HPE Community
Operating System - HP-UX
1835143 Members
2952 Online
110077 Solutions
New Discussion

Questions while configuring ldap client on hpux

 
肖辉二
New Member

‎11-18-2006 03:16 AM

‎11-18-2006 03:16 AM

Questions while configuring ldap client on hpux

The LDAP server is IBM tivoli directory server.
I installed ldap-ux on hp ux.
while execute "#./setup"
But there are only two optoins as following:

Select which Directory Server you want to connect to:

1. Netscape Directory
2. Windows 2000/2003 Active Directory

It's confusing that why I could not use other ldap products.Both of solaris and aix can connect to other ldap server freely.
0 Kudos
Reply
3 REPLIES 3
Don Mallory
Trusted Contributor

‎11-20-2006 01:38 AM

‎11-20-2006 01:38 AM

Re: Questions while configuring ldap client on hpux

You can, it's just that the maps are pre-defined for ND & MS AD.

Set it up as if you are connecting to the Netscape Directory, then you will need to modify the maps manually afterwards.

You maps are coming from a profile in your directory named "ldapuxprofile" of the object type DUAConfigProfile, which will be generated at the time of initial setup.

It also depends on what you are trying to do. If you just want to be able to query the directory using /opt/ldapux/bin/ldapsearch, then you don't even need to run setup.

Your primary config files are:

/etc/opt/ldapux/ldapclientd.conf
/etc/opt/ldapus/ldapux_client.conf

When you start getting into NIS mappings, logins & SSL encryption, you will need the remaining components to work.

For SSL, you will need /opt/ldapux/contrib/bin/certutil to set it up.

For the NIS mappings and profiles, you will need:

/opt/ldapux/config/get_profile_entry
/opt/ldapux/config/display_profile_cache

The /opt/ldapux/config/ldap_proxy_config is only required if you are using a proxy user (required for MS AD).

Most of this info can be pulled from the manualy, which is a pretty accurate read, but honestly, you will do good by a call to HP support. I've dealt with 2 different people on the back-line support team on LDAP issues, and they were both phenominal.

Don
0 Kudos
Reply
肖辉二
New Member

‎11-22-2006 01:42 AM

‎11-22-2006 01:42 AM

Re: Questions while configuring ldap client on hpux

Don, Thank you very much!
My purpose is to authenticate HP-UX accounts by my tivoli directory server.
I have configured on AIX and solaris,both of which just only configure the clients themselves.But LDAP-UX will extend the schema on
the directy server.I'm strongly wondering this.

Following is the error when I run "setup" of LDAP-UX on hpux:
ldap_modify: DSA is unwilling to perform
ldap_modify: additional info: GLPSCH025E MAY attribute type 'searchTimeL
imit' not found when processing object class 'DUAConfigprofile'.

modifying entry cn=schema

ldap_modify: DSA is unwilling to perform
ldap_modify: additional info: GLPSCH025E syntax '1.3.6.1.4.1.1466.115.12
1.1.40' not found when processing attribute type 'nisPublicKey'.

modifying entry cn=schema

ldap_modify: DSA is unwilling to perform
ldap_modify: additional info: GLPSCH025E syntax '1.3.6.1.4.1.1466.115.12
1.1.40' not found when processing attribute type 'nisSecretKey'.



Dose any one know how can I fix this problem?

On the other hand,Whether could I confiure the client via modifying configuration files ,not via running "setup"?
If so,is there any guideline for this?

Thank you all very much!
0 Kudos
Reply
肖辉二
New Member

‎11-23-2006 02:15 AM

‎11-23-2006 02:15 AM

Re: Questions while configuring ldap client on hpux

Today, I add an objectclass: DAUConfigprofile on ldap server and could use "setup" to connect the server.
With ldapsearch, I could list the accounts from ldap server,I also can "su" to these ldap accounts from root.But login failed with these ldap accounts.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.