Using namconfig

The namconfig utility lets you add or remove LUM from a specified eDirectoryTM context, as well as retrieve or set LUM configuration parameters. This section describes how you can configure LUM using the namconfig utility. It deals with the following topics:


Configuring a Workstation with LUM

To configure a specified workstation with LUM, use the following syntax:

namconfig add -a adminFDN -r partition_root -w workstation_context [-o] -S servername [:port] [-l sslport] [-R server [:port],server [:port],...]

Example:

namconfig add -a cn=admin,o=novell -r ou=nam,o=novell -w ou=ws,ou=nam,o=novell -S MYSERVER:389

Example (secure LDAP):

namconfig add -a cn=admin,o=novell -r ou=lum,o=novell -w ou=ws,ou=nam,o=novell -S MYSERVER:389 -1 636

NOTE:  At a minimum, you must supply the following parameters: adminFDN, workstation_context, partition_root and servername. If you configure LUM to use an SSL connection, the LDAP server should communicate using the normal LDAP port for the network.

For a description of the command line parameters, refer to Table 1, Command Line Parameters for namconfig.

After the configuration, you need to change the /etc/nsswitch.conf and PAM configuration files to start the product.


Configuring LUM with LDAP SSL

To configure LUM with SSL, use the following command:

namconfig add -a cn=admin,o=novell -r ou=lum,o=novell -w ou=ws,ou=nam,o=novell -S MYSERVER:389 -1 636

where the emphasized fields match your eDirectory containers, etc.

Configuring LUM with to use secure LDAP ensures that the information exchanged between the NNLS server and eDirectory is securely encrypted.

If you configure LUM for secure LDAP, the configuration utility adds parameters to the /etc/nam.conf file: type-of-authentication=2 and ldap-ssl-port parameters.

During the configuration, LUM gets the server certificate from the LDAP server and stores it in /var/nam as a hidden file with a .der extension.

All PAM authentication requests will then be handled using secure LDAP.

For getting users profile information from eDirectory, nss_nam uses a regular LDAP connection.

If the server's SSL certificate expires, it can be recreated using the namconfig utility with the -k option. The same certificate file can be used by other applications that want to use secure LDAP for communicating with eDirectory.


Unconfiguring LUM

To unconfigure LUM, use the following syntax:

namconfig rm -a adminFDN

Example:

namconfig rm -a admin,novell

For a description of the command line parameters, refer to Table 1, Command Line Parameters for namconfig.


Setting or Getting LUM Configuration Parameters

The namconfig utility lets you set values for specific LUM configuration parameters or retrieve these values on the command line. To do so, use the following syntax:

namconfig {set valuelist | get paramlist | help paramlist}

Example:

namconfig set servername=namserver

This specifies that the server named namserver is to be used as the preferred eDirectory server.

namconfig get base-name

This displays the current eDirectory context in which LUM is installed.

For a description of the command line parameters, refer to Table 1, Command Line Parameters for namconfig.

The following parameters cannot be set:

Once LUM is configured under a partition root, it should not be moved or renamed. If moving or renaming is required, you must manually edit the /etc/nam.conf file.

The type of the eDirectory schema is determined during configuration.


Using namconfig to Import an SSL Certificate

To import an SSL certificate into the local machine, use the following syntax:

namconfig k

For a description of the command line parameters, refer to Table 1.


namconfig Command Line Parameters


Table 1. Command Line Parameters for namconfig

Parameter Description

add

Configures LUM against the specified Workstation object context in eDirectory.

rm

Unconfigures LUM.

upgrade

Upgrades from an earlier version of LUM to LUM 2.1 Update.

set valuelist

Sets the value for the specified LUM configuration parameters.*

get paramlist

Retrieves the value for the specified LUM configuration parameters.*

-w workstation_context

Specifies, in LDAP format, the context where the Workstation object will be created.

-a adminFDN

Specifies, in LDAP format, the administrator's name.

-S servername

Specifies the preferred eDirectory server. The server can be specified in terms of its IP address or host name. This is a mandatory parameter.

-r partition_root

Specifies, in LDAP format, the root of the LUM domain that contains the Workstation objects.

-o

Specifies the existing LUM configuration to be overwritten. Be aware that this will remove the associated Workstation object and create it afresh.

-k

Specifies that the SSL certficate file is to be imported into the local machine.

port

Specifies the non-SSL port.

-l sslport

Specifies the SSL port.

-R server

Specifies a comma-separated list of LDAP replica servers. The server can be specified by IP address, host name or FDN.

help paramlist

Lets you view the help strings for the LUM configurable parameters.*

* For a complete list of configurable parameters, refer to Table 2, LUM Configuration Parameters.