[Date Prev][Date Next] [Chronological] [Thread] [Top]

HPUX ldapux and openldap integration



Hi all

I recently got ldapux (client libraries for HPUX authentication of an 
ldap server, similar to that in Solaris 8) and openldap server working 
together and thought I would share with the list on how to do it if 
anyone else out there has been trying this.

You can get ldapux for hp11.x here 
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J4269AA

ldapux 
comes with a setup program that works with Netscape Directory Server 
and Windows 2000 Active Directory. After a bit of hacking around it 
seems that the ldapux configuration program (/opt/ldapux/config/setup) 
attempts to connect to LDAP server and create a posixDUA schema , 
Openldap doesnt seem to support this?.

 So if you create the following schema file.

# hpuxldapux.schema
# Simon E (simon_elder@tnt.com.au) - this was hacked together from the 
output of `strings /opt/ldapux/config/create_profile_schema`
#

attributetype ( 1.3.6.1.4.1.11.1.3.1.1.0
         NAME 'defaultserverlist'
         DESC 'Default LDAP server host address used by a Posix DUA'
         EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
         SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.1
         NAME 'defaultsearchbase'
        DESC 'Default LDAP base DN used by a Posix DUA'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
        SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.2
        NAME 'preferredserverlist'
        DESC 'Preferred LDAP server host addresses to be used by a 
Posix DUA'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
        SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.3
        NAME 'searchtimelimit'
        DESC 'Maximum time in seconds a Posix DUA should allow for a 
search to complete'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
        SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.4
        NAME 'bindtimelimit'
        DESC 'Maximum time in seconds a Posix DUA should allow for a 
search to complete'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
        SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.5
        NAME 'followreferrals'
        DESC 'Tells Posix DUA if it should follow referrals returned by 
a DSA search result'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
        SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.6
        NAME 'authenticationmethod'
        DESC 'A keystring which identifies the type of authentication 
method used to contact the DSA'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
        SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.10
        NAME 'credentiallevel'
        DESC 'Identifies type of credentials a Posix DUA should use 
when binding to the LDAP server'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
        SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.7
        NAME 'profilettl'
        DESC 'Time to live before a client DUA should re-read this 
configuration profile'
EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
        SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.9
        NAME 'attributemap'
        DESC 'Attribute mappings used by a Posix Naming-DUA'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.11.1.3.1.1.8
        NAME 'servicesearchdescriptor'
        DESC 'LDAP search descriptor list used by Posix Naming-DUA'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.11.1.3.1.2.0
         NAME 'posixduaprofile' SUP top AUXILIARY
         DESC 'Abstraction of a base configuration for a Posix DUA'
         MUST ( cn )
        MAY ( defaultServerList $ defaultSearchBase $ 
preferredServerList $ searchTimeLimit $ bindTimeLimit $ followReferrals 
$ authenticationMethod $ credentialLevel $ profileTTL ) )
objectclass ( 1.3.6.1.4.1.11.1.3.1.2.1
         NAME 'posixnamingprofile' SUP posixDUAProfile AUXILIARY
        DESC 'Abstraction of a base configuration for a Posix 
Naming-DUA'
         MAY ( serviceSearchDescriptor $ attributeMap ) )


and load it in slapd.conf with a line such as

include         
/usr/local/openldap/etc/openldap/schema/hpuxldapux.schema

Then run the setup script and configure as per Netscape Directory 
Server everything works ok and you can use the openldap server for 
sending out passwd and group information to HPUX 11.x hosts ala NIS.

Cheers

Simon