Configuring an LDAP server to host accounting policies

Edit online

You must configure the LDAP server to host accounting policies before they can be provided to a client system.

You can perform the setup procedure from any LDAP client that is configured in a general way to access the LDAP server. It is not necessary to perform the setup procedure on the LDAP server. To configure an LDAP server to host accounting policies, you must first upload the Advanced Accounting subsystem schema, which is shipped with AIX. The schema describes the layout of accounting data so that the LDAP server does not need to be Advanced Accounting-aware.

There is no requirement that the LDAP server be at the same software level as the client.

To set up the LDAP server, run the following command for each LDAP server:
mkprojldap -u -h hostname -D bindDN -w BindPassword

You must then decide where to store accounting data on the LDAP server. Each client system asks for accounting data at a particular location, so it is important to understand the layout of accounting data on the server. You must understand the billing strategy to define the proper layout on the server. If you want to deploy a server-specific billing policy, then you should use Admin policies, since they can be targeted at a specific machine. In this case, you should place the Admin policy and project definitions in a location on the LDAP server that is reserved for that system.

If you want to use an enterprise-level policy that always classifies a user in the same way, then you should use the User or Group policies. In this case, you must define the project repository in a global location on the LDAP server so that it can be accessed by each client. Other strategies are also possible.

To define a base location on the server where you can store accounting data, use the following command: 
mkprojldap -s -h hostname -D bindDN -w BindPassword -i InstallPoint
For example:
mkprojlap -s -h ldap.svr.com -D cn=root -w passwd -i -p cn=aixdata,o=ibm -a cn=aixdata,o=ibm

This enables Admin policies and project definitions to be stored on the server below the install point. You must run this command as a root user once for each base location.