To be consistent with the Samba organizational unit defaults, you must edit the /opt/ldapux/migrate/migrate_common.ph file to change the default group objectclass under $RFC2307BI structure from ou=Group to ou=Groups.
Log in as root and run the setup program:
$ cd /opt/ldapux/config
$ ./setup |
The setup program asks you a series of questions and usually provides default answers. Press the Enter key to accept the default, or change the value and press Enter. At any point during setup, press Control+b to back up or Control+c to exit the setup program.
Choose Netscape/Red Hat Directory as your LDAP directory server (option 1).
Enter either the host name or IP address of the directory server where your profile exists, or where you want to create a new profile.
Enter the port number of the previously specified directory server that you want to store the profile. The default port number is 389.
Setup checks the directory to see if the schema has been extended with the posixAccount objectclass and attributes. This must be done, but only needs to be done once.
If the schema has already been extended, setup skips this step. Otherwise, to extend the schema, enter the Distinguished Name (DN) and password of the directory user who can extend the directory schema. For example, you can enter "Directory Manager " as the directory manager DN and password of the directory manager.
To extend the schema, you are prompted for the following input:
Enter the DN of the directory user. The default value is displayed. To use the default, press the Enter key; otherwise, enter you DN name.
Enter the password.
If you are creating a new profile, add all parent entries of the profile DN to the directory (if any). If you attempt to create a new profile and any parent entries of the profile do not already exist in the directory, setup will fail. For example, if your profile will be cn=ldapuxprofile, dc=org, dc=hp, dc=com, then the base path, org.hp.com,must exist in the directory or setup will fail.
Next enter either the DN of a new profile, or the DN of an existing profile you want to use.
If you are using an existing profile, setup configures your client, downloads the profile, and exits. In this case, continue with step 11 below.
If you are creating a new profile, enter the directory manager DN and password of the directory user who can create a new profile.
Next enter the host name and port number of the directory where you want to store your name service data. For high availability, each LDAP-UX client can look for name service data in up to three different directory hosts. You can enter up to three hosts, to be searched in order.
Enter the base DN where clients should search for user name service data like passwd, group, hosts, services, etc.
You can quickly configure a directory server and the first client by accepting the remaining default configuration parameters when prompted.
Table 6-1 “Configuration Parameters and Default Values” shows the configuration parameters and the default values that they will be configured with.
Table 6-1 Configuration Parameters and Default Values
Parameter | Default Value |
|---|
Type of client binding | Anonymous |
| Bind time limit | 5 seconds |
| Search time limit | no limit |
| Use of referrals | Yes |
| Profile TTL (Time To Live) | 0 - infinite |
| Use standard RFC-2307 object class attributes for supported services | Yes |
| Use default search descriptions for supported services | Yes |
Authentication method | Simple |
For the detailed configuration parameters information listed in the table 6-1, see "Appendix B: LDAP-UX Client Services Object Classes" of LDAP-UX Client Services B.03.20 Administrator's Guide at http://www.docs.hp.com.
After entering all the configuration information, setup extends the schema, creates a new profile, and configures the client to use the directory.
Configure the Name Service Switch (NSS).
Save a copy of the /etc/nsswitch.conf file and edit the original to specify the ldap name service and other name services you want to use. See the /etc/nsswitch.ldap file for a sample. You may be able to just copy /etc/nsswitch.ldap to /etc/nsswitch.conf. See nsswitch.conf(4) for more information.
You will be asked whether or not you want to start the client daemon, /opt/ldapux/bin/ldapclientd. You must start the client daemon for LDAP functions to work.
Run the following command to verify your configuration:
$ /opt/ldapux/bin/ldapsearch -T -b "cn=schema" -s base \
"(objectclass=*)"|grep -i posix |
Ensure that the posixAccount objectclass is displayed in the output when you run the ldapsearch command. The output is as follows:
objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory) MAY ( userPassword $ loginShell $ gecos $ description ) X-ORIGIN 'RFC 2307' )
objectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ memberUid $description ) X-ORIGIN 'RFC 2307' )
 |
| |
|
 | NOTE: You can use the ldapsearch command-line utility to locate and retrieve LDAP directory entries. This utility opens a connection to the specified server using the specified Distinguished Name (DN) and password, and locates entries based on the specified search filter. For details, see the Netscape Directory Server Administrator's Guide or the Red Hat Directory Server Administrator's Guide available at http://www.docs.hp.com/en/internet.html. |
|
| |
|
Printable version
