Manualshelf

HP CIFS Server Administrator's Guide Version A.03.01.01 (5900-1282, May 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
81828384858687888990
4. Configure the Name Service Switch (NSS).
Save a copy of the /etc/nsswitch.conf file and edit the original to specify the ldap name
service and other name services you want to use. See the /etc/nsswitch.ldap file for a
sample. You may be able to just copy /etc/nsswitch.ldap to /etc/nsswitch.conf.
See nsswitch.conf(4) for more information.
5. You will be asked whether or not you want to start the client daemon, /opt/ldapux/bin/
ldapclientd. You must start the client daemon for LDAP functions to work.
6. Run the following command to verify your configuration:
$ /opt/ldapux/bin/ldapsearch -T -b "cn=schema" -s base \
"(objectclass=*)"|grep -i posix
Ensure that the posixAccount objectclass is displayed in the output when you run the
ldapsearch command. The output is as follows:
objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard
LDAP objectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $
gidNumber $ homeDirectory) MAY ( userPassword $ loginShell $ gecos
$ description ) X-ORIGIN 'RFC 2307' )
objectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Standard
LDAP objectclass' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY (
userPassword $ memberUid $description ) X-ORIGIN 'RFC 2307' )
NOTE: You can use the ldapsearch command-line utility to locate and retrieve LDAP
directory entries. This utility opens a connection to the specified server using the specified
Distinguished Name (DN) and password, and locates entries based on the specified search
filter. For details, see the Netscape Directory Server Administrator's Guide or the Red Hat
Directory Server Administrator's Guide available at http://www.docs.hp.com/en/internet.html.
Enabling Secure Sockets Layer (SSL)
The HP CIFS Server provides Secure Sockets Layer (SSL) support to secure communication between
CIFS servers and SSL enabled LDAP directory servers.
If you plan to use SSL and it is not already in use for LDAP, you need to enable it on the Directory
Server and LDAP-UX clients. When you have enabled the LDAP server and clients, then you can
configure the HP CIFS Server to use SSL.
You must set up the Certification Authority (CA) Server properly before you plan to enable SSL
communication over LDAP.
Read the following subsections for more information on configuring the LDAP directory server,
LDAP-UX client and HP CIFS Server with SSL support if you plan to use it.
Configuring the Directory Server to enable SSL
Use the following steps to configure your Netscape Directory Server to enable SSL communication
over LDAP:
1. Obtain and install a certificate for your Directory Server, and configure the Netscape Directory
Server to trust the Certification Authority's (CA's) certificate.
For detailed instructions, see the "Obtaining and Installing Server Certificates" section of the
"Managing SSL" chapter in Netscape Directory Server 6.1 Administrator's Guide at
http://docs.hp.com.
2. Turn on SSL in your directory.
For detailed instructions on how to enable SSL in your directory server, see the "Activating
SSL" section of the "Managing SSL" chapter in Netscape Directory Server 6.1 Administrator's
Guide at http://docs.hp.com.
86 LDAP Integration Support