This page describes how to configure the HP-UX LDAP client services to authenticate against OpenLDAP. For the OpenLDAP configuration see: LDAP server configuration RHEL 5.
The OpenLDAP directory server must be prepared and configured in advance before the HP-UX LDAP clients can be configured and the HP-UX system will authenticate against the directory. LDAP-UX can be configured to bind to the directory using a proxy. This is in principle more secure. The standard software is used, all authentication and password management is done by the directory. To make sure HP-UX reacts properly when a password has expired or a password reset has occurred (user must at next logon choose his/her own password) the pam_authz library is used.
To configure HP-UX the following must be done:
- Installation of the LDAP packages
- Import the certificate of the relevant CA - only if the secure LDAP protocol (SSL) is used
- Run /opt/ldapux/config/setup
- Provide DN of the system profile entry (as installed in the directory)
- Check the ldapclientd daemon is running
- Adjust the nsswitch.conf file
- Configure pam to use the LDAP (in /etc/pam.conf
- Copy provided pam.ldap example to pam.conf
- Adjust pam.conf to enable pam_authz.policy for password policy effects
- Configure /etc/opt/ldapux/pam_authz.policy file
- Enable and configure the proxy settings
No comments:
Post a Comment