7-1 SASL GSSAPI Environment
7-2 PAM_AUTHZ Environment

List of Tables

Publishing History Details
1-1 Examples of Commands that use PAM and NSS
4-1 Migration Scripts
5-1 Attribute Mappings
5-2 Attribute Mappings
6-1 Attribute Mappings
7-1 Field Syntax in an Access Rule
7-2 Global Security Attributes
7-3 Security Policy Status Attributes
7-4 ldapclientd Caching
9-1 Mozilla LDAP C SDK File Components on the PA machine
9-2 Mozilla LDAP C SDK File Components on the IA machine
9-3 Mozilla LDAP C SDK API Header Files
A-1 LDAP-UX Client Services Configuration Worksheet
A-2 LDAP-UX Client Services Configuration Worksheet Explanation
C-1 LDAP-UX Client Services Components
C-2 LDAP-UX Client Services Libraries on the HP-UX 11.0 or 11i v1 machine
C-3 LDAP-UX Client Services Libraries on the HP-UX 11i v2 or v3 PA machine
C-4 LDAP-UX Client Services Libraries on the HP-UX 11i v2 or v3 IA machine
C-5 Common Return Codes
C-6 Return Codes for ldapuglist
C-7 Return Codes for ldapugadd
C-8 Return Codes for ldapugmod
C-9 Return Codes for ldapugdel
C-10 Return Codes for ldapcfinfo
C-11 Supported Directory Servers
C-12 Reserved LDAPv3 Directory Servers
C-13 Directory Specific Information
C-14 Default Naming Context
C-15 Migration Scripts
C-16 Service Description
   


Preface  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.