Manualshelf

Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Internet Express Software
61626364656667686970
Chapter 11 describes how to administer Internet Express-provided Directory servers.
Default Configuration for the LDAP Module for System Authentication
Internet Express configures the security matrix in the/etc/sia/matrix.conf file to use the LDAP
Module for System Authentication. The security matrix consists of a list of security-related system
calls and the library to be used for each call. As shown in Example 1, the siad_ses_authent
and siad_ses_estab calls are configured to use the libsialdap.so library first. If that library
is not available, or if the requested information is not found in the LDAP server's directory, then
the libc.so library is used.
See the siacfg(8) and matrix.conf(4) reference pages for more information about configuring
security methods.
Example 1 Security Matrix Enabled for LDAP
.
.
.
siad_getgrgid=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
siad_setpwent=(BSD,libc.so) (LDAP,/usr/shlib/libsialdap.so)
.
.
.
When you install the LDAP Module for System Authentication, the installation procedure checks
the validity of the configuration information you supplied, and tries to connect to the LDAP server
you specified during the installation, then enables the LDAP Module for System Authentication. If
the connection fails, or if the required schema attributes are not found, the LDAP Module for System
Authentication is not enabled and you must use the LDAP Module for System Authentication
Administration menu to enable it (after correcting the problems) or use the /usr/internet/
ldap_tools/ldap_enable utility. Check the attribute values in the Distinguished Name,
Password, System Name, Port Number, and the Search Base fields (see Section ).
The LDAP Module for System Authentication gets its information from the LDAP server by way of
the ldapcd caching daemon (see Figure 20). This daemon runs at all times and is started by the
following entry in the /etc/inittab file:
ldapcd:34:respawn:/usr/sbin/ldapcd -D > /dev/console 2>&1
66 User Authentication