[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
HPUX ldapux and openldap integration
Hi all
I recently got ldapux (client libraries for HPUX authentication of an
ldap server, similar to that in Solaris 8) and openldap server working
together and thought I would share with the list on how to do it if
anyone else out there has been trying this.
You can get ldapux for hp11.x here
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J4269AA
ldapux
comes with a setup program that works with Netscape Directory Server
and Windows 2000 Active Directory. After a bit of hacking around it
seems that the ldapux configuration program (/opt/ldapux/config/setup)
attempts to connect to LDAP server and create a posixDUA schema ,
Openldap doesnt seem to support this?.
So if you create the following schema file.
# hpuxldapux.schema
# Simon E (simon_elder@tnt.com.au) - this was hacked together from the
output of `strings /opt/ldapux/config/create_profile_schema`
#
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.0
NAME 'defaultserverlist'
DESC 'Default LDAP server host address used by a Posix DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.1
NAME 'defaultsearchbase'
DESC 'Default LDAP base DN used by a Posix DUA'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.2
NAME 'preferredserverlist'
DESC 'Preferred LDAP server host addresses to be used by a
Posix DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.3
NAME 'searchtimelimit'
DESC 'Maximum time in seconds a Posix DUA should allow for a
search to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.4
NAME 'bindtimelimit'
DESC 'Maximum time in seconds a Posix DUA should allow for a
search to complete'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.5
NAME 'followreferrals'
DESC 'Tells Posix DUA if it should follow referrals returned by
a DSA search result'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.6
NAME 'authenticationmethod'
DESC 'A keystring which identifies the type of authentication
method used to contact the DSA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.10
NAME 'credentiallevel'
DESC 'Identifies type of credentials a Posix DUA should use
when binding to the LDAP server'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.7
NAME 'profilettl'
DESC 'Time to live before a client DUA should re-read this
configuration profile'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.9
NAME 'attributemap'
DESC 'Attribute mappings used by a Posix Naming-DUA'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.8
NAME 'servicesearchdescriptor'
DESC 'LDAP search descriptor list used by Posix Naming-DUA'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.11.1.3.1.2.0
NAME 'posixduaprofile' SUP top AUXILIARY
DESC 'Abstraction of a base configuration for a Posix DUA'
MUST ( cn )
MAY ( defaultServerList $ defaultSearchBase $
preferredServerList $ searchTimeLimit $ bindTimeLimit $ followReferrals
$ authenticationMethod $ credentialLevel $ profileTTL ) )
objectclass ( 1.3.6.1.4.1.11.1.3.1.2.1
NAME 'posixnamingprofile' SUP posixDUAProfile AUXILIARY
DESC 'Abstraction of a base configuration for a Posix
Naming-DUA'
MAY ( serviceSearchDescriptor $ attributeMap ) )
and load it in slapd.conf with a line such as
include
/usr/local/openldap/etc/openldap/schema/hpuxldapux.schema
Then run the setup script and configure as per Netscape Directory
Server everything works ok and you can use the openldap server for
sending out passwd and group information to HPUX 11.x hosts ala NIS.
Cheers
Simon