HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

391

392

393

394

395

396

397

398

399

400

d. Select the Enable SSL for this Server checkbox, then select the certificate to use from the

drop-down menu. Click Save.

e. Restart the Directory Server. The Directory Server must be restarted from the command

line.

/opt/dirsrv/slapd-instance_name/restart-slapd example

To restart the Directory Server without the password prompt, create a PIN file or use a

hardware crypto device. See “Creating a password file for the Directory Server” (page

484) for information on how to create a PIN file.

9.2.2 Step 2: Configure the Active Directory domain

NOTE:

Synchronization can only be configured with an Active Directory domain controller, so make sure

that the domain is properly installed and configured.

The first configuration step is to make sure that the Active Directory password complexity policies

are enabled so that the Password Sync service will run.

1. Run secpol.msc.

2. Select Security Settings.

3. Open Account Policies, then open Password Policy.

4. Select the Password must meet complexity requirements option and save.

If SSL is not already enabled, set up SSL on the Active Directory server. Setting up LDAPS is

explained in more detail in the Microsoft knowledgebase at http://support.microsoft.com/kb/

321051.

1. Install a certificate authority in the Windows Components section in Add/Remove Programs.

2. Select the Enterprise Root CA option.

3. Reboot the Active Directory server. If IIS web services are running, the CA certificate can be

accessed by opening http://servername/certsrv.

4. Set up the Active Directory server to use the SSL server certificate.

a. Create a certificate request .inf, using the fully-qualified domain name of the Active

Directory as the certificate subject. For example:

;----------------- request.inf -----------------

[Version]

Signature="$Windows NT$

[NewRequest]

Subject = "CN=ad.server.example.com, O=Engineering, L=Raleigh, S=North Carolina, C=US"

KeySpec = 1

KeyLength = 2048

Exportable = TRUE

MachineKeySet = TRUE

SMIME = False

PrivateKeyArchive = FALSE

UserProtected = FALSE

UseExistingKeySet = FALSE

ProviderName = "Microsoft RSA SChannel Cryptographic Provider"

ProviderType = 12

RequestType = PKCS10

KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1

;-----------------------------------------------

9.2 Configuring Windows Sync 395