HPE Community
Operating System - HP-UX
1844313 Members
4163 Online
110230 Solutions
New Discussion

How to configuration LDAP client

 
Sak
Occasional Advisor

‎01-30-2007 04:39 PM

‎01-30-2007 04:39 PM

How to configuration LDAP client

Hi,

I create LDAP server on linux RHEL4 use openldap-2.3.32 the slapd.conf like the following.

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args

# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database bdb
suffix "dc=stooges,dc=com"
rootdn "cn=StoogeAdmin,dc=stooges,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}P0J4pU+ZlF7V3U3bi66pnFLOPVGOR0n+
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
defaultaccess read
schemacheck on
lastmod on
# Indices to maintain
index cn,sn,st eq,sub

access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by * read

##############################################

I install LDAP-UX Client at HPUX11i and follow the step Quick Configuration on LDAP-UX Client Configuration.
When i see the following message I press Enter

Would you like to extend the schema in this directory server? [Yes]:

When i see the following message I insert the password as config at slapd.conf on LDAP server.

Enter the distinguished name (DN) of the directory user allowed
to extend the schema.

To accept the default shown in brackets, press the Return key.

User DN [cn=Directory Manager]: cn=StoogeAdmin,dc=stooges,dc=com

Password:

Then it got the following error.

PFMERR 43: Can't extend LDAP-UX Configuration profile schema on the Directory Server
nis.tha.hp.com = 16.151.232.191
with user cn=StoogeAdmin,dc=stooges,dc=com
Please check the /tmp/ldapux_schema.log file for errors.

I go to check the error log at /tmp/ldapux_schema.log file then it display the following message.

ldap_modify: Invalid syntax
ldap_modify: additional info: objectclasses: value #0 invalid per syntax
modifying entry cn=Subschema

How should me do to configuration LDAP Client?
Am I do something wrong?
If it wrong please guide me how to fix it.

Thank you and Best Regards,

Somsak






0 Kudos
Reply
1 REPLY 1
Joshua M. Miller
Frequent Advisor

‎05-08-2007 02:16 AM

‎05-08-2007 02:16 AM

Re: How to configuration LDAP client

You need to create your profile in the LDAP directory (when using OpenLDAP) prior to running setup. I have had great success with OpenLDAP when using the following profile format:

dn: cn=uxprofile,ou=Profiles,dc=example,dc=com
cn: uxprofile
objectClass: DUAConfigProfile
defaultSearchBase: dc=example,dc=com
defaultSearchScope: one
profileTTL: 3600
credentialLevel::
serviceSearchDescriptor: passwd:OU=People,DC=example,DC=com
serviceSearchDescriptor: group:OU=Group,DC=example,DC=com
authenticationMethod: tls:simple
defaultServerList: example.com:389 example.com:389

Good luck.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.