Manualshelf

Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Internet Express Software
71727374757677787980
Notes:
After you configure the LDAP Module for System Authentication, you must import users (unless you
are using an existing LDAP server). For instructions on importing or exporting users and groups to
and from the LDAP directory server, see Section : Importing and Exporting Users from /etc/passwd.
Statically linked clients and executables (which do not use shared libraries) cannot take advantage
of the LDAP Module for System Authentication loadable architecture. For example, the /sbin/ls
command (which is typically the default for root) is statically linked. On a system using the LDAP
Module for System Authentication to authenticate user names, the output from the /sbin/ls -l
command resembles the following:
-rw-r--r-- 1 1008 IASS_Usr 60 Nov 13 15:05 bar
-rw-r--r-- 1 1008 IASS_Usr 1765 Nov 13 15:05 bs.txt
-rw-r--r-- 1 1008 IASS_Usr 97 Nov 13 15:05 file.txt
-rw-r--r-- 1 1008 IASS_Usr 855 Nov 13 15:05 file2.txt
-rw-r--r-- 1 1008 IASS_Usr 2 Nov 13 15:05 foo
Note that the owner is shown as a number instead of a name. (If groups were defined in the LDAP
database rather than the /etc/group file, the output would have shown a number in place of
group name, as well.)
In general, use the system tools in /usr/bin when the LDAP Module for System Authentication
is enabled.
Modifying the LDAP Module Configuration
You can use the Administration utility to configure the following attributes of the LDAP Module for
System Authentication:
System parameters (see Section : Defining LDAP System Parameters)
Password attributes (see Section : Configuring LDAP Password Attributes)
Group attributes (see Section : Configuring LDAP Group Attributes
The default configuration parameters for the Group attributes are correct for most LDAP servers.
Do not modify these fields unless you are very familiar with LDAP schemas and the schemas used
by your server. The Internet Express installation and configuration utilities correctly configure the
Internet Express-supplied LDAP servers to work with ldapcd. HP strongly recommends that you do
not change these values.
Defining LDAP System Parameters
To define system parameters for the LDAP Module for System Authentication, follow these steps:
1. From the Administration utility Main menu, choose Manage Components.
2. From the Manage Components menu, under Users, choose LDAP Module for System
Authentication.
3. From the LDAP Module for System Authentication Administration menu, choose Modify
Configuration.
4. From the Modify Configuration menu, choose Define System Parameters.
When the Define System Parameters form is displayed, the default values shown are those
stored in the /etc/ldapcd.conf file.
5. Specify a Distinguished Name and Password. The Distinguished Name and Password are
what you will use to bind to the directory server. These values are set when you initially
configure the directory server during installation. Typically, you use the root distinguished
name and password as specified in the directory server's configuration file (sladpd.conf).
For the OpenLDAP Directory Server, the installation procedure initially sets the Root
Configuring the LDAP Module for System Authentication 73