LDAP-UX

vendredi 17 avril 2009
par  Jerome ROBERT
popularité : 7%

LDAP-UX

 

1. Installation LDAP-UX

Installation du produit : J4269AA ( LDAP-UX Integration )

swinstall -s /depot

 

2. Configuration de LDAP-UX

#
cd /opt/ldapux/config

#
ls

create_profile_cache 
display_profile_cache setup

create_profile_entry 
get_profile_entry

create_profile_schema 
ldap_proxy_config

 

# Commande qui va modifier le schéma du serveur LDAP, à faire d’une
seul fois.
 

#
./create_profile_schema 

Hewlett-Packard
Company LDAP-UX Client Services Schema Extension Program

--------------This
LDAP-UX Client Profile Schema Extension Program will guide you through

to
add/update the LDAP-UX Client Profile schema to the standard schema in

Directory
Server.

This
supports Netscape/iPlanet Directory Servers and

Windows
2000 Active Directory Servers.

During
the configuration :

 
- Press "Return" to choose the default and go to the next
screen

 
- Type "Control-B" to go back to the previous screen

 
- Type "Control-C" to cancel the Schema Extension program

Would
you like to continue with configuration ? [Yes] :

 

Hewlett-Packard
Company LDAP-UX Client Services Schema Extension Program

----------Enter
the host name of the directory where you want to store the profile.

BEnter
either the fully qualified host name (for example : sys001.hp.com)

or
IP address (for example : 15.13.118.130).

To
accept the default shown in brackets, press the Return key.

Directory
server host [server14 = 155.208.176.244] : 
155.208.176.245

<p >Hewlett-Packard Company LDAP-UX Client Services Schema Extension Program

<p
>--------------Enter the port number of the previously
specified directory server.

<p
>To accept the default shown in brackets, press the
Return key.

<p
>Directory Server port number [389] :

Hewlett-Packard Company LDAP-UX Client Services
Schema Extension Program

-------------Select which Directory Server you want
to connect to :

1. Netscape/iPlanet Directory

2. Windows 2000 Active Directory

<p
>NOTE : LDAP-UX defaults with the SFU 3.0 schema when
using Windows 2000 Active Directory.
Refer to /opt/ldapux/README-LdapUxClient to use other versions of
SFU.

To accept the default shown in brackets, press the
Return key.

Directory Server : [1] :

 

PFMERR 39 : The LDAP-UX Profile schema extension
exists !

#
ls

create_profile_cache 
display_profile_cache setup

create_profile_entry 
get_profile_entry

create_profile_schema 
ldap_proxy_config

# Commande qui va créer une fichier du serveur LDAP, à faire d’une
seul fois.
 

#
./create_profile_entry

Hewlett-Packard
Company HP-UX LDAP Profile Entry Creation

----------------Welcome
to the HP-UX LDAP Integration profile creation program

This
program will prompt you for information required to create

the
configuration profile entry and add to LDAP Directory Server.

You
must have "root" privilege to run this Program.

During
the configuration :

 
- Press "Return" to choose the default and go to the next
screen

 
- Type "Control-B" to go back to the previous screen

 
- Type "Control-C" to cancel the program

Would
you like to continue ? [Yes] :

 

<p >Hewlett-Packard Company HP-UX LDAP Profile Entry Creation

<p
>-----------------Select which Directory Server you
want to connect to :

<p
>1. Netscape/iPlanet Directory

<p
>2. Windows 2000 Active Directory

<p
>NOTE : LDAP-UX defaults with the SFU 3.0 schema when
using Windows 2000 Active Directory.
Refer to /opt/ldapux/README-LdapUxClient to use other versions of SFU.

<p
>To accept the default shown in brackets, press the
Return key.

<p
>Directory Server : [1] :

 

<p >Hewlett-Packard Company HP-UX LDAP Profile Entry Creation

<p
>---------------Enter the host name of the directory
where you want to store the profile.

<p
>Enter either the fully qualified host name (for
example : sys001.hp.com)

<p
>or IP address (for example : 15.13.118.130).

<p
>To accept the default shown in brackets, press the
Return key.

<p
>Directory server host [server14 = 155.208.176.244] :
155.208.176.245

 

<p >Hewlett-Packard Company HP-UX LDAP Profile Entry Creation

<p
>------------------Enter the port number of the
previously specified directory server.

<p
>To accept the default shown in brackets, press the
Return key.

<p
>Directory Server port number [389] :

<p >Hewlett-Packard Company HP-UX LDAP Profile Entry Creation

<p
>---------------Enter the distinguished name (DN) of
an existing LDAP-UX profile entry

<p
>you want to use or the DN where you want to store a
new LDAP-UX profile

<p
>entry. For a new entry, all parent entries of the DN
must already exist in

<p
>the directory or this step will fail,

<p
>(for example : cn=ldapuxprofile, ou=ldapuxprofile, o=hp.com)

<p
>Profile Entry DN : [] : cn=ldapuxprofile,dc=hp,dc=com

<p >Hewlett-Packard Company HP-UX LDAP Profile Entry Creation

<p
>----------------Enter the distinguished name (DN) of
the directory user allowed to

<p
>create a new LDAP-UX profile entry or to check an
existing profile entry.

<p
>To accept the default shown in brackets, press the
Return key.

<p
>User DN [cn=Directory Manager] :

<p
>Password : directory

 

<p >Hewlett-Packard Company HP-UX LDAP Profile Entry Creation

<p
>----------------For high-availability, each LDAP-UX
client can look for user and group

<p
>information in up to three different directory
servers. Please enter either

<p
>the fully qualified host name and optional port
number

<p
>(for example : sys001.hp.com:389) or IP address and
optional port number

<p
>(for example : 15.13.118.130:400) where your directory
is running.

<p
>The following hosts are currently specified :

<p
>Default search host 2 : [ ]

<p
>Default search host 3 : [ ]

<p
>Enter 0 to accept these hosts and continue with the
setup program or

<p
>Enter the number of the hosts you want to specify
[0] :

<p >Hewlett-Packard Company HP-UX LDAP Profile Entry Creation

<p
>----------Enter the default base DN where LDAP-UX
clients should look for user and

<p
>Group information, (for example : ou=nis,o=hp.com)

<p
>Default base DN [dc=hp,dc=com] :


<p >Hewlett-Packard Company HP-UX LDAP Profile Entry Creation

<p
>------------The setup program has all the information
needed to configure a default

<p
>profile and client. You can accept default values for
the remaining

<p
>parameters or configure the remaining parameters.

<p
>Accept remaining defaults ? (y/n)
[y] :

 

<p >Hewlett-Packard Company HP-UX LDAP Profile Entry Creation

<p
>------------Are you ready to create the Profile Entry ?
[Yes] :

<p
>modifying entry cn=ldapuxprofile,dc=hp,dc=com

 

#
cd /opt/ldapux/config

#
ls

create_profile_cache 
display_profile_cache setup

create_profile_entry 
get_profile_entry

create_profile_schema 
ldap_proxy_config

 

# Commande à faire sur chaque client !

#
./setup

Hewlett-Packard
Company LDAP-UX Client Services Setup Program

------------------------------Welcome
to the LDAP-UX Client Services Setup Program !

You
must have "root" privilege to run this Setup Program.

If
this is the first client you are setting up, this program will :

 -
Extend your directory schema with the LDAP-UX configuration profile schema.

 -
Create a new LDAP-UX configuration profile entry in your directory.

 -
Configure the local client system to use the directory.

If
your directory already has one or more LDAP-UX configuration profile

entries,
this program will :

 -
Optionally create another new LDAP-UX configuration profile entry in your

 
directory and configure the local client system to use the
directory ;

 -
or configure your client system with an existing profile entry.

During
the configuration :

 
- Press "Return" to choose the default and go to the next
screen

 
- Type "Control-B" to go back to the previous screen

 
- Type "Control-C" to cancel the setup program

Would
you like to continue with the setup ? [Yes] : Y

 

<p >Hewlett-Packard Company LDAP-UX Client Services Setup Program

<p
>-----------------Select which Directory Server you
want to connect to :

<p
>1. Netscape/iPlanet Directory

<p
>2. Windows 2000 Active Directory

<p
>NOTE : LDAP-UX defaults with the SFU 3.0 schema when
using Windows 2000 Active Directory.

<p
>Refer to /opt/ldapux/README-LdapUxClient to use other
versions of SFU.

<p
>To accept the default shown in brackets, press the
Return key.

<p
>Directory Server : [1] :

 

 

<p >HEwlett-Packard Company LDAP-UX Client Services Setup Program

<p
>------------Your
local client configuration file /etc/opt/ldapux/ldapux_client.conf

<p
>shows the following profile entry information for the

<p
>Name Service Switch (NSS) :

<p
> LDAP_HOSTPORT="155.208.176.240:389
155.208.176.245:389"

<p
> PROFILE_ENTRY_DN="cn=ldapuxprofile,dc=hp,dc=com"

<p
>You can change this configuration to :

<p
> o
specify a different directory

<p
> o
specify a different existing profile in the directory

<p
> o create
a new profile

<p
>(You cannot change an existing profile with this
setup program. Use

<p
>your directory administration tools to change
existing profiles.)

<p
>Would you like to change this configuration (Yes/No/Quit)
 ? [Yes] :

 

<p >Hewlett-Packard Company LDAP-UX Client Services Setup Program

<p
>----------------Enter the host name of the directory
where you want to store the profile.

<p
>Enter either the fully qualified host name (for
example : sys001.hp.com)

<p
>or IP address (for example : 15.13.118.130).

<p
>To accept the default shown in brackets, press the
Return key.

<p
>Directory server host [server14 = 155.208.176.244] :
155.208.176.245

 

<p >Hewlett-Packard Company LDAP-UX Client Services Setup Program

<p
>-------------Enter the port number of the previously
specified directory server.

<p
>To accept the default shown in brackets, press the
Return key.

<p
>Directory Server port number [389] :

 

Hewlett-Packard
Company LDAP-UX Client Services Setup Program

-------------Enter
the distinguished name (DN) of an existing LDAP-UX profile entry

you
want to use or the DN where you want to store a new LDAP-UX profile

entry.
For a new entry, all parent entries of the DN must already exist in

the
directory or this step will fail,

for
example : cn=ldapuxprofile, ou=ldapuxprofile, o=hp.com)

Profile
Entry DN : [] : cn=ldapuxprofile,dc=hp,dc=com

<p >Hewlett-Packard Company LDAP-UX Client Services Setup Program

<p
>-----------Updated directory server at
155.208.176.245:389

<p
>with a profile entry at

<p
> [cn=ldapuxprofile,dc=hp,dc=com]

<p
>Updated the local client configuration file

<p

/etc/opt/ldapux/ldapux_client.conf

<p
>Updated the local client profile entry LDIF file

<p

/etc/opt/ldapux/ldapux_profile.ldif

<p
>Updated the local client profile entry cache file

<p

/etc/opt/ldapux/ldapux_profile.bin

<p
>Press any key to continue :

 

<p >Hewlett-Packard Company LDAP-UX Client Services Setup Program

<p
>----------No proxy user is configured at this client

You
have changed configuration profile. To make it take effect,

<p
>you need to start/restart the LDAP-UX daemon

<p
>Would you like to start/restart the LDAP-UX daemon
(y/n) ? [y] :

<p
>Updated the LDAP-UX daemon configuration file

<p

/etc/opt/ldapux/ldapclientd.conf

<p
>Restarted the LDAP-UX daemon !

<p
>To enable the LDAP Pluggable Authentication Module,
save a copy of the

<p
>file /etc/pam.conf then add ldap to it. See /etc/pam.ldap
for an example.

<p
>To enable the LDAP Name Service Switch, save a copy
of the file

<p
>/etc/nsswitch.conf then add ldap to it. See /etc/nsswitch.ldap
for an example.

<p
>LDAP-UX Client
Services setup complete.

 

# Commande à faire sur chaque client !

#
cd /etc

#
cp pam.ldap pam.conf

#
cp nsswitch.ldap nsswitch.conf

 

# Les fichiers de configuration :

#
cd /etc/opt/ldapux

#
ls

daemon_auth 
 ldapentry.intl

default_profile_attr_ads.ldif 
ldapentry.templates

default_profile_attr_ads_sfu2.ldif 
ldapux_client.conf

default_profile_attr_ads_sfu3.ldif 
ldapux_client.old

default_profile_attr_rfc2307.ldif 
ldapux_profile.bin

ldapclientd.conf 
ldapux_profile.bin.old

ldapclientd.old 
ldapux_profile.ldif

ldapclientd.pid 
ldapux_profile.ldif.old

 


Navigation

Articles de la rubrique

  • LDAP-UX

Statistiques

Dernière mise à jour

mercredi 5 juillet 2017

Publication

264 Articles
Aucun album photo
Aucune brève
6 Sites Web
2 Auteurs

Visites

55 aujourd’hui
235 hier
524952 depuis le début
6 visiteurs actuellement connectés