The namconfig utility lets you add or remove Linux User Management from a specified eDirectory context, as well as retrieve or set Linux User Management configuration parameters.
Table 6-1 Command Line Parameters for namconfig
|
Parameter |
Description |
|---|---|
|
add |
Configures Linux User Management against the specified Workstation object context in eDirectory. |
|
rm |
Removes configuration from Linux User Management. |
|
upgrade |
Upgrades from an earlier version of Linux User Management. |
|
set valuelist |
Sets the value for the specified Linux User Management configuration parameters. For a complete list of configurable parameters, refer to Table 6-2. |
|
get paramlist |
Retrieves the value for the specified Linux User Management configuration parameters. For a complete list of configurable parameters, refer to Table 6-2. |
|
-k |
Specifies that the SSL certificate file is to be imported into the local machine. |
|
help paramlist |
Lets you view the help strings for the Linux User Management configurable parameters. For a complete list of configurable parameters, refer to Table 6-2. |
|
-w workstation_context |
Specifies, in LDAP format, the context where the Workstation object will be created. |
|
-a adminFDN |
Specifies, in LDAP format, the administrator's name. |
|
-S servername |
Specifies the preferred eDirectory server. The server can be specified in terms of its IP address or host name. This is a mandatory parameter. |
|
-r base_context |
Specifies, in LDAP format, the base context of the UNIX/Linux Config object that contains the list of workstations contexts. |
|
-o |
Specifies the existing LUM configuration to be overwritten. Be aware that this removes the associated Workstation object and creates it again. |
|
port |
Specifies the non-SSL port. |
|
-l sslport |
Specifies the SSL port. |
|
cache_refresh |
Specifies how frequently user and group entries stored in the persistent cache are to be refreshed from eDirectory. A larger value results in less network traffic and less load on the server, but the cache might reflect stale information if the eDirectory database is modified. The value can range from 1 to 2147483647 seconds. |
|
-R alternative-ldap-server-list |
Specifies a comma-separated list of alternative LDAP replica servers. The server can be specified by IP address or host name. NOTE:You must ensure that the alternate ldap server list does not contain any separator other than a comma. Ensure that the comma separator is not followed by a space as this could lead to unfavorable results. |
LUM fails if the LDAP server against which LUM is configured is unavailable. To avoid failure, populate the alternative-ldap-servers in /etc/nam.conf with a list of LDAP servers where LUM can fall back when the primary LDAP server is down.
Ensure that the LDAP servers are replica servers. Otherwise, the persistent-search feature does not work.
To configure a specified workstation with Linux User Management, use the following syntax:
namconfig add -a adminFDN -r base_context -w workstation_context [-o] -S servername [:port] [-l sslport] [-R server [:port],server [:port],...]
Example:
namconfig add -a cn=admin,o=novell -r ou=nam,o=novell -w ou=ws,ou=nam,o=novell -S MYSERVER:389
Example (secure LDAP):
namconfig add -a cn=admin,o=novell -r ou=lum,o=novell -w ou=ws,ou=nam,o=novell -S MYSERVER:389 -l 636
NOTE:At a minimum, you must supply the adminFDN, workstation_context, base_context, and servername parameters.
For a description of the command line parameters, refer to Table 6-1.
After the configuration, you need to change the /etc/nsswitch.conf and PAM configuration files to start the product.
To configure Linux User Management with SSL, use the following command:
namconfig add -a cn=admin,o=novell -r ou=lum,o=novell -w ou=ws,ou=nam,o=novell -S MYSERVER:389 -l 636
where the emphasized fields match your eDirectory containers, etc.
Configuring Linux User Management to use secure LDAP ensures that the information exchanged between the OES server and eDirectory is securely encrypted.
If you configure Linux User Management for secure LDAP, the configuration utility adds parameters to the /etc/nam.conf file: type-of-authentication=2 and ldap-ssl-port parameters.
During the configuration, the server certificate is created in the /var/lib/novell-lum directory as a hidden file with a .der extension.
All PAM authentication requests are then handled by using secure LDAP.
To get user profile information from eDirectory, nss_nam uses a regular LDAP connection.
If the server's SSL certificate expires, it can be re-created by using the namconfig utility with the -k option. The same certificate file can be used by other applications that want to use secure LDAP for communicating with eDirectory.
To remove the Linux User Management configuration, use the following syntax:
namconfig rm -a adminFDN
Example:
namconfig rm -a cn=admin, o=novell
For a description of the command line parameters, refer to Table 6-1.
NOTE:If you delete or change the name of the container originally passed to namconfig, you need to delete nam.conf and rerun namconfig.
The namconfig utility lets you set values for specific Linux User Management configuration parameters or retrieve these values on the command line. To do so, use the following syntax:
namconfig {set valuelist | get paramlist | help paramlist}
Example:
namconfig set servername=namserver
This specifies that the server named namserver is to be used as the preferred eDirectory server.
namconfig get base-name
This displays the current eDirectory context in which Linux User Management is installed.
For a description of the command line parameters, refer to Table 6-1.
The following parameters cannot be set:
base-name
schema
certificate-file-type
After Linux User Management is configured under a base name, it should not be moved or renamed. If moving or renaming is required, you must manually edit the /etc/nam.conf file.
The type of the eDirectory schema is determined during configuration.
To import an SSL certificate in to the local machine, use the following syntax:
namconfig -k
For a description of the command line parameters, refer to Table 6-1.