5.1. LDAP Client Configuration

5.1. LDAP Client Configuration

Procedure 5.1. To configure LDAP client authentication:

  1. Install the ldapux client on the HP-UX 11.23 machine.

    # swinstall -s J4269AA_B.04.15.01_HP-UX_B.11.23_IA_PA.depot

  2. Change to the configuration directory and run the setup script. 

    # cd /opt/ldapux/config/
# ./setup

    Note

    The HP-UX guide for this procedure is located at http://docs.hp.com/en/J4269-90075/ch02s07.html

    The following is a sample output from running the above script: 

    Would you like to continue with the setup? [Yes]
Select which Directory Server you want to connect to ? [RedHat Directory]
Directory server host ? [ipaserver.example.com]
Directory Server port number [389]
Would you like to extend the printer schema in this directory server? [No]
Would you like to install PublicKey schema in this directory server? [No]
Would you like to install the new automount schema ? [No]
Profile Entry DN: [cn=ldapuxprofile,cn=etc,dc=example,dc=com]
User DN [cn=Directory Manager]
Password ? [Directory Manager's Password]
Authentication method ? [ SIMPLE ]
Enter the number of the hosts you want to specify [1]
Default Base DN ? [dc=example,dc=com]
Accept remaining defaults ? [n]
Client binding [Anonymous]
Bind time limit [5 seconds]
Search time limit [no limit]
Do you want client searches of the directory to follow referrals? [Yes]
Profile TTL [0 = infinite]
Do you want to remap any of the standard RFC 2307 attribute? [Yes]
Specify the service you want to map? [ 3=Group]
Specify the attribute you want to map [3 for memberuid ]
Type the name of the attribute memberuid should be mapped to [member]
Specify the service you want to map? [ 0 = exit ]
Do you want to remap any of the standard RFC 2307 attribute? [ no this time ]
Do you want to create custom search descriptors? [ No ]

  3. Ensure that the LDAP client daemon is running.

  4. Run the following commands to ensure that the LDAP client is working: 

    # nsquery passwd admin (user should be visible)
# nsquery group admins (group and user should be visible)

  5. Create a new group on the IPA server.

    # ipa-addgroup testgroup

  6. Add a test user to the new group created above.

    # ipa-modgroup -a testuser testgroup

  7. Run the nsquery commands again to validate the new user and group: 

    # nsquery passwd testuser (user should be visible)
# nsquery group testgroup (group and user should be visible)

This concludes the LDAP client configuration.