HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: LDAP-UX client
Operating System - HP-UX
1834441
Members
2488
Online
110067
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2007 03:54 PM
01-31-2007 03:54 PM
LDAP-UX client
Hi,
I create LDAP server on linux RHEL4 use openldap-2.3.32 the slapd.conf like the following.
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=stooges,dc=com"
rootdn "cn=StoogeAdmin,dc=stooges,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}P0J4pU+ZlF7V3U3bi66pnFLOPVGOR0n+
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
defaultaccess read
schemacheck on
lastmod on
# Indices to maintain
index cn,sn,st eq,sub
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by * read
##############################################
I install LDAP-UX Client at HPUX11i and follow the step Quick Configuration on LDAP-UX Client Configuration.
When i see the following message I press Enter
Would you like to extend the schema in this directory server? [Yes]:
When i see the following message I insert the password as config at slapd.conf on LDAP server.
Enter the distinguished name (DN) of the directory user allowed
to extend the schema.
To accept the default shown in brackets, press the Return key.
User DN [cn=Directory Manager]: cn=StoogeAdmin,dc=stooges,dc=com
Password:
Then it got the following error.
PFMERR 43: Can't extend LDAP-UX Configuration profile schema on the Directory Server
nis.tha.hp.com = 16.151.232.191
with user cn=StoogeAdmin,dc=stooges,dc=com
Please check the /tmp/ldapux_schema.log file for errors.
I go to check the error log at /tmp/ldapux_schema.log file then it display the following message.
ldap_modify: Invalid syntax
ldap_modify: additional info: objectclasses: value #0 invalid per syntax
modifying entry cn=Subschema
How should me do to configuration LDAP Client?
Am I do something wrong?
If it wrong please guide me how to fix it.
Thank you and Best Regards,
Somsak
I create LDAP server on linux RHEL4 use openldap-2.3.32 the slapd.conf like the following.
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/java.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=stooges,dc=com"
rootdn "cn=StoogeAdmin,dc=stooges,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}P0J4pU+ZlF7V3U3bi66pnFLOPVGOR0n+
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
defaultaccess read
schemacheck on
lastmod on
# Indices to maintain
index cn,sn,st eq,sub
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by * read
##############################################
I install LDAP-UX Client at HPUX11i and follow the step Quick Configuration on LDAP-UX Client Configuration.
When i see the following message I press Enter
Would you like to extend the schema in this directory server? [Yes]:
When i see the following message I insert the password as config at slapd.conf on LDAP server.
Enter the distinguished name (DN) of the directory user allowed
to extend the schema.
To accept the default shown in brackets, press the Return key.
User DN [cn=Directory Manager]: cn=StoogeAdmin,dc=stooges,dc=com
Password:
Then it got the following error.
PFMERR 43: Can't extend LDAP-UX Configuration profile schema on the Directory Server
nis.tha.hp.com = 16.151.232.191
with user cn=StoogeAdmin,dc=stooges,dc=com
Please check the /tmp/ldapux_schema.log file for errors.
I go to check the error log at /tmp/ldapux_schema.log file then it display the following message.
ldap_modify: Invalid syntax
ldap_modify: additional info: objectclasses: value #0 invalid per syntax
modifying entry cn=Subschema
How should me do to configuration LDAP Client?
Am I do something wrong?
If it wrong please guide me how to fix it.
Thank you and Best Regards,
Somsak
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2007 09:58 AM
04-26-2007 09:58 AM
Re: LDAP-UX client
I don't know if you have fixed this issue yet, but I'm working through it and have been able to get past this point by creating the schema manually that this operation is attempting to create.
Download this schema and include it in your slapd.conf:
http://sapiens.wustl.edu/~sysmain/info/openldap/schemas/DUAConfig.schema
Also, model the following LDIF and import it:
dn: cn=uxprofile,ou=Profiles,dc=example,dc=com
cn: uxprofile
objectClass: DUAConfigProfile
defaultserverlist:
defaultsearchbase: dc=example,dc=com
defaultSearchScope: one
servicesearchdescriptor: passwd:OU=People,DC=example,DC=com
servicesearchdescriptor: group:OU=People,DC=example,DC=com
profilettl: 3600
credentiallevel: anonymous
...and that should get you beyond the point you refer to above.
I am able to get through the setup and have the client download the profile. The client then works if I dont use SSL/TLS, but as soon as I enable SSL/TLS it breaks.
Btw, I'm using OpenLDAP 2.3.34 and LDAP-UX 4.10.
Download this schema and include it in your slapd.conf:
http://sapiens.wustl.edu/~sysmain/info/openldap/schemas/DUAConfig.schema
Also, model the following LDIF and import it:
dn: cn=uxprofile,ou=Profiles,dc=example,dc=com
cn: uxprofile
objectClass: DUAConfigProfile
defaultserverlist:
defaultsearchbase: dc=example,dc=com
defaultSearchScope: one
servicesearchdescriptor: passwd:OU=People,DC=example,DC=com
servicesearchdescriptor: group:OU=People,DC=example,DC=com
profilettl: 3600
credentiallevel: anonymous
...and that should get you beyond the point you refer to above.
I am able to get through the setup and have the client download the profile. The client then works if I dont use SSL/TLS, but as soon as I enable SSL/TLS it breaks.
Btw, I'm using OpenLDAP 2.3.34 and LDAP-UX 4.10.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2007 10:01 AM
04-26-2007 10:01 AM
Re: LDAP-UX client
I have at least one error in my above post. The LDIF should have the following line for the group search:
servicesearchdescriptor: group:OU=Group,DC=example,DC=com
servicesearchdescriptor: group:OU=Group,DC=example,DC=com
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP