LDAP-UX
1. Installation LDAP-UX
Installation du produit : J4269AA ( LDAP-UX Integration )
swinstall -s /depot
2. Configuration de LDAP-UX
#
cd /opt/ldapux/config
#
ls
create_profile_cache
display_profile_cache setup
create_profile_entry
get_profile_entry
create_profile_schema
ldap_proxy_config
# Commande qui va modifier le schéma du serveur LDAP, à faire d’une
seul fois.
#
./create_profile_schema
Hewlett-Packard
Company LDAP-UX Client Services Schema Extension Program
--------------This
LDAP-UX Client Profile Schema Extension Program will guide you through
to
add/update the LDAP-UX Client Profile schema to the standard schema in
Directory
Server.
This
supports Netscape/iPlanet Directory Servers and
Windows
2000 Active Directory Servers.
During
the configuration :
- Press "Return" to choose the default and go to the next
screen
- Type "Control-B" to go back to the previous screen
- Type "Control-C" to cancel the Schema Extension program
Would
you like to continue with configuration ? [Yes] :
|
Hewlett-Packard
Company LDAP-UX Client Services Schema Extension Program
----------Enter
the host name of the directory where you want to store the profile.
BEnter
either the fully qualified host name (for example : sys001.hp.com)
or
IP address (for example : 15.13.118.130).
To
accept the default shown in brackets, press the Return key.
Directory
server host [server14 = 155.208.176.244] :
155.208.176.245
|
<p
>Hewlett-Packard Company LDAP-UX Client Services
Schema Extension Program
<p
>--------------Enter the port number of the previously
specified directory server.
<p
>To accept the default shown in brackets, press the
Return key.
<p
>Directory Server port number [389] :
|
Hewlett-Packard Company LDAP-UX Client Services
Schema Extension Program
-------------Select which Directory Server you want
to connect to :
1. Netscape/iPlanet Directory
2. Windows 2000 Active Directory
<p
>NOTE : LDAP-UX defaults with the SFU 3.0 schema when
using Windows 2000 Active Directory.
Refer to /opt/ldapux/README-LdapUxClient to use other versions of
SFU.
To accept the default shown in brackets, press the
Return key.
Directory Server : [1] :
PFMERR 39 : The LDAP-UX Profile schema extension
exists !
|
#
ls
create_profile_cache
display_profile_cache setup
create_profile_entry
get_profile_entry
create_profile_schema
ldap_proxy_config
# Commande qui va créer une fichier du serveur LDAP, à faire d’une
seul fois.
#
./create_profile_entry
Hewlett-Packard
Company HP-UX LDAP Profile Entry Creation
----------------Welcome
to the HP-UX LDAP Integration profile creation program
This
program will prompt you for information required to create
the
configuration profile entry and add to LDAP Directory Server.
You
must have "root" privilege to run this Program.
During
the configuration :
- Press "Return" to choose the default and go to the next
screen
- Type "Control-B" to go back to the previous screen
- Type "Control-C" to cancel the program
Would
you like to continue ? [Yes] :
|
<p
>Hewlett-Packard Company HP-UX LDAP Profile Entry
Creation
<p
>-----------------Select which Directory Server you
want to connect to :
<p
>1. Netscape/iPlanet Directory
<p
>2. Windows 2000 Active Directory
<p
>NOTE : LDAP-UX defaults with the SFU 3.0 schema when
using Windows 2000 Active Directory.
Refer to /opt/ldapux/README-LdapUxClient to use other versions of SFU.
<p
>To accept the default shown in brackets, press the
Return key.
<p
>Directory Server : [1] :
|
<p
>Hewlett-Packard Company HP-UX LDAP Profile Entry
Creation
<p
>---------------Enter the host name of the directory
where you want to store the profile.
<p
>Enter either the fully qualified host name (for
example : sys001.hp.com)
<p
>or IP address (for example : 15.13.118.130).
<p
>To accept the default shown in brackets, press the
Return key.
<p
>Directory server host [server14 = 155.208.176.244] :
155.208.176.245
|
<p
>Hewlett-Packard Company HP-UX LDAP Profile Entry
Creation
<p
>------------------Enter the port number of the
previously specified directory server.
<p
>To accept the default shown in brackets, press the
Return key.
<p
>Directory Server port number [389] :
|
<p
>Hewlett-Packard Company HP-UX LDAP Profile Entry
Creation
<p
>---------------Enter the distinguished name (DN) of
an existing LDAP-UX profile entry
<p
>you want to use or the DN where you want to store a
new LDAP-UX profile
<p
>entry. For a new entry, all parent entries of the DN
must already exist in
<p
>the directory or this step will fail,
<p
>(for example : cn=ldapuxprofile, ou=ldapuxprofile, o=hp.com)
<p
>Profile Entry DN : [] : cn=ldapuxprofile,dc=hp,dc=com
|
<p
>Hewlett-Packard Company HP-UX LDAP Profile Entry
Creation
<p
>----------------Enter the distinguished name (DN) of
the directory user allowed to
<p
>create a new LDAP-UX profile entry or to check an
existing profile entry.
<p
>To accept the default shown in brackets, press the
Return key.
<p
>User DN [cn=Directory Manager] :
<p
>Password : directory
|
<p
>Hewlett-Packard Company HP-UX LDAP Profile Entry
Creation
<p
>----------------For high-availability, each LDAP-UX
client can look for user and group
<p
>information in up to three different directory
servers. Please enter either
<p
>the fully qualified host name and optional port
number
<p
>(for example : sys001.hp.com:389) or IP address and
optional port number
<p
>(for example : 15.13.118.130:400) where your directory
is running.
<p
>The following hosts are currently specified :
<p
>Default search host 2 : [ ]
<p
>Default search host 3 : [ ]
<p
>Enter 0 to accept these hosts and continue with the
setup program or
<p
>Enter the number of the hosts you want to specify
[0] :
|
<p
>Hewlett-Packard Company HP-UX LDAP Profile Entry
Creation
<p
>----------Enter the default base DN where LDAP-UX
clients should look for user and
<p
>Group information, (for example : ou=nis,o=hp.com)
<p
>Default base DN [dc=hp,dc=com] :
|
<p
>Hewlett-Packard Company HP-UX LDAP Profile Entry
Creation
<p
>------------The setup program has all the information
needed to configure a default
<p
>profile and client. You can accept default values for
the remaining
<p
>parameters or configure the remaining parameters.
<p
>Accept remaining defaults ? (y/n)
[y] :
|
<p
>Hewlett-Packard Company HP-UX LDAP Profile Entry
Creation
<p
>------------Are you ready to create the Profile Entry ?
[Yes] :
<p
>modifying entry cn=ldapuxprofile,dc=hp,dc=com
|
#
cd /opt/ldapux/config
#
ls
create_profile_cache
display_profile_cache setup
create_profile_entry
get_profile_entry
create_profile_schema
ldap_proxy_config
# Commande à faire sur chaque client !
#
./setup
Hewlett-Packard
Company LDAP-UX Client Services Setup Program
------------------------------Welcome
to the LDAP-UX Client Services Setup Program !
You
must have "root" privilege to run this Setup Program.
If
this is the first client you are setting up, this program will :
-
Extend your directory schema with the LDAP-UX configuration profile schema.
-
Create a new LDAP-UX configuration profile entry in your directory.
-
Configure the local client system to use the directory.
If
your directory already has one or more LDAP-UX configuration profile
entries,
this program will :
-
Optionally create another new LDAP-UX configuration profile entry in your
directory and configure the local client system to use the
directory ;
-
or configure your client system with an existing profile entry.
During
the configuration :
- Press "Return" to choose the default and go to the next
screen
- Type "Control-B" to go back to the previous screen
- Type "Control-C" to cancel the setup program
Would
you like to continue with the setup ? [Yes] : Y
|
<p
>Hewlett-Packard Company LDAP-UX Client Services Setup Program
<p
>-----------------Select which Directory Server you
want to connect to :
<p
>1. Netscape/iPlanet Directory
<p
>2. Windows 2000 Active Directory
<p
>NOTE : LDAP-UX defaults with the SFU 3.0 schema when
using Windows 2000 Active Directory.
<p
>Refer to /opt/ldapux/README-LdapUxClient to use other
versions of SFU.
<p
>To accept the default shown in brackets, press the
Return key.
<p
>Directory Server : [1] :
|
<p
>HEwlett-Packard Company LDAP-UX Client Services Setup
Program
<p
>------------Your
local client configuration file /etc/opt/ldapux/ldapux_client.conf
<p
>shows the following profile entry information for the
<p
>Name Service Switch (NSS) :
<p
> LDAP_HOSTPORT="155.208.176.240:389
155.208.176.245:389"
<p
> PROFILE_ENTRY_DN="cn=ldapuxprofile,dc=hp,dc=com"
<p
>You can change this configuration to :
<p
> o
specify a different directory
<p
> o
specify a different existing profile in the directory
<p
> o create
a new profile
<p
>(You cannot change an existing profile with this
setup program. Use
<p
>your directory administration tools to change
existing profiles.)
<p
>Would you like to change this configuration (Yes/No/Quit)
? [Yes] :
|
<p
>Hewlett-Packard Company LDAP-UX Client Services Setup Program
<p
>----------------Enter the host name of the directory
where you want to store the profile.
<p
>Enter either the fully qualified host name (for
example : sys001.hp.com)
<p
>or IP address (for example : 15.13.118.130).
<p
>To accept the default shown in brackets, press the
Return key.
<p
>Directory server host [server14 = 155.208.176.244] :
155.208.176.245
|
<p
>Hewlett-Packard Company LDAP-UX Client Services Setup
Program
<p
>-------------Enter the port number of the previously
specified directory server.
<p
>To accept the default shown in brackets, press the
Return key.
<p
>Directory Server port number [389] :
|
Hewlett-Packard
Company LDAP-UX Client Services Setup Program
-------------Enter
the distinguished name (DN) of an existing LDAP-UX profile entry
you
want to use or the DN where you want to store a new LDAP-UX profile
entry.
For a new entry, all parent entries of the DN must already exist in
the
directory or this step will fail,
for
example : cn=ldapuxprofile, ou=ldapuxprofile, o=hp.com)
Profile
Entry DN : [] : cn=ldapuxprofile,dc=hp,dc=com
|
<p
>Hewlett-Packard Company LDAP-UX Client Services Setup
Program
<p
>-----------Updated directory server at
155.208.176.245:389
<p
>with a profile entry at
<p
> [cn=ldapuxprofile,dc=hp,dc=com]
<p
>Updated the local client configuration file
<p
>
/etc/opt/ldapux/ldapux_client.conf
<p
>Updated the local client profile entry LDIF file
<p
>
/etc/opt/ldapux/ldapux_profile.ldif
<p
>Updated the local client profile entry cache file
<p
>
/etc/opt/ldapux/ldapux_profile.bin
<p
>Press any key to continue :
|
<p
>Hewlett-Packard Company LDAP-UX Client Services Setup
Program
<p
>----------No proxy user is configured at this client
You
have changed configuration profile. To make it take effect,
<p
>you need to start/restart the LDAP-UX daemon
<p
>Would you like to start/restart the LDAP-UX daemon
(y/n) ? [y] :
<p
>Updated the LDAP-UX daemon configuration file
<p
>
/etc/opt/ldapux/ldapclientd.conf
<p
>Restarted the LDAP-UX daemon !
<p
>To enable the LDAP Pluggable Authentication Module,
save a copy of the
<p
>file /etc/pam.conf then add ldap to it. See /etc/pam.ldap
for an example.
<p
>To enable the LDAP Name Service Switch, save a copy
of the file
<p
>/etc/nsswitch.conf then add ldap to it. See /etc/nsswitch.ldap
for an example.
<p
>LDAP-UX Client
Services setup complete.
|
# Commande à faire sur chaque client !
#
cd /etc
#
cp pam.ldap pam.conf
#
cp nsswitch.ldap nsswitch.conf
# Les fichiers de configuration :
#
cd /etc/opt/ldapux
#
ls
daemon_auth
ldapentry.intl
default_profile_attr_ads.ldif
ldapentry.templates
default_profile_attr_ads_sfu2.ldif
ldapux_client.conf
default_profile_attr_ads_sfu3.ldif
ldapux_client.old
default_profile_attr_rfc2307.ldif
ldapux_profile.bin
ldapclientd.conf
ldapux_profile.bin.old
ldapclientd.old
ldapux_profile.ldif
ldapclientd.pid
ldapux_profile.ldif.old