LDAP-UX - How to setup LDAP-UX to authenticate on OpenLDAP

sexta-feira, 19 de abril de 2013

First of all, LDAP-UX does not support updating an OpenLDAP directory, so to get this to work, add the following profile to the LDAP directory (requires the DUAConfig.schema and possibly ldap-printer.schema):

dn: cn=uxprofile,ou=Profiles,dc=example,dc=com
cn: uxprofile
objectClass: DUAConfigProfile
defaultSearchBase: dc=example,dc=com
defaultSearchScope: one
profileTTL: 3600
serviceSearchDescriptor: passwd:OU=People,DC=example,DC=com
serviceSearchDescriptor: group:OU=Group,DC=example,DC=com
authenticationMethod: tls:simple
defaultServerList: <space separated list of LDAP server hosts:ports>

If you don't have the LDAP-UX package installed...

# swinstall -s /yourDepot

Create a key-store:

/opt/ldapux/contrib/bin/certutil -N -d /etc/opt/ldapux

Import the CA cert:
/opt/ldapux/contrib/bin/certutil -A -n ca-cert -t "C,," -d /etc/opt/ldapux -a -i cacert.crt

Configure LDAP-UX:
/opt/ldapux/config/setup
...specify TLS and use port 389.

NOTE: do NOT attempt to extend any sachems -- OpenLDAP does not support this.

ldapux doesn't start - "Already running"

terça-feira, 17 de julho de 2012

Message shown:

Already running

Ldapux has a lock file to prevent exec two ldap at same time, if the ldap was not correctly stoped the lock file will continue there avoiding the ldapux to start. In this case is necessary just remove the bellow file:

/etc/opt/ldapux/ldapclientd.pid